last executing test programs: 2.265685444s ago: executing program 0 (id=2184): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) socketpair(0x18, 0x0, 0x2, &(0x7f0000000000)) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x110e22fff6) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110e22fff6) write$cgroup_devices(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="1e0308003c5c980128876360864668f82ffdd569d2f630b5e033ff11edf1c5ffc733d2acb165fe588cd568cd1f31b87b68b00ad888ca"], 0xffdd) 2.158705306s ago: executing program 3 (id=2186): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x2, 0x4, 0x3}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x1}, 0x86) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1b, 0x1, 0x0, 0x0}, 0x90) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'wlan1\x00', 0x800}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000080)) 2.068759927s ago: executing program 2 (id=2187): perf_event_open(&(0x7f0000000380)={0x5, 0x80, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x2010, 0xc8, 0xaa, 0x0, 0x0, 0x100, 0xffff, 0x0, 0x0, 0x0, 0xffe}, 0x0, 0x8, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc00082c00db5b6861589bcfe8875a060300000023000000000000000000000000ac"], 0xfdef) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0xd, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/12, @ANYRES32, @ANYBLOB="0d00ff0000000000830000000000000045"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'tunl0\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f3, &(0x7f0000000080)) 2.058993758s ago: executing program 3 (id=2188): r0 = socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x5}, {0x2}]}, 0x94) sendmsg$inet(r0, &(0x7f00000029c0)={&(0x7f0000000100)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000002780)=[{&(0x7f00000006c0)='{', 0x1}], 0x1}, 0x4000040) sendmsg$inet(r0, &(0x7f00000000c0)={&(0x7f0000001040)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000140)="97", 0x1}], 0x1}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x7b, &(0x7f0000000000)=r3, 0x8) close(r0) 2.048327947s ago: executing program 1 (id=2189): perf_event_open$cgroup(&(0x7f00000003c0)={0x2, 0x80, 0x16, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80220, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x411, 0x1, 0x9, 0x0, 0x7f}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001b40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_bp={0x0}, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x40) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="b4000000000000006114d0000000000004000000000000009500000000000000c59bfac77c5c158a"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48) 1.951559599s ago: executing program 3 (id=2190): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000200)='cpuset.mem_hardwall\x00', 0x2, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000040), &(0x7f0000000180)=r1}, 0x20) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6gre0\x00', 0x210}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f1, &(0x7f0000000080)) 1.915340169s ago: executing program 0 (id=2191): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000c07850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000001140)='ext4_allocate_inode\x00', r0}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000040000000110000007"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000000)='ext4_allocate_inode\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000400)='ext4_allocate_inode\x00', r4}, 0x10) close(r1) close(r5) 1.867374451s ago: executing program 1 (id=2199): r0 = socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x5}, {0x2}]}, 0x94) sendmsg$inet(r0, &(0x7f00000029c0)={&(0x7f0000000100)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000002780)=[{&(0x7f00000006c0)='{', 0x1}], 0x1}, 0x4000040) sendmsg$inet(r0, &(0x7f00000000c0)={&(0x7f0000001040)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000140)="97", 0x1}], 0x1}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x7b, &(0x7f0000000000)=r3, 0x8) close(r0) 1.862971201s ago: executing program 2 (id=2192): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[], 0x0, 0x26}, 0x28) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1313f, 0xffffffffffffffff, 0x0, 0x0, &(0x7f00000003c0), 0x10, 0x746}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r0, 0x4010744d, &(0x7f0000000180)) r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x114301, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x5, 0x5, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) 1.809749222s ago: executing program 1 (id=2193): syz_clone(0x40280000, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_clone(0xae003400, 0x0, 0xffffff39, 0xfffffffffffffffd, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) syz_clone(0x2a801400, 0x0, 0x0, &(0x7f0000000080), 0x0, 0x0) 1.731281092s ago: executing program 0 (id=2194): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf, 0x5}, 0x100e64, 0xc78}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x4, 0x4, 0x4, 0x1}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000380), 0xc) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1c, &(0x7f0000000100)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xa, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x8}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r2, r2}, 0xc) 1.559223645s ago: executing program 3 (id=2195): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0xb1, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x31, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x101c01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x29, 0x80000, 0x1, &(0x7f0000000200)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='blkio.throttle.write_bps_device\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000200)=ANY=[], 0x31) 1.423430698s ago: executing program 2 (id=2196): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000500)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000000c0), 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x22, 0x2, 0x21) r3 = openat$cgroup_int(r2, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[], 0x6a) 1.359417099s ago: executing program 0 (id=2197): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10022, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000002c0)="76389e147583ddd0569ba5df4858", 0x0, 0x8000000, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r3}, 0xc) 1.2626764s ago: executing program 3 (id=2198): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x208, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0) close(r0) r1 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @loopback}, 0x10, 0x0}, 0x34004000) write$cgroup_type(r0, &(0x7f0000000080), 0x11ffffce1) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) recvmsg$unix(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000580)=""/65, 0x41}], 0x2}, 0x10002) 1.162037362s ago: executing program 0 (id=2200): perf_event_open$cgroup(&(0x7f00000003c0)={0x2, 0x80, 0x16, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80220, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x411, 0x1, 0x9, 0x0, 0x7f}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000001b40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)}, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_bp={0x0}, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x40) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="b4000000000000006114d0000000000004000000000000009500000000000000c59bfac77c5c158a"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48) 1.161884852s ago: executing program 1 (id=2201): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xca, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x6, 0x4000000, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001440)={0x1f, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) 1.107262743s ago: executing program 2 (id=2202): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) socketpair(0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8912, &(0x7f0000000080)) 596.782981ms ago: executing program 1 (id=2203): perf_event_open(&(0x7f0000000380)={0x5, 0x80, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x2010, 0xc8, 0xaa, 0x0, 0x0, 0x100, 0xffff, 0x0, 0x0, 0x0, 0xffe}, 0x0, 0x8, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc00082c00db5b6861589bcfe8875a060300000023000000000000000000000000ac"], 0xfdef) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0xd, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/12, @ANYRES32, @ANYBLOB="0d00ff0000000000830000000000000045"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'tunl0\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f3, &(0x7f0000000080)) 596.347231ms ago: executing program 2 (id=2204): r0 = getpid() perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x0, @perf_bp={&(0x7f0000000040), 0x1}, 0x14125, 0x2e, 0xfffffbff, 0x0, 0x2, 0x0, 0xe, 0x0, 0x0, 0x0, 0xa9e6}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) socket$kcm(0x2, 0x5, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x90) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x200}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x7, 0x0, 0x0, 0xff, 0xc0004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x80}, 0x4182, 0x2000000000000001, 0xfffffffd, 0xb, 0xfffffffffff7bbfe, 0x40000000, 0x0, 0x0, 0xfffffffd, 0x0, 0x4000000}, 0x0, 0xfffffffffffffff9, 0xffffffffffffffff, 0xc) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f1, &(0x7f0000000080)) 595.224721ms ago: executing program 0 (id=2205): perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x85, 0x9, 0x1}, 0x50) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x8, 0x4}, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xf101}) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="0004f678ec630000000066"], 0xd) socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000080)) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x8202) 403.322494ms ago: executing program 2 (id=2206): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x40, 0x0, 0x8, 0x0, 0x0, 0x61000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x8001, 0xc}, 0xa100, 0xc8, 0x3, 0x0, 0xfffffffffffffffd, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8000000000000001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r1, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r0, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r2, &(0x7f00000004c0)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc02082c00db5b6861589bcfe8875a060300000023000000000000000000000000ac1414aa"], 0xfdef) perf_event_open(&(0x7f00000004c0)={0x5, 0x80, 0xfe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, @perf_config_ext={0x100, 0x7}, 0x481a, 0x0, 0x0, 0x7, 0x0, 0x0, 0xf792, 0x0, 0xffffffff, 0x0, 0x2000000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x2) write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000004c0)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc02082c00db5b6861589bcfe8875a060300000023000000000000000000000000ac1414aa"], 0xfdef) write$cgroup_subtree(r2, &(0x7f00000004c0)=ANY=[], 0xfdef) 177.251µs ago: executing program 1 (id=2207): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0xb1, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x31, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x101c01, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x29, 0x80000, 0x1, &(0x7f0000000200)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='blkio.throttle.write_bps_device\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000200)=ANY=[], 0x31) 0s ago: executing program 3 (id=2208): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) socketpair(0x18, 0x0, 0x2, &(0x7f0000000000)) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x110e22fff6) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110e22fff6) write$cgroup_devices(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="1e0308003c5c980128876360864668f82ffdd569d2f630b5e033ff11edf1c5ffc733d2acb165fe588cd568cd1f31b87b68b00ad888ca"], 0xffdd) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.133' (ED25519) to the list of known hosts. syzkaller login: [ 82.348256][ T5778] cgroup: Unknown subsys name 'net' [ 82.492530][ T5778] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.186872][ T5778] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.804720][ T5794] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.807792][ T5796] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.813917][ T5794] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.827317][ T5796] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.827561][ T5794] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.841765][ T5796] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.843030][ T5794] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.858171][ T5796] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.872466][ T5797] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.880531][ T5797] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.888376][ T5802] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.905697][ T5802] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.923753][ T5802] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.944731][ T5805] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.957986][ T5805] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.965101][ T5803] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.975279][ T5806] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.982952][ T50] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.992040][ T50] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.000252][ T50] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 86.007549][ T5803] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.008037][ T50] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.016389][ T5803] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 86.029428][ T5803] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.528100][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 86.550349][ T5792] chnl_net:caif_netlink_parms(): no params data found [ 86.656647][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 86.805262][ T5789] chnl_net:caif_netlink_parms(): no params data found [ 86.822064][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.830271][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.838103][ T5792] bridge_slave_0: entered allmulticast mode [ 86.845747][ T5792] bridge_slave_0: entered promiscuous mode [ 86.855269][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.862434][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.869759][ T5792] bridge_slave_1: entered allmulticast mode [ 86.877350][ T5792] bridge_slave_1: entered promiscuous mode [ 86.885036][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.892184][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.901130][ T5788] bridge_slave_0: entered allmulticast mode [ 86.909009][ T5788] bridge_slave_0: entered promiscuous mode [ 86.917803][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.925048][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.932245][ T5788] bridge_slave_1: entered allmulticast mode [ 86.939680][ T5788] bridge_slave_1: entered promiscuous mode [ 87.060550][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.072598][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.085528][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.100851][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.109640][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.117125][ T5790] bridge_slave_0: entered allmulticast mode [ 87.124594][ T5790] bridge_slave_0: entered promiscuous mode [ 87.133427][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.140603][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.147896][ T5790] bridge_slave_1: entered allmulticast mode [ 87.155388][ T5790] bridge_slave_1: entered promiscuous mode [ 87.164794][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.289484][ T5792] team0: Port device team_slave_0 added [ 87.300165][ T5788] team0: Port device team_slave_0 added [ 87.334956][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.348949][ T5792] team0: Port device team_slave_1 added [ 87.378465][ T5788] team0: Port device team_slave_1 added [ 87.533929][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.607494][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.615516][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.622779][ T5789] bridge_slave_0: entered allmulticast mode [ 87.637024][ T5789] bridge_slave_0: entered promiscuous mode [ 87.660793][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.668046][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.694596][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.707972][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.715364][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.741834][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.758743][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.766092][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.773553][ T5789] bridge_slave_1: entered allmulticast mode [ 87.780593][ T5789] bridge_slave_1: entered promiscuous mode [ 87.800216][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.807440][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.833838][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.846909][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.854067][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.880148][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.912242][ T5790] team0: Port device team_slave_0 added [ 87.921783][ T5790] team0: Port device team_slave_1 added [ 87.970352][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.984415][ T5803] Bluetooth: hci1: command tx timeout [ 87.984435][ T5794] Bluetooth: hci0: command tx timeout [ 88.026913][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.034165][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.060157][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.071188][ T5794] Bluetooth: hci3: command tx timeout [ 88.089349][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.126314][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.134505][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.146380][ T5794] Bluetooth: hci2: command tx timeout [ 88.161070][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.181983][ T5788] hsr_slave_0: entered promiscuous mode [ 88.189667][ T5788] hsr_slave_1: entered promiscuous mode [ 88.218548][ T5789] team0: Port device team_slave_0 added [ 88.249713][ T5792] hsr_slave_0: entered promiscuous mode [ 88.256731][ T5792] hsr_slave_1: entered promiscuous mode [ 88.263070][ T5792] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.271078][ T5792] Cannot create hsr debugfs directory [ 88.291470][ T5789] team0: Port device team_slave_1 added [ 88.337122][ T5790] hsr_slave_0: entered promiscuous mode [ 88.344554][ T5790] hsr_slave_1: entered promiscuous mode [ 88.350797][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.358461][ T5790] Cannot create hsr debugfs directory [ 88.420979][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.428613][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.454763][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.497106][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.507007][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.533491][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.740749][ T5789] hsr_slave_0: entered promiscuous mode [ 88.747589][ T5789] hsr_slave_1: entered promiscuous mode [ 88.757214][ T5789] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.764996][ T5789] Cannot create hsr debugfs directory [ 88.950441][ T5788] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.972547][ T5788] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.983104][ T5788] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.008072][ T5788] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.126955][ T5792] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.139301][ T5792] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.149876][ T5792] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.161632][ T5792] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.261208][ T5790] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.272083][ T5790] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.284296][ T5790] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.315233][ T5790] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.410704][ T5789] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.437475][ T5789] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.449969][ T5789] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.462754][ T5789] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.526196][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.567267][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.607547][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.632327][ T5792] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.653258][ T34] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.660702][ T34] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.714213][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.721393][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.731763][ T34] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.738962][ T34] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.756681][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.780313][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.787551][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.826990][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.877754][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.922895][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.942190][ T3478] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.949387][ T3478] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.968626][ T5788] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.015655][ T3478] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.022791][ T3478] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.036522][ T3478] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.043789][ T3478] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.053084][ T3478] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.060313][ T3478] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.063918][ T5794] Bluetooth: hci0: command tx timeout [ 90.068267][ T5803] Bluetooth: hci1: command tx timeout [ 90.143842][ T5803] Bluetooth: hci3: command tx timeout [ 90.223641][ T5803] Bluetooth: hci2: command tx timeout [ 90.552010][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.696318][ T5788] veth0_vlan: entered promiscuous mode [ 90.728569][ T5788] veth1_vlan: entered promiscuous mode [ 90.748598][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.798834][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.852550][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.901882][ T5788] veth0_macvtap: entered promiscuous mode [ 90.936975][ T5788] veth1_macvtap: entered promiscuous mode [ 90.971102][ T5792] veth0_vlan: entered promiscuous mode [ 90.987398][ T5789] veth0_vlan: entered promiscuous mode [ 91.020978][ T5789] veth1_vlan: entered promiscuous mode [ 91.033089][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.046187][ T5790] veth0_vlan: entered promiscuous mode [ 91.054855][ T5792] veth1_vlan: entered promiscuous mode [ 91.069387][ T5790] veth1_vlan: entered promiscuous mode [ 91.096501][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.135082][ T5788] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.146125][ T5788] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.156858][ T5788] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.165773][ T5788] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.229679][ T5792] veth0_macvtap: entered promiscuous mode [ 91.242008][ T5789] veth0_macvtap: entered promiscuous mode [ 91.265188][ T5792] veth1_macvtap: entered promiscuous mode [ 91.286586][ T5789] veth1_macvtap: entered promiscuous mode [ 91.316517][ T5790] veth0_macvtap: entered promiscuous mode [ 91.329314][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.341430][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.357910][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.388816][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.402788][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.418458][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.429253][ T5790] veth1_macvtap: entered promiscuous mode [ 91.461706][ T5792] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.471761][ T5792] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.481516][ T5792] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.490412][ T5792] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.523151][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.535938][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.547258][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.557914][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.570257][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.606888][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.617929][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.627986][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.641351][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.655031][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.711430][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.715465][ T54] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.728880][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.735856][ T54] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.740461][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.760520][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.772099][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.783232][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.795651][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.820219][ T5789] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.830017][ T5789] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.839149][ T5789] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.850335][ T5789] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.891330][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.902953][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.917387][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.927943][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.938229][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.949068][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.961885][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.980191][ T5790] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.991350][ T5790] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.000303][ T5790] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.009622][ T5790] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.076732][ T1086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.084706][ T1086] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.116212][ T3478] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.127771][ T3478] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.143984][ T5803] Bluetooth: hci0: command tx timeout [ 92.143993][ T5794] Bluetooth: hci1: command tx timeout [ 92.224431][ T5803] Bluetooth: hci3: command tx timeout [ 92.227523][ T23] cfg80211: failed to load regulatory.db [ 92.287649][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.304846][ T5803] Bluetooth: hci2: command tx timeout [ 92.316378][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.382207][ T1086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.431263][ T1086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.494197][ T1086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.506887][ T1086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.604264][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.619165][ T54] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.636636][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.655570][ T54] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.114247][ T5897] netlink: 'syz.3.6': attribute type 2 has an invalid length. [ 93.121988][ T5897] netlink: 17267 bytes leftover after parsing attributes in process `syz.3.6'. [ 94.226871][ T5803] Bluetooth: hci0: command tx timeout [ 94.230575][ T5794] Bluetooth: hci1: command tx timeout [ 94.303860][ T5794] Bluetooth: hci3: command tx timeout [ 94.384040][ T5794] Bluetooth: hci2: command tx timeout [ 94.496688][ C0] hrtimer: interrupt took 106562 ns [ 94.746022][ T5930] warning: `syz.1.21' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 94.787424][ T5932] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.22'. [ 95.671646][ T5961] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.36'. [ 95.825953][ T5967] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.39'. [ 96.346349][ T5982] netlink: 'syz.2.45': attribute type 3 has an invalid length. [ 96.363840][ T5982] netlink: 'syz.2.45': attribute type 4 has an invalid length. [ 96.383478][ T5982] netlink: 'syz.2.45': attribute type 7 has an invalid length. [ 96.414182][ T5982] netlink: 'syz.2.45': attribute type 8 has an invalid length. [ 96.444064][ T5982] netlink: 'syz.2.45': attribute type 7 has an invalid length. [ 96.472196][ T5982] netlink: 198048 bytes leftover after parsing attributes in process `syz.2.45'. [ 97.198901][ T6012] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 97.205781][ T6012] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 97.314302][ T5794] Bluetooth: hci3: Malformed LE Event: 0x0d [ 97.745916][ T6027] syzkaller0: entered promiscuous mode [ 97.760439][ T6027] syzkaller0: entered allmulticast mode [ 103.749087][ T6096] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.98'. [ 103.767873][ T6096] netlink: zone id is out of range [ 103.797650][ T6096] netlink: del zone limit has 8 unknown bytes [ 105.130366][ T6109] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1 [ 105.342944][ T6123] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.108'. [ 107.938391][ T6176] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 110.134302][ T6218] syz.2.150: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 110.158907][ T6218] CPU: 0 PID: 6218 Comm: syz.2.150 Not tainted 6.6.99-syzkaller #0 [ 110.166878][ T6218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 110.176983][ T6218] Call Trace: [ 110.180283][ T6218] [ 110.183247][ T6218] dump_stack_lvl+0x16c/0x230 [ 110.187983][ T6218] ? show_regs_print_info+0x20/0x20 [ 110.193227][ T6218] ? load_image+0x3b0/0x3b0 [ 110.197761][ T6218] ? __rcu_read_unlock+0x7c/0xd0 [ 110.202722][ T6218] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 110.209154][ T6218] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 110.215682][ T6218] warn_alloc+0x210/0x300 [ 110.220040][ T6218] ? stack_trace_save+0x9c/0xe0 [ 110.224917][ T6218] ? zone_watermark_ok_safe+0x230/0x230 [ 110.230497][ T6218] ? kasan_set_track+0x5f/0x70 [ 110.235288][ T6218] ? kasan_set_track+0x4e/0x70 [ 110.240073][ T6218] ? __kasan_kmalloc+0x8f/0xa0 [ 110.244857][ T6218] ? xsk_init_queue+0xb0/0x110 [ 110.249641][ T6218] ? xsk_setsockopt+0x4db/0x6f0 [ 110.254517][ T6218] ? do_sock_setsockopt+0x175/0x1a0 [ 110.259761][ T6218] ? __x64_sys_setsockopt+0x184/0x200 [ 110.265160][ T6218] __vmalloc_node_range+0x126/0x1320 [ 110.270496][ T6218] ? free_vm_area+0x50/0x50 [ 110.275038][ T6218] vmalloc_user+0x74/0x80 [ 110.279390][ T6218] ? xskq_create+0xbf/0x170 [ 110.283910][ T6218] xskq_create+0xbf/0x170 [ 110.288261][ T6218] xsk_init_queue+0xb0/0x110 [ 110.292888][ T6218] xsk_setsockopt+0x4db/0x6f0 [ 110.297597][ T6218] ? xsk_poll+0x670/0x670 [ 110.301958][ T6218] ? __fget_files+0x28/0x4d0 [ 110.306598][ T6218] ? aa_sock_opt_perm+0x74/0x100 [ 110.311565][ T6218] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 110.317135][ T6218] ? security_socket_setsockopt+0x7e/0xa0 [ 110.322871][ T6218] ? xsk_poll+0x670/0x670 [ 110.327235][ T6218] do_sock_setsockopt+0x175/0x1a0 [ 110.332289][ T6218] ? __fdget+0x180/0x210 [ 110.336561][ T6218] __x64_sys_setsockopt+0x184/0x200 [ 110.341790][ T6218] do_syscall_64+0x55/0xb0 [ 110.346224][ T6218] ? clear_bhb_loop+0x40/0x90 [ 110.350938][ T6218] ? clear_bhb_loop+0x40/0x90 [ 110.355631][ T6218] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 110.361550][ T6218] RIP: 0033:0x7f8e27f8e9a9 [ 110.365999][ T6218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 110.385632][ T6218] RSP: 002b:00007f8e28e6e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 110.394069][ T6218] RAX: ffffffffffffffda RBX: 00007f8e281b6080 RCX: 00007f8e27f8e9a9 [ 110.402053][ T6218] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000004 [ 110.410037][ T6218] RBP: 00007f8e28010d69 R08: 0000000000000004 R09: 0000000000000000 [ 110.418026][ T6218] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 110.426013][ T6218] R13: 0000000000000001 R14: 00007f8e281b6080 R15: 00007fff2cabeea8 [ 110.434014][ T6218] [ 110.510811][ T6218] Mem-Info: [ 110.518819][ T6218] active_anon:5594 inactive_anon:0 isolated_anon:0 [ 110.518819][ T6218] active_file:771 inactive_file:39830 isolated_file:0 [ 110.518819][ T6218] unevictable:768 dirty:326 writeback:0 [ 110.518819][ T6218] slab_reclaimable:9735 slab_unreclaimable:94194 [ 110.518819][ T6218] mapped:23904 shmem:1361 pagetables:567 [ 110.518819][ T6218] sec_pagetables:0 bounce:0 [ 110.518819][ T6218] kernel_misc_reclaimable:0 [ 110.518819][ T6218] free:1363763 free_pcp:9577 free_cma:0 [ 110.591431][ T6218] Node 0 active_anon:22376kB inactive_anon:0kB active_file:3084kB inactive_file:159120kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:95616kB dirty:1304kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11404kB pagetables:2168kB sec_pagetables:0kB all_unreclaimable? no [ 110.629018][ T6218] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 110.685734][ T6218] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 110.764654][ T6218] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 110.770908][ T6218] Node 0 DMA32 free:1552024kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:22124kB inactive_anon:0kB active_file:3084kB inactive_file:157800kB unevictable:1536kB writepending:1304kB present:3129332kB managed:2589600kB mlocked:0kB bounce:0kB free_pcp:17208kB local_pcp:11900kB free_cma:0kB [ 110.833491][ T6218] lowmem_reserve[]: 0 0 1 1 1 [ 110.838502][ T6218] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 110.913278][ T6218] lowmem_reserve[]: 0 0 0 0 0 [ 110.934196][ T6218] Node 1 Normal free:3887656kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:22500kB local_pcp:11332kB free_cma:0kB [ 111.005622][ T6218] lowmem_reserve[]: 0 0 0 0 0 [ 111.020540][ T6218] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 111.057987][ T6218] Node 0 DMA32: 491*4kB (UE) 770*8kB (UME) 352*16kB (UME) 67*32kB (UME) 32*64kB (UE) 9*128kB (UME) 5*256kB (UME) 4*512kB (ME) 2*1024kB (ME) 3*2048kB (ME) 371*4096kB (UM) = 1550236kB [ 111.141897][ T6218] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 111.169925][ T6218] Node 1 Normal: 245*4kB (UME) 61*8kB (UME) 46*16kB (UME) 52*32kB (UME) 21*64kB (UME) 6*128kB (UME) 1*256kB (M) 1*512kB (U) 2*1024kB (UE) 2*2048kB (UE) 946*4096kB (M) = 3887708kB [ 111.194491][ T6218] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 111.205688][ T6218] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 111.216223][ T6218] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 111.248962][ T6218] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 111.263064][ T6218] 41962 total pagecache pages [ 111.269997][ T6218] 0 pages in swap cache [ 111.275461][ T6218] Free swap = 124996kB [ 111.279867][ T6218] Total swap = 124996kB [ 111.295932][ T6218] 2097051 pages RAM [ 111.304961][ T6218] 0 pages HighMem/MovableOnly [ 111.320661][ T6218] 416137 pages reserved [ 111.333487][ T6218] 0 pages cma reserved [ 114.141134][ T6286] netlink: 'syz.0.171': attribute type 33 has an invalid length. [ 114.158267][ T6286] netlink: 152 bytes leftover after parsing attributes in process `syz.0.171'. [ 114.816404][ T6305] syzkaller0: entered promiscuous mode [ 114.834656][ T6305] syzkaller0: entered allmulticast mode [ 115.888977][ T6320] netlink: 'syz.0.188': attribute type 3 has an invalid length. [ 115.923205][ T6320] netlink: 'syz.0.188': attribute type 1 has an invalid length. [ 115.954424][ T6320] netlink: 'syz.0.188': attribute type 16 has an invalid length. [ 115.970637][ T6320] netlink: 'syz.0.188': attribute type 18 has an invalid length. [ 115.993835][ T6320] netlink: 'syz.0.188': attribute type 20 has an invalid length. [ 116.011425][ T6320] netlink: 102048 bytes leftover after parsing attributes in process `syz.0.188'. [ 116.042799][ T5794] Bluetooth: hci0: unexpected event 0x04 length: 15 > 10 [ 116.201776][ T6330] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.194'. [ 118.064431][ T5794] Bluetooth: hci0: command tx timeout [ 119.141038][ T5794] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10 [ 119.141120][ T5794] Bluetooth: unknown link type 88 [ 119.154644][ T5794] Bluetooth: hci1: connection err: -111 [ 123.036576][ T6407] syzkaller0: entered promiscuous mode [ 123.045158][ T6407] syzkaller0: entered allmulticast mode [ 123.541582][ T6425] sock: sock_timestamping_bind_phc: sock not bind to device [ 124.615747][ T6420] netlink: 156 bytes leftover after parsing attributes in process `syz.1.230'. [ 126.800017][ T6470] sock: sock_timestamping_bind_phc: sock not bind to device [ 127.114304][ T6476] warn_alloc: 1 callbacks suppressed [ 127.114323][ T6476] syz.3.253: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 127.171288][ T6476] CPU: 1 PID: 6476 Comm: syz.3.253 Not tainted 6.6.99-syzkaller #0 [ 127.179298][ T6476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 127.189410][ T6476] Call Trace: [ 127.192733][ T6476] [ 127.195715][ T6476] dump_stack_lvl+0x16c/0x230 [ 127.200463][ T6476] ? show_regs_print_info+0x20/0x20 [ 127.205709][ T6476] ? load_image+0x3b0/0x3b0 [ 127.210271][ T6476] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 127.216737][ T6476] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 127.223547][ T6476] warn_alloc+0x210/0x300 [ 127.227928][ T6476] ? stack_trace_save+0x9c/0xe0 [ 127.232835][ T6476] ? zone_watermark_ok_safe+0x230/0x230 [ 127.238462][ T6476] ? kasan_set_track+0x5f/0x70 [ 127.243264][ T6476] ? kasan_set_track+0x4e/0x70 [ 127.248064][ T6476] ? __kasan_kmalloc+0x8f/0xa0 [ 127.252876][ T6476] ? xsk_init_queue+0xb0/0x110 [ 127.257692][ T6476] ? xsk_setsockopt+0x4db/0x6f0 [ 127.262594][ T6476] ? do_sock_setsockopt+0x175/0x1a0 [ 127.267841][ T6476] ? __x64_sys_setsockopt+0x184/0x200 [ 127.273264][ T6476] __vmalloc_node_range+0x126/0x1320 [ 127.278636][ T6476] ? free_vm_area+0x50/0x50 [ 127.283204][ T6476] vmalloc_user+0x74/0x80 [ 127.287596][ T6476] ? xskq_create+0xbf/0x170 [ 127.292143][ T6476] xskq_create+0xbf/0x170 [ 127.296523][ T6476] xsk_init_queue+0xb0/0x110 [ 127.301166][ T6476] xsk_setsockopt+0x4db/0x6f0 [ 127.305895][ T6476] ? xsk_poll+0x670/0x670 [ 127.310279][ T6476] ? __fget_files+0x28/0x4d0 [ 127.314923][ T6476] ? aa_sock_opt_perm+0x74/0x100 [ 127.319922][ T6476] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 127.325518][ T6476] ? security_socket_setsockopt+0x7e/0xa0 [ 127.331281][ T6476] ? xsk_poll+0x670/0x670 [ 127.335701][ T6476] do_sock_setsockopt+0x175/0x1a0 [ 127.340865][ T6476] ? __fdget+0x180/0x210 [ 127.345254][ T6476] __x64_sys_setsockopt+0x184/0x200 [ 127.350509][ T6476] do_syscall_64+0x55/0xb0 [ 127.354975][ T6476] ? clear_bhb_loop+0x40/0x90 [ 127.359688][ T6476] ? clear_bhb_loop+0x40/0x90 [ 127.364406][ T6476] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 127.370358][ T6476] RIP: 0033:0x7f591538e9a9 [ 127.374829][ T6476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.394484][ T6476] RSP: 002b:00007f5916253038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 127.402954][ T6476] RAX: ffffffffffffffda RBX: 00007f59155b5fa0 RCX: 00007f591538e9a9 [ 127.410973][ T6476] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000004 [ 127.418991][ T6476] RBP: 00007f5915410d69 R08: 0000000000000004 R09: 0000000000000000 [ 127.427006][ T6476] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 127.435018][ T6476] R13: 0000000000000000 R14: 00007f59155b5fa0 R15: 00007ffd902f5fc8 [ 127.443049][ T6476] [ 127.503946][ T6476] Mem-Info: [ 127.549857][ T6476] active_anon:6311 inactive_anon:0 isolated_anon:0 [ 127.549857][ T6476] active_file:805 inactive_file:39837 isolated_file:0 [ 127.549857][ T6476] unevictable:768 dirty:160 writeback:0 [ 127.549857][ T6476] slab_reclaimable:9879 slab_unreclaimable:94630 [ 127.549857][ T6476] mapped:23913 shmem:2106 pagetables:549 [ 127.549857][ T6476] sec_pagetables:0 bounce:0 [ 127.549857][ T6476] kernel_misc_reclaimable:0 [ 127.549857][ T6476] free:1364486 free_pcp:6907 free_cma:0 [ 127.698524][ T6476] Node 0 active_anon:22944kB inactive_anon:0kB active_file:3220kB inactive_file:159148kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:95652kB dirty:640kB writeback:0kB shmem:4388kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11428kB pagetables:2196kB sec_pagetables:0kB all_unreclaimable? no [ 127.813879][ T6476] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 127.946362][ T6476] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 128.023448][ T6476] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 128.029378][ T6476] Node 0 DMA32 free:1552696kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:22092kB inactive_anon:0kB active_file:3220kB inactive_file:157828kB unevictable:1536kB writepending:640kB present:3129332kB managed:2589600kB mlocked:0kB bounce:0kB free_pcp:10544kB local_pcp:1712kB free_cma:0kB [ 128.089080][ T6476] lowmem_reserve[]: 0 0 1 1 1 [ 128.098760][ T6476] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 128.136768][ T6476] lowmem_reserve[]: 0 0 0 0 0 [ 128.142279][ T6476] Node 1 Normal free:3888224kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:22144kB local_pcp:11264kB free_cma:0kB [ 128.180018][ T6476] lowmem_reserve[]: 0 0 0 0 0 [ 128.192998][ T6476] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 128.219587][ T6476] Node 0 DMA32: 2*4kB (E) 362*8kB (UE) 418*16kB (UME) 321*32kB (UE) 58*64kB (UME) 21*128kB (UME) 14*256kB (ME) 11*512kB (ME) 3*1024kB (ME) 1*2048kB (E) 369*4096kB (UM) = 1552024kB [ 128.283021][ T6476] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 128.332967][ T6476] Node 1 Normal: 246*4kB (UME) 61*8kB (UME) 46*16kB (UME) 58*32kB (UME) 26*64kB (UME) 6*128kB (UME) 1*256kB (M) 1*512kB (U) 2*1024kB (UE) 2*2048kB (UE) 946*4096kB (M) = 3888224kB [ 128.389964][ T6476] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 128.431377][ T6476] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 128.450724][ T6476] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 128.480136][ T6476] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 128.507099][ T6476] 42009 total pagecache pages [ 128.521562][ T6476] 0 pages in swap cache [ 128.532120][ T6476] Free swap = 124996kB [ 128.553011][ T6476] Total swap = 124996kB [ 128.573503][ T6476] 2097051 pages RAM [ 128.580282][ T6476] 0 pages HighMem/MovableOnly [ 128.589258][ T6476] 416137 pages reserved [ 128.596138][ T6476] 0 pages cma reserved [ 130.319247][ T6527] netlink: 'syz.2.273': attribute type 2 has an invalid length. [ 130.328587][ T6527] netlink: 17267 bytes leftover after parsing attributes in process `syz.2.273'. [ 132.406872][ T6562] netlink: 'syz.1.291': attribute type 5 has an invalid length. [ 133.194106][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.203427][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.882304][ T6595] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 136.226098][ T3478] wlan1: Trigger new scan to find an IBSS to join [ 137.294577][ T6630] syzkaller0: entered promiscuous mode [ 137.307141][ T6630] syzkaller0: entered allmulticast mode [ 137.849145][ T5794] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4 [ 139.768350][ T6651] sit0: entered allmulticast mode [ 140.233902][ T3478] wlan1: Trigger new scan to find an IBSS to join [ 141.300245][ T6707] syzkaller0: entered promiscuous mode [ 141.323730][ T6707] syzkaller0: entered allmulticast mode [ 142.234847][ T3517] wlan1: Creating new IBSS network, BSSID 16:70:de:99:88:ab [ 144.151052][ T6741] syzkaller0: entered promiscuous mode [ 144.157622][ T6741] syzkaller0: entered allmulticast mode [ 153.458700][ T6837] syz.3.401 (6837) used greatest stack depth: 20680 bytes left [ 153.834953][ T6854] netlink: 'syz.3.410': attribute type 3 has an invalid length. [ 153.842680][ T6854] netlink: 'syz.3.410': attribute type 1 has an invalid length. [ 153.851959][ T6854] netlink: 60387 bytes leftover after parsing attributes in process `syz.3.410'. [ 154.773919][ T6896] netlink: 'syz.0.436': attribute type 3 has an invalid length. [ 154.782442][ T6896] netlink: 'syz.0.436': attribute type 1 has an invalid length. [ 154.797107][ T6896] netlink: 60387 bytes leftover after parsing attributes in process `syz.0.436'. [ 155.975142][ T6924] netlink: 'syz.2.439': attribute type 3 has an invalid length. [ 156.013709][ T6924] netlink: 'syz.2.439': attribute type 1 has an invalid length. [ 156.021434][ T6924] netlink: 60387 bytes leftover after parsing attributes in process `syz.2.439'. [ 156.264938][ T6930] syzkaller0: entered promiscuous mode [ 156.274153][ T5794] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10 [ 156.274164][ T6930] syzkaller0: entered allmulticast mode [ 156.274185][ T5794] Bluetooth: unknown link type 88 [ 156.293038][ T5794] Bluetooth: hci2: connection err: -111 [ 161.744004][ T5794] Bluetooth: hci3: unexpected event 0x04 length: 15 > 10 [ 161.744057][ T5794] Bluetooth: unknown link type 88 [ 161.756846][ T5794] Bluetooth: hci3: connection err: -111 [ 161.818095][ T6973] Driver unsupported XDP return value 0 on prog (id 294) dev N/A, expect packet loss! [ 163.110953][ T5794] Bluetooth: hci0: Malformed LE Event: 0x0d [ 164.394008][ T5794] Bluetooth: hci1: Malformed LE Event: 0x0d [ 166.130672][ T7055] sock: sock_timestamping_bind_phc: sock not bind to device [ 167.087789][ T7078] sock: sock_timestamping_bind_phc: sock not bind to device [ 175.359909][ T7154] netlink: 'syz.0.540': attribute type 1 has an invalid length. [ 175.368020][ T7154] netlink: 'syz.0.540': attribute type 4 has an invalid length. [ 175.384062][ T7154] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.540'. [ 175.429776][ T7156] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.541'. [ 175.456890][ T7156] netlink: 6116 bytes leftover after parsing attributes in process `syz.3.541'. [ 175.484677][ T7156] netlink: 4 bytes leftover after parsing attributes in process `syz.3.541'. [ 175.760538][ T7162] syzkaller0: entered promiscuous mode [ 175.775489][ T7162] syzkaller0: entered allmulticast mode [ 177.596096][ T7182] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.553'. [ 177.605444][ T7182] netlink: 6116 bytes leftover after parsing attributes in process `syz.2.553'. [ 177.615409][ T7182] netlink: 4 bytes leftover after parsing attributes in process `syz.2.553'. [ 177.633788][ T7184] netlink: 'syz.1.554': attribute type 1 has an invalid length. [ 177.641584][ T7184] netlink: 'syz.1.554': attribute type 4 has an invalid length. [ 177.661608][ T7184] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.554'. [ 179.312517][ T7220] syzkaller0: entered promiscuous mode [ 179.327830][ T7220] syzkaller0: entered allmulticast mode [ 184.269674][ T7335] netlink: 132 bytes leftover after parsing attributes in process `syz.0.619'. [ 187.587027][ T7373] netlink: 132 bytes leftover after parsing attributes in process `syz.1.633'. [ 187.938689][ T7383] syzkaller0: entered allmulticast mode [ 188.319456][ T7399] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.643'. [ 188.509195][ T7405] netlink: 203516 bytes leftover after parsing attributes in process `syz.0.644'. [ 188.526929][ T7405] netlink: del zone limit has 8 unknown bytes [ 188.647692][ T7409] netlink: 132 bytes leftover after parsing attributes in process `syz.1.647'. [ 188.999659][ T7417] netlink: 'syz.0.652': attribute type 10 has an invalid length. [ 189.034350][ T7417] bridge0: port 3(netdevsim0) entered blocking state [ 189.041593][ T7417] bridge0: port 3(netdevsim0) entered disabled state [ 189.056860][ T7417] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 189.078807][ T7417] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 189.097597][ T7417] bridge0: port 3(netdevsim0) entered blocking state [ 189.104980][ T7417] bridge0: port 3(netdevsim0) entered forwarding state [ 189.279512][ T7424] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.655'. [ 189.742359][ T7441] netlink: 132 bytes leftover after parsing attributes in process `syz.3.661'. [ 189.871500][ T7446] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.663'. [ 189.899715][ T7446] netlink: del zone limit has 8 unknown bytes [ 190.044692][ T7452] netlink: 'syz.3.665': attribute type 10 has an invalid length. [ 190.053040][ T7452] bridge0: port 3(netdevsim0) entered blocking state [ 190.060690][ T7452] bridge0: port 3(netdevsim0) entered disabled state [ 190.068733][ T7452] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 190.080335][ T7452] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 190.089239][ T7452] bridge0: port 3(netdevsim0) entered blocking state [ 190.097080][ T7452] bridge0: port 3(netdevsim0) entered forwarding state [ 190.341796][ T7456] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.668'. [ 191.555308][ T7474] netlink: 132 bytes leftover after parsing attributes in process `syz.2.675'. [ 191.861967][ T7481] netlink: 203516 bytes leftover after parsing attributes in process `syz.3.677'. [ 191.886114][ T7481] netlink: del zone limit has 8 unknown bytes [ 194.639400][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.648431][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.457051][ T7483] netlink: 'syz.2.679': attribute type 10 has an invalid length. [ 195.465596][ T7483] bridge0: port 3(netdevsim0) entered blocking state [ 195.472506][ T7483] bridge0: port 3(netdevsim0) entered disabled state [ 195.479838][ T7483] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 195.515034][ T7483] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 195.523064][ T7483] bridge0: port 3(netdevsim0) entered blocking state [ 195.529995][ T7483] bridge0: port 3(netdevsim0) entered forwarding state [ 195.926153][ T7506] sock: sock_timestamping_bind_phc: sock not bind to device [ 197.398941][ T7533] sock: sock_timestamping_bind_phc: sock not bind to device [ 197.871976][ T7537] IPv6: Can't replace route, no match found [ 198.252603][ T7552] sock: sock_timestamping_bind_phc: sock not bind to device [ 199.967267][ T7564] IPv6: Can't replace route, no match found [ 200.182553][ T7577] syz.1.723[7577] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 200.182839][ T7577] syz.1.723[7577] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 200.205977][ T7577] syz.1.723[7577] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 200.231051][ T7577] syz.1.723[7577] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 200.536774][ T7594] IPv6: Can't replace route, no match found [ 201.199807][ T7616] netlink: 138036 bytes leftover after parsing attributes in process `syz.0.739'. [ 201.228369][ T7616] netlink: zone id is out of range [ 201.234141][ T7616] netlink: zone id is out of range [ 201.251419][ T7616] netlink: zone id is out of range [ 201.257187][ T7616] netlink: zone id is out of range [ 201.262700][ T7616] netlink: zone id is out of range [ 201.270030][ T7616] netlink: zone id is out of range [ 201.275337][ T7616] netlink: zone id is out of range [ 201.280601][ T7616] netlink: zone id is out of range [ 201.286012][ T7616] netlink: zone id is out of range [ 201.291271][ T7616] netlink: zone id is out of range [ 202.632814][ T7625] IPv6: Can't replace route, no match found [ 202.643820][ T7627] syz.3.752[7627] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 202.643958][ T7627] syz.3.752[7627] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 212.063408][ T5806] Bluetooth: hci2: command 0x0406 tx timeout [ 212.069613][ T5806] Bluetooth: hci0: command 0x0406 tx timeout [ 212.075803][ T5806] Bluetooth: hci1: command 0x0406 tx timeout [ 212.081562][ T5805] Bluetooth: hci3: command 0x0406 tx timeout [ 214.591312][ T7672] syz.3.763[7672] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 214.591563][ T7672] syz.3.763[7672] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 214.619833][ T7672] syz.3.763[7672] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 214.639020][ T7672] syz.3.763[7672] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 215.613968][ T7707] syz.2.779[7707] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 215.625825][ T7707] syz.2.779[7707] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 216.341913][ T7730] netlink: 'syz.2.790': attribute type 10 has an invalid length. [ 217.343474][ T5794] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 217.350058][ T5796] Bluetooth: hci1: command 0x0406 tx timeout [ 217.394679][ T7768] netlink: 'syz.1.806': attribute type 10 has an invalid length. [ 218.206424][ T7802] syz.0.829[7802] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 218.206691][ T7802] syz.0.829[7802] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 221.184573][ T5796] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 221.203435][ T5794] Bluetooth: hci3: command 0x0406 tx timeout [ 224.745751][ T7953] netlink: 'syz.2.886': attribute type 2 has an invalid length. [ 224.767847][ T7953] netlink: 17267 bytes leftover after parsing attributes in process `syz.2.886'. [ 226.369820][ T8000] netlink: 'syz.3.908': attribute type 2 has an invalid length. [ 226.378089][ T8000] netlink: 17267 bytes leftover after parsing attributes in process `syz.3.908'. [ 227.753030][ T5794] Bluetooth: hci1: unexpected event 0x03 length: 15 > 11 [ 228.651613][ T8032] syzkaller0: entered promiscuous mode [ 228.671899][ T8032] syzkaller0: entered allmulticast mode [ 228.757127][ T8041] netlink: 'syz.0.918': attribute type 2 has an invalid length. [ 228.765620][ T8041] netlink: 17267 bytes leftover after parsing attributes in process `syz.0.918'. [ 232.059688][ T5794] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 234.436027][ T8117] syzkaller0: entered promiscuous mode [ 234.442082][ T8117] syzkaller0: entered allmulticast mode [ 237.128746][ T8163] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.983'. [ 237.393619][ T8171] netlink: 'syz.1.977': attribute type 1 has an invalid length. [ 237.401422][ T8171] netlink: 'syz.1.977': attribute type 4 has an invalid length. [ 237.422800][ T8171] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.977'. [ 237.451376][ T8173] netlink: 'syz.1.977': attribute type 1 has an invalid length. [ 237.464346][ T8173] netlink: 'syz.1.977': attribute type 4 has an invalid length. [ 237.472308][ T8173] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.977'. [ 237.663174][ T8184] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.984'. [ 237.897003][ T8190] netlink: 'syz.2.988': attribute type 3 has an invalid length. [ 237.917520][ T8190] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.988'. [ 238.491709][ T8203] syzkaller0: entered promiscuous mode [ 238.499619][ T8203] syzkaller0: entered allmulticast mode [ 240.105643][ T8210] netlink: 'syz.2.1004': attribute type 1 has an invalid length. [ 240.116600][ T8210] netlink: 'syz.2.1004': attribute type 4 has an invalid length. [ 240.125304][ T8210] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.1004'. [ 240.140523][ T8211] netlink: 'syz.2.1004': attribute type 1 has an invalid length. [ 240.148967][ T8211] netlink: 'syz.2.1004': attribute type 4 has an invalid length. [ 240.162058][ T8211] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.1004'. [ 240.620485][ T8233] syz.2.1007[8233] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 240.620625][ T8233] syz.2.1007[8233] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 240.625239][ T8225] syzkaller0: entered promiscuous mode [ 240.656279][ T8225] syzkaller0: entered allmulticast mode [ 242.577161][ T8248] netlink: 'syz.3.1009': attribute type 1 has an invalid length. [ 242.585213][ T8248] netlink: 'syz.3.1009': attribute type 4 has an invalid length. [ 242.593051][ T8248] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1009'. [ 242.610695][ T8249] netlink: 'syz.3.1009': attribute type 1 has an invalid length. [ 242.619701][ T8249] netlink: 'syz.3.1009': attribute type 4 has an invalid length. [ 242.629881][ T8249] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1009'. [ 242.929669][ T8261] netlink: 'syz.0.1015': attribute type 17 has an invalid length. [ 242.942883][ T8261] netlink: 'syz.0.1015': attribute type 16 has an invalid length. [ 242.959416][ T8261] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1015'. [ 242.971512][ T8264] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.1017'. [ 245.086865][ T8289] syzkaller0: entered promiscuous mode [ 245.106438][ T8289] syzkaller0: entered allmulticast mode [ 248.153768][ T8359] syzkaller0: entered promiscuous mode [ 248.159416][ T8359] syzkaller0: entered allmulticast mode [ 250.186791][ T8381] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.1059'. [ 252.365608][ T8420] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1073'. [ 252.375855][ T8420] net_ratelimit: 43 callbacks suppressed [ 252.375927][ T8420] openvswitch: netlink: IP tunnel attribute has 3064 unknown bytes. [ 255.126754][ T8460] syzkaller0: entered promiscuous mode [ 255.132300][ T8460] syzkaller0: entered allmulticast mode [ 256.070760][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.077634][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.768209][ T8466] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1090'. [ 256.798951][ T8466] openvswitch: netlink: IP tunnel attribute has 3064 unknown bytes. [ 258.788856][ T8493] netlink: 'syz.0.1101': attribute type 3 has an invalid length. [ 258.808025][ T8493] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1101'. [ 258.995177][ T8500] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1103'. [ 259.013511][ T8500] openvswitch: netlink: IP tunnel attribute has 3064 unknown bytes. [ 259.439864][ T8516] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.1110'. [ 261.277145][ T8526] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.1114'. [ 261.604854][ T8550] syz.0.1124 uses obsolete (PF_INET,SOCK_PACKET) [ 261.833449][ T8551] netlink: 'syz.0.1124': attribute type 10 has an invalid length. [ 261.912674][ T8551] team0: Device ipvlan1 failed to register rx_handler [ 262.796695][ T8565] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.1131'. [ 262.950175][ T8571] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.1143'. [ 263.249869][ T8584] netlink: 'syz.2.1140': attribute type 3 has an invalid length. [ 263.274483][ T8584] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1140'. [ 264.411433][ T5794] Bluetooth: hci2: Unknown advertising packet type: 0x70 [ 264.411486][ T5794] Bluetooth: hci2: Malformed LE Event: 0x0d [ 264.459556][ T8613] netlink: 'syz.2.1160': attribute type 21 has an invalid length. [ 264.487283][ T8613] netlink: 'syz.2.1160': attribute type 12 has an invalid length. [ 264.509238][ T8613] netlink: 'syz.2.1160': attribute type 13 has an invalid length. [ 264.524589][ T8613] netlink: 'syz.2.1160': attribute type 14 has an invalid length. [ 264.545313][ T8613] netlink: 'syz.2.1160': attribute type 15 has an invalid length. [ 264.568930][ T8613] netlink: 'syz.2.1160': attribute type 16 has an invalid length. [ 264.584738][ T8613] netlink: 'syz.2.1160': attribute type 19 has an invalid length. [ 264.592874][ T8613] netlink: 'syz.2.1160': attribute type 21 has an invalid length. [ 264.601412][ T8613] netlink: 'syz.2.1160': attribute type 22 has an invalid length. [ 264.610079][ T8613] netlink: 12226 bytes leftover after parsing attributes in process `syz.2.1160'. [ 265.656764][ T5794] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4 [ 267.397332][ T5794] Bluetooth: hci1: Unknown advertising packet type: 0x70 [ 267.404834][ T5794] Bluetooth: hci1: Malformed LE Event: 0x0d [ 267.733003][ T5794] Bluetooth: hci3: unexpected event 0x05 length: 15 > 4 [ 268.351238][ T8705] netlink: 'syz.3.1193': attribute type 21 has an invalid length. [ 268.406664][ T8705] netlink: 12226 bytes leftover after parsing attributes in process `syz.3.1193'. [ 268.464399][ T5794] Bluetooth: hci2: unexpected event 0x05 length: 15 > 4 [ 269.453910][ T8740] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 269.478169][ T8740] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 269.489210][ T8740] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 269.505553][ T8740] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 276.920890][ T8848] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.1248'. [ 279.650731][ T8924] validate_nla: 9 callbacks suppressed [ 279.650747][ T8924] netlink: 'syz.0.1292': attribute type 10 has an invalid length. [ 279.672560][ T8924] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1292'. [ 279.693717][ T8924] netlink: 'syz.0.1292': attribute type 10 has an invalid length. [ 279.718915][ T8924] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1292'. [ 279.733679][ T8923] netlink: 'syz.0.1292': attribute type 10 has an invalid length. [ 279.741604][ T8923] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1292'. [ 280.407661][ T8952] netlink: 'syz.0.1295': attribute type 39 has an invalid length. [ 280.904033][ T8964] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1298'. [ 282.816875][ T9010] netlink: 'syz.3.1314': attribute type 10 has an invalid length. [ 282.825308][ T9010] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1314'. [ 282.835182][ T9010] netlink: 'syz.3.1314': attribute type 10 has an invalid length. [ 282.844466][ T9010] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1314'. [ 282.855364][ T9003] netlink: 'syz.3.1314': attribute type 10 has an invalid length. [ 282.867497][ T9003] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1314'. [ 283.550838][ T9014] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1322'. [ 284.068084][ T5794] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10 [ 284.299158][ T9052] syzkaller0: entered promiscuous mode [ 284.314542][ T9052] syzkaller0: entered allmulticast mode [ 284.520015][ T9055] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1338'. [ 285.667250][ T9097] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1354'. [ 285.825504][ T9100] veth1_macvtap: left promiscuous mode [ 285.883826][ T9100] veth1_macvtap: entered promiscuous mode [ 285.898512][ T9100] macsec0: entered promiscuous mode [ 285.907872][ T9100] macsec0: entered allmulticast mode [ 285.918022][ T9100] veth1_macvtap: entered allmulticast mode [ 286.144162][ T5794] Bluetooth: hci1: command 0x0406 tx timeout [ 288.433914][ T9131] veth1_macvtap: left promiscuous mode [ 288.498925][ T9131] veth1_macvtap: entered promiscuous mode [ 288.533442][ T9131] macsec0: entered promiscuous mode [ 288.543716][ T9131] macsec0: entered allmulticast mode [ 288.561094][ T9131] veth1_macvtap: entered allmulticast mode [ 288.728856][ T9134] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 288.770051][ T9134] syzkaller0: entered promiscuous mode [ 288.783818][ T9134] syzkaller0: entered allmulticast mode [ 292.449096][ T9184] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.1393'. [ 292.785163][ T9202] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.1402'. [ 297.645802][ T9277] netlink: 'syz.1.1429': attribute type 10 has an invalid length. [ 297.654606][ T9277] netlink: 55 bytes leftover after parsing attributes in process `syz.1.1429'. [ 299.428440][ T9306] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.1443'. [ 299.950493][ T9329] syz.3.1454 (9329) used obsolete PPPIOCDETACH ioctl [ 299.958832][ T9332] netlink: 'syz.0.1455': attribute type 21 has an invalid length. [ 300.380433][ T9350] syzkaller0: entered allmulticast mode [ 300.972550][ T5794] Bluetooth: hci3: ISO packet for unknown connection handle 2681 [ 302.366724][ T9388] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1475'. [ 302.602095][ T5794] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18 [ 303.227091][ T9408] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 303.250573][ T9408] syzkaller0: entered promiscuous mode [ 303.257441][ T9408] syzkaller0: entered allmulticast mode [ 305.791761][ T9421] netlink: 'syz.3.1488': attribute type 10 has an invalid length. [ 305.801316][ T9421] netlink: 55 bytes leftover after parsing attributes in process `syz.3.1488'. [ 306.173107][ T9425] netlink: 'syz.1.1490': attribute type 21 has an invalid length. [ 307.818573][ T9460] netlink: 'syz.0.1502': attribute type 39 has an invalid length. [ 308.160317][ T9471] netlink: 'syz.2.1506': attribute type 21 has an invalid length. [ 308.535059][ T9484] __sock_release: fasync list not empty! [ 308.703753][ T5796] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18 [ 311.065995][ T5794] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 315.753721][ T9598] syzkaller0: entered promiscuous mode [ 315.779808][ T9598] syzkaller0: entered allmulticast mode [ 317.520040][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.527718][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.204524][ T9631] netlink: 'syz.0.1578': attribute type 4 has an invalid length. [ 319.217732][ T9631] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1578'. [ 320.588002][ T9654] syzkaller0: entered promiscuous mode [ 320.593793][ T9654] syzkaller0: entered allmulticast mode [ 320.652155][ T9663] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1583'. [ 320.756089][ T9667] netlink: 'syz.1.1585': attribute type 4 has an invalid length. [ 320.774512][ T9667] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1585'. [ 323.429322][ T9697] netlink: 'syz.2.1596': attribute type 4 has an invalid length. [ 323.438204][ T9697] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1596'. [ 323.668766][ T9706] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1609'. [ 329.813420][ T9814] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.1648'. [ 329.841485][ T9824] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1650'. [ 330.131023][ T9836] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.1657'. [ 330.315821][ T5796] Bluetooth: hci0: unexpected event 0x07 length: 15 < 255 [ 331.275043][ T9850] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1663'. [ 331.444721][ T9853] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.1664'. [ 331.654208][ T9864] netlink: 'syz.0.1670': attribute type 2 has an invalid length. [ 331.662786][ T9864] netlink: 199824 bytes leftover after parsing attributes in process `syz.0.1670'. [ 331.854921][ T5796] Bluetooth: hci3: unexpected event 0x07 length: 15 < 255 [ 332.047696][ T9879] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.1676'. [ 332.480584][ T9885] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1679'. [ 332.825719][ T9890] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1689'. [ 333.105546][ T9901] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.1685'. [ 333.136080][ T5796] Bluetooth: hci1: unexpected event 0x07 length: 15 < 255 [ 335.094692][ T9935] __nla_validate_parse: 1 callbacks suppressed [ 335.094709][ T9935] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.1701'. [ 338.052737][ T9979] syzkaller0: entered promiscuous mode [ 338.100885][ T9979] syzkaller0: entered allmulticast mode [ 341.473153][T10034] netlink: 'syz.2.1735': attribute type 2 has an invalid length. [ 341.502963][T10034] netlink: 199824 bytes leftover after parsing attributes in process `syz.2.1735'. [ 342.212859][T10057] netlink: 'syz.1.1748': attribute type 2 has an invalid length. [ 342.238175][T10057] netlink: 199824 bytes leftover after parsing attributes in process `syz.1.1748'. [ 342.860353][ T5796] Bluetooth: hci1: ISO packet for unknown connection handle 255 [ 343.518866][T10098] netlink: 'syz.0.1764': attribute type 10 has an invalid length. [ 343.766496][T10098] geneve0: entered promiscuous mode [ 343.822526][T10098] bond0: (slave geneve0): Enslaving as an active interface with an up link [ 344.027808][T10107] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1769'. [ 344.941516][T10117] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.1773'. [ 347.737373][T10141] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.1779'. [ 347.920679][ T5796] Bluetooth: hci3: ISO packet for unknown connection handle 255 [ 348.014578][ T5796] Bluetooth: hci0: unexpected event 0x08 length: 15 > 4 [ 349.294285][ T5796] Bluetooth: hci0: ISO packet for unknown connection handle 255 [ 352.948209][T10242] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.1816'. [ 353.128266][ T5796] Bluetooth: hci3: unexpected event 0x08 length: 15 > 4 [ 353.261907][T10245] syzkaller0: entered promiscuous mode [ 353.290019][T10245] syzkaller0: entered allmulticast mode [ 357.081572][ T5796] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 358.411521][ T5794] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18 [ 358.419847][T10330] pim6reg1: entered promiscuous mode [ 358.432805][T10330] pim6reg1: entered allmulticast mode [ 366.578213][T10449] pim6reg1: entered promiscuous mode [ 366.598256][T10449] pim6reg1: entered allmulticast mode [ 366.934610][T10463] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1898'. [ 368.207914][T10493] pim6reg1: entered promiscuous mode [ 368.213933][T10493] pim6reg1: entered allmulticast mode [ 369.970023][T10535] pim6reg1: entered promiscuous mode [ 369.977987][T10535] pim6reg1: entered allmulticast mode [ 370.548967][T10538] syzkaller0: entered promiscuous mode [ 370.610511][T10538] syzkaller0: entered allmulticast mode [ 377.611448][T10682] netlink: 207496 bytes leftover after parsing attributes in process `syz.3.1980'. [ 378.949317][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.957003][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 382.011261][T10777] netlink: 207496 bytes leftover after parsing attributes in process `syz.1.2020'. [ 385.742038][T10837] netlink: 'syz.3.2046': attribute type 21 has an invalid length. [ 385.768339][T10837] IPv6: NLM_F_CREATE should be specified when creating new route [ 385.783822][T10837] IPv6: Can't replace route, no match found [ 387.816351][T10886] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2065'. [ 387.826267][T10886] openvswitch: netlink: Tunnel attr 0 has unexpected len 1 expected 8 [ 392.114074][ T5794] Bluetooth: hci3: unexpected event 0x05 length: 15 > 4 [ 392.198582][T10938] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 392.243342][T10938] syzkaller0: entered allmulticast mode [ 393.078005][T10962] netlink: 'syz.2.2091': attribute type 21 has an invalid length. [ 393.089415][T10962] IPv6: NLM_F_CREATE should be specified when creating new route [ 393.097881][T10962] IPv6: Can't replace route, no match found [ 393.242526][ T5794] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4 [ 393.378088][T10970] netlink: 'syz.0.2096': attribute type 1 has an invalid length. [ 393.397931][T10970] netlink: 'syz.0.2096': attribute type 4 has an invalid length. [ 393.406955][T10970] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.2096'. [ 396.707133][T11019] lo: entered allmulticast mode [ 396.759415][T11019] lo: entered promiscuous mode [ 396.779606][T11019] lo: left allmulticast mode [ 396.845615][T11023] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 396.857157][T11023] syzkaller0: entered allmulticast mode [ 397.669414][T11037] 7B’ç÷ï: renamed from syzkaller0 [ 398.363991][ T5794] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 398.919081][T11071] 7B’ç÷ï: renamed from syzkaller0 [ 399.374097][ T5794] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 400.206762][T11106] 7B’ç÷ï: renamed from syzkaller0 [ 400.257774][T11110] lo: entered allmulticast mode [ 400.334051][T11110] lo: entered promiscuous mode [ 400.338898][T11110] lo: left allmulticast mode [ 400.515878][ T5794] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 400.871663][T11123] 7B’ç÷ï: renamed from syzkaller0 [ 401.589927][T11145] lo: entered allmulticast mode [ 401.676405][T11145] lo: entered promiscuous mode [ 401.681294][T11145] lo: left allmulticast mode [ 401.740667][T11151] netlink: 'syz.2.2171': attribute type 33 has an invalid length. [ 401.753408][T11151] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2171'. [ 401.775173][T11151] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check. [ 404.468901][ T50] Bluetooth: hci3: command 0x0406 tx timeout [ 405.505775][ T5796] Bluetooth: hci0: command 0x0406 tx timeout [ 405.718182][T11219] delete_channel: no stack [ 406.623476][ T5794] Bluetooth: hci1: command 0x0406 tx timeout [ 406.859343][T11236] syzkaller0: entered promiscuous mode [ 407.263328][ T54] wlan1: Trigger new scan to find an IBSS to join [ 407.286790][ T54] ================================================================================ [ 407.301489][ T54] UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:1209:5 [ 407.327780][ T54] index 1 is out of range for type 'struct ieee80211_channel *[] __counted_by(n_channels)' (aka 'struct ieee80211_channel *[]') [ 407.355905][ T54] CPU: 0 PID: 54 Comm: kworker/u4:4 Not tainted 6.6.99-syzkaller #0 [ 407.363984][ T54] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 407.374099][ T54] Workqueue: events_unbound cfg80211_wiphy_work [ 407.380431][ T54] Call Trace: [ 407.383756][ T54] [ 407.386721][ T54] dump_stack_lvl+0x16c/0x230 [ 407.391453][ T54] ? show_regs_print_info+0x20/0x20 [ 407.396702][ T54] ? load_image+0x3b0/0x3b0 [ 407.401267][ T54] ? mutex_lock_nested+0x20/0x20 [ 407.406268][ T54] ubsan_epilogue+0xa/0x30 [ 407.410735][ T54] __ubsan_handle_out_of_bounds+0xe3/0xf0 [ 407.416512][ T54] ieee80211_request_ibss_scan+0x4eb/0x790 [ 407.422387][ T54] ieee80211_ibss_work+0xdfd/0x10c0 [ 407.427649][ T54] ? ieee80211_ibss_rx_queued_mgmt+0x2ac0/0x2ac0 [ 407.434021][ T54] ? mark_lock+0x94/0x320 [ 407.438415][ T54] ? ieee80211_iface_work+0xbca/0xc70 [ 407.443841][ T54] ? _raw_spin_unlock_irq+0x23/0x50 [ 407.449092][ T54] cfg80211_wiphy_work+0x225/0x260 [ 407.454259][ T54] ? process_scheduled_works+0x957/0x15b0 [ 407.460015][ T54] process_scheduled_works+0xa45/0x15b0 [ 407.465607][ T54] ? assign_work+0x400/0x400 [ 407.470219][ T54] ? assign_work+0x39e/0x400 [ 407.474866][ T54] worker_thread+0xa55/0xfc0 [ 407.479502][ T54] kthread+0x2fa/0x390 [ 407.483598][ T54] ? pr_cont_work+0x560/0x560 [ 407.488303][ T54] ? kthread_blkcg+0xd0/0xd0 [ 407.492906][ T54] ret_from_fork+0x48/0x80 [ 407.497343][ T54] ? kthread_blkcg+0xd0/0xd0 [ 407.501951][ T54] ret_from_fork_asm+0x11/0x20 [ 407.506753][ T54] [ 407.526013][ T54] ================================================================================ [ 407.542683][ T54] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 407.549945][ T54] CPU: 0 PID: 54 Comm: kworker/u4:4 Not tainted 6.6.99-syzkaller #0 [ 407.557972][ T54] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 407.568074][ T54] Workqueue: events_unbound cfg80211_wiphy_work [ 407.574387][ T54] Call Trace: [ 407.577703][ T54] [ 407.580668][ T54] dump_stack_lvl+0x16c/0x230 [ 407.585397][ T54] ? show_regs_print_info+0x20/0x20 [ 407.590641][ T54] ? load_image+0x3b0/0x3b0 [ 407.595216][ T54] panic+0x2c0/0x710 [ 407.599168][ T54] ? bpf_jit_dump+0xd0/0xd0 [ 407.603731][ T54] ? mutex_lock_nested+0x20/0x20 [ 407.608722][ T54] check_panic_on_warn+0x84/0xa0 [ 407.613708][ T54] __ubsan_handle_out_of_bounds+0xe3/0xf0 [ 407.619480][ T54] ieee80211_request_ibss_scan+0x4eb/0x790 [ 407.625346][ T54] ieee80211_ibss_work+0xdfd/0x10c0 [ 407.630605][ T54] ? ieee80211_ibss_rx_queued_mgmt+0x2ac0/0x2ac0 [ 407.636976][ T54] ? mark_lock+0x94/0x320 [ 407.641369][ T54] ? ieee80211_iface_work+0xbca/0xc70 [ 407.646795][ T54] ? _raw_spin_unlock_irq+0x23/0x50 [ 407.652051][ T54] cfg80211_wiphy_work+0x225/0x260 [ 407.657225][ T54] ? process_scheduled_works+0x957/0x15b0 [ 407.662988][ T54] process_scheduled_works+0xa45/0x15b0 [ 407.668703][ T54] ? assign_work+0x400/0x400 [ 407.673349][ T54] ? assign_work+0x39e/0x400 [ 407.677991][ T54] worker_thread+0xa55/0xfc0 [ 407.682661][ T54] kthread+0x2fa/0x390 [ 407.686766][ T54] ? pr_cont_work+0x560/0x560 [ 407.691488][ T54] ? kthread_blkcg+0xd0/0xd0 [ 407.696124][ T54] ret_from_fork+0x48/0x80 [ 407.700584][ T54] ? kthread_blkcg+0xd0/0xd0 [ 407.705230][ T54] ret_from_fork_asm+0x11/0x20 [ 407.710074][ T54] [ 407.713451][ T54] Kernel Offset: disabled [ 407.717866][ T54] Rebooting in 86400 seconds..