last executing test programs: 2.457042011s ago: executing program 0 (id=2865): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) openat$ppp(0xffffffffffffff9c, &(0x7f0000000280), 0xc0040, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0) close(r0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000180)={r0, &(0x7f00000000c0)="7e8ec5ace03fa77d4b64fcbcc6d534e1d327e4a428a8f05f48ed7a9834ea8e9ea2c49755d7407059bdedeeddd678b3d512fcd4dfbc5d19924744bc7099dae1b8e90cedb5ca6d24f492295304277705caa46e01a0dd0eeafd015998efe73c77183b1c29e2e12f9f922bf6069f5aee92de493b51ee446e148d6dcecf4cabda36847fa9ab6ce72d5269a2b993694cfc0ca6980076f077dfa6b0f9723f3d8e6371a24b74"}, 0x20) r1 = socket$kcm(0x10, 0x400000002, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x6}, 0x94) perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80100, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x8}, 0x100904, 0x401, 0x25, 0x0, 0x1, 0x200, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'gre0\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f0, &(0x7f0000000080)) sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000500)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac00800020007000200060001c00364683b9dad7aa21240d69a6a818cf6c551ae60fc91b169edb1b175732b9f597fe3b6c5a3d77cc766307de2", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4000000) 2.327408356s ago: executing program 1 (id=2868): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x806, 0x0, 0x0, 0x8, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000580)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYBLOB="00004afe0000000010000000e2f0e2d730eddf1e0b"], 0x50) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000180)={@map=r0, 0x24, 0x0, 0xda, &(0x7f00000001c0)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r2, 0x2000012, 0x100e, 0x2, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.280945387s ago: executing program 3 (id=2869): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000940)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="18000000010000000000000000000000370001000000000095002b43990800125e000000000000"], &(0x7f0000001a40)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001040)={0x1b, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x4}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x69, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000d00)=""/242, 0xfffffd63}, {&(0x7f0000000240)=""/205, 0xcd}, {&(0x7f0000000380)=""/210, 0xd2}, {&(0x7f00000006c0)=""/188, 0xc9}, {&(0x7f0000000f40)=""/213, 0xd5}, {&(0x7f0000002100)=""/4077, 0xfed}, {&(0x7f00000007c0)=""/211, 0xd3}, {&(0x7f0000000b00)=""/231, 0xe7}, {&(0x7f0000000480)=""/176, 0xb0}, {&(0x7f0000000c00)=""/208, 0xd0}], 0xa}, 0x40012100) recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8b26, &(0x7f0000001200)={'wlan1\x00', @random="f7280200e700"}) recvmsg(r0, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x10002) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1100000004000000000000031f00000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000020000000000000000d78d67de305ac7d3d24eddd36c7e29037c085e93aad139433f3bac604d59123f0e1f0103204000000000000000497017eda3591162593db8bb383a4eb36b43be499f617b1fcf04c3a1653211ea53783d629603bb5d5d76f432d797084f7033a898ed62eaddab35611ead21e3e3f5667007971e09eee9bf0e33ea3c8d2fbb313bff49dde45e460756381bbede966e418fdf51c454c5e593b3aecfe63e91bc04b1d8880c3bbaa75de816e82868215d6fabe8146ced7ec71b56c70d8214dbceaac135139f7199c67ca81c6784b5bd6d3190fb33f9a9bb4776a4961b979f", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) 2.17599086s ago: executing program 0 (id=2870): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x3f, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2, 0x5, 0x84) close(r0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x0, 0xfffffffd}, {0x2, 0x4}], 0x10, 0x400000}, 0x94) r1 = socket$kcm(0x2, 0x5, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r3) recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r1, 0x84, 0x64, &(0x7f0000000000)=r4, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r6) recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r7, 0x10) 1.668541457s ago: executing program 2 (id=2872): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x806, 0x0, 0x0, 0x8, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8918, &(0x7f0000000000)) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0700000004000000000900000100000028"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r2}, 0xc) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000340)={r1, &(0x7f0000000200), 0x0}, 0x20) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000700)}], 0x1}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000), 0xc) 1.55653448s ago: executing program 0 (id=2873): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x9, 0xf94b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, @perf_bp={0x0}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x200003, 0x6, 0x9, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_pid(r1, &(0x7f0000000480), 0xfdef) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xa, 0x3, &(0x7f0000003080)=ANY=[@ANYBLOB="850000002200000007000000000000089500000000000000e26c9bd1a6361b80cdd64bdf00000000000869045aac0000659f55df08f9b90788ff7f00000010000029c21ebbcde61d8ab5920aef6c3e007fe61241638962cf0b89ef506cfd3f1d4163d3cfca3733b30070a7cf53021a9554328a702688f92b6b71569d65e33d46f8d8ae24ba69c657afac04379cb536008c219991704f11c5a01ba62ed8f2c6a503dd1b1d076f03b0f917c766f3a7598bbc00feb3bc8e88f79df517b37b56bcbc290080000000000000e675458a43b8a8935bf9cf0be7d0aeaac41405e341d13d244359718ac3dad595712a4051bb6cf826ab757193fc093b8b3353fbbb278d19000000000000007b61805ed430ef06000000000000001e93f640f159320c8b088f4d64977b2eb312d4967aff9e4c14c66c90000054ed82c7cba4c81f91d6dfed18767bf0df584b4b6c4204df411f921e3aa02a67dd324b8176020e9c024751df38c05727f82c92046bfe64babb6d7ba86526b7886a0c2481c5812812a6fa3fca3758cbd8c32b25c28be225bd1f16297baa065f5bf96330fad0aaa4388c06c0eb2ecdf829af9577fcd868cc269b740000b777d73a63246ce6f0467167626329ab91df7a13d9ec9a64e7f6b56aeab8c38f69a213c96e2d2ad7978c9d721c230f27e7025d576535198742d403ec43572d7d0baf00e882617b260627805ca44200335ea4363066944d0aa6feb9705b09ba40d4642519281151f875cbf13a582f90ad719f0eccf02a473dd508a16138904933689ea6ee02412064730700aeff2b69c2f2bf6f691c3560e068743ae8e8771280dac7fd8fdc3f7a35ea352e35753c59ebc1bd27ab6603e6afb1b3f057fbb7ed3aabe702b3c6301d3f5c295d1d69d1541d0e64631c95d6c0999e27e8d1a58f6a00f19102d2bfaf53f25a45637b1c577ae50c4c56d9abc40c64a20c14ff0b1bf4d23fe07ae90f503ba9c64bf89b26e7d8d70710b04f9ece69023acadbb4582272e5b3a0429a5675e5a9554de54945d9a270180e0545b0c824ad36f7cc8be12b3874d5a19349b0ede845e9ece24d546d3af1bae069b89f6ecf2aabb17eb1840bc8e0ed1dd8b9b7eeaf32a185d8fc9a28c6b8e00250a7f2eeb756eadafe20bbc616bc44b347abc8caf722b2c3b06884c1d1690f23b06fa4541bb2a81073b452764f04bd39008b65ee222cf697ac21b087548e9708dffaff2859e973b1e88668c8022cc6dac8548167e5798ec9c7d288a7fa7749f07513187cd8f060abbbc5e37dd1be3aab927be1b409be733b7408534e5b0951e9ecfd0a1c77e3a29be4c4093330124615056e3ce0ce6ac91b1242d3bb2e787a186dc2ec284d60e9d8a03884a22eeaa1efa497ee88c6cb565b164a260afb5157e392b1ebb1a4d4f992011ecbac4a0a6df5bdc6f7994a422bb2761edd2d8f20f5f879a88f89d48b8314f862585e4b7a9d6a6681f40e8b82cc6555dcdb951d164cc9a70e640ac8974faa2587a6e3af3b9458f7d4b4077b3002536b10ea24d73307a33090c4c270909a5322eac32cb175e68fa83457b21465c08c02c0c714c2862ddbe567755f05a1e671328d160d3752345ca1db6e74c720e42afca982ba6befd96c5575f1e88f87ff6606301c0000000000000000000000000000000000000004d0d54b4caf78018766cdb971e8b168d4763c21181f00000003d4e1d842caf457797f93db93e4f38a9dbd79f6bf5dc40b55fdbf9b856665061b2e2924f27eb2d2b5a181ccfd9eeb11dec165b6f12433f00bb06124041ffdcdcdc91f3b3b76635a689c9249cf69bcae65e9f2cc9a5129e385b883c56026d83520395b7d511f607cf2f899c7b1c75e2192f775d72247167285857588ace1115fbebfe63c16b84cf7036d41c493a63c09f2ce46c1f5995c2d7fe58c15e64bb4cb7e7f336cc22fa1ea1363bce375bd3d579be1dddb08ed5147b629e4b3f0e65783ee5e20d9270802f2a7500738bf356131ca53e9d7ba8d486fb26252d684b84fa24639089064ca7b93057c041f12d544dab4d24a4f952b4f265a69ba279929959991b7ac63786055b3c029a0e8b6e4c26497c029bb61462623a58556cd62844d4d23cc738ee5b36c71d2c010b089251d5806000b1ade92dd9f441468967c052aecd9de817394eb580240d556d0f0b4b55d06670597991f37ddc4fa19a6369d5bf76c474633a337f676ad255869881da5cadcf49ce9188129cc978977f87b32bd49457536430ffbd3e01e67ff087644f52fcf0a3c732b0586cb87972c43d2616bf4e521dc3126bf1760243d51a197d3ecfd74bd625e9f496175cfeaaa020817d33d513f3e97854ea76e04e96a8639a297871485a8609f8ca842b3321932c4d9e224a0cec5946cec9e359fd3687415cad5fb8c678136f36d9f781fade9f2469477748f4dfa0f56c3b5a620fc84e1c735647895713cbcea57b2277831f8f633f0d29371e645e5544e57010a9b76457f6ad73231a9f31f6bbb1b95248aeda5a9df9dea643a792bb0910e45fce298ab0a0298fc33a423e860d5b308d7849381b294106af25f15fec047d5b844a99f36e342165df728e381b48c20e0900f8d265157467d3494f2b96acf060f74084760d226f50edb115c2e075f3c663a4b4169b900fa0a13cf796e0d7a9dad86953c13ed6241206d68ae194c64c491de6a531e9bd45abe705f07000a82ccd41a2c1b9d5dd8bf6c28653eb84f117e476e052a9db790e0a71dac9d8b343efebdc026860000000000000000000000000000aad579302085dfdf75bea24798c680b3de341e3bd57543bf74fd58bcebdbb883c743ed43ba7f540f2c4e0310c21e7deff9e45b8bd2cf65bb584091b8e80e34b3e59185fe32d1d73dd4f62712a39b1366c71420b339ec1295f79b1516723b6b80a7e99e5aa6536982c02275fc53fa3ef14d9fccb05f9c4e69a3af0fde863af2d9a0f8a94fc571b0ab4ad714f41fa4ee0bf14a8b44e3c41a3125be95e4b23d5f05395852761bfaebe0db979d5f3991d826cc74542b85cfd0dba66bc93cfd79178ab0b79fa3b29ff9c19e0424513c91980187c9d94b8354337a1fc782505db900c47d83bd49276cfe6e242ba8365b1ea4598a21f50f5415a70990b5bb4a1f6bd8acdf2c7da3d648754767089c9b5ceb556fafa3cc5afd2f3e9a62a90262a76ff89a2751b59a744f0d3f36ca503357daa3e29ce6f357dc1e4839277d003e93fdbb955e1a1302a76aea7e73835094fb15464e94e814c77c293121d0433e80d444c4ca17abaf32b521d8686666055da023aef9c8df3e80d2ed640ed10aa19a036dcef172dbd3b3600b69d7b90c6222e167d7c76059f2b5f3b3004e8a20d1f6612efeb629573be97aa949c6016e7e56283e84986aaa4fc8a098708ebe36f377ada63d9b464c39342e0682549862de3ec75e7b031bc49f341a21417fb6375e8701481b59d1722c836961804666801678eb25750b520bf1615a4bbf30aa74d60ec6b657f2dd298b0419da43fc708a60c94a7ff2fd6a2d08005ad73c9e2d6143d2857be8fb3f12bfa6628bccb153e39172d07563d6a1dc75c347c08060304f091230bd74b49ecdd13bf480db3984622a167c8603b8c501280059a7b6123c8f8cd217f64eccc2dffe4f3a1e8c9a96a13d8126f3ea26779fbd0069d729a7764d4ddd7d9d820b0de2530969362b94b974678527f5bac7eb8d6e321b2be0b2f7534634a5ecd1248d7ad7e8e03163e92e9f1d620e28597bd881eea0981e8adfd70b670b0763ce9226f7c3e156b353e22fdea6942b577bbc539aab23cbd46bdd0ea1e67140c759f208c12dc57f3100000000000000e4965fcb6c2749955eac9476687e63b41c6282bbcb0c3d8b0c9493a3a5f6d879d7257b4b68dc7cac3d9d5f5bbe937c501866ee4042b250e516ec074559e1e551167138766eeecb6941e8305d9cde1800c821536f9d25bd14163890842a08135bdb7a90db630b18f099855a7d9de65c80fa71ff90e873361d0e11a7dfebe56ffb2000b711a0b7914d6351ff60593e48af60e1ffecba7cd6f8ab662eb3c8f3164139e994d6a706afb92722595d649a04f1ff64e5634e7cb9106173a96bf47f7085e7eecdfdc1b6507b851c4ba43312726cfec58dedece1355a087c1b60882713a6161914f09267e2ce8aa886b380add5cd92e185d345c9b2933a78a4215133e8e7247fa444aee30bfb6c17ef537fba43aad323f552c01e17514d5db387e4bf9341ccf5931fc75350f8dcef3ed3e74d674865249b879466f0e3cf0dc9e3d8720ea261e6996b844501e374a0e9878c1d02fd3d6e2ae5d7677892d7a5cdf4b7fa8f315b41552d07495f034e1fa0a2c9a34b7f66638e775dacb33e9b5cd3f4193bdebb7e86090dd265ee2b3ca9bd32d19ef229a050e910263d916670d8006067f5c0a1d8219b4a74b6092656f3b96f060000005ca3eca5d6295a1c11be907fad3bf9ccdf9898a084bbcc0a3714691c6c28fc34c44f9a46d6caf3b93d5d9ad8e3a25d34da57b203af917f5359952468fcddbf43d8fd1add972fd5d361c5be3e8b3280bbfa97e9826163537c99ff461123a1d9f93880feb5f953217f1e633bfb221a7822513278c36abcb6a4009e5037b3f56f9172bd70331817862c5e129d830d4f13e9793dad49b6bf286d2a539d089393d481931735a544f4e86b51a91106ce86d278a0712eab917d843ecc7d031e99d230689210e5afbcbb0a6cff33b40e7b637a8171d7b28fcaee54bb0fb7e2dd92c6cf2130f9fa4482512ae356c5907533108113a9a98b0508e4041df8e99b4136a66f58a6e91e2017dc7e095e8e4776d396797e089e9b42fdee33e76c28a636893510ed71166086bb4c1f3363dfd0abf0b2ea8ceba68c7d9a22a8342059862985d987083d80761bd699c3ee77473263a77ea65eac8a4c3b6b87f399575a15a2db143f6aac363644fd45372d6f43baebc7c3547780d1d079e225962733e0c0d3f364cbe9bcec7caaa8d372da63b213d4554e9ced54c2d59a97b814f1d700"/3584], &(0x7f0000014ff5)='GPL\x00', 0x2, 0x103a, &(0x7f0000014000)=""/4096, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2a3}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r2, 0x3a, 0xcc0, 0xcc0, &(0x7f0000000200)="e460cdfbef2408322900119386dd6a00000000072feb311ccd3ec8a755c1e1380081ffad008036e8d50000ff010000001400000500242f09880bd320d98a61a90057e9bf", 0x0, 0x401, 0x0, 0xa8, 0x0, &(0x7f00000011c0)="59235bd7a9324ff307d87177332368fbdeefaa1544600ea1870645446c357de433206896637019b84d57c3de1ea07638e494dd701db1af6fc15db78cf79f5ab4bc7aee8553677ffe377a35b4afdb989fb7da1ff63956ffb796d51daf1c268b9f1a4a06583f8c03ec1671b151a8a495c1b006fa5f2f3a54a46aeee8005b178b9516d2b928984ccb942fa2278a2e33a0b619f2dd814fc91942e03c48fd9b7d19d9a6612b46805b267ef3132a724cbfcd1c715be67930e2ae2b9a2479c5a4b2fecd301a745a6fd67598a5e5ecc1e56e58159c47def7f9285acfedc980596377e6f9ee076fa094e5d8f838b718ed63ff8265a1dbc1549bed03e6b27b6fc2b8a07373506a1a41d5a71cbf0eaa24ec737b02a8a2d5114c3c4e5810a2c3eae3373fd341800cfb0fb35cefe04ca4da2b02a83c40126e23cdf3c817b530bbe7b431bc0b7d864e3e6dd1ab90259a8bd7ad7dd4c6366ea6da661fd016b394adcce5988fff85fbc832a927c97b89337e195f562cd284911eef1ee52e4ff033b33beedea7cf43c4d0cc0471fa91011e1e7e8733bf82c01346d6ecb49f1a84e92d063c81a7227d89be33f7273b87e29ae53a5f38dc94cf391fcb82c9432821ef1a0f6bbfe8f7d6574479a8f621e1d8f7d9bb20f3d8d469e6d232d7d7837ff12a224a65c604907e787baaf7c863ad48a5edecbe1470c20507a6ee5dee75e9ef84c71af5af800a9ce9787ebdee9e1c8189fbf66048d5c3757fb2b697ce68cfd316a7b25a385111e0cd2fddb81602e36e74c4f99b403cb304a4774e648054c0456c7869f9d97873ff80e2664c1265292941a9b767c7f40767cfccdbcaa156453d6a910fd5440f7a2bf8f4bb6d6d9fd443f2304617a684b6afa99c157dcf70e51fdb55fd0dbf5c6733841024599f8d1791a07c5dc3a4ccaf4d7c0ca3d101b2beba3a49d2378c9fe4fdb10babd95083a0c4db5a30c4490828d97efe807a13e587fbac1089843964facfd27d287262759384fe9b610f81048be430c1e8fe6327c0f2fd003021d20563ec0c7e39aec6718649c958da2e02cb3848c76924492678889c18bea02ed5ee080106e9838cbca9ad5f66c0434182225b13a236b342cf80562c10d4a3459aea17589b84904d3d2c2b", &(0x7f00000004c0)="b33620dad49cc786c86a5c5444e76c2a1ef9224fb91083d2ba4368e98a14467703e9ee585196fa95320bd53c6a76ad443b81dc833b22016aeaafb4597c06919ecf7e5ea4d0a8995feaaf9a9feb0c4b5277398049a2f5475f6ceb26bd128189f4b1b3c662d3d1630717791de0cdac3ce6e01c5719b670da5ded7dfa9dda53f04ad151cb952d708eaa69e983dcfab36b2dac3f3fe85e1d86b3d73d4879fb11cfac51f3cb669a50", 0x1, 0xfffffffd}, 0x22) recvmsg$unix(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)=""/159, 0xcec0}, {&(0x7f0000000140)=""/250, 0xfa}], 0x2}, 0x0) recvmsg$unix(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x161) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x100904, 0x0, 0x0, 0x0, 0x200000, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f00000000c0)=0x20000000004, 0x6) write$cgroup_int(r4, &(0x7f0000000100)=0x1, 0x12) 1.541876141s ago: executing program 3 (id=2874): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x2400c000) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) socket$kcm(0x1e, 0x4, 0x0) 1.441057044s ago: executing program 2 (id=2875): socketpair(0x1, 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x20, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7}, 0x94) socket$kcm(0x2, 0x5, 0x84) socket$kcm(0x10, 0x3, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) bpf$ITER_CREATE(0xb, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0xd6, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2, @perf_bp={0x0}, 0x0, 0xfffffffffffffffc, 0x0, 0x2, 0x0, 0xffff0000, 0x9, 0x0, 0xfffffffd, 0x0, 0xfffffffffffffff1}, 0x0, 0x20000000000, 0xffffffffffffffff, 0x1) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6gre0\x00', 0x200}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000080)) 1.440741504s ago: executing program 1 (id=2876): close(0x3) r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0}, 0x28) socket$kcm(0x10, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x6, [@typedef={0x4, 0x0, 0x0, 0x7}, @restrict={0x0, 0x0, 0x0, 0xb, 0x1}, @union={0x0, 0x1, 0x0, 0x5, 0x0, 0xfffffffd, [{0x0, 0x2}]}]}, {0x0, [0x0, 0x0, 0x0, 0xda]}}, &(0x7f0000000340)=""/142, 0x4e, 0x8e, 0x1}, 0x28) r3 = openat$cgroup_int(r2, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r3, &(0x7f0000000040), 0x1) 1.386374446s ago: executing program 3 (id=2877): socket$kcm(0x10, 0x2, 0x0) r0 = perf_event_open(&(0x7f0000000640)={0x3, 0x80, 0xec, 0x0, 0x0, 0xfd, 0x0, 0x480000000000000b, 0x954b, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x20}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10305, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x400, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) bpf$MAP_CREATE(0x0, 0x0, 0x0) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r2) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r3, 0x18000000000002a0, 0xd, 0x0, &(0x7f0000000040)="5aee41dea43e63a3f7fb7f1108", 0x0, 0xf000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r4 = socket$kcm(0x2, 0x922000000001, 0x106) sendmsg$sock(r4, &(0x7f0000000d00)={0x0, 0x0, 0x0}, 0x20000000) setsockopt$sock_attach_bpf(r4, 0x1, 0x1d, &(0x7f00000000c0)=r4, 0x4) 1.367424857s ago: executing program 2 (id=2878): socket$kcm(0x15, 0x5, 0x0) bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x4, 0x43a1bd76, 0x7, 0x9, 0x2, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0xfffffffffffffffb) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000280)=@tipc=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000300)="80", 0xfdef}], 0x1}, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=""/176, 0xb0}, 0x20) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000007c0)=ANY=[], 0x20) syz_open_procfs$namespace(0x0, 0x0) close(0xffffffffffffffff) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b18, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b06, 0x0) close(0x3) 1.313023948s ago: executing program 0 (id=2879): bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_clone(0x4904100, 0x0, 0x0, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) r2 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r2, 0x0, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f00000001c0), 0x12) 1.26704327s ago: executing program 1 (id=2880): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) socket$kcm(0x10, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) socket$kcm(0x10, 0x2, 0x4) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000007d40)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000004c0)={{r0, 0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000480)='%pi6 \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r1}, 0x4) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x11, &(0x7f0000000340)=ANY=[@ANYBLOB="180200000000000000000000020004008500000097000000b7080000000000007b8af8ff00000000b7080000ffffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000001000000b70500000800000085000000a500000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="b34715ecd04550d3abc89b6f7bec", 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.191536362s ago: executing program 3 (id=2881): r0 = socket$kcm(0x11, 0x200000000000002, 0x300) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1ad76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r3 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='|\r'], 0x10}, 0xfc00) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socket$kcm(0x11, 0x200000000000002, 0x300) recvmsg(r0, 0x0, 0x2002) 1.096971455s ago: executing program 2 (id=2882): perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x8020000, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, @perf_config_ext={0x7, 0x6}, 0x1, 0x0, 0x800001, 0x3, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x20, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xff7fffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x204, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000000000000038000000380000000300000000000000000000030000000003000000000000007fcc6c89d243240700000010"], 0x0, 0x53}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x4}, 0x94) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="f59a00000000000018100020", @ANYRES32, @ANYBLOB="00008cff07887e7cf83500000000000045"], 0x0}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x1}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00'}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000080)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @link_local}) 1.071897126s ago: executing program 1 (id=2883): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r0) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000007c0)) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r3, r2, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r4, r5, 0x5}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000cc0)={{r4}, &(0x7f0000000c40), &(0x7f0000000c80)=r0}, 0x20) 1.009622928s ago: executing program 0 (id=2884): bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0a00000004000000060000000700000018040000", @ANYRES32=0x1, @ANYBLOB='\b\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000ff"], 0x50) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000580)="d8000000140081054e81f782db44b904021d080225000000040000a118000200fcffffff00000e1208000f0100810401a80016ea1f0006", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x800000, 0x3fff8001}, 0x0, 0x32, 0x43e1bd74, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x5, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000440)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYBLOB="0000000000000000b702000014fa0000b70300000000000085000000830000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x34, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb010789005e107538e486dd6317ce22000000"], 0xfdef) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x49}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x739, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x3000000}, 0x48) socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r0, &(0x7f0000000580)=ANY=[], 0xfe33) 847.325113ms ago: executing program 1 (id=2885): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x40, 0xe59}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x0) socket$kcm(0x21, 0x2, 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0xad}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.avg_queue_size\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x8, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r2, 0x0, 0x36, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee68886dd", 0x0, 0xadf0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 847.019133ms ago: executing program 3 (id=2886): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454c9, 0x1) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d80)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="76ea090000000000009ba56a88ca", 0x0, 0x6400, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socketpair(0x1, 0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f1, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f2, 0x0) 447.683076ms ago: executing program 3 (id=2887): perf_event_open(&(0x7f0000000540)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10305, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x2, @perf_bp={0x0, 0x8}, 0x4200, 0x4, 0x0, 0x1, 0x0, 0x0, 0xa}, 0x0, 0x1, 0xffffffffffffffff, 0x3) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x30, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0xcdd, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x15, 0x5, 0x0) close(0xffffffffffffffff) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) recvmsg$kcm(r2, &(0x7f00000032c0)={0x0, 0x0, 0x0}, 0x10) 204.081974ms ago: executing program 0 (id=2888): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xdc101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x1}, 0x0, 0x1, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000100000000000000000000850000007500000095"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8000}, [@call={0x85, 0x0, 0x0, 0x75}]}, 0x0, 0x7}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r2 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, @perf_bp={0x0, 0x8}, 0x40, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0) 97.062577ms ago: executing program 2 (id=2889): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000700), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xb, 0xff, 0x24932, 0x7f, 0x1, 0x1}, 0x50) 81.286258ms ago: executing program 1 (id=2890): r0 = socket$kcm(0xa, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x4e20, 0x0, @remote, 0x3}, 0x80, 0x0}, 0x8000) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b06, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000e80)="3c3ec2e05be4275c3baa2224e8af67527235fe5d4a1c3a492eafccbeeac1953d2fdc1a42b8b5e0b61b5c93ced0221592f8d1d071bd3315014347af8d60ea5fcca67f76c974e766f6ab2d660df3ada839e46f3f12a4f3", 0x56}], 0x1, 0x0, 0x0, 0x803e}, 0x1001) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuset.effective_mems\x00', 0x26e1, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x4861}, 0x0, 0x0, 0xffffffffffffffff, 0xb) ioctl$SIOCSIFHWADDR(r1, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0) close(r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r2, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100008d8dff"}) 0s ago: executing program 2 (id=2891): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x6, 0x9}, 0x114905, 0x4, 0x0, 0x9, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0xb) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800001000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = socket$kcm(0xa, 0x1, 0x0) r3 = socket$kcm(0xa, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000080000000200000000000000", @ANYRES32=r3], 0x50) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x8916, &(0x7f0000000000)={r3}) r4 = socket$kcm(0xa, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x8916, &(0x7f0000000000)={r4}) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x8936, &(0x7f0000000000)={r3}) kernel console output (not intermixed with test programs): h: hci1: command tx timeout [ 84.404555][ T5771] Bluetooth: hci3: command tx timeout [ 84.410607][ T5779] Bluetooth: hci2: command tx timeout [ 84.466317][ T5769] hsr_slave_0: entered promiscuous mode [ 84.472928][ T5769] hsr_slave_1: entered promiscuous mode [ 84.479582][ T5769] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 84.487390][ T5769] Cannot create hsr debugfs directory [ 84.515532][ T5767] hsr_slave_0: entered promiscuous mode [ 84.522673][ T5767] hsr_slave_1: entered promiscuous mode [ 84.529180][ T5767] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 84.536786][ T5767] Cannot create hsr debugfs directory [ 84.552646][ T5770] hsr_slave_0: entered promiscuous mode [ 84.559778][ T5770] hsr_slave_1: entered promiscuous mode [ 84.566342][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 84.574016][ T5770] Cannot create hsr debugfs directory [ 84.760722][ T5768] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 84.783096][ T5768] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 84.825637][ T5768] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 84.869242][ T5768] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 85.068454][ T5769] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 85.080929][ T5769] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 85.103233][ T5769] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 85.125149][ T5769] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 85.213744][ T5770] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 85.237267][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.249535][ T5770] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 85.262069][ T5770] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 85.275440][ T5770] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 85.340534][ T5768] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.387060][ T131] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.394501][ T131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.409753][ T5767] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 85.425661][ T5767] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 85.441998][ T5767] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 85.456482][ T5767] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 85.475694][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.482894][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.602114][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.646389][ T5769] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.702881][ T32] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.710119][ T32] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.750161][ T32] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.757326][ T32] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.784973][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.870659][ T5767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.910664][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.937371][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.944593][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.965833][ T5767] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.995965][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.003219][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.041062][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.048437][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.081150][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.088421][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.311437][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.354653][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.399044][ T5771] Bluetooth: hci0: command tx timeout [ 86.474475][ T5768] veth0_vlan: entered promiscuous mode [ 86.488227][ T5771] Bluetooth: hci3: command tx timeout [ 86.493718][ T5771] Bluetooth: hci1: command tx timeout [ 86.501825][ T5773] Bluetooth: hci2: command tx timeout [ 86.533662][ T5768] veth1_vlan: entered promiscuous mode [ 86.606646][ T5769] veth0_vlan: entered promiscuous mode [ 86.676111][ T5769] veth1_vlan: entered promiscuous mode [ 86.714749][ T5768] veth0_macvtap: entered promiscuous mode [ 86.756631][ T5768] veth1_macvtap: entered promiscuous mode [ 86.821276][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.843249][ T5767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.861131][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.871362][ T5769] veth0_macvtap: entered promiscuous mode [ 86.912888][ T5769] veth1_macvtap: entered promiscuous mode [ 86.931446][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.000970][ T5768] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.011790][ T5768] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.021040][ T5768] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.034527][ T5768] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.054454][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.070770][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.083331][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.106351][ T5770] veth0_vlan: entered promiscuous mode [ 87.151852][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.163250][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.176669][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.202733][ T5770] veth1_vlan: entered promiscuous mode [ 87.218978][ T5769] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.228407][ T5769] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.237143][ T5769] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.246891][ T5769] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.356625][ T5767] veth0_vlan: entered promiscuous mode [ 87.454342][ T5767] veth1_vlan: entered promiscuous mode [ 87.483436][ T5770] veth0_macvtap: entered promiscuous mode [ 87.514101][ T5770] veth1_macvtap: entered promiscuous mode [ 87.564391][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.577414][ T131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.587784][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.601378][ T131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.608810][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.608858][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.613590][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.695827][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.718111][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.732809][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.745764][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.771449][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.826838][ T5770] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.836385][ T5770] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.846754][ T5770] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.856903][ T5770] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.904507][ T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.922535][ T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.935000][ T1135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.951690][ T1135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.969565][ T5767] veth0_macvtap: entered promiscuous mode [ 87.991091][ T5767] veth1_macvtap: entered promiscuous mode [ 88.080546][ T3452] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.104338][ T3452] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.116897][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.135025][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.179546][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.211036][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.240151][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.254719][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.267079][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.281225][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.294763][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.331004][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.343708][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.357366][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.369821][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.379777][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.390745][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.404688][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.436521][ T131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.447236][ T5767] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.459386][ T5767] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.469150][ T5767] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.478690][ T5779] Bluetooth: hci0: command tx timeout [ 88.484269][ T131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.485686][ T5767] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.558939][ T5779] Bluetooth: hci1: command tx timeout [ 88.564431][ T5779] Bluetooth: hci2: command tx timeout [ 88.570981][ T5771] Bluetooth: hci3: command tx timeout [ 88.723009][ C0] hrtimer: interrupt took 34681 ns [ 88.915094][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.936750][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.051306][ T5841] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.6'. [ 89.066056][ T5843] -1: renamed from syzkaller0 [ 89.071082][ T1135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.083822][ T1135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.095623][ T5841] netlink: 4548 bytes leftover after parsing attributes in process `syz.2.6'. [ 89.113652][ T5841] netlink: 'syz.2.6': attribute type 1 has an invalid length. [ 90.389020][ T5866] netlink: 'syz.0.12': attribute type 29 has an invalid length. [ 90.559240][ T5779] Bluetooth: hci0: command tx timeout [ 90.638306][ T5773] Bluetooth: hci3: command tx timeout [ 90.643789][ T5773] Bluetooth: hci1: command tx timeout [ 90.650016][ T5779] Bluetooth: hci2: command tx timeout [ 91.212900][ T5866] netlink: 'syz.0.12': attribute type 29 has an invalid length. [ 92.008942][ T788] cfg80211: failed to load regulatory.db [ 92.016031][ T5879] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.16'. [ 92.034262][ T5879] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.16'. [ 93.137351][ T5888] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 93.345672][ T5779] Bluetooth: hci2: unexpected subevent 0x06 length: 150 > 10 [ 93.508724][ T5899] sock: sock_set_timeout: `syz.1.25' (pid 5899) tries to set negative timeout [ 93.910808][ T5888] syz.2.21 (5888) used greatest stack depth: 20328 bytes left [ 93.989138][ T5905] ªªªªªª: renamed from vlan0 (while UP) [ 94.123551][ T5907] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.28'. [ 94.251865][ T5911] netlink: 'syz.1.29': attribute type 1 has an invalid length. [ 94.286246][ T5911] netlink: 'syz.1.29': attribute type 4 has an invalid length. [ 94.358101][ T5911] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.29'. [ 95.031434][ T5922] Illegal XDP return value 1539764265 on prog (id 26) dev N/A, expect packet loss! [ 95.362813][ T5779] Bluetooth: hci2: command tx timeout [ 95.839421][ T5935] netlink: 'syz.2.40': attribute type 3 has an invalid length. [ 95.871225][ T5935] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.40'. [ 95.975689][ T5779] Bluetooth: hci0: unexpected event 0x04 length: 15 > 10 [ 98.003508][ T5779] Bluetooth: hci2: unexpected event 0x2c length: 151 > 17 [ 98.011675][ T5773] Bluetooth: hci0: command tx timeout [ 100.091018][ T6009] netlink: 203516 bytes leftover after parsing attributes in process `syz.3.70'. [ 100.124376][ T6009] netlink: zone id is out of range [ 100.146341][ T6009] netlink: zone id is out of range [ 100.157292][ T6009] netlink: zone id is out of range [ 100.192245][ T6009] netlink: zone id is out of range [ 100.202511][ T6009] netlink: zone id is out of range [ 100.228171][ T6009] netlink: zone id is out of range [ 100.236713][ T6009] netlink: zone id is out of range [ 100.268107][ T6009] netlink: zone id is out of range [ 100.276745][ T6009] netlink: zone id is out of range [ 100.289406][ T6009] netlink: zone id is out of range [ 100.725595][ T6024] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.75'. [ 105.070339][ T6085] warning: `syz.0.100' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 105.178115][ T6085] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 108.536217][ T6083] netlink: 152 bytes leftover after parsing attributes in process `syz.1.99'. [ 108.804560][ T6125] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 109.039340][ T131] wlan1: Trigger new scan to find an IBSS to join [ 109.455173][ T6136] syzkaller0: entered promiscuous mode [ 109.466157][ T6136] syzkaller0: entered allmulticast mode [ 111.912609][ T6188] netlink: 65055 bytes leftover after parsing attributes in process `syz.2.139'. [ 112.960989][ T3049] wlan1: Trigger new scan to find an IBSS to join [ 113.876604][ T11] wlan1: Creating new IBSS network, BSSID 1a:65:9e:93:2f:76 [ 114.665170][ T5773] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 115.025409][ T6241] netlink: 'syz.1.160': attribute type 2 has an invalid length. [ 115.428523][ T5773] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18 [ 116.169667][ T6259] netlink: 'syz.2.169': attribute type 7 has an invalid length. [ 116.239885][ T5773] Bluetooth: hci0: Dropping invalid advertising data [ 116.247271][ T5773] Bluetooth: hci0: unknown advertising packet type: 0xdc [ 116.247308][ T5773] Bluetooth: hci0: Malformed LE Event: 0x02 [ 117.518714][ T5773] Bluetooth: hci2: command tx timeout [ 120.136879][ T6280] netlink: 'syz.2.176': attribute type 3 has an invalid length. [ 120.188811][ T6280] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.176'. [ 120.969255][ T6299] lo: entered allmulticast mode [ 121.058342][ T6299] lo: entered promiscuous mode [ 121.073743][ T6299] lo: left allmulticast mode [ 121.242604][ T5773] Bluetooth: hci2: unexpected event 0x3c length: 151 > 7 [ 121.646256][ T5773] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4 [ 122.283050][ T6331] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1 [ 123.649829][ T6355] bridge_slave_1: left allmulticast mode [ 123.666965][ T6355] bridge_slave_1: left promiscuous mode [ 123.680184][ T6355] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.954122][ T6355] bridge_slave_0: left allmulticast mode [ 123.976264][ T6355] bridge_slave_0: left promiscuous mode [ 123.987428][ T6355] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.413006][ T6362] netlink: 60 bytes leftover after parsing attributes in process `syz.2.206'. [ 124.741460][ T6372] netlink: 'syz.1.212': attribute type 16 has an invalid length. [ 124.782372][ T6372] netlink: 48 bytes leftover after parsing attributes in process `syz.1.212'. [ 124.814095][ T6372] veth1_macvtap: entered allmulticast mode [ 125.049726][ T6379] netlink: 126588 bytes leftover after parsing attributes in process `syz.0.215'. [ 125.304036][ T5773] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 125.985323][ T6397] netlink: 134736 bytes leftover after parsing attributes in process `syz.3.222'. [ 132.265005][ T6423] netlink: 'syz.1.235': attribute type 1 has an invalid length. [ 132.273009][ T6423] netlink: 'syz.1.235': attribute type 4 has an invalid length. [ 132.281879][ T6423] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.235'. [ 132.522064][ T6467] netlink: 'syz.0.254': attribute type 10 has an invalid length. [ 132.963938][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.971012][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.169169][ T6467] team0: Device vxcan1 is of different type [ 133.222430][ T6467] syz.0.254 (6467) used greatest stack depth: 20144 bytes left [ 134.187218][ T6504] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 134.202350][ T6504] syzkaller0: entered promiscuous mode [ 134.212462][ T6504] syzkaller0: entered allmulticast mode [ 134.876995][ T5773] Bluetooth: hci2: unexpected event 0x32 length: 15 > 9 [ 135.499841][ T6515] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.274'. [ 135.542970][ T6519] netlink: 'syz.0.277': attribute type 1 has an invalid length. [ 135.557807][ T6519] netlink: 63743 bytes leftover after parsing attributes in process `syz.0.277'. [ 136.304789][ T6537] syzkaller0: entered promiscuous mode [ 136.310629][ T6537] syzkaller0: entered allmulticast mode [ 136.327018][ T6537] PF_CAN: dropped non conform CAN FD skbuff: dev type 280, len 65487 [ 136.974308][ T6532] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 137.246928][ T6542] Zero length message leads to an empty skb [ 138.006748][ T6560] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.294'. [ 139.001754][ T6593] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.306'. [ 139.462844][ T6603] netlink: 4 bytes leftover after parsing attributes in process `syz.1.312'. [ 139.782032][ T6611] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.316'. [ 139.903342][ T6611] netlink: 4612 bytes leftover after parsing attributes in process `syz.2.316'. [ 139.913628][ T6611] netlink: 9 bytes leftover after parsing attributes in process `syz.2.316'. [ 140.247295][ T6620] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.318'. [ 142.235063][ T6621] : port 1(ip6gretap0) entered blocking state [ 142.250902][ T6621] : port 1(ip6gretap0) entered disabled state [ 142.257446][ T6621] ip6gretap0: entered allmulticast mode [ 142.272318][ T6621] ip6gretap0: entered promiscuous mode [ 142.311029][ T6622] ip6gretap0: left allmulticast mode [ 142.316411][ T6622] ip6gretap0: left promiscuous mode [ 142.352783][ T6622] : port 1(ip6gretap0) entered disabled state [ 142.449852][ T6630] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.324'. [ 143.966337][ T49] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 144.565748][ T6655] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 144.587962][ T6655] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 144.622466][ T6655] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 144.645918][ T6655] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 147.715137][ T6697] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.349'. [ 148.136682][ T6711] netlink: 'syz.1.356': attribute type 10 has an invalid length. [ 148.190669][ T6711] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.252841][ T6711] bridge_slave_1: left allmulticast mode [ 148.270950][ T6711] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.385312][ T6711] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 149.675771][ T6711] syz.1.356 (6711) used greatest stack depth: 19880 bytes left [ 150.284349][ T5773] Bluetooth: hci1: unknown advertising packet type: 0x80 [ 150.832546][ T6748] syzkaller0: entered promiscuous mode [ 150.872287][ T6748] syzkaller0: entered allmulticast mode [ 153.372413][ T6774] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.379'. [ 153.465569][ T5773] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 155.559945][ T5773] Bluetooth: hci3: unexpected event 0x03 length: 15 > 11 [ 156.784978][ T6835] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.404'. [ 159.611829][ T5779] Bluetooth: hci1: command 0x0406 tx timeout [ 160.409178][ T6863] netlink: 164 bytes leftover after parsing attributes in process `syz.2.415'. [ 161.286313][ T6895] netlink: 44 bytes leftover after parsing attributes in process `syz.3.430'. [ 170.059823][ T6977] netlink: 'syz.0.463': attribute type 10 has an invalid length. [ 170.135380][ T6977] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 172.824727][ T7022] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.479'. [ 175.505896][ T11] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 178.382312][ T7069] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.501'. [ 181.777252][ T5773] Bluetooth: hci2: unexpected event 0x03 length: 15 > 11 [ 182.640551][ T7104] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.515'. [ 185.484575][ T7138] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.528'. [ 185.692463][ T7145] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.531'. [ 188.569698][ T7177] netlink: 203516 bytes leftover after parsing attributes in process `syz.0.543'. [ 188.598509][ T7177] netlink: 4612 bytes leftover after parsing attributes in process `syz.0.543'. [ 188.639141][ T7177] netlink: 9 bytes leftover after parsing attributes in process `syz.0.543'. [ 189.192484][ T7191] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.550'. [ 190.070897][ T7198] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.561'. [ 190.373257][ T7207] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.557'. [ 190.577590][ T7212] netlink: 203516 bytes leftover after parsing attributes in process `syz.3.558'. [ 190.601447][ T7212] netlink: 4612 bytes leftover after parsing attributes in process `syz.3.558'. [ 190.611677][ T7212] netlink: 9 bytes leftover after parsing attributes in process `syz.3.558'. [ 190.865943][ T7222] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.564'. [ 191.512542][ T7235] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.571'. [ 192.337521][ T7245] netlink: 203516 bytes leftover after parsing attributes in process `syz.1.573'. [ 192.425050][ T7245] netlink: 4612 bytes leftover after parsing attributes in process `syz.1.573'. [ 192.444774][ T7245] netlink: 9 bytes leftover after parsing attributes in process `syz.1.573'. [ 192.804028][ T7254] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.577'. [ 192.833924][ T7254] net_ratelimit: 331 callbacks suppressed [ 192.833962][ T7254] bridge0: received packet on bridge_slave_1 with own address as source address (addr:0a:0a:da:1b:40:d8, vlan:0) [ 192.861531][ T7254] bridge0: received packet on bridge_slave_1 with own address as source address (addr:0a:0a:da:1b:40:d8, vlan:1) [ 193.137038][ T7259] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.579'. [ 194.405379][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.412171][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.205561][ T7279] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 195.243749][ T7279] syzkaller0: entered promiscuous mode [ 195.249778][ T7279] syzkaller0: entered allmulticast mode [ 195.639075][ T7291] __nla_validate_parse: 1 callbacks suppressed [ 195.639111][ T7291] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.592'. [ 195.661000][ T7291] bridge0: received packet on bridge_slave_1 with own address as source address (addr:0a:0a:da:1b:40:d8, vlan:0) [ 195.699089][ T7291] bridge0: received packet on bridge_slave_1 with own address as source address (addr:0a:0a:da:1b:40:d8, vlan:1) [ 195.991414][ T7296] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.598'. [ 196.529141][ T7314] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 196.537190][ T7314] syzkaller0: entered promiscuous mode [ 196.558077][ T7314] syzkaller0: entered allmulticast mode [ 197.303204][ T7334] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.607'. [ 197.327940][ T7334] bridge0: received packet on bridge_slave_1 with own address as source address (addr:0a:0a:da:1b:40:d8, vlan:0) [ 197.361634][ T7334] bridge0: received packet on bridge_slave_1 with own address as source address (addr:0a:0a:da:1b:40:d8, vlan:1) [ 197.390268][ T7336] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.611'. [ 197.940245][ T7351] netlink: 'syz.0.617': attribute type 1 has an invalid length. [ 197.960532][ T7351] netlink: 'syz.0.617': attribute type 3 has an invalid length. [ 197.978696][ T7351] netlink: 132 bytes leftover after parsing attributes in process `syz.0.617'. [ 198.468210][ T7365] netlink: 'syz.1.620': attribute type 10 has an invalid length. [ 198.528089][ T7365] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.671387][ T7365] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.679846][ T7365] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.798379][ T7365] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 199.090926][ T7375] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.624'. [ 199.107996][ T7375] bridge0: received packet on bridge_slave_1 with own address as source address (addr:0a:0a:da:1b:40:d8, vlan:0) [ 199.132570][ T7375] bridge0: received packet on bridge_slave_1 with own address as source address (addr:0a:0a:da:1b:40:d8, vlan:1) [ 199.255695][ T7379] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.626'. [ 201.394409][ T7406] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.636'. [ 201.436402][ T7406] bridge0: received packet on bridge_slave_1 with own address as source address (addr:0a:0a:da:1b:40:d8, vlan:0) [ 201.487494][ T7406] bridge0: received packet on bridge_slave_1 with own address as source address (addr:0a:0a:da:1b:40:d8, vlan:1) [ 201.510304][ T7410] netlink: 'syz.3.637': attribute type 1 has an invalid length. [ 201.551980][ T7410] netlink: 'syz.3.637': attribute type 3 has an invalid length. [ 201.561869][ T7410] netlink: 132 bytes leftover after parsing attributes in process `syz.3.637'. [ 204.036113][ T7434] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.648'. [ 204.714208][ T7445] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.652'. [ 204.947897][ T7450] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.663'. [ 206.718051][ T5081] Bluetooth: hci2: command 0x0406 tx timeout [ 206.724273][ T5081] Bluetooth: hci0: command 0x0406 tx timeout [ 206.730444][ T5774] Bluetooth: hci1: command 0x0406 tx timeout [ 206.736516][ T5774] Bluetooth: hci3: command 0x0406 tx timeout [ 206.751538][ T32] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 207.208245][ T7479] delete_channel: no stack [ 207.216094][ T7479] delete_channel: no stack [ 208.245068][ T7500] syzkaller0: entered promiscuous mode [ 208.255427][ T7500] syzkaller0: entered allmulticast mode [ 209.306132][ T7513] delete_channel: no stack [ 209.321441][ T7513] delete_channel: no stack [ 210.265819][ T7521] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.684'. [ 211.938937][ T7552] delete_channel: no stack [ 211.945312][ T7552] delete_channel: no stack [ 213.099933][ T7577] delete_channel: no stack [ 213.105507][ T7577] delete_channel: no stack [ 214.319515][ T7609] delete_channel: no stack [ 214.324883][ T7609] delete_channel: no stack [ 215.495868][ T7612] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 222.769145][ T7694] netlink: 134736 bytes leftover after parsing attributes in process `syz.2.755'. [ 224.686694][ T7742] netlink: 126588 bytes leftover after parsing attributes in process `syz.3.774'. [ 225.792920][ T7775] netlink: 126588 bytes leftover after parsing attributes in process `syz.1.786'. [ 227.910089][ T7804] bridge_slave_0: left allmulticast mode [ 227.929067][ T7804] bridge_slave_0: left promiscuous mode [ 227.983864][ T7804] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.846759][ T7804] bond0: (slave bridge0): Releasing backup interface [ 229.687965][ T7816] netlink: 60 bytes leftover after parsing attributes in process `syz.1.805'. [ 231.314779][ T7845] netlink: 'syz.0.825': attribute type 16 has an invalid length. [ 231.337838][ T7845] netlink: 48 bytes leftover after parsing attributes in process `syz.0.825'. [ 231.357983][ T7845] veth1_macvtap: entered allmulticast mode [ 231.727801][ T7848] netlink: 60 bytes leftover after parsing attributes in process `syz.3.818'. [ 235.198618][ T7889] bridge_slave_1: left allmulticast mode [ 235.215193][ T7889] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.255944][ T7889] bridge_slave_0: left allmulticast mode [ 235.264999][ T7889] bridge_slave_0: left promiscuous mode [ 235.275830][ T7889] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.829954][ T7894] syzkaller0: entered promiscuous mode [ 235.846017][ T7894] syzkaller0: entered allmulticast mode [ 237.870317][ T1135] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 239.528124][ T7923] sock: sock_timestamping_bind_phc: sock not bind to device [ 243.374478][ T7945] netlink: 'syz.1.856': attribute type 1 has an invalid length. [ 243.389617][ T7945] netlink: 112860 bytes leftover after parsing attributes in process `syz.1.856'. [ 243.401128][ T7945] netlink: 9 bytes leftover after parsing attributes in process `syz.1.856'. [ 248.705001][ T7929] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.851'. [ 248.715824][ T7982] netlink: 15487 bytes leftover after parsing attributes in process `syz.2.877'. [ 249.066784][ T7988] netlink: 'syz.3.870': attribute type 1 has an invalid length. [ 249.097934][ T7988] netlink: 112860 bytes leftover after parsing attributes in process `syz.3.870'. [ 249.113972][ T7988] netlink: 9 bytes leftover after parsing attributes in process `syz.3.870'. [ 249.146248][ T7990] syzkaller0: entered promiscuous mode [ 249.153382][ T7990] syzkaller0: entered allmulticast mode [ 254.938817][ T8020] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.883'. [ 255.013500][ T8023] netlink: 15487 bytes leftover after parsing attributes in process `syz.3.884'. [ 255.507271][ T8028] netlink: 'syz.0.886': attribute type 1 has an invalid length. [ 255.524018][ T8028] netlink: 112860 bytes leftover after parsing attributes in process `syz.0.886'. [ 255.575055][ T8028] netlink: 9 bytes leftover after parsing attributes in process `syz.0.886'. [ 255.854968][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.868124][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.947268][ T8078] netlink: 'syz.2.902': attribute type 1 has an invalid length. [ 256.967786][ T8078] netlink: 112860 bytes leftover after parsing attributes in process `syz.2.902'. [ 256.977086][ T8078] netlink: 9 bytes leftover after parsing attributes in process `syz.2.902'. [ 257.079748][ T8081] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.904'. [ 257.093608][ T8081] netlink: zone id is out of range [ 257.101229][ T8081] netlink: zone id is out of range [ 257.107181][ T8081] netlink: zone id is out of range [ 257.116946][ T8081] netlink: zone id is out of range [ 257.136650][ T8081] netlink: zone id is out of range [ 257.142772][ T8081] netlink: zone id is out of range [ 257.150578][ T8081] netlink: zone id is out of range [ 257.156306][ T8081] netlink: zone id is out of range [ 257.162349][ T8081] netlink: zone id is out of range [ 257.168495][ T8081] netlink: zone id is out of range [ 258.546005][ T5771] Bluetooth: hci3: ISO packet for unknown connection handle 2097 [ 258.785963][ T8109] netlink: 'syz.1.915': attribute type 1 has an invalid length. [ 258.800456][ T8109] netlink: 112860 bytes leftover after parsing attributes in process `syz.1.915'. [ 258.813848][ T8109] netlink: 9 bytes leftover after parsing attributes in process `syz.1.915'. [ 259.770449][ T8131] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.922'. [ 260.446797][ T5771] Bluetooth: hci1: ISO packet for unknown connection handle 2097 [ 260.479998][ T8144] netlink: 'syz.3.931': attribute type 7 has an invalid length. [ 260.693604][ T8150] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.935'. [ 261.014116][ T8158] netlink: 164 bytes leftover after parsing attributes in process `syz.3.938'. [ 262.240459][ T8175] netlink: 'syz.0.943': attribute type 7 has an invalid length. [ 262.785491][ T8187] netlink: 830 bytes leftover after parsing attributes in process `syz.2.949'. [ 263.264882][ T8191] syzkaller0: entered promiscuous mode [ 263.289073][ T8191] syzkaller0: entered allmulticast mode [ 265.694811][ T8203] netlink: 164 bytes leftover after parsing attributes in process `syz.1.952'. [ 266.221396][ T8216] netlink: 830 bytes leftover after parsing attributes in process `syz.0.961'. [ 266.532623][ T8221] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.963'. [ 267.053073][ T8232] netlink: 164 bytes leftover after parsing attributes in process `syz.0.966'. [ 267.801433][ T5771] Bluetooth: Frame is too long (len 149, expected len 4) [ 268.185149][ T8237] syzkaller0: entered promiscuous mode [ 268.221146][ T8237] syzkaller0: entered allmulticast mode [ 268.438020][ T8249] netlink: 830 bytes leftover after parsing attributes in process `syz.3.972'. [ 268.620571][ T5771] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 269.303642][ T11] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 271.140278][ T8252] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.974'. [ 271.572825][ T8271] netlink: 164 bytes leftover after parsing attributes in process `syz.1.979'. [ 274.077490][ T8301] syzkaller0: entered promiscuous mode [ 274.083634][ T8301] syzkaller0: entered allmulticast mode [ 277.705431][ T8356] syzkaller0: entered promiscuous mode [ 277.713657][ T8356] syzkaller0: entered allmulticast mode [ 277.945417][ T8360] netlink: 'syz.0.1027': attribute type 10 has an invalid length. [ 277.957238][ T8360] netlink: 209280 bytes leftover after parsing attributes in process `syz.0.1027'. [ 277.970974][ T8360] net_ratelimit: 1007 callbacks suppressed [ 277.970991][ T8360] openvswitch: netlink: Flow key attr not present in new flow. [ 278.233445][ T5771] Bluetooth: hci1: unexpected event 0x09 length: 15 > 3 [ 279.992620][ T8380] netlink: 'syz.2.1025': attribute type 11 has an invalid length. [ 280.008373][ T8380] netlink: 'syz.2.1025': attribute type 1 has an invalid length. [ 280.016413][ T8380] netlink: 'syz.2.1025': attribute type 1 has an invalid length. [ 280.027422][ T8380] netlink: 'syz.2.1025': attribute type 2 has an invalid length. [ 280.035715][ T8380] netlink: 198140 bytes leftover after parsing attributes in process `syz.2.1025'. [ 280.691384][ T5771] Bluetooth: hci2: unexpected event 0x09 length: 15 > 3 [ 280.990254][ T8401] netlink: 'syz.3.1034': attribute type 10 has an invalid length. [ 281.006384][ T8401] netlink: 209280 bytes leftover after parsing attributes in process `syz.3.1034'. [ 281.016861][ T8401] openvswitch: netlink: Flow key attr not present in new flow. [ 281.397939][ T8414] netlink: 'syz.3.1039': attribute type 11 has an invalid length. [ 281.409712][ T8414] netlink: 'syz.3.1039': attribute type 1 has an invalid length. [ 281.417506][ T8414] netlink: 'syz.3.1039': attribute type 1 has an invalid length. [ 281.425962][ T8414] netlink: 'syz.3.1039': attribute type 2 has an invalid length. [ 281.434587][ T8414] netlink: 198140 bytes leftover after parsing attributes in process `syz.3.1039'. [ 281.507541][ T8416] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1050'. [ 282.498951][ T8447] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1054'. [ 283.772208][ T8481] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1068'. [ 286.397383][ T8509] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1082'. [ 300.232110][ T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 303.254344][ T8711] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1156'. [ 307.087050][ T8748] netlink: 203516 bytes leftover after parsing attributes in process `syz.1.1172'. [ 307.130728][ T8748] netlink: zone id is out of range [ 307.154086][ T8748] netlink: zone id is out of range [ 307.181080][ T8748] netlink: zone id is out of range [ 307.208028][ T8748] netlink: zone id is out of range [ 307.224025][ T8748] netlink: zone id is out of range [ 307.236773][ T8748] netlink: zone id is out of range [ 307.245093][ T8748] netlink: zone id is out of range [ 307.251455][ T8748] netlink: zone id is out of range [ 307.258509][ T8748] netlink: zone id is out of range [ 307.263958][ T8748] netlink: zone id is out of range [ 310.933510][ T8794] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.1186'. [ 316.928699][ T8913] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.1232'. [ 317.289246][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.295941][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.697455][ T8947] netlink: 1047 bytes leftover after parsing attributes in process `syz.0.1244'. [ 320.665455][ T5771] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10 [ 320.868286][ T8974] netlink: 'syz.3.1256': attribute type 3 has an invalid length. [ 320.922482][ T8974] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1256'. [ 321.138763][ T8983] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.1259'. [ 321.189043][ T8983] bridge_slave_1: left promiscuous mode [ 321.942188][ T5771] Bluetooth: hci3: unexpected event 0x04 length: 15 > 10 [ 322.718226][ T5771] Bluetooth: hci2: command 0x0406 tx timeout [ 323.787382][ T9027] netlink: 'syz.3.1284': attribute type 29 has an invalid length. [ 323.857472][ T9027] netlink: 'syz.3.1284': attribute type 29 has an invalid length. [ 323.997827][ T5771] Bluetooth: hci3: command 0x0406 tx timeout [ 324.875007][ T5771] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10 [ 326.674855][ T5771] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10 [ 326.877790][ T5771] Bluetooth: hci1: command 0x0406 tx timeout [ 327.110716][ T9081] netlink: 'syz.3.1297': attribute type 1 has an invalid length. [ 327.127804][ T9081] netlink: 'syz.3.1297': attribute type 4 has an invalid length. [ 327.145419][ T9081] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1297'. [ 327.305008][ T9087] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.1300'. [ 327.646816][ T5771] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10 [ 327.737958][ T9098] net_ratelimit: 672 callbacks suppressed [ 327.737976][ T9098] sock: sock_set_timeout: `syz.0.1305' (pid 9098) tries to set negative timeout [ 327.970611][ T5771] Bluetooth: hci1: unexpected subevent 0x06 length: 150 > 10 [ 328.233406][ T9109] netlink: 'syz.0.1317': attribute type 9 has an invalid length. [ 328.283003][ T9109] netlink: 154020 bytes leftover after parsing attributes in process `syz.0.1317'. [ 328.590810][ T9120] ªªªªªª: renamed from vlan0 (while UP) [ 328.642915][ T9118] netlink: 'syz.0.1311': attribute type 1 has an invalid length. [ 328.661805][ T9118] netlink: 'syz.0.1311': attribute type 4 has an invalid length. [ 328.684601][ T9118] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1311'. [ 328.719808][ T5771] Bluetooth: hci2: command 0x0406 tx timeout [ 328.886276][ T5771] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10 [ 329.004329][ T9130] sock: sock_set_timeout: `syz.2.1315' (pid 9130) tries to set negative timeout [ 329.047334][ T9126] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 329.163356][ T9126] syz.1.1325 (9126) used greatest stack depth: 19048 bytes left [ 329.345685][ T9136] syzkaller0: entered promiscuous mode [ 329.358151][ T9136] syzkaller0: entered allmulticast mode [ 329.682222][ T5771] Bluetooth: hci1: command 0x0406 tx timeout [ 330.959812][ T5771] Bluetooth: hci2: command 0x0406 tx timeout [ 331.258394][ T131] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 331.495552][ T5771] Bluetooth: hci0: unexpected subevent 0x06 length: 150 > 10 [ 331.758234][ T5771] Bluetooth: hci1: command 0x0406 tx timeout [ 331.953997][ T9169] ªªªªªª: renamed from vlan0 (while UP) [ 332.760296][ T9180] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 333.523474][ T5771] Bluetooth: hci0: command 0x0406 tx timeout [ 333.861384][ T9196] netlink: 'syz.1.1335': attribute type 29 has an invalid length. [ 333.900937][ T9196] netlink: 'syz.1.1335': attribute type 29 has an invalid length. [ 334.204203][ T9206] netlink: 207496 bytes leftover after parsing attributes in process `syz.2.1338'. [ 334.533444][ T9213] ªªªªªª: renamed from vlan0 (while UP) [ 336.194603][ T9246] netlink: 'syz.2.1354': attribute type 29 has an invalid length. [ 336.230941][ T9246] netlink: 'syz.2.1354': attribute type 29 has an invalid length. [ 337.670468][ T9269] netlink: 207496 bytes leftover after parsing attributes in process `syz.1.1365'. [ 337.971637][ T9278] netlink: 'syz.0.1374': attribute type 29 has an invalid length. [ 338.039629][ T9278] netlink: 'syz.0.1374': attribute type 29 has an invalid length. [ 339.127245][ T9303] netlink: 207496 bytes leftover after parsing attributes in process `syz.0.1381'. [ 339.526403][ T5771] Bluetooth: hci2: unknown advertising packet type: 0x80 [ 342.474638][ T9387] syzkaller0: entered promiscuous mode [ 342.514128][ T9387] syzkaller0: entered allmulticast mode [ 342.610192][ T5771] Bluetooth: hci3: unknown advertising packet type: 0x80 [ 345.728822][ T9428] syzkaller0: entered promiscuous mode [ 345.744182][ T9428] syzkaller0: entered allmulticast mode [ 345.763415][ T9431] netlink: 1047 bytes leftover after parsing attributes in process `syz.3.1439'. [ 352.824075][ T9512] syzkaller0: entered promiscuous mode [ 352.831156][ T9512] syzkaller0: entered allmulticast mode [ 358.343901][ T9552] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1486'. [ 361.131469][ T9602] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1507'. [ 361.184607][ T9602] debugfs: Directory '!!ô!' with parent 'ieee80211' already present! [ 361.900272][ T9612] syzkaller0: entered promiscuous mode [ 361.927692][ T9612] syzkaller0: entered allmulticast mode [ 362.964305][ T11] wlan1: Trigger new scan to find an IBSS to join [ 365.463726][ T5771] Bluetooth: hci1: unexpected event 0x09 length: 15 > 3 [ 366.001911][ T49] wlan1: Trigger new scan to find an IBSS to join [ 366.059397][ T9639] netlink: 'syz.1.1529': attribute type 10 has an invalid length. [ 366.067861][ T9639] netlink: 'syz.1.1529': attribute type 10 has an invalid length. [ 366.079969][ T9639] netlink: 209216 bytes leftover after parsing attributes in process `syz.1.1529'. [ 366.094856][ T9639] openvswitch: netlink: Message has 4 unknown bytes. [ 366.955761][ T9647] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1522'. [ 366.980766][ T9647] debugfs: Directory '!!ô!' with parent 'ieee80211' already present! [ 368.957766][ T12] wlan1: Trigger new scan to find an IBSS to join [ 370.102247][ T11] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:bb [ 370.825626][ T9670] netlink: 'syz.3.1535': attribute type 10 has an invalid length. [ 370.848952][ T9670] netlink: 'syz.3.1535': attribute type 10 has an invalid length. [ 370.868291][ T9670] netlink: 209216 bytes leftover after parsing attributes in process `syz.3.1535'. [ 370.891349][ T9670] openvswitch: netlink: Message has 4 unknown bytes. [ 375.178571][ T9697] syzkaller0: entered promiscuous mode [ 375.185684][ T9697] syzkaller0: entered allmulticast mode [ 375.374642][ T9705] netlink: 'syz.0.1545': attribute type 10 has an invalid length. [ 375.383012][ T9705] netlink: 'syz.0.1545': attribute type 10 has an invalid length. [ 375.394848][ T9705] netlink: 209216 bytes leftover after parsing attributes in process `syz.0.1545'. [ 375.409845][ T9705] openvswitch: netlink: Message has 4 unknown bytes. [ 378.746043][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.752627][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 381.755274][ T9742] netlink: 'syz.2.1556': attribute type 10 has an invalid length. [ 381.787522][ T9742] netlink: 'syz.2.1556': attribute type 10 has an invalid length. [ 381.798886][ T9742] netlink: 209216 bytes leftover after parsing attributes in process `syz.2.1556'. [ 381.813015][ T9742] openvswitch: netlink: Message has 4 unknown bytes. [ 382.150776][ T9750] netlink: 'syz.1.1559': attribute type 27 has an invalid length. [ 383.729478][ T9774] netlink: 'syz.3.1570': attribute type 10 has an invalid length. [ 383.738798][ T9774] netlink: 'syz.3.1570': attribute type 10 has an invalid length. [ 383.753318][ T9774] netlink: 209216 bytes leftover after parsing attributes in process `syz.3.1570'. [ 383.765783][ T9774] openvswitch: netlink: Message has 4 unknown bytes. [ 387.191864][ T9787] netlink: 'syz.0.1575': attribute type 27 has an invalid length. [ 388.128566][ T9805] syzkaller0: entered promiscuous mode [ 388.134219][ T9805] syzkaller0: entered allmulticast mode [ 389.466599][ T9829] netlink: 'syz.1.1591': attribute type 10 has an invalid length. [ 389.492052][ T9829] netlink: 'syz.1.1591': attribute type 10 has an invalid length. [ 389.506656][ T9829] netlink: 209216 bytes leftover after parsing attributes in process `syz.1.1591'. [ 389.527194][ T9829] openvswitch: netlink: Message has 4 unknown bytes. [ 390.848973][ T9820] netlink: 'syz.2.1587': attribute type 27 has an invalid length. [ 391.110510][ T5771] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 398.079113][ T9909] syzkaller0: entered promiscuous mode [ 398.086304][ T9909] syzkaller0: entered allmulticast mode [ 398.104368][ T9912] netlink: 'syz.2.1622': attribute type 10 has an invalid length. [ 398.123654][ T9912] netlink: 'syz.2.1622': attribute type 10 has an invalid length. [ 398.147827][ T9912] netlink: 209216 bytes leftover after parsing attributes in process `syz.2.1622'. [ 398.168427][ T9912] openvswitch: netlink: Message has 4 unknown bytes. [ 400.172859][ T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 403.383778][ T9953] syzkaller0: entered promiscuous mode [ 403.413849][ T9953] syzkaller0: entered allmulticast mode [ 403.735190][ T9960] netlink: 'syz.3.1640': attribute type 10 has an invalid length. [ 403.743858][ T9960] netlink: 'syz.3.1640': attribute type 10 has an invalid length. [ 403.763731][ T9960] netlink: 209216 bytes leftover after parsing attributes in process `syz.3.1640'. [ 403.784530][ T9960] openvswitch: netlink: Message has 4 unknown bytes. [ 408.707647][ T9997] netlink: 'syz.3.1655': attribute type 27 has an invalid length. [ 408.729698][ T9997] netlink: 'syz.3.1655': attribute type 4 has an invalid length. [ 408.753701][ T9997] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1655'. [ 409.435699][T10011] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.1660'. [ 412.708382][T10026] netlink: 'syz.2.1672': attribute type 27 has an invalid length. [ 412.716288][T10026] netlink: 'syz.2.1672': attribute type 4 has an invalid length. [ 412.755877][T10026] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1672'. [ 414.635034][T10058] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.1674'. [ 415.935850][T10070] netlink: 'syz.1.1678': attribute type 27 has an invalid length. [ 415.973988][T10070] netlink: 'syz.1.1678': attribute type 4 has an invalid length. [ 416.013488][T10070] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1678'. [ 419.779124][T10139] netlink: 'syz.0.1697': attribute type 27 has an invalid length. [ 419.787128][T10139] netlink: 'syz.0.1697': attribute type 4 has an invalid length. [ 419.879058][T10139] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1697'. [ 420.877260][T10156] netlink: 64859 bytes leftover after parsing attributes in process `syz.3.1710'. [ 420.949681][T10156] netlink: 'syz.3.1710': attribute type 10 has an invalid length. [ 421.071450][T10156] 8021q: adding VLAN 0 to HW filter on device bond0 [ 421.103666][T10156] team0: Port device bond0 added [ 423.390812][T10192] netlink: 64859 bytes leftover after parsing attributes in process `syz.1.1723'. [ 423.426956][T10192] netlink: 'syz.1.1723': attribute type 10 has an invalid length. [ 423.526126][T10192] 8021q: adding VLAN 0 to HW filter on device bond0 [ 423.545614][T10192] team0: Port device bond0 added [ 429.671011][T10261] netlink: 'syz.1.1746': attribute type 10 has an invalid length. [ 429.714095][T10261] netlink: 212412 bytes leftover after parsing attributes in process `syz.1.1746'. [ 429.753663][T10261] openvswitch: netlink: Flow key attr not present in new flow. [ 430.248706][T10269] netlink: 64859 bytes leftover after parsing attributes in process `syz.2.1752'. [ 430.319291][T10269] netlink: 'syz.2.1752': attribute type 10 has an invalid length. [ 430.393195][T10269] 8021q: adding VLAN 0 to HW filter on device bond0 [ 430.442773][T10269] team0: Port device bond0 added [ 431.228496][ T1135] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 432.517300][T10309] netlink: 'syz.0.1765': attribute type 3 has an invalid length. [ 432.545628][T10309] netlink: 'syz.0.1765': attribute type 1 has an invalid length. [ 432.567604][T10309] netlink: 'syz.0.1765': attribute type 6 has an invalid length. [ 432.596005][T10309] netlink: 144448 bytes leftover after parsing attributes in process `syz.0.1765'. [ 433.895955][T10335] netlink: 'syz.2.1776': attribute type 3 has an invalid length. [ 433.904068][T10335] netlink: 'syz.2.1776': attribute type 1 has an invalid length. [ 433.912335][T10335] netlink: 'syz.2.1776': attribute type 6 has an invalid length. [ 433.920641][T10335] netlink: 144448 bytes leftover after parsing attributes in process `syz.2.1776'. [ 436.066221][T10347] syzkaller0: entered promiscuous mode [ 436.072024][T10347] syzkaller0: entered allmulticast mode [ 437.916382][T10360] netlink: 'syz.3.1786': attribute type 10 has an invalid length. [ 437.927743][T10360] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1786'. [ 438.027417][T10364] netlink: 64859 bytes leftover after parsing attributes in process `syz.0.1783'. [ 438.065684][T10364] netlink: 'syz.0.1783': attribute type 10 has an invalid length. [ 438.104650][T10364] 8021q: adding VLAN 0 to HW filter on device bond0 [ 438.149105][T10364] team0: Port device bond0 added [ 438.652858][ T5771] Bluetooth: hci2: unexpected subevent 0x0a length: 150 > 30 [ 438.660521][ T5771] Bluetooth: hci2: Invalid handle: 0x0f00 > 0x0eff [ 439.081668][T10382] syzkaller0: entered promiscuous mode [ 439.099249][T10382] syzkaller0: entered allmulticast mode [ 440.186792][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.193505][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.088091][ T5771] Bluetooth: hci3: unexpected subevent 0x0a length: 150 > 30 [ 442.095664][ T5771] Bluetooth: hci3: Invalid handle: 0x0f00 > 0x0eff [ 442.312955][T10423] syzkaller0: entered promiscuous mode [ 442.361878][T10423] syzkaller0: entered allmulticast mode [ 442.414317][T10424] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 442.446534][T10424] syzkaller0: Linktype set failed because interface is up [ 442.515817][ T32] syzkaller0: tun_net_xmit 48 [ 443.362049][T10435] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1815'. [ 445.563176][T10448] syzkaller0: entered promiscuous mode [ 445.570915][T10448] syzkaller0: entered allmulticast mode [ 445.663533][T10450] syzkaller0: entered promiscuous mode [ 445.673236][T10450] syzkaller0: entered allmulticast mode [ 449.513886][T10456] netlink: 'syz.1.1814': attribute type 10 has an invalid length. [ 449.522096][T10456] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1814'. [ 450.415572][T10488] syzkaller0: entered promiscuous mode [ 450.466053][T10488] syzkaller0: entered allmulticast mode [ 451.532723][T10508] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1834'. [ 455.670876][T10572] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1857'. [ 456.819742][T10588] netlink: 'syz.1.1864': attribute type 29 has an invalid length. [ 456.873205][T10591] netlink: 'syz.1.1864': attribute type 29 has an invalid length. [ 457.259984][T10588] netlink: 'syz.1.1864': attribute type 29 has an invalid length. [ 457.374385][T10593] netlink: 'syz.1.1864': attribute type 21 has an invalid length. [ 457.399293][T10593] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1864'. [ 460.737296][ T5779] Bluetooth: hci1: unexpected event 0x03 length: 15 > 11 [ 462.288354][ T11] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 462.422840][T10627] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1873'. [ 465.449693][T10678] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1892'. [ 466.203158][T10685] netlink: 'syz.0.1903': attribute type 29 has an invalid length. [ 466.239973][T10685] netlink: 'syz.0.1903': attribute type 29 has an invalid length. [ 466.255675][T10688] netlink: 'syz.0.1903': attribute type 29 has an invalid length. [ 466.472812][ T5779] Bluetooth: hci3: unexpected event 0x03 length: 15 > 11 [ 466.944348][T10688] netlink: 'syz.0.1903': attribute type 21 has an invalid length. [ 467.027985][T10688] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1903'. [ 469.025878][ T5779] Bluetooth: hci2: unexpected event 0x03 length: 15 > 11 [ 469.484546][T10728] netlink: 'syz.3.1909': attribute type 29 has an invalid length. [ 469.591683][T10728] netlink: 'syz.3.1909': attribute type 29 has an invalid length. [ 469.708815][T10728] netlink: 'syz.3.1909': attribute type 29 has an invalid length. [ 469.913660][T10734] netlink: 'syz.3.1909': attribute type 21 has an invalid length. [ 469.943291][T10734] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1909'. [ 471.724836][ T5779] Bluetooth: hci0: unexpected event 0x03 length: 15 > 11 [ 473.372833][T10775] netlink: 'syz.2.1924': attribute type 29 has an invalid length. [ 473.445335][T10779] netlink: 'syz.2.1924': attribute type 29 has an invalid length. [ 473.485681][T10775] netlink: 'syz.2.1924': attribute type 29 has an invalid length. [ 473.624350][T10775] netlink: 'syz.2.1924': attribute type 21 has an invalid length. [ 473.655238][T10775] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1924'. [ 474.195928][T10788] netlink: 'syz.3.1939': attribute type 29 has an invalid length. [ 474.220744][T10785] netlink: 'syz.3.1939': attribute type 29 has an invalid length. [ 474.233841][T10788] netlink: 'syz.3.1939': attribute type 29 has an invalid length. [ 474.385213][T10788] netlink: 'syz.3.1939': attribute type 21 has an invalid length. [ 474.447915][T10788] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1939'. [ 478.855300][T10827] netlink: 'syz.0.1948': attribute type 29 has an invalid length. [ 478.895674][T10828] netlink: 'syz.0.1948': attribute type 29 has an invalid length. [ 478.929888][T10827] netlink: 'syz.0.1948': attribute type 29 has an invalid length. [ 479.094382][T10827] netlink: 'syz.0.1948': attribute type 21 has an invalid length. [ 479.112805][T10827] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1948'. [ 481.578901][T10842] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 482.765933][ T5779] Bluetooth: hci0: unexpected subevent 0x0a length: 15 < 30 [ 482.896680][T10856] syzkaller0: entered promiscuous mode [ 482.905286][T10856] syzkaller0: entered allmulticast mode [ 483.257446][T10863] netlink: 'syz.0.1961': attribute type 29 has an invalid length. [ 483.317901][T10864] netlink: 'syz.0.1961': attribute type 29 has an invalid length. [ 484.007915][ T3049] wlan1: Trigger new scan to find an IBSS to join [ 484.966245][T10863] netlink: 'syz.0.1961': attribute type 29 has an invalid length. [ 484.974459][T10865] netlink: 'syz.0.1961': attribute type 21 has an invalid length. [ 484.987831][T10865] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1961'. [ 485.487780][ T5779] Bluetooth: hci0: unexpected event 0x04 length: 15 > 10 [ 486.193806][ T5779] Bluetooth: hci2: unexpected subevent 0x0a length: 15 < 30 [ 486.436596][T10893] netlink: 'syz.2.1975': attribute type 29 has an invalid length. [ 486.486334][T10899] netlink: 'syz.2.1975': attribute type 29 has an invalid length. [ 486.516968][T10891] syzkaller0: entered promiscuous mode [ 486.525633][T10891] syzkaller0: entered allmulticast mode [ 486.534978][T10893] netlink: 'syz.2.1975': attribute type 29 has an invalid length. [ 487.523454][ T5779] Bluetooth: hci0: command 0x0406 tx timeout [ 488.663480][T10899] netlink: 'syz.2.1975': attribute type 21 has an invalid length. [ 488.671566][T10899] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1975'. [ 489.047763][ T11] wlan1: Trigger new scan to find an IBSS to join [ 490.140388][ T131] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00 [ 490.299086][ T5779] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10 [ 490.342355][ T5779] Bluetooth: hci1: unexpected subevent 0x0a length: 15 < 30 [ 490.588475][T10928] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1988'. [ 491.088551][T10939] netlink: 'syz.0.1993': attribute type 29 has an invalid length. [ 491.096494][T10939] netlink: 'syz.0.1993': attribute type 29 has an invalid length. [ 491.097766][T10936] netlink: 'syz.0.1993': attribute type 29 has an invalid length. [ 491.272630][T10936] netlink: 'syz.0.1993': attribute type 21 has an invalid length. [ 491.294198][T10936] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1993'. [ 492.279966][ T5779] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10 [ 492.280960][T10966] netlink: 830 bytes leftover after parsing attributes in process `syz.3.2005'. [ 492.317690][ T5779] Bluetooth: hci2: command 0x0406 tx timeout [ 492.561336][T10972] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2007'. [ 492.604979][T10972] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô!' [ 492.629376][T10972] CPU: 0 PID: 10972 Comm: syz.0.2007 Not tainted syzkaller #0 [ 492.636920][T10972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 492.647030][T10972] Call Trace: [ 492.650361][T10972] [ 492.653341][T10972] dump_stack_lvl+0x18c/0x250 [ 492.658170][T10972] ? show_regs_print_info+0x20/0x20 [ 492.663435][T10972] ? load_image+0x420/0x420 [ 492.668041][T10972] sysfs_warn_dup+0x8e/0xa0 [ 492.672642][T10972] sysfs_do_create_link_sd+0xc0/0x110 [ 492.678066][T10972] device_add_class_symlinks+0x1cf/0x240 [ 492.683811][T10972] device_add+0x507/0xc50 [ 492.688284][T10972] wiphy_register+0x1dad/0x2ae0 [ 492.693241][T10972] ? cfg80211_event_work+0x40/0x40 [ 492.698394][T10972] ? minstrel_ht_alloc+0x88a/0x990 [ 492.703592][T10972] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 492.709745][T10972] ieee80211_register_hw+0x3464/0x4250 [ 492.715288][T10972] ? ieee80211_tasklet_handler+0x20/0x20 [ 492.720978][T10972] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 492.726984][T10972] ? __debug_object_init+0xec/0x450 [ 492.732298][T10972] ? __asan_memset+0x22/0x40 [ 492.736990][T10972] ? __hrtimer_init+0x186/0x270 [ 492.741934][T10972] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 492.747779][T10972] ? mac80211_hwsim_free+0x220/0x220 [ 492.753122][T10972] ? rcu_is_watching+0x15/0xb0 [ 492.757947][T10972] ? kstrndup+0xbd/0x140 [ 492.762273][T10972] hwsim_new_radio_nl+0xdc9/0x1a90 [ 492.767431][T10972] ? __nla_validate+0x50/0x50 [ 492.772171][T10972] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 492.778564][T10972] ? __nla_parse+0x40/0x50 [ 492.783030][T10972] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 492.789467][T10972] genl_family_rcv_msg_doit+0x211/0x310 [ 492.795069][T10972] ? end_current_label_crit_section+0x170/0x170 [ 492.801415][T10972] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 492.807456][T10972] ? bpf_lsm_capable+0x9/0x10 [ 492.812229][T10972] ? security_capable+0x89/0xb0 [ 492.817197][T10972] genl_rcv_msg+0x619/0x7a0 [ 492.821797][T10972] ? genl_bind+0x360/0x360 [ 492.826298][T10972] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 492.832718][T10972] netlink_rcv_skb+0x241/0x4d0 [ 492.837644][T10972] ? genl_bind+0x360/0x360 [ 492.842122][T10972] ? netlink_ack+0x1180/0x1180 [ 492.846957][T10972] ? __lock_acquire+0x7d40/0x7d40 [ 492.852040][T10972] ? down_read+0x1ac/0x2e0 [ 492.856514][T10972] genl_rcv+0x28/0x40 [ 492.860548][T10972] netlink_unicast+0x751/0x8d0 [ 492.865677][T10972] netlink_sendmsg+0x8d0/0xbf0 [ 492.870514][T10972] ? netlink_getsockopt+0x590/0x590 [ 492.875777][T10972] ? aa_sock_msg_perm+0x94/0x150 [ 492.880765][T10972] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 492.886099][T10972] ? security_socket_sendmsg+0x80/0xa0 [ 492.891608][T10972] ? netlink_getsockopt+0x590/0x590 [ 492.896876][T10972] ____sys_sendmsg+0x5ba/0x960 [ 492.901746][T10972] ? __asan_memset+0x22/0x40 [ 492.906411][T10972] ? __sys_sendmsg_sock+0x30/0x30 [ 492.911511][T10972] ? __import_iovec+0x5f2/0x850 [ 492.916499][T10972] ? import_iovec+0x73/0xa0 [ 492.921111][T10972] ___sys_sendmsg+0x2a6/0x360 [ 492.925884][T10972] ? __sys_sendmsg+0x2a0/0x2a0 [ 492.931042][T10972] __se_sys_sendmsg+0x1c2/0x2b0 [ 492.935963][T10972] ? __x64_sys_sendmsg+0x80/0x80 [ 492.940973][T10972] ? lockdep_hardirqs_on+0x98/0x150 [ 492.946237][T10972] do_syscall_64+0x55/0xb0 [ 492.950701][T10972] ? clear_bhb_loop+0x40/0x90 [ 492.955463][T10972] ? clear_bhb_loop+0x40/0x90 [ 492.960196][T10972] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 492.966173][T10972] RIP: 0033:0x7fea2439ce59 [ 492.970651][T10972] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 492.990304][T10972] RSP: 002b:00007fea225f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 492.998771][T10972] RAX: ffffffffffffffda RBX: 00007fea24615fa0 RCX: 00007fea2439ce59 [ 493.006872][T10972] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 493.014885][T10972] RBP: 00007fea24432d6f R08: 0000000000000000 R09: 0000000000000000 [ 493.022896][T10972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 493.030907][T10972] R13: 00007fea24616038 R14: 00007fea24615fa0 R15: 00007ffc16e62a48 [ 493.038950][T10972] [ 494.318080][ T5779] Bluetooth: hci1: command 0x0406 tx timeout [ 497.791108][ T5779] Bluetooth: hci3: unexpected event 0x04 length: 15 > 10 [ 499.837899][ T5779] Bluetooth: hci3: command 0x0406 tx timeout [ 500.405336][T11027] netlink: 'syz.2.2031': attribute type 29 has an invalid length. [ 500.440998][T11030] netlink: 'syz.2.2031': attribute type 29 has an invalid length. [ 500.462967][T11027] netlink: 'syz.2.2031': attribute type 29 has an invalid length. [ 500.572088][T11030] netlink: 'syz.2.2031': attribute type 21 has an invalid length. [ 500.599212][T11030] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2031'. [ 501.601407][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.612668][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.569439][T11040] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2036'. [ 503.600491][T11040] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô!' [ 503.630458][T11040] CPU: 1 PID: 11040 Comm: syz.2.2036 Not tainted syzkaller #0 [ 503.638027][T11040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 503.648229][T11040] Call Trace: [ 503.651564][T11040] [ 503.654545][T11040] dump_stack_lvl+0x18c/0x250 [ 503.659286][T11040] ? show_regs_print_info+0x20/0x20 [ 503.664538][T11040] ? load_image+0x420/0x420 [ 503.669122][T11040] sysfs_warn_dup+0x8e/0xa0 [ 503.673686][T11040] sysfs_do_create_link_sd+0xc0/0x110 [ 503.679136][T11040] device_add_class_symlinks+0x1cf/0x240 [ 503.684892][T11040] device_add+0x507/0xc50 [ 503.689295][T11040] wiphy_register+0x1dad/0x2ae0 [ 503.694243][T11040] ? cfg80211_event_work+0x40/0x40 [ 503.699415][T11040] ? minstrel_ht_alloc+0x88a/0x990 [ 503.704623][T11040] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 503.710767][T11040] ieee80211_register_hw+0x3464/0x4250 [ 503.716320][T11040] ? ieee80211_tasklet_handler+0x20/0x20 [ 503.722015][T11040] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 503.727979][T11040] ? __debug_object_init+0xec/0x450 [ 503.733258][T11040] ? __asan_memset+0x22/0x40 [ 503.738358][T11040] ? __hrtimer_init+0x186/0x270 [ 503.743276][T11040] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 503.749062][T11040] ? mac80211_hwsim_free+0x220/0x220 [ 503.754382][T11040] ? rcu_is_watching+0x15/0xb0 [ 503.759181][T11040] ? kstrndup+0xbd/0x140 [ 503.763470][T11040] hwsim_new_radio_nl+0xdc9/0x1a90 [ 503.768623][T11040] ? __nla_validate+0x50/0x50 [ 503.773347][T11040] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 503.779741][T11040] ? __nla_parse+0x40/0x50 [ 503.784187][T11040] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 503.790553][T11040] genl_family_rcv_msg_doit+0x211/0x310 [ 503.796135][T11040] ? end_current_label_crit_section+0x170/0x170 [ 503.802426][T11040] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 503.808373][T11040] ? bpf_lsm_capable+0x9/0x10 [ 503.813087][T11040] ? security_capable+0x89/0xb0 [ 503.817980][T11040] genl_rcv_msg+0x619/0x7a0 [ 503.822544][T11040] ? genl_bind+0x360/0x360 [ 503.826988][T11040] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 503.833357][T11040] netlink_rcv_skb+0x241/0x4d0 [ 503.838167][T11040] ? genl_bind+0x360/0x360 [ 503.842614][T11040] ? netlink_ack+0x1180/0x1180 [ 503.847422][T11040] ? __lock_acquire+0x7d40/0x7d40 [ 503.852481][T11040] ? down_read+0x1ac/0x2e0 [ 503.856929][T11040] genl_rcv+0x28/0x40 [ 503.860935][T11040] netlink_unicast+0x751/0x8d0 [ 503.865741][T11040] netlink_sendmsg+0x8d0/0xbf0 [ 503.870547][T11040] ? netlink_getsockopt+0x590/0x590 [ 503.875788][T11040] ? aa_sock_msg_perm+0x94/0x150 [ 503.880764][T11040] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 503.886079][T11040] ? security_socket_sendmsg+0x80/0xa0 [ 503.891652][T11040] ? netlink_getsockopt+0x590/0x590 [ 503.896889][T11040] ____sys_sendmsg+0x5ba/0x960 [ 503.901696][T11040] ? __asan_memset+0x22/0x40 [ 503.906329][T11040] ? __sys_sendmsg_sock+0x30/0x30 [ 503.911386][T11040] ? __import_iovec+0x5f2/0x850 [ 503.916276][T11040] ? import_iovec+0x73/0xa0 [ 503.920807][T11040] ___sys_sendmsg+0x2a6/0x360 [ 503.925517][T11040] ? __sys_sendmsg+0x2a0/0x2a0 [ 503.930324][T11040] ? trace_call_bpf+0xc3/0x6c0 [ 503.935172][T11040] __se_sys_sendmsg+0x1c2/0x2b0 [ 503.940055][T11040] ? __x64_sys_sendmsg+0x80/0x80 [ 503.945035][T11040] ? lockdep_hardirqs_on+0x98/0x150 [ 503.950270][T11040] do_syscall_64+0x55/0xb0 [ 503.954712][T11040] ? clear_bhb_loop+0x40/0x90 [ 503.959421][T11040] ? clear_bhb_loop+0x40/0x90 [ 503.964127][T11040] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 503.970053][T11040] RIP: 0033:0x7fd0b7f9ce59 [ 503.974490][T11040] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 503.994125][T11040] RSP: 002b:00007fd0b8dd8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 504.002568][T11040] RAX: ffffffffffffffda RBX: 00007fd0b8215fa0 RCX: 00007fd0b7f9ce59 [ 504.010575][T11040] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 504.018567][T11040] RBP: 00007fd0b8032d6f R08: 0000000000000000 R09: 0000000000000000 [ 504.026589][T11040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 504.034582][T11040] R13: 00007fd0b8216038 R14: 00007fd0b8215fa0 R15: 00007fff03681798 [ 504.042603][T11040] [ 506.951776][T11075] netlink: 'syz.1.2052': attribute type 21 has an invalid length. [ 506.977189][T11075] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2052'. [ 507.249014][T11083] syzkaller0: entered promiscuous mode [ 507.267636][T11083] syzkaller0: entered allmulticast mode [ 507.673085][T11098] netlink: 'syz.0.2064': attribute type 21 has an invalid length. [ 507.695171][T11098] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2064'. [ 511.267802][T11144] syzkaller0: entered promiscuous mode [ 511.273380][T11144] syzkaller0: entered allmulticast mode [ 514.634476][ T5779] Bluetooth: hci3: unexpected subevent 0x0a length: 150 > 30 [ 515.891380][T11181] netlink: 3890 bytes leftover after parsing attributes in process `syz.0.2081'. [ 516.075716][T11160] Bluetooth: hci3: unexpected subevent 0x0a length: 150 > 30 [ 516.083962][T11160] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 516.094844][T11160] CPU: 0 PID: 11160 Comm: kworker/u5:0 Not tainted syzkaller #0 [ 516.102561][T11160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 516.112671][T11160] Workqueue: hci3 hci_rx_work [ 516.117453][T11160] Call Trace: [ 516.120771][T11160] [ 516.123761][T11160] dump_stack_lvl+0x18c/0x250 [ 516.128501][T11160] ? show_regs_print_info+0x20/0x20 [ 516.133741][T11160] ? load_image+0x420/0x420 [ 516.138307][T11160] sysfs_create_dir_ns+0x26e/0x2a0 [ 516.143476][T11160] ? sysfs_warn_dup+0xa0/0xa0 [ 516.148205][T11160] ? do_raw_spin_unlock+0x121/0x230 [ 516.153470][T11160] kobject_add_internal+0x61c/0xcc0 [ 516.158736][T11160] kobject_add+0x164/0x240 [ 516.163226][T11160] ? __rwlock_init+0x150/0x150 [ 516.168063][T11160] ? kobject_init+0x1e0/0x1e0 [ 516.172806][T11160] ? _raw_spin_unlock+0x28/0x40 [ 516.177716][T11160] ? get_device_parent+0x366/0x390 [ 516.182891][T11160] device_add+0x408/0xc50 [ 516.187288][T11160] hci_conn_add_sysfs+0xd5/0x1e0 [ 516.192328][T11160] le_conn_complete_evt+0xf5d/0x1540 [ 516.197680][T11160] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 516.203985][T11160] ? bt_info+0x180/0x180 [ 516.208302][T11160] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 516.213999][T11160] ? skb_pull_data+0xfb/0x200 [ 516.218743][T11160] hci_le_enh_conn_complete_evt+0x189/0x460 [ 516.224694][T11160] ? hci_le_remote_conn_param_req_evt+0xce0/0xce0 [ 516.231172][T11160] ? hci_remote_host_features_evt+0x150/0x150 [ 516.237297][T11160] hci_event_packet+0x7ba/0x1270 [ 516.242305][T11160] ? bis_list+0x290/0x290 [ 516.246699][T11160] ? lockdep_hardirqs_on+0x98/0x150 [ 516.251971][T11160] ? hci_send_to_monitor+0xd7/0x4f0 [ 516.257231][T11160] hci_rx_work+0x43a/0xd60 [ 516.261723][T11160] ? process_scheduled_works+0x96f/0x15d0 [ 516.267545][T11160] process_scheduled_works+0xa5d/0x15d0 [ 516.273186][T11160] ? worker_attach_to_pool+0x380/0x380 [ 516.278714][T11160] ? assign_work+0x3d2/0x5d0 [ 516.283368][T11160] worker_thread+0xa55/0xfc0 [ 516.288020][T11160] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 516.293980][T11160] ? _raw_spin_unlock+0x40/0x40 [ 516.298899][T11160] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 516.304872][T11160] kthread+0x2fa/0x390 [ 516.308994][T11160] ? pr_cont_work+0x560/0x560 [ 516.313736][T11160] ? kthread_blkcg+0xd0/0xd0 [ 516.318375][T11160] ret_from_fork+0x48/0x80 [ 516.322880][T11160] ? kthread_blkcg+0xd0/0xd0 [ 516.327534][T11160] ret_from_fork_asm+0x11/0x20 [ 516.332404][T11160] [ 516.341414][T11160] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 516.355391][T11160] Bluetooth: hci3: failed to register connection device [ 516.545936][T11190] netlink: 11254 bytes leftover after parsing attributes in process `syz.0.2085'. [ 516.571113][T11190] netlink: 'syz.0.2085': attribute type 7 has an invalid length. [ 516.591204][T11190] netlink: 11254 bytes leftover after parsing attributes in process `syz.0.2085'. [ 519.742363][T11205] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 519.801455][T11205] syzkaller0: entered promiscuous mode [ 519.827416][T11205] syzkaller0: entered allmulticast mode [ 519.916388][ T5771] Bluetooth: hci1: unexpected subevent 0x0a length: 150 > 30 [ 520.116246][T11214] netlink: 3890 bytes leftover after parsing attributes in process `syz.1.2094'. [ 520.181885][T11160] Bluetooth: hci2: unexpected subevent 0x0a length: 150 > 30 [ 520.190262][T11160] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0' [ 520.200801][T11160] CPU: 0 PID: 11160 Comm: kworker/u5:0 Not tainted syzkaller #0 [ 520.208502][T11160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 520.218608][T11160] Workqueue: hci2 hci_rx_work [ 520.223369][T11160] Call Trace: [ 520.226689][T11160] [ 520.229673][T11160] dump_stack_lvl+0x18c/0x250 [ 520.234412][T11160] ? show_regs_print_info+0x20/0x20 [ 520.239670][T11160] ? load_image+0x420/0x420 [ 520.244248][T11160] sysfs_create_dir_ns+0x26e/0x2a0 [ 520.249404][T11160] ? sysfs_warn_dup+0xa0/0xa0 [ 520.254109][T11160] ? do_raw_spin_unlock+0x121/0x230 [ 520.259350][T11160] kobject_add_internal+0x61c/0xcc0 [ 520.264584][T11160] kobject_add+0x164/0x240 [ 520.269063][T11160] ? __rwlock_init+0x150/0x150 [ 520.273864][T11160] ? kobject_init+0x1e0/0x1e0 [ 520.278568][T11160] ? _raw_spin_unlock+0x28/0x40 [ 520.283447][T11160] ? get_device_parent+0x366/0x390 [ 520.289296][T11160] device_add+0x408/0xc50 [ 520.293748][T11160] hci_conn_add_sysfs+0xd5/0x1e0 [ 520.298722][T11160] le_conn_complete_evt+0xf5d/0x1540 [ 520.304045][T11160] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 520.310314][T11160] ? bt_info+0x180/0x180 [ 520.314589][T11160] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 520.320269][T11160] ? skb_pull_data+0xfb/0x200 [ 520.324972][T11160] hci_le_enh_conn_complete_evt+0x189/0x460 [ 520.330893][T11160] ? hci_le_remote_conn_param_req_evt+0xce0/0xce0 [ 520.337336][T11160] ? hci_remote_host_features_evt+0x150/0x150 [ 520.343428][T11160] hci_event_packet+0x7ba/0x1270 [ 520.348402][T11160] ? bis_list+0x290/0x290 [ 520.352755][T11160] ? lockdep_hardirqs_on+0x98/0x150 [ 520.357985][T11160] ? hci_send_to_monitor+0xd7/0x4f0 [ 520.363214][T11160] hci_rx_work+0x43a/0xd60 [ 520.367679][T11160] ? process_scheduled_works+0x96f/0x15d0 [ 520.373428][T11160] process_scheduled_works+0xa5d/0x15d0 [ 520.379023][T11160] ? worker_attach_to_pool+0x380/0x380 [ 520.384516][T11160] ? assign_work+0x3d2/0x5d0 [ 520.389137][T11160] worker_thread+0xa55/0xfc0 [ 520.393757][T11160] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 520.399687][T11160] ? _raw_spin_unlock+0x40/0x40 [ 520.404565][T11160] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 520.410504][T11160] kthread+0x2fa/0x390 [ 520.414594][T11160] ? pr_cont_work+0x560/0x560 [ 520.419304][T11160] ? kthread_blkcg+0xd0/0xd0 [ 520.423915][T11160] ret_from_fork+0x48/0x80 [ 520.428359][T11160] ? kthread_blkcg+0xd0/0xd0 [ 520.432970][T11160] ret_from_fork_asm+0x11/0x20 [ 520.437775][T11160] [ 520.443933][T11160] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 520.458084][T11160] Bluetooth: hci2: failed to register connection device [ 520.752450][T11220] netlink: 15750 bytes leftover after parsing attributes in process `syz.1.2099'. [ 522.461308][T11228] netlink: 'syz.2.2102': attribute type 10 has an invalid length. [ 522.471646][T11228] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2102'. [ 522.482469][T11228] team0: entered promiscuous mode [ 522.494878][T11228] team_slave_0: entered promiscuous mode [ 522.507175][T11228] team_slave_1: entered promiscuous mode [ 522.520713][T11228] bond0: entered promiscuous mode [ 522.530592][T11228] bond_slave_0: entered promiscuous mode [ 522.553087][T11228] bond_slave_1: entered promiscuous mode [ 522.584854][T11228] team0: entered allmulticast mode [ 522.610179][T11228] team_slave_0: entered allmulticast mode [ 522.624484][T11228] team_slave_1: entered allmulticast mode [ 522.631602][T11228] bond0: entered allmulticast mode [ 522.647849][T11228] bond_slave_0: entered allmulticast mode [ 522.666522][T11228] bond_slave_1: entered allmulticast mode [ 522.737724][T11228] bridge0: port 3(team0) entered blocking state [ 522.820632][T11228] bridge0: port 3(team0) entered disabled state [ 523.098287][T11228] bridge0: port 3(team0) entered blocking state [ 523.106375][T11228] bridge0: port 3(team0) entered forwarding state [ 523.539692][ T5771] Bluetooth: hci0: unexpected subevent 0x0a length: 150 > 30 [ 523.703129][T11249] netlink: 15750 bytes leftover after parsing attributes in process `syz.2.2110'. [ 524.142526][T11255] netlink: 'syz.0.2120': attribute type 10 has an invalid length. [ 524.152946][T11255] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2120'. [ 524.163503][T11255] team0: entered promiscuous mode [ 524.170042][T11255] team_slave_0: entered promiscuous mode [ 524.180472][T11255] team_slave_1: entered promiscuous mode [ 524.186890][T11255] bond0: entered promiscuous mode [ 524.205435][T11255] bond_slave_0: entered promiscuous mode [ 524.213744][T11255] bond_slave_1: entered promiscuous mode [ 524.221416][T11255] bridge_slave_1: entered promiscuous mode [ 524.230392][T11255] team0: entered allmulticast mode [ 524.235859][T11255] team_slave_0: entered allmulticast mode [ 524.242602][T11255] team_slave_1: entered allmulticast mode [ 524.249083][T11255] bond0: entered allmulticast mode [ 524.254644][T11255] bond_slave_0: entered allmulticast mode [ 524.260946][T11255] bond_slave_1: entered allmulticast mode [ 524.267126][T11255] bridge_slave_1: entered allmulticast mode [ 524.283219][T11255] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 524.330622][T11261] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 524.355215][T11261] syzkaller0: entered promiscuous mode [ 524.361949][T11261] syzkaller0: entered allmulticast mode [ 526.978246][T11160] Bluetooth: hci0: unknown advertising packet type: 0x20 [ 527.033846][T11160] Bluetooth: hci1: unexpected subevent 0x0a length: 150 > 30 [ 527.186057][T11288] netlink: 'syz.3.2124': attribute type 10 has an invalid length. [ 527.222110][T11288] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2124'. [ 527.236902][T11288] team0: entered promiscuous mode [ 527.244254][T11288] team_slave_0: entered promiscuous mode [ 527.252942][T11288] team_slave_1: entered promiscuous mode [ 527.260464][T11288] bond0: entered promiscuous mode [ 527.265869][T11288] bond_slave_0: entered promiscuous mode [ 527.272873][T11288] bond_slave_1: entered promiscuous mode [ 527.281006][T11288] team0: entered allmulticast mode [ 527.286762][T11288] team_slave_0: entered allmulticast mode [ 527.293939][T11288] team_slave_1: entered allmulticast mode [ 527.300414][T11288] bond0: entered allmulticast mode [ 527.305723][T11288] bond_slave_0: entered allmulticast mode [ 527.312213][T11288] bond_slave_1: entered allmulticast mode [ 527.326545][T11288] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 527.587249][T11295] netlink: 3890 bytes leftover after parsing attributes in process `syz.3.2125'. [ 527.611578][T11160] Bluetooth: hci1: unknown advertising packet type: 0x20 [ 528.239868][T11310] netlink: 15750 bytes leftover after parsing attributes in process `syz.0.2131'. [ 528.385999][T11315] netlink: 'syz.1.2135': attribute type 10 has an invalid length. [ 528.395038][T11315] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2135'. [ 528.408574][T11315] team0: entered promiscuous mode [ 528.414030][T11315] team_slave_0: entered promiscuous mode [ 528.423069][T11315] team_slave_1: entered promiscuous mode [ 528.430466][T11315] bond0: entered promiscuous mode [ 528.437068][T11315] bond_slave_0: entered promiscuous mode [ 528.445318][T11315] bond_slave_1: entered promiscuous mode [ 528.465234][T11315] team0: entered allmulticast mode [ 528.471973][T11315] team_slave_0: entered allmulticast mode [ 528.492171][T11315] team_slave_1: entered allmulticast mode [ 528.514400][T11315] bond0: entered allmulticast mode [ 528.520436][T11315] bond_slave_0: entered allmulticast mode [ 528.526683][T11315] bond_slave_1: entered allmulticast mode [ 528.540538][T11315] bridge_slave_1: entered allmulticast mode [ 528.562675][T11315] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 529.039094][T11324] Dead loop on virtual device ip6_vti0, fix it urgently! [ 529.100574][T11160] Bluetooth: hci0: unexpected event 0x04 length: 15 > 10 [ 529.100611][T11160] Bluetooth: unknown link type 101 [ 529.112022][T11330] netlink: 3890 bytes leftover after parsing attributes in process `syz.2.2140'. [ 529.113579][T11160] Bluetooth: hci0: connection err: -111 [ 529.135442][T11160] Bluetooth: hci2: unknown advertising packet type: 0x20 [ 530.150479][T11160] Bluetooth: hci3: unexpected event 0x04 length: 15 > 10 [ 530.157732][T11160] Bluetooth: unknown link type 101 [ 530.170408][T11160] Bluetooth: hci3: connection err: -111 [ 530.312235][T11160] Bluetooth: hci3: unknown advertising packet type: 0x20 [ 531.011435][T11366] netlink: 3890 bytes leftover after parsing attributes in process `syz.0.2157'. [ 531.384039][T11375] netlink: 'syz.1.2158': attribute type 10 has an invalid length. [ 531.407602][T11375] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2158'. [ 531.428976][T11375] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 531.619353][T11377] netlink: 64859 bytes leftover after parsing attributes in process `syz.0.2159'. [ 531.659310][T11377] netlink: 'syz.0.2159': attribute type 10 has an invalid length. [ 531.711485][T11379] netlink: 'syz.1.2160': attribute type 2 has an invalid length. [ 531.721267][T11379] netlink: 'syz.1.2160': attribute type 4 has an invalid length. [ 531.729284][T11379] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2160'. [ 532.141532][T11160] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10 [ 532.141569][T11160] Bluetooth: unknown link type 101 [ 532.158836][T11160] Bluetooth: hci2: connection err: -111 [ 532.284552][T11397] netlink: 3890 bytes leftover after parsing attributes in process `syz.3.2169'. [ 532.517692][T11405] raw_sendmsg: syz.1.2171 forgot to set AF_INET. Fix it! [ 532.935928][T11160] Bluetooth: hci3: Malformed LE Event: 0x0d [ 533.671915][T11160] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10 [ 533.671953][T11160] Bluetooth: unknown link type 101 [ 533.684532][T11160] Bluetooth: hci1: connection err: -111 [ 533.800011][T11430] netlink: 3890 bytes leftover after parsing attributes in process `syz.1.2180'. [ 534.572336][T11446] sock: sock_set_timeout: `syz.3.2189' (pid 11446) tries to set negative timeout [ 534.590142][T11445] Dead loop on virtual device ip6_vti0, fix it urgently! [ 536.306236][T11475] syz.3.2200: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 536.378786][T11475] CPU: 1 PID: 11475 Comm: syz.3.2200 Not tainted syzkaller #0 [ 536.386361][T11475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 536.396496][T11475] Call Trace: [ 536.399839][T11475] [ 536.402833][T11475] dump_stack_lvl+0x18c/0x250 [ 536.407597][T11475] ? show_regs_print_info+0x20/0x20 [ 536.412895][T11475] ? load_image+0x420/0x420 [ 536.417499][T11475] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 536.424019][T11475] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 536.430907][T11475] warn_alloc+0x246/0x340 [ 536.435342][T11475] ? stack_trace_save+0xaa/0x100 [ 536.440375][T11475] ? zone_watermark_ok_safe+0x230/0x230 [ 536.446136][T11475] ? kasan_set_track+0x5f/0x70 [ 536.451072][T11475] ? kasan_set_track+0x4e/0x70 [ 536.455918][T11475] ? __kasan_kmalloc+0x8f/0xa0 [ 536.460745][T11475] ? xsk_init_queue+0xad/0x100 [ 536.465577][T11475] ? xsk_setsockopt+0x4e5/0x760 [ 536.470504][T11475] ? do_sock_setsockopt+0x175/0x1a0 [ 536.475756][T11475] ? __x64_sys_setsockopt+0x182/0x200 [ 536.481186][T11475] __vmalloc_node_range+0x126/0x1330 [ 536.486591][T11475] ? free_vm_area+0x50/0x50 [ 536.491263][T11475] vmalloc_user+0x74/0x80 [ 536.495773][T11475] ? xskq_create+0xbf/0x170 [ 536.500332][T11475] xskq_create+0xbf/0x170 [ 536.504734][T11475] xsk_init_queue+0xad/0x100 [ 536.509389][T11475] xsk_setsockopt+0x4e5/0x760 [ 536.514127][T11475] ? xsk_poll+0x680/0x680 [ 536.518514][T11475] ? __fget_files+0x28/0x4b0 [ 536.523179][T11475] ? __fget_files+0x28/0x4b0 [ 536.527823][T11475] ? aa_sock_opt_perm+0x74/0x100 [ 536.532804][T11475] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 536.538396][T11475] ? security_socket_setsockopt+0x7e/0xa0 [ 536.544156][T11475] ? xsk_poll+0x680/0x680 [ 536.548539][T11475] do_sock_setsockopt+0x175/0x1a0 [ 536.553600][T11475] ? __fdget+0x180/0x210 [ 536.557894][T11475] __x64_sys_setsockopt+0x182/0x200 [ 536.563140][T11475] do_syscall_64+0x55/0xb0 [ 536.567619][T11475] ? clear_bhb_loop+0x40/0x90 [ 536.572365][T11475] ? clear_bhb_loop+0x40/0x90 [ 536.577120][T11475] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 536.583065][T11475] RIP: 0033:0x7f86aad9ce59 [ 536.587532][T11475] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 536.607200][T11475] RSP: 002b:00007f86abbf5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 536.615659][T11475] RAX: ffffffffffffffda RBX: 00007f86ab015fa0 RCX: 00007f86aad9ce59 [ 536.623667][T11475] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005 [ 536.631671][T11475] RBP: 00007f86aae32d6f R08: 0000000000000004 R09: 0000000000000000 [ 536.639770][T11475] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 536.647780][T11475] R13: 00007f86ab016038 R14: 00007f86ab015fa0 R15: 00007fffa9488708 [ 536.655814][T11475] [ 536.667765][T11475] Mem-Info: [ 536.677574][T11475] active_anon:12520 inactive_anon:0 isolated_anon:0 [ 536.677574][T11475] active_file:18492 inactive_file:40118 isolated_file:0 [ 536.677574][T11475] unevictable:768 dirty:221 writeback:0 [ 536.677574][T11475] slab_reclaimable:10514 slab_unreclaimable:96367 [ 536.677574][T11475] mapped:23996 shmem:1361 pagetables:521 [ 536.677574][T11475] sec_pagetables:0 bounce:0 [ 536.677574][T11475] kernel_misc_reclaimable:0 [ 536.677574][T11475] free:1333647 free_pcp:11840 free_cma:0 [ 536.740787][T11475] Node 0 active_anon:50180kB inactive_anon:0kB active_file:73968kB inactive_file:160268kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:95984kB dirty:884kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10508kB pagetables:2084kB sec_pagetables:0kB all_unreclaimable? no [ 536.784867][T11475] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 536.823428][T11475] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 536.851753][T11475] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 536.882905][T11475] Node 0 DMA32 free:1420932kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:50244kB inactive_anon:0kB active_file:73968kB inactive_file:159440kB unevictable:1536kB writepending:884kB present:3129332kB managed:2586944kB mlocked:0kB bounce:0kB free_pcp:30948kB local_pcp:13964kB free_cma:0kB [ 536.962172][T11475] lowmem_reserve[]: 0 0 0 0 0 [ 536.975077][T11475] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:828kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 537.008813][T11475] lowmem_reserve[]: 0 0 0 0 0 [ 537.013860][T11475] Node 1 Normal free:3898296kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:16096kB local_pcp:9696kB free_cma:0kB [ 537.052403][T11475] lowmem_reserve[]: 0 0 0 0 0 [ 537.057448][T11475] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 537.075109][T11475] Node 0 DMA32: 857*4kB (UME) 480*8kB (UME) 472*16kB (UM) 460*32kB (M) 527*64kB (UME) 129*128kB (UME) 58*256kB (UME) 38*512kB (UME) 22*1024kB (UME) 9*2048kB (UM) 309*4096kB (UM) = 1420708kB [ 537.109805][T11475] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 537.137403][T11475] Node 1 Normal: 224*4kB (UME) 53*8kB (UME) 41*16kB (UME) 124*32kB (UME) 36*64kB (UE) 15*128kB (UME) 2*256kB (UE) 1*512kB (M) 2*1024kB (UE) 1*2048kB (E) 948*4096kB (M) = 3898296kB [ 537.197661][T11475] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 537.238087][T11475] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 537.262246][T11475] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 537.303125][T11475] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 537.331657][T11475] 59971 total pagecache pages [ 537.344950][T11475] 0 pages in swap cache [ 537.355731][T11475] Free swap = 124996kB [ 537.367217][T11475] Total swap = 124996kB [ 537.378359][T11475] 2097051 pages RAM [ 537.385874][T11475] 0 pages HighMem/MovableOnly [ 537.405333][T11475] 416929 pages reserved [ 537.418551][T11475] 0 pages cma reserved [ 538.713158][T11495] Dead loop on virtual device ip6_vti0, fix it urgently! [ 538.937403][T11502] vcan0: entered allmulticast mode [ 538.956105][T11502] netlink: 'syz.2.2210': attribute type 10 has an invalid length. [ 539.097808][T11160] Bluetooth: hci0: Malformed LE Event: 0x0d [ 539.884326][T11502] veth0_macvtap: left promiscuous mode [ 541.255969][T11526] netlink: 'syz.2.2221': attribute type 9 has an invalid length. [ 541.267768][T11526] netlink: 154020 bytes leftover after parsing attributes in process `syz.2.2221'. [ 541.306216][T11526] netlink: 'syz.2.2221': attribute type 4 has an invalid length. [ 541.336101][T11526] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2221'. [ 541.385972][T11526] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 544.184496][T11564] Dead loop on virtual device ip6_vti0, fix it urgently! [ 544.357408][T11568] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.2235'. [ 544.388399][T11568] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.2235'. [ 544.419066][T11562] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.2235'. [ 544.468473][T11568] netlink: 4083 bytes leftover after parsing attributes in process `syz.2.2235'. [ 544.938161][T11579] vcan0: entered allmulticast mode [ 544.964948][ T59] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 544.988594][T11579] netlink: 'syz.3.2240': attribute type 10 has an invalid length. [ 545.090918][T11579] veth0_macvtap: left promiscuous mode [ 545.829645][T11596] Dead loop on virtual device ip6_vti0, fix it urgently! [ 546.441257][T11615] netlink: 'syz.3.2256': attribute type 9 has an invalid length. [ 546.449187][T11615] netlink: 154020 bytes leftover after parsing attributes in process `syz.3.2256'. [ 546.493507][T11615] netlink: 'syz.3.2256': attribute type 4 has an invalid length. [ 546.524519][T11615] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2256'. [ 546.547010][T11615] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 546.581660][T11619] vcan0: entered allmulticast mode [ 546.606548][T11619] netlink: 'syz.1.2255': attribute type 10 has an invalid length. [ 546.620392][T11619] veth0_macvtap: left promiscuous mode [ 547.181481][T11626] warn_alloc: 4 callbacks suppressed [ 547.181500][T11626] syz.0.2258: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 547.212415][T11626] CPU: 0 PID: 11626 Comm: syz.0.2258 Not tainted syzkaller #0 [ 547.219988][T11626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 547.230110][T11626] Call Trace: [ 547.233451][T11626] [ 547.236439][T11626] dump_stack_lvl+0x18c/0x250 [ 547.241193][T11626] ? show_regs_print_info+0x20/0x20 [ 547.246463][T11626] ? load_image+0x420/0x420 [ 547.251049][T11626] ? __rcu_read_unlock+0x7c/0xd0 [ 547.256058][T11626] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 547.262546][T11626] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 547.269140][T11626] warn_alloc+0x246/0x340 [ 547.273560][T11626] ? stack_trace_save+0xaa/0x100 [ 547.278580][T11626] ? zone_watermark_ok_safe+0x230/0x230 [ 547.284226][T11626] ? kasan_set_track+0x5f/0x70 [ 547.289058][T11626] ? kasan_set_track+0x4e/0x70 [ 547.293892][T11626] ? __kasan_kmalloc+0x8f/0xa0 [ 547.298727][T11626] ? xsk_init_queue+0xad/0x100 [ 547.303576][T11626] ? xsk_setsockopt+0x4e5/0x760 [ 547.308500][T11626] ? do_sock_setsockopt+0x175/0x1a0 [ 547.313767][T11626] ? __x64_sys_setsockopt+0x182/0x200 [ 547.319212][T11626] __vmalloc_node_range+0x126/0x1330 [ 547.324636][T11626] ? free_vm_area+0x50/0x50 [ 547.329240][T11626] vmalloc_user+0x74/0x80 [ 547.333646][T11626] ? xskq_create+0xbf/0x170 [ 547.338229][T11626] xskq_create+0xbf/0x170 [ 547.342653][T11626] xsk_init_queue+0xad/0x100 [ 547.347322][T11626] xsk_setsockopt+0x4e5/0x760 [ 547.352076][T11626] ? xsk_poll+0x680/0x680 [ 547.356492][T11626] ? __fget_files+0x28/0x4b0 [ 547.361156][T11626] ? __fget_files+0x28/0x4b0 [ 547.365816][T11626] ? aa_sock_opt_perm+0x74/0x100 [ 547.370825][T11626] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 547.376437][T11626] ? security_socket_setsockopt+0x7e/0xa0 [ 547.382230][T11626] ? xsk_poll+0x680/0x680 [ 547.386639][T11626] do_sock_setsockopt+0x175/0x1a0 [ 547.391742][T11626] ? __fdget+0x180/0x210 [ 547.396066][T11626] __x64_sys_setsockopt+0x182/0x200 [ 547.401350][T11626] do_syscall_64+0x55/0xb0 [ 547.405831][T11626] ? clear_bhb_loop+0x40/0x90 [ 547.410586][T11626] ? clear_bhb_loop+0x40/0x90 [ 547.415336][T11626] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 547.421293][T11626] RIP: 0033:0x7fea2439ce59 [ 547.425773][T11626] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 547.445453][T11626] RSP: 002b:00007fea225f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 547.453948][T11626] RAX: ffffffffffffffda RBX: 00007fea24615fa0 RCX: 00007fea2439ce59 [ 547.461985][T11626] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005 [ 547.470021][T11626] RBP: 00007fea24432d6f R08: 0000000000000004 R09: 0000000000000000 [ 547.478056][T11626] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 547.486085][T11626] R13: 00007fea24616038 R14: 00007fea24615fa0 R15: 00007ffc16e62a48 [ 547.494160][T11626] [ 547.564337][T11626] Mem-Info: [ 547.577556][T11626] active_anon:12577 inactive_anon:0 isolated_anon:0 [ 547.577556][T11626] active_file:18492 inactive_file:40122 isolated_file:0 [ 547.577556][T11626] unevictable:768 dirty:170 writeback:0 [ 547.577556][T11626] slab_reclaimable:10498 slab_unreclaimable:97321 [ 547.577556][T11626] mapped:24059 shmem:1361 pagetables:563 [ 547.577556][T11626] sec_pagetables:0 bounce:0 [ 547.577556][T11626] kernel_misc_reclaimable:0 [ 547.577556][T11626] free:1338438 free_pcp:7540 free_cma:0 [ 547.643155][T11626] Node 0 active_anon:50308kB inactive_anon:0kB active_file:73968kB inactive_file:160284kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:96236kB dirty:580kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10544kB pagetables:2252kB sec_pagetables:0kB all_unreclaimable? no [ 547.676519][T11626] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 547.710214][T11626] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 547.745782][T11626] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 547.754105][T11626] Node 0 DMA32 free:1439856kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:50272kB inactive_anon:0kB active_file:73968kB inactive_file:159456kB unevictable:1536kB writepending:380kB present:3129332kB managed:2586944kB mlocked:0kB bounce:0kB free_pcp:14812kB local_pcp:2064kB free_cma:0kB [ 547.789836][T11626] lowmem_reserve[]: 0 0 0 0 0 [ 547.794814][T11626] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:828kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 547.826348][T11626] lowmem_reserve[]: 0 0 0 0 0 [ 547.832330][T11626] Node 1 Normal free:3898296kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:16096kB local_pcp:9696kB free_cma:0kB [ 547.872486][T11626] lowmem_reserve[]: 0 0 0 0 0 [ 547.878031][T11626] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 547.895386][T11626] Node 0 DMA32: 2238*4kB (UME) 1159*8kB (UME) 944*16kB (UME) 806*32kB (UME) 362*64kB (UME) 130*128kB (UME) 58*256kB (UME) 38*512kB (UME) 22*1024kB (UME) 9*2048kB (UM) 309*4096kB (UM) = 1439856kB [ 547.919782][T11626] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 547.934857][T11626] Node 1 Normal: 224*4kB (UME) 53*8kB (UME) 41*16kB (UME) 124*32kB (UME) 36*64kB (UE) 15*128kB (UME) 2*256kB (UE) 1*512kB (M) 2*1024kB (UE) 1*2048kB (E) 948*4096kB (M) = 3898296kB [ 547.958180][T11626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 547.975816][T11626] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 547.990404][T11626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 548.010198][T11626] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 548.028074][T11626] 59975 total pagecache pages [ 548.043271][T11626] 0 pages in swap cache [ 548.052106][T11626] Free swap = 124996kB [ 548.066002][T11626] Total swap = 124996kB [ 548.074128][T11626] 2097051 pages RAM [ 548.085411][T11626] 0 pages HighMem/MovableOnly [ 548.091214][T11626] 416929 pages reserved [ 548.095578][T11626] 0 pages cma reserved [ 549.922982][T11647] netlink: 'syz.1.2268': attribute type 9 has an invalid length. [ 549.935045][T11647] netlink: 154020 bytes leftover after parsing attributes in process `syz.1.2268'. [ 549.978940][T11647] netlink: 'syz.1.2268': attribute type 4 has an invalid length. [ 549.997886][T11647] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2268'. [ 550.047313][T11647] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 551.976554][T11687] netlink: 'syz.0.2280': attribute type 9 has an invalid length. [ 551.986482][T11687] netlink: 154020 bytes leftover after parsing attributes in process `syz.0.2280'. [ 552.018774][T11687] netlink: 'syz.0.2280': attribute type 4 has an invalid length. [ 552.055154][T11687] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2280'. [ 552.106179][T11687] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 553.279177][T11700] netlink: 'syz.3.2291': attribute type 10 has an invalid length. [ 553.822957][T11700] bridge_slave_1: entered promiscuous mode [ 553.855434][T11700] bridge_slave_1: entered allmulticast mode [ 554.023847][T11700] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 554.483258][T11705] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.2289'. [ 554.559084][T11705] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.2289'. [ 554.679291][T11708] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.2289'. [ 554.729503][T11713] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.2289'. [ 554.788463][T11721] netlink: 'syz.0.2295': attribute type 9 has an invalid length. [ 554.810013][T11721] netlink: 154020 bytes leftover after parsing attributes in process `syz.0.2295'. [ 554.881768][T11721] netlink: 'syz.0.2295': attribute type 4 has an invalid length. [ 554.922918][T11721] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2295'. [ 554.951133][T11721] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 556.608854][T11738] netlink: 'syz.3.2301': attribute type 21 has an invalid length. [ 556.997784][T11743] netlink: 9275 bytes leftover after parsing attributes in process `syz.0.2303'. [ 558.458883][T11763] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.2305'. [ 558.548715][T11763] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.2305'. [ 558.600176][T11758] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.2305'. [ 558.686478][T11766] netlink: 4083 bytes leftover after parsing attributes in process `syz.3.2305'. [ 560.191393][T11771] netlink: 'syz.2.2309': attribute type 10 has an invalid length. [ 560.203105][T11771] bridge0: port 2(bridge_slave_1) entered disabled state [ 560.226894][T11771] bridge_slave_1: left allmulticast mode [ 560.232787][T11771] bridge_slave_1: left promiscuous mode [ 560.239324][T11771] bridge0: port 2(bridge_slave_1) entered disabled state [ 560.271400][T11771] bridge_slave_1: entered promiscuous mode [ 560.287760][T11771] bridge_slave_1: entered allmulticast mode [ 560.294978][T11771] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 562.855745][T11817] netlink: 'syz.0.2326': attribute type 10 has an invalid length. [ 563.048149][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.059717][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 566.639452][T11844] netlink: 'syz.1.2337': attribute type 10 has an invalid length. [ 571.926537][T11875] syzkaller0: entered promiscuous mode [ 571.932291][T11875] syzkaller0: entered allmulticast mode [ 574.496954][T11896] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2355'. [ 574.646332][T11901] netlink: 9275 bytes leftover after parsing attributes in process `syz.3.2358'. [ 575.026710][T11911] syzkaller0: entered promiscuous mode [ 575.055615][T11911] syzkaller0: entered allmulticast mode [ 577.881447][T11948] netlink: 208064 bytes leftover after parsing attributes in process `syz.2.2369'. [ 579.289466][T11965] netlink: 'syz.2.2378': attribute type 21 has an invalid length. [ 579.473507][T11961] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2376'. [ 579.816824][T11970] syzkaller0: entered promiscuous mode [ 579.832777][T11970] syzkaller0: entered allmulticast mode [ 582.095936][T11995] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2387'. [ 582.613150][T12008] netlink: 208064 bytes leftover after parsing attributes in process `syz.0.2393'. [ 584.227302][T12032] netlink: 9275 bytes leftover after parsing attributes in process `syz.2.2401'. [ 585.810375][T12039] syzkaller0: entered promiscuous mode [ 585.816176][T12039] syzkaller0: entered allmulticast mode [ 589.349435][T12068] netlink: 9275 bytes leftover after parsing attributes in process `syz.1.2413'. [ 593.588967][T12092] netlink: 'syz.3.2424': attribute type 29 has an invalid length. [ 593.601315][T12092] netlink: 'syz.3.2424': attribute type 29 has an invalid length. [ 593.704744][T12098] netlink: 9275 bytes leftover after parsing attributes in process `syz.0.2427'. [ 594.044070][T12107] delete_channel: no stack [ 600.828948][T12141] syzkaller0: entered promiscuous mode [ 600.834507][T12141] syzkaller0: entered allmulticast mode [ 600.858581][T12148] netlink: 'syz.2.2445': attribute type 9 has an invalid length. [ 600.866404][T12148] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2445'. [ 600.884492][T12145] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 600.892768][T12145] IPv6: NLM_F_CREATE should be set when creating new route [ 600.901355][T12145] IPv6: NLM_F_CREATE should be set when creating new route [ 600.909129][T12145] IPv6: NLM_F_CREATE should be set when creating new route [ 606.103360][T12149] netlink: 'syz.2.2445': attribute type 9 has an invalid length. [ 606.117836][T12149] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2445'. [ 607.182515][T12173] netlink: 9275 bytes leftover after parsing attributes in process `syz.1.2454'. [ 607.259807][T12175] syzkaller0: entered promiscuous mode [ 607.265497][T12175] syzkaller0: entered allmulticast mode [ 614.933207][T12228] netlink: 9275 bytes leftover after parsing attributes in process `syz.1.2469'. [ 618.522853][T12252] netlink: 9275 bytes leftover after parsing attributes in process `syz.0.2483'. [ 618.645871][T12255] syzkaller0: entered promiscuous mode [ 618.652348][T12255] syzkaller0: entered allmulticast mode [ 624.067144][T12275] netlink: 'syz.0.2482': attribute type 2 has an invalid length. [ 624.075486][T12275] netlink: 'syz.0.2482': attribute type 11 has an invalid length. [ 624.093226][T12275] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2482'. [ 624.106328][T12273] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 624.113987][T12273] IPv6: NLM_F_CREATE should be set when creating new route [ 624.121717][T12273] IPv6: NLM_F_CREATE should be set when creating new route [ 624.129374][T12273] IPv6: NLM_F_CREATE should be set when creating new route [ 624.149805][T12276] netlink: 'syz.3.2481': attribute type 9 has an invalid length. [ 624.157960][T12276] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.2481'. [ 624.282067][T12273] netlink: 'syz.3.2481': attribute type 9 has an invalid length. [ 624.328501][T12273] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.2481'. [ 624.498107][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.504595][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.165584][T12296] netlink: 'syz.1.2491': attribute type 1 has an invalid length. [ 625.177311][T12296] netlink: 112860 bytes leftover after parsing attributes in process `syz.1.2491'. [ 625.187264][T12296] netlink: 9 bytes leftover after parsing attributes in process `syz.1.2491'. [ 628.304627][T12309] netlink: 16399 bytes leftover after parsing attributes in process `syz.3.2495'. [ 628.377293][T12303] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 628.384951][T12303] IPv6: NLM_F_CREATE should be set when creating new route [ 628.392938][T12303] IPv6: NLM_F_CREATE should be set when creating new route [ 628.400668][T12303] IPv6: NLM_F_CREATE should be set when creating new route [ 628.412492][T12310] netlink: 'syz.0.2501': attribute type 9 has an invalid length. [ 628.471158][T12310] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2501'. [ 628.581482][T12303] netlink: 'syz.0.2501': attribute type 9 has an invalid length. [ 628.601475][T12303] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2501'. [ 629.340021][T12326] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 629.347683][T12326] IPv6: NLM_F_CREATE should be set when creating new route [ 629.355866][T12326] IPv6: NLM_F_CREATE should be set when creating new route [ 629.363736][T12326] IPv6: NLM_F_CREATE should be set when creating new route [ 629.527126][T12326] netlink: 'syz.1.2508': attribute type 9 has an invalid length. [ 629.579003][T12326] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2508'. [ 631.117739][ T8903] page_pool_release_retry() stalled pool shutdown 1 inflight 60 sec [ 632.379597][T12332] netlink: 'syz.1.2508': attribute type 9 has an invalid length. [ 632.399352][T12332] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2508'. [ 633.154213][T12353] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 633.187321][T12353] netlink: 'syz.1.2516': attribute type 9 has an invalid length. [ 633.196853][T12353] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2516'. [ 634.218841][T12358] netlink: 'syz.1.2516': attribute type 9 has an invalid length. [ 634.226642][T12358] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2516'. [ 634.308286][T12365] syzkaller0: entered promiscuous mode [ 634.315288][T12365] syzkaller0: entered allmulticast mode [ 636.324374][T12375] netlink: 'syz.1.2513': attribute type 10 has an invalid length. [ 636.402944][T12375] team_slave_0: left promiscuous mode [ 636.409049][T12375] team_slave_0: left allmulticast mode [ 636.433051][T12375] team0 (unregistering): Port device team_slave_0 removed [ 636.449192][T12375] team_slave_1: left promiscuous mode [ 636.457654][T12375] team_slave_1: left allmulticast mode [ 636.477108][T12375] team0 (unregistering): Port device team_slave_1 removed [ 636.492689][T12375] bond0: left promiscuous mode [ 636.498232][T12375] bond_slave_0: left promiscuous mode [ 636.503892][T12375] bond_slave_1: left promiscuous mode [ 636.511120][T12375] bond0: left allmulticast mode [ 636.516038][T12375] bond_slave_0: left allmulticast mode [ 636.522059][T12375] bond_slave_1: left allmulticast mode [ 636.530549][T12375] bridge_slave_1: left allmulticast mode [ 636.590918][T12375] team0 (unregistering): Port device bond0 removed [ 637.879408][T12401] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 637.937292][T12401] netlink: 'syz.1.2523': attribute type 9 has an invalid length. [ 637.974297][T12401] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2523'. [ 638.228782][T12406] netlink: 'syz.1.2523': attribute type 9 has an invalid length. [ 638.236728][T12406] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2523'. [ 639.514607][T12405] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.2526'. [ 639.611503][T12411] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 639.795939][T12419] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2531'. [ 639.827836][T12419] openvswitch: netlink: Key type 4112 is out of range max 32 [ 640.999034][T12432] syzkaller0: entered promiscuous mode [ 641.054708][T12432] syzkaller0: entered allmulticast mode [ 641.196729][T12442] netlink: 'syz.2.2539': attribute type 9 has an invalid length. [ 641.275127][T12442] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2539'. [ 643.523862][ T8900] page_pool_release_retry() stalled pool shutdown 1 inflight 60 sec [ 643.592192][T12440] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 643.699512][T12445] netlink: 'syz.2.2539': attribute type 9 has an invalid length. [ 643.707328][T12445] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2539'. [ 646.676434][T12495] netlink: 763 bytes leftover after parsing attributes in process `syz.2.2558'. [ 648.624883][T12524] netlink: 'syz.2.2568': attribute type 9 has an invalid length. [ 648.648642][T12524] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2568'. [ 648.879248][ T8903] page_pool_release_retry() stalled pool shutdown 1 inflight 60 sec [ 649.378580][T12527] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2571'. [ 650.112218][T12546] team_slave_0: left promiscuous mode [ 650.121932][T12546] team_slave_0: left allmulticast mode [ 650.146663][T12546] team0: Port device team_slave_0 removed [ 652.108441][T12578] netlink: 'syz.2.2594': attribute type 10 has an invalid length. [ 652.182427][T12578] dummy0: entered promiscuous mode [ 652.198021][T12578] dummy0: entered allmulticast mode [ 652.204416][T12578] team0: Port device dummy0 added [ 652.233995][T12577] netdevsim netdevsim2 ÿÿÿÿÿÿ: renamed from netdevsim0 [ 652.485572][T12584] syzkaller0: entered promiscuous mode [ 652.500787][T12584] syzkaller0: entered allmulticast mode [ 653.232607][T12597] netlink: 203516 bytes leftover after parsing attributes in process `syz.1.2601'. [ 653.271634][T12597] netlink: del zone limit has 8 unknown bytes [ 653.511567][T11160] Bluetooth: hci1: unknown advertising packet type: 0x20 [ 655.336070][T12609] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.2605'. [ 655.353004][T12609] netlink: 6324 bytes leftover after parsing attributes in process `syz.2.2605'. [ 655.362283][T12609] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2605'. [ 655.884104][T12623] syzkaller0: entered promiscuous mode [ 655.918328][T12623] syzkaller0: entered allmulticast mode [ 656.211536][T12642] sock: sock_set_timeout: `syz.0.2617' (pid 12642) tries to set negative timeout [ 658.367134][T11160] Bluetooth: hci2: unexpected subevent 0x0c length: 150 > 5 [ 658.647995][T12654] syzkaller0: entered promiscuous mode [ 658.653578][T12654] syzkaller0: entered allmulticast mode [ 661.481520][T12690] netlink: 'syz.1.2638': attribute type 2 has an invalid length. [ 661.716164][T12690] netlink: 'syz.1.2638': attribute type 8 has an invalid length. [ 661.794535][T12690] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2638'. [ 662.493605][T12696] netlink: 4595 bytes leftover after parsing attributes in process `syz.2.2641'. [ 663.121048][T12710] delete_channel: no stack [ 666.829195][T12726] syz.1.2655 uses obsolete (PF_INET,SOCK_PACKET) [ 667.505759][T12737] netlink: 121460 bytes leftover after parsing attributes in process `syz.3.2659'. [ 667.532856][T12737] netlink: 21068 bytes leftover after parsing attributes in process `syz.3.2659'. [ 667.551079][T12737] tipc: Started in network mode [ 667.562186][T12737] tipc: Node identity b, cluster identity 73 [ 667.607874][T12737] tipc: Node number set to 11 [ 668.387860][T11160] Bluetooth: hci3: unexpected subevent 0x0a length: 150 > 30 [ 668.395413][T11160] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 668.441702][T12750] delete_channel: no stack [ 668.477796][ T8904] page_pool_release_retry() stalled pool shutdown 1 inflight 60 sec [ 673.070862][T12790] netlink: 'syz.0.2682': attribute type 10 has an invalid length. [ 674.532257][T12790] geneve0: entered promiscuous mode [ 674.551297][T12790] geneve0: entered allmulticast mode [ 674.570959][T12790] bond0: (slave geneve0): Enslaving as an active interface with an up link [ 674.765720][T12796] syzkaller0: entered promiscuous mode [ 674.790731][T12796] syzkaller0: entered allmulticast mode [ 679.420688][T12836] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2700'. [ 679.713187][T11160] Bluetooth: hci3: unexpected subevent 0x0a length: 150 > 30 [ 680.417176][T12856] netlink: 'syz.3.2708': attribute type 1 has an invalid length. [ 680.452960][T12856] netlink: 'syz.3.2708': attribute type 4 has an invalid length. [ 680.496564][T12856] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.2708'. [ 681.757709][T11160] Bluetooth: hci3: command 0x0406 tx timeout [ 684.872116][T12894] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 685.237803][T12900] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 685.966355][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.973557][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.315769][T12918] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 687.041602][T12923] netlink: 'syz.3.2731': attribute type 153 has an invalid length. [ 687.051754][T12923] netlink: 128124 bytes leftover after parsing attributes in process `syz.3.2731'. [ 687.618854][T12934] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 687.662382][ T11] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:bb [ 687.695678][ T11] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:bb [ 687.786524][T12938] syzkaller0: entered promiscuous mode [ 687.806255][T12938] syzkaller0: entered allmulticast mode [ 687.936228][T12941] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2737'. [ 687.981191][T12941] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2737'. [ 688.037775][T12941] bridge_slave_0: entered allmulticast mode [ 688.057173][T12941] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2737'. [ 689.554503][T11160] Bluetooth: hci3: Malformed LE Event: 0x0d [ 692.007871][T11160] Bluetooth: hci3: unexpected subevent 0x0e length: 150 > 15 [ 692.637738][T11160] Bluetooth: hci0: unexpected subevent 0x0c length: 150 > 5 [ 693.737903][T11160] Bluetooth: hci2: unexpected event 0x04 length: 151 > 10 [ 694.505242][T13042] netlink: 209820 bytes leftover after parsing attributes in process `syz.1.2772'. [ 695.419720][T13052] delete_channel: no stack [ 695.757700][T11160] Bluetooth: hci2: command 0x0406 tx timeout [ 699.284781][T13076] syzkaller0: entered promiscuous mode [ 699.293295][T13076] syzkaller0: entered allmulticast mode [ 702.373366][T13110] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2794'. [ 702.436593][T13112] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.2795'. [ 702.722377][T13122] netlink: 'syz.1.2800': attribute type 9 has an invalid length. [ 702.745112][T13122] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2800'. [ 704.381097][T13134] netlink: 'syz.0.2804': attribute type 10 has an invalid length. [ 704.390336][T13134] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2804'. [ 704.456633][T13134] batman_adv: batadv0: Adding interface: virt_wifi0 [ 704.463911][T13134] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 704.490829][T13134] batman_adv: batadv0: Interface activated: virt_wifi0 [ 704.947359][T13138] syzkaller0: entered promiscuous mode [ 704.954842][T13138] syzkaller0: entered allmulticast mode [ 704.981661][T13142] netlink: 1047 bytes leftover after parsing attributes in process `syz.1.2807'. [ 704.991725][T13142] bridge_slave_1: default FDB implementation only supports local addresses [ 705.569276][T13152] netlink: 'syz.3.2812': attribute type 10 has an invalid length. [ 705.879666][T13160] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2816'. [ 707.308442][T13160] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2816'. [ 707.320309][T13161] netlink: 17279 bytes leftover after parsing attributes in process `syz.3.2815'. [ 707.590302][T11160] Bluetooth: hci0: Malformed LE Event: 0x0b [ 707.682788][T13175] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2817'. [ 707.775396][T13175] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 707.980419][T13184] netlink: zone id is out of range [ 707.998707][T13184] netlink: set zone limit has 8 unknown bytes [ 708.012298][T13184] netlink: 'syz.0.2823': attribute type 10 has an invalid length. [ 708.038992][T13184] netlink: 55 bytes leftover after parsing attributes in process `syz.0.2823'. [ 708.240247][T13184] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 708.429163][T13184] batman_adv: batadv0: Removing interface: virt_wifi0 [ 708.527271][T13195] netlink: 'syz.2.2826': attribute type 3 has an invalid length. [ 708.558030][T13195] netlink: 'syz.2.2826': attribute type 6 has an invalid length. [ 708.587841][T13195] netlink: 144448 bytes leftover after parsing attributes in process `syz.2.2826'. [ 708.756561][T13191] syzkaller0: entered promiscuous mode [ 708.769432][T13191] syzkaller0: entered allmulticast mode [ 710.068066][T11160] Bluetooth: hci1: Malformed LE Event: 0x0d [ 710.681433][T13233] netlink: 'syz.2.2839': attribute type 10 has an invalid length. [ 714.329010][T13255] syzkaller0: create flow: hash 3645224557 index 1 [ 715.044632][T13255] syzkaller0: delete flow: hash 3645224557 index 1 [ 717.073338][T13271] netlink: 'syz.3.2852': attribute type 19 has an invalid length. [ 717.084933][T13271] netlink: 14524 bytes leftover after parsing attributes in process `syz.3.2852'. [ 717.097292][T13274] netlink: 'syz.0.2855': attribute type 21 has an invalid length. [ 717.111813][T13274] netlink: 14548 bytes leftover after parsing attributes in process `syz.0.2855'. [ 717.283571][T13282] netlink: 'syz.3.2859': attribute type 13 has an invalid length. [ 717.292739][T13282] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2859'. [ 717.327717][T13282] syz_tun: refused to change device tx_queue_len [ 717.334578][T13282] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 717.396769][T13282] netlink: 'syz.3.2859': attribute type 10 has an invalid length. [ 717.471058][T13282] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 717.496154][T13282] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 717.529814][T13282] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 717.587949][T13286] netlink: 'syz.1.2860': attribute type 39 has an invalid length. [ 718.271934][T13295] netlink: 'syz.1.2864': attribute type 9 has an invalid length. [ 718.280077][T13295] netlink: 49779 bytes leftover after parsing attributes in process `syz.1.2864'. [ 718.461941][T13304] netlink: 'syz.3.2869': attribute type 29 has an invalid length. [ 718.472423][T13304] netlink: 'syz.3.2869': attribute type 29 has an invalid length. [ 718.493322][T13304] netlink: 'syz.3.2869': attribute type 29 has an invalid length. [ 718.575114][T13304] netlink: 'syz.3.2869': attribute type 29 has an invalid length. [ 720.107519][T13335] IPv6: pim6reg1: Disabled Multicast RS [ 720.260111][T13343] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2884'. [ 720.663890][T13359] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 720.673533][ T49] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:bb [ 720.697558][ T49] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:bb [ 720.706192][ T49] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00 [ 720.727501][ T49] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00 [ 720.736098][ T12] ------------[ cut here ]------------ [ 720.742467][ T12] WARNING: CPU: 1 PID: 12 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x3d2/0x440 [ 720.752683][ T12] Modules linked in: [ 720.756647][ T12] CPU: 1 PID: 12 Comm: kworker/u4:1 Not tainted syzkaller #0 [ 720.764545][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 720.774798][ T12] Workqueue: cfg80211 cfg80211_event_work [ 720.780695][ T12] RIP: 0010:__cfg80211_ibss_joined+0x3d2/0x440 [ 720.787566][ T12] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 5c 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 67 30 a0 f7 0f 0b eb bb e8 5e 30 a0 f7 <0f> 0b 4c 8b 6c 24 18 eb ad e8 50 30 a0 f7 0f 0b e9 e0 fd ff ff e8 [ 720.807675][ T12] RSP: 0018:ffffc90000117a20 EFLAGS: 00010293 [ 720.813825][ T12] RAX: ffffffff89e6f742 RBX: dffffc0000000000 RCX: ffff88801a275a00 [ 720.821921][ T12] RDX: 0000000000000000 RSI: ffffffff8acacbe0 RDI: ffffffff8b1c9860 [ 720.829993][ T12] RBP: ffffc90000117af8 R08: ffffffff911c756f R09: 1ffffffff2238ead [ 720.838133][ T12] R10: dffffc0000000000 R11: fffffbfff2238eae R12: ffff88805db60c90 [ 720.846164][ T12] R13: 1ffff92000022f4c R14: ffff88805d42b5f8 R15: 000000000000001f [ 720.854233][ T12] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 720.863264][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 720.869990][ T12] CR2: 00007fd0b8d456b8 CR3: 00000000627a1000 CR4: 00000000003506e0 [ 720.878080][ T12] DR0: 0000000000000000 DR1: 0000200000000300 DR2: 0000000000000000 [ 720.886117][ T12] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 720.894792][ T12] Call Trace: [ 720.898196][ T12] [ 720.901192][ T12] ? mutex_lock_nested+0x20/0x20 [ 720.906207][ T12] ? trace_rdev_return_void+0x1c0/0x1c0 [ 720.911902][ T12] cfg80211_process_wdev_events+0x3bc/0x550 [ 720.918004][ T12] cfg80211_process_rdev_events+0xa1/0x110 [ 720.923880][ T12] cfg80211_event_work+0x2f/0x40 [ 720.928923][ T12] ? process_scheduled_works+0x96f/0x15d0 [ 720.934705][ T12] process_scheduled_works+0xa5d/0x15d0 [ 720.940427][ T12] ? worker_attach_to_pool+0x380/0x380 [ 720.945965][ T12] ? assign_work+0x3d2/0x5d0 [ 720.950691][ T12] worker_thread+0xa55/0xfc0 [ 720.955391][ T12] kthread+0x2fa/0x390 [ 720.959627][ T12] ? pr_cont_work+0x560/0x560 [ 720.964382][ T12] ? kthread_blkcg+0xd0/0xd0 [ 720.969110][ T12] ret_from_fork+0x48/0x80 [ 720.973599][ T12] ? kthread_blkcg+0xd0/0xd0 [ 720.978323][ T12] ret_from_fork_asm+0x11/0x20 [ 720.983178][ T12] [ 720.986333][ T12] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 720.993687][ T12] CPU: 1 PID: 12 Comm: kworker/u4:1 Not tainted syzkaller #0 [ 721.001102][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 721.011206][ T12] Workqueue: cfg80211 cfg80211_event_work [ 721.016989][ T12] Call Trace: [ 721.020320][ T12] [ 721.023307][ T12] dump_stack_lvl+0x18c/0x250 [ 721.028043][ T12] ? show_regs_print_info+0x20/0x20 [ 721.033333][ T12] ? load_image+0x420/0x420 [ 721.037929][ T12] panic+0x2dc/0x730 [ 721.041894][ T12] ? bpf_jit_dump+0xd0/0xd0 [ 721.046480][ T12] ? ret_from_fork_asm+0x11/0x20 [ 721.051480][ T12] __warn+0x2e0/0x470 [ 721.055502][ T12] ? __cfg80211_ibss_joined+0x3d2/0x440 [ 721.061083][ T12] ? __cfg80211_ibss_joined+0x3d2/0x440 [ 721.066662][ T12] report_bug+0x2be/0x4f0 [ 721.071018][ T12] ? __cfg80211_ibss_joined+0x3d2/0x440 [ 721.076606][ T12] ? __cfg80211_ibss_joined+0x3d2/0x440 [ 721.082183][ T12] ? __cfg80211_ibss_joined+0x3d4/0x440 [ 721.087759][ T12] handle_bug+0xcf/0x120 [ 721.092036][ T12] exc_invalid_op+0x1a/0x50 [ 721.096574][ T12] asm_exc_invalid_op+0x1a/0x20 [ 721.101546][ T12] RIP: 0010:__cfg80211_ibss_joined+0x3d2/0x440 [ 721.107736][ T12] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 5c 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 67 30 a0 f7 0f 0b eb bb e8 5e 30 a0 f7 <0f> 0b 4c 8b 6c 24 18 eb ad e8 50 30 a0 f7 0f 0b e9 e0 fd ff ff e8 [ 721.127371][ T12] RSP: 0018:ffffc90000117a20 EFLAGS: 00010293 [ 721.133468][ T12] RAX: ffffffff89e6f742 RBX: dffffc0000000000 RCX: ffff88801a275a00 [ 721.141461][ T12] RDX: 0000000000000000 RSI: ffffffff8acacbe0 RDI: ffffffff8b1c9860 [ 721.149459][ T12] RBP: ffffc90000117af8 R08: ffffffff911c756f R09: 1ffffffff2238ead [ 721.157544][ T12] R10: dffffc0000000000 R11: fffffbfff2238eae R12: ffff88805db60c90 [ 721.165561][ T12] R13: 1ffff92000022f4c R14: ffff88805d42b5f8 R15: 000000000000001f [ 721.173563][ T12] ? __cfg80211_ibss_joined+0x3d2/0x440 [ 721.179155][ T12] ? mutex_lock_nested+0x20/0x20 [ 721.184122][ T12] ? trace_rdev_return_void+0x1c0/0x1c0 [ 721.189706][ T12] cfg80211_process_wdev_events+0x3bc/0x550 [ 721.195642][ T12] cfg80211_process_rdev_events+0xa1/0x110 [ 721.201481][ T12] cfg80211_event_work+0x2f/0x40 [ 721.206445][ T12] ? process_scheduled_works+0x96f/0x15d0 [ 721.212195][ T12] process_scheduled_works+0xa5d/0x15d0 [ 721.217798][ T12] ? worker_attach_to_pool+0x380/0x380 [ 721.223301][ T12] ? assign_work+0x3d2/0x5d0 [ 721.227940][ T12] worker_thread+0xa55/0xfc0 [ 721.232584][ T12] kthread+0x2fa/0x390 [ 721.236678][ T12] ? pr_cont_work+0x560/0x560 [ 721.241386][ T12] ? kthread_blkcg+0xd0/0xd0 [ 721.245998][ T12] ret_from_fork+0x48/0x80 [ 721.250441][ T12] ? kthread_blkcg+0xd0/0xd0 [ 721.255059][ T12] ret_from_fork_asm+0x11/0x20 [ 721.259869][ T12] [ 721.263675][ T12] Kernel Offset: disabled [ 721.268086][ T12] Rebooting in 86400 seconds..