last executing test programs: 5.401471214s ago: executing program 0 (id=43006): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x806, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x1e, 0x1, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) sendmsg$sock(0xffffffffffffffff, 0x0, 0x20000000) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a80)=@base={0x11, 0x4, 0x4, 0x2}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0xc, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r1, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 5.313937119s ago: executing program 4 (id=43007): r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2ba, 0x0, 0x4000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001240)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) close(r2) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1a1102, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110e22fff3) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="bc00"], 0x50) ioctl$TUNGETVNETLE(r2, 0x40047451, &(0x7f0000000180)) 2.278807957s ago: executing program 3 (id=43012): write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x12) openat$tun(0xffffffffffffff9c, 0x0, 0x14000, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f00000001c0)='cgroup.clone_children\x00', 0x2, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000080), &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x13, &(0x7f0000000100), 0x0, 0x10, &(0x7f0000000140), &(0x7f0000000200), 0x8, 0xf8, 0x8, 0x8, &(0x7f0000000240)}}, 0x10) write$cgroup_int(r2, &(0x7f0000000180), 0x12) mkdirat$cgroup(r1, &(0x7f0000000440)='syz1\x00', 0x1ff) 2.264196458s ago: executing program 0 (id=43013): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffc}, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x11, 0x200000000000002, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0x12, &(0x7f00000008c0)=r3, 0x4) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) r4 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r4, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60) 2.22121212s ago: executing program 4 (id=43014): r0 = perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0xfd, 0x0, 0xffffffffffffffff, 0x8000, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xf50a43945a8ef38c}, 0x408, 0x800000000000ca, 0x0, 0x9, 0xfffffffffffffffc}, 0x0, 0x2, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x99, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, r0, 0x0) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x2, &(0x7f0000000200)=ANY=[@ANYBLOB="85000006c8"], 0x0, 0xffffffff, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, 0x0, r3}, 0x94) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0xa, 0x4, 0x2}, 0x48) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) write$cgroup_subtree(r3, &(0x7f0000000200)=ANY=[@ANYRES8=r2, @ANYRES8=r4], 0x12) 2.22016218s ago: executing program 2 (id=43015): close(0xffffffffffffffff) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a000000050000000200000004"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200000100000085000000a000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) 2.110959556s ago: executing program 3 (id=43016): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close(r0) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x5452, &(0x7f00000006c0)='\x02;\xe5\b\x00\x1c\x9c\x00\x00\x00\x00\x00\x00\x91\xecB\xdcZ\xe5\xbd$\x05\x90\xa9\xf3\xc7\xcb\xb7\xf0\xa1;#\x989\xe9\x12\xdf^6T\xdf\xcd\x02\xc5\xb0\xba\x12\'QXp\t\xfc\xf3\x01\x02\xbc\xbf\xc0\xf0\x10\xee\xd3\\yy\xa4\xf9\xe8\x00\xdd\xe97 0_\xe4]W\xf7~\xacVK\xc9t\x9e+:\x85\xef\x94\x0e\x19\x9cV[N.\xeb\x9fJ>\xd9\x99\x88\xd8\xdd\xb8Y\xc3$\xc6\x93\v\x04REY\xf4\xea\xf2\xcd\xcd.\x16\x861\xa1\v\x8d\x8e\x84R\xa6\x83\x84\xc0\x01e\xc3\xc8\xcc?\xc8?\x19\xb2\xa2\xe1\xac<\xe9f\x11\xff3\xc7\x19\x9e\x19\xf5-\xfe\xbd\xae\xbbR\x82\x16\xf9\x15S\x03U\xe0\xd8t\xe3%96') recvmsg(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000500)=""/164, 0xa4}], 0x1}, 0x0) close(r3) 2.05364109s ago: executing program 1 (id=43017): syz_clone(0x200000, 0x0, 0x0, &(0x7f0000000340), 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x28, 0x5, 0x0) sendmsg$inet(r0, &(0x7f0000001000)={0x0, 0x0, 0x0}, 0x40) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) syz_clone(0x8001000, 0x0, 0x0, 0x0, 0x0, 0x0) 1.87813395s ago: executing program 1 (id=43019): r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)}], 0x1}, 0x0) r1 = syz_open_procfs$namespace(0x0, 0x0) ioctl$TUNGETVNETHDRSZ(r1, 0xb701, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x1c0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x9a) r2 = socket$kcm(0x2, 0x1000000000000002, 0x0) sendmsg$inet(r2, &(0x7f0000000b40)={&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000800)="e9", 0x9500}, {&(0x7f00000017c0)="ea0189bdebb0c16d420ee9b95082abd6431cc7afc22c4a6b8adecef68f76bd81a86e89f9c80e5c868a12b09e80ba8c01eb3f4b7be71f9fc2355c336cedc15eb778e3a3b35c3f72629ea4d9ae42cf4c17255815fb8a47aafd8b8ff0c202b4e09f7c42811261b5e113fcce27b4329ccb792df14b7d6dcfaf2cf8dbb51946e89c862e9252731f680ec50326fc16386aeefe654bac24", 0x94}], 0x2, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xd}, @loopback}}}], 0x20}, 0xe900) sendmsg$kcm(r2, &(0x7f0000000240)={&(0x7f0000000380)=@l2tp6={0xa, 0x0, 0x7, @dev={0xfe, 0x80, '\x00', 0x3f}, 0x0, 0x3}, 0x80, 0x0}, 0x20040000) 1.87771399s ago: executing program 2 (id=43020): bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d40)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x98, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffff148, 0x79}, 0xd03, 0x0, 0x7, 0x0, 0x0, 0x6, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0xd6, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0xc}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80) sendmsg$inet(0xffffffffffffffff, &(0x7f0000002780)={0x0, 0x0, 0x0}, 0x0) 1.87747448s ago: executing program 3 (id=43021): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r4}, &(0x7f0000000280), &(0x7f0000000240)=r1}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4) sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 1.87726947s ago: executing program 4 (id=43022): r0 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r1 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[], 0x101d0) sendmsg$kcm(r1, &(0x7f00000001c0)={&(0x7f00000000c0)=@tipc=@name={0x1e, 0x2, 0x3, {{0x41}, 0x5}}, 0x80, 0x0, 0x0, &(0x7f0000000900)=ANY=[], 0x1458}, 0x48800) r2 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43) close(0x3) bpf$PROG_LOAD(0x5, 0x0, 0x0) 1.854963441s ago: executing program 0 (id=43029): r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x8, 0x0, 0x4000003}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001240)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000aecd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad94ed406f21caf5adcf920569c00cc1199684fa75814709fea019af247c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c1faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6fab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b79db2e3d5986c82b5aa94e539b204d58f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c7160ec83070000020000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72b0000000000001cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2cc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78ac02ca3cdf6a662db1c9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad943e392955f4f979ea13201bafedcd2063d11dd665647223c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd89346cfbb5567e54d3504723177d356c4604b7a492ecec37e83efceefd7ca2533659edc8be05cc85451c6a14507434eb54b6f43caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffca9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a294351c5356c1d06c92cf8ce3c7c56cd31121624d74517fd3666277f670e812b28e2f30d035cee5d0e77a3c7220000000000000005a474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f034b8d3ebce68663ef5af469abe75b314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041e12282ce24463aaf28345bd168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f09000000000000004fc4bda3453602004535a976eacd3adaa4d2ee6fe0d072ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d401adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb40f7f02f750d6c977a191852c9ae031db044b2353199546609f9f69a6cfefdf879d447df53f3b9b70d10355b00300000000000000553d18a6cc50feeb7bfad9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f58fab987baab97a9bfbd8f185b5631820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe527340935aa3c0b4f3f45b418a18217747ae442e31560e5b741445ea2a1acee2a81425ff000000d2a0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51423b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f88735fce5115dc83ed73d8ee4a91322608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf5000000000000fa08ad0631c4b839688b22c4da2a6bc4cf45854d221a2d5f96bc64647f15daa2ba79cd0f4254ed55217912ef84bd2927df82fc061aef2920c49b2a90886da75561173fa186cb7ee86dd4285c4721eb428c953296bb2f5d825da54dbef07c1b349b4901e093d13e6b9a0000009b5b22e887bc061d40bcaf0aa18623fd9b7179ccc692ba74b531b65c4decf9d080a8ac7e82d4cde1267aa64b2a94fd87a009e6742c2ddc3a9d7eccbb1831b1fa218277c2814a91cab7cb59c697166d6f1bb1a360470000000000000000000000000000000000000000000000000000f9f9b4ce7e871f507084c8c88e0652decbe579b03ed84ea94597dd1059620a050f69ea03b99b4e19d35f4a3b54e96ae2172effecec80f6baa4bf69a6ebf5392882df78b0983e662dc0cb64b77f3f006b6b25443197ae93f0be6de5a703d003f00720943c0e4b33af00000000000000000021a688b2d7007fcc4b59f719afb0b3b7e0aee306ca70fe42bf4984a68f40e1fc043a03a17e4744359b87dc27c82d51cbeb64e52a28daeb6a78d6fe06181ecc840000"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x138f67536d80380e, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x5, 0x10, 0x0, 0x2}, @union={0x0, 0x1, 0x0, 0x5, 0x1, 0x0, [{0x0, 0x1, 0x8000000}]}]}}, 0x0, 0x42}, 0x28) socket$kcm(0x2, 0x5, 0x84) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000280)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f00000007c0)=ANY=[], 0x6) 1.682682162s ago: executing program 3 (id=43023): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$kcm(0x23, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) close(r0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x100001, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff3, 0x0, @perf_config_ext={0x85, 0xffffffffffffffff}, 0x3212, 0x7, 0x2, 0x2, 0xc, 0x3, 0x2, 0x0, 0x0, 0x0, 0x800000000e48}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f00000004c0)='cpu&\t03\t\t') bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000002feffff720a00fef8ffffff71a4f0ff000000002d030000000000001d400500000000004704000001ed000072030000030000001d44000000000000db0a00fe000000007303000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) r2 = socket$kcm(0xa, 0x2, 0x11) sendmsg$sock(r2, &(0x7f0000000200)={&(0x7f0000000000)=@in6={0xa, 0x4e22, 0x3, @private2, 0xfffffffd}, 0x80, 0x0}, 0x8010) 1.604574946s ago: executing program 4 (id=43024): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x8100, 0x0, 0x0, 0x0, 0x0, 0xd531}, 0x0, 0x0, 0xffffffffffffffff, 0x2) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) syz_clone(0x22023500, 0x0, 0x0, 0x0, 0x0, 0x0) 1.53941853s ago: executing program 1 (id=43025): r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2ba, 0x0, 0x4000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001240)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000aecd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad94ed406f21caf5adcf920569c00cc1199684fa75814709fea019af247c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c1faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6fab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b79db2e3d5986c82b5aa94e539b204d58f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c7160ec83070000020000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72b0000000000001cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2cc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78ac02ca3cdf6a662db1c9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad943e392955f4f979ea13201bafedcd2063d11dd665647223c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd89346cfbb5567e54d3504723177d356c4604b7a492ecec37e83efceefd7ca2533659edc8be05cc85451c6a14507434eb54b6f43caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffca9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a294351c5356c1d06c92cf8ce3c7c56cd31121624d74517fd3666277f670e812b28e2f30d035cee5d0e77a3c7220000000000000005a474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f034b8d3ebce68663ef5af469abe75b314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041e12282ce24463aaf28345bd168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f09000000000000004fc4bda3453602004535a976eacd3adaa4d2ee6fe0d072ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d401adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb40f7f02f750d6c977a191852c9ae031db044b2353199546609f9f69a6cfefdf879d447df53f3b9b70d10355b00300000000000000553d18a6cc50feeb7bfad9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f58fab987baab97a9bfbd8f185b5631820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe527340935aa3c0b4f3f45b418a18217747ae442e31560e5b741445ea2a1acee2a81425ff000000d2a0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51423b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f88735fce5115dc83ed73d8ee4a91322608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf5000000000000fa08ad0631c4b839688b22c4da2a6bc4cf45854d221a2d5f96bc64647f15daa2ba79cd0f4254ed55217912ef84bd2927df82fc061aef2920c49b2a90886da75561173fa186cb7ee86dd4285c4721eb428c953296bb2f5d825da54dbef07c1b349b4901e093d13e6b9a0000009b5b22e887bc061d40bcaf0aa18623fd9b7179ccc692ba74b531b65c4decf9d080a8ac7e82d4cde1267aa64b2a94fd87a009e6742c2ddc3a9d7eccbb1831b1fa218277c2814a91cab7cb59c697166d6f1bb1a360470000000000000000000000000000000000000000000000000000f9f9b4ce7e871f507084c8c88e0652decbe579b03ed84ea94597dd1059620a050f69ea03b99b4e19d35f4a3b54e96ae2172effecec80f6baa4bf69a6ebf5392882df78b0983e662dc0cb64b77f3f006b6b25443197ae93f0be6de5a703d003f00720943c0e4b33af00000000000000000021a688b2d7007fcc4b59f719afb0b3b7e0aee306ca70fe42bf4984a68f40e1fc043a03a17e4744359b87dc27c82d51cbeb64e52a28daeb6a78d6fe06181ecc840000"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) socket$kcm(0xa, 0x3, 0x3a) socket$kcm(0xa, 0x3, 0x3a) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x8020, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r3) recvmsg$unix(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r4, &(0x7f0000000840)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc00043a00005b686158bbcfe8875a060300000022000000000000000000000000ac1414aa"], 0xfdef) 1.501380602s ago: executing program 0 (id=43026): socket$kcm(0x2, 0x1, 0x84) socket$kcm(0x11, 0x3, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x75}]}, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x8, 0x0, 0x4000003}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001240)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000aecd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad94ed406f21caf5adcf920569c00cc1199684fa75814709fea019af247c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c1faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6fab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b79db2e3d5986c82b5aa94e539b204d58f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c7160ec83070000020000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72b0000000000001cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2cc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78ac02ca3cdf6a662db1c9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad943e392955f4f979ea13201bafedcd2063d11dd665647223c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd89346cfbb5567e54d3504723177d356c4604b7a492ecec37e83efceefd7ca2533659edc8be05cc85451c6a14507434eb54b6f43caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffca9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a294351c5356c1d06c92cf8ce3c7c56cd31121624d74517fd3666277f670e812b28e2f30d035cee5d0e77a3c7220000000000000005a474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f034b8d3ebce68663ef5af469abe75b314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041e12282ce24463aaf28345bd168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f09000000000000004fc4bda3453602004535a976eacd3adaa4d2ee6fe0d072ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d401adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb40f7f02f750d6c977a191852c9ae031db044b2353"], &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc) 1.498990382s ago: executing program 2 (id=43027): r0 = socket$kcm(0x11, 0x200000000000002, 0x300) setsockopt$sock_attach_bpf(r0, 0x107, 0x12, &(0x7f00000000c0), 0x8) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x11b008, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x20, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4000, 0x0, 0x0, 0x1, 0x8, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x11, 0x200000000000002, 0x300) setsockopt$sock_attach_bpf(r1, 0x107, 0x8, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r2 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)="5c00000015006b0300224ed86e6c1d000a117ea6e070d6065e22000300000000250002000f00000017d34460bc24eab556a705251e6182949a00003d3b48dfd8cdbf9767b4fa51f62a64c9f4060046d88037e786a6d0a5d700000017", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) 1.266110886s ago: executing program 1 (id=43028): write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x12) openat$tun(0xffffffffffffff9c, 0x0, 0x14000, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f00000001c0)='cgroup.clone_children\x00', 0x2, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000080), &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x13, &(0x7f0000000100), 0x0, 0x10, &(0x7f0000000140), &(0x7f0000000200), 0x8, 0xf8, 0x8, 0x8, &(0x7f0000000240)}}, 0x10) write$cgroup_int(r2, &(0x7f0000000180), 0x12) mkdirat$cgroup(r1, &(0x7f0000000440)='syz1\x00', 0x1ff) 1.265761746s ago: executing program 3 (id=43030): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa88"], 0xfdef) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) bpf$ENABLE_STATS(0x20, &(0x7f0000000040), 0x4) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x20, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4000, 0x0, 0x0, 0x1, 0x8, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce220010"], 0xcfa4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040033, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) write$cgroup_devices(0xffffffffffffffff, 0x0, 0xfffffeff) 1.250589407s ago: executing program 2 (id=43031): perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}, 0x8596, 0x0, 0x20000, 0x8, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0xf9b, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000011540)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004070000000800000500000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4dd4f204e345c65c26e278ef5b915395b19284a1a4bc72fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd255985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340bdc8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d6acabd38a817bcd222614d1f62734d679039a97d2b74f9e8e997ccd314000f7477137f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69c584146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8c7049f798abe646f738bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736c819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480efd8329d9a733d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c50008a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69239500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047acd083d3cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed1823cb7dde8212a8531bd9691dd4cc6a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a903375dfb663a8d8ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181070000005e235cd302f3b4071ee5237ada986b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8504000000000000004fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8fabea9930952f5da9b909c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3d99e3568c51cd1eab8a26b232ac46bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d89f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39389f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290c7536fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c3e1f5a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd1a08ce873e07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba4664f35547cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a1cc4df1112105edebc5e3bbc394c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef0a96e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f23d9eea2459f7844606e1202768d83c24cc791bde44a448022bbfa571fe029a7b2d5152639ee283894ab6168992ff0acc01b39a078f285ce615351f262019586eb9447bb3eaffd7b53d8f37ca6c5f1027dd5b7592996c8a7789ba108979cc9ad07ed86682843e2eaa855dd01443ee6ffde1811f10039d5d14458177096e15cc4d8f2582a1bea5cc98d992f3de7d1cdfb24384b9f10f615c87c441dc970ec896a5af6bf69b50a244bc138a1cae9868c3079bafe69769000000000000000000e99b63029d219cd3545a8426b56554a9f265d3557eefb3602894507c256cb8ee9ebadfecb6afeb84ba757bfa8d00a5af0dd6aa1e8144ef8ef04410d52204c335408941b8eccc5c734cc6a05247142ed647f89bcb5c043acfb382b9cc918bc3cdc368983157851cdf678800aa7eb2a6cbc12c7ae23bc88b8f10223ab2a093429f3f6965bc5af0114cf6f246bae0b04bec8e30b6772b8950f32e87beda060f9af2a0ccd4a8eab8e395ee3628eb976b7fff835e6c1bdc4a6e00acd0fe63ba8425b21845db903b38c80148e6aa497dbf0e2baf938d3ecbd433527602d89f10aca419ff54e47354194f75e343d4c75227448530b0d8d59b9f94a3fa0ca9210177926c58ef46dcd09e79c343d35aa954d12f89410c47ac29c881f8a6bda8dd40df0d1e5881338d2c5a01bf1ee6b28169fef18df13c759e767d3442ae6598106496f42b73074bb804e8763915c3e04400ad44e9f3130e904062d204d385c026722a094255db1572d66e7a4917bba2a0f6a1a57482cdb4070de8dd60fd65dacb9ec5003fb1cca05ce1c9f924cc2ec45e8d5adf7c89e3b0b8da35c1aa7fbbee6f839a8f05294a6c02281afb7601252611583408f1"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000005000000000000008000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000018010000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 1.224856638s ago: executing program 4 (id=43032): perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x95, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfffffffbffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0xe, 0x4, 0x4, 0xc}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0xfffffffffffffffd}}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000840)=ANY=[@ANYBLOB="9feb01001800000000000000200000002000000002000000000000000100000d0200000000000000000000000000000000000004"], &(0x7f0000000080)=""/230, 0x3a, 0xe6, 0x1}, 0x28) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x100002, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071127f000000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x34) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r1, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 1.150026962s ago: executing program 1 (id=43033): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) socketpair$unix(0x1, 0x2, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, @perf_bp={0x0}, 0x21, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="5400020029000b05d25a806f8c6394f90424fc602f0011002e2f0100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 1.089997406s ago: executing program 0 (id=43034): ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x308) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x200008c0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x22, 0x3, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x80044943, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r1, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@rights={{0x14, 0x1, 0x1, [r1]}}, @rights={{0x14, 0x1, 0x1, [r1]}}], 0x30, 0x20004000}, 0x48044) 216.803687ms ago: executing program 2 (id=43035): r0 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r1 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[], 0x101d0) sendmsg$kcm(r1, &(0x7f00000001c0)={&(0x7f00000000c0)=@tipc=@name={0x1e, 0x2, 0x3, {{0x41}, 0x5}}, 0x80, 0x0, 0x0, &(0x7f0000000900)=ANY=[], 0x1458}, 0x48800) r2 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43) close(0x3) bpf$PROG_LOAD(0x5, 0x0, 0x0) 126.491563ms ago: executing program 4 (id=43036): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x46a, 0x1, @perf_bp={0x0}, 0x81, 0x3, 0x0, 0x0, 0x1, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) perf_event_open$cgroup(&(0x7f0000000000)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x1028, 0x0, 0x1000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000380)={0x4, 0x80, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x34000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x5, 0xff}, 0x0, 0xc8, 0xfffffffe, 0x0, 0x6, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000fffe8000000000000010"], 0xfdef) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0xffffffffffffffae}, 0x0) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0xfdef) 98.353444ms ago: executing program 3 (id=43037): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x104, 0xc, 0x1000}, 0x50) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02"], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, r2}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x8, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4) sendmsg$unix(r1, &(0x7f00000006c0)={0x0, 0xfffffffffffffe96, 0x0, 0x0, 0x0, 0x0, 0x20000001}, 0x40000) 97.512924ms ago: executing program 0 (id=43038): perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2ba}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x3}, 0x0, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)) ioctl$SIOCSIFHWADDR(r0, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100008d8dff"}) sendmsg$inet(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0x100, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000007000000890704e068000000110000000000000000dbc790ad000000fc000000000000001400000000000000000000000200000004000000000000001c000000000000000000000008000000", @ANYRES32], 0x68}, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$SIOCSIFHWADDR(r1, 0x8b04, &(0x7f0000000040)={'wlan1\x00', @random="010000000400"}) 56.662776ms ago: executing program 1 (id=43039): bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d40)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x98, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffff148, 0x79}, 0xd03, 0x0, 0x7, 0x0, 0x0, 0x6, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0xd6, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0xc}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80) sendmsg$inet(0xffffffffffffffff, &(0x7f0000002780)={0x0, 0x0, 0x0}, 0x0) 0s ago: executing program 2 (id=43040): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffc}, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x11, 0x200000000000002, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0x12, &(0x7f00000008c0)=r3, 0x4) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) r4 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r4, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60) kernel console output (not intermixed with test programs): 264] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2460.898210][T18777] Bluetooth: hci4: command 0x041b tx timeout [ 2462.724966][T21264] device hsr_slave_0 entered promiscuous mode [ 2462.847356][T21264] device hsr_slave_1 entered promiscuous mode [ 2462.888499][T21264] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2462.920452][T21264] Cannot create hsr debugfs directory [ 2462.978282][T18777] Bluetooth: hci4: command 0x040f tx timeout [ 2464.865790][T21264] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 2464.876001][T21264] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 2464.895013][T21264] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 2464.923665][T21264] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 2465.012203][T21264] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2465.027587][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2465.046814][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2465.058509][T18777] Bluetooth: hci4: command 0x0419 tx timeout [ 2465.059518][T21264] 8021q: adding VLAN 0 to HW filter on device team0 [ 2465.079466][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2465.088606][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2465.097243][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 2465.104576][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2465.114666][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2465.127583][T24297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2465.136626][T24297] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2465.146568][T24297] bridge0: port 2(bridge_slave_1) entered blocking state [ 2465.153941][T24297] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2465.178877][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2465.191266][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2465.203171][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2465.235251][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2465.252970][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2465.277276][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2465.294466][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2465.306699][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2465.329364][ T8263] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2465.357244][T21264] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2465.372609][T24297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2465.390770][T24297] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2465.728830][T24297] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2465.736449][T24297] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2465.765231][T21264] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2465.816797][ T8239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 2465.834484][ T8239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 2465.851674][ T8239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 2465.860711][ T8239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 2465.869868][ T8239] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 2465.879571][ T8239] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 2465.900969][T21264] device veth0_vlan entered promiscuous mode [ 2465.926375][T21264] device veth1_vlan entered promiscuous mode [ 2465.970971][ T8239] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 2465.987820][ T8239] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 2465.997792][ T8239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 2466.015777][ T8239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 2466.036753][T21264] device veth0_macvtap entered promiscuous mode [ 2466.062070][T21264] device veth1_macvtap entered promiscuous mode [ 2466.087954][T21264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2466.101119][T21264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2466.112198][T21264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2466.124075][T21264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2466.134415][T21264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2466.145250][T21264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2466.156751][T21264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2466.183077][T21264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2466.193239][T21264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2466.204865][T21264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2466.214952][T21264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2466.225933][T21264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2466.243883][T21264] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2466.255323][T21264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2466.274831][T21264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2466.297090][T21264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2466.314125][T21264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2466.325229][T21264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2466.336386][T21264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2466.347197][T21264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2466.358503][T21264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2466.368876][T21264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2466.379880][T21264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2466.390371][T21264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2466.405882][T21264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2466.417758][T21264] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2466.432866][T24318] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 2466.443716][T24318] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 2466.458872][T24318] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 2466.467787][T24318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 2466.485390][T24318] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 2466.496322][T24318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 2466.524879][T21264] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2466.537798][T21264] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2466.547089][T21264] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2466.556451][T21264] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2466.667148][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2466.696596][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2466.727200][T24318] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 2466.746235][T24297] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2466.759340][T24297] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2466.783220][T24318] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2467.542036][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 2467.548942][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 2467.895240][T18777] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10 [ 2468.602078][T18834] Bluetooth: hci4: unexpected event 0x04 length: 15 > 10 [ 2469.942748][T18834] Bluetooth: hci2: command 0x0409 tx timeout [ 2470.658591][T18834] Bluetooth: hci4: command 0x0409 tx timeout [ 2475.819575][T21687] ref_ctr_offset mismatch. inode: 0x9b offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x7602 [ 2476.489135][T21713] netlink: 750 bytes leftover after parsing attributes in process `syz.4.38262'. [ 2480.536214][T21789] netlink: 'syz.4.38295': attribute type 3 has an invalid length. [ 2480.565085][T21789] netlink: 'syz.4.38295': attribute type 1 has an invalid length. [ 2480.575208][T21789] netlink: 60387 bytes leftover after parsing attributes in process `syz.4.38295'. [ 2480.945164][T26068] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2485.149486][T21924] netlink: 14 bytes leftover after parsing attributes in process `syz.4.38356'. [ 2485.633025][T21938] ref_ctr_offset mismatch. inode: 0xf4 offset: 0x0 ref_ctr_offset(old): 0x7602 ref_ctr_offset(new): 0x0 [ 2487.721006][T21967] netlink: 'syz.1.38373': attribute type 3 has an invalid length. [ 2487.758087][T21967] netlink: 'syz.1.38373': attribute type 1 has an invalid length. [ 2487.776155][T21967] netlink: 60387 bytes leftover after parsing attributes in process `syz.1.38373'. [ 2489.307507][T21985] ref_ctr_offset mismatch. inode: 0x129a offset: 0x0 ref_ctr_offset(old): 0x7602 ref_ctr_offset(new): 0x0 [ 2489.921754][T22009] netlink: 'syz.2.38391': attribute type 3 has an invalid length. [ 2489.953248][T22009] netlink: 'syz.2.38391': attribute type 1 has an invalid length. [ 2489.991136][T22009] netlink: 60387 bytes leftover after parsing attributes in process `syz.2.38391'. [ 2490.069841][T22003] device syzkaller0 entered promiscuous mode [ 2493.249112][T22022] ref_ctr_offset mismatch. inode: 0x541 offset: 0x0 ref_ctr_offset(old): 0x7602 ref_ctr_offset(new): 0x0 [ 2495.465504][T22032] netlink: 144 bytes leftover after parsing attributes in process `syz.3.38401'. [ 2495.545027][T22032] team0: Port device team_slave_0 removed [ 2495.558931][T22032] net_ratelimit: 33018 callbacks suppressed [ 2495.558949][T22032] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 2499.612852][T22072] ref_ctr_offset mismatch. inode: 0x123 offset: 0x0 ref_ctr_offset(old): 0x7602 ref_ctr_offset(new): 0x0 [ 2499.940248][T22079] device syzkaller0 entered promiscuous mode [ 2499.984855][T24318] device hsr_slave_0 left promiscuous mode [ 2500.013785][T24318] device hsr_slave_1 left promiscuous mode [ 2500.033081][T24318] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2500.055975][T24318] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2500.073584][T24318] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2500.088811][T24318] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2500.120439][T24318] device bridge_slave_1 left promiscuous mode [ 2500.134987][T24318] bridge0: port 2(bridge_slave_1) entered disabled state [ 2500.155073][T24318] device bridge_slave_0 left promiscuous mode [ 2500.169724][T24318] bridge0: port 1(bridge_slave_0) entered disabled state [ 2500.234171][T24318] device veth1_macvtap left promiscuous mode [ 2500.249576][T24318] device veth0_macvtap left promiscuous mode [ 2500.264926][T24318] device veth1_vlan left promiscuous mode [ 2500.278509][T24318] device veth0_vlan left promiscuous mode [ 2500.348484][T22099] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.38427'. [ 2501.425045][T24318] team0 (unregistering): Port device team_slave_1 removed [ 2501.475924][T24318] team0 (unregistering): Port device team_slave_0 removed [ 2501.517705][T24318] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2501.565676][T24318] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2501.875838][T24318] bond0 (unregistering): Released all slaves [ 2501.981254][T22089] netlink: 144 bytes leftover after parsing attributes in process `syz.2.38421'. [ 2502.015459][T22089] team0: Port device team_slave_0 removed [ 2502.022736][T22089] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 2504.783207][T22123] netlink: 'syz.4.38439': attribute type 3 has an invalid length. [ 2504.817740][T22123] netlink: 'syz.4.38439': attribute type 1 has an invalid length. [ 2504.850814][T22123] netlink: 60387 bytes leftover after parsing attributes in process `syz.4.38439'. [ 2506.388465][T22156] netlink: 'syz.2.38456': attribute type 14 has an invalid length. [ 2506.432938][T22156] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.38456'. [ 2507.216265][T22178] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.38467'. [ 2507.323054][T22188] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.38476'. [ 2507.881678][T22203] netlink: 'syz.1.38475': attribute type 14 has an invalid length. [ 2507.899004][T22203] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.38475'. [ 2508.231328][T22213] netlink: 'syz.3.38481': attribute type 3 has an invalid length. [ 2508.252350][T22213] netlink: 'syz.3.38481': attribute type 1 has an invalid length. [ 2508.265962][T22213] netlink: 60387 bytes leftover after parsing attributes in process `syz.3.38481'. [ 2509.516167][T22243] netlink: 'syz.3.38493': attribute type 14 has an invalid length. [ 2509.538255][T22243] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.38493'. [ 2509.604364][T24318] device hsr_slave_0 left promiscuous mode [ 2509.635660][T24318] device hsr_slave_1 left promiscuous mode [ 2509.678494][T24318] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2509.686312][T24318] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2509.716480][T24318] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2509.725424][T24318] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2509.734400][T24318] device bridge_slave_1 left promiscuous mode [ 2509.741221][T24318] bridge0: port 2(bridge_slave_1) entered disabled state [ 2509.788407][T24318] device bridge_slave_0 left promiscuous mode [ 2509.797656][T24318] bridge0: port 1(bridge_slave_0) entered disabled state [ 2509.935027][T24318] device veth1_macvtap left promiscuous mode [ 2509.951290][T24318] device veth0_macvtap left promiscuous mode [ 2509.957486][T24318] device veth1_vlan left promiscuous mode [ 2509.967083][T24318] device veth0_vlan left promiscuous mode [ 2510.564458][T24318] team0 (unregistering): Port device team_slave_1 removed [ 2510.612226][T24318] team0 (unregistering): Port device team_slave_0 removed [ 2510.658681][T24318] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2510.710470][T24318] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2511.027124][T24318] bond0 (unregistering): Released all slaves [ 2511.976113][T25883] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2514.723673][T22328] netlink: 144 bytes leftover after parsing attributes in process `syz.4.38530'. [ 2514.774899][T22328] team0: Port device team_slave_0 removed [ 2514.788455][T22328] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 2516.498383][T22418] netlink: 144 bytes leftover after parsing attributes in process `syz.1.38571'. [ 2516.841492][T22418] team0: Port device team_slave_0 removed [ 2516.880577][T22418] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 2518.124322][T22462] netlink: 144 bytes leftover after parsing attributes in process `syz.0.38590'. [ 2518.210373][T22462] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 2520.726491][T22474] netlink: 144 bytes leftover after parsing attributes in process `syz.0.38607'. [ 2520.744679][T22474] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 2522.188934][T22514] netlink: 144 bytes leftover after parsing attributes in process `syz.4.38614'. [ 2522.230502][T22514] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 2526.157908][T22553] netlink: 144 bytes leftover after parsing attributes in process `syz.1.38633'. [ 2526.167394][T22553] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 2527.470475][T22585] netlink: 144 bytes leftover after parsing attributes in process `syz.4.38649'. [ 2527.516565][T22585] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 2528.981559][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 2528.988256][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 2530.865116][T22605] netlink: 'syz.4.38657': attribute type 33 has an invalid length. [ 2530.875605][T22605] netlink: 152 bytes leftover after parsing attributes in process `syz.4.38657'. [ 2531.256888][T22623] netlink: 144 bytes leftover after parsing attributes in process `syz.0.38664'. [ 2531.316420][T22623] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 2531.708622][T22634] netlink: 144 bytes leftover after parsing attributes in process `syz.0.38680'. [ 2531.768802][T22634] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 2532.943485][T22646] device syzkaller0 entered promiscuous mode [ 2537.353121][T22666] netlink: 'syz.1.38684': attribute type 9 has an invalid length. [ 2537.361802][T22683] netlink: 144 bytes leftover after parsing attributes in process `syz.4.38690'. [ 2537.378562][T22683] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 2537.666668][T22702] netlink: 144 bytes leftover after parsing attributes in process `syz.0.38705'. [ 2537.698682][T22702] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 2539.133542][T22732] netlink: 'syz.2.38713': attribute type 10 has an invalid length. [ 2539.155419][T22732] netlink: 3819 bytes leftover after parsing attributes in process `syz.2.38713'. [ 2539.383305][T22743] netlink: 40 bytes leftover after parsing attributes in process `syz.3.38718'. [ 2539.400991][T22743] netlink: 'syz.3.38718': attribute type 4 has an invalid length. [ 2539.431640][T22743] netlink: 1 bytes leftover after parsing attributes in process `syz.3.38718'. [ 2539.643871][T22754] sctp: [Deprecated]: syz.4.38724 (pid 22754) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2539.643871][T22754] Use struct sctp_sack_info instead [ 2543.000854][T26068] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2547.674618][T22812] netlink: 'syz.3.38747': attribute type 10 has an invalid length. [ 2547.719528][T22812] netlink: 3819 bytes leftover after parsing attributes in process `syz.3.38747'. [ 2549.174242][T22850] netlink: 'syz.0.38764': attribute type 10 has an invalid length. [ 2549.214027][T22850] netlink: 3819 bytes leftover after parsing attributes in process `syz.0.38764'. [ 2559.086020][T22912] netlink: 168 bytes leftover after parsing attributes in process `syz.4.38806'. [ 2561.954120][T22954] netlink: 168 bytes leftover after parsing attributes in process `syz.1.38812'. [ 2562.075443][T22958] netlink: 72 bytes leftover after parsing attributes in process `syz.0.38815'. [ 2566.898319][T18777] Bluetooth: hci2: command 0x0406 tx timeout [ 2570.527393][T22988] netlink: 168 bytes leftover after parsing attributes in process `syz.2.38830'. [ 2572.028165][T18834] Bluetooth: hci3: command 0x0406 tx timeout [ 2582.258262][T18777] Bluetooth: hci4: command 0x0406 tx timeout [ 2585.747203][T23177] sctp: [Deprecated]: syz.2.38917 (pid 23177) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2585.747203][T23177] Use struct sctp_sack_info instead [ 2590.422097][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 2590.428695][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 2590.702596][T23245] device syzkaller0 entered promiscuous mode [ 2594.863348][T23321] netlink: 'syz.2.38978': attribute type 1 has an invalid length. [ 2594.924728][T23321] netlink: 'syz.2.38978': attribute type 1 has an invalid length. [ 2596.409201][T18777] Bluetooth: hci3: Dropping invalid advertising data [ 2596.416415][T18777] Bluetooth: hci3: unknown advertising packet type: 0xff [ 2596.416441][T18777] Bluetooth: hci3: Malformed LE Event: 0x02 [ 2599.715434][T23411] netlink: 'syz.0.39027': attribute type 1 has an invalid length. [ 2599.747278][T23411] netlink: 'syz.0.39027': attribute type 1 has an invalid length. [ 2602.982345][T23447] netlink: 'syz.3.39035': attribute type 1 has an invalid length. [ 2602.992728][T23450] netlink: 'syz.3.39035': attribute type 1 has an invalid length. [ 2603.215686][T18777] Bluetooth: hci1: Dropping invalid advertising data [ 2603.223175][T18777] Bluetooth: hci1: unknown advertising packet type: 0xff [ 2603.223201][T18777] Bluetooth: hci1: Malformed LE Event: 0x02 [ 2603.922592][T23477] device syzkaller0 entered promiscuous mode [ 2606.568547][T18777] Bluetooth: hci0: Dropping invalid advertising data [ 2606.575829][T18777] Bluetooth: hci0: unknown advertising packet type: 0xff [ 2606.575854][T18777] Bluetooth: hci0: Malformed LE Event: 0x02 [ 2608.668517][T23536] netlink: 'syz.1.39071': attribute type 10 has an invalid length. [ 2608.690421][T23536] netlink: 3819 bytes leftover after parsing attributes in process `syz.1.39071'. [ 2611.105317][T23538] device syzkaller0 entered promiscuous mode [ 2615.310305][T18777] Bluetooth: hci4: unexpected subevent 0x01 length: 150 > 18 [ 2617.388186][T18777] Bluetooth: hci4: command 0x2016 tx timeout [ 2621.550875][T18777] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 2622.807011][T23718] -1: renamed from syzkaller0 [ 2622.894073][T18777] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18 [ 2623.618035][T18777] Bluetooth: hci3: command 0x2016 tx timeout [ 2623.711937][T23729] : renamed from pim6reg1 [ 2624.984624][T18834] Bluetooth: hci2: command 0x2016 tx timeout [ 2626.410360][T23761] device syzkaller0 entered promiscuous mode [ 2632.031735][T23838] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.39195'. [ 2633.415805][T23858] netlink: 14601 bytes leftover after parsing attributes in process `syz.4.39207'. [ 2637.260809][T23937] netlink: 'syz.0.39235': attribute type 21 has an invalid length. [ 2637.298186][T23937] netlink: 132 bytes leftover after parsing attributes in process `syz.0.39235'. [ 2637.307669][T23937] netlink: 20 bytes leftover after parsing attributes in process `syz.0.39235'. [ 2638.736768][T23956] netlink: 14601 bytes leftover after parsing attributes in process `syz.3.39244'. [ 2640.758848][T23980] netlink: 55631 bytes leftover after parsing attributes in process `syz.4.39252'. [ 2640.793303][T23993] netlink: 14601 bytes leftover after parsing attributes in process `syz.0.39258'. [ 2642.342420][T24032] netlink: 14601 bytes leftover after parsing attributes in process `syz.2.39274'. [ 2643.492485][T24044] IPv6: : Disabled Multicast RS [ 2643.700020][T18777] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 2643.708068][T18777] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 2643.717441][T18777] CPU: 0 PID: 18777 Comm: kworker/u5:2 Not tainted syzkaller #0 [ 2643.725106][T18777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 2643.735794][T18777] Workqueue: hci3 hci_rx_work [ 2643.740484][T18777] Call Trace: [ 2643.743801][T18777] [ 2643.746737][T18777] dump_stack_lvl+0x188/0x24e [ 2643.751428][T18777] ? show_regs_print_info+0x12/0x12 [ 2643.756902][T18777] ? load_image+0x400/0x400 [ 2643.761708][T18777] sysfs_create_dir_ns+0x26a/0x290 [ 2643.766829][T18777] ? sysfs_warn_dup+0xa0/0xa0 [ 2643.771517][T18777] ? do_raw_spin_unlock+0x11d/0x230 [ 2643.776900][T18777] kobject_add_internal+0x61c/0xcc0 [ 2643.782105][T18777] kobject_add+0x160/0x230 [ 2643.787227][T18777] ? kobject_init+0x1d0/0x1d0 [ 2643.792006][T18777] ? klist_children_get+0x50/0x50 [ 2643.797204][T18777] ? get_device_parent+0x121/0x3f0 [ 2643.802419][T18777] device_add+0x483/0xfb0 [ 2643.806793][T18777] ? kmem_cache_free+0xf7/0x290 [ 2643.811652][T18777] hci_conn_add_sysfs+0xd1/0x1e0 [ 2643.816632][T18777] le_conn_complete_evt+0x105f/0x1670 [ 2643.822012][T18777] ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0 [ 2643.828280][T18777] ? bt_info+0x180/0x180 [ 2643.832727][T18777] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 2643.838636][T18777] ? skb_pull_data+0xf7/0x200 [ 2643.843599][T18777] hci_le_conn_complete_evt+0x183/0x440 [ 2643.849417][T18777] ? hci_remote_host_features_evt+0x270/0x270 [ 2643.855578][T18777] hci_event_packet+0x7b6/0x1280 [ 2643.860623][T18777] ? bis_list+0x280/0x280 [ 2643.865126][T18777] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 2643.871021][T18777] ? kcov_remote_start+0x4c7/0x7e0 [ 2643.876219][T18777] ? mt_dump_node+0x8f0/0x1920 [ 2643.881075][T18777] ? hci_send_to_monitor+0x9c/0x4a0 [ 2643.886359][T18777] hci_rx_work+0x3eb/0xd40 [ 2643.890868][T18777] ? _raw_spin_unlock+0x40/0x40 [ 2643.895777][T18777] ? process_one_work+0x7b0/0x1160 [ 2643.900885][T18777] process_one_work+0x8a2/0x1160 [ 2643.905843][T18777] ? worker_detach_from_pool+0x240/0x240 [ 2643.911571][T18777] ? _raw_spin_lock_irq+0xb7/0xf0 [ 2643.916683][T18777] ? _raw_spin_lock_irqsave+0x100/0x100 [ 2643.922328][T18777] ? kthread_data+0x4b/0xc0 [ 2643.926842][T18777] worker_thread+0xaa2/0x1270 [ 2643.931539][T18777] kthread+0x29d/0x330 [ 2643.935611][T18777] ? worker_clr_flags+0x1a0/0x1a0 [ 2643.940720][T18777] ? kthread_blkcg+0xd0/0xd0 [ 2643.945748][T18777] ret_from_fork+0x1f/0x30 [ 2643.950182][T18777] [ 2643.954814][T18777] kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 2643.969258][T18777] Bluetooth: hci3: failed to register connection device [ 2644.076843][T24061] netlink: 'syz.3.39288': attribute type 21 has an invalid length. [ 2644.087553][T24061] netlink: 132 bytes leftover after parsing attributes in process `syz.3.39288'. [ 2644.097853][T24061] netlink: 20 bytes leftover after parsing attributes in process `syz.3.39288'. [ 2644.655619][T24075] netlink: 14601 bytes leftover after parsing attributes in process `syz.1.39292'. [ 2645.430475][T24103] IPv6: : Disabled Multicast RS [ 2645.816079][T24113] netlink: 14601 bytes leftover after parsing attributes in process `syz.3.39310'. [ 2648.188509][T24137] IPv6: : Disabled Multicast RS [ 2648.537475][T24144] netlink: 14601 bytes leftover after parsing attributes in process `syz.0.39325'. [ 2650.197611][T24182] netlink: 14601 bytes leftover after parsing attributes in process `syz.3.39343'. [ 2650.500877][T18777] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18 [ 2651.593776][T24216] netlink: 14601 bytes leftover after parsing attributes in process `syz.2.39358'. [ 2651.808203][T24224] device syzkaller0 entered promiscuous mode [ 2651.859921][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 2651.866497][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 2652.442534][T24250] netlink: 14601 bytes leftover after parsing attributes in process `syz.3.39374'. [ 2653.120482][T24278] netlink: 14601 bytes leftover after parsing attributes in process `syz.0.39388'. [ 2653.362522][T24289] netlink: 14601 bytes leftover after parsing attributes in process `syz.0.39400'. [ 2653.473752][T24291] netlink: 154788 bytes leftover after parsing attributes in process `syz.4.39392'. [ 2653.498380][T24291] openvswitch: netlink: Message has 48126 unknown bytes. [ 2654.375713][T24324] netlink: 14601 bytes leftover after parsing attributes in process `syz.1.39407'. [ 2654.464736][T18777] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18 [ 2654.472613][T18777] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0' [ 2654.482635][T18777] CPU: 0 PID: 18777 Comm: kworker/u5:2 Not tainted syzkaller #0 [ 2654.490296][T18777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 2654.500453][T18777] Workqueue: hci2 hci_rx_work [ 2654.505247][T18777] Call Trace: [ 2654.508629][T18777] [ 2654.511581][T18777] dump_stack_lvl+0x188/0x24e [ 2654.516284][T18777] ? show_regs_print_info+0x12/0x12 [ 2654.521589][T18777] ? load_image+0x400/0x400 [ 2654.526309][T18777] sysfs_create_dir_ns+0x26a/0x290 [ 2654.531445][T18777] ? sysfs_warn_dup+0xa0/0xa0 [ 2654.536226][T18777] ? do_raw_spin_unlock+0x11d/0x230 [ 2654.541713][T18777] kobject_add_internal+0x61c/0xcc0 [ 2654.546953][T18777] kobject_add+0x160/0x230 [ 2654.551951][T18777] ? kobject_init+0x1d0/0x1d0 [ 2654.556664][T18777] ? klist_children_get+0x50/0x50 [ 2654.561697][T18777] ? get_device_parent+0x121/0x3f0 [ 2654.566920][T18777] device_add+0x483/0xfb0 [ 2654.571272][T18777] ? kmem_cache_free+0xf7/0x290 [ 2654.576219][T18777] hci_conn_add_sysfs+0xd1/0x1e0 [ 2654.581780][T18777] le_conn_complete_evt+0x105f/0x1670 [ 2654.587297][T18777] ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0 [ 2654.593742][T18777] ? bt_info+0x180/0x180 [ 2654.598119][T18777] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 2654.603944][T18777] ? skb_pull_data+0xf7/0x200 [ 2654.608712][T18777] hci_le_conn_complete_evt+0x183/0x440 [ 2654.614439][T18777] ? hci_remote_host_features_evt+0x270/0x270 [ 2654.620606][T18777] hci_event_packet+0x7b6/0x1280 [ 2654.625645][T18777] ? bis_list+0x280/0x280 [ 2654.630063][T18777] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 2654.636225][T18777] ? kcov_remote_start+0x4c7/0x7e0 [ 2654.641452][T18777] ? mt_dump_node+0x8f0/0x1920 [ 2654.646339][T18777] ? hci_send_to_monitor+0x9c/0x4a0 [ 2654.651819][T18777] hci_rx_work+0x3eb/0xd40 [ 2654.656247][T18777] ? _raw_spin_unlock+0x40/0x40 [ 2654.661134][T18777] ? process_one_work+0x7b0/0x1160 [ 2654.666274][T18777] process_one_work+0x8a2/0x1160 [ 2654.671331][T18777] ? worker_detach_from_pool+0x240/0x240 [ 2654.676999][T18777] ? _raw_spin_lock_irq+0x86/0xf0 [ 2654.682060][T18777] ? _raw_spin_lock_irq+0xb7/0xf0 [ 2654.687221][T18777] ? _raw_spin_lock_irqsave+0x100/0x100 [ 2654.692784][T18777] ? kthread_data+0x4b/0xc0 [ 2654.697398][T18777] worker_thread+0xaa2/0x1270 [ 2654.702172][T18777] kthread+0x29d/0x330 [ 2654.706257][T18777] ? worker_clr_flags+0x1a0/0x1a0 [ 2654.711280][T18777] ? kthread_blkcg+0xd0/0xd0 [ 2654.715900][T18777] ret_from_fork+0x1f/0x30 [ 2654.720335][T18777] [ 2654.732755][T18777] kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 2654.747458][T18777] Bluetooth: hci2: failed to register connection device [ 2655.361681][T24354] netlink: 14601 bytes leftover after parsing attributes in process `syz.4.39421'. [ 2655.575460][T18777] Bluetooth: hci3: Malformed HCI Event [ 2656.425302][T24395] sctp: [Deprecated]: syz.4.39442 (pid 24395) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2656.425302][T24395] Use struct sctp_sack_info instead [ 2657.186818][T24415] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.39452'. [ 2658.542711][T18777] Bluetooth: hci1: Malformed HCI Event [ 2660.784628][T24510] sock: sock_timestamping_bind_phc: sock not bind to device [ 2661.864210][T24523] sctp: [Deprecated]: syz.2.39498 (pid 24523) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2661.864210][T24523] Use struct sctp_sack_info instead [ 2662.210243][T24533] netlink: 154788 bytes leftover after parsing attributes in process `syz.2.39500'. [ 2662.228314][T24533] openvswitch: netlink: Message has 48126 unknown bytes. [ 2662.258958][T24532] device syzkaller0 entered promiscuous mode [ 2663.001058][T24553] netlink: 'syz.3.39509': attribute type 3 has an invalid length. [ 2663.013703][T24553] netlink: 105108 bytes leftover after parsing attributes in process `syz.3.39509'. [ 2664.654155][T24541] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.39504'. [ 2665.813984][T24585] sctp: [Deprecated]: syz.4.39522 (pid 24585) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2665.813984][T24585] Use struct sctp_sack_info instead [ 2666.076081][T24594] netlink: 'syz.4.39525': attribute type 3 has an invalid length. [ 2666.108105][T24594] netlink: 105108 bytes leftover after parsing attributes in process `syz.4.39525'. [ 2666.455570][T18777] Bluetooth: hci3: unexpected subevent 0x05 length: 150 > 12 [ 2666.534328][T24610] netlink: 'syz.0.39542': attribute type 3 has an invalid length. [ 2666.598165][T24610] netlink: 105108 bytes leftover after parsing attributes in process `syz.0.39542'. [ 2666.954175][T24620] sctp: [Deprecated]: syz.2.39536 (pid 24620) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2666.954175][T24620] Use struct sctp_sack_info instead [ 2667.444900][T24626] netlink: 63503 bytes leftover after parsing attributes in process `syz.4.39539'. [ 2667.562848][T24628] sctp: [Deprecated]: syz.1.39551 (pid 24628) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2667.562848][T24628] Use struct sctp_sack_info instead [ 2667.978887][T18777] Bluetooth: hci1: unexpected subevent 0x05 length: 150 > 12 [ 2668.167304][T24646] netlink: 16083 bytes leftover after parsing attributes in process `syz.1.39549'. [ 2668.414494][T24652] netlink: 'syz.2.39550': attribute type 3 has an invalid length. [ 2668.432596][T24654] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.39553'. [ 2668.442298][T24652] netlink: 105108 bytes leftover after parsing attributes in process `syz.2.39550'. [ 2668.498572][T18777] Bluetooth: hci3: command 0x201b tx timeout [ 2669.658397][T18777] Bluetooth: hci0: unexpected subevent 0x05 length: 150 > 12 [ 2669.856786][T24687] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.39568'. [ 2670.018160][T18777] Bluetooth: hci1: command 0x201b tx timeout [ 2670.157650][T24695] netlink: 'syz.1.39569': attribute type 3 has an invalid length. [ 2670.207293][T24695] netlink: 105108 bytes leftover after parsing attributes in process `syz.1.39569'. [ 2670.285877][T24699] netlink: 154788 bytes leftover after parsing attributes in process `syz.0.39572'. [ 2670.319576][T24699] openvswitch: netlink: Message has 48126 unknown bytes. [ 2671.631902][T24725] device syzkaller0 entered promiscuous mode [ 2671.647644][T24729] netlink: 16083 bytes leftover after parsing attributes in process `syz.2.39588'. [ 2671.699279][T18777] Bluetooth: hci0: command 0x201b tx timeout [ 2671.877421][T24733] netlink: 'syz.4.39590': attribute type 3 has an invalid length. [ 2671.900221][T24734] netlink: 154788 bytes leftover after parsing attributes in process `syz.3.39589'. [ 2671.910725][T24733] netlink: 105108 bytes leftover after parsing attributes in process `syz.4.39590'. [ 2671.925432][T24734] openvswitch: netlink: Message has 48126 unknown bytes. [ 2674.805850][T24757] netlink: 'syz.3.39609': attribute type 3 has an invalid length. [ 2674.835220][T24757] netlink: 105108 bytes leftover after parsing attributes in process `syz.3.39609'. [ 2675.265654][T24769] netlink: 'syz.4.39616': attribute type 3 has an invalid length. [ 2675.306977][T24769] netlink: 105108 bytes leftover after parsing attributes in process `syz.4.39616'. [ 2675.780792][T24778] netlink: 154788 bytes leftover after parsing attributes in process `syz.1.39604'. [ 2675.820961][T24778] openvswitch: netlink: Message has 48126 unknown bytes. [ 2675.974940][T24780] netlink: 'syz.0.39606': attribute type 29 has an invalid length. [ 2676.099770][T24780] netlink: 'syz.0.39606': attribute type 29 has an invalid length. [ 2676.635666][T24789] device syzkaller0 entered promiscuous mode [ 2679.228787][T24817] netlink: 'syz.4.39624': attribute type 3 has an invalid length. [ 2679.248310][T24817] netlink: 105108 bytes leftover after parsing attributes in process `syz.4.39624'. [ 2680.242739][T24824] bridge0: port 1(bridge_slave_0) entered disabled state [ 2680.434072][T24832] device syzkaller0 entered promiscuous mode [ 2680.470341][T24832] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 65487 [ 2680.910039][T24850] device syzkaller0 entered promiscuous mode [ 2682.151612][T24861] netlink: 'syz.0.39644': attribute type 3 has an invalid length. [ 2682.166119][T24861] netlink: 105108 bytes leftover after parsing attributes in process `syz.0.39644'. [ 2684.131416][T24858] netlink: 132 bytes leftover after parsing attributes in process `syz.2.39643'. [ 2684.318439][T24866] device syzkaller0 entered promiscuous mode [ 2684.585292][T24875] netlink: 'syz.1.39660': attribute type 3 has an invalid length. [ 2684.628315][T24875] netlink: 105108 bytes leftover after parsing attributes in process `syz.1.39660'. [ 2684.821377][T24880] device syzkaller0 entered promiscuous mode [ 2687.162823][T18777] Bluetooth: hci0: unexpected event 0x04 length: 15 > 10 [ 2687.162862][T18777] Bluetooth: unknown link type 3 [ 2687.214420][T24908] device syzkaller0 entered promiscuous mode [ 2689.218244][T18777] Bluetooth: hci0: command 0x0409 tx timeout [ 2691.449954][T24914] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.39665'. [ 2691.465963][T24923] bridge0: port 1(bridge_slave_0) entered disabled state [ 2691.747507][T24931] device syzkaller0 entered promiscuous mode [ 2691.870935][T24939] netlink: 'syz.1.39677': attribute type 3 has an invalid length. [ 2691.892808][T24939] netlink: 105108 bytes leftover after parsing attributes in process `syz.1.39677'. [ 2693.609010][T18777] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 2693.616732][T18777] Bluetooth: hci0: Invalid handle: 0xffff > 0x0eff [ 2694.490840][T24951] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.39681'. [ 2694.649923][T18777] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10 [ 2694.649962][T18777] Bluetooth: unknown link type 3 [ 2695.731417][T24987] device syzkaller0 entered promiscuous mode [ 2696.001438][T25000] netlink: 'syz.3.39701': attribute type 2 has an invalid length. [ 2696.738109][T18777] Bluetooth: hci2: command 0x0409 tx timeout [ 2698.276768][T25010] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.39703'. [ 2698.364683][T25019] device syzkaller0 entered promiscuous mode [ 2704.281396][T25069] netlink: 16083 bytes leftover after parsing attributes in process `syz.3.39729'. [ 2704.863581][T25114] netlink: 'syz.1.39750': attribute type 46 has an invalid length. [ 2705.254904][T25121] netlink: 16083 bytes leftover after parsing attributes in process `syz.2.39753'. [ 2706.256594][T25156] netlink: 16083 bytes leftover after parsing attributes in process `syz.4.39766'. [ 2706.863072][T25181] netlink: 830 bytes leftover after parsing attributes in process `syz.0.39778'. [ 2707.632288][T25202] netlink: 'syz.4.39787': attribute type 4 has an invalid length. [ 2707.665409][T25202] netlink: 'syz.4.39787': attribute type 8 has an invalid length. [ 2707.684841][T25202] netlink: 193092 bytes leftover after parsing attributes in process `syz.4.39787'. [ 2707.890676][T25212] netlink: 830 bytes leftover after parsing attributes in process `syz.4.39800'. [ 2711.043495][T25299] netlink: 830 bytes leftover after parsing attributes in process `syz.1.39826'. [ 2713.322101][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 2713.328829][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 2713.638745][T25356] netlink: 15999 bytes leftover after parsing attributes in process `syz.3.39849'. [ 2714.619542][T25382] netlink: 830 bytes leftover after parsing attributes in process `syz.2.39859'. [ 2714.884102][T25395] netlink: 'syz.4.39860': attribute type 8 has an invalid length. [ 2714.902645][T25395] netlink: 'syz.4.39860': attribute type 9 has an invalid length. [ 2714.914288][T25395] netlink: 'syz.4.39860': attribute type 10 has an invalid length. [ 2714.932712][T25395] netlink: 'syz.4.39860': attribute type 11 has an invalid length. [ 2714.950183][T25395] netlink: 16 bytes leftover after parsing attributes in process `syz.4.39860'. [ 2715.205384][T25406] netlink: 15999 bytes leftover after parsing attributes in process `syz.1.39882'. [ 2715.290065][T25411] netlink: 65039 bytes leftover after parsing attributes in process `syz.3.39874'. [ 2718.086098][T25478] netlink: 1 bytes leftover after parsing attributes in process `syz.1.39903'. [ 2718.251504][T18777] Bluetooth: hci2: Malformed LE Event: 0x02 [ 2718.613575][T25493] netlink: 'syz.2.39906': attribute type 8 has an invalid length. [ 2718.639502][T25493] netlink: 'syz.2.39906': attribute type 9 has an invalid length. [ 2718.658007][T25493] netlink: 'syz.2.39906': attribute type 10 has an invalid length. [ 2718.686555][T25493] netlink: 'syz.2.39906': attribute type 11 has an invalid length. [ 2718.704944][T25493] netlink: 16 bytes leftover after parsing attributes in process `syz.2.39906'. [ 2718.840752][T25497] netlink: 830 bytes leftover after parsing attributes in process `syz.3.39909'. [ 2719.246044][T25516] netlink: 15999 bytes leftover after parsing attributes in process `syz.3.39916'. [ 2719.474126][T25524] netlink: 15999 bytes leftover after parsing attributes in process `syz.4.39930'. [ 2719.937613][T25538] netlink: 'syz.1.39922': attribute type 8 has an invalid length. [ 2719.974508][T25538] netlink: 'syz.1.39922': attribute type 9 has an invalid length. [ 2719.987221][T25538] netlink: 'syz.1.39922': attribute type 10 has an invalid length. [ 2720.006142][T25538] netlink: 'syz.1.39922': attribute type 11 has an invalid length. [ 2720.028200][T25538] netlink: 16 bytes leftover after parsing attributes in process `syz.1.39922'. [ 2720.045974][T25540] netlink: 830 bytes leftover after parsing attributes in process `syz.2.39926'. [ 2720.386688][T25558] netlink: 1 bytes leftover after parsing attributes in process `syz.0.39937'. [ 2720.654941][T25563] netlink: 'syz.2.39941': attribute type 1 has an invalid length. [ 2720.682542][T25563] netlink: 105120 bytes leftover after parsing attributes in process `syz.2.39941'. [ 2721.034206][T25579] netlink: 'syz.1.39944': attribute type 10 has an invalid length. [ 2721.108724][T25579] netlink: 55 bytes leftover after parsing attributes in process `syz.1.39944'. [ 2722.719199][T25602] netlink: 'syz.4.39955': attribute type 3 has an invalid length. [ 2722.727797][T25602] netlink: 'syz.4.39955': attribute type 1 has an invalid length. [ 2723.351075][T18777] Bluetooth: hci4: Malformed LE Event: 0x02 [ 2725.739966][T25626] __nla_validate_parse: 3 callbacks suppressed [ 2725.739985][T25626] netlink: 1 bytes leftover after parsing attributes in process `syz.4.39964'. [ 2725.873389][T25632] netlink: 144 bytes leftover after parsing attributes in process `syz.3.39968'. [ 2725.895587][T25632] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 2726.301199][T18777] Bluetooth: hci0: Malformed LE Event: 0x02 [ 2726.310756][T25646] netlink: 'syz.1.39974': attribute type 1 has an invalid length. [ 2726.348197][T25646] netlink: 105120 bytes leftover after parsing attributes in process `syz.1.39974'. [ 2727.782349][T25694] netlink: 'syz.3.39990': attribute type 1 has an invalid length. [ 2727.799207][T25694] netlink: 105120 bytes leftover after parsing attributes in process `syz.3.39990'. [ 2728.477424][T25712] netlink: 16083 bytes leftover after parsing attributes in process `syz.4.40001'. [ 2730.090929][T25734] netlink: 'syz.0.40008': attribute type 1 has an invalid length. [ 2730.099907][T25734] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.40008'. [ 2730.118937][T25735] netlink: 'syz.3.40010': attribute type 10 has an invalid length. [ 2730.145162][T25735] netlink: 55 bytes leftover after parsing attributes in process `syz.3.40010'. [ 2730.452783][T25745] netlink: 'syz.0.40013': attribute type 3 has an invalid length. [ 2730.493315][T25745] netlink: 'syz.0.40013': attribute type 1 has an invalid length. [ 2730.531845][T25745] netlink: 60387 bytes leftover after parsing attributes in process `syz.0.40013'. [ 2732.705491][T25775] netlink: 'syz.4.40026': attribute type 1 has an invalid length. [ 2732.738446][T25775] netlink: 105120 bytes leftover after parsing attributes in process `syz.4.40026'. [ 2732.984073][T25782] netlink: 144 bytes leftover after parsing attributes in process `syz.0.40028'. [ 2732.993890][T25782] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 2734.130185][T25807] netlink: 16083 bytes leftover after parsing attributes in process `syz.3.40041'. [ 2735.496309][T25817] netlink: 144 bytes leftover after parsing attributes in process `syz.1.40047'. [ 2735.518375][T25817] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 2735.892165][T25837] netlink: 16083 bytes leftover after parsing attributes in process `syz.1.40056'. [ 2735.925349][T25836] netlink: 144 bytes leftover after parsing attributes in process `syz.4.40065'. [ 2735.951499][T25836] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 2738.304335][T25873] netlink: 144 bytes leftover after parsing attributes in process `syz.2.40073'. [ 2738.365786][T25873] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 2743.172170][T25929] netlink: 126288 bytes leftover after parsing attributes in process `syz.0.40111'. [ 2743.727502][T25945] sctp: [Deprecated]: syz.4.40108 (pid 25945) Use of int in maxseg socket option. [ 2743.727502][T25945] Use struct sctp_assoc_value instead [ 2744.737509][T25968] netlink: 126288 bytes leftover after parsing attributes in process `syz.1.40120'. [ 2746.195875][T25998] netlink: 'syz.1.40133': attribute type 9 has an invalid length. [ 2746.226129][T25998] netlink: 207496 bytes leftover after parsing attributes in process `syz.1.40133'. [ 2746.599036][T26005] netlink: 126288 bytes leftover after parsing attributes in process `syz.3.40136'. [ 2747.367057][T26024] sctp: [Deprecated]: syz.3.40146 (pid 26024) Use of int in maxseg socket option. [ 2747.367057][T26024] Use struct sctp_assoc_value instead [ 2747.521761][T26026] sctp: [Deprecated]: syz.0.40157 (pid 26026) Use of int in maxseg socket option. [ 2747.521761][T26026] Use struct sctp_assoc_value instead [ 2747.826093][T26036] netlink: 2639 bytes leftover after parsing attributes in process `syz.1.40151'. [ 2749.037287][T18777] Bluetooth: hci3: unexpected subevent 0x06 length: 150 > 10 [ 2749.045238][T18777] Bluetooth: min 0 < 6 [ 2749.149110][T26065] netlink: 194236 bytes leftover after parsing attributes in process `syz.2.40166'. [ 2749.158859][T26065] netlink: zone id is out of range [ 2749.164178][T26065] netlink: zone id is out of range [ 2749.169953][T26065] netlink: get zone limit has 8 unknown bytes [ 2749.289976][T26072] netlink: 'syz.2.40169': attribute type 21 has an invalid length. [ 2749.303370][T26072] netlink: 'syz.2.40169': attribute type 6 has an invalid length. [ 2749.313761][T26072] netlink: 132 bytes leftover after parsing attributes in process `syz.2.40169'. [ 2750.020626][T18777] Bluetooth: hci0: unexpected subevent 0x06 length: 150 > 10 [ 2750.855355][T26104] netlink: 'syz.1.40183': attribute type 21 has an invalid length. [ 2750.894766][T26104] netlink: 'syz.1.40183': attribute type 6 has an invalid length. [ 2750.981412][T26104] netlink: 132 bytes leftover after parsing attributes in process `syz.1.40183'. [ 2751.058060][T18777] Bluetooth: hci3: command 0x2021 tx timeout [ 2751.436182][T18777] Bluetooth: hci1: unexpected subevent 0x06 length: 150 > 10 [ 2751.443861][T18777] Bluetooth: min 0 < 6 [ 2752.100751][T18777] Bluetooth: hci0: command 0x2021 tx timeout [ 2753.457934][T18777] Bluetooth: hci1: command 0x2021 tx timeout [ 2753.505938][T26153] netlink: 'syz.0.40201': attribute type 21 has an invalid length. [ 2753.519992][T26153] netlink: 'syz.0.40201': attribute type 6 has an invalid length. [ 2753.529670][T26153] netlink: 132 bytes leftover after parsing attributes in process `syz.0.40201'. [ 2753.573458][T26149] netlink: 'syz.1.40202': attribute type 12 has an invalid length. [ 2753.585334][T26149] netlink: 132 bytes leftover after parsing attributes in process `syz.1.40202'. [ 2754.188781][T18777] Bluetooth: hci2: unexpected subevent 0x06 length: 150 > 10 [ 2754.196507][T18777] Bluetooth: min 0 < 6 [ 2754.799448][T26188] netlink: 'syz.3.40214': attribute type 21 has an invalid length. [ 2754.887086][T26188] netlink: 'syz.3.40214': attribute type 6 has an invalid length. [ 2754.902223][T26188] netlink: 132 bytes leftover after parsing attributes in process `syz.3.40214'. [ 2754.968922][T26190] netlink: 'syz.2.40217': attribute type 12 has an invalid length. [ 2755.039345][T26190] netlink: 132 bytes leftover after parsing attributes in process `syz.2.40217'. [ 2755.703764][T26214] netlink: 'syz.2.40227': attribute type 1 has an invalid length. [ 2755.724254][T26214] netlink: 83992 bytes leftover after parsing attributes in process `syz.2.40227'. [ 2756.050472][T26229] netlink: 'syz.4.40233': attribute type 21 has an invalid length. [ 2756.088695][T26229] netlink: 'syz.4.40233': attribute type 6 has an invalid length. [ 2756.119481][T26229] netlink: 132 bytes leftover after parsing attributes in process `syz.4.40233'. [ 2756.210375][T26232] netlink: 'syz.3.40234': attribute type 12 has an invalid length. [ 2756.228081][T26232] netlink: 132 bytes leftover after parsing attributes in process `syz.3.40234'. [ 2756.259204][T18777] Bluetooth: hci2: command 0x2021 tx timeout [ 2756.448605][T26242] netlink: 132 bytes leftover after parsing attributes in process `syz.0.40248'. [ 2756.946268][T26249] netlink: 144 bytes leftover after parsing attributes in process `syz.1.40240'. [ 2763.364668][T26269] validate_nla: 4 callbacks suppressed [ 2763.364686][T26269] netlink: 'syz.0.40252': attribute type 21 has an invalid length. [ 2763.378818][T26269] netlink: 'syz.0.40252': attribute type 6 has an invalid length. [ 2763.386639][T26269] netlink: 132 bytes leftover after parsing attributes in process `syz.0.40252'. [ 2763.400937][T26296] netlink: 'syz.2.40261': attribute type 10 has an invalid length. [ 2763.494452][T26296] team0 (unregistering): Port device team_slave_1 removed [ 2764.010839][T26321] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 2764.017543][T26321] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 2767.407052][T26349] netlink: 'syz.2.40284': attribute type 21 has an invalid length. [ 2767.418468][T26349] netlink: 'syz.2.40284': attribute type 3 has an invalid length. [ 2767.456762][T26349] netlink: 144 bytes leftover after parsing attributes in process `syz.2.40284'. [ 2770.809851][T26391] netlink: 'syz.0.40301': attribute type 21 has an invalid length. [ 2770.836157][T26391] netlink: 'syz.0.40301': attribute type 3 has an invalid length. [ 2770.852787][T26391] netlink: 144 bytes leftover after parsing attributes in process `syz.0.40301'. [ 2771.101254][T26401] netlink: 198580 bytes leftover after parsing attributes in process `syz.3.40306'. [ 2771.802726][T26427] netlink: 'syz.3.40318': attribute type 21 has an invalid length. [ 2771.832688][T26427] netlink: 'syz.3.40318': attribute type 3 has an invalid length. [ 2771.867270][T26427] netlink: 144 bytes leftover after parsing attributes in process `syz.3.40318'. [ 2772.004608][T26425] device syzkaller0 entered promiscuous mode [ 2774.743691][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 2774.751307][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 2776.441107][T26436] netlink: 'syz.1.40322': attribute type 10 has an invalid length. [ 2776.460486][T26436] team0: Device hsr_slave_0 failed to register rx_handler [ 2776.546456][T26443] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 2776.552985][T26443] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 2778.528703][T26472] netlink: 'syz.4.40332': attribute type 21 has an invalid length. [ 2778.567683][T26472] netlink: 'syz.4.40332': attribute type 3 has an invalid length. [ 2778.616795][T26472] netlink: 144 bytes leftover after parsing attributes in process `syz.4.40332'. [ 2779.319132][T26487] netlink: 'syz.4.40352': attribute type 10 has an invalid length. [ 2779.327380][T26487] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2779.377208][T26487] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2779.402699][T26487] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 2783.532602][T26520] netlink: 129384 bytes leftover after parsing attributes in process `syz.2.40368'. [ 2785.361751][T26563] netlink: 129384 bytes leftover after parsing attributes in process `syz.1.40375'. [ 2787.655277][T26592] netlink: 129384 bytes leftover after parsing attributes in process `syz.0.40389'. [ 2789.325394][T26581] netlink: 'syz.1.40385': attribute type 10 has an invalid length. [ 2789.333595][T26581] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2789.351652][T26581] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2789.364987][T26581] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 2789.375041][T26588] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.40388'. [ 2789.561376][T26601] netlink: 63763 bytes leftover after parsing attributes in process `syz.4.40403'. [ 2790.501454][T26623] netlink: 'syz.0.40404': attribute type 10 has an invalid length. [ 2790.543925][T26623] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2790.920981][T26623] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2790.956345][T26623] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 2791.651205][T26649] device syzkaller0 entered promiscuous mode [ 2794.967476][T26669] netlink: 'syz.3.40420': attribute type 10 has an invalid length. [ 2794.982909][T26669] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2795.023658][T26669] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2795.062213][T26669] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 2795.282434][T26693] netlink: 'syz.4.40430': attribute type 4 has an invalid length. [ 2798.587161][T26717] netlink: 'syz.2.40438': attribute type 10 has an invalid length. [ 2798.602513][T26717] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2799.148311][T26717] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2799.657240][T26717] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 2809.515834][T26800] netlink: 'syz.2.40469': attribute type 4 has an invalid length. [ 2812.010252][T26824] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.40481'. [ 2813.582563][T26861] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.40498'. [ 2814.646633][T26898] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.40511'. [ 2820.398014][T26931] netlink: 'syz.4.40526': attribute type 1 has an invalid length. [ 2820.406030][T26931] netlink: 'syz.4.40526': attribute type 4 has an invalid length. [ 2820.421279][T26931] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.40526'. [ 2820.505275][T26943] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.40529'. [ 2823.316023][T26953] netlink: 'syz.4.40533': attribute type 10 has an invalid length. [ 2823.324976][T26953] netlink: 40 bytes leftover after parsing attributes in process `syz.4.40533'. [ 2823.341380][T26953] bridge0: port 3(veth0_vlan) entered blocking state [ 2823.348727][T26953] bridge0: port 3(veth0_vlan) entered disabled state [ 2823.356668][T26953] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 2828.447086][T26985] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.40549'. [ 2828.457955][T26993] netlink: 'syz.3.40551': attribute type 10 has an invalid length. [ 2828.465892][T26993] netlink: 40 bytes leftover after parsing attributes in process `syz.3.40551'. [ 2828.481232][T26993] bridge0: port 3(veth0_vlan) entered blocking state [ 2828.491999][T26993] bridge0: port 3(veth0_vlan) entered disabled state [ 2828.501035][T26993] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 2834.358829][T27053] device syzkaller0 entered promiscuous mode [ 2834.483231][T27065] netlink: 'syz.0.40589': attribute type 10 has an invalid length. [ 2834.508389][T27065] netlink: 40 bytes leftover after parsing attributes in process `syz.0.40589'. [ 2834.549341][T27065] bridge0: port 3(veth0_vlan) entered blocking state [ 2834.564917][T27065] bridge0: port 3(veth0_vlan) entered disabled state [ 2834.598928][T27065] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 2834.951798][T27083] netlink: 122896 bytes leftover after parsing attributes in process `syz.4.40597'. [ 2836.190185][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 2836.196622][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 2840.872141][T27116] netlink: 'syz.2.40596': attribute type 10 has an invalid length. [ 2840.895782][T27116] netlink: 40 bytes leftover after parsing attributes in process `syz.2.40596'. [ 2840.909796][T27116] bridge0: port 3(veth0_vlan) entered blocking state [ 2840.926698][T27116] bridge0: port 3(veth0_vlan) entered disabled state [ 2840.942982][T27116] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 2842.086738][T27130] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.40604'. [ 2846.429622][T27149] netlink: 'syz.3.40628': attribute type 39 has an invalid length. [ 2846.460274][T27151] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.40627'. [ 2846.622880][T27153] netlink: 'syz.1.40615': attribute type 10 has an invalid length. [ 2846.633034][T27153] netlink: 40 bytes leftover after parsing attributes in process `syz.1.40615'. [ 2846.656111][T27153] bridge0: port 3(veth0_vlan) entered blocking state [ 2846.664947][T27153] bridge0: port 3(veth0_vlan) entered disabled state [ 2846.697444][T27153] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 2852.096969][T27181] netlink: 'syz.2.40632': attribute type 1 has an invalid length. [ 2852.105399][T27181] netlink: 'syz.2.40632': attribute type 4 has an invalid length. [ 2852.113569][T27181] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.40632'. [ 2852.126367][T27190] netlink: 'syz.3.40635': attribute type 10 has an invalid length. [ 2852.147880][T27190] netlink: 40 bytes leftover after parsing attributes in process `syz.3.40635'. [ 2852.157213][T27190] bridge0: port 3(veth0_vlan) entered blocking state [ 2852.181206][T27190] bridge0: port 3(veth0_vlan) entered disabled state [ 2852.189978][T27190] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 2854.329187][T27205] netlink: 'syz.0.40651': attribute type 10 has an invalid length. [ 2854.338708][T27205] netlink: 40 bytes leftover after parsing attributes in process `syz.0.40651'. [ 2854.348276][T27205] bridge0: port 3(veth0_vlan) entered blocking state [ 2854.355303][T27205] bridge0: port 3(veth0_vlan) entered disabled state [ 2854.363959][T27205] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 2854.530449][T27219] netlink: 122896 bytes leftover after parsing attributes in process `syz.2.40646'. [ 2854.588711][T27219] debugfs: Directory '.!' with parent 'ieee80211' already present! [ 2854.693748][T27229] netlink: 'syz.4.40649': attribute type 39 has an invalid length. [ 2857.716236][T27255] netlink: 'syz.4.40660': attribute type 10 has an invalid length. [ 2857.724366][T27255] netlink: 40 bytes leftover after parsing attributes in process `syz.4.40660'. [ 2857.734073][T27255] bridge0: port 3(veth0_vlan) entered blocking state [ 2857.756662][T27255] bridge0: port 3(veth0_vlan) entered disabled state [ 2857.767237][T27255] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 2857.852077][T27256] device syzkaller0 entered promiscuous mode [ 2863.994898][T27300] IPv6: NLM_F_CREATE should be specified when creating new route [ 2864.002860][T27306] netlink: 'syz.4.40675': attribute type 10 has an invalid length. [ 2864.011542][T27306] netlink: 40 bytes leftover after parsing attributes in process `syz.4.40675'. [ 2864.028249][T27306] bridge0: port 3(veth0_vlan) entered blocking state [ 2864.035320][T27306] bridge0: port 3(veth0_vlan) entered disabled state [ 2864.044695][T27306] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 2864.526373][T27331] netlink: 122896 bytes leftover after parsing attributes in process `syz.1.40687'. [ 2864.569965][T27331] debugfs: Directory '.!' with parent 'ieee80211' already present! [ 2865.337754][T27348] netlink: 'syz.0.40696': attribute type 10 has an invalid length. [ 2865.402368][T27348] netlink: 40 bytes leftover after parsing attributes in process `syz.0.40696'. [ 2865.447323][T27348] bridge0: port 3(veth0_vlan) entered blocking state [ 2865.506915][T27348] bridge0: port 3(veth0_vlan) entered disabled state [ 2865.603381][T27348] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 2866.877609][T27381] netlink: 122896 bytes leftover after parsing attributes in process `syz.3.40708'. [ 2866.900043][T27381] debugfs: Directory '.!' with parent 'ieee80211' already present! [ 2871.604641][T27397] tap1: tun_chr_ioctl cmd 1074025675 [ 2871.610273][T27397] tap1: persist disabled [ 2871.763822][T27418] netlink: 122896 bytes leftover after parsing attributes in process `syz.1.40722'. [ 2871.789588][T27418] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 2871.826079][T27418] CPU: 0 PID: 27418 Comm: syz.1.40722 Not tainted syzkaller #0 [ 2871.833701][T27418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 2871.843786][T27418] Call Trace: [ 2871.847088][T27418] [ 2871.850055][T27418] dump_stack_lvl+0x188/0x24e [ 2871.854776][T27418] ? show_regs_print_info+0x12/0x12 [ 2871.860018][T27418] ? load_image+0x400/0x400 [ 2871.864574][T27418] sysfs_warn_dup+0x8a/0xa0 [ 2871.869126][T27418] sysfs_do_create_link_sd+0xc0/0x110 [ 2871.874544][T27418] device_add+0x7ed/0xfb0 [ 2871.878938][T27418] wiphy_register+0x1d9f/0x2ac0 [ 2871.883849][T27418] ? cfg80211_event_work+0x40/0x40 [ 2871.888993][T27418] ? minstrel_ht_alloc+0x894/0xa20 [ 2871.894146][T27418] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 2871.900425][T27418] ieee80211_register_hw+0x2d00/0x39f0 [ 2871.906115][T27418] ? ieee80211_register_hw+0xea1/0x39f0 [ 2871.911864][T27418] ? ieee80211_register_hw+0xea1/0x39f0 [ 2871.917540][T27418] ? ieee80211_tasklet_handler+0x20/0x20 [ 2871.923224][T27418] ? memset+0x1e/0x40 [ 2871.927302][T27418] ? __hrtimer_init+0x186/0x270 [ 2871.932336][T27418] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 2871.938200][T27418] hwsim_new_radio_nl+0xafa/0xce0 [ 2871.943648][T27418] genl_family_rcv_msg_doit+0x22a/0x330 [ 2871.949481][T27418] ? end_current_label_crit_section+0x170/0x170 [ 2871.955736][T27418] ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0 [ 2871.961645][T27418] ? bpf_lsm_capable+0x5/0x10 [ 2871.966337][T27418] ? security_capable+0x85/0xb0 [ 2871.971376][T27418] genl_rcv_msg+0x604/0x790 [ 2871.975909][T27418] ? genl_bind+0x360/0x360 [ 2871.980334][T27418] ? hwsim_tx_info_frame_received_nl+0xfc0/0xfc0 [ 2871.986679][T27418] netlink_rcv_skb+0x1fb/0x450 [ 2871.991451][T27418] ? genl_bind+0x360/0x360 [ 2871.995873][T27418] ? netlink_ack+0x1170/0x1170 [ 2872.000911][T27418] ? down_read+0x1a8/0x2d0 [ 2872.005334][T27418] genl_rcv+0x24/0x40 [ 2872.009373][T27418] netlink_unicast+0x74d/0x8d0 [ 2872.014241][T27418] netlink_sendmsg+0x8ad/0xbd0 [ 2872.019021][T27418] ? netlink_getsockopt+0x550/0x550 [ 2872.024225][T27418] ? aa_sock_msg_perm+0x94/0x150 [ 2872.029349][T27418] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 2872.034821][T27418] ? security_socket_sendmsg+0x7c/0xa0 [ 2872.040485][T27418] ? netlink_getsockopt+0x550/0x550 [ 2872.045711][T27418] ____sys_sendmsg+0x5be/0x970 [ 2872.050592][T27418] ? __sys_sendmsg_sock+0x30/0x30 [ 2872.055625][T27418] ? __import_iovec+0x315/0x500 [ 2872.060497][T27418] ? import_iovec+0x6f/0xa0 [ 2872.065097][T27418] ___sys_sendmsg+0x2a2/0x360 [ 2872.069919][T27418] ? try_to_wake_up+0x6ae/0x1080 [ 2872.074954][T27418] ? __sys_sendmsg+0x290/0x290 [ 2872.079842][T27418] ? rcu_read_lock_any_held+0xb0/0x130 [ 2872.085505][T27418] __se_sys_sendmsg+0x1bb/0x2a0 [ 2872.090455][T27418] ? __x64_sys_sendmsg+0x80/0x80 [ 2872.095521][T27418] ? lockdep_hardirqs_on+0x94/0x140 [ 2872.100918][T27418] do_syscall_64+0x4c/0xa0 [ 2872.105345][T27418] ? clear_bhb_loop+0x60/0xb0 [ 2872.110133][T27418] ? clear_bhb_loop+0x60/0xb0 [ 2872.114826][T27418] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2872.120988][T27418] RIP: 0033:0x7f55c839aeb9 [ 2872.125490][T27418] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2872.145187][T27418] RSP: 002b:00007f55c919b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2872.153880][T27418] RAX: ffffffffffffffda RBX: 00007f55c8615fa0 RCX: 00007f55c839aeb9 [ 2872.161856][T27418] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 2872.169909][T27418] RBP: 00007f55c8408c1f R08: 0000000000000000 R09: 0000000000000000 [ 2872.177875][T27418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2872.185852][T27418] R13: 00007f55c8616038 R14: 00007f55c8615fa0 R15: 00007ffc2ae69f88 [ 2872.193863][T27418] [ 2873.647989][T27442] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.40734'. [ 2878.595908][T27508] netlink: 63503 bytes leftover after parsing attributes in process `syz.4.40761'. [ 2879.932088][T18834] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4 [ 2880.081190][T27539] netlink: 'syz.0.40783': attribute type 6 has an invalid length. [ 2880.133285][T27539] netlink: 127868 bytes leftover after parsing attributes in process `syz.0.40783'. [ 2882.844780][T27548] netlink: 'syz.0.40776': attribute type 13 has an invalid length. [ 2882.867988][T27548] netlink: 152 bytes leftover after parsing attributes in process `syz.0.40776'. [ 2882.889492][T27548] erspan0: refused to change device tx_queue_len [ 2882.896311][T27548] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 2882.933500][T27554] netlink: 'syz.1.40790': attribute type 6 has an invalid length. [ 2882.965316][T27554] netlink: 127868 bytes leftover after parsing attributes in process `syz.1.40790'. [ 2883.172642][T27562] netlink: 'syz.4.40792': attribute type 10 has an invalid length. [ 2883.210440][T27562] bridge0: port 2(bridge_slave_1) entered disabled state [ 2883.248522][T27562] device bridge_slave_1 left promiscuous mode [ 2883.254915][T27562] bridge0: port 2(bridge_slave_1) entered disabled state [ 2883.282122][T27562] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 2884.967633][T27591] netlink: 'syz.3.40795': attribute type 6 has an invalid length. [ 2884.995428][T27591] netlink: 127868 bytes leftover after parsing attributes in process `syz.3.40795'. [ 2888.432239][T27621] netlink: 'syz.0.40809': attribute type 10 has an invalid length. [ 2888.451541][T27621] bridge0: port 2(bridge_slave_1) entered disabled state [ 2888.459831][T27621] device bridge_slave_1 left promiscuous mode [ 2888.466074][T27621] bridge0: port 2(bridge_slave_1) entered disabled state [ 2888.477202][T27621] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 2897.636192][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 2897.642788][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 2898.712926][T27536] Bluetooth: hci4: unexpected event 0x06 length: 15 > 3 [ 2900.925642][T18777] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 2902.831888][T18777] Bluetooth: hci4: command 0x0406 tx timeout [ 2906.754724][T27536] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 2907.006467][T27865] mac80211_hwsim hwsim90 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 2907.067809][T18777] Bluetooth: hci3: command 0x0406 tx timeout [ 2908.798097][T18777] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 2908.919723][T18777] Bluetooth: hci4: unexpected event 0x03 length: 15 > 11 [ 2910.197460][T27912] mac80211_hwsim hwsim74 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 2910.566027][T27921] netlink: 'syz.4.40936': attribute type 4 has an invalid length. [ 2910.595678][T27921] netlink: 140 bytes leftover after parsing attributes in process `syz.4.40936'. [ 2910.840085][T24292] wlan1: Trigger new scan to find an IBSS to join [ 2912.821914][ T46] wlan1: Trigger new scan to find an IBSS to join [ 2914.216460][T27959] mac80211_hwsim hwsim94 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 2914.899156][T27536] Bluetooth: hci1: command 0x0406 tx timeout [ 2914.899686][T24318] wlan1: Trigger new scan to find an IBSS to join [ 2915.921996][ T46] wlan1: Creating new IBSS network, BSSID 4a:69:8f:bc:a7:b7 [ 2916.831820][T24297] wlan1: Trigger new scan to find an IBSS to join [ 2916.901837][T24862] wlan1: Trigger new scan to find an IBSS to join [ 2918.497627][T28003] netlink: 'syz.0.40967': attribute type 4 has an invalid length. [ 2918.517181][T28003] netlink: 140 bytes leftover after parsing attributes in process `syz.0.40967'. [ 2918.818184][T24862] wlan1: Creating new IBSS network, BSSID 06:1b:12:d7:32:1f [ 2919.802189][T28045] netlink: 'syz.1.40985': attribute type 10 has an invalid length. [ 2919.828644][T28045] team0: Device hsr_slave_0 failed to register rx_handler [ 2921.865473][T24297] wlan1: Trigger new scan to find an IBSS to join [ 2922.768715][T24862] wlan1: Creating new IBSS network, BSSID 2a:2c:86:c7:c1:51 [ 2923.576839][T28097] netlink: 'syz.0.41006': attribute type 10 has an invalid length. [ 2924.326392][T27536] Bluetooth: hci3: ISO packet too small [ 2933.518459][T28270] netlink: 8 bytes leftover after parsing attributes in process `syz.2.41081'. [ 2933.566421][T28270] netlink: 4 bytes leftover after parsing attributes in process `syz.2.41081'. [ 2933.602516][T28270] netlink: 33 bytes leftover after parsing attributes in process `syz.2.41081'. [ 2933.651786][T28270] netlink: 4 bytes leftover after parsing attributes in process `syz.2.41081'. [ 2933.677880][T28270] netlink: 33 bytes leftover after parsing attributes in process `syz.2.41081'. [ 2933.687658][T28270] netlink: 4 bytes leftover after parsing attributes in process `syz.2.41081'. [ 2933.707900][T28270] netlink: 33 bytes leftover after parsing attributes in process `syz.2.41081'. [ 2935.797650][T28292] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 2942.417033][T28391] netlink: 132 bytes leftover after parsing attributes in process `syz.3.41146'. [ 2945.861961][T28420] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.41148'. [ 2945.942810][T26068] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2946.869929][T26068] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2948.195958][T28452] netlink: 60583 bytes leftover after parsing attributes in process `syz.4.41162'. [ 2948.206658][T28452] netlink: 4 bytes leftover after parsing attributes in process `syz.4.41162'. [ 2948.354729][T28455] netlink: 63503 bytes leftover after parsing attributes in process `syz.4.41163'. [ 2951.615335][T28479] netlink: 55631 bytes leftover after parsing attributes in process `syz.4.41174'. [ 2952.807205][T24318] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2953.184469][T28515] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.41190'. [ 2953.730241][T26068] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2959.074655][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 2959.081185][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 2964.305523][T27536] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 2964.313783][T27536] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 2964.328751][T27536] CPU: 1 PID: 27536 Comm: kworker/u5:0 Not tainted syzkaller #0 [ 2964.336557][T27536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 2964.346748][T27536] Workqueue: hci3 hci_rx_work [ 2964.351475][T27536] Call Trace: [ 2964.354785][T27536] [ 2964.357736][T27536] dump_stack_lvl+0x188/0x24e [ 2964.362537][T27536] ? show_regs_print_info+0x12/0x12 [ 2964.367870][T27536] ? load_image+0x400/0x400 [ 2964.372409][T27536] sysfs_create_dir_ns+0x26a/0x290 [ 2964.377556][T27536] ? sysfs_warn_dup+0xa0/0xa0 [ 2964.382266][T27536] ? do_raw_spin_unlock+0x11d/0x230 [ 2964.387477][T27536] kobject_add_internal+0x61c/0xcc0 [ 2964.392687][T27536] kobject_add+0x160/0x230 [ 2964.397392][T27536] ? kobject_init+0x1d0/0x1d0 [ 2964.402260][T27536] ? klist_children_get+0x50/0x50 [ 2964.407289][T27536] ? get_device_parent+0x121/0x3f0 [ 2964.412538][T27536] device_add+0x483/0xfb0 [ 2964.416960][T27536] ? kmem_cache_free+0xf7/0x290 [ 2964.421821][T27536] hci_conn_add_sysfs+0xd1/0x1e0 [ 2964.426967][T27536] le_conn_complete_evt+0x105f/0x1670 [ 2964.432375][T27536] ? le_conn_complete_evt+0xe6/0x1670 [ 2964.437783][T27536] ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0 [ 2964.444204][T27536] ? bt_info+0x180/0x180 [ 2964.448446][T27536] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 2964.454085][T27536] ? skb_pull_data+0xf7/0x200 [ 2964.458785][T27536] hci_le_conn_complete_evt+0x183/0x440 [ 2964.464438][T27536] ? hci_remote_host_features_evt+0x270/0x270 [ 2964.470510][T27536] hci_event_packet+0x7b6/0x1280 [ 2964.475461][T27536] ? bis_list+0x280/0x280 [ 2964.479800][T27536] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 2964.485819][T27536] ? kcov_remote_start+0x4c7/0x7e0 [ 2964.491042][T27536] ? mt_dump_node+0x8f0/0x1920 [ 2964.495987][T27536] ? hci_send_to_monitor+0x9c/0x4a0 [ 2964.501203][T27536] hci_rx_work+0x3eb/0xd40 [ 2964.505894][T27536] ? _raw_spin_unlock+0x40/0x40 [ 2964.511022][T27536] ? process_one_work+0x7b0/0x1160 [ 2964.516134][T27536] process_one_work+0x8a2/0x1160 [ 2964.521097][T27536] ? worker_detach_from_pool+0x240/0x240 [ 2964.526736][T27536] ? _raw_spin_lock_irq+0xb7/0xf0 [ 2964.531772][T27536] ? _raw_spin_lock_irqsave+0x100/0x100 [ 2964.537674][T27536] ? kthread_data+0x4b/0xc0 [ 2964.542719][T27536] worker_thread+0xaa2/0x1270 [ 2964.547506][T27536] ? __kthread_parkme+0x162/0x1c0 [ 2964.552650][T27536] kthread+0x29d/0x330 [ 2964.556748][T27536] ? worker_clr_flags+0x1a0/0x1a0 [ 2964.561775][T27536] ? kthread_blkcg+0xd0/0xd0 [ 2964.566393][T27536] ret_from_fork+0x1f/0x30 [ 2964.571035][T27536] [ 2964.582650][T27536] kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 2964.597909][T27536] Bluetooth: hci3: failed to register connection device [ 2965.737975][T28702] netlink: 44 bytes leftover after parsing attributes in process `syz.4.41273'. [ 2966.658446][T27536] Bluetooth: hci3: command 0x2016 tx timeout [ 2969.743756][T28734] __sock_release: fasync list not empty! [ 2974.515320][T18777] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 2974.900460][T28830] netlink: 44 bytes leftover after parsing attributes in process `syz.0.41325'. [ 2976.313993][T28857] __sock_release: fasync list not empty! [ 2976.579847][T18777] Bluetooth: hci0: command 0x2016 tx timeout [ 2979.529782][ T46] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2984.733412][T28969] netlink: 'syz.3.41381': attribute type 29 has an invalid length. [ 2985.062505][T24297] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2987.276003][T28969] netlink: 'syz.3.41381': attribute type 29 has an invalid length. [ 2987.673695][T28999] device syzkaller0 entered promiscuous mode [ 2996.488136][T29065] netlink: 'syz.3.41416': attribute type 11 has an invalid length. [ 2996.517975][T29065] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.41416'. [ 2996.572375][T29065] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2996.827402][T29075] netlink: 'syz.1.41419': attribute type 1 has an invalid length. [ 2996.843184][T29075] netlink: 83992 bytes leftover after parsing attributes in process `syz.1.41419'. [ 2999.418142][T27536] Bluetooth: hci4: ISO packet for unknown connection handle 2366 [ 3000.190490][T29101] netlink: 'syz.0.41432': attribute type 11 has an invalid length. [ 3000.267922][T29101] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.41432'. [ 3000.332588][T29101] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 3000.881693][T29107] netlink: 'syz.3.41434': attribute type 1 has an invalid length. [ 3000.897809][T29107] netlink: 83992 bytes leftover after parsing attributes in process `syz.3.41434'. [ 3005.764166][T29132] netlink: 'syz.1.41446': attribute type 11 has an invalid length. [ 3005.780941][T29132] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.41446'. [ 3005.817085][T29132] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 3006.826928][T29144] netlink: 'syz.2.41448': attribute type 1 has an invalid length. [ 3006.851895][T29144] netlink: 83992 bytes leftover after parsing attributes in process `syz.2.41448'. [ 3010.465231][ T8263] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3010.937685][T29178] netlink: 122896 bytes leftover after parsing attributes in process `syz.2.41464'. [ 3011.479061][ T46] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3015.377652][T29178] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 3015.387381][T29178] CPU: 1 PID: 29178 Comm: syz.2.41464 Not tainted syzkaller #0 [ 3015.395162][T29178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 3015.405509][T29178] Call Trace: [ 3015.408807][T29178] [ 3015.411755][T29178] dump_stack_lvl+0x188/0x24e [ 3015.416520][T29178] ? show_regs_print_info+0x12/0x12 [ 3015.421713][T29178] ? load_image+0x400/0x400 [ 3015.426212][T29178] sysfs_warn_dup+0x8a/0xa0 [ 3015.430977][T29178] sysfs_do_create_link_sd+0xc0/0x110 [ 3015.436351][T29178] device_add+0x7ed/0xfb0 [ 3015.440773][T29178] wiphy_register+0x1d9f/0x2ac0 [ 3015.445711][T29178] ? cfg80211_event_work+0x40/0x40 [ 3015.450812][T29178] ? minstrel_ht_alloc+0x894/0xa20 [ 3015.455916][T29178] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 3015.462006][T29178] ieee80211_register_hw+0x2d00/0x39f0 [ 3015.467548][T29178] ? ieee80211_register_hw+0xea1/0x39f0 [ 3015.473348][T29178] ? ieee80211_register_hw+0xea1/0x39f0 [ 3015.478892][T29178] ? ieee80211_tasklet_handler+0x20/0x20 [ 3015.484605][T29178] ? memset+0x1e/0x40 [ 3015.488587][T29178] ? __hrtimer_init+0x186/0x270 [ 3015.493427][T29178] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 3015.499159][T29178] hwsim_new_radio_nl+0xafa/0xce0 [ 3015.504181][T29178] genl_family_rcv_msg_doit+0x22a/0x330 [ 3015.509825][T29178] ? end_current_label_crit_section+0x170/0x170 [ 3015.516059][T29178] ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0 [ 3015.522126][T29178] ? bpf_lsm_capable+0x5/0x10 [ 3015.527229][T29178] ? security_capable+0x85/0xb0 [ 3015.532250][T29178] genl_rcv_msg+0x604/0x790 [ 3015.536750][T29178] ? genl_bind+0x360/0x360 [ 3015.541163][T29178] ? hwsim_tx_info_frame_received_nl+0xfc0/0xfc0 [ 3015.547494][T29178] netlink_rcv_skb+0x1fb/0x450 [ 3015.552344][T29178] ? genl_bind+0x360/0x360 [ 3015.556753][T29178] ? netlink_ack+0x1170/0x1170 [ 3015.561606][T29178] ? down_read+0x1a8/0x2d0 [ 3015.566114][T29178] genl_rcv+0x24/0x40 [ 3015.570179][T29178] netlink_unicast+0x74d/0x8d0 [ 3015.574947][T29178] netlink_sendmsg+0x8ad/0xbd0 [ 3015.579711][T29178] ? netlink_getsockopt+0x550/0x550 [ 3015.585047][T29178] ? aa_sock_msg_perm+0x94/0x150 [ 3015.589975][T29178] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 3015.595421][T29178] ? security_socket_sendmsg+0x7c/0xa0 [ 3015.600971][T29178] ? netlink_getsockopt+0x550/0x550 [ 3015.606157][T29178] ____sys_sendmsg+0x5be/0x970 [ 3015.610916][T29178] ? __sys_sendmsg_sock+0x30/0x30 [ 3015.616010][T29178] ? __import_iovec+0x315/0x500 [ 3015.620971][T29178] ? import_iovec+0x6f/0xa0 [ 3015.625477][T29178] ___sys_sendmsg+0x2a2/0x360 [ 3015.630317][T29178] ? try_to_wake_up+0x67c/0x1080 [ 3015.635424][T29178] ? __sys_sendmsg+0x290/0x290 [ 3015.640389][T29178] __se_sys_sendmsg+0x1bb/0x2a0 [ 3015.645405][T29178] ? ct_nmi_exit+0x145/0x1c0 [ 3015.650073][T29178] ? __x64_sys_sendmsg+0x80/0x80 [ 3015.655009][T29178] ? lockdep_hardirqs_on+0x94/0x140 [ 3015.660217][T29178] do_syscall_64+0x4c/0xa0 [ 3015.664633][T29178] ? clear_bhb_loop+0x60/0xb0 [ 3015.669420][T29178] ? clear_bhb_loop+0x60/0xb0 [ 3015.674431][T29178] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 3015.680583][T29178] RIP: 0033:0x7f7fa6d9aeb9 [ 3015.685017][T29178] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 3015.704817][T29178] RSP: 002b:00007f7fa7cd7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3015.713414][T29178] RAX: ffffffffffffffda RBX: 00007f7fa7016270 RCX: 00007f7fa6d9aeb9 [ 3015.721717][T29178] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 3015.729765][T29178] RBP: 00007f7fa6e08c1f R08: 0000000000000000 R09: 0000000000000000 [ 3015.737818][T29178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3015.745889][T29178] R13: 00007f7fa7016308 R14: 00007f7fa7016270 R15: 00007ffcd6470ee8 [ 3015.754140][T29178] [ 3015.983958][ T8263] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3017.014852][T24862] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3020.518236][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 3020.524615][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 3025.634588][T29346] device syzkaller0 entered promiscuous mode [ 3034.529544][T29427] netlink: 40 bytes leftover after parsing attributes in process `syz.0.41566'. [ 3034.539080][T29427] netlink: 4 bytes leftover after parsing attributes in process `syz.0.41566'. [ 3041.872140][T29557] bridge0: port 2(bridge_slave_1) entered disabled state [ 3041.905174][T29558] bridge0: port 2(bridge_slave_1) entered blocking state [ 3041.912356][T29558] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3041.929403][T29558] device bridge0 entered promiscuous mode [ 3044.553636][ T46] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3045.449647][T29578] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.41628'. [ 3045.479916][ T46] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3045.556588][T29594] device syzkaller0 entered promiscuous mode [ 3048.240055][ T46] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3052.832936][T29669] netlink: 129384 bytes leftover after parsing attributes in process `syz.3.41664'. [ 3054.301291][T29698] netlink: 180900 bytes leftover after parsing attributes in process `syz.4.41676'. [ 3054.333442][T29698] openvswitch: netlink: Flow actions attr not present in new flow. [ 3064.259743][T29800] netlink: 129384 bytes leftover after parsing attributes in process `syz.2.41717'. [ 3070.869973][T29869] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.41748'. [ 3070.976113][T29881] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 3071.608598][T29908] netlink: 'syz.1.41764': attribute type 29 has an invalid length. [ 3071.648929][T29908] netlink: 'syz.1.41764': attribute type 29 has an invalid length. [ 3071.836695][T29911] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.41765'. [ 3072.050248][T29921] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 3073.756816][T29948] netlink: 'syz.4.41781': attribute type 29 has an invalid length. [ 3075.422834][T29948] netlink: 'syz.4.41781': attribute type 29 has an invalid length. [ 3075.431238][T29951] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.41783'. [ 3075.504871][T29953] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 3076.606684][T25883] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3076.650815][T29984] netlink: 'syz.3.41800': attribute type 29 has an invalid length. [ 3076.716707][T29984] netlink: 'syz.3.41800': attribute type 29 has an invalid length. [ 3077.392942][T30019] netlink: 'syz.0.41813': attribute type 29 has an invalid length. [ 3077.425646][T30019] netlink: 'syz.0.41813': attribute type 29 has an invalid length. [ 3077.631350][ T8263] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3079.272043][ T46] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3080.286244][T30039] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.41823'. [ 3080.456278][T30056] netlink: 'syz.2.41829': attribute type 29 has an invalid length. [ 3080.476388][T30056] netlink: 'syz.2.41829': attribute type 29 has an invalid length. [ 3080.610423][T30060] netlink: 'syz.0.41844': attribute type 29 has an invalid length. [ 3080.641239][T30060] netlink: 'syz.0.41844': attribute type 29 has an invalid length. [ 3080.666257][T30065] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.41843'. [ 3081.940109][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 3081.946635][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 3082.556867][T30096] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 3082.626076][T30099] netlink: 'syz.2.41852': attribute type 29 has an invalid length. [ 3082.669098][T30099] netlink: 'syz.2.41852': attribute type 29 has an invalid length. [ 3084.420295][T30139] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 3084.869350][T30143] netlink: 'syz.2.41869': attribute type 29 has an invalid length. [ 3084.909382][T30143] netlink: 'syz.2.41869': attribute type 29 has an invalid length. [ 3084.965785][T30149] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 3085.266807][T30160] netlink: 122896 bytes leftover after parsing attributes in process `syz.2.41875'. [ 3085.326989][T30160] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 3085.347222][T30160] CPU: 0 PID: 30160 Comm: syz.2.41875 Not tainted syzkaller #0 [ 3085.354831][T30160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 3085.365622][T30160] Call Trace: [ 3085.369005][T30160] [ 3085.372139][T30160] dump_stack_lvl+0x188/0x24e [ 3085.376945][T30160] ? show_regs_print_info+0x12/0x12 [ 3085.382259][T30160] ? load_image+0x400/0x400 [ 3085.386877][T30160] sysfs_warn_dup+0x8a/0xa0 [ 3085.391489][T30160] sysfs_do_create_link_sd+0xc0/0x110 [ 3085.397061][T30160] device_add+0x7ed/0xfb0 [ 3085.401475][T30160] wiphy_register+0x1d9f/0x2ac0 [ 3085.406455][T30160] ? cfg80211_event_work+0x40/0x40 [ 3085.411634][T30160] ? minstrel_ht_alloc+0x894/0xa20 [ 3085.416866][T30160] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 3085.423488][T30160] ieee80211_register_hw+0x2d00/0x39f0 [ 3085.429160][T30160] ? ieee80211_register_hw+0xea1/0x39f0 [ 3085.434910][T30160] ? ieee80211_register_hw+0xea1/0x39f0 [ 3085.440576][T30160] ? ieee80211_tasklet_handler+0x20/0x20 [ 3085.446338][T30160] ? memset+0x1e/0x40 [ 3085.450343][T30160] ? __hrtimer_init+0x186/0x270 [ 3085.455215][T30160] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 3085.461144][T30160] hwsim_new_radio_nl+0xafa/0xce0 [ 3085.466299][T30160] genl_family_rcv_msg_doit+0x22a/0x330 [ 3085.471981][T30160] ? end_current_label_crit_section+0x170/0x170 [ 3085.478593][T30160] ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0 [ 3085.484699][T30160] ? bpf_lsm_capable+0x5/0x10 [ 3085.489401][T30160] ? security_capable+0x85/0xb0 [ 3085.494280][T30160] genl_rcv_msg+0x604/0x790 [ 3085.498836][T30160] ? genl_bind+0x360/0x360 [ 3085.503380][T30160] ? hwsim_tx_info_frame_received_nl+0xfc0/0xfc0 [ 3085.509925][T30160] netlink_rcv_skb+0x1fb/0x450 [ 3085.514797][T30160] ? genl_bind+0x360/0x360 [ 3085.519240][T30160] ? netlink_ack+0x1170/0x1170 [ 3085.524187][T30160] ? down_read+0x1a8/0x2d0 [ 3085.528727][T30160] genl_rcv+0x24/0x40 [ 3085.532744][T30160] netlink_unicast+0x74d/0x8d0 [ 3085.537541][T30160] netlink_sendmsg+0x8ad/0xbd0 [ 3085.542339][T30160] ? netlink_getsockopt+0x550/0x550 [ 3085.547565][T30160] ? aa_sock_msg_perm+0x94/0x150 [ 3085.552608][T30160] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 3085.557999][T30160] ? security_socket_sendmsg+0x7c/0xa0 [ 3085.563500][T30160] ? netlink_getsockopt+0x550/0x550 [ 3085.568722][T30160] ____sys_sendmsg+0x5be/0x970 [ 3085.573611][T30160] ? __sys_sendmsg_sock+0x30/0x30 [ 3085.578746][T30160] ? __import_iovec+0x315/0x500 [ 3085.583803][T30160] ? import_iovec+0x6f/0xa0 [ 3085.588328][T30160] ___sys_sendmsg+0x2a2/0x360 [ 3085.593113][T30160] ? try_to_wake_up+0x67c/0x1080 [ 3085.598426][T30160] ? __sys_sendmsg+0x290/0x290 [ 3085.603366][T30160] __se_sys_sendmsg+0x1bb/0x2a0 [ 3085.608334][T30160] ? __x64_sys_sendmsg+0x80/0x80 [ 3085.613312][T30160] ? lockdep_hardirqs_on+0x94/0x140 [ 3085.618629][T30160] do_syscall_64+0x4c/0xa0 [ 3085.623126][T30160] ? clear_bhb_loop+0x60/0xb0 [ 3085.627818][T30160] ? clear_bhb_loop+0x60/0xb0 [ 3085.632541][T30160] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 3085.638543][T30160] RIP: 0033:0x7f7fa6d9aeb9 [ 3085.643146][T30160] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 3085.662965][T30160] RSP: 002b:00007f7fa7d19028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3085.671446][T30160] RAX: ffffffffffffffda RBX: 00007f7fa7016090 RCX: 00007f7fa6d9aeb9 [ 3085.679607][T30160] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005 [ 3085.687679][T30160] RBP: 00007f7fa6e08c1f R08: 0000000000000000 R09: 0000000000000000 [ 3085.695674][T30160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3085.703660][T30160] R13: 00007f7fa7016128 R14: 00007f7fa7016090 R15: 00007ffcd6470ee8 [ 3085.711752][T30160] [ 3088.785081][T30191] netlink: 'syz.0.41887': attribute type 29 has an invalid length. [ 3088.805708][T30191] netlink: 'syz.0.41887': attribute type 29 has an invalid length. [ 3089.151025][T27536] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18 [ 3089.158994][T27536] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0' [ 3089.170065][T27536] CPU: 0 PID: 27536 Comm: kworker/u5:0 Not tainted syzkaller #0 [ 3089.178007][T27536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 3089.188337][T27536] Workqueue: hci2 hci_rx_work [ 3089.193109][T27536] Call Trace: [ 3089.196403][T27536] [ 3089.199335][T27536] dump_stack_lvl+0x188/0x24e [ 3089.204207][T27536] ? show_regs_print_info+0x12/0x12 [ 3089.209495][T27536] ? load_image+0x400/0x400 [ 3089.214007][T27536] sysfs_create_dir_ns+0x26a/0x290 [ 3089.219134][T27536] ? sysfs_warn_dup+0xa0/0xa0 [ 3089.223812][T27536] ? do_raw_spin_unlock+0x11d/0x230 [ 3089.229102][T27536] kobject_add_internal+0x61c/0xcc0 [ 3089.234657][T27536] kobject_add+0x160/0x230 [ 3089.239171][T27536] ? kobject_init+0x1d0/0x1d0 [ 3089.243884][T27536] ? klist_children_get+0x50/0x50 [ 3089.249081][T27536] ? get_device_parent+0x121/0x3f0 [ 3089.254288][T27536] device_add+0x483/0xfb0 [ 3089.258634][T27536] ? kmem_cache_free+0xf7/0x290 [ 3089.263496][T27536] hci_conn_add_sysfs+0xd1/0x1e0 [ 3089.268525][T27536] le_conn_complete_evt+0x105f/0x1670 [ 3089.274076][T27536] ? le_conn_complete_evt+0xe6/0x1670 [ 3089.279537][T27536] ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0 [ 3089.285862][T27536] ? bt_info+0x180/0x180 [ 3089.290202][T27536] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 3089.296107][T27536] ? skb_pull_data+0xf7/0x200 [ 3089.300793][T27536] hci_le_conn_complete_evt+0x183/0x440 [ 3089.306429][T27536] ? hci_remote_host_features_evt+0x270/0x270 [ 3089.312499][T27536] hci_event_packet+0x7b6/0x1280 [ 3089.317621][T27536] ? bis_list+0x280/0x280 [ 3089.322017][T27536] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 3089.328024][T27536] ? kcov_remote_start+0x4c7/0x7e0 [ 3089.333222][T27536] ? mt_dump_node+0x8f0/0x1920 [ 3089.338179][T27536] ? hci_send_to_monitor+0x9c/0x4a0 [ 3089.343473][T27536] hci_rx_work+0x3eb/0xd40 [ 3089.347977][T27536] ? _raw_spin_unlock+0x40/0x40 [ 3089.352843][T27536] ? process_one_work+0x7b0/0x1160 [ 3089.357961][T27536] process_one_work+0x8a2/0x1160 [ 3089.362918][T27536] ? worker_detach_from_pool+0x240/0x240 [ 3089.368651][T27536] ? _raw_spin_lock_irq+0x86/0xf0 [ 3089.373717][T27536] ? _raw_spin_lock_irq+0xb7/0xf0 [ 3089.378860][T27536] ? _raw_spin_lock_irqsave+0x100/0x100 [ 3089.384429][T27536] ? kthread_data+0x4b/0xc0 [ 3089.388950][T27536] worker_thread+0xaa2/0x1270 [ 3089.393642][T27536] ? __kthread_parkme+0x162/0x1c0 [ 3089.398713][T27536] kthread+0x29d/0x330 [ 3089.402872][T27536] ? worker_clr_flags+0x1a0/0x1a0 [ 3089.407896][T27536] ? kthread_blkcg+0xd0/0xd0 [ 3089.412685][T27536] ret_from_fork+0x1f/0x30 [ 3089.417203][T27536] [ 3089.423291][T27536] kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 3089.436667][T27536] Bluetooth: hci2: failed to register connection device [ 3089.605465][T30216] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.41898'. [ 3090.130045][T30229] netlink: 'syz.3.41904': attribute type 29 has an invalid length. [ 3090.168065][T30229] netlink: 'syz.3.41904': attribute type 29 has an invalid length. [ 3090.764872][T30244] netlink: 'syz.0.41909': attribute type 25 has an invalid length. [ 3090.773728][T30244] netlink: 'syz.0.41909': attribute type 1 has an invalid length. [ 3090.793604][T30244] bridge0: port 1(bridge_slave_0) entered learning state [ 3091.006439][T30246] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.41910'. [ 3091.233481][T27536] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 3091.241571][T27536] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0' [ 3091.254073][T27536] CPU: 0 PID: 27536 Comm: kworker/u5:0 Not tainted syzkaller #0 [ 3091.261768][T27536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 3091.272286][T27536] Workqueue: hci0 hci_rx_work [ 3091.277263][T27536] Call Trace: [ 3091.280570][T27536] [ 3091.283532][T27536] dump_stack_lvl+0x188/0x24e [ 3091.288261][T27536] ? show_regs_print_info+0x12/0x12 [ 3091.293504][T27536] ? load_image+0x400/0x400 [ 3091.298057][T27536] sysfs_create_dir_ns+0x26a/0x290 [ 3091.303303][T27536] ? sysfs_warn_dup+0xa0/0xa0 [ 3091.308017][T27536] ? do_raw_spin_unlock+0x11d/0x230 [ 3091.313243][T27536] kobject_add_internal+0x61c/0xcc0 [ 3091.318495][T27536] kobject_add+0x160/0x230 [ 3091.322952][T27536] ? kobject_init+0x1d0/0x1d0 [ 3091.327683][T27536] ? klist_children_get+0x50/0x50 [ 3091.332838][T27536] ? get_device_parent+0x121/0x3f0 [ 3091.338005][T27536] device_add+0x483/0xfb0 [ 3091.342457][T27536] ? kmem_cache_free+0xf7/0x290 [ 3091.347436][T27536] hci_conn_add_sysfs+0xd1/0x1e0 [ 3091.352510][T27536] le_conn_complete_evt+0x105f/0x1670 [ 3091.357981][T27536] ? le_conn_complete_evt+0xe6/0x1670 [ 3091.363456][T27536] ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0 [ 3091.369834][T27536] ? bt_info+0x180/0x180 [ 3091.374115][T27536] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 3091.379873][T27536] ? skb_pull_data+0xf7/0x200 [ 3091.384609][T27536] hci_le_conn_complete_evt+0x183/0x440 [ 3091.390294][T27536] ? hci_remote_host_features_evt+0x270/0x270 [ 3091.396645][T27536] hci_event_packet+0x7b6/0x1280 [ 3091.401635][T27536] ? bis_list+0x280/0x280 [ 3091.406000][T27536] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 3091.412013][T27536] ? kcov_remote_start+0x4c7/0x7e0 [ 3091.417173][T27536] ? mt_dump_node+0x8f0/0x1920 [ 3091.422071][T27536] ? hci_send_to_monitor+0x9c/0x4a0 [ 3091.427398][T27536] hci_rx_work+0x3eb/0xd40 [ 3091.431937][T27536] ? _raw_spin_unlock+0x40/0x40 [ 3091.436926][T27536] ? process_one_work+0x7b0/0x1160 [ 3091.442076][T27536] process_one_work+0x8a2/0x1160 [ 3091.447067][T27536] ? worker_detach_from_pool+0x240/0x240 [ 3091.452739][T27536] ? _raw_spin_lock_irq+0x86/0xf0 [ 3091.457908][T27536] ? _raw_spin_lock_irq+0xb7/0xf0 [ 3091.463061][T27536] ? _raw_spin_lock_irqsave+0x100/0x100 [ 3091.468741][T27536] ? kthread_data+0x4b/0xc0 [ 3091.473373][T27536] worker_thread+0xaa2/0x1270 [ 3091.478099][T27536] ? __kthread_parkme+0x162/0x1c0 [ 3091.483541][T27536] kthread+0x29d/0x330 [ 3091.487744][T27536] ? worker_clr_flags+0x1a0/0x1a0 [ 3091.492885][T27536] ? kthread_blkcg+0xd0/0xd0 [ 3091.497605][T27536] ret_from_fork+0x1f/0x30 [ 3091.502341][T27536] [ 3091.506559][T18777] Bluetooth: hci2: command 0x2016 tx timeout [ 3091.518305][T27536] kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 3091.533102][T27536] Bluetooth: hci0: failed to register connection device [ 3091.680067][T30265] netlink: 'syz.1.41919': attribute type 29 has an invalid length. [ 3091.705873][T30265] netlink: 'syz.1.41919': attribute type 29 has an invalid length. [ 3092.116365][T30271] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.41923'. [ 3093.131850][T27536] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 3093.139853][T27536] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 3093.149410][T27536] CPU: 0 PID: 27536 Comm: kworker/u5:0 Not tainted syzkaller #0 [ 3093.157074][T27536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 3093.168038][T27536] Workqueue: hci3 hci_rx_work [ 3093.172862][T27536] Call Trace: [ 3093.176151][T27536] [ 3093.179104][T27536] dump_stack_lvl+0x188/0x24e [ 3093.183820][T27536] ? show_regs_print_info+0x12/0x12 [ 3093.189051][T27536] ? load_image+0x400/0x400 [ 3093.194034][T27536] sysfs_create_dir_ns+0x26a/0x290 [ 3093.199263][T27536] ? sysfs_warn_dup+0xa0/0xa0 [ 3093.203976][T27536] ? do_raw_spin_unlock+0x11d/0x230 [ 3093.209290][T27536] kobject_add_internal+0x61c/0xcc0 [ 3093.214687][T27536] kobject_add+0x160/0x230 [ 3093.219140][T27536] ? kobject_init+0x1d0/0x1d0 [ 3093.223854][T27536] ? klist_children_get+0x50/0x50 [ 3093.228903][T27536] ? get_device_parent+0x121/0x3f0 [ 3093.234055][T27536] device_add+0x483/0xfb0 [ 3093.238662][T27536] ? kmem_cache_free+0xf7/0x290 [ 3093.243634][T27536] hci_conn_add_sysfs+0xd1/0x1e0 [ 3093.249305][T27536] le_conn_complete_evt+0x105f/0x1670 [ 3093.254722][T27536] ? le_conn_complete_evt+0xe6/0x1670 [ 3093.260215][T27536] ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0 [ 3093.266653][T27536] ? bt_info+0x180/0x180 [ 3093.270930][T27536] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 3093.276690][T27536] ? skb_pull_data+0xf7/0x200 [ 3093.281495][T27536] hci_le_conn_complete_evt+0x183/0x440 [ 3093.287084][T27536] ? hci_remote_host_features_evt+0x270/0x270 [ 3093.293276][T27536] hci_event_packet+0x7b6/0x1280 [ 3093.298266][T27536] ? bis_list+0x280/0x280 [ 3093.302753][T27536] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 3093.308676][T27536] ? kcov_remote_start+0x4c7/0x7e0 [ 3093.313817][T27536] ? mt_dump_node+0x8f0/0x1920 [ 3093.318690][T27536] ? hci_send_to_monitor+0x9c/0x4a0 [ 3093.323913][T27536] hci_rx_work+0x3eb/0xd40 [ 3093.328350][T27536] ? _raw_spin_unlock+0x40/0x40 [ 3093.333224][T27536] ? process_one_work+0x7b0/0x1160 [ 3093.338364][T27536] process_one_work+0x8a2/0x1160 [ 3093.343346][T27536] ? worker_detach_from_pool+0x240/0x240 [ 3093.349012][T27536] ? _raw_spin_lock_irq+0x86/0xf0 [ 3093.354344][T27536] ? _raw_spin_lock_irq+0xb7/0xf0 [ 3093.359599][T27536] ? _raw_spin_lock_irqsave+0x100/0x100 [ 3093.365266][T27536] ? kthread_data+0x4b/0xc0 [ 3093.369805][T27536] worker_thread+0xaa2/0x1270 [ 3093.374612][T27536] ? __kthread_parkme+0x162/0x1c0 [ 3093.379667][T27536] kthread+0x29d/0x330 [ 3093.383855][T27536] ? worker_clr_flags+0x1a0/0x1a0 [ 3093.388992][T27536] ? kthread_blkcg+0xd0/0xd0 [ 3093.393629][T27536] ret_from_fork+0x1f/0x30 [ 3093.398097][T27536] [ 3093.402065][T27536] kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 3093.415161][T27536] Bluetooth: hci3: failed to register connection device [ 3093.627835][T18834] Bluetooth: hci0: command 0x2016 tx timeout [ 3094.339685][T30324] netlink: 'syz.2.41943': attribute type 25 has an invalid length. [ 3094.369111][T30324] netlink: 'syz.2.41943': attribute type 1 has an invalid length. [ 3094.492661][T30328] device syzkaller0 entered promiscuous mode [ 3095.458019][T27536] Bluetooth: hci3: command 0x2016 tx timeout [ 3104.346143][T30367] netlink: 'syz.4.41957': attribute type 25 has an invalid length. [ 3104.390530][T30367] netlink: 'syz.4.41957': attribute type 1 has an invalid length. [ 3104.428352][T30367] bridge0: port 1(bridge_slave_0) entered learning state [ 3104.800840][T30380] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 3108.150149][T30412] netlink: 'syz.1.41975': attribute type 25 has an invalid length. [ 3108.173323][T30412] netlink: 'syz.1.41975': attribute type 1 has an invalid length. [ 3108.182324][T30412] bridge0: port 1(bridge_slave_0) entered learning state [ 3108.655837][ T8263] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3108.915106][T30441] delete_channel: no stack [ 3109.018884][T30441] delete_channel: no stack [ 3109.213747][T30446] netlink: 'syz.3.41992': attribute type 25 has an invalid length. [ 3109.274051][T30446] netlink: 'syz.3.41992': attribute type 1 has an invalid length. [ 3109.524114][T30459] netlink: 'syz.3.42008': attribute type 25 has an invalid length. [ 3109.572503][T30459] netlink: 'syz.3.42008': attribute type 1 has an invalid length. [ 3109.872480][T30474] netlink: 'syz.3.42014': attribute type 25 has an invalid length. [ 3109.885162][T30474] netlink: 'syz.3.42014': attribute type 1 has an invalid length. [ 3110.094734][T30481] netlink: 'syz.4.42016': attribute type 25 has an invalid length. [ 3110.126177][T30481] netlink: 'syz.4.42016': attribute type 1 has an invalid length. [ 3110.143453][T30481] bridge0: port 1(bridge_slave_0) entered learning state [ 3110.199021][ T46] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3110.485968][T30494] netlink: 'syz.1.42023': attribute type 25 has an invalid length. [ 3110.495132][T30494] netlink: 'syz.1.42023': attribute type 1 has an invalid length. [ 3110.505904][T30494] bridge0: port 1(bridge_slave_0) entered learning state [ 3111.786812][T30529] netlink: 'syz.4.42028': attribute type 4 has an invalid length. [ 3111.866074][T30529] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.42028'. [ 3119.231024][T18834] Bluetooth: hci4: ISO packet for unknown connection handle 3478 [ 3122.810876][T30623] device syzkaller0 entered promiscuous mode [ 3122.844744][T30632] bond0: (slave bridge0): Error: Slave device does not support XDP [ 3124.663758][T18834] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18 [ 3125.542751][T27536] Bluetooth: hci4: command 0x206e tx timeout [ 3126.416514][T30642] netlink: 'syz.0.42073': attribute type 10 has an invalid length. [ 3126.427863][T30646] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.42074'. [ 3127.006756][T18834] Bluetooth: hci3: unexpected subevent 0x01 length: 128 > 18 [ 3127.622441][T27536] Bluetooth: hci4: command 0x206e tx timeout [ 3127.665172][T30696] device veth1_macvtap left promiscuous mode [ 3128.000478][T30708] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.42102'. [ 3128.471995][T18834] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 3128.901934][T27536] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4 [ 3129.668206][T27536] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18 [ 3130.386721][T18834] Bluetooth: hci0: unexpected event 0x05 length: 15 > 4 [ 3132.215200][T30739] netlink: 55631 bytes leftover after parsing attributes in process `syz.4.42116'. [ 3132.522147][T18834] Bluetooth: hci1: unexpected subevent 0x01 length: 128 > 18 [ 3132.832871][T18834] Bluetooth: hci2: unexpected event 0x05 length: 15 > 4 [ 3136.164362][T30833] netlink: 'syz.1.42166': attribute type 10 has an invalid length. [ 3136.236357][T30833] team0: Device hsr_slave_0 failed to register rx_handler [ 3137.266909][T30839] netlink: 132 bytes leftover after parsing attributes in process `syz.3.42158'. [ 3138.156743][T30873] netlink: 'syz.2.42174': attribute type 10 has an invalid length. [ 3139.684549][T24297] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3140.610850][T30917] netlink: 'syz.3.42192': attribute type 10 has an invalid length. [ 3140.810707][T24862] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3140.954984][T30917] team0: Device hsr_slave_0 failed to register rx_handler [ 3141.219204][T24292] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3143.389258][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 3143.395616][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 3147.462335][T30953] netlink: 'syz.3.42209': attribute type 5 has an invalid length. [ 3147.471101][T30957] netlink: 'syz.4.42211': attribute type 10 has an invalid length. [ 3147.491406][T30957] team0: Device hsr_slave_0 failed to register rx_handler [ 3147.517803][T30968] netlink: 132 bytes leftover after parsing attributes in process `syz.1.42217'. [ 3155.196720][T31065] device syzkaller0 entered promiscuous mode [ 3155.708209][T31073] Dead loop on virtual device ip6_vti0, fix it urgently! [ 3158.861674][T31079] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.42272'. [ 3159.038732][T31098] netlink: 'syz.4.42267': attribute type 5 has an invalid length. [ 3159.395430][T31103] Dead loop on virtual device ip6_vti0, fix it urgently! [ 3161.325671][T31141] netlink: 'syz.2.42290': attribute type 5 has an invalid length. [ 3166.236373][T18834] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 3166.787821][T31252] netlink: 128 bytes leftover after parsing attributes in process `syz.1.42337'. [ 3166.807922][T31252] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 3167.006282][T31256] device syzkaller0 entered promiscuous mode [ 3170.824576][T31299] netlink: 128 bytes leftover after parsing attributes in process `syz.4.42353'. [ 3170.849043][T31299] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 3171.736726][T18834] Bluetooth: hci0: unexpected event 0x05 length: 15 > 4 [ 3171.990425][T31332] netlink: 'syz.2.42371': attribute type 11 has an invalid length. [ 3172.011887][T31332] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.42371'. [ 3172.246241][ T46] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3172.256995][T30826] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3172.333450][T18834] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 3172.337761][T18834] Bluetooth: hci3: command 0x0406 tx timeout [ 3174.021801][T31330] netlink: 128 bytes leftover after parsing attributes in process `syz.3.42372'. [ 3174.031558][T31330] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 3174.048576][T31351] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3174.197413][T31360] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3174.610972][T18834] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 3174.825646][T18834] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4 [ 3177.588296][T31393] netlink: 'syz.4.42398': attribute type 11 has an invalid length. [ 3177.676145][T31393] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.42398'. [ 3178.014397][T31408] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3178.063373][T31407] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 3178.655205][T31426] device syzkaller0 entered promiscuous mode [ 3183.627586][T31493] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 3183.799468][T31498] device syzkaller0 entered promiscuous mode [ 3185.264276][T31522] netlink: 'syz.4.42446': attribute type 3 has an invalid length. [ 3185.307997][T31522] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.42446'. [ 3187.802672][T31544] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 3188.530218][T18834] Bluetooth: hci4: unexpected event 0x06 length: 15 > 3 [ 3189.539044][T31606] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3189.631476][T27536] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 3189.815920][T31617] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3190.091511][T31621] netlink: 'syz.3.42487': attribute type 11 has an invalid length. [ 3190.108397][T31621] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.42487'. [ 3190.164343][T31626] A link change request failed with some changes committed already. Interface Q6\bY4 may have been left with an inconsistent configuration, please check. [ 3191.206570][T27536] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 3192.391658][T18834] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 3196.708942][T31721] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.42532'. [ 3200.711513][T18834] Bluetooth: hci1: unexpected event 0x07 length: 15 < 255 [ 3203.277102][T24297] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3203.292433][T26068] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3204.433446][T31872] bond0: (slave bridge0): Error: Slave device does not support XDP [ 3204.844813][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 3204.851223][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 3205.718538][T18834] Bluetooth: hci2: unexpected event 0x07 length: 15 < 255 [ 3205.974920][T18834] Bluetooth: hci0: unexpected event 0x07 length: 15 < 255 [ 3206.952985][T31936] netlink: 16054 bytes leftover after parsing attributes in process `syz.1.42617'. [ 3207.475349][T31955] netlink: 16054 bytes leftover after parsing attributes in process `syz.0.42639'. [ 3211.127089][T31995] netlink: 16054 bytes leftover after parsing attributes in process `syz.2.42644'. [ 3212.702648][T32026] netlink: 16054 bytes leftover after parsing attributes in process `syz.4.42661'. [ 3214.075319][T32056] netlink: 'syz.1.42670': attribute type 10 has an invalid length. [ 3214.084344][T32056] netlink: 40 bytes leftover after parsing attributes in process `syz.1.42670'. [ 3214.133210][T32056] netlink: 'syz.1.42670': attribute type 10 has an invalid length. [ 3214.151318][T32056] netlink: 40 bytes leftover after parsing attributes in process `syz.1.42670'. [ 3216.384523][T32106] netlink: 14 bytes leftover after parsing attributes in process `syz.1.42693'. [ 3216.507298][T32105] delete_channel: no stack [ 3219.582021][T32170] device syzkaller0 entered promiscuous mode [ 3219.689847][T18834] Bluetooth: hci4: unexpected subevent 0x01 length: 150 > 18 [ 3219.700076][T18834] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:0' [ 3219.710304][T18834] CPU: 0 PID: 18834 Comm: kworker/u5:3 Not tainted syzkaller #0 [ 3219.718056][T18834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 3219.728164][T18834] Workqueue: hci4 hci_rx_work [ 3219.733068][T18834] Call Trace: [ 3219.736383][T18834] [ 3219.739596][T18834] dump_stack_lvl+0x188/0x24e [ 3219.744484][T18834] ? show_regs_print_info+0x12/0x12 [ 3219.749983][T18834] ? load_image+0x400/0x400 [ 3219.754584][T18834] sysfs_create_dir_ns+0x26a/0x290 [ 3219.759917][T18834] ? sysfs_warn_dup+0xa0/0xa0 [ 3219.764649][T18834] ? do_raw_spin_unlock+0x11d/0x230 [ 3219.769880][T18834] kobject_add_internal+0x61c/0xcc0 [ 3219.775118][T18834] kobject_add+0x160/0x230 [ 3219.779619][T18834] ? kobject_init+0x1d0/0x1d0 [ 3219.784517][T18834] ? klist_children_get+0x50/0x50 [ 3219.789701][T18834] ? get_device_parent+0x121/0x3f0 [ 3219.794843][T18834] device_add+0x483/0xfb0 [ 3219.799179][T18834] ? kmem_cache_free+0xf7/0x290 [ 3219.804052][T18834] hci_conn_add_sysfs+0xd1/0x1e0 [ 3219.809083][T18834] le_conn_complete_evt+0x105f/0x1670 [ 3219.814564][T18834] ? le_conn_complete_evt+0xe6/0x1670 [ 3219.819944][T18834] ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0 [ 3219.826183][T18834] ? bt_info+0x180/0x180 [ 3219.830455][T18834] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 3219.836180][T18834] ? skb_pull_data+0xf7/0x200 [ 3219.841055][T18834] hci_le_conn_complete_evt+0x183/0x440 [ 3219.846618][T18834] ? hci_remote_host_features_evt+0x270/0x270 [ 3219.852719][T18834] hci_event_packet+0x7b6/0x1280 [ 3219.857696][T18834] ? bis_list+0x280/0x280 [ 3219.862054][T18834] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 3219.867960][T18834] ? kcov_remote_start+0x4c7/0x7e0 [ 3219.873083][T18834] ? mt_dump_node+0x8f0/0x1920 [ 3219.877856][T18834] ? hci_send_to_monitor+0x9c/0x4a0 [ 3219.883070][T18834] hci_rx_work+0x3eb/0xd40 [ 3219.887496][T18834] ? _raw_spin_unlock+0x40/0x40 [ 3219.892355][T18834] ? process_one_work+0x7b0/0x1160 [ 3219.897474][T18834] process_one_work+0x8a2/0x1160 [ 3219.902424][T18834] ? worker_detach_from_pool+0x240/0x240 [ 3219.908062][T18834] ? _raw_spin_lock_irq+0x86/0xf0 [ 3219.913211][T18834] ? _raw_spin_lock_irq+0xb7/0xf0 [ 3219.918251][T18834] ? _raw_spin_lock_irqsave+0x100/0x100 [ 3219.923799][T18834] ? kthread_data+0x4b/0xc0 [ 3219.928313][T18834] worker_thread+0xaa2/0x1270 [ 3219.933181][T18834] ? __kthread_parkme+0x162/0x1c0 [ 3219.938223][T18834] kthread+0x29d/0x330 [ 3219.942300][T18834] ? worker_clr_flags+0x1a0/0x1a0 [ 3219.947433][T18834] ? kthread_blkcg+0xd0/0xd0 [ 3219.952142][T18834] ret_from_fork+0x1f/0x30 [ 3219.956591][T18834] [ 3219.961968][T18834] kobject_add_internal failed for hci4:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 3219.976185][T18834] Bluetooth: hci4: failed to register connection device [ 3222.019493][T18834] Bluetooth: hci4: command 0x2016 tx timeout [ 3223.583063][T32226] netlink: 122896 bytes leftover after parsing attributes in process `syz.3.42743'. [ 3224.762381][T32226] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 3224.784883][T32226] CPU: 1 PID: 32226 Comm: syz.3.42743 Not tainted syzkaller #0 [ 3224.792495][T32226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 3224.803006][T32226] Call Trace: [ 3224.806292][T32226] [ 3224.809232][T32226] dump_stack_lvl+0x188/0x24e [ 3224.813926][T32226] ? show_regs_print_info+0x12/0x12 [ 3224.819235][T32226] ? load_image+0x400/0x400 [ 3224.823829][T32226] ? sysfs_warn_dup+0x61/0xa0 [ 3224.828796][T32226] sysfs_warn_dup+0x8a/0xa0 [ 3224.833418][T32226] sysfs_do_create_link_sd+0xc0/0x110 [ 3224.838905][T32226] device_add+0x7ed/0xfb0 [ 3224.843379][T32226] wiphy_register+0x1d9f/0x2ac0 [ 3224.848257][T32226] ? cfg80211_event_work+0x40/0x40 [ 3224.853377][T32226] ? _dev_printk+0x166/0x175 [ 3224.857987][T32226] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 3224.864067][T32226] ieee80211_register_hw+0x2d00/0x39f0 [ 3224.869544][T32226] ? ieee80211_register_hw+0xea1/0x39f0 [ 3224.875304][T32226] ? ieee80211_register_hw+0xea1/0x39f0 [ 3224.880983][T32226] ? ieee80211_tasklet_handler+0x20/0x20 [ 3224.886637][T32226] ? memset+0x1e/0x40 [ 3224.890646][T32226] ? __hrtimer_init+0x186/0x270 [ 3224.895508][T32226] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 3224.901344][T32226] hwsim_new_radio_nl+0xafa/0xce0 [ 3224.906500][T32226] genl_family_rcv_msg_doit+0x22a/0x330 [ 3224.912241][T32226] ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0 [ 3224.918183][T32226] ? genl_rcv_msg+0x5dc/0x790 [ 3224.923047][T32226] ? genl_family_rcv_msg_doit+0x1/0x330 [ 3224.928688][T32226] genl_rcv_msg+0x604/0x790 [ 3224.933314][T32226] ? genl_bind+0x360/0x360 [ 3224.937919][T32226] ? hwsim_tx_info_frame_received_nl+0xfc0/0xfc0 [ 3224.944267][T32226] netlink_rcv_skb+0x1fb/0x450 [ 3224.949124][T32226] ? genl_bind+0x360/0x360 [ 3224.953554][T32226] ? netlink_ack+0x1170/0x1170 [ 3224.958338][T32226] ? down_read+0x1a8/0x2d0 [ 3224.962764][T32226] genl_rcv+0x24/0x40 [ 3224.966753][T32226] netlink_unicast+0x74d/0x8d0 [ 3224.971555][T32226] netlink_sendmsg+0x8ad/0xbd0 [ 3224.976343][T32226] ? netlink_getsockopt+0x550/0x550 [ 3224.981560][T32226] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 3224.987725][T32226] ? aa_sock_msg_perm+0x94/0x150 [ 3224.992841][T32226] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 3224.998212][T32226] ? security_socket_sendmsg+0x7c/0xa0 [ 3225.003678][T32226] ? netlink_getsockopt+0x550/0x550 [ 3225.008893][T32226] ____sys_sendmsg+0x5be/0x970 [ 3225.013667][T32226] ? __sanitizer_cov_trace_pc+0x58/0x60 [ 3225.019561][T32226] ? __sys_sendmsg_sock+0x30/0x30 [ 3225.024593][T32226] ? __import_iovec+0x315/0x500 [ 3225.029540][T32226] ? import_iovec+0x6f/0xa0 [ 3225.034055][T32226] ___sys_sendmsg+0x2a2/0x360 [ 3225.038736][T32226] ? migrate_enable+0x148/0x220 [ 3225.043592][T32226] ? __sys_sendmsg+0x290/0x290 [ 3225.048794][T32226] __se_sys_sendmsg+0x1bb/0x2a0 [ 3225.053740][T32226] ? __x64_sys_sendmsg+0x80/0x80 [ 3225.058782][T32226] ? syscall_enter_from_user_mode+0x2a/0x80 [ 3225.064681][T32226] do_syscall_64+0x4c/0xa0 [ 3225.069097][T32226] ? clear_bhb_loop+0x60/0xb0 [ 3225.073856][T32226] ? clear_bhb_loop+0x60/0xb0 [ 3225.078530][T32226] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 3225.084417][T32226] RIP: 0033:0x7fe39a19aeb9 [ 3225.088836][T32226] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 3225.108633][T32226] RSP: 002b:00007fe39afe9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3225.117398][T32226] RAX: ffffffffffffffda RBX: 00007fe39a415fa0 RCX: 00007fe39a19aeb9 [ 3225.125456][T32226] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 3225.133593][T32226] RBP: 00007fe39a208c1f R08: 0000000000000000 R09: 0000000000000000 [ 3225.141647][T32226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3225.149705][T32226] R13: 00007fe39a416038 R14: 00007fe39a415fa0 R15: 00007fff0668da68 [ 3225.157689][T32226] [ 3227.189889][T32295] sock: sock_set_timeout: `syz.4.42774' (pid 32295) tries to set negative timeout [ 3228.862723][T18834] Bluetooth: hci2: unexpected event 0x0b length: 151 > 11 [ 3230.601791][T18834] Bluetooth: hci2: unexpected event 0x09 length: 15 > 3 [ 3230.897904][T18834] Bluetooth: hci2: command 0x0419 tx timeout [ 3232.977841][T18834] Bluetooth: hci2: command 0x0406 tx timeout [ 3234.300736][T25883] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3234.311654][ T46] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3235.223340][T30826] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3246.808356][T32539] netlink: 14 bytes leftover after parsing attributes in process `syz.0.42868'. [ 3247.132463][T32538] delete_channel: no stack [ 3249.610203][T27536] Bluetooth: hci4: unexpected event 0x0b length: 151 > 11 [ 3250.555876][T27536] Bluetooth: hci1: unexpected event 0x0b length: 151 > 11 [ 3251.402096][T27536] Bluetooth: hci0: unexpected event 0x0b length: 151 > 11 [ 3251.456161][T27536] Bluetooth: hci3: unexpected event 0x09 length: 15 > 3 [ 3251.617766][T27536] Bluetooth: hci4: command 0x0419 tx timeout [ 3253.457845][T27536] Bluetooth: hci0: command 0x0419 tx timeout [ 3253.697727][T27536] Bluetooth: hci4: command 0x0406 tx timeout [ 3255.538122][T27536] Bluetooth: hci0: command 0x0406 tx timeout [ 3260.780905][ T306] device syzkaller0 entered promiscuous mode [ 3263.243127][ T327] netlink: 'syz.1.42990': attribute type 10 has an invalid length. [ 3263.257858][ T327] netlink: 55 bytes leftover after parsing attributes in process `syz.1.42990'. [ 3263.618707][ T347] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 3263.625421][ T347] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 3265.226112][T24862] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3266.251085][T25883] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3266.270590][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 3266.277126][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 3267.890407][ T46] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3267.983619][T18834] Bluetooth: hci3: unexpected event 0x08 length: 15 > 4 [ 3268.809645][T30826] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 3269.149792][ T471] netlink: 122896 bytes leftover after parsing attributes in process `syz.1.43033'. [ 3269.164189][ T471] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 3269.184217][ T471] CPU: 0 PID: 471 Comm: syz.1.43033 Not tainted syzkaller #0 [ 3269.191746][ T471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 3269.201917][ T471] Call Trace: [ 3269.205212][ T471] [ 3269.208257][ T471] dump_stack_lvl+0x188/0x24e [ 3269.213065][ T471] ? show_regs_print_info+0x12/0x12 [ 3269.218583][ T471] ? load_image+0x400/0x400 [ 3269.223137][ T471] sysfs_warn_dup+0x8a/0xa0 [ 3269.227681][ T471] sysfs_do_create_link_sd+0xc0/0x110 [ 3269.233390][ T471] device_add+0x7ed/0xfb0 [ 3269.237768][ T471] wiphy_register+0x1d9f/0x2ac0 [ 3269.242684][ T471] ? cfg80211_event_work+0x40/0x40 [ 3269.247974][ T471] ? minstrel_ht_alloc+0x894/0xa20 [ 3269.253297][ T471] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 3269.259431][ T471] ieee80211_register_hw+0x2d00/0x39f0 [ 3269.265224][ T471] ? ieee80211_register_hw+0xea1/0x39f0 [ 3269.270982][ T471] ? ieee80211_register_hw+0xea1/0x39f0 [ 3269.276746][ T471] ? ieee80211_tasklet_handler+0x20/0x20 [ 3269.282507][ T471] ? memset+0x1e/0x40 [ 3269.286518][ T471] ? __hrtimer_init+0x186/0x270 [ 3269.291402][ T471] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 3269.297268][ T471] hwsim_new_radio_nl+0xafa/0xce0 [ 3269.302348][ T471] genl_family_rcv_msg_doit+0x22a/0x330 [ 3269.307940][ T471] ? end_current_label_crit_section+0x170/0x170 [ 3269.314397][ T471] ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0 [ 3269.320440][ T471] ? bpf_lsm_capable+0x5/0x10 [ 3269.325334][ T471] ? security_capable+0x85/0xb0 [ 3269.330751][ T471] genl_rcv_msg+0x604/0x790 [ 3269.335402][ T471] ? genl_bind+0x360/0x360 [ 3269.340117][ T471] ? hwsim_tx_info_frame_received_nl+0xfc0/0xfc0 [ 3269.346729][ T471] netlink_rcv_skb+0x1fb/0x450 [ 3269.351858][ T471] ? genl_bind+0x360/0x360 [ 3269.356585][ T471] ? netlink_ack+0x1170/0x1170 [ 3269.361392][ T471] ? down_read+0x1a8/0x2d0 [ 3269.365840][ T471] genl_rcv+0x24/0x40 [ 3269.369962][ T471] netlink_unicast+0x74d/0x8d0 [ 3269.375025][ T471] netlink_sendmsg+0x8ad/0xbd0 [ 3269.380010][ T471] ? netlink_getsockopt+0x550/0x550 [ 3269.385247][ T471] ? aa_sock_msg_perm+0x94/0x150 [ 3269.390388][ T471] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 3269.395698][ T471] ? security_socket_sendmsg+0x7c/0xa0 [ 3269.401189][ T471] ? netlink_getsockopt+0x550/0x550 [ 3269.406506][ T471] ____sys_sendmsg+0x5be/0x970 [ 3269.411326][ T471] ? __sys_sendmsg_sock+0x30/0x30 [ 3269.416386][ T471] ? __import_iovec+0x315/0x500 [ 3269.421269][ T471] ? import_iovec+0x6f/0xa0 [ 3269.425922][ T471] ___sys_sendmsg+0x2a2/0x360 [ 3269.430727][ T471] ? try_to_wake_up+0x6ae/0x1080 [ 3269.435879][ T471] ? __sys_sendmsg+0x290/0x290 [ 3269.440732][ T471] __se_sys_sendmsg+0x1bb/0x2a0 [ 3269.445617][ T471] ? __x64_sys_sendmsg+0x80/0x80 [ 3269.450609][ T471] ? lockdep_hardirqs_on+0x94/0x140 [ 3269.456291][ T471] do_syscall_64+0x4c/0xa0 [ 3269.460741][ T471] ? clear_bhb_loop+0x60/0xb0 [ 3269.465624][ T471] ? clear_bhb_loop+0x60/0xb0 [ 3269.470421][ T471] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 3269.476455][ T471] RIP: 0033:0x7f55c839aeb9 [ 3269.480912][ T471] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 3269.500817][ T471] RSP: 002b:00007f55c65f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3269.509452][ T471] RAX: ffffffffffffffda RBX: 00007f55c8616180 RCX: 00007f55c839aeb9 [ 3269.517558][ T471] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 3269.525636][ T471] RBP: 00007f55c8408c1f R08: 0000000000000000 R09: 0000000000000000 [ 3269.533914][ T471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3269.542088][ T471] R13: 00007f55c8616218 R14: 00007f55c8616180 R15: 00007ffc2ae69f88 [ 3269.550375][ T471] [ 3270.072640][T30826] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00 [ 3270.107960][T30826] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00 [ 3270.120600][T24292] ------------[ cut here ]------------ [ 3270.126736][T24292] WARNING: CPU: 0 PID: 24292 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x428/0x4b0 [ 3270.137458][T24292] Modules linked in: [ 3270.141815][T24292] CPU: 0 PID: 24292 Comm: kworker/u4:8 Not tainted syzkaller #0 [ 3270.149890][T24292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 3270.160115][T24292] Workqueue: cfg80211 cfg80211_event_work [ 3270.166146][T24292] RIP: 0010:__cfg80211_ibss_joined+0x428/0x4b0 [ 3270.172600][T24292] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 57 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 61 f2 ee f7 0f 0b eb bb e8 58 f2 ee f7 <0f> 0b eb b2 e8 4f f2 ee f7 0f 0b e9 77 fd ff ff e8 43 f2 ee f7 0f [ 3270.192372][T24292] RSP: 0000:ffffc900036d7aa0 EFLAGS: 00010293 [ 3270.198526][T24292] RAX: ffffffff89938018 RBX: dffffc0000000000 RCX: ffff888074d48000 [ 3270.206526][T24292] RDX: 0000000000000000 RSI: ffffffff8a8c1220 RDI: ffffffff8adf0c20 [ 3270.214750][T24292] RBP: ffffc900036d7b70 R08: ffffffff90af32a7 R09: 1ffffffff215e654 [ 3270.222875][T24292] R10: dffffc0000000000 R11: fffffbfff215e655 R12: ffff88807de3b618 [ 3270.231018][T24292] R13: 1ffff920006daf5c R14: 000000000000001f R15: ffff88803f78cc90 [ 3270.239148][T24292] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 3270.248240][T24292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3270.255042][T24292] CR2: 000055557f6e29e8 CR3: 00000000562eb000 CR4: 00000000003506f0 [ 3270.263467][T24292] DR0: 0000000000000000 DR1: 0000200000000300 DR2: 0000000000000000 [ 3270.271685][T24292] DR3: 0000000000008d24 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 3270.280329][T24292] Call Trace: [ 3270.283813][T24292] [ 3270.286804][T24292] ? mutex_lock_nested+0x10/0x10 [ 3270.292011][T24292] ? trace_rdev_return_void+0x240/0x240 [ 3270.297749][T24292] cfg80211_process_wdev_events+0x3ad/0x550 [ 3270.303702][T24292] cfg80211_process_rdev_events+0x9d/0x110 [ 3270.309678][T24292] ? process_one_work+0x7b0/0x1160 [ 3270.315008][T24292] cfg80211_event_work+0x2b/0x40 [ 3270.320209][T24292] process_one_work+0x8a2/0x1160 [ 3270.325363][T24292] ? worker_detach_from_pool+0x240/0x240 [ 3270.331276][T24292] ? _raw_spin_lock_irq+0xb7/0xf0 [ 3270.336347][T24292] ? _raw_spin_lock_irqsave+0x100/0x100 [ 3270.342246][T24292] ? kthread_data+0x4b/0xc0 [ 3270.346800][T24292] worker_thread+0xaa2/0x1270 [ 3270.352122][T24292] kthread+0x29d/0x330 [ 3270.356429][T24292] ? worker_clr_flags+0x1a0/0x1a0 [ 3270.361621][T24292] ? kthread_blkcg+0xd0/0xd0 [ 3270.366347][T24292] ret_from_fork+0x1f/0x30 [ 3270.370890][T24292] [ 3270.374115][T24292] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 3270.381494][T24292] CPU: 0 PID: 24292 Comm: kworker/u4:8 Not tainted syzkaller #0 [ 3270.389317][T24292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 3270.399477][T24292] Workqueue: cfg80211 cfg80211_event_work [ 3270.405407][T24292] Call Trace: [ 3270.408831][T24292] [ 3270.412022][T24292] dump_stack_lvl+0x188/0x24e [ 3270.417060][T24292] ? memcpy+0x3c/0x60 [ 3270.421138][T24292] ? show_regs_print_info+0x12/0x12 [ 3270.426545][T24292] ? load_image+0x400/0x400 [ 3270.431352][T24292] panic+0x2e5/0x730 [ 3270.435348][T24292] ? bpf_jit_dump+0xd0/0xd0 [ 3270.440037][T24292] ? ret_from_fork+0x1f/0x30 [ 3270.444814][T24292] __warn+0x2f8/0x4f0 [ 3270.448806][T24292] ? __cfg80211_ibss_joined+0x428/0x4b0 [ 3270.454442][T24292] ? __cfg80211_ibss_joined+0x428/0x4b0 [ 3270.460117][T24292] report_bug+0x2ba/0x4f0 [ 3270.464451][T24292] ? __cfg80211_ibss_joined+0x428/0x4b0 [ 3270.470008][T24292] handle_bug+0x3a/0x70 [ 3270.474339][T24292] exc_invalid_op+0x16/0x40 [ 3270.478951][T24292] asm_exc_invalid_op+0x16/0x20 [ 3270.483794][T24292] RIP: 0010:__cfg80211_ibss_joined+0x428/0x4b0 [ 3270.489953][T24292] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 57 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 61 f2 ee f7 0f 0b eb bb e8 58 f2 ee f7 <0f> 0b eb b2 e8 4f f2 ee f7 0f 0b e9 77 fd ff ff e8 43 f2 ee f7 0f [ 3270.510117][T24292] RSP: 0000:ffffc900036d7aa0 EFLAGS: 00010293 [ 3270.516269][T24292] RAX: ffffffff89938018 RBX: dffffc0000000000 RCX: ffff888074d48000 [ 3270.524243][T24292] RDX: 0000000000000000 RSI: ffffffff8a8c1220 RDI: ffffffff8adf0c20 [ 3270.532205][T24292] RBP: ffffc900036d7b70 R08: ffffffff90af32a7 R09: 1ffffffff215e654 [ 3270.540431][T24292] R10: dffffc0000000000 R11: fffffbfff215e655 R12: ffff88807de3b618 [ 3270.548572][T24292] R13: 1ffff920006daf5c R14: 000000000000001f R15: ffff88803f78cc90 [ 3270.556733][T24292] ? __cfg80211_ibss_joined+0x428/0x4b0 [ 3270.562993][T24292] ? mutex_lock_nested+0x10/0x10 [ 3270.568207][T24292] ? trace_rdev_return_void+0x240/0x240 [ 3270.574021][T24292] cfg80211_process_wdev_events+0x3ad/0x550 [ 3270.580181][T24292] cfg80211_process_rdev_events+0x9d/0x110 [ 3270.586161][T24292] ? process_one_work+0x7b0/0x1160 [ 3270.591620][T24292] cfg80211_event_work+0x2b/0x40 [ 3270.596563][T24292] process_one_work+0x8a2/0x1160 [ 3270.601604][T24292] ? worker_detach_from_pool+0x240/0x240 [ 3270.607319][T24292] ? _raw_spin_lock_irq+0xb7/0xf0 [ 3270.612339][T24292] ? _raw_spin_lock_irqsave+0x100/0x100 [ 3270.617971][T24292] ? kthread_data+0x4b/0xc0 [ 3270.622492][T24292] worker_thread+0xaa2/0x1270 [ 3270.627269][T24292] kthread+0x29d/0x330 [ 3270.631420][T24292] ? worker_clr_flags+0x1a0/0x1a0 [ 3270.636437][T24292] ? kthread_blkcg+0xd0/0xd0 [ 3270.641200][T24292] ret_from_fork+0x1f/0x30 [ 3270.645720][T24292] [ 3270.649249][T24292] Kernel Offset: disabled [ 3270.653872][T24292] Rebooting in 86400 seconds..