last executing test programs:

1.539107168s ago: executing program 3 (id=2531):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0)
close(r0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f00000006c0))
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8948, &(0x7f0000000000)='lo:\x96o8\x14d\xa1\xe3\xd7\\b}\x1f\xa1Y\xad4\x00 \'Y\x17]\x15c\xcaR\xdd\x98OGK\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb7s\xb0\x00\x00\x00\x00\xf5\a\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00\xb1\x88\xebW_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xbaUn\x04\'5\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x1f\x9c,\x113\x7f\x03\x93\xe1\xcc\xe7f\r\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0R\xd3\x8a\xe1n\x97\xea\xf1\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\r\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB\x01\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x94\x1dx\xd6\tb\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0Z\x9f\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18\x00\b\x00\x00Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc5<J\x1f\xba\xfc\x90(\x985\x93\xa8\xd4\xf0\xbdTy\x18\xc8\xa0\xbb\x99\x8c\xe0Q\xffCl\xbdX~3\xa1\xa2\xf4\xd9\xf7\xc7\xfb\xce\x959x\xfeW\r\xf0{\xcaT\xecp)=\x9d\xdfG8\xbf\xe3?d<JN\xcb\xd4H\xb0_jO\xf3\x90\xe8/l\xdfg)\x8d#\xfdo\xa9L\xdeA*\xec\xa1\x14,\xe8\x8d^\xb9r=\xc0\x18\xd4\x11dU[Ry\xed\xd6\x97\x8a\xe8\xca\x99\x10\x8e\xc8P\xa3\xae/\xdaof\x06\x7f\xf7\x80$f\b\x92\xae\xeb\xdd\"\x89\xb8\xf0\xc3\b\x00\x00\x00\x00\fr\xf1\xec\xd9CD\x80\xb4^\x8cw;\x87\xea\x8c\x8bJ\x9a\x0ej\x8f\x8e^\xe6\xa6\xaa\x910\fD\xabFU\xa0D;\xd6\xd1\xeer\x9d\x02\xd9\xf7d`\xbfv\x15.\xe4\x82|)K\x99\x98&?\xcd\xe5\xa8\xba~$;g\t\x02\x84+\x90\xab\x816$/\x92\"\xef\xf7\x18\xfaE\xfe\xf7\n\xb2\x7fC\xbb\xbdg#F\n\vu\xe2\xe9\b\xa2\xf1\x94Fb\x92\xc9\xddP\xf0m35+\xdd\xac3\x00\xdd\xfb\b\xc0\x95\xe8\xa5\xec\x9e\xbfA\x7f\xff\xb8\xe2\xe2HNy$\xd4\xc6\x9dd\t\xf6\xed\x10\x15%\r\x1aD\f>\xdcZ\xb9\xd7Z\x88\x9b\xdff[\x90\xfa\x9a{b\xf4Dq')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000005300000095dbd0ff7fa57b0000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
ioctl$SIOCSIFHWADDR(r0, 0x8b28, &(0x7f0000000000)={'wlan1\x00', @random="0100"})

1.456166325s ago: executing program 3 (id=2535):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f0000000c40), 0x12)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000001c0), 0x12)

1.196759565s ago: executing program 2 (id=2540):
r0 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x2, 0x4e24, @private=0xa010102}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)="b7", 0x1}], 0x1}, 0x20008050)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x2, 0x0, 0xfffffffc, 0x8}]}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x10, &(0x7f0000000000)=r3, 0xc)

1.189851115s ago: executing program 3 (id=2548):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f00000001c0), &(0x7f0000000200)}, 0x20)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x7, 0x3, &(0x7f0000000000)=@framed={{0x62, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0xb3}}, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4}, 0x80)

1.092025663s ago: executing program 2 (id=2541):
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x804, 0x14c9, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x803, 0x0, @perf_config_ext={0x1}, 0xa0, 0x58, 0x0, 0x4, 0x2, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
write$cgroup_type(r1, &(0x7f0000000180), 0x40010)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_config_ext, 0x0, 0x10003, 0x0, 0x5, 0x8000000000000000, 0x5}, 0x0, 0x100000000, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40305829, &(0x7f0000000040)=0x10000)

1.091229993s ago: executing program 1 (id=2542):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0)
close(r0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f00000006c0))
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8948, &(0x7f0000000000)='lo:\x96o8\x14d\xa1\xe3\xd7\\b}\x1f\xa1Y\xad4\x00 \'Y\x17]\x15c\xcaR\xdd\x98OGK\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb7s\xb0\x00\x00\x00\x00\xf5\a\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00\xb1\x88\xebW_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xbaUn\x04\'5\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x1f\x9c,\x113\x7f\x03\x93\xe1\xcc\xe7f\r\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0R\xd3\x8a\xe1n\x97\xea\xf1\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\r\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB\x01\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x94\x1dx\xd6\tb\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0Z\x9f\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18\x00\b\x00\x00Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc5<J\x1f\xba\xfc\x90(\x985\x93\xa8\xd4\xf0\xbdTy\x18\xc8\xa0\xbb\x99\x8c\xe0Q\xffCl\xbdX~3\xa1\xa2\xf4\xd9\xf7\xc7\xfb\xce\x959x\xfeW\r\xf0{\xcaT\xecp)=\x9d\xdfG8\xbf\xe3?d<JN\xcb\xd4H\xb0_jO\xf3\x90\xe8/l\xdfg)\x8d#\xfdo\xa9L\xdeA*\xec\xa1\x14,\xe8\x8d^\xb9r=\xc0\x18\xd4\x11dU[Ry\xed\xd6\x97\x8a\xe8\xca\x99\x10\x8e\xc8P\xa3\xae/\xdaof\x06\x7f\xf7\x80$f\b\x92\xae\xeb\xdd\"\x89\xb8\xf0\xc3\b\x00\x00\x00\x00\fr\xf1\xec\xd9CD\x80\xb4^\x8cw;\x87\xea\x8c\x8bJ\x9a\x0ej\x8f\x8e^\xe6\xa6\xaa\x910\fD\xabFU\xa0D;\xd6\xd1\xeer\x9d\x02\xd9\xf7d`\xbfv\x15.\xe4\x82|)K\x99\x98&?\xcd\xe5\xa8\xba~$;g\t\x02\x84+\x90\xab\x816$/\x92\"\xef\xf7\x18\xfaE\xfe\xf7\n\xb2\x7fC\xbb\xbdg#F\n\vu\xe2\xe9\b\xa2\xf1\x94Fb\x92\xc9\xddP\xf0m35+\xdd\xac3\x00\xdd\xfb\b\xc0\x95\xe8\xa5\xec\x9e\xbfA\x7f\xff\xb8\xe2\xe2HNy$\xd4\xc6\x9dd\t\xf6\xed\x10\x15%\r\x1aD\f>\xdcZ\xb9\xd7Z\x88\x9b\xdff[\x90\xfa\x9a{b\xf4Dq')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000005300000095dbd0ff7fa57b0000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
ioctl$SIOCSIFHWADDR(r0, 0x8b28, &(0x7f0000000000)={'wlan1\x00', @random="0100"})

1.038876437s ago: executing program 3 (id=2543):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'pim6reg1\x00', 0x2})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x114301, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x336)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @link_local})

1.016843069s ago: executing program 0 (id=2544):
r0 = socket$kcm(0xa, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x7b}]}, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(r0, 0x0, 0x4, 0x0, 0x0)

985.386662ms ago: executing program 1 (id=2546):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f0000000c40), 0x12)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000001c0), 0x12)

884.66365ms ago: executing program 0 (id=2547):
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004081)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r0, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000800)={r0, &(0x7f0000000780)}, 0x20)

884.45159ms ago: executing program 1 (id=2549):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x5, 0x2, 0x7, 0x0, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000004340)={0x6, 0xd, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb7030000080000e5b7040000000000008500000033000000850000002300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000100)={r3}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x42}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x70)

884.32051ms ago: executing program 2 (id=2550):
perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x10000, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000700)={0x1, 0x48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x22a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000006c0)={0x0, 0x8d25, 0x18}, 0xc)

332.160804ms ago: executing program 0 (id=2551):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=@base={0x6, 0x4, 0xdd, 0xa}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0a"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

332.005024ms ago: executing program 1 (id=2552):
r0 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x2, 0x4e24, @private=0xa010102}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)="b7", 0x1}], 0x1}, 0x20008050)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x2, 0x0, 0xfffffffc, 0x8}]}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x10, &(0x7f0000000000)=r3, 0xc)

331.858324ms ago: executing program 3 (id=2553):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0xc000000, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x11, 0xa, 0x300)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000700000000000000000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sock_rcvqueue_full\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sock_rcvqueue_full\x00', r1}, 0x10)
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6f94f90524fc6010000200d7070000053582c137153e37000c0980fc0b10000300", 0x33fe0}], 0x1}, 0x0)

288.252418ms ago: executing program 2 (id=2554):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r2}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0))

185.813506ms ago: executing program 0 (id=2555):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0)
close(r0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f00000006c0))
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8948, &(0x7f0000000000)='lo:\x96o8\x14d\xa1\xe3\xd7\\b}\x1f\xa1Y\xad4\x00 \'Y\x17]\x15c\xcaR\xdd\x98OGK\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb7s\xb0\x00\x00\x00\x00\xf5\a\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00\xb1\x88\xebW_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xbaUn\x04\'5\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x1f\x9c,\x113\x7f\x03\x93\xe1\xcc\xe7f\r\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0R\xd3\x8a\xe1n\x97\xea\xf1\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\r\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB\x01\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x94\x1dx\xd6\tb\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0Z\x9f\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18\x00\b\x00\x00Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc5<J\x1f\xba\xfc\x90(\x985\x93\xa8\xd4\xf0\xbdTy\x18\xc8\xa0\xbb\x99\x8c\xe0Q\xffCl\xbdX~3\xa1\xa2\xf4\xd9\xf7\xc7\xfb\xce\x959x\xfeW\r\xf0{\xcaT\xecp)=\x9d\xdfG8\xbf\xe3?d<JN\xcb\xd4H\xb0_jO\xf3\x90\xe8/l\xdfg)\x8d#\xfdo\xa9L\xdeA*\xec\xa1\x14,\xe8\x8d^\xb9r=\xc0\x18\xd4\x11dU[Ry\xed\xd6\x97\x8a\xe8\xca\x99\x10\x8e\xc8P\xa3\xae/\xdaof\x06\x7f\xf7\x80$f\b\x92\xae\xeb\xdd\"\x89\xb8\xf0\xc3\b\x00\x00\x00\x00\fr\xf1\xec\xd9CD\x80\xb4^\x8cw;\x87\xea\x8c\x8bJ\x9a\x0ej\x8f\x8e^\xe6\xa6\xaa\x910\fD\xabFU\xa0D;\xd6\xd1\xeer\x9d\x02\xd9\xf7d`\xbfv\x15.\xe4\x82|)K\x99\x98&?\xcd\xe5\xa8\xba~$;g\t\x02\x84+\x90\xab\x816$/\x92\"\xef\xf7\x18\xfaE\xfe\xf7\n\xb2\x7fC\xbb\xbdg#F\n\vu\xe2\xe9\b\xa2\xf1\x94Fb\x92\xc9\xddP\xf0m35+\xdd\xac3\x00\xdd\xfb\b\xc0\x95\xe8\xa5\xec\x9e\xbfA\x7f\xff\xb8\xe2\xe2HNy$\xd4\xc6\x9dd\t\xf6\xed\x10\x15%\r\x1aD\f>\xdcZ\xb9\xd7Z\x88\x9b\xdff[\x90\xfa\x9a{b\xf4Dq')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000005300000095dbd0ff7fa57b0000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
ioctl$SIOCSIFHWADDR(r0, 0x8b28, &(0x7f0000000000)={'wlan1\x00', @random="0100"})

121.605691ms ago: executing program 0 (id=2556):
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x804, 0x14c9, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x803, 0x0, @perf_config_ext={0x1}, 0xa0, 0x58, 0x0, 0x4, 0x2, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
write$cgroup_type(r1, &(0x7f0000000180), 0x40010)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_config_ext, 0x0, 0x10003, 0x0, 0x5, 0x8000000000000000, 0x5}, 0x0, 0x100000000, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40305829, &(0x7f0000000040)=0x10000)

120.929581ms ago: executing program 1 (id=2564):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r2}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0))

119.361571ms ago: executing program 2 (id=2565):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=@base={0x6, 0x4, 0xdd, 0xa}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0a"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

22.990129ms ago: executing program 0 (id=2557):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f0000000c40), 0x12)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000001c0), 0x12)

22.806809ms ago: executing program 2 (id=2558):
r0 = socket$kcm(0xa, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x7b}]}, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(r0, 0x0, 0x4, 0x0, 0x0)

21.178909ms ago: executing program 3 (id=2567):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000040)='cpuset.memory_spread_slab\x00', 0x2, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000000c0), 0x12)
write$cgroup_int(r1, &(0x7f0000000180)=0x7fffffffffffffff, 0x12)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

0s ago: executing program 1 (id=2559):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'pim6reg1\x00', 0x2})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x114301, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x336)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @link_local})

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.192' (ED25519) to the list of known hosts.
[   59.318902][ T5772] cgroup: Unknown subsys name 'net'
[   59.451254][ T5772] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   60.816006][ T5772] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   62.141003][ T5783] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   62.155176][ T5787] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   62.155303][ T5783] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   62.170479][ T5787] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   62.170495][ T5783] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   62.185709][ T5787] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   62.193116][ T5783] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   62.201152][ T5783] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   62.201605][ T5787] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   62.216858][ T5787] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   62.223956][ T5787] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   62.231951][ T5785] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   62.232980][ T5790] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   62.240410][ T5785] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   62.247585][ T5790] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   62.255557][ T5793] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   62.262097][ T5794] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   62.268707][ T5793] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   62.277181][ T5794] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   62.282467][ T5793] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   62.288846][ T5794] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   62.310965][ T5793] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   62.319938][ T5794] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   62.329076][ T5794] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   62.774177][ T5781] chnl_net:caif_netlink_parms(): no params data found
[   62.837746][ T5784] chnl_net:caif_netlink_parms(): no params data found
[   62.881829][ T5789] chnl_net:caif_netlink_parms(): no params data found
[   62.958125][ T5788] chnl_net:caif_netlink_parms(): no params data found
[   62.982310][ T5781] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.989544][ T5781] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.998717][ T5781] bridge_slave_0: entered allmulticast mode
[   63.005463][ T5781] bridge_slave_0: entered promiscuous mode
[   63.040598][ T5781] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.047937][ T5781] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.055465][ T5781] bridge_slave_1: entered allmulticast mode
[   63.062088][ T5781] bridge_slave_1: entered promiscuous mode
[   63.093608][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.101010][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.108284][ T5784] bridge_slave_0: entered allmulticast mode
[   63.115382][ T5784] bridge_slave_0: entered promiscuous mode
[   63.148574][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.155851][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.162965][ T5784] bridge_slave_1: entered allmulticast mode
[   63.170108][ T5784] bridge_slave_1: entered promiscuous mode
[   63.190245][ T5781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.215971][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.223090][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.230612][ T5789] bridge_slave_0: entered allmulticast mode
[   63.239616][ T5789] bridge_slave_0: entered promiscuous mode
[   63.259191][ T5781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.289274][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.296589][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.303684][ T5789] bridge_slave_1: entered allmulticast mode
[   63.311497][ T5789] bridge_slave_1: entered promiscuous mode
[   63.362325][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.375500][ T5781] team0: Port device team_slave_0 added
[   63.381584][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.389052][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.396330][ T5788] bridge_slave_0: entered allmulticast mode
[   63.402969][ T5788] bridge_slave_0: entered promiscuous mode
[   63.422474][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.432990][ T5781] team0: Port device team_slave_1 added
[   63.439320][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.446700][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.453810][ T5788] bridge_slave_1: entered allmulticast mode
[   63.460664][ T5788] bridge_slave_1: entered promiscuous mode
[   63.469872][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.482778][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.576835][ T5784] team0: Port device team_slave_0 added
[   63.583652][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_0
[   63.590877][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.616880][ T5781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   63.631884][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.643980][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.657440][ T5789] team0: Port device team_slave_0 added
[   63.664916][ T5784] team0: Port device team_slave_1 added
[   63.672132][ T5789] team0: Port device team_slave_1 added
[   63.679051][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_1
[   63.686383][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.712427][ T5781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   63.800584][ T5788] team0: Port device team_slave_0 added
[   63.817710][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0
[   63.825358][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.851393][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   63.863374][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0
[   63.870391][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.896658][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   63.920031][ T5788] team0: Port device team_slave_1 added
[   63.938365][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1
[   63.945425][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.971795][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   63.989151][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1
[   63.996169][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.022402][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.036985][ T5781] hsr_slave_0: entered promiscuous mode
[   64.043255][ T5781] hsr_slave_1: entered promiscuous mode
[   64.061997][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.069033][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.095128][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.122610][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.129790][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.155869][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.207762][ T5784] hsr_slave_0: entered promiscuous mode
[   64.213995][ T5784] hsr_slave_1: entered promiscuous mode
[   64.221212][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   64.229085][ T5784] Cannot create hsr debugfs directory
[   64.245996][ T5789] hsr_slave_0: entered promiscuous mode
[   64.252212][ T5789] hsr_slave_1: entered promiscuous mode
[   64.258275][ T5789] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   64.266090][ T5789] Cannot create hsr debugfs directory
[   64.361668][ T5788] hsr_slave_0: entered promiscuous mode
[   64.368912][ T5787] Bluetooth: hci1: command tx timeout
[   64.371105][ T5783] Bluetooth: hci0: command tx timeout
[   64.375646][ T5788] hsr_slave_1: entered promiscuous mode
[   64.386233][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   64.393773][ T5788] Cannot create hsr debugfs directory
[   64.444825][ T5783] Bluetooth: hci2: command tx timeout
[   64.454873][ T5783] Bluetooth: hci3: command tx timeout
[   64.704997][ T5789] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   64.717608][ T5789] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   64.728272][ T5789] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   64.738883][ T5789] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   64.806543][ T5788] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   64.828872][ T5788] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   64.839406][ T5788] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   64.849776][ T5788] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   64.915006][ T5781] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   64.948912][ T5781] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   64.957919][ T5781] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   64.968159][ T5781] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   65.036020][ T5784] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   65.046596][ T5784] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   65.071528][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.079031][ T5784] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   65.089418][ T5784] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   65.146267][ T5789] 8021q: adding VLAN 0 to HW filter on device team0
[   65.196869][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.204063][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.232594][ T3477] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.239722][ T3477] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.309753][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.333449][ T5781] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.371679][ T5781] 8021q: adding VLAN 0 to HW filter on device team0
[   65.393622][ T3477] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.400783][ T3477] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.417513][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.432569][ T3477] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.439677][ T3477] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.456480][ T5788] 8021q: adding VLAN 0 to HW filter on device team0
[   65.500037][ T5784] 8021q: adding VLAN 0 to HW filter on device team0
[   65.513699][ T2947] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.520898][ T2947] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.561545][ T2947] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.568676][ T2947] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.580518][ T2947] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.587616][ T2947] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.648360][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.655550][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.681750][ T5788] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   65.790163][ T5784] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   65.816110][ T5784] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   65.868648][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.979671][ T5789] veth0_vlan: entered promiscuous mode
[   66.013937][ T5789] veth1_vlan: entered promiscuous mode
[   66.091580][ T5781] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.153990][ T5789] veth0_macvtap: entered promiscuous mode
[   66.172792][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.194313][ T5789] veth1_macvtap: entered promiscuous mode
[   66.240705][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.263699][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.280574][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.309571][ T5781] veth0_vlan: entered promiscuous mode
[   66.320128][ T5789] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.329478][ T5789] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.338867][ T5789] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.349015][ T5789] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.393015][ T5781] veth1_vlan: entered promiscuous mode
[   66.445186][ T5783] Bluetooth: hci0: command tx timeout
[   66.447700][ T5788] veth0_vlan: entered promiscuous mode
[   66.450605][ T5783] Bluetooth: hci1: command tx timeout
[   66.512541][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.522156][ T5788] veth1_vlan: entered promiscuous mode
[   66.525113][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.538471][ T5787] Bluetooth: hci2: command tx timeout
[   66.543949][ T5783] Bluetooth: hci3: command tx timeout
[   66.568740][ T5784] veth0_vlan: entered promiscuous mode
[   66.593013][ T5781] veth0_macvtap: entered promiscuous mode
[   66.602738][ T5788] veth0_macvtap: entered promiscuous mode
[   66.620975][ T5781] veth1_macvtap: entered promiscuous mode
[   66.640979][ T5784] veth1_vlan: entered promiscuous mode
[   66.649761][ T5788] veth1_macvtap: entered promiscuous mode
[   66.658214][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.671285][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.672218][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   66.692025][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   66.703620][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.731541][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   66.742755][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   66.754823][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.779368][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   66.790224][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   66.800295][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   66.811609][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   66.823568][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.856058][ T5781] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.865329][ T5781] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.874035][ T5781] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.884181][ T5781] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.899974][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   66.911088][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   66.924130][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   66.944538][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   66.963661][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.992747][ T5784] veth0_macvtap: entered promiscuous mode
[   67.032352][ T5788] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.041650][ T5788] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.053077][ T5788] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.071174][ T5788] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.089215][    C0] hrtimer: interrupt took 58878 ns
[   67.143885][ T5784] veth1_macvtap: entered promiscuous mode
[   67.207458][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.233568][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.244817][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.269711][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.288355][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.299663][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.316515][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.413534][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.430216][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.445395][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.462476][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.473132][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.490204][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.502713][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.528651][ T5784] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.541242][   T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.552575][   T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.564793][ T5784] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.579604][ T5784] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.592679][ T5784] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.720084][   T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.744420][   T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.835317][  T999] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.871523][  T999] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.988225][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.006408][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.058796][   T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.092167][   T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.145669][ T5783] Bluetooth: hci2: ISO packet for unknown connection handle 0
[   68.178864][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.196379][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.535495][ T5783] Bluetooth: hci1: command tx timeout
[   68.540968][ T5787] Bluetooth: hci0: command tx timeout
[   68.605166][ T5787] Bluetooth: hci3: command tx timeout
[   68.610612][ T5787] Bluetooth: hci2: command tx timeout
[   69.826525][ T5906] syzkaller0: entered promiscuous mode
[   69.841869][ T5906] syzkaller0: entered allmulticast mode
[   69.874296][ T5787] Bluetooth: hci3: Malformed LE Event: 0x0d
[   70.233201][ T5922] netlink: 'syz.2.27': attribute type 2 has an invalid length.
[   70.271437][ T5922] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.27'.
[   70.604893][ T5787] Bluetooth: hci0: command tx timeout
[   70.605385][ T5783] Bluetooth: hci1: command tx timeout
[   70.686182][ T5783] Bluetooth: hci2: command tx timeout
[   70.686195][ T5787] Bluetooth: hci3: command tx timeout
[   71.242814][ T5960] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.43'.
[   71.513411][ T5787] Bluetooth: hci2: Malformed HCI Event
[   71.652362][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[   71.661030][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[   74.494259][ T6021] syzkaller0: entered promiscuous mode
[   74.505454][ T6021] syzkaller0: entered allmulticast mode
[   76.442499][ T6065] netlink: 'syz.0.87': attribute type 33 has an invalid length.
[   76.457342][ T6065] netlink: 'syz.0.87': attribute type 36 has an invalid length.
[   76.467101][ T6065] netlink: 'syz.0.87': attribute type 37 has an invalid length.
[   77.426204][ T6088] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
[   77.671105][ T6093] netlink: 'syz.0.101': attribute type 39 has an invalid length.
[   80.102815][ T6100] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.103'.
[   80.122436][ T6100] netlink: 6116 bytes leftover after parsing attributes in process `syz.3.103'.
[   80.142941][ T6100] netlink: 4 bytes leftover after parsing attributes in process `syz.3.103'.
[   80.216662][ T6102] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.104'.
[   80.273662][ T6102] openvswitch: netlink: Key type 29 is not supported
[   81.886921][  T787] cfg80211: failed to load regulatory.db
[   82.732634][ T6162] netlink: 'syz.3.128': attribute type 1 has an invalid length.
[   82.748800][ T6162] netlink: 'syz.3.128': attribute type 4 has an invalid length.
[   82.761672][ T6162] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.128'.
[   82.967267][ T6172] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.133'.
[   83.074818][ T6175] warning: `syz.1.135' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   84.015945][ T6206] sctp: [Deprecated]: syz.0.149 (pid 6206) Use of struct sctp_assoc_value in delayed_ack socket option.
[   84.015945][ T6206] Use struct sctp_sack_info instead
[   84.466395][ T6213] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.153'.
[   85.866202][ T6249] netlink: 'syz.3.167': attribute type 1 has an invalid length.
[   85.911887][ T6249] netlink: 'syz.3.167': attribute type 4 has an invalid length.
[   85.940495][ T6249] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.167'.
[   86.175173][ T6263] netlink: 'syz.0.174': attribute type 5 has an invalid length.
[   86.472682][ T6274] Illegal XDP return value 92 on prog  (id 94) dev N/A, expect packet loss!
[   86.599770][ T5787] Bluetooth: hci0: unexpected event 0x04 length: 15 > 10
[   86.599804][ T5787] Bluetooth: unknown link type 88
[   86.612116][ T5787] Bluetooth: hci0: connection err: -111
[   86.883925][ T6292] netlink: 'syz.1.186': attribute type 3 has an invalid length.
[   86.915645][ T6292] netlink: 'syz.1.186': attribute type 4 has an invalid length.
[   86.954581][ T6292] netlink: 'syz.1.186': attribute type 7 has an invalid length.
[   86.962261][ T6292] netlink: 'syz.1.186': attribute type 8 has an invalid length.
[   87.001411][ T6292] netlink: 'syz.1.186': attribute type 7 has an invalid length.
[   87.025466][ T6292] netlink: 198048 bytes leftover after parsing attributes in process `syz.1.186'.
[   87.948717][ T6303] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.192'.
[   88.188616][ T6309] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   89.415897][ T6320] syzkaller0: entered promiscuous mode
[   89.421393][ T6320] syzkaller0: entered allmulticast mode
[   90.756951][ T6338] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   91.859288][ T6366] sock: sock_timestamping_bind_phc: sock not bind to device
[   92.497231][ T6384] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.227'.
[   93.445922][ T6407] netlink: 539 bytes leftover after parsing attributes in process `syz.2.237'.
[   95.307403][ T6459] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.260'.
[   95.600081][ T6464] sctp: [Deprecated]: syz.2.263 (pid 6464) Use of struct sctp_assoc_value in delayed_ack socket option.
[   95.600081][ T6464] Use struct sctp_sack_info instead
[   95.841161][ T6473] syz.2.266[6473] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   95.841291][ T6473] syz.2.266[6473] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   97.038462][ T6500] syzkaller0: entered promiscuous mode
[   97.057429][ T6500] syzkaller0: entered allmulticast mode
[   97.098076][ T6506] netlink: 'syz.0.279': attribute type 3 has an invalid length.
[   97.105883][ T6507] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.280'.
[   97.136220][ T6506] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.279'.
[   98.173619][ T6527] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.286'.
[   98.862756][ T6529] syz.0.287: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1
[   98.879073][ T6529] CPU: 1 PID: 6529 Comm: syz.0.287 Not tainted 6.6.102-syzkaller #0
[   98.887091][ T6529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   98.897175][ T6529] Call Trace:
[   98.900465][ T6529]  <TASK>
[   98.903402][ T6529]  dump_stack_lvl+0x16c/0x230
[   98.908097][ T6529]  ? show_regs_print_info+0x20/0x20
[   98.913299][ T6529]  ? load_image+0x3b0/0x3b0
[   98.917815][ T6529]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[   98.924232][ T6529]  ? cpuset_print_current_mems_allowed+0x2e3/0x360
[   98.930738][ T6529]  warn_alloc+0x210/0x300
[   98.935077][ T6529]  ? stack_trace_save+0x9c/0xe0
[   98.939934][ T6529]  ? zone_watermark_ok_safe+0x230/0x230
[   98.945509][ T6529]  ? kasan_set_track+0x5f/0x70
[   98.950276][ T6529]  ? kasan_set_track+0x4e/0x70
[   98.955035][ T6529]  ? __kasan_kmalloc+0x8f/0xa0
[   98.959795][ T6529]  ? xsk_init_queue+0xb0/0x110
[   98.964557][ T6529]  ? xsk_setsockopt+0x4db/0x6f0
[   98.969408][ T6529]  ? do_sock_setsockopt+0x175/0x1a0
[   98.974602][ T6529]  ? __x64_sys_setsockopt+0x184/0x200
[   98.979979][ T6529]  __vmalloc_node_range+0x126/0x1320
[   98.985304][ T6529]  ? free_vm_area+0x50/0x50
[   98.989827][ T6529]  vmalloc_user+0x74/0x80
[   98.994157][ T6529]  ? xskq_create+0xbf/0x170
[   98.998665][ T6529]  xskq_create+0xbf/0x170
[   99.002997][ T6529]  xsk_init_queue+0xb0/0x110
[   99.007591][ T6529]  xsk_setsockopt+0x4db/0x6f0
[   99.012273][ T6529]  ? xsk_poll+0x670/0x670
[   99.016610][ T6529]  ? __fget_files+0x28/0x4d0
[   99.021202][ T6529]  ? aa_sock_opt_perm+0x74/0x100
[   99.026144][ T6529]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[   99.031692][ T6529]  ? security_socket_setsockopt+0x7e/0xa0
[   99.037405][ T6529]  ? xsk_poll+0x670/0x670
[   99.041736][ T6529]  do_sock_setsockopt+0x175/0x1a0
[   99.046763][ T6529]  ? __fdget+0x180/0x210
[   99.051009][ T6529]  __x64_sys_setsockopt+0x184/0x200
[   99.056219][ T6529]  do_syscall_64+0x55/0xb0
[   99.060635][ T6529]  ? clear_bhb_loop+0x40/0x90
[   99.065308][ T6529]  ? clear_bhb_loop+0x40/0x90
[   99.069985][ T6529]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   99.075881][ T6529] RIP: 0033:0x7fe3ee78ebe9
[   99.080308][ T6529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   99.099925][ T6529] RSP: 002b:00007fe3ef6ea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   99.108341][ T6529] RAX: ffffffffffffffda RBX: 00007fe3ee9b5fa0 RCX: 00007fe3ee78ebe9
[   99.116314][ T6529] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005
[   99.124282][ T6529] RBP: 00007fe3ee811e19 R08: 0000000000000004 R09: 0000000000000000
[   99.132250][ T6529] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000
[   99.140216][ T6529] R13: 00007fe3ee9b6038 R14: 00007fe3ee9b5fa0 R15: 00007ffcc25ef698
[   99.148209][ T6529]  </TASK>
[   99.187751][ T6529] Mem-Info:
[   99.190919][ T6529] active_anon:5762 inactive_anon:0 isolated_anon:0
[   99.190919][ T6529]  active_file:816 inactive_file:39836 isolated_file:0
[   99.190919][ T6529]  unevictable:768 dirty:115 writeback:0
[   99.190919][ T6529]  slab_reclaimable:9764 slab_unreclaimable:94473
[   99.190919][ T6529]  mapped:24993 shmem:1361 pagetables:512
[   99.190919][ T6529]  sec_pagetables:0 bounce:0
[   99.190919][ T6529]  kernel_misc_reclaimable:0
[   99.190919][ T6529]  free:1365950 free_pcp:8241 free_cma:0
[   99.261618][ T6529] Node 0 active_anon:23048kB inactive_anon:0kB active_file:3264kB inactive_file:159140kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:95872kB dirty:456kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10988kB pagetables:2148kB sec_pagetables:0kB all_unreclaimable? no
[   99.325239][ T6529] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[   99.389682][ T6529] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   99.431382][ T6529] lowmem_reserve[]: 0 2525 2526 2526 2526
[   99.439320][ T6529] Node 0 DMA32 free:1557048kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:23096kB inactive_anon:0kB active_file:3264kB inactive_file:157820kB unevictable:1536kB writepending:456kB present:3129332kB managed:2589596kB mlocked:0kB bounce:0kB free_pcp:12640kB local_pcp:5292kB free_cma:0kB
[   99.540191][ T6529] lowmem_reserve[]: 0 0 1 1 1
[   99.555695][ T6529] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB
[   99.605763][ T6529] lowmem_reserve[]: 0 0 0 0 0
[   99.612406][ T6529] Node 1 Normal free:3891512kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:20320kB local_pcp:10016kB free_cma:0kB
[   99.701913][ T6529] lowmem_reserve[]: 0 0 0 0 0
[   99.725152][ T6529] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   99.776497][ T6529] Node 0 DMA32: 680*4kB (UME) 683*8kB (UME) 474*16kB (UM) 233*32kB (UME) 83*64kB (UME) 19*128kB (UME) 11*256kB (ME) 10*512kB (ME) 4*1024kB (M) 2*2048kB (M) 367*4096kB (UM) = 1550328kB
[   99.822159][ T6529] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[   99.834186][ T6529] Node 1 Normal: 232*4kB (UME) 55*8kB (UME) 40*16kB (UME) 40*32kB (UME) 10*64kB (UME) 6*128kB (UME) 3*256kB (UM) 2*512kB (UE) 0*1024kB 1*2048kB (E) 948*4096kB (M) = 3891544kB
[   99.852476][ T6529] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[   99.904557][ T6529] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   99.945779][ T6529] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[   99.964377][ T6529] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   99.983083][ T6529] 42013 total pagecache pages
[  100.002536][ T6529] 0 pages in swap cache
[  100.007670][ T6529] Free swap  = 124996kB
[  100.016735][ T6529] Total swap = 124996kB
[  100.031481][ T6529] 2097051 pages RAM
[  100.035764][ T6529] 0 pages HighMem/MovableOnly
[  100.040456][ T6529] 416138 pages reserved
[  100.055088][ T6529] 0 pages cma reserved
[  100.409992][ T5787] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[  102.444590][ T5787] Bluetooth: hci1: command tx timeout
[  108.505993][ T6585] netlink: 'syz.1.307': attribute type 10 has an invalid length.
[  108.526276][ T6585] netlink: 3819 bytes leftover after parsing attributes in process `syz.1.307'.
[  109.028812][ T6577] netlink: 61211 bytes leftover after parsing attributes in process `syz.2.306'.
[  109.044200][ T6588] netlink: 168 bytes leftover after parsing attributes in process `syz.1.308'.
[  110.376200][ T5787] Bluetooth: hci3: unknown advertising packet type: 0xff
[  110.376234][ T5787] Bluetooth: hci3: unknown advertising packet type: 0x80
[  110.383351][ T5787] Bluetooth: hci3: unknown advertising packet type: 0x09
[  110.390744][ T5787] Bluetooth: hci3: Malformed LE Event: 0x02
[  111.006427][ T6656] netlink: 61967 bytes leftover after parsing attributes in process `syz.3.339'.
[  111.394164][ T6667] syzkaller0: entered promiscuous mode
[  111.399896][ T6667] syzkaller0: entered allmulticast mode
[  111.742111][ T6689] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.354'.
[  113.272567][ T6710] netlink: 'syz.1.363': attribute type 3 has an invalid length.
[  113.280466][ T6710] netlink: 'syz.1.363': attribute type 1 has an invalid length.
[  113.289241][ T6710] netlink: 'syz.1.363': attribute type 16 has an invalid length.
[  113.297488][ T6710] netlink: 'syz.1.363': attribute type 18 has an invalid length.
[  113.312194][ T6710] netlink: 'syz.1.363': attribute type 20 has an invalid length.
[  113.331360][ T6710] netlink: 102048 bytes leftover after parsing attributes in process `syz.1.363'.
[  113.864630][ T6731] syz.3.374 uses obsolete (PF_INET,SOCK_PACKET)
[  120.256633][ T6890] netlink: 'syz.3.448': attribute type 3 has an invalid length.
[  120.264428][ T6890] netlink: 'syz.3.448': attribute type 1 has an invalid length.
[  120.289426][ T6890] netlink: 'syz.3.448': attribute type 16 has an invalid length.
[  120.309651][ T6890] netlink: 'syz.3.448': attribute type 18 has an invalid length.
[  120.354565][ T6890] netlink: 'syz.3.448': attribute type 20 has an invalid length.
[  120.369182][ T6890] netlink: 102048 bytes leftover after parsing attributes in process `syz.3.448'.
[  121.858925][ T6924] netlink: 'syz.0.460': attribute type 3 has an invalid length.
[  121.881512][ T6924] netlink: 'syz.0.460': attribute type 1 has an invalid length.
[  121.892053][ T6924] netlink: 'syz.0.460': attribute type 16 has an invalid length.
[  121.900257][ T6924] netlink: 'syz.0.460': attribute type 18 has an invalid length.
[  121.908499][ T6924] netlink: 'syz.0.460': attribute type 20 has an invalid length.
[  121.916736][ T6924] netlink: 102048 bytes leftover after parsing attributes in process `syz.0.460'.
[  122.163130][ T6934] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.465'.
[  122.772813][ T6957] syzkaller0: entered promiscuous mode
[  122.785762][ T6957] syzkaller0: entered allmulticast mode
[  122.883091][ T6967] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.483'.
[  124.276663][ T6978] netlink: 61967 bytes leftover after parsing attributes in process `syz.2.487'.
[  124.665593][ T6996] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.497'.
[  124.741387][ T5787] Bluetooth: hci2: unknown advertising packet type: 0xff
[  124.741454][ T5787] Bluetooth: hci2: unknown advertising packet type: 0x80
[  124.749470][ T5787] Bluetooth: hci2: unknown advertising packet type: 0x09
[  124.757860][ T5787] Bluetooth: hci2: Malformed LE Event: 0x02
[  124.764266][ T6997] syzkaller0: entered promiscuous mode
[  124.778665][ T6997] syzkaller0: entered allmulticast mode
[  126.814977][ T7035] syzkaller0: entered promiscuous mode
[  126.821658][ T7035] syzkaller0: entered allmulticast mode
[  128.564903][ T7065] netlink: 61211 bytes leftover after parsing attributes in process `syz.3.535'.
[  128.999211][ T7084] netlink: 168 bytes leftover after parsing attributes in process `syz.3.532'.
[  129.147145][ T7088] netlink: 'syz.0.533': attribute type 10 has an invalid length.
[  129.158076][ T7088] netlink: 3819 bytes leftover after parsing attributes in process `syz.0.533'.
[  130.414040][ T5787] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18
[  131.595288][ T5787] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
[  132.444909][ T5787] Bluetooth: hci3: command tx timeout
[  133.100251][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  133.106691][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  133.648057][ T5787] Bluetooth: hci0: command tx timeout
[  134.734562][ T5787] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18
[  134.942933][ T7182] syzkaller0: entered promiscuous mode
[  134.948980][ T7182] syzkaller0: entered allmulticast mode
[  136.331514][ T7203] syz.3.577: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1
[  136.347107][ T7203] CPU: 1 PID: 7203 Comm: syz.3.577 Not tainted 6.6.102-syzkaller #0
[  136.355119][ T7203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  136.365196][ T7203] Call Trace:
[  136.368478][ T7203]  <TASK>
[  136.371421][ T7203]  dump_stack_lvl+0x16c/0x230
[  136.376121][ T7203]  ? show_regs_print_info+0x20/0x20
[  136.381340][ T7203]  ? load_image+0x3b0/0x3b0
[  136.385869][ T7203]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  136.392305][ T7203]  ? cpuset_print_current_mems_allowed+0x2e3/0x360
[  136.398815][ T7203]  warn_alloc+0x210/0x300
[  136.403149][ T7203]  ? stack_trace_save+0x9c/0xe0
[  136.408005][ T7203]  ? zone_watermark_ok_safe+0x230/0x230
[  136.413569][ T7203]  ? kasan_set_track+0x5f/0x70
[  136.418331][ T7203]  ? kasan_set_track+0x4e/0x70
[  136.423090][ T7203]  ? __kasan_kmalloc+0x8f/0xa0
[  136.427855][ T7203]  ? xsk_init_queue+0xb0/0x110
[  136.432623][ T7203]  ? xsk_setsockopt+0x4db/0x6f0
[  136.437476][ T7203]  ? do_sock_setsockopt+0x175/0x1a0
[  136.442674][ T7203]  ? __x64_sys_setsockopt+0x184/0x200
[  136.448053][ T7203]  __vmalloc_node_range+0x126/0x1320
[  136.453384][ T7203]  ? free_vm_area+0x50/0x50
[  136.457906][ T7203]  vmalloc_user+0x74/0x80
[  136.462235][ T7203]  ? xskq_create+0xbf/0x170
[  136.466738][ T7203]  xskq_create+0xbf/0x170
[  136.471069][ T7203]  xsk_init_queue+0xb0/0x110
[  136.475662][ T7203]  xsk_setsockopt+0x4db/0x6f0
[  136.480374][ T7203]  ? xsk_poll+0x670/0x670
[  136.484724][ T7203]  ? __fget_files+0x28/0x4d0
[  136.489322][ T7203]  ? aa_sock_opt_perm+0x74/0x100
[  136.494271][ T7203]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  136.499817][ T7203]  ? security_socket_setsockopt+0x7e/0xa0
[  136.505537][ T7203]  ? xsk_poll+0x670/0x670
[  136.509874][ T7203]  do_sock_setsockopt+0x175/0x1a0
[  136.514900][ T7203]  ? __fdget+0x180/0x210
[  136.519155][ T7203]  __x64_sys_setsockopt+0x184/0x200
[  136.524373][ T7203]  do_syscall_64+0x55/0xb0
[  136.528791][ T7203]  ? clear_bhb_loop+0x40/0x90
[  136.533465][ T7203]  ? clear_bhb_loop+0x40/0x90
[  136.538145][ T7203]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  136.544041][ T7203] RIP: 0033:0x7fabdfd8ebe9
[  136.548469][ T7203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  136.568074][ T7203] RSP: 002b:00007fabe0bf7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  136.576502][ T7203] RAX: ffffffffffffffda RBX: 00007fabdffb5fa0 RCX: 00007fabdfd8ebe9
[  136.584484][ T7203] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005
[  136.592461][ T7203] RBP: 00007fabdfe11e19 R08: 0000000000000004 R09: 0000000000000000
[  136.600429][ T7203] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000
[  136.608416][ T7203] R13: 00007fabdffb6038 R14: 00007fabdffb5fa0 R15: 00007ffd579e23b8
[  136.616412][ T7203]  </TASK>
[  136.622492][ T7203] Mem-Info:
[  136.625752][ T7203] active_anon:5712 inactive_anon:0 isolated_anon:0
[  136.625752][ T7203]  active_file:816 inactive_file:39850 isolated_file:0
[  136.625752][ T7203]  unevictable:768 dirty:150 writeback:0
[  136.625752][ T7203]  slab_reclaimable:10057 slab_unreclaimable:95997
[  136.625752][ T7203]  mapped:24018 shmem:1361 pagetables:521
[  136.625752][ T7203]  sec_pagetables:0 bounce:0
[  136.625752][ T7203]  kernel_misc_reclaimable:0
[  136.625752][ T7203]  free:1364331 free_pcp:6429 free_cma:0
[  136.688087][ T7203] Node 0 active_anon:22948kB inactive_anon:0kB active_file:3264kB inactive_file:159196kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:96072kB dirty:600kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11112kB pagetables:2184kB sec_pagetables:0kB all_unreclaimable? no
[  136.720793][ T7203] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  136.734589][ T7205] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.578'.
[  136.760984][ T7203] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  136.788563][ T5787] Bluetooth: hci2: command tx timeout
[  136.795154][ T7203] lowmem_reserve[]: 0 2525 2526 2526 2526
[  136.801006][ T7203] Node 0 DMA32 free:1549140kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:22896kB inactive_anon:0kB active_file:3264kB inactive_file:157876kB unevictable:1536kB writepending:600kB present:3129332kB managed:2589596kB mlocked:0kB bounce:0kB free_pcp:5472kB local_pcp:4460kB free_cma:0kB
[  136.831399][ T7203] lowmem_reserve[]: 0 0 1 1 1
[  136.836242][ T7203] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB
[  136.867837][ T7203] lowmem_reserve[]: 0 0 0 0 0
[  136.872684][ T7203] Node 1 Normal free:3892312kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:19616kB local_pcp:9760kB free_cma:0kB
[  136.903241][ T7203] lowmem_reserve[]: 0 0 0 0 0
[  136.908192][ T7203] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  136.921105][ T7203] Node 0 DMA32: 675*4kB (UM) 681*8kB (UME) 442*16kB (UME) 511*32kB (UME) 64*64kB (UME) 28*128kB (UM) 14*256kB (UM) 8*512kB (UME) 5*1024kB (UM) 3*2048kB (UM) 364*4096kB (M) = 1549140kB
[  136.940026][ T7203] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  136.952127][ T7203] Node 1 Normal: 232*4kB (UME) 55*8kB (UME) 40*16kB (UME) 56*32kB (UME) 14*64kB (UME) 6*128kB (UME) 3*256kB (UM) 2*512kB (UE) 0*1024kB 1*2048kB (E) 948*4096kB (M) = 3892312kB
[  136.970105][ T7203] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  136.983795][ T7203] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  136.993402][ T7203] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  137.003111][ T7203] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  137.012585][ T7203] 42027 total pagecache pages
[  137.017643][ T7203] 0 pages in swap cache
[  137.021977][ T7203] Free swap  = 124996kB
[  137.026231][ T7203] Total swap = 124996kB
[  137.030405][ T7203] 2097051 pages RAM
[  137.034232][ T7203] 0 pages HighMem/MovableOnly
[  137.039022][ T7203] 416138 pages reserved
[  137.043217][ T7203] 0 pages cma reserved
[  137.352212][ T7212] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.593'.
[  137.627710][ T7222] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.588'.
[  137.804021][ T7232] netlink: 'syz.3.591': attribute type 3 has an invalid length.
[  137.853320][ T7232] netlink: 201372 bytes leftover after parsing attributes in process `syz.3.591'.
[  138.187858][ T7236] syzkaller0: entered promiscuous mode
[  138.201771][ T7236] syzkaller0: entered allmulticast mode
[  139.416898][ T7259] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.605'.
[  140.478418][ T7269] netlink: 'syz.2.608': attribute type 3 has an invalid length.
[  140.486693][ T7269] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.608'.
[  140.751765][ T7280] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.615'.
[  140.975026][ T7288] syz.3.617[7288] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  140.975143][ T7288] syz.3.617[7288] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  141.191483][ T7295] sctp: [Deprecated]: syz.3.621 (pid 7295) Use of struct sctp_assoc_value in delayed_ack socket option.
[  141.191483][ T7295] Use struct sctp_sack_info instead
[  141.319355][ T7296] syzkaller0: entered promiscuous mode
[  141.330860][ T7296] syzkaller0: entered allmulticast mode
[  141.619232][ T7303] netlink: 'syz.1.623': attribute type 3 has an invalid length.
[  141.627373][ T7303] netlink: 201372 bytes leftover after parsing attributes in process `syz.1.623'.
[  141.848292][ T7309] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.626'.
[  143.326208][ T7323] netlink: 'syz.2.636': attribute type 3 has an invalid length.
[  143.344646][ T7323] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.636'.
[  143.850317][ T7348] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.642'.
[  144.181531][ T7348] syz.0.642 (7348) used greatest stack depth: 20592 bytes left
[  145.326848][ T7385] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.659'.
[  145.834925][ T7403] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.677'.
[  147.705750][ T7431] netlink: 539 bytes leftover after parsing attributes in process `syz.1.679'.
[  150.558314][ T7483] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.698'.
[  151.617993][ T7520] sock: sock_timestamping_bind_phc: sock not bind to device
[  153.670577][ T7573] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  154.761540][ T7595] syzkaller0: entered promiscuous mode
[  154.768069][ T7595] syzkaller0: entered allmulticast mode
[  157.209553][ T7637] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.763'.
[  157.709970][ T7658] syzkaller0: entered promiscuous mode
[  157.730174][ T7658] syzkaller0: entered allmulticast mode
[  158.855238][ T7674] netlink: 'syz.3.776': attribute type 3 has an invalid length.
[  158.863059][ T7674] netlink: 'syz.3.776': attribute type 4 has an invalid length.
[  158.872851][ T7674] netlink: 'syz.3.776': attribute type 7 has an invalid length.
[  158.881114][ T7674] netlink: 'syz.3.776': attribute type 8 has an invalid length.
[  158.889171][ T7674] netlink: 'syz.3.776': attribute type 7 has an invalid length.
[  158.902763][ T7674] netlink: 198048 bytes leftover after parsing attributes in process `syz.3.776'.
[  160.421536][ T5787] Bluetooth: hci3: unexpected event 0x04 length: 15 > 10
[  160.421568][ T5787] Bluetooth: unknown link type 88
[  160.434703][ T5787] Bluetooth: hci3: connection err: -111
[  160.880481][ T7701] netlink: 'syz.0.788': attribute type 3 has an invalid length.
[  160.888301][ T7701] netlink: 'syz.0.788': attribute type 4 has an invalid length.
[  160.900702][ T7701] netlink: 'syz.0.788': attribute type 7 has an invalid length.
[  160.916703][ T7701] netlink: 'syz.0.788': attribute type 8 has an invalid length.
[  160.933105][ T7701] netlink: 'syz.0.788': attribute type 7 has an invalid length.
[  160.952658][ T7701] netlink: 198048 bytes leftover after parsing attributes in process `syz.0.788'.
[  161.500719][ T7709] syzkaller0: entered promiscuous mode
[  161.519327][ T7709] syzkaller0: entered allmulticast mode
[  164.690360][ T7743] syzkaller0: entered promiscuous mode
[  164.697925][ T7743] syzkaller0: entered allmulticast mode
[  164.711531][ T7746] netlink: 'syz.2.802': attribute type 5 has an invalid length.
[  167.506316][ T7791] netlink: 'syz.2.818': attribute type 1 has an invalid length.
[  167.529210][ T7791] netlink: 'syz.2.818': attribute type 4 has an invalid length.
[  167.558122][ T7791] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.818'.
[  170.584760][ T7824] netlink: 'syz.1.830': attribute type 1 has an invalid length.
[  170.592512][ T7824] netlink: 'syz.1.830': attribute type 4 has an invalid length.
[  170.600631][ T7824] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.830'.
[  176.596959][ T7883] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.851'.
[  177.101825][ T7899] sctp: [Deprecated]: syz.2.858 (pid 7899) Use of struct sctp_assoc_value in delayed_ack socket option.
[  177.101825][ T7899] Use struct sctp_sack_info instead
[  186.377499][ T5785] Bluetooth: hci3: command 0x0406 tx timeout
[  186.383566][ T5785] Bluetooth: hci1: command 0x0406 tx timeout
[  186.389726][ T5103] Bluetooth: hci2: command 0x0406 tx timeout
[  186.402444][   T50] Bluetooth: hci0: command 0x0406 tx timeout
[  186.497150][ T7979] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.893'.
[  187.876500][ T8001] netlink: 'syz.1.903': attribute type 1 has an invalid length.
[  187.884179][ T8001] netlink: 'syz.1.903': attribute type 4 has an invalid length.
[  187.892423][ T8001] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.903'.
[  192.499799][ T8080] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.933'.
[  192.564551][ T8080] openvswitch: netlink: Key type 29 is not supported
[  194.548410][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  194.564897][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  205.290577][ T8231] netlink: 'syz.3.985': attribute type 2 has an invalid length.
[  205.298432][ T8231] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.985'.
[  206.730459][ T8271] netlink: 'syz.0.999': attribute type 2 has an invalid length.
[  206.769393][ T8271] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.999'.
[  207.120286][ T5793] Bluetooth: hci2: Malformed LE Event: 0x0d
[  207.166172][ T8287] syzkaller0: entered promiscuous mode
[  207.171850][ T8287] syzkaller0: entered allmulticast mode
[  208.096918][ T8298] syzkaller0: entered promiscuous mode
[  208.108897][ T8298] syzkaller0: entered allmulticast mode
[  210.352641][ T5793] Bluetooth: hci3: Malformed LE Event: 0x02
[  211.859825][ T5793] Bluetooth: hci1: Malformed LE Event: 0x02
[  213.869510][ T5793] Bluetooth: hci0: Malformed LE Event: 0x02
[  215.865937][ T8459] netlink: 172 bytes leftover after parsing attributes in process `syz.2.1079'.
[  215.946546][ T8461] tap0: tun_chr_ioctl cmd 1074025677
[  215.952114][ T8461] tap0: linktype set to 773
[  218.454133][ T8558] syzkaller0: entered promiscuous mode
[  218.471403][ T8558] syzkaller0: entered allmulticast mode
[  219.411574][ T8587] syzkaller0: entered promiscuous mode
[  219.424288][ T8587] syzkaller0: entered allmulticast mode
[  219.823689][ T8603] syzkaller0: entered promiscuous mode
[  219.829334][ T8603] syzkaller0: entered allmulticast mode
[  220.961251][ T8639] syzkaller0: entered promiscuous mode
[  220.967087][ T8639] syzkaller0: entered allmulticast mode
[  233.436067][ T8870] netlink: 'syz.3.1252': attribute type 25 has an invalid length.
[  234.025824][ T8880] netlink: 'syz.2.1268': attribute type 25 has an invalid length.
[  235.980574][ T8913] netlink: 'syz.1.1273': attribute type 25 has an invalid length.
[  238.980056][ T8955] netlink: 'syz.0.1288': attribute type 25 has an invalid length.
[  239.196956][ T8963] netlink: 'syz.0.1301': attribute type 25 has an invalid length.
[  239.459101][ T8966] syzkaller0: entered promiscuous mode
[  239.464785][ T8966] syzkaller0: entered allmulticast mode
[  242.591810][ T8997] netlink: 'syz.1.1307': attribute type 25 has an invalid length.
[  244.425184][ T9029] syzkaller0: entered promiscuous mode
[  244.430998][ T9029] syzkaller0: entered allmulticast mode
[  246.872267][ T9050] syzkaller0: entered promiscuous mode
[  246.878732][ T9050] syzkaller0: entered allmulticast mode
[  247.981240][ T9072] syzkaller0: entered promiscuous mode
[  247.995204][ T9072] syzkaller0: entered allmulticast mode
[  251.994333][ T9131] syzkaller0: entered promiscuous mode
[  252.006015][ T9131] syzkaller0: entered allmulticast mode
[  254.907060][ T9169] syzkaller0: entered promiscuous mode
[  254.912649][ T9169] syzkaller0: entered allmulticast mode
[  255.995120][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  256.001883][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  257.796004][ T9190] syzkaller0: entered promiscuous mode
[  257.801514][ T9190] syzkaller0: entered allmulticast mode
[  258.052126][ T9193] syzkaller0: entered promiscuous mode
[  258.072268][ T9193] syzkaller0: entered allmulticast mode
[  261.164268][ T9227] syzkaller0: entered promiscuous mode
[  261.194625][ T9227] syzkaller0: entered allmulticast mode
[  262.374828][ T9243] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1397'.
[  262.814781][ T9250] syzkaller0: entered promiscuous mode
[  262.820292][ T9250] syzkaller0: entered allmulticast mode
[  265.953415][ T9287] syzkaller0: entered promiscuous mode
[  265.975556][ T9287] syzkaller0: entered allmulticast mode
[  281.332788][ T5793] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10
[  281.928952][ T5793] Bluetooth: hci3: unexpected event 0x04 length: 15 > 10
[  282.412745][ T5793] Bluetooth: hci0: unexpected event 0x04 length: 15 > 10
[  282.969821][ T9656] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1571'.
[  282.971312][ T5793] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10
[  282.979816][ T9651] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1571'.
[  283.404579][ T5793] Bluetooth: hci1: command 0x0406 tx timeout
[  283.965017][ T5793] Bluetooth: hci3: command 0x0406 tx timeout
[  284.444593][ T5793] Bluetooth: hci0: command 0x0406 tx timeout
[  284.627625][ T5793] Bluetooth: hci0: unexpected event 0x04 length: 15 > 10
[  284.698291][ T9691] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1584'.
[  284.715660][ T9688] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1584'.
[  285.004807][ T5793] Bluetooth: hci2: command 0x0406 tx timeout
[  285.665326][ T9705] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1599'.
[  285.699886][ T9701] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1599'.
[  285.884262][ T5793] Bluetooth: hci3: unexpected event 0x04 length: 15 > 10
[  286.017380][ T5793] Bluetooth: hci2: Malformed LE Event: 0x0d
[  286.195793][ T9734] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1605'.
[  286.205806][ T9732] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1605'.
[  286.223395][ T9735] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1606'.
[  286.233442][ T9735] hsr_slave_0: left promiscuous mode
[  286.240088][ T9735] hsr_slave_1: left promiscuous mode
[  286.518370][ T5793] Bluetooth: hci3: Malformed LE Event: 0x0d
[  286.686124][ T5793] Bluetooth: hci0: command 0x0406 tx timeout
[  286.733519][ T9752] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1615'.
[  286.743974][ T9752] hsr_slave_0: left promiscuous mode
[  286.753451][ T9752] hsr_slave_1: left promiscuous mode
[  287.080379][ T5793] Bluetooth: hci0: Malformed LE Event: 0x0d
[  287.359897][ T9783] hsr_slave_0: left promiscuous mode
[  287.366347][ T9783] hsr_slave_1: left promiscuous mode
[  287.964540][ T5793] Bluetooth: hci3: command 0x0406 tx timeout
[  288.192875][ T5793] Bluetooth: hci1: Malformed LE Event: 0x0d
[  289.115075][ T9811] __nla_validate_parse: 1 callbacks suppressed
[  289.115089][ T9811] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1640'.
[  289.149833][ T9811] hsr_slave_0: left promiscuous mode
[  289.157187][ T9811] hsr_slave_1: left promiscuous mode
[  289.756055][ T9839] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1655'.
[  291.720112][ T9892] syzkaller0: entered promiscuous mode
[  291.734898][ T9892] syzkaller0: entered allmulticast mode
[  294.033609][ T5793] Bluetooth: hci0: Dropping invalid advertising data
[  294.040685][ T5793] Bluetooth: hci0: unknown advertising packet type: 0xff
[  294.040708][ T5793] Bluetooth: hci0: Malformed LE Event: 0x02
[  295.824517][ T9951] syzkaller0: entered promiscuous mode
[  295.847429][ T9951] syzkaller0: entered allmulticast mode
[  296.123788][ T5793] Bluetooth: hci3: Dropping invalid advertising data
[  296.131790][ T5793] Bluetooth: hci3: unknown advertising packet type: 0xff
[  296.131819][ T5793] Bluetooth: hci3: Malformed LE Event: 0x02
[  297.650159][ T9969] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.1712'.
[  297.926044][ T5793] Bluetooth: hci1: Dropping invalid advertising data
[  297.932778][ T5793] Bluetooth: hci1: unknown advertising packet type: 0xff
[  297.932801][ T5793] Bluetooth: hci1: Malformed LE Event: 0x02
[  298.313762][T10000] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.1724'.
[  298.549855][T10004] syzkaller0: entered promiscuous mode
[  298.560094][T10004] syzkaller0: entered allmulticast mode
[  298.583139][T10007] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.1736'.
[  300.492426][ T5793] Bluetooth: hci2: Dropping invalid advertising data
[  300.499355][ T5793] Bluetooth: hci2: unknown advertising packet type: 0xff
[  300.499378][ T5793] Bluetooth: hci2: Malformed LE Event: 0x02
[  303.157899][T10049] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.1742'.
[  303.311792][T10054] syzkaller0: entered promiscuous mode
[  303.321353][T10054] syzkaller0: entered allmulticast mode
[  305.190288][T10086] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.1755'.
[  305.860159][T10114] syzkaller0: entered promiscuous mode
[  305.865955][T10114] syzkaller0: entered allmulticast mode
[  308.597386][T10132] syzkaller0: entered promiscuous mode
[  308.612715][T10132] syzkaller0: entered allmulticast mode
[  308.656565][T10143] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.1778'.
[  314.624871][T10168] netlink: 'syz.0.1792': attribute type 29 has an invalid length.
[  314.646538][T10168] netlink: 'syz.0.1792': attribute type 29 has an invalid length.
[  314.675035][T10168] netlink: 'syz.0.1792': attribute type 29 has an invalid length.
[  314.696912][T10168] netlink: 'syz.0.1792': attribute type 29 has an invalid length.
[  314.736777][T10168] netlink: 'syz.0.1792': attribute type 29 has an invalid length.
[  317.413055][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  317.422792][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  318.942169][T10184] netlink: 'syz.2.1799': attribute type 12 has an invalid length.
[  318.950388][T10184] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1799'.
[  318.959858][T10187] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1799'.
[  319.270016][T10208] netlink: 'syz.3.1807': attribute type 29 has an invalid length.
[  319.291107][T10208] netlink: 'syz.3.1807': attribute type 29 has an invalid length.
[  319.336063][T10208] netlink: 'syz.3.1807': attribute type 29 has an invalid length.
[  319.359367][T10208] netlink: 'syz.3.1807': attribute type 29 has an invalid length.
[  320.267710][T10221] validate_nla: 1 callbacks suppressed
[  320.267724][T10221] netlink: 'syz.2.1812': attribute type 1 has an invalid length.
[  320.291691][T10221] netlink: 'syz.2.1812': attribute type 4 has an invalid length.
[  320.314994][T10221] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.1812'.
[  320.570346][T10233] netlink: 'syz.0.1829': attribute type 1 has an invalid length.
[  320.570954][T10234] netlink: 'syz.1.1821': attribute type 29 has an invalid length.
[  320.578241][T10233] netlink: 'syz.0.1829': attribute type 4 has an invalid length.
[  320.578257][T10233] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1829'.
[  320.609428][T10234] netlink: 'syz.1.1821': attribute type 29 has an invalid length.
[  320.622937][T10235] netlink: 'syz.1.1821': attribute type 29 has an invalid length.
[  320.657959][T10234] netlink: 'syz.1.1821': attribute type 29 has an invalid length.
[  320.685998][T10234] netlink: 'syz.1.1821': attribute type 29 has an invalid length.
[  321.981679][T10257] netlink: 'syz.3.1833': attribute type 1 has an invalid length.
[  321.991046][T10257] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1833'.
[  322.667166][T10283] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.1842'.
[  334.542102][T10533] sock: sock_timestamping_bind_phc: sock not bind to device
[  334.842442][T10544] sock: sock_timestamping_bind_phc: sock not bind to device
[  335.471056][T10570] sock: sock_timestamping_bind_phc: sock not bind to device
[  336.737045][T10592] sock: sock_timestamping_bind_phc: sock not bind to device
[  337.780377][T10617] validate_nla: 8 callbacks suppressed
[  337.780391][T10617] netlink: 'syz.3.1996': attribute type 25 has an invalid length.
[  337.802522][T10617] netlink: 'syz.3.1996': attribute type 1 has an invalid length.
[  337.813511][T10617] bridge0: port 1(bridge_slave_0) entered learning state
[  338.651611][T10619] netlink: 'syz.1.1999': attribute type 3 has an invalid length.
[  338.664397][T10619] netlink: 'syz.1.1999': attribute type 1 has an invalid length.
[  338.672149][T10619] netlink: 60387 bytes leftover after parsing attributes in process `syz.1.1999'.
[  339.447027][T10653] netlink: 'syz.0.2010': attribute type 3 has an invalid length.
[  339.455924][T10653] netlink: 'syz.0.2010': attribute type 1 has an invalid length.
[  339.463669][T10653] netlink: 60387 bytes leftover after parsing attributes in process `syz.0.2010'.
[  342.721470][T10688] netlink: 'syz.3.2023': attribute type 3 has an invalid length.
[  342.730489][T10688] netlink: 'syz.3.2023': attribute type 1 has an invalid length.
[  342.754529][T10688] netlink: 60387 bytes leftover after parsing attributes in process `syz.3.2023'.
[  344.428471][T10721] netlink: 'syz.2.2038': attribute type 3 has an invalid length.
[  344.456699][T10721] netlink: 'syz.2.2038': attribute type 1 has an invalid length.
[  344.489241][T10721] netlink: 60387 bytes leftover after parsing attributes in process `syz.2.2038'.
[  348.657154][T10809] netlink: 172 bytes leftover after parsing attributes in process `syz.3.2091'.
[  349.275725][T10835] tap0: tun_chr_ioctl cmd 1074025677
[  349.281251][T10835] tap0: linktype set to 773
[  353.334805][T10926] tap0: tun_chr_ioctl cmd 1074025677
[  353.340667][T10926] tap0: linktype set to 773
[  353.526775][T10934] netlink: 172 bytes leftover after parsing attributes in process `syz.1.2142'.
[  354.000581][T10946] netlink: 172 bytes leftover after parsing attributes in process `syz.0.2156'.
[  354.410927][T10961] tap0: tun_chr_ioctl cmd 1074025677
[  354.425930][T10961] tap0: linktype set to 773
[  364.479259][T11212] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.2271'.
[  365.158975][T11242] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.2281'.
[  365.867357][T11269] netlink: 'syz.3.2293': attribute type 25 has an invalid length.
[  366.003439][T11279] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.2295'.
[  366.404236][T11297] syzkaller0: entered promiscuous mode
[  366.410203][T11297] syzkaller0: entered allmulticast mode
[  366.569386][T11305] syz.2.2312[11305] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  366.569620][T11305] syz.2.2312[11305] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  366.730424][T11311] syz.0.2321[11311] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  366.742364][T11311] syz.0.2321[11311] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  368.195215][T11307] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.2313'.
[  368.413392][T11345] syz.3.2329[11345] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  368.413514][T11345] syz.3.2329[11345] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  368.756807][T11355] syzkaller0: entered promiscuous mode
[  368.779507][T11355] syzkaller0: entered allmulticast mode
[  369.082488][T11375] syz.1.2343[11375] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  369.082608][T11375] syz.1.2343[11375] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  369.373914][T11384] syz.3.2354[11384] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  369.420790][T11384] syz.3.2354[11384] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  370.843303][T11412] syzkaller0: entered promiscuous mode
[  370.862038][T11412] syzkaller0: entered allmulticast mode
[  374.352632][T11489] syzkaller0: entered promiscuous mode
[  374.359128][T11489] syzkaller0: entered allmulticast mode
[  374.494859][T11492] syzkaller0: entered promiscuous mode
[  374.500375][T11492] syzkaller0: entered allmulticast mode
[  377.964749][T11535] syzkaller0: entered promiscuous mode
[  377.972923][T11535] syzkaller0: entered allmulticast mode
[  378.858246][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  378.864691][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  381.363081][ T5793] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3
[  381.882511][T11578] syzkaller0: entered promiscuous mode
[  381.901720][T11578] syzkaller0: entered allmulticast mode
[  383.410434][ T5793] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3
[  385.555106][T11617] netlink: 'syz.1.2448': attribute type 39 has an invalid length.
[  385.838674][T11631] syzkaller0: entered promiscuous mode
[  385.845112][T11631] syzkaller0: entered allmulticast mode
[  389.222826][T11658] syzkaller0: entered promiscuous mode
[  389.228720][T11658] syzkaller0: entered allmulticast mode
[  389.473354][ T5793] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3
[  389.673638][ T5793] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3
[  391.428782][T11703] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.2473'.
[  391.687362][T11710] syzkaller0: entered promiscuous mode
[  391.692876][T11710] syzkaller0: entered allmulticast mode
[  393.102239][T11725] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.2490'.
[  394.949242][T11747] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.2495'.
[  395.816356][T11775] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.2505'.
[  398.118698][T11867] netlink: 'syz.3.2553': attribute type 2 has an invalid length.
[  398.139531][T11867] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2553'.
[  440.295132][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  440.301472][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  501.733423][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  501.739869][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  503.424324][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  503.431304][    C0] rcu: 	1-...!: (0 ticks this GP) idle=bc9c/1/0x4000000000000000 softirq=42952/42952 fqs=0
[  503.442153][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=64025, q=233 ncpus=2)
[  503.449895][    C0] Sending NMI from CPU 0 to CPUs 1:
[  503.455106][    C1] NMI backtrace for cpu 1
[  503.455120][    C1] CPU: 1 PID: 11884 Comm: syz.3.2567 Not tainted 6.6.102-syzkaller #0
[  503.455134][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  503.455143][    C1] RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x8/0x90
[  503.455174][    C1] Code: 08 03 00 00 00 48 89 7c 11 10 48 89 74 11 18 48 89 44 11 20 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 15 20 2b 7e 7e 65 8b 0d 21 2b 7e 7e 81 e1 00 01 ff 00 74
[  503.455187][    C1] RSP: 0018:ffffc900001f0678 EFLAGS: 00000046
[  503.455200][    C1] RAX: ffffffff81acd811 RBX: 0000000000000000 RCX: 0000000000000001
[  503.455209][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  503.455218][    C1] RBP: ffffc900001f08e8 R08: ffffc900001f084f R09: 0000000000000000
[  503.455227][    C1] R10: ffffc900001f0840 R11: fffff5200003e10a R12: ffff8880304db0c0
[  503.455238][    C1] R13: ffffc900001f0708 R14: ffff8880b8f36b30 R15: dffffc0000000000
[  503.455249][    C1] FS:  00007fabe0bf76c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  503.455262][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  503.455272][    C1] CR2: 0000001b2e423ffc CR3: 000000002bc84000 CR4: 00000000003506e0
[  503.455285][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  503.455293][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  503.455302][    C1] Call Trace:
[  503.455307][    C1]  <IRQ>
[  503.455312][    C1]  perf_tp_event+0x181/0x13a0
[  503.455333][    C1]  ? perf_trace_run_bpf_submit+0x1c0/0x1c0
[  503.455350][    C1]  ? perf_tp_event+0x12d7/0x13a0
[  503.455381][    C1]  ? sched_clock+0x3f/0x60
[  503.455396][    C1]  ? sched_clock_cpu+0x75/0x430
[  503.455414][    C1]  perf_trace_run_bpf_submit+0xf4/0x1c0
[  503.455432][    C1]  perf_trace_preemptirq_template+0x281/0x340
[  503.455452][    C1]  ? asm_sysvec_irq_work+0x1a/0x20
[  503.455467][    C1]  ? trace_event_raw_event_preemptirq_template+0x1e0/0x1e0
[  503.455486][    C1]  ? __irq_exit_rcu+0xd3/0x190
[  503.455499][    C1]  ? irq_exit_rcu+0x20/0x20
[  503.455515][    C1]  ? asm_sysvec_irq_work+0x1a/0x20
[  503.455529][    C1]  trace_irq_enable+0xbf/0xe0
[  503.455547][    C1]  trace_hardirqs_on+0x18/0x40
[  503.455564][    C1]  asm_sysvec_irq_work+0x1a/0x20
[  503.455577][    C1] RIP: 0010:rcu_read_unlock_special+0x88/0x4c0
[  503.455598][    C1] Code: f1 f1 f1 00 f2 f2 f2 4a 89 04 2b 66 42 c7 44 2b 09 f3 f3 42 c6 44 2b 0b f3 65 44 8b 35 39 58 93 7e 41 f7 c6 00 00 f0 00 74 45 <48> c7 44 24 40 0e 36 e0 45 4a c7 04 2b 00 00 00 00 66 42 c7 44 2b
[  503.455609][    C1] RSP: 0018:ffffc900001f0b00 EFLAGS: 00000206
[  503.455620][    C1] RAX: 75217cf2d97d1900 RBX: 1ffff9200003e168 RCX: 75217cf2d97d1900
[  503.455631][    C1] RDX: dffffc0000000000 RSI: ffffffff8aaab9c0 RDI: ffffffff8afc66c0
[  503.455647][    C1] RBP: ffffc900001f0bf0 R08: ffffffff90da352f R09: 1ffffffff21b46a5
[  503.455658][    C1] R10: dffffc0000000000 R11: fffffbfff21b46a6 R12: ffffffff8cd35400
[  503.455668][    C1] R13: dffffc0000000000 R14: 0000000000000246 R15: 0000000000000002
[  503.455688][    C1]  ? mac80211_hwsim_beacon_tx+0x3e9/0x780
[  503.455708][    C1]  ? __rcu_read_unlock+0xd0/0xd0
[  503.455734][    C1]  __rcu_read_unlock+0x7c/0xd0
[  503.455752][    C1]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[  503.455771][    C1]  ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0
[  503.455787][    C1]  ieee80211_iterate_active_interfaces_atomic+0x15a/0x180
[  503.455807][    C1]  mac80211_hwsim_beacon+0xbb/0x1b0
[  503.455824][    C1]  __hrtimer_run_queues+0x51e/0xc40
[  503.455843][    C1]  ? hw_scan_work+0xf40/0xf40
[  503.455862][    C1]  ? hrtimer_interrupt+0x9c0/0x9c0
[  503.455876][    C1]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[  503.455897][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  503.455915][    C1]  handle_softirqs+0x280/0x820
[  503.455930][    C1]  ? __irq_exit_rcu+0xc7/0x190
[  503.455947][    C1]  ? do_softirq+0x180/0x180
[  503.455965][    C1]  __irq_exit_rcu+0xc7/0x190
[  503.455978][    C1]  ? irq_exit_rcu+0x20/0x20
[  503.455996][    C1]  irq_exit_rcu+0x9/0x20
[  503.456008][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  503.456027][    C1]  </IRQ>
[  503.456031][    C1]  <TASK>
[  503.456036][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  503.456057][    C1] RIP: 0010:put_cpu_partial+0x1b0/0x250
[  503.456078][    C1] Code: 3b 44 24 18 0f 85 b4 00 00 00 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 ec e1 90 08 f7 c5 00 02 00 00 74 c0 fb 4d 85 e4 <75> bf eb c8 e8 c7 90 3e 02 85 c0 0f 84 e9 fe ff ff 83 3d 78 56 6e
[  503.456089][    C1] RSP: 0018:ffffc9001949fb60 EFLAGS: 00000246
[  503.456100][    C1] RAX: 75217cf2d97d1900 RBX: ffff888017841500 RCX: 75217cf2d97d1900
[  503.456110][    C1] RDX: dffffc0000000000 RSI: ffffffff8aaab9c0 RDI: ffffffff8afc66c0
[  503.456121][    C1] RBP: 0000000000000286 R08: ffffffff90da352f R09: 1ffffffff21b46a5
[  503.456131][    C1] R10: dffffc0000000000 R11: fffffbfff21b46a6 R12: 0000000000000000
[  503.456141][    C1] R13: 0000000000000001 R14: ffff88807b0a1e00 R15: ffff8880b8f40370
[  503.456160][    C1]  ? put_cpu_partial+0x6e/0x250
[  503.456181][    C1]  __slab_free+0x31d/0x410
[  503.456209][    C1]  ? _raw_spin_unlock+0x40/0x40
[  503.456227][    C1]  ? __phys_addr+0xba/0x170
[  503.456245][    C1]  qlist_free_all+0x75/0xe0
[  503.456265][    C1]  kasan_quarantine_reduce+0x143/0x160
[  503.456285][    C1]  __kasan_slab_alloc+0x22/0x80
[  503.456301][    C1]  slab_post_alloc_hook+0x6e/0x4d0
[  503.456324][    C1]  kmem_cache_alloc+0x11e/0x2e0
[  503.456342][    C1]  ? getname_flags+0xbb/0x500
[  503.456362][    C1]  getname_flags+0xbb/0x500
[  503.456384][    C1]  do_sys_openat2+0xcb/0x1c0
[  503.456400][    C1]  ? perf_trace_preemptirq_template+0x281/0x340
[  503.456420][    C1]  ? do_sys_open+0xe0/0xe0
[  503.456436][    C1]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  503.456453][    C1]  ? lock_chain_count+0x20/0x20
[  503.456471][    C1]  __x64_sys_openat+0x139/0x160
[  503.456490][    C1]  do_syscall_64+0x55/0xb0
[  503.456505][    C1]  ? clear_bhb_loop+0x40/0x90
[  503.456517][    C1]  ? clear_bhb_loop+0x40/0x90
[  503.456531][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  503.456551][    C1] RIP: 0033:0x7fabdfd8ebe9
[  503.456563][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  503.456574][    C1] RSP: 002b:00007fabe0bf7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  503.456588][    C1] RAX: ffffffffffffffda RBX: 00007fabdffb5fa0 RCX: 00007fabdfd8ebe9
[  503.456598][    C1] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 0000000000000004
[  503.456607][    C1] RBP: 00007fabdfe11e19 R08: 0000000000000000 R09: 0000000000000000
[  503.456616][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  503.456624][    C1] R13: 00007fabdffb6038 R14: 00007fabdffb5fa0 R15: 00007ffd579e23b8
[  503.456647][    C1]  </TASK>
[  503.457101][    C0] rcu: rcu_preempt kthread timer wakeup didn't happen for 10501 jiffies! g64025 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
[  504.118311][    C0] rcu: 	Possible timer handling issue on cpu=1 timer-softirq=29678
[  504.126198][    C0] rcu: rcu_preempt kthread starved for 10502 jiffies! g64025 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
[  504.137560][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  504.147523][    C0] rcu: RCU grace-period kthread stack dump:
[  504.153416][    C0] task:rcu_preempt     state:I stack:26696 pid:17    ppid:2      flags:0x00004000
[  504.162633][    C0] Call Trace:
[  504.165913][    C0]  <TASK>
[  504.168846][    C0]  __schedule+0x14d2/0x44d0
[  504.173370][    C0]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  504.179269][    C0]  ? lockdep_hardirqs_on+0x98/0x150
[  504.184474][    C0]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  504.190376][    C0]  ? asan.module_dtor+0x20/0x20
[  504.195230][    C0]  ? enqueue_timer+0x225/0x530
[  504.199998][    C0]  ? __mod_timer+0x984/0xdb0
[  504.204608][    C0]  schedule+0xbd/0x170
[  504.208682][    C0]  schedule_timeout+0x160/0x280
[  504.213538][    C0]  ? console_conditional_schedule+0x40/0x40
[  504.219440][    C0]  ? update_process_times+0x1b0/0x1b0
[  504.224825][    C0]  ? prepare_to_swait_event+0x339/0x360
[  504.230377][    C0]  rcu_gp_fqs_loop+0x302/0x1560
[  504.235237][    C0]  ? rcu_gp_init+0x110e/0x1510
[  504.240012][    C0]  ? rcu_gp_kthread+0x380/0x380
[  504.244872][    C0]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  504.250856][    C0]  ? rcu_gp_init+0x1510/0x1510
[  504.255630][    C0]  ? rcu_gp_cleanup+0xb4c/0xca0
[  504.260495][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  504.265700][    C0]  ? lockdep_hardirqs_on+0x98/0x150
[  504.270907][    C0]  rcu_gp_kthread+0x99/0x380
[  504.275507][    C0]  ? rcu_report_qs_rsp+0x1a0/0x1a0
[  504.280628][    C0]  ? __kthread_parkme+0x7a/0x1c0
[  504.285574][    C0]  ? __kthread_parkme+0x162/0x1c0
[  504.290621][    C0]  kthread+0x2fa/0x390
[  504.294689][    C0]  ? rcu_report_qs_rsp+0x1a0/0x1a0
[  504.299808][    C0]  ? kthread_blkcg+0xd0/0xd0
[  504.304402][    C0]  ret_from_fork+0x48/0x80
[  504.308822][    C0]  ? kthread_blkcg+0xd0/0xd0
[  504.313410][    C0]  ret_from_fork_asm+0x11/0x20
[  504.318189][    C0]  </TASK>
[  504.321206][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  504.327523][    C0] Sending NMI from CPU 0 to CPUs 1:
[  504.332724][    C1] NMI backtrace for cpu 1
[  504.332733][    C1] CPU: 1 PID: 11884 Comm: syz.3.2567 Not tainted 6.6.102-syzkaller #0
[  504.332748][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  504.332756][    C1] RIP: 0010:perf_trace_buf_alloc+0xff/0x290
[  504.332775][    C1] Code: e8 36 de f7 ff 49 bd 00 00 00 00 00 fc ff df 4d 8d bf 00 6a 03 00 4e 8d 24 e5 30 1a 7d 8c 4c 89 e0 48 c1 e8 03 42 80 3c 28 00 <74> 08 4c 89 e7 e8 37 25 4f 00 4c 89 f0 48 c1 e8 03 4d 03 3c 24 42
[  504.332787][    C1] RSP: 0018:ffffc900001f0920 EFLAGS: 00000046
[  504.332800][    C1] RAX: 1ffffffff18fa347 RBX: 0000000000000014 RCX: ffff88807b0a1e00
[  504.332811][    C1] RDX: 0000000000000100 RSI: 0000000000000001 RDI: 0000000000000008
[  504.332819][    C1] RBP: 0000000000000001 R08: ffffffff8e4a882f R09: 1ffffffff1c95105
[  504.332829][    C1] R10: dffffc0000000000 R11: fffffbfff1c95106 R12: ffffffff8c7d1a38
[  504.332845][    C1] R13: dffffc0000000000 R14: ffffc900001f09a0 R15: 0000000000036aa8
[  504.332855][    C1] FS:  00007fabe0bf76c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  504.332868][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  504.332878][    C1] CR2: 0000001b2e423ffc CR3: 000000002bc84000 CR4: 00000000003506e0
[  504.332891][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  504.332899][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  504.332908][    C1] Call Trace:
[  504.332914][    C1]  <IRQ>
[  504.332923][    C1]  perf_trace_preemptirq_template+0x14a/0x340
[  504.332943][    C1]  ? asm_sysvec_irq_work+0x1a/0x20
[  504.332958][    C1]  ? trace_event_raw_event_preemptirq_template+0x1e0/0x1e0
[  504.332977][    C1]  ? __irq_exit_rcu+0xd3/0x190
[  504.332990][    C1]  ? irq_exit_rcu+0x20/0x20
[  504.333006][    C1]  ? asm_sysvec_irq_work+0x1a/0x20
[  504.333020][    C1]  trace_irq_enable+0xbf/0xe0
[  504.333038][    C1]  trace_hardirqs_on+0x18/0x40
[  504.333055][    C1]  asm_sysvec_irq_work+0x1a/0x20
[  504.333068][    C1] RIP: 0010:rcu_read_unlock_special+0x88/0x4c0
[  504.333088][    C1] Code: f1 f1 f1 00 f2 f2 f2 4a 89 04 2b 66 42 c7 44 2b 09 f3 f3 42 c6 44 2b 0b f3 65 44 8b 35 39 58 93 7e 41 f7 c6 00 00 f0 00 74 45 <48> c7 44 24 40 0e 36 e0 45 4a c7 04 2b 00 00 00 00 66 42 c7 44 2b
[  504.333099][    C1] RSP: 0018:ffffc900001f0b00 EFLAGS: 00000206
[  504.333110][    C1] RAX: 75217cf2d97d1900 RBX: 1ffff9200003e168 RCX: 75217cf2d97d1900
[  504.333120][    C1] RDX: dffffc0000000000 RSI: ffffffff8aaab9c0 RDI: ffffffff8afc66c0
[  504.333131][    C1] RBP: ffffc900001f0bf0 R08: ffffffff90da352f R09: 1ffffffff21b46a5
[  504.333141][    C1] R10: dffffc0000000000 R11: fffffbfff21b46a6 R12: ffffffff8cd35400
[  504.333152][    C1] R13: dffffc0000000000 R14: 0000000000000246 R15: 0000000000000002
[  504.333171][    C1]  ? mac80211_hwsim_beacon_tx+0x3e9/0x780
[  504.333191][    C1]  ? __rcu_read_unlock+0xd0/0xd0
[  504.333217][    C1]  __rcu_read_unlock+0x7c/0xd0
[  504.333234][    C1]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[  504.333253][    C1]  ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0
[  504.333270][    C1]  ieee80211_iterate_active_interfaces_atomic+0x15a/0x180
[  504.333289][    C1]  mac80211_hwsim_beacon+0xbb/0x1b0
[  504.333307][    C1]  __hrtimer_run_queues+0x51e/0xc40
[  504.333326][    C1]  ? hw_scan_work+0xf40/0xf40
[  504.333345][    C1]  ? hrtimer_interrupt+0x9c0/0x9c0
[  504.333359][    C1]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[  504.333380][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  504.333398][    C1]  handle_softirqs+0x280/0x820
[  504.333413][    C1]  ? __irq_exit_rcu+0xc7/0x190
[  504.333429][    C1]  ? do_softirq+0x180/0x180
[  504.333447][    C1]  __irq_exit_rcu+0xc7/0x190
[  504.333461][    C1]  ? irq_exit_rcu+0x20/0x20
[  504.333478][    C1]  irq_exit_rcu+0x9/0x20
[  504.333490][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  504.333510][    C1]  </IRQ>
[  504.333514][    C1]  <TASK>
[  504.333519][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  504.333540][    C1] RIP: 0010:put_cpu_partial+0x1b0/0x250
[  504.333560][    C1] Code: 3b 44 24 18 0f 85 b4 00 00 00 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 ec e1 90 08 f7 c5 00 02 00 00 74 c0 fb 4d 85 e4 <75> bf eb c8 e8 c7 90 3e 02 85 c0 0f 84 e9 fe ff ff 83 3d 78 56 6e
[  504.333571][    C1] RSP: 0018:ffffc9001949fb60 EFLAGS: 00000246
[  504.333582][    C1] RAX: 75217cf2d97d1900 RBX: ffff888017841500 RCX: 75217cf2d97d1900
[  504.333593][    C1] RDX: dffffc0000000000 RSI: ffffffff8aaab9c0 RDI: ffffffff8afc66c0
[  504.333603][    C1] RBP: 0000000000000286 R08: ffffffff90da352f R09: 1ffffffff21b46a5
[  504.333613][    C1] R10: dffffc0000000000 R11: fffffbfff21b46a6 R12: 0000000000000000
[  504.333623][    C1] R13: 0000000000000001 R14: ffff88807b0a1e00 R15: ffff8880b8f40370
[  504.333642][    C1]  ? put_cpu_partial+0x6e/0x250
[  504.333663][    C1]  __slab_free+0x31d/0x410
[  504.333684][    C1]  ? _raw_spin_unlock+0x40/0x40
[  504.333703][    C1]  ? __phys_addr+0xba/0x170
[  504.333721][    C1]  qlist_free_all+0x75/0xe0
[  504.333740][    C1]  kasan_quarantine_reduce+0x143/0x160
[  504.333760][    C1]  __kasan_slab_alloc+0x22/0x80
[  504.333776][    C1]  slab_post_alloc_hook+0x6e/0x4d0
[  504.333798][    C1]  kmem_cache_alloc+0x11e/0x2e0
[  504.333816][    C1]  ? getname_flags+0xbb/0x500
[  504.333843][    C1]  getname_flags+0xbb/0x500
[  504.333864][    C1]  do_sys_openat2+0xcb/0x1c0
[  504.333880][    C1]  ? perf_trace_preemptirq_template+0x281/0x340
[  504.333900][    C1]  ? do_sys_open+0xe0/0xe0
[  504.333916][    C1]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  504.333933][    C1]  ? lock_chain_count+0x20/0x20
[  504.333951][    C1]  __x64_sys_openat+0x139/0x160
[  504.333970][    C1]  do_syscall_64+0x55/0xb0
[  504.333984][    C1]  ? clear_bhb_loop+0x40/0x90
[  504.333997][    C1]  ? clear_bhb_loop+0x40/0x90
[  504.334010][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  504.334030][    C1] RIP: 0033:0x7fabdfd8ebe9
[  504.334042][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  504.334053][    C1] RSP: 002b:00007fabe0bf7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  504.334067][    C1] RAX: ffffffffffffffda RBX: 00007fabdffb5fa0 RCX: 00007fabdfd8ebe9
[  504.334077][    C1] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 0000000000000004
[  504.334086][    C1] RBP: 00007fabdfe11e19 R08: 0000000000000000 R09: 0000000000000000
[  504.334094][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  504.334103][    C1] R13: 00007fabdffb6038 R14: 00007fabdffb5fa0 R15: 00007ffd579e23b8
[  504.334121][    C1]  </TASK>