last executing test programs: 3.298655875s ago: executing program 1 (id=3358): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xc, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="660a0000000000006111830000000000950b000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r3 = openat$cgroup_devices(r2, &(0x7f0000000380)='devices.deny\x00', 0x2, 0x0) write$cgroup_devices(r3, &(0x7f0000000080)={'a', ' *:* ', 'r\x00'}, 0x8) 2.913999227s ago: executing program 1 (id=3360): r0 = socket$kcm(0x1e, 0x5, 0x0) setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r1 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r2 = socket$kcm(0x1e, 0x4, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43) write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[], 0x101d0) sendmsg$kcm(r2, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x20048811) 2.18862868s ago: executing program 3 (id=3363): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9c, 0x1, 0x0, 0x0, 0x0, 0x5, 0x6a024, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1ff}, 0x0, 0x0, 0x0, 0x3, 0x3, 0x0, 0xe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907a56675f37538ec86dd6317ce22667f1100db5b686158bbcfe8875a65"], 0xfdef) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90) close(0x3) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r1, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r0, 0x58}, 0x10) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) 2.1878084s ago: executing program 1 (id=3371): bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000080)={0x0, 0x0}) close(r0) r2 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) r3 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f00000008c0), 0x43) sendmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 2.067300334s ago: executing program 1 (id=3364): recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f00000006c0)=r0) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_bp={0x0, 0x8}, 0x100904, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000033000b0fd25a806c8c6f94f91024fc60", 0x14}], 0x1}, 0x0) 2.067165194s ago: executing program 2 (id=3365): socket$kcm(0x10, 0x400000002, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) r0 = socket$kcm(0xa, 0x5, 0x0) r1 = socket$kcm(0xa, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="000000000000000000e8ffffffffffff05000000", @ANYRES32=0x1], 0x48) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x8916, &(0x7f0000000000)={r1}) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8936, &(0x7f0000000000)={r1}) 1.959352787s ago: executing program 2 (id=3367): r0 = socket$kcm(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b}, 0x94) r1 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xfe327, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000009800000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000001b"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r3) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x7, 0xa, 0x0, 0x0, 0x4}, 0x94) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003e000b05d25a806c8c6f94f90324fc60100005000a000248053582c137153e37000c0980fc0b10000300", 0x33fe0}], 0x1}, 0x0) 1.798428623s ago: executing program 2 (id=3368): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x1, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000f000000850000002e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$kcm(0x11, 0x200000000000002, 0x300) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r0, 0x4) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x40, 0x0, 0x8, 0x0, 0x0, 0x61000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x8001, 0x1000000000c}, 0xa100, 0xc8, 0x1000003, 0x3, 0xfffffffffffffffd, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8000000000000001}, 0x0, 0x3, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="08000000040000000400000009"], 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r3, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r4, &(0x7f00000004c0)=ANY=[], 0xfdef) 1.698762576s ago: executing program 2 (id=3369): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xc, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="660a0000000000006111830000000000950b000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r3 = openat$cgroup_devices(r2, &(0x7f0000000380)='devices.deny\x00', 0x2, 0x0) write$cgroup_devices(r3, &(0x7f0000000080)={'a', ' *:* ', 'r\x00'}, 0x8) 1.691837286s ago: executing program 3 (id=3370): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) close(0xffffffffffffffff) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x120) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'rose0\x00', 0x112}) ioctl$TUNSETVNETBE(r0, 0x400454de, 0x0) 1.649325288s ago: executing program 1 (id=3373): r0 = socket$kcm(0x1e, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r1 = socket$kcm(0x1e, 0x4, 0x0) r2 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43) setsockopt$sock_attach_bpf(r1, 0x1, 0x21, &(0x7f00000000c0), 0x4) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[], 0xfdef) sendmsg$kcm(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x4) 1.493320613s ago: executing program 0 (id=3374): perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x5, 0xfffffffffffffe01}, 0x0, 0x1, 0x0, 0x5, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xb}, 0x0, 0xc8, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xffffffffffffffff}, 0x0, 0x4, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="8c38f0ff10"], 0x0, 0x42, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7ff}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000c9"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x8, 0x0, 0x61}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa067707"], 0xfdef) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0xfdef) 1.437638694s ago: executing program 0 (id=3375): bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000080)={0x0, 0x0}) close(r0) r2 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) r3 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f00000008c0), 0x43) sendmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 1.436503454s ago: executing program 2 (id=3376): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000, 0x4, 0x2, 0x0, 0x80, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffff7fffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x40000004, 0xa021, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000a0000000000000a07000000080000000000000b0400000009000000010000130c0000000740"], 0x0, 0x4a, 0x0, 0x1, 0x800, 0x10000}, 0x28) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid_for_children\x00') bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x13, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x38b137f9a619bb39, 0x14, '\x00', 0x0, @fallback=0x2e, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0xcc0, 0x0, &(0x7f0000000000)="c1188e19b95d02ff4284860186dd", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x60000002) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x739, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) 1.382119806s ago: executing program 3 (id=3377): socket$kcm(0x10, 0x400000002, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) r0 = socket$kcm(0xa, 0x5, 0x0) r1 = socket$kcm(0xa, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="000000000000000000e8ffffffffffff05000000", @ANYRES32=0x1], 0x48) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x8916, &(0x7f0000000000)={r1}) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8936, &(0x7f0000000000)={r1}) 1.315588779s ago: executing program 0 (id=3378): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x1, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000f000000850000002e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$kcm(0x11, 0x200000000000002, 0x300) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r0, 0x4) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x40, 0x0, 0x8, 0x0, 0x0, 0x61000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x8001, 0x1000000000c}, 0xa100, 0xc8, 0x1000003, 0x3, 0xfffffffffffffffd, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8000000000000001}, 0x0, 0x3, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="08000000040000000400000009"], 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r3, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r2, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r4, &(0x7f00000004c0)=ANY=[], 0xfdef) 1.190093272s ago: executing program 3 (id=3379): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x2008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffff56a, 0x100000000}, 0x250a, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x64099, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b81, 0x2, @perf_config_ext={0xfffffffffffffffd, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x9, 0x9, 0x2, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0x0, 0x9}, {0x10000002, 0x0, 0x0, 0x7}]}, 0x94) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10) sendmsg$inet(r0, &(0x7f0000000140)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001940)='{', 0xffc0}], 0x1}, 0x80d1) 1.188977572s ago: executing program 0 (id=3387): socket$kcm(0x10, 0x400000002, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) r0 = socket$kcm(0xa, 0x5, 0x0) r1 = socket$kcm(0xa, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="000000000000000000e8ffffffffffff05000000", @ANYRES32=0x1], 0x48) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x8916, &(0x7f0000000000)={r1}) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8936, &(0x7f0000000000)={r1}) 979.295749ms ago: executing program 0 (id=3380): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9c, 0x1, 0x0, 0x0, 0x0, 0x5, 0x6a024, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1ff}, 0x0, 0x0, 0x0, 0x3, 0x3, 0x0, 0xe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907a56675f37538ec86dd6317ce22667f1100db5b686158bbcfe8875a65"], 0xfdef) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90) close(0x3) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r1, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r0, 0x58}, 0x10) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) 534.895033ms ago: executing program 1 (id=3381): r0 = socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x80000005}, {0x2}]}, 0x94) sendmsg$inet(r0, &(0x7f00000029c0)={&(0x7f0000000100)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000002780)=[{&(0x7f00000006c0)='{', 0x1}], 0x1}, 0x4000040) sendmsg$inet(r0, &(0x7f00000000c0)={&(0x7f0000001040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000180)="959f", 0x2}], 0x1}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="18f3ffff01"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x7b, &(0x7f0000000000)=r3, 0x8) 129.412996ms ago: executing program 3 (id=3382): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x5, 0x5, 0x2, 0x4}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001c40)={0x18, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001bc6500850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0xfffffe4f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) 78.713448ms ago: executing program 0 (id=3383): r0 = perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa16ae, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={0x0, 0x8}, 0x90, 0xa4, 0x2, 0x1, 0xa1, 0x9b9b, 0x8, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x18, 0x1}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000b000000095"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000070000850000001b"], 0x0, 0xfffffffe, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) 47.990989ms ago: executing program 2 (id=3384): perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x408, 0xca, 0x0, 0x2, 0xfffffffffffffffc}, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2501, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_config_ext={0x6, 0x35f}, 0x118d2a, 0x0, 0x0, 0x9, 0x8, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) close(r1) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x13, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000080000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000100000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$cgroup_subtree(r4, &(0x7f0000000200)=ANY=[@ANYRES8=r1], 0x12) 0s ago: executing program 3 (id=3385): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xc, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="660a0000000000006111830000000000950b000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r3 = openat$cgroup_devices(r2, &(0x7f0000000380)='devices.deny\x00', 0x2, 0x0) write$cgroup_devices(r3, &(0x7f0000000080)={'a', ' *:* ', 'r\x00'}, 0x8) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.175' (ED25519) to the list of known hosts. syzkaller login: [ 71.838899][ T5766] cgroup: Unknown subsys name 'net' [ 71.972084][ T5766] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 73.613610][ T5766] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 75.062334][ T5779] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.111715][ T5783] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 75.115404][ T5779] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.126766][ T5779] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.135538][ T5779] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.143348][ T5779] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 75.150815][ T5779] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.156313][ T5787] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 75.162693][ T5090] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 75.175234][ T5090] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 75.183985][ T5090] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 75.199435][ T5787] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 75.207964][ T5090] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 75.208221][ T5787] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 75.223945][ T5090] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 75.224497][ T5787] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 75.231725][ T5090] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 75.238594][ T5787] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 75.280739][ T5787] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 75.292099][ T5090] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 75.304666][ T5090] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 75.314549][ T5090] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 75.322645][ T5090] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 75.335559][ T5090] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 75.762689][ T5781] chnl_net:caif_netlink_parms(): no params data found [ 75.797810][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 75.813639][ T5778] chnl_net:caif_netlink_parms(): no params data found [ 75.865033][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 75.969483][ T5781] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.976928][ T5781] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.984831][ T5781] bridge_slave_0: entered allmulticast mode [ 75.991719][ T5781] bridge_slave_0: entered promiscuous mode [ 76.000678][ T5781] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.007893][ T5781] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.015169][ T5781] bridge_slave_1: entered allmulticast mode [ 76.022059][ T5781] bridge_slave_1: entered promiscuous mode [ 76.141642][ T5781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.153006][ T5781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.164863][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.172619][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.180184][ T5785] bridge_slave_0: entered allmulticast mode [ 76.187237][ T5785] bridge_slave_0: entered promiscuous mode [ 76.194320][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.201857][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.209247][ T5788] bridge_slave_0: entered allmulticast mode [ 76.216398][ T5788] bridge_slave_0: entered promiscuous mode [ 76.223548][ T5778] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.231291][ T5778] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.238574][ T5778] bridge_slave_0: entered allmulticast mode [ 76.245711][ T5778] bridge_slave_0: entered promiscuous mode [ 76.260985][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.270711][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.278332][ T5785] bridge_slave_1: entered allmulticast mode [ 76.285409][ T5785] bridge_slave_1: entered promiscuous mode [ 76.292458][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.300018][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.307231][ T5788] bridge_slave_1: entered allmulticast mode [ 76.314104][ T5788] bridge_slave_1: entered promiscuous mode [ 76.321952][ T5778] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.329694][ T5778] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.337083][ T5778] bridge_slave_1: entered allmulticast mode [ 76.343839][ T5778] bridge_slave_1: entered promiscuous mode [ 76.365338][ T5781] team0: Port device team_slave_0 added [ 76.402955][ T5781] team0: Port device team_slave_1 added [ 76.422138][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.462581][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.474546][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.486594][ T5778] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.501111][ T5778] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.543478][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.554128][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.561414][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.592768][ T5781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.644589][ T5785] team0: Port device team_slave_0 added [ 76.651958][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.659079][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.685766][ T5781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.700312][ T5778] team0: Port device team_slave_0 added [ 76.729492][ T5785] team0: Port device team_slave_1 added [ 76.754241][ T5778] team0: Port device team_slave_1 added [ 76.762748][ T5788] team0: Port device team_slave_0 added [ 76.791164][ T5788] team0: Port device team_slave_1 added [ 76.818679][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.826186][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.852995][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.900109][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.907249][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.934366][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.953668][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.961217][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.987758][ T5778] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.999647][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.006840][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.032863][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.051443][ T5781] hsr_slave_0: entered promiscuous mode [ 77.057803][ T5781] hsr_slave_1: entered promiscuous mode [ 77.077529][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.084521][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.111236][ T5778] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.123557][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.131241][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.157408][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.198315][ T5785] hsr_slave_0: entered promiscuous mode [ 77.204900][ T5785] hsr_slave_1: entered promiscuous mode [ 77.211093][ T5785] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 77.219169][ T5785] Cannot create hsr debugfs directory [ 77.267888][ T5783] Bluetooth: hci0: command tx timeout [ 77.345227][ T5783] Bluetooth: hci2: command tx timeout [ 77.355148][ T5783] Bluetooth: hci1: command tx timeout [ 77.362676][ T5788] hsr_slave_0: entered promiscuous mode [ 77.369826][ T5788] hsr_slave_1: entered promiscuous mode [ 77.377459][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 77.385117][ T5788] Cannot create hsr debugfs directory [ 77.414591][ T5778] hsr_slave_0: entered promiscuous mode [ 77.421290][ T5778] hsr_slave_1: entered promiscuous mode [ 77.427174][ T5783] Bluetooth: hci3: command tx timeout [ 77.436123][ T5778] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 77.443718][ T5778] Cannot create hsr debugfs directory [ 77.786830][ T5781] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 77.801658][ T5781] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 77.813416][ T5781] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 77.846126][ T5781] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 77.920666][ T5785] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 77.932066][ T5785] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 77.948854][ T5785] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 77.961466][ T5785] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 78.044132][ T5788] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 78.069648][ T5788] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 78.088854][ T5788] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 78.119261][ T5788] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 78.180623][ T5778] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 78.191902][ T5778] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 78.211405][ T5781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.223745][ T5778] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 78.235630][ T5778] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 78.307538][ T5781] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.340280][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.347640][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.373531][ T3457] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.380806][ T3457] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.427555][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.476965][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.516191][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.531329][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.576959][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.584109][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.600476][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.607656][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.632834][ T3440] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.640045][ T3440] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.683810][ T38] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.691024][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.720558][ T5778] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.818589][ T5778] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.899878][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.907153][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.944549][ T3457] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.951764][ T3457] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.062598][ T5781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.212397][ T5781] veth0_vlan: entered promiscuous mode [ 79.252016][ T5781] veth1_vlan: entered promiscuous mode [ 79.357036][ T5783] Bluetooth: hci0: command tx timeout [ 79.365980][ T5781] veth0_macvtap: entered promiscuous mode [ 79.399702][ T5781] veth1_macvtap: entered promiscuous mode [ 79.426968][ T5783] Bluetooth: hci1: command tx timeout [ 79.432494][ T5783] Bluetooth: hci2: command tx timeout [ 79.477216][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.497930][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.506129][ T5783] Bluetooth: hci3: command tx timeout [ 79.525424][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.539272][ T5781] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.550762][ T5781] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.559618][ T5781] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.568936][ T5781] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.584721][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.694768][ T5785] veth0_vlan: entered promiscuous mode [ 79.713721][ T5778] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.733178][ T5788] veth0_vlan: entered promiscuous mode [ 79.777320][ T5785] veth1_vlan: entered promiscuous mode [ 79.824570][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.833873][ T5788] veth1_vlan: entered promiscuous mode [ 79.845100][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.895867][ T3498] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.903731][ T3498] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.958522][ T5778] veth0_vlan: entered promiscuous mode [ 80.003468][ T5785] veth0_macvtap: entered promiscuous mode [ 80.039352][ T5785] veth1_macvtap: entered promiscuous mode [ 80.052191][ T5788] veth0_macvtap: entered promiscuous mode [ 80.064883][ T5778] veth1_vlan: entered promiscuous mode [ 80.099775][ T5788] veth1_macvtap: entered promiscuous mode [ 80.140040][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.164177][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.183817][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.211400][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.229884][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.249126][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.268791][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.295176][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.311462][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.322974][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.338821][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.369100][ T5785] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.378878][ T5785] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.388116][ T5785] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.403080][ T5785] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.428680][ T5778] veth0_macvtap: entered promiscuous mode [ 80.444748][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.456793][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.472179][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.483182][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.496206][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.521859][ T5788] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.532598][ T5788] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.541738][ T5788] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.555993][ T5788] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.599545][ T5778] veth1_macvtap: entered promiscuous mode [ 80.617083][ C1] hrtimer: interrupt took 70843 ns [ 80.736881][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.748245][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.758879][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.769918][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.787797][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.799659][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.811527][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.831689][ T38] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.847947][ T38] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.950335][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.962297][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.974292][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.996993][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.011402][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.031693][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.055575][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.138049][ T5778] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.151484][ T5778] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.160618][ T5778] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.170371][ T5778] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.203913][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.226400][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.283563][ T3525] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.302388][ T3525] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.369699][ T3525] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.401949][ T3525] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.426230][ T5783] Bluetooth: hci0: command tx timeout [ 81.447520][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.455910][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.505475][ T5783] Bluetooth: hci2: command tx timeout [ 81.510945][ T5090] Bluetooth: hci1: command tx timeout [ 81.534539][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.586685][ T5783] Bluetooth: hci3: command tx timeout [ 81.591067][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.045885][ T5877] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 83.390822][ T5882] syz.2.17 (5882) used greatest stack depth: 19168 bytes left [ 83.506584][ T5783] Bluetooth: hci0: command tx timeout [ 83.538382][ T5889] netlink: 'syz.3.21': attribute type 21 has an invalid length. [ 83.553097][ T5889] netlink: 'syz.3.21': attribute type 13 has an invalid length. [ 83.561845][ T5889] netlink: 6188 bytes leftover after parsing attributes in process `syz.3.21'. [ 83.586456][ T5783] Bluetooth: hci2: command tx timeout [ 83.593257][ T5090] Bluetooth: hci1: command tx timeout [ 83.665335][ T5090] Bluetooth: hci3: command tx timeout [ 83.801256][ T5897] warning: `syz.0.24' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 84.934722][ T3440] tipc: Subscription rejected, illegal request [ 85.736546][ T5090] Bluetooth: hci0: Malformed LE Event: 0x02 [ 85.968630][ T5945] netlink: 'syz.1.46': attribute type 1 has an invalid length. [ 85.977149][ T5945] netlink: 'syz.1.46': attribute type 4 has an invalid length. [ 85.984758][ T5945] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.46'. [ 86.379482][ T5953] netlink: 'syz.3.50': attribute type 1 has an invalid length. [ 86.416473][ T5953] netlink: 199820 bytes leftover after parsing attributes in process `syz.3.50'. [ 87.030963][ T968] cfg80211: failed to load regulatory.db [ 87.748555][ T5983] netlink: 'syz.2.62': attribute type 10 has an invalid length. [ 89.343725][ T5983] veth0_macvtap: left promiscuous mode [ 90.256655][ T6002] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.71'. [ 90.617125][ T6010] netlink: 15794 bytes leftover after parsing attributes in process `syz.3.75'. [ 92.723355][ T6060] syz.0.95 uses obsolete (PF_INET,SOCK_PACKET) [ 96.394202][ T6113] netlink: 'syz.1.117': attribute type 22 has an invalid length. [ 96.964491][ T6130] netlink: 'syz.3.125': attribute type 1 has an invalid length. [ 96.984151][ T6130] netlink: 'syz.3.125': attribute type 4 has an invalid length. [ 97.025365][ T6130] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.125'. [ 98.455083][ T6138] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 99.254675][ T6148] netlink: 'syz.2.133': attribute type 14 has an invalid length. [ 99.285081][ T6148] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.133'. [ 102.862173][ T6214] netlink: 'syz.0.163': attribute type 33 has an invalid length. [ 102.894971][ T6214] netlink: 152 bytes leftover after parsing attributes in process `syz.0.163'. [ 102.914026][ T6214] `: renamed from syz_tun (while UP) [ 105.209828][ T6231] netlink: 156 bytes leftover after parsing attributes in process `syz.0.170'. [ 106.332826][ T6247] sctp: [Deprecated]: syz.2.177 (pid 6247) Use of struct sctp_assoc_value in delayed_ack socket option. [ 106.332826][ T6247] Use struct sctp_sack_info instead [ 108.356035][ T6285] Illegal XDP return value 956936225 on prog (id 117) dev N/A, expect packet loss! [ 110.573652][ T5090] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18 [ 111.266087][ T5783] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18 [ 111.698923][ T5090] Bluetooth: hci2: Malformed Event: 0x2f [ 112.607377][ T5090] Bluetooth: hci0: unexpected subevent 0x05 length: 150 > 12 [ 112.626993][ T5090] Bluetooth: hci1: command tx timeout [ 113.810579][ T6415] netlink: 60243 bytes leftover after parsing attributes in process `syz.2.249'. [ 113.848596][ T6415] netlink: 4 bytes leftover after parsing attributes in process `syz.2.249'. [ 114.357124][ T6424] netlink: 'syz.0.254': attribute type 2 has an invalid length. [ 114.368864][ T6424] netlink: 'syz.0.254': attribute type 1 has an invalid length. [ 114.385022][ T6424] netlink: 'syz.0.254': attribute type 8 has an invalid length. [ 114.403366][ T6424] netlink: 88 bytes leftover after parsing attributes in process `syz.0.254'. [ 114.625033][ T5090] Bluetooth: hci0: command tx timeout [ 114.712569][ T5090] Bluetooth: hci2: unexpected event 0x31 length: 15 > 6 [ 114.862043][ T5090] Bluetooth: hci0: Dropping invalid advertising data [ 114.877880][ T5090] Bluetooth: hci0: Malformed LE Event: 0x02 [ 116.499870][ T6461] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.271'. [ 120.601629][ T5090] Bluetooth: hci3: unexpected subevent 0x03 length: 150 > 9 [ 120.701157][ T6502] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.291'. [ 120.809148][ T6500] netlink: 'syz.0.290': attribute type 9 has an invalid length. [ 120.847332][ T6500] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.290'. [ 122.384611][ T6531] sctp: [Deprecated]: syz.2.305 (pid 6531) Use of struct sctp_assoc_value in delayed_ack socket option. [ 122.384611][ T6531] Use struct sctp_sack_info instead [ 122.654625][ T6536] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.307'. [ 122.808963][ T6538] syzkaller0: entered promiscuous mode [ 122.814751][ T6538] syzkaller0: entered allmulticast mode [ 126.224308][ T6543] lo: entered promiscuous mode [ 131.744739][ T6664] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.833675][ T6699] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.380'. [ 133.147970][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.156430][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.154052][ T6715] netlink: 'syz.2.386': attribute type 10 has an invalid length. [ 134.227238][ T6715] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 134.273947][ T6715] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 135.054135][ T6743] netlink: 'syz.3.400': attribute type 11 has an invalid length. [ 135.072389][ T6743] netlink: 184116 bytes leftover after parsing attributes in process `syz.3.400'. [ 135.098840][ T6743] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 135.115249][ T6743] CPU: 0 PID: 6743 Comm: syz.3.400 Not tainted syzkaller #0 [ 135.122652][ T6743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 135.132765][ T6743] Call Trace: [ 135.136089][ T6743] [ 135.139062][ T6743] dump_stack_lvl+0x18c/0x250 [ 135.143800][ T6743] ? show_regs_print_info+0x20/0x20 [ 135.149179][ T6743] ? load_image+0x420/0x420 [ 135.153746][ T6743] sysfs_warn_dup+0x8e/0xa0 [ 135.158303][ T6743] sysfs_do_create_link_sd+0xc0/0x110 [ 135.163717][ T6743] device_add_class_symlinks+0x1cf/0x240 [ 135.169415][ T6743] device_add+0x507/0xc50 [ 135.173815][ T6743] wiphy_register+0x1dad/0x2ae0 [ 135.178751][ T6743] ? cfg80211_event_work+0x40/0x40 [ 135.183928][ T6743] ? minstrel_ht_alloc+0x88a/0x990 [ 135.189104][ T6743] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 135.195256][ T6743] ieee80211_register_hw+0x3464/0x4250 [ 135.200768][ T6743] ? ieee80211_tasklet_handler+0x20/0x20 [ 135.206441][ T6743] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 135.212364][ T6743] ? __debug_object_init+0xec/0x450 [ 135.217591][ T6743] ? __asan_memset+0x22/0x40 [ 135.222200][ T6743] ? __hrtimer_init+0x186/0x270 [ 135.227066][ T6743] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 135.232824][ T6743] ? mac80211_hwsim_free+0x220/0x220 [ 135.238126][ T6743] ? rcu_is_watching+0x15/0xb0 [ 135.243005][ T6743] ? kstrndup+0xbd/0x140 [ 135.247274][ T6743] hwsim_new_radio_nl+0xdc9/0x1a90 [ 135.252406][ T6743] ? __nla_validate+0x50/0x50 [ 135.257110][ T6743] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 135.263463][ T6743] ? __nla_parse+0x40/0x50 [ 135.267901][ T6743] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 135.274257][ T6743] genl_family_rcv_msg_doit+0x211/0x310 [ 135.279828][ T6743] ? end_current_label_crit_section+0x170/0x170 [ 135.286090][ T6743] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 135.292031][ T6743] ? bpf_lsm_capable+0x9/0x10 [ 135.296746][ T6743] ? security_capable+0x89/0xb0 [ 135.301642][ T6743] genl_rcv_msg+0x619/0x7a0 [ 135.306274][ T6743] ? genl_bind+0x360/0x360 [ 135.310719][ T6743] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 135.317084][ T6743] ? ref_tracker_free+0x690/0x840 [ 135.322155][ T6743] netlink_rcv_skb+0x241/0x4d0 [ 135.326948][ T6743] ? genl_bind+0x360/0x360 [ 135.331384][ T6743] ? netlink_ack+0x1180/0x1180 [ 135.336180][ T6743] ? __lock_acquire+0x7d40/0x7d40 [ 135.341226][ T6743] ? down_read+0x1ac/0x2e0 [ 135.345663][ T6743] genl_rcv+0x28/0x40 [ 135.349666][ T6743] netlink_unicast+0x751/0x8d0 [ 135.354458][ T6743] netlink_sendmsg+0x8d0/0xbf0 [ 135.359243][ T6743] ? netlink_getsockopt+0x590/0x590 [ 135.364456][ T6743] ? aa_sock_msg_perm+0x94/0x150 [ 135.369418][ T6743] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 135.374719][ T6743] ? security_socket_sendmsg+0x80/0xa0 [ 135.380191][ T6743] ? netlink_getsockopt+0x590/0x590 [ 135.385403][ T6743] ____sys_sendmsg+0x5ba/0x960 [ 135.390198][ T6743] ? __asan_memset+0x22/0x40 [ 135.394803][ T6743] ? __sys_sendmsg_sock+0x30/0x30 [ 135.399841][ T6743] ? __import_iovec+0x5f2/0x850 [ 135.404714][ T6743] ? import_iovec+0x73/0xa0 [ 135.409317][ T6743] ___sys_sendmsg+0x2a6/0x360 [ 135.414013][ T6743] ? __sys_sendmsg+0x2a0/0x2a0 [ 135.418928][ T6743] __se_sys_sendmsg+0x1c2/0x2b0 [ 135.423795][ T6743] ? __x64_sys_sendmsg+0x80/0x80 [ 135.428789][ T6743] ? lockdep_hardirqs_on+0x98/0x150 [ 135.434033][ T6743] do_syscall_64+0x55/0xb0 [ 135.438478][ T6743] ? clear_bhb_loop+0x40/0x90 [ 135.443177][ T6743] ? clear_bhb_loop+0x40/0x90 [ 135.447870][ T6743] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 135.453781][ T6743] RIP: 0033:0x7f2f80f9ce59 [ 135.458211][ T6743] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 135.477835][ T6743] RSP: 002b:00007f2f81e1c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 135.486437][ T6743] RAX: ffffffffffffffda RBX: 00007f2f81215fa0 RCX: 00007f2f80f9ce59 [ 135.494418][ T6743] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 135.502398][ T6743] RBP: 00007f2f81032d6f R08: 0000000000000000 R09: 0000000000000000 [ 135.510381][ T6743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 135.518370][ T6743] R13: 00007f2f81216038 R14: 00007f2f81215fa0 R15: 00007ffc261088a8 [ 135.526379][ T6743] [ 138.570014][ T6837] netlink: 'syz.3.415': attribute type 10 has an invalid length. [ 138.867015][ T6837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 138.946326][ T6837] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 139.744669][ T6861] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 140.774099][ T6884] netlink: 'syz.0.430': attribute type 10 has an invalid length. [ 140.826547][ T6884] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 140.909478][ T6884] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 141.794821][ T6926] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 143.711329][ T6946] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.441'. [ 144.281294][ T6958] netlink: 'syz.1.443': attribute type 10 has an invalid length. [ 144.374037][ T6958] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 144.427321][ T6958] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 145.856286][ T6981] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.454'. [ 149.000523][ T7034] netlink: 'syz.3.478': attribute type 10 has an invalid length. [ 152.271486][ T7080] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.497'. [ 163.060728][ T7175] veth1_macvtap: entered allmulticast mode [ 163.722415][ T7191] veth1_macvtap: entered allmulticast mode [ 167.739172][ T7221] veth1_macvtap: entered allmulticast mode [ 168.210663][ T5090] Bluetooth: hci2: ISO packet too small [ 168.230972][ T7240] sock: sock_timestamping_bind_phc: sock not bind to device [ 168.745356][ T7252] veth1_macvtap: entered allmulticast mode [ 169.010654][ T7260] sock: sock_timestamping_bind_phc: sock not bind to device [ 169.684548][ T7270] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.575'. [ 169.722339][ T7270] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 172.254292][ T7310] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.590'. [ 172.315822][ T7310] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 173.325332][ T5090] Bluetooth: hci2: Dropping invalid advertising data [ 173.333104][ T5090] Bluetooth: hci2: Malformed LE Event: 0x02 [ 173.698680][ T7349] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.608'. [ 173.744454][ T7349] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 174.576538][ T7357] netlink: 'syz.3.621': attribute type 21 has an invalid length. [ 175.229376][ T5090] Bluetooth: hci3: Dropping invalid advertising data [ 175.237035][ T5090] Bluetooth: hci3: Malformed LE Event: 0x02 [ 176.140432][ T7383] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.623'. [ 176.204132][ T7383] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 176.263916][ T7383] CPU: 1 PID: 7383 Comm: syz.1.623 Not tainted syzkaller #0 [ 176.271301][ T7383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 176.281410][ T7383] Call Trace: [ 176.284732][ T7383] [ 176.287719][ T7383] dump_stack_lvl+0x18c/0x250 [ 176.292472][ T7383] ? show_regs_print_info+0x20/0x20 [ 176.297731][ T7383] ? load_image+0x420/0x420 [ 176.302334][ T7383] sysfs_warn_dup+0x8e/0xa0 [ 176.306892][ T7383] sysfs_do_create_link_sd+0xc0/0x110 [ 176.312326][ T7383] device_add_class_symlinks+0x1cf/0x240 [ 176.318022][ T7383] device_add+0x507/0xc50 [ 176.322431][ T7383] wiphy_register+0x1dad/0x2ae0 [ 176.327441][ T7383] ? cfg80211_event_work+0x40/0x40 [ 176.332653][ T7383] ? minstrel_ht_alloc+0x88a/0x990 [ 176.337844][ T7383] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 176.343989][ T7383] ieee80211_register_hw+0x3464/0x4250 [ 176.349566][ T7383] ? ieee80211_tasklet_handler+0x20/0x20 [ 176.355257][ T7383] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 176.361218][ T7383] ? __debug_object_init+0xec/0x450 [ 176.366755][ T7383] ? __asan_memset+0x22/0x40 [ 176.371424][ T7383] ? __hrtimer_init+0x186/0x270 [ 176.376335][ T7383] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 176.382169][ T7383] ? mac80211_hwsim_free+0x220/0x220 [ 176.387597][ T7383] ? rcu_is_watching+0x15/0xb0 [ 176.392441][ T7383] ? kstrndup+0xbd/0x140 [ 176.396778][ T7383] hwsim_new_radio_nl+0xdc9/0x1a90 [ 176.401980][ T7383] ? __nla_validate+0x50/0x50 [ 176.406765][ T7383] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 176.413190][ T7383] ? __nla_parse+0x40/0x50 [ 176.417674][ T7383] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 176.424168][ T7383] genl_family_rcv_msg_doit+0x211/0x310 [ 176.429771][ T7383] ? end_current_label_crit_section+0x170/0x170 [ 176.436091][ T7383] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 176.442246][ T7383] ? bpf_lsm_capable+0x9/0x10 [ 176.447081][ T7383] ? security_capable+0x89/0xb0 [ 176.452017][ T7383] genl_rcv_msg+0x619/0x7a0 [ 176.456595][ T7383] ? genl_bind+0x360/0x360 [ 176.461061][ T7383] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 176.467543][ T7383] ? trace_event_raw_event_lock_acquire+0x2c0/0x2c0 [ 176.474220][ T7383] netlink_rcv_skb+0x241/0x4d0 [ 176.479043][ T7383] ? genl_bind+0x360/0x360 [ 176.483529][ T7383] ? netlink_ack+0x1180/0x1180 [ 176.488384][ T7383] ? __lock_acquire+0x7d40/0x7d40 [ 176.493489][ T7383] ? down_read+0x1ac/0x2e0 [ 176.497974][ T7383] genl_rcv+0x28/0x40 [ 176.502092][ T7383] netlink_unicast+0x751/0x8d0 [ 176.506998][ T7383] netlink_sendmsg+0x8d0/0xbf0 [ 176.511815][ T7383] ? perf_trace_lock+0x304/0x3b0 [ 176.516868][ T7383] ? netlink_getsockopt+0x590/0x590 [ 176.522147][ T7383] ? aa_sock_msg_perm+0x94/0x150 [ 176.527163][ T7383] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 176.532509][ T7383] ? security_socket_sendmsg+0x80/0xa0 [ 176.538032][ T7383] ? netlink_getsockopt+0x590/0x590 [ 176.543297][ T7383] ____sys_sendmsg+0x5ba/0x960 [ 176.548194][ T7383] ? __asan_memset+0x22/0x40 [ 176.552872][ T7383] ? __sys_sendmsg_sock+0x30/0x30 [ 176.557960][ T7383] ? __import_iovec+0x5f2/0x850 [ 176.562898][ T7383] ? import_iovec+0x73/0xa0 [ 176.567474][ T7383] ___sys_sendmsg+0x2a6/0x360 [ 176.572240][ T7383] ? __sys_sendmsg+0x2a0/0x2a0 [ 176.577128][ T7383] ? trace_call_bpf+0xc3/0x6c0 [ 176.582048][ T7383] __se_sys_sendmsg+0x1c2/0x2b0 [ 176.586992][ T7383] ? __x64_sys_sendmsg+0x80/0x80 [ 176.592041][ T7383] ? lockdep_hardirqs_on+0x98/0x150 [ 176.597321][ T7383] do_syscall_64+0x55/0xb0 [ 176.601799][ T7383] ? clear_bhb_loop+0x40/0x90 [ 176.606701][ T7383] ? clear_bhb_loop+0x40/0x90 [ 176.611434][ T7383] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 176.617395][ T7383] RIP: 0033:0x7f5460d9ce59 [ 176.621883][ T7383] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 176.641556][ T7383] RSP: 002b:00007f5461c88028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 176.650066][ T7383] RAX: ffffffffffffffda RBX: 00007f5461016090 RCX: 00007f5460d9ce59 [ 176.658103][ T7383] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 176.666143][ T7383] RBP: 00007f5460e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 176.674168][ T7383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 176.682188][ T7383] R13: 00007f5461016128 R14: 00007f5461016090 R15: 00007ffc87a82078 [ 176.690224][ T7383] [ 177.527896][ T7402] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.637'. [ 177.602363][ T7402] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 177.642198][ T7402] CPU: 1 PID: 7402 Comm: syz.2.637 Not tainted syzkaller #0 [ 177.649635][ T7402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 177.659734][ T7402] Call Trace: [ 177.663080][ T7402] [ 177.666060][ T7402] dump_stack_lvl+0x18c/0x250 [ 177.670829][ T7402] ? show_regs_print_info+0x20/0x20 [ 177.676100][ T7402] ? load_image+0x420/0x420 [ 177.680714][ T7402] sysfs_warn_dup+0x8e/0xa0 [ 177.685316][ T7402] sysfs_do_create_link_sd+0xc0/0x110 [ 177.690769][ T7402] device_add_class_symlinks+0x1cf/0x240 [ 177.696488][ T7402] device_add+0x507/0xc50 [ 177.700910][ T7402] wiphy_register+0x1dad/0x2ae0 [ 177.705886][ T7402] ? cfg80211_event_work+0x40/0x40 [ 177.711056][ T7402] ? minstrel_ht_alloc+0x88a/0x990 [ 177.716252][ T7402] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 177.722404][ T7402] ieee80211_register_hw+0x3464/0x4250 [ 177.727991][ T7402] ? ieee80211_tasklet_handler+0x20/0x20 [ 177.733686][ T7402] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 177.739661][ T7402] ? __debug_object_init+0xec/0x450 [ 177.744938][ T7402] ? __asan_memset+0x22/0x40 [ 177.749597][ T7402] ? __hrtimer_init+0x186/0x270 [ 177.754522][ T7402] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 177.760353][ T7402] ? mac80211_hwsim_free+0x220/0x220 [ 177.765693][ T7402] ? rcu_is_watching+0x15/0xb0 [ 177.770523][ T7402] ? kstrndup+0xbd/0x140 [ 177.774864][ T7402] hwsim_new_radio_nl+0xdc9/0x1a90 [ 177.780059][ T7402] ? __nla_validate+0x50/0x50 [ 177.784920][ T7402] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 177.791350][ T7402] ? __nla_parse+0x40/0x50 [ 177.795838][ T7402] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 177.802254][ T7402] genl_family_rcv_msg_doit+0x211/0x310 [ 177.807867][ T7402] ? end_current_label_crit_section+0x170/0x170 [ 177.814190][ T7402] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 177.820154][ T7402] ? bpf_lsm_capable+0x9/0x10 [ 177.824867][ T7402] ? security_capable+0x89/0xb0 [ 177.829777][ T7402] genl_rcv_msg+0x619/0x7a0 [ 177.834329][ T7402] ? genl_bind+0x360/0x360 [ 177.838774][ T7402] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 177.845129][ T7402] ? perf_trace_lock+0x304/0x3b0 [ 177.850122][ T7402] netlink_rcv_skb+0x241/0x4d0 [ 177.854927][ T7402] ? genl_bind+0x360/0x360 [ 177.859375][ T7402] ? netlink_ack+0x1180/0x1180 [ 177.864194][ T7402] ? __lock_acquire+0x7d40/0x7d40 [ 177.869256][ T7402] ? down_read+0x1ac/0x2e0 [ 177.873703][ T7402] genl_rcv+0x28/0x40 [ 177.877714][ T7402] netlink_unicast+0x751/0x8d0 [ 177.882521][ T7402] netlink_sendmsg+0x8d0/0xbf0 [ 177.887311][ T7402] ? perf_trace_lock+0x304/0x3b0 [ 177.892289][ T7402] ? netlink_getsockopt+0x590/0x590 [ 177.897516][ T7402] ? aa_sock_msg_perm+0x94/0x150 [ 177.902483][ T7402] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 177.907794][ T7402] ? security_socket_sendmsg+0x80/0xa0 [ 177.913274][ T7402] ? netlink_getsockopt+0x590/0x590 [ 177.918500][ T7402] ____sys_sendmsg+0x5ba/0x960 [ 177.923340][ T7402] ? __asan_memset+0x22/0x40 [ 177.927999][ T7402] ? __sys_sendmsg_sock+0x30/0x30 [ 177.933265][ T7402] ? __import_iovec+0x5f2/0x850 [ 177.938176][ T7402] ? import_iovec+0x73/0xa0 [ 177.942728][ T7402] ___sys_sendmsg+0x2a6/0x360 [ 177.947542][ T7402] ? __sys_sendmsg+0x2a0/0x2a0 [ 177.952432][ T7402] __se_sys_sendmsg+0x1c2/0x2b0 [ 177.957317][ T7402] ? __x64_sys_sendmsg+0x80/0x80 [ 177.962402][ T7402] ? lockdep_hardirqs_on+0x98/0x150 [ 177.967641][ T7402] do_syscall_64+0x55/0xb0 [ 177.972090][ T7402] ? clear_bhb_loop+0x40/0x90 [ 177.976785][ T7402] ? clear_bhb_loop+0x40/0x90 [ 177.981483][ T7402] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 177.987403][ T7402] RIP: 0033:0x7fc41219ce59 [ 177.991842][ T7402] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 178.011464][ T7402] RSP: 002b:00007fc413072028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 178.019903][ T7402] RAX: ffffffffffffffda RBX: 00007fc412415fa0 RCX: 00007fc41219ce59 [ 178.027919][ T7402] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 178.036013][ T7402] RBP: 00007fc412232d6f R08: 0000000000000000 R09: 0000000000000000 [ 178.044013][ T7402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 178.052024][ T7402] R13: 00007fc412416038 R14: 00007fc412415fa0 R15: 00007ffebf2dcc88 [ 178.060077][ T7402] [ 180.110309][ T7437] netlink: 60243 bytes leftover after parsing attributes in process `syz.0.643'. [ 180.158890][ T7437] netlink: 4 bytes leftover after parsing attributes in process `syz.0.643'. [ 180.798007][ T7444] netlink: 'syz.3.646': attribute type 2 has an invalid length. [ 180.833406][ T7444] netlink: 'syz.3.646': attribute type 1 has an invalid length. [ 180.884603][ T7444] netlink: 'syz.3.646': attribute type 8 has an invalid length. [ 180.918255][ T7444] netlink: 88 bytes leftover after parsing attributes in process `syz.3.646'. [ 181.699627][ T7451] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.649'. [ 182.795831][ T7451] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 182.803774][ T7451] CPU: 0 PID: 7451 Comm: syz.3.649 Not tainted syzkaller #0 [ 182.811080][ T7451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 182.821183][ T7451] Call Trace: [ 182.824494][ T7451] [ 182.827472][ T7451] dump_stack_lvl+0x18c/0x250 [ 182.832212][ T7451] ? show_regs_print_info+0x20/0x20 [ 182.837460][ T7451] ? load_image+0x420/0x420 [ 182.842022][ T7451] sysfs_warn_dup+0x8e/0xa0 [ 182.846585][ T7451] sysfs_do_create_link_sd+0xc0/0x110 [ 182.852261][ T7451] device_add_class_symlinks+0x1cf/0x240 [ 182.857950][ T7451] device_add+0x507/0xc50 [ 182.862334][ T7451] wiphy_register+0x1dad/0x2ae0 [ 182.867254][ T7451] ? cfg80211_event_work+0x40/0x40 [ 182.872408][ T7451] ? minstrel_ht_alloc+0x88a/0x990 [ 182.877574][ T7451] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 182.883695][ T7451] ieee80211_register_hw+0x3464/0x4250 [ 182.889222][ T7451] ? ieee80211_tasklet_handler+0x20/0x20 [ 182.894893][ T7451] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 182.900832][ T7451] ? __debug_object_init+0xec/0x450 [ 182.906081][ T7451] ? __asan_memset+0x22/0x40 [ 182.910731][ T7451] ? __hrtimer_init+0x186/0x270 [ 182.915636][ T7451] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 182.921438][ T7451] ? mac80211_hwsim_free+0x220/0x220 [ 182.926742][ T7451] ? rcu_is_watching+0x15/0xb0 [ 182.931521][ T7451] ? kstrndup+0xbd/0x140 [ 182.935788][ T7451] hwsim_new_radio_nl+0xdc9/0x1a90 [ 182.940937][ T7451] ? __nla_validate+0x50/0x50 [ 182.945636][ T7451] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 182.951991][ T7451] ? __nla_parse+0x40/0x50 [ 182.956451][ T7451] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 182.962812][ T7451] genl_family_rcv_msg_doit+0x211/0x310 [ 182.968464][ T7451] ? end_current_label_crit_section+0x170/0x170 [ 182.974725][ T7451] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 182.980641][ T7451] ? bpf_lsm_capable+0x9/0x10 [ 182.985342][ T7451] ? security_capable+0x89/0xb0 [ 182.990229][ T7451] genl_rcv_msg+0x619/0x7a0 [ 182.994770][ T7451] ? genl_bind+0x360/0x360 [ 182.999197][ T7451] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 183.005541][ T7451] ? perf_trace_lock+0x304/0x3b0 [ 183.010512][ T7451] netlink_rcv_skb+0x241/0x4d0 [ 183.015291][ T7451] ? genl_bind+0x360/0x360 [ 183.019722][ T7451] ? netlink_ack+0x1180/0x1180 [ 183.024505][ T7451] ? __lock_acquire+0x7d40/0x7d40 [ 183.029550][ T7451] ? down_read+0x1ac/0x2e0 [ 183.033993][ T7451] genl_rcv+0x28/0x40 [ 183.037991][ T7451] netlink_unicast+0x751/0x8d0 [ 183.042774][ T7451] netlink_sendmsg+0x8d0/0xbf0 [ 183.047554][ T7451] ? perf_trace_lock+0x304/0x3b0 [ 183.052521][ T7451] ? netlink_getsockopt+0x590/0x590 [ 183.057749][ T7451] ? aa_sock_msg_perm+0x94/0x150 [ 183.062703][ T7451] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 183.068003][ T7451] ? security_socket_sendmsg+0x80/0xa0 [ 183.073473][ T7451] ? netlink_getsockopt+0x590/0x590 [ 183.078688][ T7451] ____sys_sendmsg+0x5ba/0x960 [ 183.083472][ T7451] ? __asan_memset+0x22/0x40 [ 183.088076][ T7451] ? __sys_sendmsg_sock+0x30/0x30 [ 183.093125][ T7451] ? __import_iovec+0x5f2/0x850 [ 183.097999][ T7451] ? import_iovec+0x73/0xa0 [ 183.102513][ T7451] ___sys_sendmsg+0x2a6/0x360 [ 183.107231][ T7451] ? __sys_sendmsg+0x2a0/0x2a0 [ 183.112063][ T7451] __se_sys_sendmsg+0x1c2/0x2b0 [ 183.116962][ T7451] ? __x64_sys_sendmsg+0x80/0x80 [ 183.121927][ T7451] ? lockdep_hardirqs_on+0x98/0x150 [ 183.127146][ T7451] do_syscall_64+0x55/0xb0 [ 183.131759][ T7451] ? clear_bhb_loop+0x40/0x90 [ 183.136450][ T7451] ? clear_bhb_loop+0x40/0x90 [ 183.141141][ T7451] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 183.147050][ T7451] RIP: 0033:0x7f2f80f9ce59 [ 183.151493][ T7451] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 183.171130][ T7451] RSP: 002b:00007f2f81dfb028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 183.179558][ T7451] RAX: ffffffffffffffda RBX: 00007f2f81216090 RCX: 00007f2f80f9ce59 [ 183.187538][ T7451] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 183.195519][ T7451] RBP: 00007f2f81032d6f R08: 0000000000000000 R09: 0000000000000000 [ 183.203498][ T7451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 183.211478][ T7451] R13: 00007f2f81216128 R14: 00007f2f81216090 R15: 00007ffc261088a8 [ 183.219473][ T7451] [ 184.186734][ T7470] netlink: 'syz.2.659': attribute type 2 has an invalid length. [ 184.194461][ T7470] netlink: 'syz.2.659': attribute type 1 has an invalid length. [ 184.232415][ T7470] netlink: 'syz.2.659': attribute type 8 has an invalid length. [ 184.251212][ T7470] netlink: 88 bytes leftover after parsing attributes in process `syz.2.659'. [ 185.519980][ T5090] Bluetooth: hci1: unexpected subevent 0x05 length: 150 > 12 [ 187.065082][ T5090] Bluetooth: hci1: Malformed Event: 0x2f [ 187.488557][ T7551] netlink: 'syz.1.696': attribute type 39 has an invalid length. [ 187.514463][ T5090] Bluetooth: hci0: Malformed Event: 0x2f [ 187.585295][ T5090] Bluetooth: hci1: command tx timeout [ 187.594046][ T7554] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.697'. [ 188.235634][ T7581] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.710'. [ 188.372376][ T7584] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.712'. [ 188.429129][ T7586] netlink: 'syz.0.711': attribute type 39 has an invalid length. [ 188.954413][ T5090] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 189.289309][ T7609] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.723'. [ 190.359000][ T5783] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 190.921715][ T7638] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.737'. [ 193.470140][ T5783] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 194.980283][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.997248][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.311131][ T5783] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18 [ 195.505168][ T5783] Bluetooth: hci3: command tx timeout [ 197.348582][ T5783] Bluetooth: hci2: command tx timeout [ 197.591937][ T5783] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 199.670035][ T5090] Bluetooth: hci0: command tx timeout [ 199.972994][ T7780] sctp: [Deprecated]: syz.3.798 (pid 7780) Use of struct sctp_assoc_value in delayed_ack socket option. [ 199.972994][ T7780] Use struct sctp_sack_info instead [ 201.756467][ T7777] Bluetooth: hci2: command 0x0406 tx timeout [ 201.814662][ T7804] sctp: [Deprecated]: syz.1.808 (pid 7804) Use of struct sctp_assoc_value in delayed_ack socket option. [ 201.814662][ T7804] Use struct sctp_sack_info instead [ 201.826372][ T5783] Bluetooth: hci1: command 0x0406 tx timeout [ 201.838566][ T7777] Bluetooth: hci0: command 0x0406 tx timeout [ 201.844696][ T7777] Bluetooth: hci3: command 0x0406 tx timeout [ 217.504136][ T7955] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 218.323853][ T7971] netlink: 15794 bytes leftover after parsing attributes in process `syz.1.878'. [ 219.455580][ T7986] netlink: 'syz.1.894': attribute type 10 has an invalid length. [ 219.532272][ T7986] veth0_macvtap: left promiscuous mode [ 221.420394][ T7995] netlink: 'syz.0.896': attribute type 1 has an invalid length. [ 221.523303][ T7995] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.896'. [ 221.933141][ T8008] netlink: 15794 bytes leftover after parsing attributes in process `syz.0.891'. [ 223.035356][ T8020] netlink: 'syz.0.898': attribute type 10 has an invalid length. [ 223.099075][ T8020] veth0_macvtap: left promiscuous mode [ 225.474765][ T8055] netlink: 'syz.3.912': attribute type 10 has an invalid length. [ 225.538947][ T8055] veth0_macvtap: left promiscuous mode [ 228.420498][ T8088] netlink: 'syz.3.928': attribute type 10 has an invalid length. [ 229.591744][ T8100] netlink: 'syz.2.934': attribute type 21 has an invalid length. [ 229.614104][ T8100] netlink: 'syz.2.934': attribute type 13 has an invalid length. [ 229.639051][ T8100] netlink: 6188 bytes leftover after parsing attributes in process `syz.2.934'. [ 230.338457][ T8113] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.941'. [ 231.480354][ T8126] netlink: 'syz.1.946': attribute type 21 has an invalid length. [ 231.510743][ T8126] netlink: 'syz.1.946': attribute type 13 has an invalid length. [ 231.519167][ T8126] netlink: 6188 bytes leftover after parsing attributes in process `syz.1.946'. [ 236.276529][ T8194] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.974'. [ 239.252786][ T8225] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.988'. [ 242.230820][ T8268] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1 [ 245.980360][ T8353] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.1041'. [ 248.193421][ T8366] syzkaller0: entered promiscuous mode [ 248.250098][ T8366] syzkaller0: entered allmulticast mode [ 253.081098][ T8383] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.1056'. [ 254.080664][ T8413] wlan0: mtu greater than device maximum [ 254.528726][ T8425] netlink: 'syz.2.1076': attribute type 3 has an invalid length. [ 254.544097][ T8425] netlink: 'syz.2.1076': attribute type 1 has an invalid length. [ 254.559702][ T8425] netlink: 60387 bytes leftover after parsing attributes in process `syz.2.1076'. [ 256.057050][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.068120][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 270.014636][ T8577] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 275.339359][ T8646] netlink: 'syz.2.1168': attribute type 21 has an invalid length. [ 275.362885][ T8646] netlink: 'syz.2.1168': attribute type 19 has an invalid length. [ 275.379657][ T8646] netlink: 14536 bytes leftover after parsing attributes in process `syz.2.1168'. [ 276.373323][ T8669] netlink: 'syz.1.1179': attribute type 21 has an invalid length. [ 276.404888][ T8669] netlink: 'syz.1.1179': attribute type 19 has an invalid length. [ 276.412769][ T8669] netlink: 14536 bytes leftover after parsing attributes in process `syz.1.1179'. [ 282.351062][ T8762] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.1219'. [ 282.458704][ T8764] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.1220'. [ 282.495394][ T8764] netlink: zone id is out of range [ 282.500608][ T8764] netlink: zone id is out of range [ 282.511906][ T8764] netlink: zone id is out of range [ 282.517180][ T8764] netlink: zone id is out of range [ 282.522494][ T8764] netlink: zone id is out of range [ 282.528605][ T8764] netlink: zone id is out of range [ 282.539888][ T8764] netlink: zone id is out of range [ 282.556328][ T8764] netlink: zone id is out of range [ 282.565423][ T8764] netlink: zone id is out of range [ 282.573830][ T8764] netlink: zone id is out of range [ 282.624271][ T8768] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.1231'. [ 283.145902][ T8783] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.1236'. [ 284.759050][ T8805] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.1238'. [ 285.140396][ T8810] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.1242'. [ 285.660037][ T8829] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.1250'. [ 291.623176][ T8871] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 291.630968][ T8871] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 291.676829][ T8871] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 291.710954][ T8871] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 292.873128][ T8871] bond0: (slave batadv0): Releasing backup interface [ 292.911281][ T8886] net_ratelimit: 260 callbacks suppressed [ 292.911295][ T8886] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 292.975302][ T8885] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1274'. [ 293.003208][ T8885] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 293.511494][ T8905] netlink: 539 bytes leftover after parsing attributes in process `syz.1.1283'. [ 294.570330][ T8934] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1296'. [ 294.615132][ T8934] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 294.677271][ T8932] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 295.754584][ T8979] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1312'. [ 295.811191][ T8979] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 296.051181][ T8974] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 297.361343][ T9019] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1333'. [ 297.438922][ T9019] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 297.504222][ T9018] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 298.734108][ T9051] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 298.893649][ T9051] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1349'. [ 298.904227][ T9051] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 299.976410][ T9082] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 300.049648][ T9083] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1360'. [ 300.072734][ T9083] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 304.035898][ T9109] syz.1.1379[9109] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 304.036158][ T9109] syz.1.1379[9109] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 305.670199][ T9158] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1394'. [ 307.445948][ T9199] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1409'. [ 307.512897][ T9201] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1410'. [ 307.527631][ T9201] openvswitch: netlink: Tunnel attr 2548 out of range max 16 [ 307.573501][ T9200] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 312.629611][ T9280] syz.2.1444: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 312.657005][ T9280] CPU: 0 PID: 9280 Comm: syz.2.1444 Not tainted syzkaller #0 [ 312.664475][ T9280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 312.674593][ T9280] Call Trace: [ 312.677924][ T9280] [ 312.680905][ T9280] dump_stack_lvl+0x18c/0x250 [ 312.685640][ T9280] ? show_regs_print_info+0x20/0x20 [ 312.690886][ T9280] ? load_image+0x420/0x420 [ 312.695447][ T9280] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 312.701927][ T9280] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 312.708532][ T9280] warn_alloc+0x246/0x340 [ 312.712913][ T9280] ? stack_trace_save+0xaa/0x100 [ 312.717877][ T9280] ? zone_watermark_ok_safe+0x230/0x230 [ 312.723463][ T9280] ? kasan_set_track+0x5f/0x70 [ 312.728246][ T9280] ? kasan_set_track+0x4e/0x70 [ 312.733022][ T9280] ? __kasan_kmalloc+0x8f/0xa0 [ 312.737806][ T9280] ? xsk_init_queue+0xad/0x100 [ 312.742578][ T9280] ? xsk_setsockopt+0x4e5/0x760 [ 312.747442][ T9280] ? do_sock_setsockopt+0x175/0x1a0 [ 312.752653][ T9280] ? __x64_sys_setsockopt+0x182/0x200 [ 312.758043][ T9280] __vmalloc_node_range+0x126/0x1330 [ 312.763383][ T9280] ? free_vm_area+0x50/0x50 [ 312.768008][ T9280] vmalloc_user+0x74/0x80 [ 312.772359][ T9280] ? xskq_create+0xbf/0x170 [ 312.776878][ T9280] xskq_create+0xbf/0x170 [ 312.781225][ T9280] xsk_init_queue+0xad/0x100 [ 312.785835][ T9280] xsk_setsockopt+0x4e5/0x760 [ 312.790533][ T9280] ? xsk_poll+0x680/0x680 [ 312.794887][ T9280] ? __fget_files+0x28/0x4b0 [ 312.799524][ T9280] ? __fget_files+0x28/0x4b0 [ 312.804134][ T9280] ? aa_sock_opt_perm+0x74/0x100 [ 312.809092][ T9280] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 312.814652][ T9280] ? security_socket_setsockopt+0x7e/0xa0 [ 312.820391][ T9280] ? xsk_poll+0x680/0x680 [ 312.824768][ T9280] do_sock_setsockopt+0x175/0x1a0 [ 312.829826][ T9280] ? __fdget+0x180/0x210 [ 312.834091][ T9280] __x64_sys_setsockopt+0x182/0x200 [ 312.839314][ T9280] do_syscall_64+0x55/0xb0 [ 312.843744][ T9280] ? clear_bhb_loop+0x40/0x90 [ 312.848434][ T9280] ? clear_bhb_loop+0x40/0x90 [ 312.853121][ T9280] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 312.859032][ T9280] RIP: 0033:0x7fc41219ce59 [ 312.863464][ T9280] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 312.883084][ T9280] RSP: 002b:00007fc413072028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 312.891539][ T9280] RAX: ffffffffffffffda RBX: 00007fc412415fa0 RCX: 00007fc41219ce59 [ 312.899526][ T9280] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005 [ 312.907510][ T9280] RBP: 00007fc412232d6f R08: 0000000000000004 R09: 0000000000000000 [ 312.915493][ T9280] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 312.923486][ T9280] R13: 00007fc412416038 R14: 00007fc412415fa0 R15: 00007ffebf2dcc88 [ 312.931585][ T9280] [ 312.962420][ T9280] Mem-Info: [ 312.967790][ T9280] active_anon:6476 inactive_anon:0 isolated_anon:0 [ 312.967790][ T9280] active_file:15616 inactive_file:40036 isolated_file:0 [ 312.967790][ T9280] unevictable:768 dirty:145 writeback:0 [ 312.967790][ T9280] slab_reclaimable:10070 slab_unreclaimable:93253 [ 312.967790][ T9280] mapped:23976 shmem:1361 pagetables:526 [ 312.967790][ T9280] sec_pagetables:0 bounce:0 [ 312.967790][ T9280] kernel_misc_reclaimable:0 [ 312.967790][ T9280] free:1348350 free_pcp:11772 free_cma:0 [ 313.016449][ T9280] Node 0 active_anon:25904kB inactive_anon:0kB active_file:62464kB inactive_file:159940kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:95904kB dirty:576kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10980kB pagetables:2104kB sec_pagetables:0kB all_unreclaimable? no [ 313.080222][ T9280] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 313.204335][ T9280] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 313.254762][ T9280] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 313.315552][ T9280] Node 0 DMA32 free:1477340kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:24320kB inactive_anon:0kB active_file:62464kB inactive_file:159124kB unevictable:1536kB writepending:620kB present:3129332kB managed:2586928kB mlocked:0kB bounce:0kB free_pcp:33128kB local_pcp:19496kB free_cma:0kB [ 313.354697][ T9280] lowmem_reserve[]: 0 0 0 0 0 [ 313.360515][ T9280] Node 0 Normal free:8kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:816kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 313.400275][ T9280] lowmem_reserve[]: 0 0 0 0 0 [ 313.409836][ T9280] Node 1 Normal free:3900200kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:17152kB local_pcp:5248kB free_cma:0kB [ 313.445102][ T9280] lowmem_reserve[]: 0 0 0 0 0 [ 313.458945][ T9280] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 313.486951][ T9280] Node 0 DMA32: 60*4kB (UE) 1158*8kB (UE) 1240*16kB (UME) 2898*32kB (UME) 1344*64kB (UME) 428*128kB (UME) 173*256kB (UM) 87*512kB (UM) 49*1024kB (UME) 31*2048kB (UME) 247*4096kB (UM) = 1477088kB [ 313.532745][ T9280] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 313.578846][ T9280] Node 1 Normal: 220*4kB (UME) 63*8kB (UME) 42*16kB (UME) 101*32kB (UME) 26*64kB (UE) 10*128kB (UME) 1*256kB (U) 1*512kB (M) 2*1024kB (UE) 1*2048kB (E) 949*4096kB (M) = 3900200kB [ 313.622623][ T9280] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 313.636565][ T9280] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 313.647664][ T9280] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 313.660046][ T9280] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 313.683143][ T9280] 57012 total pagecache pages [ 313.693310][ T9280] 0 pages in swap cache [ 313.705668][ T9280] Free swap = 124996kB [ 313.723470][ T9280] Total swap = 124996kB [ 313.742708][ T9280] 2097051 pages RAM [ 313.751424][ T9280] 0 pages HighMem/MovableOnly [ 313.763694][ T9280] 416933 pages reserved [ 313.778256][ T9280] 0 pages cma reserved [ 317.435474][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.442370][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.880192][ T9353] netlink: 'syz.1.1479': attribute type 2 has an invalid length. [ 317.917082][ T9353] netlink: 1045 bytes leftover after parsing attributes in process `syz.1.1479'. [ 327.256844][ T9486] netlink: 'syz.2.1527': attribute type 9 has an invalid length. [ 327.264702][ T9486] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.1527'. [ 329.866020][ T9527] C: renamed from team_slave_0 (while UP) [ 329.911332][ T9527] netlink: 'syz.3.1543': attribute type 3 has an invalid length. [ 329.947203][ T9527] netlink: 'syz.3.1543': attribute type 1 has an invalid length. [ 329.955583][ T9527] netlink: 116 bytes leftover after parsing attributes in process `syz.3.1543'. [ 329.964755][ T9527] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 331.232303][ T9547] netlink: 'syz.3.1550': attribute type 9 has an invalid length. [ 331.259577][ T9547] netlink: 126588 bytes leftover after parsing attributes in process `syz.3.1550'. [ 333.980222][ T9563] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 335.838580][ T9598] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 337.769890][ T9631] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 343.691905][ T9761] netlink: 64859 bytes leftover after parsing attributes in process `syz.1.1652'. [ 344.043844][ T9772] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1650'. [ 344.056012][ T9772] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 344.749856][ T9792] netlink: 64859 bytes leftover after parsing attributes in process `syz.3.1660'. [ 345.331535][ T9805] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1665'. [ 345.349765][ T9805] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 345.580082][ T9816] netlink: 64859 bytes leftover after parsing attributes in process `syz.0.1671'. [ 349.714137][ T9883] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1705'. [ 349.785111][ T9883] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 350.692630][ T9890] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1714'. [ 350.705358][ T9890] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 351.122997][ T9908] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1722'. [ 351.174221][ T9908] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 356.796387][ T9944] tun0: tun_chr_ioctl cmd 2147767520 [ 359.555393][ T9980] tun0: tun_chr_ioctl cmd 2147767520 [ 364.043470][T10032] tun0: tun_chr_ioctl cmd 2147767520 [ 367.491362][T10065] syzkaller0: entered promiscuous mode [ 367.505029][T10065] syzkaller0: entered allmulticast mode [ 367.531599][T10065] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 65487 [ 368.036158][T10072] netlink: 'syz.0.1778': attribute type 39 has an invalid length. [ 368.567707][T10076] syz.2.1780[10076] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 368.568090][T10076] syz.2.1780[10076] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 368.902735][T10083] tun0: tun_chr_ioctl cmd 2147767520 [ 372.707480][T10111] syzkaller0: entered promiscuous mode [ 372.713033][T10111] syzkaller0: entered allmulticast mode [ 372.821876][T10119] syz.1.1790[10119] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 372.822139][T10119] syz.1.1790[10119] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 373.323471][T10133] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.1796'. [ 375.031152][T10150] syzkaller0: entered promiscuous mode [ 375.039277][T10150] syzkaller0: entered allmulticast mode [ 375.657107][T10154] syz.3.1806[10154] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 375.657256][T10154] syz.3.1806[10154] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 375.827849][T10160] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.1808'. [ 376.557429][T10195] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.1824'. [ 377.955689][T10231] netlink: 'syz.0.1847': attribute type 29 has an invalid length. [ 377.970802][T10231] netlink: 'syz.0.1847': attribute type 29 has an invalid length. [ 377.990445][T10234] netlink: 'syz.0.1847': attribute type 29 has an invalid length. [ 378.005174][T10231] netlink: 'syz.0.1847': attribute type 29 has an invalid length. [ 378.031615][T10231] netlink: 'syz.0.1847': attribute type 29 has an invalid length. [ 378.170349][T10238] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1850'. [ 378.180031][T10238] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 378.478310][T10244] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.1843'. [ 378.490857][T10244] netlink: zone id is out of range [ 378.501563][T10244] netlink: zone id is out of range [ 378.509394][T10244] netlink: zone id is out of range [ 378.521411][T10244] netlink: zone id is out of range [ 378.529398][T10244] netlink: zone id is out of range [ 378.554298][T10244] netlink: zone id is out of range [ 378.564554][T10244] netlink: zone id is out of range [ 378.570604][T10244] netlink: zone id is out of range [ 378.577063][T10244] netlink: zone id is out of range [ 378.870478][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.878952][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.171647][T10278] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1859'. [ 380.760114][T10292] netlink: 'syz.2.1866': attribute type 4 has an invalid length. [ 380.774040][T10292] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1866'. [ 382.580050][T10305] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1871'. [ 383.502729][T10311] netlink: 'syz.2.1874': attribute type 29 has an invalid length. [ 383.563048][T10311] netlink: 'syz.2.1874': attribute type 29 has an invalid length. [ 383.705475][T10314] netlink: 'syz.2.1874': attribute type 29 has an invalid length. [ 383.742290][T10315] netlink: 'syz.2.1874': attribute type 29 has an invalid length. [ 383.802572][T10311] netlink: 'syz.2.1874': attribute type 29 has an invalid length. [ 384.835499][T10341] netlink: 'syz.0.1886': attribute type 1 has an invalid length. [ 385.580279][T10353] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.1891'. [ 385.605517][T10353] net_ratelimit: 107 callbacks suppressed [ 385.605599][T10353] netlink: zone id is out of range [ 385.672212][T10353] netlink: zone id is out of range [ 385.730809][T10353] netlink: zone id is out of range [ 385.760776][T10353] netlink: zone id is out of range [ 385.775041][T10353] netlink: zone id is out of range [ 385.874599][T10353] netlink: zone id is out of range [ 385.882355][T10353] netlink: zone id is out of range [ 385.975918][T10353] netlink: zone id is out of range [ 386.015599][T10353] netlink: zone id is out of range [ 386.026280][T10353] netlink: zone id is out of range [ 387.493025][T10372] netlink: 'syz.1.1897': attribute type 1 has an invalid length. [ 388.678620][T10393] netlink: 2220 bytes leftover after parsing attributes in process `syz.3.1906'. [ 389.119259][T10398] netlink: 'syz.3.1908': attribute type 29 has an invalid length. [ 393.286083][T10398] netlink: 'syz.3.1908': attribute type 29 has an invalid length. [ 393.434355][T10414] netlink: 'syz.3.1909': attribute type 1 has an invalid length. [ 401.938377][T10530] sctp: [Deprecated]: syz.2.1976 (pid 10530) Use of struct sctp_assoc_value in delayed_ack socket option. [ 401.938377][T10530] Use struct sctp_sack_info instead [ 402.117766][T10532] netlink: 'syz.1.1968': attribute type 29 has an invalid length. [ 402.130074][T10532] netlink: 'syz.1.1968': attribute type 29 has an invalid length. [ 402.149869][T10535] netlink: 'syz.1.1968': attribute type 29 has an invalid length. [ 402.208577][T10532] netlink: 'syz.1.1968': attribute type 29 has an invalid length. [ 402.273867][T10532] netlink: 'syz.1.1968': attribute type 29 has an invalid length. [ 402.763246][T10546] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1982'. [ 402.841331][T10547] netlink: 'syz.1.1975': attribute type 4 has an invalid length. [ 402.861313][T10547] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1975'. [ 404.378761][T10568] sctp: [Deprecated]: syz.1.1983 (pid 10568) Use of struct sctp_assoc_value in delayed_ack socket option. [ 404.378761][T10568] Use struct sctp_sack_info instead [ 404.735904][T10579] netlink: 'syz.0.1990': attribute type 4 has an invalid length. [ 404.744595][T10579] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1990'. [ 405.996267][T10594] netlink: 'syz.1.1996': attribute type 29 has an invalid length. [ 406.039147][T10594] netlink: 'syz.1.1996': attribute type 29 has an invalid length. [ 406.078692][T10595] netlink: 'syz.1.1996': attribute type 29 has an invalid length. [ 409.039511][T10624] validate_nla: 2 callbacks suppressed [ 409.039553][T10624] netlink: 'syz.2.2008': attribute type 29 has an invalid length. [ 409.164020][T10624] netlink: 'syz.2.2008': attribute type 29 has an invalid length. [ 409.295106][T10625] netlink: 'syz.2.2008': attribute type 29 has an invalid length. [ 409.363813][T10626] netlink: 'syz.2.2008': attribute type 29 has an invalid length. [ 409.444577][T10631] netlink: 'syz.2.2008': attribute type 29 has an invalid length. [ 411.644226][T10664] netlink: 'syz.0.2023': attribute type 29 has an invalid length. [ 411.662000][T10664] netlink: 'syz.0.2023': attribute type 29 has an invalid length. [ 411.857307][T10665] netlink: 'syz.0.2023': attribute type 29 has an invalid length. [ 411.927235][T10666] netlink: 'syz.0.2023': attribute type 29 has an invalid length. [ 411.948928][T10668] netlink: 'syz.0.2023': attribute type 29 has an invalid length. [ 414.090233][ T51] Bluetooth: hci0: hcon ffff88802fea2000 sent 1 < count 16384 [ 418.096511][ T51] Bluetooth: hci1: hcon ffff88802ff3e000 sent 0 < count 16384 [ 418.489430][T10754] validate_nla: 5 callbacks suppressed [ 418.489467][T10754] netlink: 'syz.3.2057': attribute type 3 has an invalid length. [ 418.508022][T10754] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2057'. [ 420.742153][T10777] netlink: 'syz.2.2068': attribute type 2 has an invalid length. [ 420.751802][T10777] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2068'. [ 421.321854][T10790] netlink: 'syz.2.2072': attribute type 3 has an invalid length. [ 421.397260][T10790] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2072'. [ 423.233781][T10798] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.2086'. [ 423.821251][T10814] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.2085'. [ 424.657231][T10835] netlink: 'syz.1.2095': attribute type 1 has an invalid length. [ 424.685012][T10835] netlink: 'syz.1.2095': attribute type 4 has an invalid length. [ 424.700972][T10835] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.2095'. [ 424.910451][T10841] netlink: 'syz.0.2098': attribute type 3 has an invalid length. [ 424.927300][T10841] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2098'. [ 426.293841][T10858] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.2105'. [ 426.692407][T10868] netlink: 'syz.3.2108': attribute type 1 has an invalid length. [ 426.727292][T10868] netlink: 'syz.3.2108': attribute type 4 has an invalid length. [ 426.745288][T10868] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.2108'. [ 427.647414][T10884] netlink: 'syz.1.2112': attribute type 3 has an invalid length. [ 427.713408][T10884] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2112'. [ 428.602375][T10895] netlink: 'syz.2.2121': attribute type 1 has an invalid length. [ 428.624496][T10895] netlink: 'syz.2.2121': attribute type 4 has an invalid length. [ 428.655246][T10895] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.2121'. [ 429.210232][T10902] syzkaller0: entered promiscuous mode [ 433.502231][T10920] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.2133'. [ 434.384997][ T5768] page_pool_release_retry() stalled pool shutdown 1 inflight 60 sec [ 435.084068][T10962] @ÿ: renamed from bond_slave_0 (while UP) [ 436.701212][T10984] syz.1.2161: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 436.721789][T10984] CPU: 0 PID: 10984 Comm: syz.1.2161 Not tainted syzkaller #0 [ 436.729311][T10984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 436.739398][T10984] Call Trace: [ 436.742706][T10984] [ 436.745663][T10984] dump_stack_lvl+0x18c/0x250 [ 436.750559][T10984] ? show_regs_print_info+0x20/0x20 [ 436.755825][T10984] ? load_image+0x420/0x420 [ 436.760393][T10984] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 436.766896][T10984] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 436.773438][T10984] warn_alloc+0x246/0x340 [ 436.777832][T10984] ? stack_trace_save+0xaa/0x100 [ 436.782817][T10984] ? zone_watermark_ok_safe+0x230/0x230 [ 436.788416][T10984] ? kasan_set_track+0x5f/0x70 [ 436.793252][T10984] ? kasan_set_track+0x4e/0x70 [ 436.798046][T10984] ? __kasan_kmalloc+0x8f/0xa0 [ 436.802839][T10984] ? xsk_init_queue+0xad/0x100 [ 436.807676][T10984] ? xsk_setsockopt+0x4e5/0x760 [ 436.812558][T10984] ? do_sock_setsockopt+0x175/0x1a0 [ 436.817861][T10984] ? __x64_sys_setsockopt+0x182/0x200 [ 436.823472][T10984] __vmalloc_node_range+0x126/0x1330 [ 436.828883][T10984] ? free_vm_area+0x50/0x50 [ 436.833449][T10984] vmalloc_user+0x74/0x80 [ 436.837818][T10984] ? xskq_create+0xbf/0x170 [ 436.842353][T10984] xskq_create+0xbf/0x170 [ 436.846729][T10984] xsk_init_queue+0xad/0x100 [ 436.851357][T10984] xsk_setsockopt+0x4e5/0x760 [ 436.856070][T10984] ? xsk_poll+0x680/0x680 [ 436.860485][T10984] ? __fget_files+0x28/0x4b0 [ 436.865136][T10984] ? __fget_files+0x28/0x4b0 [ 436.869760][T10984] ? aa_sock_opt_perm+0x74/0x100 [ 436.874794][T10984] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 436.880393][T10984] ? security_socket_setsockopt+0x7e/0xa0 [ 436.886157][T10984] ? xsk_poll+0x680/0x680 [ 436.890517][T10984] do_sock_setsockopt+0x175/0x1a0 [ 436.895575][T10984] ? __fdget+0x180/0x210 [ 436.899860][T10984] __x64_sys_setsockopt+0x182/0x200 [ 436.905097][T10984] do_syscall_64+0x55/0xb0 [ 436.909552][T10984] ? clear_bhb_loop+0x40/0x90 [ 436.914333][T10984] ? clear_bhb_loop+0x40/0x90 [ 436.919078][T10984] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 436.925154][T10984] RIP: 0033:0x7f5460d9ce59 [ 436.929598][T10984] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 436.949323][T10984] RSP: 002b:00007f5461c88028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 436.957821][T10984] RAX: ffffffffffffffda RBX: 00007f5461016090 RCX: 00007f5460d9ce59 [ 436.965823][T10984] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005 [ 436.973875][T10984] RBP: 00007f5460e32d6f R08: 0000000000000004 R09: 0000000000000000 [ 436.981983][T10984] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 436.990070][T10984] R13: 00007f5461016128 R14: 00007f5461016090 R15: 00007ffc87a82078 [ 436.998088][T10984] [ 437.017897][T10984] Mem-Info: [ 437.021242][T10984] active_anon:6141 inactive_anon:0 isolated_anon:0 [ 437.021242][T10984] active_file:18046 inactive_file:40084 isolated_file:0 [ 437.021242][T10984] unevictable:768 dirty:142 writeback:0 [ 437.021242][T10984] slab_reclaimable:10224 slab_unreclaimable:93439 [ 437.021242][T10984] mapped:23968 shmem:1361 pagetables:543 [ 437.021242][T10984] sec_pagetables:0 bounce:0 [ 437.021242][T10984] kernel_misc_reclaimable:0 [ 437.021242][T10984] free:1346517 free_pcp:10444 free_cma:0 [ 437.097511][T10984] Node 0 active_anon:24264kB inactive_anon:0kB active_file:72184kB inactive_file:160132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:95872kB dirty:564kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10684kB pagetables:1972kB sec_pagetables:0kB all_unreclaimable? no [ 437.163845][T10984] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 437.231417][T10984] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 437.446303][T10984] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 437.480932][T10984] Node 0 DMA32 free:1469480kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:24888kB inactive_anon:0kB active_file:72184kB inactive_file:159316kB unevictable:1536kB writepending:580kB present:3129332kB managed:2586928kB mlocked:0kB bounce:0kB free_pcp:24092kB local_pcp:16364kB free_cma:0kB [ 437.638764][T10984] lowmem_reserve[]: 0 0 0 0 0 [ 437.685484][T10984] Node 0 Normal free:8kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:816kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 437.865195][T10984] lowmem_reserve[]: 0 0 0 0 0 [ 437.872383][T10984] Node 1 Normal free:3901224kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:16128kB local_pcp:4480kB free_cma:0kB [ 437.922194][T10984] lowmem_reserve[]: 0 0 0 0 0 [ 437.935254][T10984] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 437.959010][T10984] Node 0 DMA32: 630*4kB (UME) 1219*8kB (UME) 1507*16kB (UME) 1613*32kB (UME) 1564*64kB (UME) 605*128kB (UME) 215*256kB (UM) 103*512kB (UME) 45*1024kB (UM) 24*2048kB (UME) 244*4096kB (UM) = 1467968kB [ 438.000449][T10984] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 438.064675][T10984] Node 1 Normal: 220*4kB (UME) 63*8kB (UME) 42*16kB (UME) 117*32kB (UME) 30*64kB (UE) 12*128kB (UME) 1*256kB (U) 1*512kB (M) 2*1024kB (UE) 1*2048kB (E) 949*4096kB (M) = 3901224kB [ 438.116951][T10984] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 438.163055][T10984] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 438.213334][T10984] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 438.259591][T10984] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 438.303496][T10984] 59491 total pagecache pages [ 438.342976][T10984] 0 pages in swap cache [ 438.361578][T10984] Free swap = 124996kB [ 438.375405][T10984] Total swap = 124996kB [ 438.398331][T10984] 2097051 pages RAM [ 438.408016][T10984] 0 pages HighMem/MovableOnly [ 438.420890][T10999] netlink: 'syz.3.2168': attribute type 4 has an invalid length. [ 438.429044][T10984] 416933 pages reserved [ 438.433388][T10984] 0 pages cma reserved [ 438.448209][T10999] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.2168'. [ 440.313944][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.320438][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.633906][T11041] @ÿ: renamed from bond_slave_0 (while UP) [ 441.737643][T11037] syzkaller0: entered promiscuous mode [ 445.138235][T11073] netlink: 'syz.0.2195': attribute type 4 has an invalid length. [ 445.155717][T11073] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2195'. [ 446.665426][T11077] @ÿ: renamed from bond_slave_0 (while UP) [ 447.508650][T11101] syz.2.2203: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 447.569743][T11101] CPU: 0 PID: 11101 Comm: syz.2.2203 Not tainted syzkaller #0 [ 447.577306][T11101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 447.587488][T11101] Call Trace: [ 447.590803][T11101] [ 447.593782][T11101] dump_stack_lvl+0x18c/0x250 [ 447.598594][T11101] ? show_regs_print_info+0x20/0x20 [ 447.603919][T11101] ? load_image+0x420/0x420 [ 447.608477][T11101] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 447.614934][T11101] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 447.621478][T11101] warn_alloc+0x246/0x340 [ 447.625886][T11101] ? stack_trace_save+0xaa/0x100 [ 447.630866][T11101] ? zone_watermark_ok_safe+0x230/0x230 [ 447.636466][T11101] ? kasan_set_track+0x5f/0x70 [ 447.641371][T11101] ? kasan_set_track+0x4e/0x70 [ 447.646259][T11101] ? __kasan_kmalloc+0x8f/0xa0 [ 447.651061][T11101] ? xsk_init_queue+0xad/0x100 [ 447.655872][T11101] ? xsk_setsockopt+0x4e5/0x760 [ 447.661538][T11101] ? do_sock_setsockopt+0x175/0x1a0 [ 447.666771][T11101] ? __x64_sys_setsockopt+0x182/0x200 [ 447.672197][T11101] __vmalloc_node_range+0x126/0x1330 [ 447.677558][T11101] ? free_vm_area+0x50/0x50 [ 447.682116][T11101] vmalloc_user+0x74/0x80 [ 447.686503][T11101] ? xskq_create+0xbf/0x170 [ 447.691045][T11101] xskq_create+0xbf/0x170 [ 447.695412][T11101] xsk_init_queue+0xad/0x100 [ 447.700065][T11101] xsk_setsockopt+0x4e5/0x760 [ 447.704781][T11101] ? xsk_poll+0x680/0x680 [ 447.709153][T11101] ? __fget_files+0x28/0x4b0 [ 447.713798][T11101] ? __fget_files+0x28/0x4b0 [ 447.718429][T11101] ? aa_sock_opt_perm+0x74/0x100 [ 447.723404][T11101] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 447.729004][T11101] ? security_socket_setsockopt+0x7e/0xa0 [ 447.734766][T11101] ? xsk_poll+0x680/0x680 [ 447.739131][T11101] do_sock_setsockopt+0x175/0x1a0 [ 447.744557][T11101] ? __fdget+0x180/0x210 [ 447.748847][T11101] __x64_sys_setsockopt+0x182/0x200 [ 447.754090][T11101] do_syscall_64+0x55/0xb0 [ 447.758568][T11101] ? clear_bhb_loop+0x40/0x90 [ 447.763275][T11101] ? clear_bhb_loop+0x40/0x90 [ 447.767991][T11101] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 447.773946][T11101] RIP: 0033:0x7fc41219ce59 [ 447.778396][T11101] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 447.798044][T11101] RSP: 002b:00007fc413072028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 447.806513][T11101] RAX: ffffffffffffffda RBX: 00007fc412415fa0 RCX: 00007fc41219ce59 [ 447.814513][T11101] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005 [ 447.822530][T11101] RBP: 00007fc412232d6f R08: 0000000000000004 R09: 0000000000000000 [ 447.830541][T11101] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 447.838549][T11101] R13: 00007fc412416038 R14: 00007fc412415fa0 R15: 00007ffebf2dcc88 [ 447.846593][T11101] [ 447.900197][T11105] netlink: 'syz.1.2205': attribute type 4 has an invalid length. [ 447.913883][T11105] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2205'. [ 447.936244][T11101] Mem-Info: [ 447.939609][T11101] active_anon:6129 inactive_anon:0 isolated_anon:0 [ 447.939609][T11101] active_file:18046 inactive_file:40088 isolated_file:0 [ 447.939609][T11101] unevictable:768 dirty:179 writeback:0 [ 447.939609][T11101] slab_reclaimable:10191 slab_unreclaimable:93295 [ 447.939609][T11101] mapped:23989 shmem:1362 pagetables:553 [ 447.939609][T11101] sec_pagetables:0 bounce:0 [ 447.939609][T11101] kernel_misc_reclaimable:0 [ 447.939609][T11101] free:1347566 free_pcp:9364 free_cma:0 [ 447.989537][T11101] Node 0 active_anon:24516kB inactive_anon:0kB active_file:72184kB inactive_file:160148kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:95956kB dirty:712kB writeback:0kB shmem:3912kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10128kB pagetables:2212kB sec_pagetables:0kB all_unreclaimable? no [ 448.076545][T11101] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 448.111543][T11101] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 448.143227][T11101] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 448.154735][T11101] Node 0 DMA32 free:1473416kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:24576kB inactive_anon:0kB active_file:72184kB inactive_file:159332kB unevictable:1536kB writepending:712kB present:3129332kB managed:2586928kB mlocked:0kB bounce:0kB free_pcp:21292kB local_pcp:1084kB free_cma:0kB [ 448.197080][T11101] lowmem_reserve[]: 0 0 0 0 0 [ 448.202176][T11101] Node 0 Normal free:8kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:816kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 448.355923][T11101] lowmem_reserve[]: 0 0 0 0 0 [ 448.360936][T11101] Node 1 Normal free:3901224kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:16128kB local_pcp:11648kB free_cma:0kB [ 448.403362][T11101] lowmem_reserve[]: 0 0 0 0 0 [ 448.410133][T11101] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 448.427016][T11101] Node 0 DMA32: 1488*4kB (UME) 1445*8kB (UME) 1578*16kB (UME) 1542*32kB (UME) 1561*64kB (UME) 611*128kB (UME) 215*256kB (UM) 103*512kB (UME) 44*1024kB (UM) 23*2048kB (UME) 245*4096kB (UM) = 1473672kB [ 448.452835][T11101] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 448.484532][T11101] Node 1 Normal: 220*4kB (UME) 63*8kB (UME) 42*16kB (UME) 117*32kB (UME) 30*64kB (UE) 12*128kB (UME) 1*256kB (U) 1*512kB (M) 2*1024kB (UE) 1*2048kB (E) 949*4096kB (M) = 3901224kB [ 448.523352][T11101] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 448.539060][T11101] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 448.548887][T11101] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 448.563151][T11101] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 448.575305][T11101] 59495 total pagecache pages [ 448.580046][T11101] 0 pages in swap cache [ 448.589748][T11101] Free swap = 124996kB [ 448.593951][T11101] Total swap = 124996kB [ 448.598606][T11101] 2097051 pages RAM [ 448.602597][T11101] 0 pages HighMem/MovableOnly [ 448.612205][T11101] 416933 pages reserved [ 448.616894][T11101] 0 pages cma reserved [ 449.742970][T11117] @ÿ: renamed from bond_slave_0 (while UP) [ 450.676017][T11124] syzkaller0: entered promiscuous mode [ 454.265064][T11146] net_ratelimit: 104 callbacks suppressed [ 454.265108][T11146] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37 [ 458.302192][T11163] syzkaller0: entered promiscuous mode [ 459.693295][T11193] syz.2.2236[11193] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 459.693668][T11193] syz.2.2236[11193] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 464.922511][T11235] syzkaller0: entered promiscuous mode [ 468.086654][T11258] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.2262'. [ 468.859534][T11286] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.2273'. [ 470.321810][T11305] syzkaller0: entered promiscuous mode [ 473.911606][T11318] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.2283'. [ 474.618385][T11345] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37 [ 477.912704][T11386] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37 [ 481.479843][T11426] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37 [ 485.495990][T11451] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37 [ 487.415574][T11473] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2336'. [ 487.453073][T11473] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 487.487805][T11473] CPU: 0 PID: 11473 Comm: syz.1.2336 Not tainted syzkaller #0 [ 487.495337][T11473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 487.505432][T11473] Call Trace: [ 487.508741][T11473] [ 487.511706][T11473] dump_stack_lvl+0x18c/0x250 [ 487.516430][T11473] ? show_regs_print_info+0x20/0x20 [ 487.521659][T11473] ? load_image+0x420/0x420 [ 487.526213][T11473] sysfs_warn_dup+0x8e/0xa0 [ 487.530782][T11473] sysfs_do_create_link_sd+0xc0/0x110 [ 487.536209][T11473] device_add_class_symlinks+0x1cf/0x240 [ 487.541951][T11473] device_add+0x507/0xc50 [ 487.546341][T11473] wiphy_register+0x1dad/0x2ae0 [ 487.551366][T11473] ? cfg80211_event_work+0x40/0x40 [ 487.556538][T11473] ? minstrel_ht_alloc+0x88a/0x990 [ 487.561800][T11473] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 487.567985][T11473] ieee80211_register_hw+0x3464/0x4250 [ 487.573545][T11473] ? ieee80211_tasklet_handler+0x20/0x20 [ 487.579244][T11473] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 487.585254][T11473] ? __debug_object_init+0xec/0x450 [ 487.590531][T11473] ? __asan_memset+0x22/0x40 [ 487.595168][T11473] ? __hrtimer_init+0x186/0x270 [ 487.600058][T11473] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 487.605876][T11473] ? mac80211_hwsim_free+0x220/0x220 [ 487.611198][T11473] ? rcu_is_watching+0x15/0xb0 [ 487.615998][T11473] ? kstrndup+0xbd/0x140 [ 487.620289][T11473] hwsim_new_radio_nl+0xdc9/0x1a90 [ 487.625443][T11473] ? __nla_validate+0x50/0x50 [ 487.630171][T11473] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 487.636562][T11473] ? __nla_parse+0x40/0x50 [ 487.641019][T11473] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 487.647483][T11473] genl_family_rcv_msg_doit+0x211/0x310 [ 487.653070][T11473] ? end_current_label_crit_section+0x170/0x170 [ 487.659354][T11473] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 487.665315][T11473] ? bpf_lsm_capable+0x9/0x10 [ 487.670031][T11473] ? security_capable+0x89/0xb0 [ 487.674929][T11473] genl_rcv_msg+0x619/0x7a0 [ 487.679496][T11473] ? genl_bind+0x360/0x360 [ 487.683968][T11473] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 487.690368][T11473] netlink_rcv_skb+0x241/0x4d0 [ 487.695179][T11473] ? genl_bind+0x360/0x360 [ 487.699641][T11473] ? netlink_ack+0x1180/0x1180 [ 487.704460][T11473] ? __lock_acquire+0x7d40/0x7d40 [ 487.709550][T11473] ? down_read+0x1ac/0x2e0 [ 487.714009][T11473] genl_rcv+0x28/0x40 [ 487.718026][T11473] netlink_unicast+0x751/0x8d0 [ 487.722837][T11473] netlink_sendmsg+0x8d0/0xbf0 [ 487.727659][T11473] ? netlink_getsockopt+0x590/0x590 [ 487.732908][T11473] ? aa_sock_msg_perm+0x94/0x150 [ 487.737895][T11473] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 487.743215][T11473] ? security_socket_sendmsg+0x80/0xa0 [ 487.748719][T11473] ? netlink_getsockopt+0x590/0x590 [ 487.753962][T11473] ____sys_sendmsg+0x5ba/0x960 [ 487.758780][T11473] ? __asan_memset+0x22/0x40 [ 487.763412][T11473] ? __sys_sendmsg_sock+0x30/0x30 [ 487.768472][T11473] ? __import_iovec+0x5f2/0x850 [ 487.773394][T11473] ? import_iovec+0x73/0xa0 [ 487.777936][T11473] ___sys_sendmsg+0x2a6/0x360 [ 487.782656][T11473] ? __sys_sendmsg+0x2a0/0x2a0 [ 487.787519][T11473] __se_sys_sendmsg+0x1c2/0x2b0 [ 487.792411][T11473] ? __x64_sys_sendmsg+0x80/0x80 [ 487.797461][T11473] ? lockdep_hardirqs_on+0x98/0x150 [ 487.802740][T11473] do_syscall_64+0x55/0xb0 [ 487.807203][T11473] ? clear_bhb_loop+0x40/0x90 [ 487.812000][T11473] ? clear_bhb_loop+0x40/0x90 [ 487.816707][T11473] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 487.822663][T11473] RIP: 0033:0x7f5460d9ce59 [ 487.827124][T11473] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 487.846775][T11473] RSP: 002b:00007f5461ca9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 487.855314][T11473] RAX: ffffffffffffffda RBX: 00007f5461015fa0 RCX: 00007f5460d9ce59 [ 487.863321][T11473] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 487.871326][T11473] RBP: 00007f5460e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 487.879323][T11473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 487.887319][T11473] R13: 00007f5461016038 R14: 00007f5461015fa0 R15: 00007ffc87a82078 [ 487.895340][T11473] [ 489.180796][T11483] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37 [ 489.477971][T11491] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2345'. [ 495.941362][T11601] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2383'. [ 497.509394][ T51] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4 [ 501.799691][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.822161][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.194036][T11738] syzkaller0: entered promiscuous mode [ 503.233749][T11738] syzkaller0: entered allmulticast mode [ 505.671399][T11765] netlink: 'syz.1.2457': attribute type 21 has an invalid length. [ 505.686669][T11765] netlink: 'syz.1.2457': attribute type 10 has an invalid length. [ 505.700104][T11765] netlink: 'syz.1.2457': attribute type 12 has an invalid length. [ 505.708163][T11765] netlink: 'syz.1.2457': attribute type 13 has an invalid length. [ 505.719602][T11765] netlink: 'syz.1.2457': attribute type 14 has an invalid length. [ 505.727910][T11765] netlink: 'syz.1.2457': attribute type 15 has an invalid length. [ 505.737305][T11765] netlink: 'syz.1.2457': attribute type 16 has an invalid length. [ 505.747014][T11765] netlink: 'syz.1.2457': attribute type 19 has an invalid length. [ 505.757836][T11765] netlink: 'syz.1.2457': attribute type 21 has an invalid length. [ 505.767531][T11765] netlink: 'syz.1.2457': attribute type 22 has an invalid length. [ 505.778292][T11765] netlink: 12226 bytes leftover after parsing attributes in process `syz.1.2457'. [ 510.868828][T11809] netlink: 'syz.3.2475': attribute type 21 has an invalid length. [ 510.881145][T11809] netlink: 'syz.3.2475': attribute type 10 has an invalid length. [ 510.892130][T11809] netlink: 'syz.3.2475': attribute type 12 has an invalid length. [ 510.906478][T11809] netlink: 'syz.3.2475': attribute type 13 has an invalid length. [ 510.914372][T11809] netlink: 'syz.3.2475': attribute type 14 has an invalid length. [ 510.925349][T11809] netlink: 'syz.3.2475': attribute type 15 has an invalid length. [ 510.934347][T11809] netlink: 'syz.3.2475': attribute type 16 has an invalid length. [ 510.964964][T11809] netlink: 'syz.3.2475': attribute type 19 has an invalid length. [ 510.973034][T11809] netlink: 'syz.3.2475': attribute type 21 has an invalid length. [ 510.999872][T11809] netlink: 'syz.3.2475': attribute type 22 has an invalid length. [ 511.025087][T11809] netlink: 12226 bytes leftover after parsing attributes in process `syz.3.2475'. [ 513.092018][T11850] netlink: 12226 bytes leftover after parsing attributes in process `syz.2.2491'. [ 515.167039][ T51] Bluetooth: hci3: unexpected subevent 0x06 length: 150 > 10 [ 515.176595][ T51] Bluetooth: min 0 < 6 [ 516.993085][T11878] validate_nla: 10 callbacks suppressed [ 516.993104][T11878] netlink: 'syz.0.2505': attribute type 21 has an invalid length. [ 517.071302][T11878] netlink: 'syz.0.2505': attribute type 10 has an invalid length. [ 517.119712][T11878] netlink: 'syz.0.2505': attribute type 12 has an invalid length. [ 517.128176][T11878] netlink: 'syz.0.2505': attribute type 13 has an invalid length. [ 517.139592][T11878] netlink: 'syz.0.2505': attribute type 14 has an invalid length. [ 517.152657][T11878] netlink: 'syz.0.2505': attribute type 15 has an invalid length. [ 517.166792][T11878] netlink: 'syz.0.2505': attribute type 16 has an invalid length. [ 517.176906][T11878] netlink: 'syz.0.2505': attribute type 19 has an invalid length. [ 517.190724][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 517.191194][T11878] netlink: 'syz.0.2505': attribute type 21 has an invalid length. [ 517.211424][T11878] netlink: 'syz.0.2505': attribute type 22 has an invalid length. [ 517.219824][T11878] netlink: 12226 bytes leftover after parsing attributes in process `syz.0.2505'. [ 521.534193][ T51] Bluetooth: hci1: unexpected subevent 0x06 length: 150 > 10 [ 523.080983][T11938] netlink: 'syz.0.2528': attribute type 2 has an invalid length. [ 523.123360][T11938] netlink: 'syz.0.2528': attribute type 1 has an invalid length. [ 523.152712][T11938] netlink: 198036 bytes leftover after parsing attributes in process `syz.0.2528'. [ 523.587521][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 523.693664][ T51] Bluetooth: hci2: unexpected subevent 0x06 length: 150 > 10 [ 525.744836][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 526.330723][ T51] Bluetooth: hci0: unexpected subevent 0x06 length: 150 > 10 [ 526.338336][ T51] Bluetooth: min 0 < 6 [ 528.392126][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 528.940136][ T51] Bluetooth: hci2: unexpected subevent 0x06 length: 150 > 10 [ 530.589911][T11998] netlink: 'syz.3.2553': attribute type 10 has an invalid length. [ 530.619327][T11998] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2553'. [ 530.652624][T11998] batman_adv: batadv0: Adding interface: veth0_vlan [ 530.665428][T11998] batman_adv: batadv0: Interface activated: veth0_vlan [ 531.026098][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 532.211706][T12033] netlink: 'syz.1.2569': attribute type 10 has an invalid length. [ 532.225071][T12033] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2569'. [ 532.297071][T12033] batman_adv: batadv0: Adding interface: veth0_vlan [ 532.319216][T12033] batman_adv: batadv0: Interface activated: veth0_vlan [ 534.162900][T12059] netlink: 'syz.2.2580': attribute type 2 has an invalid length. [ 534.171604][T12059] netlink: 'syz.2.2580': attribute type 1 has an invalid length. [ 534.181214][T12059] netlink: 198036 bytes leftover after parsing attributes in process `syz.2.2580'. [ 534.937124][T12063] netlink: 'syz.2.2582': attribute type 10 has an invalid length. [ 534.975707][T12063] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2582'. [ 535.015206][T12063] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 535.227334][T12071] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2586'. [ 535.241426][T12068] syzkaller0: entered promiscuous mode [ 535.254914][T12068] syzkaller0: entered allmulticast mode [ 538.191000][T12090] netlink: 'syz.2.2592': attribute type 1 has an invalid length. [ 538.199494][T12090] netlink: 'syz.2.2592': attribute type 4 has an invalid length. [ 538.207960][T12090] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.2592'. [ 538.318115][T12097] netlink: 'syz.0.2595': attribute type 10 has an invalid length. [ 538.335047][T12097] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2595'. [ 538.370908][T12097] batman_adv: batadv0: Adding interface: veth0_vlan [ 538.389968][T12097] batman_adv: batadv0: The MTU of interface veth0_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 538.393861][T12102] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2598'. [ 538.423897][T12097] batman_adv: batadv0: Interface activated: veth0_vlan [ 540.217899][T12135] netlink: 'syz.2.2610': attribute type 10 has an invalid length. [ 540.244990][T12135] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2610'. [ 540.276493][T12135] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 540.464599][T12139] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2611'. [ 540.478779][T12143] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.2613'. [ 543.668456][T12223] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.2650'. [ 544.464842][ T51] Bluetooth: hci0: Opcode 0x206a failed: -110 [ 544.471482][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 545.186271][ T51] Bluetooth: hci1: command 0x206a tx timeout [ 545.192575][T12178] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 545.480092][T12268] netlink: 'syz.0.2677': attribute type 6 has an invalid length. [ 545.500580][T12268] netlink: 212824 bytes leftover after parsing attributes in process `syz.0.2677'. [ 545.904817][T12178] Bluetooth: hci2: command 0x0406 tx timeout [ 545.918675][ T5787] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 546.158682][ T5787] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 547.320343][T12319] syzkaller0: entered promiscuous mode [ 547.341429][T12319] syzkaller0: entered allmulticast mode [ 547.884191][T12332] netlink: 'syz.3.2698': attribute type 6 has an invalid length. [ 547.893790][T12332] netlink: 212824 bytes leftover after parsing attributes in process `syz.3.2698'. [ 548.355538][ T5787] Bluetooth: Frame is too long (len 149, expected len 4) [ 548.564640][T12340] netlink: 'syz.3.2703': attribute type 33 has an invalid length. [ 548.584857][T12340] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2703'. [ 549.156970][T12357] syzkaller0: entered promiscuous mode [ 549.162537][T12357] syzkaller0: entered allmulticast mode [ 549.450687][ T5787] Bluetooth: Frame is too long (len 149, expected len 4) [ 550.477133][T12394] syzkaller0: entered promiscuous mode [ 550.483545][T12394] syzkaller0: entered allmulticast mode [ 550.707890][ T5787] Bluetooth: Frame is too long (len 149, expected len 4) [ 554.314489][ T5787] Bluetooth: Frame is too long (len 149, expected len 4) [ 554.564403][T12439] netlink: 'syz.2.2740': attribute type 33 has an invalid length. [ 554.583925][T12439] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2740'. [ 555.689121][T12472] netlink: 'syz.0.2755': attribute type 33 has an invalid length. [ 555.751122][T12472] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2755'. [ 559.456081][T12538] netlink: 'syz.2.2781': attribute type 29 has an invalid length. [ 559.483080][T12538] netlink: 'syz.2.2781': attribute type 29 has an invalid length. [ 559.512498][T12541] netlink: 'syz.2.2781': attribute type 29 has an invalid length. [ 563.201784][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.212865][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 567.086941][T12612] netlink: 'syz.0.2803': attribute type 29 has an invalid length. [ 567.115651][T12612] netlink: 'syz.0.2803': attribute type 29 has an invalid length. [ 567.129410][T12614] netlink: 'syz.0.2803': attribute type 29 has an invalid length. [ 568.710395][T12634] syzkaller0: entered promiscuous mode [ 568.744903][T12634] syzkaller0: entered allmulticast mode [ 568.900942][T12640] netlink: 'syz.3.2814': attribute type 29 has an invalid length. [ 573.621686][T12640] netlink: 'syz.3.2814': attribute type 29 has an invalid length. [ 580.728817][T12733] netlink: 'syz.1.2847': attribute type 10 has an invalid length. [ 581.705944][T12746] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.2855'. [ 581.728774][T12743] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.2853'. [ 585.787865][T12770] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.2865'. [ 587.013829][T12794] netlink: 'syz.2.2875': attribute type 10 has an invalid length. [ 587.722172][T12794] team0: Device vxcan1 is of different type [ 587.736623][T12796] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.2876'. [ 589.295609][ T5787] Bluetooth: hci2: unexpected event 0x08 length: 151 > 4 [ 591.340891][ T5787] Bluetooth: hci3: unexpected event 0x08 length: 151 > 4 [ 593.497085][T12874] syzkaller0: entered promiscuous mode [ 593.517846][T12874] syzkaller0: entered allmulticast mode [ 593.529842][T12874] PF_CAN: dropped non conform CAN skbuff: dev type 280, len 65487 [ 599.469777][T12958] netlink: 'syz.1.2943': attribute type 29 has an invalid length. [ 599.575229][T12958] netlink: 'syz.1.2943': attribute type 29 has an invalid length. [ 599.865388][T12963] netlink: 'syz.1.2943': attribute type 29 has an invalid length. [ 599.925063][T12965] netlink: 'syz.1.2943': attribute type 29 has an invalid length. [ 599.944266][T12967] netlink: 'syz.1.2943': attribute type 29 has an invalid length. [ 600.040685][T12958] netlink: 'syz.1.2943': attribute type 29 has an invalid length. [ 601.703817][T13015] netlink: 'syz.0.2966': attribute type 29 has an invalid length. [ 601.716207][T13015] netlink: 'syz.0.2966': attribute type 29 has an invalid length. [ 601.731519][T13015] netlink: 'syz.0.2966': attribute type 29 has an invalid length. [ 601.744409][T13015] netlink: 'syz.0.2966': attribute type 29 has an invalid length. [ 604.768150][ T5787] Bluetooth: hci1: unexpected event 0x07 length: 15 < 255 [ 605.276884][T13119] __sock_release: fasync list not empty! [ 605.429195][ T5787] Bluetooth: hci3: unexpected event 0x07 length: 15 < 255 [ 607.318425][ T5787] Bluetooth: hci2: unexpected event 0x07 length: 15 < 255 [ 607.665506][T13178] syzkaller0: entered promiscuous mode [ 607.672244][T13178] syzkaller0: entered allmulticast mode [ 611.600200][T13236] syzkaller0: entered promiscuous mode [ 611.605938][T13236] syzkaller0: entered allmulticast mode [ 612.326365][T13257] -: renamed from syzkaller0 [ 612.670829][T13270] __sock_release: fasync list not empty! [ 617.788659][T13399] __sock_release: fasync list not empty! [ 621.043876][T13445] netlink: 830 bytes leftover after parsing attributes in process `syz.2.3153'. [ 623.956949][T13484] validate_nla: 8 callbacks suppressed [ 623.956968][T13484] netlink: 'syz.1.3170': attribute type 21 has an invalid length. [ 623.992176][T13484] netlink: 'syz.1.3170': attribute type 16 has an invalid length. [ 624.000985][T13484] netlink: 14536 bytes leftover after parsing attributes in process `syz.1.3170'. [ 624.236895][T13488] netlink: 830 bytes leftover after parsing attributes in process `syz.1.3180'. [ 624.460365][T13496] netlink: 830 bytes leftover after parsing attributes in process `syz.0.3183'. [ 624.631404][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.639772][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.044876][T13503] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.3177'. [ 626.388786][T13528] netlink: 830 bytes leftover after parsing attributes in process `syz.3.3188'. [ 626.539692][T13533] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3191'. [ 626.584271][T13537] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.3200'. [ 627.248864][T13562] netlink: 'syz.3.3203': attribute type 21 has an invalid length. [ 627.257905][T13562] netlink: 'syz.3.3203': attribute type 16 has an invalid length. [ 627.267029][T13562] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.3203'. [ 627.491880][T13568] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.3205'. [ 630.916057][T13616] syzkaller0: entered promiscuous mode [ 635.127350][T13656] netlink: 184 bytes leftover after parsing attributes in process `syz.0.3241'. [ 646.643971][T13737] syzkaller0: entered promiscuous mode [ 647.021634][T13744] syz.2.3277 (13744) used greatest stack depth: 18760 bytes left [ 660.625595][T13877] syzkaller0: entered promiscuous mode [ 660.631154][T13877] syzkaller0: entered allmulticast mode [ 661.069190][T13890] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.3347'. [ 663.811095][T13956] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.3367'. [ 665.726537][ T5787] Bluetooth: hci3: unexpected event 0x03 length: 15 > 11 [ 665.783035][T13991] ================================================================== [ 665.798317][T13991] BUG: KASAN: slab-out-of-bounds in __bpf_get_stackid+0x6bf/0x900 [ 665.806197][T13991] Write of size 32 at addr ffff88802c138d90 by task syz.0.3383/13991 [ 665.814266][T13991] [ 665.816688][T13991] CPU: 0 PID: 13991 Comm: syz.0.3383 Not tainted syzkaller #0 [ 665.824498][T13991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 665.834647][T13991] Call Trace: [ 665.837936][T13991] [ 665.840891][T13991] dump_stack_lvl+0x18c/0x250 [ 665.845888][T13991] ? __lock_acquire+0x7d40/0x7d40 [ 665.850937][T13991] ? show_regs_print_info+0x20/0x20 [ 665.856159][T13991] ? load_image+0x420/0x420 [ 665.860779][T13991] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 665.866367][T13991] ? __virt_addr_valid+0x18c/0x540 [ 665.871553][T13991] ? __virt_addr_valid+0x469/0x540 [ 665.876694][T13991] print_report+0xa8/0x210 [ 665.881224][T13991] ? __bpf_get_stackid+0x6bf/0x900 [ 665.886365][T13991] kasan_report+0x117/0x150 [ 665.891121][T13991] ? __bpf_get_stackid+0x6bf/0x900 [ 665.896305][T13991] kasan_check_range+0x241/0x290 [ 665.901258][T13991] ? __bpf_get_stackid+0x6bf/0x900 [ 665.906383][T13991] __asan_memcpy+0x40/0x70 [ 665.910827][T13991] __bpf_get_stackid+0x6bf/0x900 [ 665.915867][T13991] bpf_get_stackid_pe+0x2f0/0x410 [ 665.920916][T13991] bpf_prog_dc8122861f23e86a+0x33/0x43 [ 665.926388][T13991] bpf_overflow_handler+0x1fc/0x510 [ 665.931607][T13991] ? bpf_overflow_handler+0xde/0x510 [ 665.936993][T13991] ? tp_perf_event_destroy+0x20/0x20 [ 665.942489][T13991] ? __lock_acquire+0x1273/0x7d40 [ 665.947547][T13991] ? __perf_event_account_interrupt+0x187/0x280 [ 665.953830][T13991] __perf_event_overflow+0x447/0x630 [ 665.959143][T13991] perf_swevent_overflow+0x268/0x340 [ 665.964447][T13991] ? perf_event_switch_output+0x790/0x790 [ 665.970202][T13991] ? rcu_is_watching+0x15/0xb0 [ 665.974986][T13991] perf_swevent_event+0x45c/0x570 [ 665.980020][T13991] ? perf_tp_event+0x1520/0x1520 [ 665.984968][T13991] ___perf_sw_event+0x4a7/0x730 [ 665.989828][T13991] ? ___perf_sw_event+0x199/0x730 [ 665.994887][T13991] ? perf_swevent_put_recursion_context+0xb0/0xb0 [ 666.001329][T13991] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 666.007322][T13991] ? lock_chain_count+0x20/0x20 [ 666.012272][T13991] __perf_sw_event+0x139/0x270 [ 666.017052][T13991] do_user_addr_fault+0x123e/0x12c0 [ 666.022262][T13991] ? rcu_is_watching+0x15/0xb0 [ 666.027124][T13991] exc_page_fault+0x64/0x100 [ 666.031728][T13991] ? clear_bhb_loop+0x40/0x90 [ 666.036444][T13991] asm_exc_page_fault+0x26/0x30 [ 666.041316][T13991] RIP: 0033:0x7ffeb894ea21 [ 666.045738][T13991] Code: 48 89 c2 eb a7 4c 29 d2 48 0f ba e2 3e 0f 82 ad 00 00 00 48 bf ff ff ff ff ff ff ff 7f 48 21 fa 49 0f af d1 48 01 c2 48 d3 ea <48> 89 55 c0 31 c0 48 81 fa 00 ca 9a 3b 72 1c 31 c9 48 81 c2 00 36 [ 666.065355][T13991] RSP: 002b:00007f0d434f8ff0 EFLAGS: 00010202 [ 666.071433][T13991] RAX: 002ca6b33efd7836 RBX: 00007ffeb894a0b0 RCX: 0000000000000018 [ 666.079462][T13991] RDX: 000000002d33854a RSI: 00007f0d434f90b0 RDI: 7fffffffffffffff [ 666.087530][T13991] RBP: 00007f0d434f9030 R08: 0000000000000299 R09: 0000000000745d1e [ 666.095518][T13991] R10: 000001573b576b34 R11: 00000000000202b0 R12: 0000000000000010 [ 666.103513][T13991] R13: 00007f0d42816038 R14: 00007ffeb894a080 R15: 00000000000202b0 [ 666.111499][T13991] [ 666.114551][T13991] [ 666.116880][T13991] Allocated by task 13991: [ 666.121362][T13991] kasan_set_track+0x4e/0x70 [ 666.126126][T13991] __kasan_kmalloc+0x8f/0xa0 [ 666.130740][T13991] __kmalloc_node+0xb4/0x230 [ 666.135364][T13991] bpf_map_area_alloc+0x5e/0x110 [ 666.140323][T13991] prealloc_elems_and_freelist+0x86/0x1c0 [ 666.146057][T13991] stack_map_alloc+0x33a/0x4c0 [ 666.150837][T13991] map_create+0x877/0x12f0 [ 666.155438][T13991] __sys_bpf+0x651/0x890 [ 666.159784][T13991] __x64_sys_bpf+0x7c/0x90 [ 666.164204][T13991] do_syscall_64+0x55/0xb0 [ 666.168738][T13991] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 666.174666][T13991] [ 666.177154][T13991] The buggy address belongs to the object at ffff88802c138d80 [ 666.177154][T13991] which belongs to the cache kmalloc-cg-64 of size 64 [ 666.191574][T13991] The buggy address is located 16 bytes inside of [ 666.191574][T13991] allocated 40-byte region [ffff88802c138d80, ffff88802c138da8) [ 666.205990][T13991] [ 666.208392][T13991] The buggy address belongs to the physical page: [ 666.214858][T13991] page:ffffea0000b04e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2c138 [ 666.225289][T13991] memcg:ffff88807d118401 [ 666.229618][T13991] anon flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff) [ 666.237600][T13991] page_type: 0xffffffff() [ 666.241949][T13991] raw: 00fff00000000800 ffff888017c4da00 ffffea000092f280 dead000000000005 [ 666.250537][T13991] raw: 0000000000000000 0000000080200020 00000001ffffffff ffff88807d118401 [ 666.259294][T13991] page dumped because: kasan: bad access detected [ 666.265711][T13991] page_owner tracks the page as allocated [ 666.271478][T13991] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 5785, tgid 5785 (syz-executor), ts 81368165317, free_ts 81367461810 [ 666.289896][T13991] post_alloc_hook+0x1c1/0x200 [ 666.294773][T13991] get_page_from_freelist+0x1951/0x19e0 [ 666.300329][T13991] __alloc_pages+0x1f0/0x460 [ 666.304933][T13991] alloc_slab_page+0x5d/0x160 [ 666.309641][T13991] new_slab+0x87/0x2d0 [ 666.313736][T13991] ___slab_alloc+0xc5d/0x12f0 [ 666.318428][T13991] __kmem_cache_alloc_node+0x19e/0x250 [ 666.323901][T13991] __kmalloc_node+0xa4/0x230 [ 666.328504][T13991] kvmalloc_node+0x70/0x180 [ 666.333016][T13991] nf_hook_entries_grow+0x27d/0x6d0 [ 666.338320][T13991] nf_hook_entries_insert_raw+0x4b/0x300 [ 666.343987][T13991] nf_nat_register_fn+0x1d0/0x580 [ 666.349141][T13991] ip6table_nat_table_init+0x14f/0x2d0 [ 666.354767][T13991] xt_find_table_lock+0x306/0x3e0 [ 666.359877][T13991] xt_request_find_table_lock+0x26/0x100 [ 666.365639][T13991] do_ip6t_get_ctl+0x717/0x1210 [ 666.370520][T13991] page last free stack trace: [ 666.375196][T13991] free_unref_page_prepare+0x7b2/0x8c0 [ 666.380879][T13991] free_unref_page+0x32/0x2e0 [ 666.385579][T13991] vfree+0x1a6/0x320 [ 666.389480][T13991] do_ip6t_get_ctl+0xf21/0x1210 [ 666.394340][T13991] nf_getsockopt+0x262/0x280 [ 666.398959][T13991] ipv6_getsockopt+0x226/0x2e0 [ 666.403837][T13991] do_sock_getsockopt+0x379/0x450 [ 666.408985][T13991] __x64_sys_getsockopt+0x1d6/0x280 [ 666.414193][T13991] do_syscall_64+0x55/0xb0 [ 666.418624][T13991] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 666.424528][T13991] [ 666.426854][T13991] Memory state around the buggy address: [ 666.432487][T13991] ffff88802c138c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 666.440554][T13991] ffff88802c138d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 666.448792][T13991] >ffff88802c138d80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 666.456859][T13991] ^ [ 666.462230][T13991] ffff88802c138e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 666.470296][T13991] ffff88802c138e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 666.478355][T13991] ================================================================== [ 666.486417][T13991] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 666.493647][T13991] CPU: 0 PID: 13991 Comm: syz.0.3383 Not tainted syzkaller #0 [ 666.501127][T13991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 666.511197][T13991] Call Trace: [ 666.514492][T13991] [ 666.517432][T13991] dump_stack_lvl+0x18c/0x250 [ 666.522129][T13991] ? show_regs_print_info+0x20/0x20 [ 666.527424][T13991] ? load_image+0x420/0x420 [ 666.531950][T13991] panic+0x2dc/0x730 [ 666.535882][T13991] ? __lock_acquire+0x7d40/0x7d40 [ 666.540924][T13991] ? bpf_jit_dump+0xd0/0xd0 [ 666.545530][T13991] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 666.551443][T13991] ? _raw_spin_unlock+0x40/0x40 [ 666.556305][T13991] ? __bpf_get_stackid+0x6bf/0x900 [ 666.561426][T13991] check_panic_on_warn+0x84/0xa0 [ 666.566392][T13991] ? __bpf_get_stackid+0x6bf/0x900 [ 666.571683][T13991] end_report+0x6f/0x130 [ 666.575946][T13991] kasan_report+0x128/0x150 [ 666.580471][T13991] ? __bpf_get_stackid+0x6bf/0x900 [ 666.585625][T13991] kasan_check_range+0x241/0x290 [ 666.590570][T13991] ? __bpf_get_stackid+0x6bf/0x900 [ 666.595691][T13991] __asan_memcpy+0x40/0x70 [ 666.600118][T13991] __bpf_get_stackid+0x6bf/0x900 [ 666.605067][T13991] bpf_get_stackid_pe+0x2f0/0x410 [ 666.610121][T13991] bpf_prog_dc8122861f23e86a+0x33/0x43 [ 666.615590][T13991] bpf_overflow_handler+0x1fc/0x510 [ 666.620826][T13991] ? bpf_overflow_handler+0xde/0x510 [ 666.626144][T13991] ? tp_perf_event_destroy+0x20/0x20 [ 666.631451][T13991] ? __lock_acquire+0x1273/0x7d40 [ 666.636492][T13991] ? __perf_event_account_interrupt+0x187/0x280 [ 666.642829][T13991] __perf_event_overflow+0x447/0x630 [ 666.648334][T13991] perf_swevent_overflow+0x268/0x340 [ 666.653673][T13991] ? perf_event_switch_output+0x790/0x790 [ 666.659609][T13991] ? rcu_is_watching+0x15/0xb0 [ 666.664403][T13991] perf_swevent_event+0x45c/0x570 [ 666.669625][T13991] ? perf_tp_event+0x1520/0x1520 [ 666.674614][T13991] ___perf_sw_event+0x4a7/0x730 [ 666.679566][T13991] ? ___perf_sw_event+0x199/0x730 [ 666.684608][T13991] ? perf_swevent_put_recursion_context+0xb0/0xb0 [ 666.691068][T13991] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 666.697598][T13991] ? lock_chain_count+0x20/0x20 [ 666.702632][T13991] __perf_sw_event+0x139/0x270 [ 666.707787][T13991] do_user_addr_fault+0x123e/0x12c0 [ 666.713131][T13991] ? rcu_is_watching+0x15/0xb0 [ 666.718106][T13991] exc_page_fault+0x64/0x100 [ 666.722719][T13991] ? clear_bhb_loop+0x40/0x90 [ 666.727577][T13991] asm_exc_page_fault+0x26/0x30 [ 666.732443][T13991] RIP: 0033:0x7ffeb894ea21 [ 666.736862][T13991] Code: 48 89 c2 eb a7 4c 29 d2 48 0f ba e2 3e 0f 82 ad 00 00 00 48 bf ff ff ff ff ff ff ff 7f 48 21 fa 49 0f af d1 48 01 c2 48 d3 ea <48> 89 55 c0 31 c0 48 81 fa 00 ca 9a 3b 72 1c 31 c9 48 81 c2 00 36 [ 666.756477][T13991] RSP: 002b:00007f0d434f8ff0 EFLAGS: 00010202 [ 666.762726][T13991] RAX: 002ca6b33efd7836 RBX: 00007ffeb894a0b0 RCX: 0000000000000018 [ 666.770828][T13991] RDX: 000000002d33854a RSI: 00007f0d434f90b0 RDI: 7fffffffffffffff [ 666.778819][T13991] RBP: 00007f0d434f9030 R08: 0000000000000299 R09: 0000000000745d1e [ 666.787509][T13991] R10: 000001573b576b34 R11: 00000000000202b0 R12: 0000000000000010 [ 666.795599][T13991] R13: 00007f0d42816038 R14: 00007ffeb894a080 R15: 00000000000202b0 [ 666.803602][T13991] [ 666.806797][T13991] Kernel Offset: disabled [ 666.811117][T13991] Rebooting in 86400 seconds..