last executing test programs: 5.53945378s ago: executing program 3 (id=2499): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x10, &(0x7f0000000600)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x8, 0xff8, &(0x7f0000001e00)=""/4088, 0x0, 0x4b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94) 5.476354581s ago: executing program 3 (id=2501): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1000}, 0x4) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x28, 0x2, [@TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x1}, @TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x1, 0xb}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x8848}, 0x80) 4.730588942s ago: executing program 3 (id=2505): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100280000000000000002000000200001800d0001007564703a73797a32"], 0x34}}, 0x0) 4.596637624s ago: executing program 3 (id=2507): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}, 0xf5ff}], 0xf00, 0x0, 0x0) shutdown(r1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{}, &(0x7f0000000800), 0x0}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r2 = socket$xdp(0x2c, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x2) setsockopt$XDP_TX_RING(r2, 0x11b, 0x6, &(0x7f0000000000)=0x40000000, 0x4) socket$nl_generic(0x10, 0x3, 0x10) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r3, 0x400448cb, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x60, 0x4, 0xfd}]}) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) 3.891666974s ago: executing program 1 (id=2513): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1000}, 0x4) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x28, 0x2, [@TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x1}, @TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x1, 0xb}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x8848}, 0x80) 3.657535677s ago: executing program 1 (id=2516): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-512-generic\x00'}, 0x68) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)}], 0x1, 0x40800) 3.50083198s ago: executing program 1 (id=2518): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x30}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000240)={r3, 0x2}, &(0x7f00000002c0)=0x8) 3.287870152s ago: executing program 1 (id=2520): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)={0x34, r1, 0x1, 0x0, 0x4000, {{0x2}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x99e}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9a8}]]}, 0x34}}, 0x80) 3.121838195s ago: executing program 1 (id=2521): socket$netlink(0x10, 0x3, 0x1f) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x5, 0x2}, 0x1c) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db565"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0x2f9, 0x543, &(0x7f0000000040)="b90103600040f000009e0ff088a81fffffe100004000632177fb7f0200017f020001be3e7d2a182fff", 0x0, 0x104, 0x6000000000000000, 0x0, 0xfeb9, &(0x7f0000000400)="9209558f0c5fb25cd57f98113135c3171b8b331fbc04f0e6955a796ff8e3aae3cac46cec3030dfc999058aea01f0e6dcf2f9d480d328655aca003927bd50ed49d4843c8a0a2a4b26ceb747947200bd644c85e7a8a7d7cfce840c02a7d69c9e0bca410f64d43290abbbf3131e1fa8bd8c3e5f19d5a491d3d4c1a0fe47de9eebaf073ac3da6256bdb681d18fbd607c9b0d710442bcf78bc36fd3c035812bde582a262bff0e4d6181c818fccf542868c6e602d97bea23a101955dc76bcc984142ab305387aa348566d688edd291a3e9d08952adbdf60462bb7f7faebcdfccf17115708b0d73d0f3a469ce7d8374219b3f92c92bcec4958d474bb281c26691949d054b784a5866f081e53eb9cfd7"}, 0x28) socket$inet6(0xa, 0x80803, 0x87) 2.73762743s ago: executing program 3 (id=2522): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_MSG_GETSET(r0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000008180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 2.504060044s ago: executing program 1 (id=2523): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1000}, 0x4) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x28, 0x2, [@TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x1}, @TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x1, 0xb}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x8848}, 0x80) 1.875764713s ago: executing program 0 (id=2528): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)={0x34, r2, 0x1, 0x0, 0x4000, {{0x2}, {@val={0x8, 0x3, r1}, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x99e}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9a8}]]}, 0x34}}, 0x80) 1.760090824s ago: executing program 3 (id=2529): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}, 0xf5ff}], 0xf00, 0x0, 0x0) shutdown(r1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{}, &(0x7f0000000800), 0x0}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r2 = socket$xdp(0x2c, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x2) setsockopt$XDP_TX_RING(r2, 0x11b, 0x6, &(0x7f0000000000)=0x40000000, 0x4) socket$nl_generic(0x10, 0x3, 0x10) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r3, 0x400448cb, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x60, 0x4, 0xfd}]}) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) 1.689871235s ago: executing program 0 (id=2531): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r0, &(0x7f0000000000), 0xffffff6a) sendfile(0xffffffffffffffff, r0, 0x0, 0xffffffff000) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000001000)=""/16, 0x1030000, 0x1000, 0x5}, 0x20) 1.432266069s ago: executing program 2 (id=2533): r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) bind$llc(r0, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x10) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000), 0xffffff6a) sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff000) recvmmsg(r0, &(0x7f0000000640)=[{{0x0, 0x0, 0x0}, 0xffffffff}], 0x1, 0x0, 0x0) 859.335587ms ago: executing program 0 (id=2534): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000340)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB='&\x00'], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), 0x0}, 0x20) recvmsg$unix(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000001780)=""/4071, 0xfe7}], 0x1}, 0x40000102) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0xfffe}], 0x1}, 0x0) 624.323781ms ago: executing program 0 (id=2535): socket$inet_sctp(0x2, 0x5, 0x84) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) unshare(0x22020600) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000640), 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) pselect6(0x40, &(0x7f0000000100), &(0x7f0000000000)={0x1f, 0x0, 0x3837, 0x0, 0xfffffffffffffffc, 0x0, 0x8}, 0x0, 0x0, 0x0) unshare(0x70000000) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) 549.959222ms ago: executing program 0 (id=2536): socket$netlink(0x10, 0x3, 0x1f) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x5, 0x2}, 0x1c) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0x2f9, 0x543, &(0x7f0000000040)="b90103600040f000009e0ff088a81fffffe100004000632177fb7f0200017f020001be3e7d2a182fff", 0x0, 0x104, 0x6000000000000000, 0x0, 0xfeb9, &(0x7f0000000400)="9209558f0c5fb25cd57f98113135c3171b8b331fbc04f0e6955a796ff8e3aae3cac46cec3030dfc999058aea01f0e6dcf2f9d480d328655aca003927bd50ed49d4843c8a0a2a4b26ceb747947200bd644c85e7a8a7d7cfce840c02a7d69c9e0bca410f64d43290abbbf3131e1fa8bd8c3e5f19d5a491d3d4c1a0fe47de9eebaf073ac3da6256bdb681d18fbd607c9b0d710442bcf78bc36fd3c035812bde582a262bff0e4d6181c818fccf542868c6e602d97bea23a101955dc76bcc984142ab305387aa348566d688edd291a3e9d08952adbdf60462bb7f7faebcdfccf17115708b0d73d0f3a469ce7d8374219b3f92c92bcec4958d474bb281c26691949d054b784a5866f081e53eb9cfd7"}, 0x28) socket$inet6(0xa, 0x80803, 0x87) 468.277803ms ago: executing program 2 (id=2537): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="000000000980ff", 0x7) 347.839075ms ago: executing program 2 (id=2538): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)={0x34, r2, 0x1, 0x0, 0x4000, {{0x2}, {@val={0x8, 0x3, r1}, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x99e}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9a8}]]}, 0x34}}, 0x80) 342.512024ms ago: executing program 0 (id=2539): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wlan1\x00'}) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) unshare(0x10000c00) socket$inet_smc(0x2b, 0x1, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) recvmmsg(r2, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4, 0x3032, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) 205.971867ms ago: executing program 2 (id=2540): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xd, 0x1c, &(0x7f0000000040)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bca900000000000035090100000000009500000000000000b7020000000000007b2af8ff00000000b509000000000000c30af8ff50000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffc70200000800000018220000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf98000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 97.571118ms ago: executing program 2 (id=2541): r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) sendmmsg$inet(r0, &(0x7f00000004c0)=[{{&(0x7f0000000340)={0x2, 0x4e23, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x1a}, @multicast1}}}], 0x20}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000001440)="2f233fb00f34cdbb95b143d1530d162e133350202242db7f72b071a56567e0594678eb9b8b27947e823a36085213e4bcf9fe3fe6770f993ea8bfcd83054f097adcdaa6cf67611ed4daa0a735ac65458eee2198f6ab27038b3f8b870b59f743ffe5e70492a6fce900f50b3b6d225a3ac2f6d54b4764bb63ad67a16f5f12d9b66ccfd950d741513bb5ccf303447e9cff42061896780ba7efd699fe8069c53fe617a2bda4b44a4a60a54fa7b2c0782fb2e034fee378a7415a06e6b3b1d6e44b2b517dd865e5fc6a86d48ad53de819483474bd78ae39ce0bde1eef04fc6016e885cc098ce9b8bf8aa5d23b806bec4e76413f8efa719ff426cdd42cee3f31af297fee023e25ffbcd32baadf10262081dbd982cc2ef2be4084f5389e6e9a2f3203873c2c618c21819415189a4208c0c29a900ede97bf622ce87d9faf8b733b80f8c94e4091aee2a16e3f8dd90f815093909c00644cba5146f1445f57c7120b0b16e23450d94cf79188092c595ca156bd0986fe5f050d21aecbe9d4b60ace9910dcf5b71ac678c05c405bb2a9d3714bae080e3b42a142dd3f38d1a2588f8c11e1735a86201d095577fb5c03ee3eaaf0466e0524b0c9b109007d6c31da5be476b8d2d3205a621cf45234e8eaa8afbc94077ddf9b9db9c002cbe30dd50a2c1605e17b66b53d6721c76504b058b8cb3440692a18f137386571a9515ee56652c1bda2ba26a7e446f7bdbffa5f3ee0ffa5482de09f214cdb0ab650502fec2aa84954ce54d45c6d96f713419bc38f6b8af5693208c7faa737ef04e40f9713c6c3bba7b6c6182ae17fb8ee21b514e9af1e7f32cd4ddbea04d5d4ae38c49e41d45dada66bd222cb24a3fdc98513acd9119a9965182144f667a1f96f3a6c087cdcca0206be9e63cc764aa09949424a6b0eed1321adf598efb65aadf0cff67f03727656769bb783eb16e871a93e5d0dab42ffc43977260148a8b913b57c7a869c8f754904e78a6eea0bb55c5705e97e623d16c807d0f295caf6a5aa81afb5e2508b170ece6ebeeaae75ed9102530699d9c90d7194a2e0bd6dced3df2d6e55db49573934f97f5041baaedbecafbb09f6ad8d181339ed549a5aa5c7be9eff1a0145f292d58a9458321cfab1c10621d624b9c26891629d03c992d51bd0c61f1fb9b39468ea0b51b8d5d18690efaf8f89e1d29431af091df805a724521fac15ef8941d7ef502f5b4c3bde2929d49181646e7d51fa7e2e824455eefa17623d4e7b4b4b48abcacb699f5d7157f4c37b045085a2bfe58ac4a14ead426436adcc81c6e1f9f68228941a7643d980643c4f5e0f845812f3c7ea0738b8e738d13ab79a82bc6473550acf4f595b5221f4b1a43e86a6e0f930cc070e6e89cdef19d70a23eebe356c0bb0d9e4c6a9af906e6606c20b678b24fc63bdd77dfa2c50b7cad03b25a8f268551f5207fc67de8bd7295728ca58c98801297a678474f28360e5ed2d283bd108728ecb0cc075f5bdc2bc10d3e704a9f5ae27dd0873f4cfd5bab48cea2eac2fe6d96d72de03b806f9f6e235cacf78727ec8a8543569aa0d09ec029800ed6f472455ee52c3449fe9ee1b10dea7742d6a407d387d0ffa6d88b933e024e1b15199259a4e4c8357a0c285f12ba3d9120bb7d53d14fdd4319905a847f9a78b9b644b657a8d418bb9788ec21c25ce8196b0911876b5f5e1f56147ae54127513fd5158b6c09a32bd2904dd8a359abfcb475ccdff0dbb23f1944fc2f41b64eb11460383aafb368aa6723b00188fb2204d6d59cc22802d5dce7cb560093e5f35fd410ed9017b73ff745a691015c161092d49d0ebf12c8e967909450f979f8da5d1af67e73ed1061105d66e80a7dfb7ead7ac8a78e7d1795fbea18b6b9b67436bc6b53790c1037d959cf32169bd66bd07938407753d576d0f539c7186dad924508aa619d0abb3c128a4772359e9f69cbda1f79bfc60388fdca75e9f44b1acba0ff9a9ba1ffd1608ccd6421667397a3a01fb066a1301b6fdeb4f4ce975de55b84ac293c59f20bf4965b5aa02209598f688316c6df87d1583aa3990619de1e1c93bbe0bd8888168a510421dd38b7183e693da817aa35234ee1c761217fef5ec73e93a1792a478c9d824c34f06a7b7b897693b96e9c26834c0d7d953b49f36c55b34e72e66504f4b1447d4115535c4468dbe45819a21ccc8657a372d41a1e24f79fc8beaad4440fcfcdef0d45c67044943cb2c788f60170ad9147f8ea35e9a7eeadad995e1f78497ab5d2568501bda016e06762d405c8c24c15413962071218837f82c3c7670cb5caa750bba7afc5e03304d1be36fa1d2d52d29ad1969a7b9cee3c9e6ddc8a46eef039b9d1c535c066dbd8df6fd52b0cd24f4113fca11ec22ed072430a83551ec6e29dbef0852e36cc08a83193b054467c8147ecf60b70c0d9730f776a0b4924e6c6847efd87a4fb9f1c071b0ec751906bae6b50aafa58dbe51a8c8442c1ba03ea181727417d59cf0208f4dfb45ce67e28dc7ad555d54aeeeb05f2204a0e24e3df5754b9152e177bc5c94ddcb97c07ec60441f63c3559048ad6bca0bb97da50e167fb23a43b0bccd77c0f4543e8b7ad51fb20ed7240975182693455112ffb3a5b4e957f86ba8ebced4c9f374833620477b1f579dadbc85a5939376b47850742d7002436af7ca7353382916441fd27689d59f3237f50c9129ceba901fd82caae73d8e632ff1b9a118770b9bb767055b076e84ec13c2887efc44ad984422e8e14b44ab990046134ce53dff59aa8371d72a85a7d7c77618f2dbc91111529330cb1f728f1b8f5f3b9a002a955d2ee129c15cadd480fa58e1d2cfc7300b91a6a0b732f0e86bcf72117df07f952a3ceaf3f1c573b8dd1be5d8db3f1a86a52e0c1e4ef272bf37d58587de947e539908f72985f64c1a0afdcf3f0c358869752e9a32042e66b15831310c1ca87716a9622363a2c85d0837136bb3a00b84b66495cd68d30762a20e33d78e74f091ad270ecfaf2646e1c266ed33b5ac58149818666ae83b1508cf8c98b30108ca1e7f77dede2a6d40b3c7b5c63f01e8985ad7e1c4fef4268649937e4f8dcb7ce5be0b6d57a8de2e2b84ced66c1a37a3490714b92505867d948214674298d4362f0325050b1838a1a38759fcd2724d356568ad822d71fa7e8cf53d08937f25eee30ecde2cf898d4de8625529ed25f9a726fe6733bafb7b60b04ce79e52cf9eb2499b901f7b76c1bd9972420c687080e3acd0f1d824b04012c8b81177dda1141f9747c2c838ee6054cb73caac2dd0f648a8177dcb0304404e7cbcd0890885742aab419f7473f5fbc26fccc201f33b89d7f1c2f39afc33dd678ce0642f8880b582b204898618f2b3e6fbe3dd876409127d6ff693cd611ce492f5ae467b8c1b4b2172115274c1e262c49b6918235ffe5349b625d88b214c733883b06601f976fbdf50694f2c205079c93648487aa24902e3a379035c80576c73e314dcc74214f5f68812fa993c5b35cdf8a3d9b204ff2e89d9b289e98d5b9c5621b5dab4e49ce5a06d9e8ef191ffe874442c37750da0104fad9daeedbafc24648b66d5851ba6c7022e328a2e9ac05682df35390b60db4e8af6f733e43264581cf2451b52428bcd7611ac2aac6ba6977a98709fe8fde693efd8b859155b79a97fc75a9f4a0b596b06734d74acbc2cd59cfc513ddae1fa6833e1eb5d311b24ad2ec35838917414b98a5796ed3085f025a2eb45cd8005616be4ad48a9b7922741a669bb1ba30cebe7b6ebb39f9cc48a92daef0fa9444abb1770b9db96810f03e6913b5cb159545c0b0bb0cccf4aae84ef4b858bf7896dbd26f76416cde4e99923713be8468c4230cdf3855090121c3f7da365b58bc9faf7b15e0b103b60f424865ad6b83072750607e8a8593a58b7b7c8dd19e97b90f3f6758e0b458053e086167ecde7aa76f2d92cf60da90b0696892a5ff95a4d319f534a100942ebaf24114deb14e3ac7ba445116d9e1c0c3efc6b160b944c31edc49fb132eebf2e481e6625247fd589235813d576fea69b289ee8b781d22c747c7ff50081f4ea713fa8379d95d9e3ef809a80aca1df81fac8a7ecd24691055491020508565b496f11e0d602fe5afcbd9b211971032c6000e295f27c0d2a2457398403348fde698e92a104d91f87bf98b1c9bee5b2c249400a76fac6465e0d6eb494ee240ccea467cb7e8bfc7c3bf9bb701a133fd8fbed9cd6e79d801f65196faa8564ae3dfa192e012ef0d27351bc3117e", 0xbbc}], 0x1}}], 0x2, 0x40080c0) 0s ago: executing program 2 (id=2542): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000340)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB='&\x00'], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), 0x0}, 0x20) recvmsg$unix(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000001780)=""/4071, 0xfe7}], 0x1}, 0x40000102) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0xfffe}], 0x1}, 0x0) kernel console output (not intermixed with test programs): 89][ T8616] Node 0 active_anon:26396kB inactive_anon:0kB active_file:4740kB inactive_file:159220kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:99856kB dirty:428kB writeback:0kB shmem:3920kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11620kB pagetables:2264kB sec_pagetables:0kB all_unreclaimable? no [ 160.585804][ T8613] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 160.592384][ T8616] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 160.624739][ T8616] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 160.657676][ T8616] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 160.666299][ T8616] Node 0 DMA32 free:1541408kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:26352kB inactive_anon:0kB active_file:4740kB inactive_file:157900kB unevictable:1536kB writepending:428kB present:3129332kB managed:2589668kB mlocked:0kB bounce:0kB free_pcp:13168kB local_pcp:9192kB free_cma:0kB [ 160.721664][ T8616] lowmem_reserve[]: 0 0 1 1 1 [ 160.726437][ T8616] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 160.782284][ T8616] lowmem_reserve[]: 0 0 0 0 0 [ 160.787084][ T8616] Node 1 Normal free:3900232kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:18752kB local_pcp:9120kB free_cma:0kB [ 160.834576][ T8616] lowmem_reserve[]: 0 0 0 0 0 [ 160.839698][ T8616] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 160.857933][ T8616] Node 0 DMA32: 195*4kB (UME) 376*8kB (UE) 688*16kB (UME) 193*32kB (UME) 169*64kB (UME) 46*128kB (UME) 23*256kB (UME) 12*512kB (M) 8*1024kB (UM) 2*2048kB (UM) 361*4096kB (ME) = 1540652kB [ 160.889236][ T8616] Node 0 Normal: 0*4kB 1*8kB (M) [ 160.889296][ T8622] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 160.889303][ T8616] 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 160.978157][ T8616] Node 1 Normal: 250*4kB (U) 48*8kB (UE) 34*16kB (UE) 60*32kB (UE) 21*64kB (UME) 8*128kB (UME) 1*256kB (E) 3*512kB (UME) 1*1024kB (U) 2*2048kB (UE) 949*4096kB (M) = 3900232kB [ 161.032676][ T8616] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 161.048923][ T8616] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 161.058651][ T8616] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 161.073345][ T8616] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 161.119924][ T8616] 42406 total pagecache pages [ 161.143940][ T8616] 0 pages in swap cache [ 161.158057][ T8616] Free swap = 124996kB [ 161.162698][ T8616] Total swap = 124996kB [ 161.166953][ T8616] 2097051 pages RAM [ 161.170833][ T8616] 0 pages HighMem/MovableOnly [ 161.180236][ T8616] 416120 pages reserved [ 161.185063][ T8616] 0 pages cma reserved [ 162.941847][ T50] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 162.948663][ T8650] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 163.198362][ T8670] __nla_validate_parse: 6 callbacks suppressed [ 163.198376][ T8670] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1203'. [ 164.130088][ T8690] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1210'. [ 164.292918][ T8694] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1213'. [ 164.466159][ T8699] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1214'. [ 164.511149][ T8699] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 164.620773][ T8687] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 164.824094][ T8711] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1221'. [ 164.837507][ T8712] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1219'. [ 164.859917][ T8714] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1222'. [ 165.531890][ T8734] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1231'. [ 165.640482][ T8736] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1232'. [ 165.738402][ T8738] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1233'. [ 166.897612][ T8763] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 167.978220][ T8785] netlink: 'syz.2.1254': attribute type 2 has an invalid length. [ 167.995762][ T8785] netlink: 'syz.2.1254': attribute type 2 has an invalid length. [ 168.330014][ T8793] __nla_validate_parse: 6 callbacks suppressed [ 168.330029][ T8793] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1258'. [ 168.426346][ T8795] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1259'. [ 168.649251][ T8799] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1261'. [ 168.871397][ T8804] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1263'. [ 168.951640][ T50] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 169.003898][ T8806] netlink: 'syz.0.1264': attribute type 2 has an invalid length. [ 169.027341][ T8806] netlink: 'syz.0.1264': attribute type 2 has an invalid length. [ 169.088400][ T8806] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1264'. [ 169.244941][ T8811] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1267'. [ 169.268685][ T8813] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1266'. [ 169.301999][ T8813] bond_slave_0: entered promiscuous mode [ 169.307754][ T8813] bond_slave_1: entered promiscuous mode [ 169.333028][ T8813] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 169.351983][ T8813] bond_slave_0: left promiscuous mode [ 169.357468][ T8813] bond_slave_1: left promiscuous mode [ 169.467491][ T8817] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1268'. [ 169.798356][ T8832] netlink: 'syz.3.1275': attribute type 2 has an invalid length. [ 169.835742][ T8832] netlink: 'syz.3.1275': attribute type 2 has an invalid length. [ 169.928050][ T8837] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1277'. [ 170.171393][ T8844] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1280'. [ 170.297681][ T8848] bond_slave_0: entered promiscuous mode [ 170.303457][ T8848] bond_slave_1: entered promiscuous mode [ 170.310103][ T8848] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 170.318300][ T8848] bond_slave_0: left promiscuous mode [ 170.323756][ T8848] bond_slave_1: left promiscuous mode [ 170.593536][ T8854] warn_alloc: 3 callbacks suppressed [ 170.593552][ T8854] syz.0.1284: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 170.614343][ T8854] CPU: 1 PID: 8854 Comm: syz.0.1284 Not tainted 6.6.94-syzkaller #0 [ 170.622397][ T8854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 170.632461][ T8854] Call Trace: [ 170.635759][ T8854] [ 170.638693][ T8854] dump_stack_lvl+0x16c/0x230 [ 170.643392][ T8854] ? show_regs_print_info+0x20/0x20 [ 170.648620][ T8854] ? load_image+0x3b0/0x3b0 [ 170.653151][ T8854] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 170.659599][ T8854] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 170.666118][ T8854] warn_alloc+0x210/0x300 [ 170.670453][ T8854] ? stack_trace_save+0x9c/0xe0 [ 170.675316][ T8854] ? zone_watermark_ok_safe+0x230/0x230 [ 170.680878][ T8854] ? kasan_set_track+0x5f/0x70 [ 170.685658][ T8854] ? kasan_set_track+0x4e/0x70 [ 170.690439][ T8854] ? __kasan_kmalloc+0x8f/0xa0 [ 170.695215][ T8854] ? xsk_init_queue+0xb0/0x110 [ 170.699993][ T8854] ? xsk_setsockopt+0x43c/0x6f0 [ 170.704863][ T8854] ? do_sock_setsockopt+0x254/0x3e0 [ 170.710071][ T8854] ? __x64_sys_setsockopt+0x1be/0x250 [ 170.715453][ T8854] __vmalloc_node_range+0x126/0x1320 [ 170.720802][ T8854] ? free_vm_area+0x50/0x50 [ 170.725348][ T8854] vmalloc_user+0x74/0x80 [ 170.729697][ T8854] ? xskq_create+0xbf/0x170 [ 170.734207][ T8854] xskq_create+0xbf/0x170 [ 170.738545][ T8854] xsk_init_queue+0xb0/0x110 [ 170.743151][ T8854] xsk_setsockopt+0x43c/0x6f0 [ 170.747845][ T8854] ? xsk_poll+0x670/0x670 [ 170.752189][ T8854] ? aa_sock_opt_perm+0x74/0x100 [ 170.757138][ T8854] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 170.762716][ T8854] ? security_socket_setsockopt+0x7e/0xa0 [ 170.768526][ T8854] ? xsk_poll+0x670/0x670 [ 170.772868][ T8854] do_sock_setsockopt+0x254/0x3e0 [ 170.777924][ T8854] ? __ia32_sys_recv+0xb0/0xb0 [ 170.782734][ T8854] ? __fdget+0x180/0x210 [ 170.787022][ T8854] __x64_sys_setsockopt+0x1be/0x250 [ 170.792318][ T8854] do_syscall_64+0x55/0xb0 [ 170.796743][ T8854] ? clear_bhb_loop+0x40/0x90 [ 170.801419][ T8854] ? clear_bhb_loop+0x40/0x90 [ 170.806106][ T8854] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 170.812010][ T8854] RIP: 0033:0x7f280b78e929 [ 170.816435][ T8854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.836054][ T8854] RSP: 002b:00007f280c58d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 170.844478][ T8854] RAX: ffffffffffffffda RBX: 00007f280b9b6080 RCX: 00007f280b78e929 [ 170.852456][ T8854] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000008 [ 170.860430][ T8854] RBP: 00007f280b810b39 R08: 0000000000000004 R09: 0000000000000000 [ 170.868417][ T8854] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 170.876400][ T8854] R13: 0000000000000000 R14: 00007f280b9b6080 R15: 00007ffdd2ff7628 [ 170.884387][ T8854] [ 170.909631][ T8854] Mem-Info: [ 170.924425][ T8854] active_anon:5734 inactive_anon:0 isolated_anon:0 [ 170.924425][ T8854] active_file:1185 inactive_file:39861 isolated_file:0 [ 170.924425][ T8854] unevictable:768 dirty:88 writeback:0 [ 170.924425][ T8854] slab_reclaimable:10055 slab_unreclaimable:94858 [ 170.924425][ T8854] mapped:24306 shmem:1364 pagetables:565 [ 170.924425][ T8854] sec_pagetables:0 bounce:0 [ 170.924425][ T8854] kernel_misc_reclaimable:0 [ 170.924425][ T8854] free:1358815 free_pcp:14162 free_cma:0 [ 171.014562][ T8854] Node 0 active_anon:23136kB inactive_anon:0kB active_file:4740kB inactive_file:159244kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:97224kB dirty:352kB writeback:0kB shmem:3920kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11580kB pagetables:2260kB sec_pagetables:0kB all_unreclaimable? no [ 171.047749][ T8854] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 171.060623][ T8857] netlink: 'syz.1.1285': attribute type 2 has an invalid length. [ 171.086166][ T8854] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 171.117149][ T8854] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 171.123663][ T8854] Node 0 DMA32 free:1519404kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:22992kB inactive_anon:0kB active_file:4740kB inactive_file:157924kB unevictable:1536kB writepending:352kB present:3129332kB managed:2589668kB mlocked:0kB bounce:0kB free_pcp:37908kB local_pcp:18700kB free_cma:0kB [ 171.154826][ T8854] lowmem_reserve[]: 0 0 1 1 1 [ 171.158472][ T8857] netlink: 'syz.1.1285': attribute type 2 has an invalid length. [ 171.159721][ T8854] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 171.230567][ T8854] lowmem_reserve[]: 0 0 0 0 0 [ 171.238557][ T8854] Node 1 Normal free:3900488kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:18496kB local_pcp:8864kB free_cma:0kB [ 171.283305][ T8854] lowmem_reserve[]: 0 0 0 0 0 [ 171.288667][ T8854] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 171.362594][ T8854] Node 0 DMA32: 585*4kB (UME) 480*8kB (UME) 569*16kB (UM) 173*32kB (UME) 111*64kB (UM) 15*128kB (UE) 7*256kB (UME) 3*512kB (M) 7*1024kB (UM) 1*2048kB (U) 361*4096kB (ME) = 1521044kB [ 171.417653][ T8854] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 171.470110][ T8854] Node 1 Normal: 250*4kB (U) 48*8kB (UE) 34*16kB (UE) 66*32kB (UE) 22*64kB (UME) 8*128kB (UME) 1*256kB (E) 3*512kB (UME) 1*1024kB (U) 2*2048kB (UE) 949*4096kB (M) = 3900488kB [ 171.499070][ T8854] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 171.522784][ T8854] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 171.557212][ T8854] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 171.595865][ T8854] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 171.631712][ T8854] 43660 total pagecache pages [ 171.636467][ T8854] 0 pages in swap cache [ 171.640639][ T8854] Free swap = 124996kB [ 171.665107][ T8854] Total swap = 124996kB [ 171.675952][ T8854] 2097051 pages RAM [ 171.688922][ T8854] 0 pages HighMem/MovableOnly [ 171.694072][ T8854] 416120 pages reserved [ 171.701725][ T8854] 0 pages cma reserved [ 171.741688][ T50] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 171.890048][ T8878] syzkaller1: entered promiscuous mode [ 171.897851][ T8878] syzkaller1: entered allmulticast mode [ 172.040967][ T8880] netlink: 'syz.3.1295': attribute type 2 has an invalid length. [ 172.049717][ T8880] netlink: 'syz.3.1295': attribute type 2 has an invalid length. [ 172.686308][ T8902] bond_slave_0: entered promiscuous mode [ 172.692079][ T8902] bond_slave_1: entered promiscuous mode [ 172.706183][ T8902] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 172.718037][ T8902] bond_slave_0: left promiscuous mode [ 172.723575][ T8902] bond_slave_1: left promiscuous mode [ 173.103717][ T8912] netlink: 'syz.0.1311': attribute type 1 has an invalid length. [ 173.137845][ T8912] 8021q: adding VLAN 0 to HW filter on device bond1 [ 173.256106][ T8912] bond1: (slave veth5): Enslaving as an active interface with a down link [ 173.289106][ T8919] bond1: (slave veth0_to_bond): making interface the new active one [ 173.324576][ T8919] veth0_to_bond: entered promiscuous mode [ 173.350094][ T8919] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 173.463818][ T8912] vlan2: entered allmulticast mode [ 173.479097][ T8912] veth1: entered allmulticast mode [ 173.486974][ T8912] veth1: entered promiscuous mode [ 173.494853][ T8912] veth1: left promiscuous mode [ 173.502652][ T8912] bond1: (slave vlan2): Enslaving as an active interface with an up link [ 173.893309][ T8935] netlink: 'syz.0.1319': attribute type 72 has an invalid length. [ 174.166749][ T8943] netlink: 'syz.2.1320': attribute type 2 has an invalid length. [ 174.183498][ T8943] netlink: 'syz.2.1320': attribute type 2 has an invalid length. [ 174.274360][ T8945] __nla_validate_parse: 12 callbacks suppressed [ 174.274375][ T8945] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1324'. [ 174.412033][ T8950] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 174.459401][ T8956] netlink: 'syz.3.1327': attribute type 1 has an invalid length. [ 174.707746][ T8965] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1330'. [ 174.737304][ T8966] netlink: 'syz.0.1329': attribute type 72 has an invalid length. [ 174.742715][ T8965] bond_slave_0: entered promiscuous mode [ 174.750887][ T8965] bond_slave_1: entered promiscuous mode [ 174.781919][ T8965] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 174.813170][ T8965] bond_slave_0: left promiscuous mode [ 174.818708][ T8965] bond_slave_1: left promiscuous mode [ 175.097242][ T8975] netlink: 'syz.2.1334': attribute type 2 has an invalid length. [ 175.108321][ T8975] netlink: 'syz.2.1334': attribute type 2 has an invalid length. [ 175.197459][ T8979] netlink: 'syz.1.1337': attribute type 1 has an invalid length. [ 175.806209][ T8993] netlink: 'syz.0.1340': attribute type 72 has an invalid length. [ 176.461626][ T50] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 176.738140][ T9017] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.1350'. [ 176.873269][ T9018] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 177.124900][ T9027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1354'. [ 177.809860][ T9046] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1363'. [ 178.539325][ T9060] bridge0: entered promiscuous mode [ 178.554407][ T9060] macsec1: entered promiscuous mode [ 178.561162][ T9060] bridge0: port 4(macsec1) entered blocking state [ 178.568419][ T9060] bridge0: port 4(macsec1) entered disabled state [ 178.575357][ T9060] macsec1: entered allmulticast mode [ 178.580753][ T9060] bridge0: entered allmulticast mode [ 178.589523][ T9060] macsec1: left allmulticast mode [ 178.595076][ T9060] bridge0: left allmulticast mode [ 178.601835][ T9060] bridge0: left promiscuous mode [ 178.867266][ T9072] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1373'. [ 178.890943][ T9073] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1374'. [ 178.918149][ T9073] bond_slave_0: entered promiscuous mode [ 178.923921][ T9073] bond_slave_1: entered promiscuous mode [ 178.938938][ T9073] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 178.941635][ T50] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 178.955899][ T9073] bond_slave_0: left promiscuous mode [ 178.961351][ T9073] bond_slave_1: left promiscuous mode [ 179.648367][ T9093] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1383'. [ 181.320794][ T9146] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1411'. [ 181.455005][ T9146] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 181.578887][ T9153] vlan3: entered allmulticast mode [ 181.586880][ T9153] veth1: entered allmulticast mode [ 181.855267][ T9169] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1419'. [ 182.273013][ T9180] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1424'. [ 182.720809][ T9191] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1429'. [ 182.904437][ T9202] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1433'. [ 183.106768][ T9212] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 183.599234][ T9222] validate_nla: 1 callbacks suppressed [ 183.599249][ T9222] netlink: 'syz.0.1440': attribute type 2 has an invalid length. [ 183.618608][ T9222] netlink: 'syz.0.1440': attribute type 2 has an invalid length. [ 183.631002][ T9222] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1440'. [ 184.336149][ T9239] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1448'. [ 184.369939][ T9243] netlink: 'syz.0.1450': attribute type 2 has an invalid length. [ 184.379896][ T9243] netlink: 'syz.0.1450': attribute type 2 has an invalid length. [ 184.404609][ T9243] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1450'. [ 184.431949][ T48] veth0_to_bond: left promiscuous mode [ 185.476138][ T9261] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1454'. [ 185.490772][ T9261] bond_slave_0: entered promiscuous mode [ 185.496545][ T9261] bond_slave_1: entered promiscuous mode [ 185.504911][ T9261] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 185.513577][ T9261] bond_slave_0: left promiscuous mode [ 185.519810][ T9261] bond_slave_1: left promiscuous mode [ 185.804082][ T9268] netlink: 'syz.0.1460': attribute type 2 has an invalid length. [ 185.828087][ T9268] netlink: 'syz.0.1460': attribute type 2 has an invalid length. [ 185.866784][ T9268] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1460'. [ 186.681856][ T9287] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1468'. [ 186.715153][ T9291] netlink: 'syz.3.1470': attribute type 2 has an invalid length. [ 186.721822][ T9287] team_slave_0: entered promiscuous mode [ 186.728640][ T9287] team_slave_1: entered promiscuous mode [ 186.735990][ T9291] netlink: 'syz.3.1470': attribute type 2 has an invalid length. [ 186.745737][ T9287] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 186.753117][ T9291] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1470'. [ 186.772970][ T9287] team_slave_0: left promiscuous mode [ 186.778483][ T9287] team_slave_1: left promiscuous mode [ 187.404003][ T9310] netlink: 'syz.1.1479': attribute type 2 has an invalid length. [ 187.418540][ T9310] netlink: 'syz.1.1479': attribute type 2 has an invalid length. [ 187.437206][ T9310] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1479'. [ 188.314262][ T9327] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1486'. [ 188.655979][ T9334] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1490'. [ 189.264820][ T9364] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1501'. [ 189.830544][ T9390] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1512'. [ 190.079136][ T9398] netlink: 'syz.2.1515': attribute type 2 has an invalid length. [ 190.107174][ T9398] netlink: 'syz.2.1515': attribute type 2 has an invalid length. [ 190.122159][ T9398] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1515'. [ 190.147627][ T9402] team_slave_0: entered promiscuous mode [ 190.153398][ T9402] team_slave_1: entered promiscuous mode [ 190.203311][ T9402] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 190.256447][ T9402] team_slave_0: left promiscuous mode [ 190.262009][ T9402] team_slave_1: left promiscuous mode [ 190.537925][ T9419] __nla_validate_parse: 2 callbacks suppressed [ 190.537939][ T9419] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1526'. [ 190.860275][ T9431] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1532'. [ 190.936030][ T9435] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1534'. [ 191.568887][ T9459] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1544'. [ 191.630872][ T9463] netlink: 'syz.3.1546': attribute type 2 has an invalid length. [ 191.639520][ T9463] netlink: 'syz.3.1546': attribute type 2 has an invalid length. [ 191.655205][ T9463] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1546'. [ 191.914280][ T9476] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1551'. [ 191.921021][ T9475] netlink: 'syz.3.1552': attribute type 1 has an invalid length. [ 191.953198][ T9475] 8021q: adding VLAN 0 to HW filter on device bond2 [ 192.058067][ T9475] bond2: (slave veth3): Enslaving as an active interface with a down link [ 192.069052][ T9481] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1554'. [ 192.124015][ T9475] bond2: (slave veth0_to_bond): making interface the new active one [ 192.135768][ T9483] netlink: 'syz.2.1555': attribute type 2 has an invalid length. [ 192.146334][ T9475] veth0_to_bond: entered promiscuous mode [ 192.156135][ T9475] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 192.166908][ T9483] netlink: 'syz.2.1555': attribute type 2 has an invalid length. [ 192.187142][ T9483] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1555'. [ 192.207432][ T9475] vlan3: entered allmulticast mode [ 192.235888][ T9475] veth1: entered allmulticast mode [ 192.374419][ T9487] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1556'. [ 192.426077][ T9487] team_slave_0: entered promiscuous mode [ 192.431986][ T9487] team_slave_1: entered promiscuous mode [ 192.439767][ T9487] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 192.448788][ T9487] team_slave_0: left promiscuous mode [ 192.454296][ T9487] team_slave_1: left promiscuous mode [ 192.784347][ T9502] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1563'. [ 192.854402][ T9504] netlink: 'syz.0.1564': attribute type 2 has an invalid length. [ 192.877603][ T9504] netlink: 'syz.0.1564': attribute type 2 has an invalid length. [ 193.610803][ T9528] netlink: 'syz.2.1575': attribute type 2 has an invalid length. [ 194.232275][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.238660][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.649132][ T9602] __nla_validate_parse: 7 callbacks suppressed [ 195.649148][ T9602] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1607'. [ 195.808050][ T9608] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1612'. [ 195.884129][ T9610] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1613'. [ 196.046503][ T9614] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1615'. [ 196.221713][ T9622] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1619'. [ 196.264517][ T9624] bond0: entered allmulticast mode [ 196.269834][ T9624] bond_slave_0: entered allmulticast mode [ 196.276013][ T9624] bond_slave_1: entered allmulticast mode [ 196.303146][ T5781] Bluetooth: hci1: command 0x0406 tx timeout [ 196.303920][ T5776] Bluetooth: hci2: command 0x0406 tx timeout [ 196.393758][ T9628] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1622'. [ 196.423363][ T9630] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1623'. [ 196.549454][ T9636] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1627'. [ 196.724729][ T9645] validate_nla: 3 callbacks suppressed [ 196.724745][ T9645] netlink: 'syz.0.1630': attribute type 1 has an invalid length. [ 196.918529][ T9654] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1634'. [ 196.957166][ T9655] warn_alloc: 1 callbacks suppressed [ 196.957180][ T9655] syz.0.1633: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 197.032468][ T9655] CPU: 1 PID: 9655 Comm: syz.0.1633 Not tainted 6.6.94-syzkaller #0 [ 197.040509][ T9655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 197.050580][ T9655] Call Trace: [ 197.053903][ T9655] [ 197.056858][ T9655] dump_stack_lvl+0x16c/0x230 [ 197.061572][ T9655] ? show_regs_print_info+0x20/0x20 [ 197.066807][ T9655] ? load_image+0x3b0/0x3b0 [ 197.071345][ T9655] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 197.077793][ T9655] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 197.084335][ T9655] warn_alloc+0x210/0x300 [ 197.088711][ T9655] ? stack_trace_save+0x9c/0xe0 [ 197.093603][ T9655] ? zone_watermark_ok_safe+0x230/0x230 [ 197.099194][ T9655] ? kasan_set_track+0x5f/0x70 [ 197.104000][ T9655] ? kasan_set_track+0x4e/0x70 [ 197.108790][ T9655] ? __kasan_kmalloc+0x8f/0xa0 [ 197.113588][ T9655] ? xsk_init_queue+0xb0/0x110 [ 197.118387][ T9655] ? xsk_setsockopt+0x43c/0x6f0 [ 197.123271][ T9655] ? do_sock_setsockopt+0x254/0x3e0 [ 197.128504][ T9655] ? __x64_sys_setsockopt+0x1be/0x250 [ 197.133919][ T9655] __vmalloc_node_range+0x126/0x1320 [ 197.139264][ T9655] ? free_vm_area+0x50/0x50 [ 197.143819][ T9655] vmalloc_user+0x74/0x80 [ 197.148206][ T9655] ? xskq_create+0xbf/0x170 [ 197.152759][ T9655] xskq_create+0xbf/0x170 [ 197.157137][ T9655] xsk_init_queue+0xb0/0x110 [ 197.161767][ T9655] xsk_setsockopt+0x43c/0x6f0 [ 197.166482][ T9655] ? xsk_poll+0x670/0x670 [ 197.170869][ T9655] ? aa_sock_opt_perm+0x74/0x100 [ 197.175843][ T9655] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 197.181432][ T9655] ? security_socket_setsockopt+0x7e/0xa0 [ 197.187182][ T9655] ? xsk_poll+0x670/0x670 [ 197.191546][ T9655] do_sock_setsockopt+0x254/0x3e0 [ 197.196589][ T9655] ? __ia32_sys_recv+0xb0/0xb0 [ 197.201365][ T9655] ? __fdget+0x180/0x210 [ 197.205623][ T9655] __x64_sys_setsockopt+0x1be/0x250 [ 197.210923][ T9655] do_syscall_64+0x55/0xb0 [ 197.215351][ T9655] ? clear_bhb_loop+0x40/0x90 [ 197.220030][ T9655] ? clear_bhb_loop+0x40/0x90 [ 197.224727][ T9655] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 197.230627][ T9655] RIP: 0033:0x7f280b78e929 [ 197.235047][ T9655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.254673][ T9655] RSP: 002b:00007f280c58d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 197.263153][ T9655] RAX: ffffffffffffffda RBX: 00007f280b9b6080 RCX: 00007f280b78e929 [ 197.271143][ T9655] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009 [ 197.279135][ T9655] RBP: 00007f280b810b39 R08: 0000000000000004 R09: 0000000000000000 [ 197.287113][ T9655] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 197.295088][ T9655] R13: 0000000000000000 R14: 00007f280b9b6080 R15: 00007ffdd2ff7628 [ 197.303172][ T9655] [ 197.319837][ T50] Bluetooth: hci3: command 0x0405 tx timeout [ 197.338828][ T9655] Mem-Info: [ 197.342604][ T9655] active_anon:5253 inactive_anon:0 isolated_anon:0 [ 197.342604][ T9655] active_file:1236 inactive_file:39871 isolated_file:0 [ 197.342604][ T9655] unevictable:768 dirty:78 writeback:50 [ 197.342604][ T9655] slab_reclaimable:10195 slab_unreclaimable:95451 [ 197.342604][ T9655] mapped:24331 shmem:1364 pagetables:558 [ 197.342604][ T9655] sec_pagetables:0 bounce:0 [ 197.342604][ T9655] kernel_misc_reclaimable:0 [ 197.342604][ T9655] free:1366610 free_pcp:6767 free_cma:0 [ 197.398719][ T9655] Node 0 active_anon:20912kB inactive_anon:0kB active_file:4944kB inactive_file:159284kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:97324kB dirty:308kB writeback:100kB shmem:3920kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11756kB pagetables:2332kB sec_pagetables:0kB all_unreclaimable? no [ 197.429379][ T9665] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1639'. [ 197.455247][ T9655] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 197.582689][ T9655] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 197.640107][ T9655] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 197.646437][ T9655] Node 0 DMA32 free:1550080kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:20768kB inactive_anon:0kB active_file:4944kB inactive_file:157964kB unevictable:1536kB writepending:408kB present:3129332kB managed:2589668kB mlocked:0kB bounce:0kB free_pcp:9564kB local_pcp:7932kB free_cma:0kB [ 197.700107][ T9655] lowmem_reserve[]: 0 0 1 1 1 [ 197.707725][ T9655] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 197.735966][ T9672] netlink: 'syz.3.1641': attribute type 1 has an invalid length. [ 197.740129][ T9655] lowmem_reserve[]: 0 0 0 0 0 [ 197.775406][ T9658] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 197.808922][ T9655] Node 1 Normal free:3900488kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:18528kB local_pcp:9632kB free_cma:0kB [ 197.839048][ T9655] lowmem_reserve[]: 0 0 0 0 0 [ 197.847832][ T9655] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 197.864201][ T9655] Node 0 DMA32: 146*4kB (ME) 540*8kB (UME) 780*16kB (UME) 437*32kB (UME) 224*64kB (UME) 75*128kB (UM) 25*256kB (UM) 8*512kB (M) 5*1024kB (UME) 2*2048kB (UE) 360*4096kB (UM) = 1549576kB [ 197.883844][ T9655] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 197.896837][ T9655] Node 1 Normal: 250*4kB (U) 48*8kB (UE) 34*16kB (UE) 72*32kB (UE) 23*64kB (UME) 8*128kB (UME) 1*256kB (E) 3*512kB (UME) 1*1024kB (U) 2*2048kB (UE) 949*4096kB (M) = 3900744kB [ 197.915189][ T9655] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 197.925680][ T9655] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 197.935817][ T9655] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 197.946302][ T9655] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 198.006819][ T9655] 42471 total pagecache pages [ 198.016760][ T9655] 0 pages in swap cache [ 198.034892][ T9655] Free swap = 124996kB [ 198.041796][ T9655] Total swap = 124996kB [ 198.049271][ T9655] 2097051 pages RAM [ 198.058030][ T9655] 0 pages HighMem/MovableOnly [ 198.084413][ T9655] 416120 pages reserved [ 198.088606][ T9655] 0 pages cma reserved [ 198.377499][ T9701] netlink: 'syz.3.1654': attribute type 1 has an invalid length. [ 198.736075][ T9716] netlink: 'syz.3.1660': attribute type 6 has an invalid length. [ 199.329588][ T9741] bond0: entered allmulticast mode [ 199.361576][ T9741] bond_slave_0: entered allmulticast mode [ 199.381800][ T9741] bond_slave_1: entered allmulticast mode [ 200.061669][ T50] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 201.565231][ T9848] __nla_validate_parse: 6 callbacks suppressed [ 201.565249][ T9848] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1721'. [ 201.599462][ T9850] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1722'. [ 202.004505][ T9868] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1731'. [ 202.390071][ T50] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 202.446664][ T9886] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1739'. [ 202.523808][ T9888] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1740'. [ 202.777870][ T9892] bridge0: entered promiscuous mode [ 202.786623][ T9892] macsec1: entered promiscuous mode [ 203.158998][ T9904] netlink: 'syz.2.1745': attribute type 1 has an invalid length. [ 203.222092][ T9906] syzkaller1: entered promiscuous mode [ 203.237765][ T9906] syzkaller1: entered allmulticast mode [ 203.529535][ T136] veth0_to_bond: left promiscuous mode [ 203.782335][ T9932] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1760'. [ 203.895201][ T9930] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 203.924140][ T9935] ksmbd: Unknown IPC event: 6, ignore. [ 204.350569][ T9957] netlink: zone id is out of range [ 204.364965][ T9957] netlink: zone id is out of range [ 204.500690][ T9963] netlink: 'syz.0.1776': attribute type 1 has an invalid length. [ 204.579902][ T9965] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:1) [ 204.619811][ T9963] 8021q: adding VLAN 0 to HW filter on device bond3 [ 204.777076][ T9969] bond3: (slave veth7): Enslaving as an active interface with a down link [ 205.116780][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 205.127240][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 205.137297][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 205.146705][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 205.158557][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 205.180503][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 205.190937][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 205.945028][T10014] netlink: 'syz.3.1798': attribute type 1 has an invalid length. [ 205.981639][ T50] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 206.010174][T10014] 8021q: adding VLAN 0 to HW filter on device bond5 [ 206.028377][ T9996] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 206.090229][T10014] bond5: (slave gretap1): making interface the new active one [ 206.100438][T10014] bond5: (slave gretap1): Enslaving as an active interface with an up link [ 206.191215][T10014] syz.3.1798 (10014) used greatest stack depth: 18600 bytes left [ 206.303169][T10028] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1804'. [ 206.449587][T10036] netlink: 'syz.2.1807': attribute type 1 has an invalid length. [ 206.515686][T10036] 8021q: adding VLAN 0 to HW filter on device bond7 [ 206.546799][T10042] bond7: (slave veth3): Enslaving as an active interface with a down link [ 207.333217][T10043] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 207.359060][T10066] netlink: 'syz.2.1821': attribute type 1 has an invalid length. [ 207.628600][T10074] dummy0: entered promiscuous mode [ 207.636102][T10074] vlan3: entered promiscuous mode [ 207.683189][T10078] syzkaller1: entered promiscuous mode [ 207.689195][T10078] syzkaller1: entered allmulticast mode [ 207.955272][T10090] warn_alloc: 9 callbacks suppressed [ 207.955287][T10090] syz.3.1830: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 207.989063][T10093] netlink: 'syz.0.1833': attribute type 1 has an invalid length. [ 208.030766][T10090] CPU: 1 PID: 10090 Comm: syz.3.1830 Not tainted 6.6.94-syzkaller #0 [ 208.038879][T10090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 208.048952][T10090] Call Trace: [ 208.052253][T10090] [ 208.055209][T10090] dump_stack_lvl+0x16c/0x230 [ 208.059925][T10090] ? show_regs_print_info+0x20/0x20 [ 208.065173][T10090] ? load_image+0x3b0/0x3b0 [ 208.069725][T10090] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 208.076178][T10090] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 208.082751][T10090] warn_alloc+0x210/0x300 [ 208.087124][T10090] ? stack_trace_save+0x9c/0xe0 [ 208.092005][T10090] ? zone_watermark_ok_safe+0x230/0x230 [ 208.097589][T10090] ? kasan_set_track+0x5f/0x70 [ 208.102384][T10090] ? kasan_set_track+0x4e/0x70 [ 208.107215][T10090] ? __kasan_kmalloc+0x8f/0xa0 [ 208.112013][T10090] ? xsk_init_queue+0xb0/0x110 [ 208.116807][T10090] ? xsk_setsockopt+0x43c/0x6f0 [ 208.121685][T10090] ? do_sock_setsockopt+0x254/0x3e0 [ 208.126910][T10090] ? __x64_sys_setsockopt+0x1be/0x250 [ 208.132314][T10090] __vmalloc_node_range+0x126/0x1320 [ 208.137667][T10090] ? free_vm_area+0x50/0x50 [ 208.142227][T10090] vmalloc_user+0x74/0x80 [ 208.146588][T10090] ? xskq_create+0xbf/0x170 [ 208.151121][T10090] xskq_create+0xbf/0x170 [ 208.155480][T10090] xsk_init_queue+0xb0/0x110 [ 208.160118][T10090] xsk_setsockopt+0x43c/0x6f0 [ 208.164832][T10090] ? xsk_poll+0x670/0x670 [ 208.169214][T10090] ? aa_sock_opt_perm+0x74/0x100 [ 208.174185][T10090] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 208.179780][T10090] ? security_socket_setsockopt+0x7e/0xa0 [ 208.185526][T10090] ? xsk_poll+0x670/0x670 [ 208.189887][T10090] do_sock_setsockopt+0x254/0x3e0 [ 208.194944][T10090] ? __ia32_sys_recv+0xb0/0xb0 [ 208.199743][T10090] ? __fdget+0x180/0x210 [ 208.204033][T10090] __x64_sys_setsockopt+0x1be/0x250 [ 208.209280][T10090] do_syscall_64+0x55/0xb0 [ 208.213738][T10090] ? clear_bhb_loop+0x40/0x90 [ 208.218465][T10090] ? clear_bhb_loop+0x40/0x90 [ 208.223179][T10090] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 208.229128][T10090] RIP: 0033:0x7f9d4db8e929 [ 208.233576][T10090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.253225][T10090] RSP: 002b:00007f9d4ea88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 208.261678][T10090] RAX: ffffffffffffffda RBX: 00007f9d4ddb6080 RCX: 00007f9d4db8e929 [ 208.269676][T10090] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000007 [ 208.277669][T10090] RBP: 00007f9d4dc10b39 R08: 0000000000000004 R09: 0000000000000000 [ 208.285658][T10090] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 208.293660][T10090] R13: 0000000000000000 R14: 00007f9d4ddb6080 R15: 00007ffd634ed368 [ 208.301682][T10090] [ 208.351936][T10090] Mem-Info: [ 208.355102][T10090] active_anon:5695 inactive_anon:0 isolated_anon:0 [ 208.355102][T10090] active_file:1236 inactive_file:39875 isolated_file:0 [ 208.355102][T10090] unevictable:768 dirty:165 writeback:0 [ 208.355102][T10090] slab_reclaimable:10236 slab_unreclaimable:96530 [ 208.355102][T10090] mapped:24344 shmem:1364 pagetables:553 [ 208.355102][T10090] sec_pagetables:0 bounce:0 [ 208.355102][T10090] kernel_misc_reclaimable:0 [ 208.355102][T10090] free:1365251 free_pcp:7333 free_cma:0 [ 208.426531][T10090] Node 0 active_anon:22980kB inactive_anon:0kB active_file:4944kB inactive_file:159300kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:97376kB dirty:660kB writeback:0kB shmem:3920kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12052kB pagetables:2312kB sec_pagetables:0kB all_unreclaimable? no [ 208.447860][T10107] netlink: 176 bytes leftover after parsing attributes in process `syz.2.1837'. [ 208.473972][T10090] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 208.509155][T10090] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 208.546277][T10090] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 208.555935][T10090] Node 0 DMA32 free:1544636kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:22936kB inactive_anon:0kB active_file:4944kB inactive_file:157980kB unevictable:1536kB writepending:660kB present:3129332kB managed:2589668kB mlocked:0kB bounce:0kB free_pcp:10568kB local_pcp:1992kB free_cma:0kB [ 208.601230][T10090] lowmem_reserve[]: 0 0 1 1 1 [ 208.606935][T10090] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 208.639939][T10090] lowmem_reserve[]: 0 0 0 0 0 [ 208.653332][T10111] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1839'. [ 208.667480][T10090] Node 1 Normal free:3901000kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:18016kB local_pcp:8640kB free_cma:0kB [ 208.697811][T10090] lowmem_reserve[]: 0 0 0 0 0 [ 208.706827][T10090] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 208.720264][T10090] Node 0 DMA32: 83*4kB (ME) 340*8kB (UME) 723*16kB (UME) 283*32kB (UME) 199*64kB (UME) 65*128kB (UM) 25*256kB (UM) 11*512kB (M) 7*1024kB (UME) 3*2048kB (UME) 360*4096kB (UM) = 1544636kB [ 208.789121][T10090] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 208.801553][T10087] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 208.816399][T10090] Node 1 Normal: 250*4kB (U) 48*8kB (UE) 34*16kB (UE) 78*32kB (UE) 24*64kB (UME) 8*128kB (UME) 1*256kB (E) 3*512kB (UME) 1*1024kB (U) 2*2048kB (UE) 949*4096kB (M) = 3901000kB [ 208.840255][T10090] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 208.880337][T10090] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 208.903446][T10090] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 208.931657][T10090] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 208.941067][T10090] 42475 total pagecache pages [ 208.961317][T10090] 0 pages in swap cache [ 208.968736][T10090] Free swap = 124996kB [ 208.976370][T10090] Total swap = 124996kB [ 208.980745][T10090] 2097051 pages RAM [ 208.985221][T10090] 0 pages HighMem/MovableOnly [ 208.991240][T10090] 416120 pages reserved [ 208.999591][T10090] 0 pages cma reserved [ 209.072330][T10122] netlink: 'syz.2.1843': attribute type 1 has an invalid length. [ 209.166961][T10129] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1846'. [ 209.602985][T10149] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1855'. [ 209.689596][T10154] netlink: 176 bytes leftover after parsing attributes in process `syz.1.1858'. [ 209.781072][T10158] netlink: 'syz.2.1859': attribute type 1 has an invalid length. [ 209.915474][T10168] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1863'. [ 210.248452][T10185] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1872'. [ 210.504573][T10195] 8021q: VLANs not supported on gre0 [ 210.648896][T10199] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1877'. [ 210.871859][ T50] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 210.957027][T10206] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1881'. [ 211.178816][T10214] netlink: 'syz.0.1883': attribute type 1 has an invalid length. [ 211.299857][T10214] 8021q: adding VLAN 0 to HW filter on device bond5 [ 211.555989][T10230] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1890'. [ 212.494793][T10250] netlink: 'syz.0.1900': attribute type 1 has an invalid length. [ 212.567494][ T50] Bluetooth: hci3: link tx timeout [ 212.573201][ T50] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 212.639225][T10250] 8021q: adding VLAN 0 to HW filter on device bond6 [ 212.816066][T10252] bond1: (slave veth0_to_bond): Releasing active interface [ 212.826157][T10252] bond1: (slave vlan2): making interface the new active one [ 212.835145][T10252] veth1: entered promiscuous mode [ 212.844047][T10252] vlan2: entered promiscuous mode [ 212.895043][T10252] bond6: (slave veth0_to_bond): making interface the new active one [ 212.924288][T10252] bond6: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 213.004401][T10258] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 213.717882][T10278] netlink: 'syz.0.1912': attribute type 1 has an invalid length. [ 213.823788][T10278] 8021q: adding VLAN 0 to HW filter on device bond7 [ 213.902504][T10282] bond6: (slave veth0_to_bond): Releasing active interface [ 213.964831][T10282] bond7: (slave veth0_to_bond): making interface the new active one [ 213.998210][T10282] bond7: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 214.401694][T10296] __nla_validate_parse: 1 callbacks suppressed [ 214.401708][T10296] netlink: 176 bytes leftover after parsing attributes in process `syz.0.1918'. [ 214.589169][T10300] netlink: 'syz.0.1921': attribute type 1 has an invalid length. [ 214.627216][ T5776] Bluetooth: hci3: command 0x0405 tx timeout [ 214.826934][T10300] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1921'. [ 214.873084][T10300] bond8: entered allmulticast mode [ 214.896961][T10300] 8021q: adding VLAN 0 to HW filter on device bond8 [ 215.022018][ T50] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 215.699013][T10325] netlink: 5120 bytes leftover after parsing attributes in process `syz.0.1924'. [ 216.921664][T10352] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1931'. [ 218.782015][T10412] netlink: 176 bytes leftover after parsing attributes in process `syz.1.1946'. [ 218.997663][T10418] syzkaller1: entered promiscuous mode [ 219.007456][T10418] syzkaller1: entered allmulticast mode [ 219.501617][ T5779] Bluetooth: hci3: command 0x0405 tx timeout [ 219.763559][T10436] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1950'. [ 219.792867][T10436] dummy0: entered promiscuous mode [ 220.453299][T10455] syzkaller1: entered promiscuous mode [ 220.480426][T10455] syzkaller1: entered allmulticast mode [ 221.050081][T10474] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1961'. [ 222.546451][T10519] netlink: 176 bytes leftover after parsing attributes in process `syz.3.1975'. [ 223.518374][T10559] syzkaller1: entered promiscuous mode [ 223.525431][T10559] syzkaller1: entered allmulticast mode [ 224.038416][T10577] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1995'. [ 224.196402][ T11] vlan2: left promiscuous mode [ 224.949905][T10595] vlan2: entered allmulticast mode [ 224.973446][T10595] veth1: entered allmulticast mode [ 225.226421][T10599] macvlan1: entered promiscuous mode [ 225.261135][T10599] ipvlan0: entered promiscuous mode [ 225.268741][T10599] ipvlan0: left promiscuous mode [ 225.278020][T10599] macvlan1: left promiscuous mode [ 225.544240][T10606] team_slave_0: entered promiscuous mode [ 225.550062][T10606] team_slave_1: entered promiscuous mode [ 225.589034][T10606] vlan3: entered promiscuous mode [ 225.595726][T10606] team0: entered promiscuous mode [ 225.908077][T10617] netlink: 176 bytes leftover after parsing attributes in process `syz.2.2013'. [ 225.955584][T10620] netlink: 'syz.1.2014': attribute type 1 has an invalid length. [ 226.057319][T10620] 8021q: adding VLAN 0 to HW filter on device bond2 [ 226.176436][T10622] bond2: (slave gretap1): making interface the new active one [ 226.188336][T10622] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 226.489334][ C1] net_ratelimit: 253 callbacks suppressed [ 226.489382][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 226.506652][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 226.516966][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 226.526156][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 226.535776][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 226.545157][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 226.554920][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 226.564140][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 226.574447][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 226.583940][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 226.788303][T10648] netlink: 'syz.1.2026': attribute type 1 has an invalid length. [ 226.828764][T10648] 8021q: adding VLAN 0 to HW filter on device bond3 [ 226.836461][T10652] netlink: 176 bytes leftover after parsing attributes in process `syz.0.2025'. [ 226.882461][T10648] bond3: (slave veth7): Enslaving as an active interface with a down link [ 226.900707][T10648] bond3: (slave veth0_to_bond): making interface the new active one [ 226.910463][T10648] veth0_to_bond: entered promiscuous mode [ 226.917425][T10648] bond3: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 227.108036][T10661] netlink: 'syz.1.2030': attribute type 1 has an invalid length. [ 227.189925][T10664] bond4: entered promiscuous mode [ 227.203262][T10664] 8021q: adding VLAN 0 to HW filter on device bond4 [ 227.637456][T10682] netlink: 'syz.0.2039': attribute type 1 has an invalid length. [ 227.713316][T10682] 8021q: adding VLAN 0 to HW filter on device bond9 [ 227.821201][T10689] bond9: (slave veth9): Enslaving as an active interface with a down link [ 227.830136][T10694] netlink: 'syz.1.2044': attribute type 1 has an invalid length. [ 227.923666][T10682] bond7: (slave veth0_to_bond): Releasing active interface [ 227.946367][T10682] bond9: (slave veth0_to_bond): making interface the new active one [ 227.956880][T10682] veth0_to_bond: entered promiscuous mode [ 227.968073][T10682] bond9: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 227.978473][T10696] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2044'. [ 227.989975][T10698] netlink: 'syz.2.2045': attribute type 1 has an invalid length. [ 228.041365][T10698] 8021q: adding VLAN 0 to HW filter on device bond11 [ 228.064941][T10703] warn_alloc: 3 callbacks suppressed [ 228.064955][T10703] syz.3.2046: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 228.158794][T10703] CPU: 1 PID: 10703 Comm: syz.3.2046 Not tainted 6.6.94-syzkaller #0 [ 228.166936][T10703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 228.177065][T10703] Call Trace: [ 228.180375][T10703] [ 228.183339][T10703] dump_stack_lvl+0x16c/0x230 [ 228.188078][T10703] ? show_regs_print_info+0x20/0x20 [ 228.193326][T10703] ? load_image+0x3b0/0x3b0 [ 228.197871][T10703] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 228.204319][T10703] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 228.210856][T10703] warn_alloc+0x210/0x300 [ 228.215214][T10703] ? stack_trace_save+0x9c/0xe0 [ 228.220100][T10703] ? zone_watermark_ok_safe+0x230/0x230 [ 228.220899][T10701] bond11: (slave gretap1): making interface the new active one [ 228.225664][T10703] ? kasan_set_track+0x5f/0x70 [ 228.225690][T10703] ? kasan_set_track+0x4e/0x70 [ 228.225712][T10703] ? __kasan_kmalloc+0x8f/0xa0 [ 228.225735][T10703] ? xsk_init_queue+0xb0/0x110 [ 228.225756][T10703] ? xsk_setsockopt+0x43c/0x6f0 [ 228.225776][T10703] ? do_sock_setsockopt+0x254/0x3e0 [ 228.225794][T10703] ? __x64_sys_setsockopt+0x1be/0x250 [ 228.225815][T10703] __vmalloc_node_range+0x126/0x1320 [ 228.225871][T10703] ? free_vm_area+0x50/0x50 [ 228.225908][T10703] vmalloc_user+0x74/0x80 [ 228.225936][T10703] ? xskq_create+0xbf/0x170 [ 228.225958][T10703] xskq_create+0xbf/0x170 [ 228.225983][T10703] xsk_init_queue+0xb0/0x110 [ 228.252636][T10701] bond11: (slave gretap1): Enslaving as an active interface with an up link [ 228.257455][T10703] xsk_setsockopt+0x43c/0x6f0 [ 228.257493][T10703] ? xsk_poll+0x670/0x670 [ 228.315276][T10703] ? aa_sock_opt_perm+0x74/0x100 [ 228.320271][T10703] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 228.325870][T10703] ? security_socket_setsockopt+0x7e/0xa0 [ 228.331622][T10703] ? xsk_poll+0x670/0x670 [ 228.335984][T10703] do_sock_setsockopt+0x254/0x3e0 [ 228.341044][T10703] ? __ia32_sys_recv+0xb0/0xb0 [ 228.345843][T10703] ? __fdget+0x180/0x210 [ 228.350133][T10703] __x64_sys_setsockopt+0x1be/0x250 [ 228.355387][T10703] do_syscall_64+0x55/0xb0 [ 228.359840][T10703] ? clear_bhb_loop+0x40/0x90 [ 228.364539][T10703] ? clear_bhb_loop+0x40/0x90 [ 228.369238][T10703] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 228.375171][T10703] RIP: 0033:0x7f9d4db8e929 [ 228.379605][T10703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.399256][T10703] RSP: 002b:00007f9d4ea88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 228.407783][T10703] RAX: ffffffffffffffda RBX: 00007f9d4ddb6080 RCX: 00007f9d4db8e929 [ 228.415782][T10703] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009 [ 228.423784][T10703] RBP: 00007f9d4dc10b39 R08: 0000000000000004 R09: 0000000000000000 [ 228.431883][T10703] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 228.439872][T10703] R13: 0000000000000000 R14: 00007f9d4ddb6080 R15: 00007ffd634ed368 [ 228.447878][T10703] [ 228.490896][T10703] Mem-Info: [ 228.500303][T10703] active_anon:5090 inactive_anon:0 isolated_anon:0 [ 228.500303][T10703] active_file:1236 inactive_file:39883 isolated_file:0 [ 228.500303][T10703] unevictable:768 dirty:83 writeback:0 [ 228.500303][T10703] slab_reclaimable:10120 slab_unreclaimable:97762 [ 228.500303][T10703] mapped:27404 shmem:1361 pagetables:542 [ 228.500303][T10703] sec_pagetables:0 bounce:0 [ 228.500303][T10703] kernel_misc_reclaimable:0 [ 228.500303][T10703] free:1364249 free_pcp:6672 free_cma:0 [ 228.550968][T10703] Node 0 active_anon:20460kB inactive_anon:0kB active_file:4944kB inactive_file:159332kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:109616kB dirty:328kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12460kB pagetables:2168kB sec_pagetables:0kB all_unreclaimable? no [ 228.661636][T10703] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 228.734528][T10703] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 228.764122][T10703] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 228.769939][T10703] Node 0 DMA32 free:1539896kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:20616kB inactive_anon:0kB active_file:4944kB inactive_file:158012kB unevictable:1536kB writepending:328kB present:3129332kB managed:2589668kB mlocked:0kB bounce:0kB free_pcp:7408kB local_pcp:1648kB free_cma:0kB [ 228.827055][T10709] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 228.837593][T10703] lowmem_reserve[]: 0 0 1 1 1 [ 228.850670][T10703] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 228.887917][T10703] lowmem_reserve[]: 0 0 0 0 0 [ 228.896760][T10703] Node 1 Normal free:3901256kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:17760kB local_pcp:8640kB free_cma:0kB [ 228.960605][T10703] lowmem_reserve[]: 0 0 0 0 0 [ 228.968923][T10703] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 228.982066][T10703] Node 0 DMA32: 520*4kB (UM) 343*8kB (UME) 282*16kB (UME) 450*32kB (UME) 238*64kB (UME) 50*128kB (UME) 8*256kB (UM) 9*512kB (M) 7*1024kB (UME) 3*2048kB (UME) 360*4096kB (UM) = 1539896kB [ 229.009969][T10703] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 229.024144][T10703] Node 1 Normal: 250*4kB (U) 48*8kB (UE) 34*16kB (UE) 86*32kB (UE) 24*64kB (UME) 8*128kB (UME) 1*256kB (E) 3*512kB (UME) 1*1024kB (U) 2*2048kB (UE) 949*4096kB (M) = 3901256kB [ 229.076542][T10703] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 229.079538][T10730] netlink: 176 bytes leftover after parsing attributes in process `syz.1.2055'. [ 229.086364][T10703] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 229.086384][T10703] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 229.086399][T10703] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 229.086414][T10703] 42480 total pagecache pages [ 229.086421][T10703] 0 pages in swap cache [ 229.086428][T10703] Free swap = 124996kB [ 229.086435][T10703] Total swap = 124996kB [ 229.086444][T10703] 2097051 pages RAM [ 229.086451][T10703] 0 pages HighMem/MovableOnly [ 229.159557][T10703] 416120 pages reserved [ 229.163863][T10703] 0 pages cma reserved [ 229.190447][T10732] netlink: 'syz.2.2056': attribute type 1 has an invalid length. [ 229.253968][T10732] 8021q: adding VLAN 0 to HW filter on device bond12 [ 229.299414][T10734] bond12: (slave veth0_to_bond): making interface the new active one [ 229.309363][T10734] bond12: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 229.559057][T10744] team_slave_0: entered promiscuous mode [ 229.564848][T10744] team_slave_1: entered promiscuous mode [ 229.571648][T10744] vlan3: entered promiscuous mode [ 229.576717][T10744] team0: entered promiscuous mode [ 229.730876][T10752] netlink: 176 bytes leftover after parsing attributes in process `syz.3.2066'. [ 229.892859][T10758] netlink: 'syz.2.2068': attribute type 1 has an invalid length. [ 229.946683][T10758] 8021q: adding VLAN 0 to HW filter on device bond13 [ 229.983524][T10764] bond12: (slave veth0_to_bond): Releasing active interface [ 230.019122][T10764] bond13: (slave veth0_to_bond): making interface the new active one [ 230.037746][T10764] bond13: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 230.873146][ T5779] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 230.998715][T10800] netlink: 'syz.0.2085': attribute type 1 has an invalid length. [ 231.035416][T10800] 8021q: adding VLAN 0 to HW filter on device bond10 [ 231.071335][T10800] bond9: (slave veth0_to_bond): Releasing active interface [ 231.084911][T10800] veth0_to_bond: left promiscuous mode [ 231.103298][T10800] bond10: (slave veth0_to_bond): making interface the new active one [ 231.115725][T10800] bond10: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 231.487546][T10808] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 231.778295][T10828] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 232.317818][T10853] netlink: 176 bytes leftover after parsing attributes in process `syz.0.2110'. [ 232.637254][T10866] netlink: 'syz.1.2116': attribute type 1 has an invalid length. [ 233.297286][T10900] netlink: 'syz.0.2129': attribute type 1 has an invalid length. [ 233.590326][ T5779] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 233.610476][T10911] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2133'. [ 234.118707][T10944] netlink: 'syz.1.2144': attribute type 1 has an invalid length. [ 234.341344][T10952] team_slave_0: entered promiscuous mode [ 234.347159][T10952] team_slave_1: entered promiscuous mode [ 234.375590][T10952] vlan4: entered promiscuous mode [ 234.395272][T10952] team0: entered promiscuous mode [ 234.487710][T10957] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2149'. [ 234.497151][T10959] netlink: 'syz.1.2150': attribute type 1 has an invalid length. [ 234.522736][T10959] 8021q: adding VLAN 0 to HW filter on device bond8 [ 234.715433][T10971] sctp: [Deprecated]: syz.0.2155 (pid 10971) Use of struct sctp_assoc_value in delayed_ack socket option. [ 234.715433][T10971] Use struct sctp_sack_info instead [ 234.898781][T10979] netlink: 'syz.0.2158': attribute type 1 has an invalid length. [ 235.264329][T10990] vlan3: entered promiscuous mode [ 235.948260][T11008] netlink: 'syz.0.2170': attribute type 1 has an invalid length. [ 236.237905][T11020] netlink: 'syz.3.2174': attribute type 1 has an invalid length. [ 236.354367][T11020] 8021q: adding VLAN 0 to HW filter on device bond6 [ 236.398367][T11024] vlan3: entered promiscuous mode [ 237.048959][T11041] netlink: 'syz.3.2183': attribute type 1 has an invalid length. [ 237.655147][ C1] net_ratelimit: 250 callbacks suppressed [ 237.655167][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 237.688984][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 237.698397][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 237.707729][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 237.727173][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 237.736639][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 237.757060][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 237.766443][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 237.781917][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 237.792055][ C1] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 238.202011][T11068] netlink: 'syz.0.2194': attribute type 1 has an invalid length. [ 238.281961][T11072] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2194'. [ 238.473291][ T11] veth0_to_bond: left promiscuous mode [ 238.535732][T11075] team_slave_0: entered promiscuous mode [ 238.541508][T11075] team_slave_1: entered promiscuous mode [ 238.582435][T11075] vlan4: entered promiscuous mode [ 238.587521][T11075] team0: entered promiscuous mode [ 240.394637][T11121] warn_alloc: 1 callbacks suppressed [ 240.394652][T11121] syz.1.2212: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 240.428589][T11121] CPU: 0 PID: 11121 Comm: syz.1.2212 Not tainted 6.6.94-syzkaller #0 [ 240.436733][T11121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 240.446813][T11121] Call Trace: [ 240.450107][T11121] [ 240.453062][T11121] dump_stack_lvl+0x16c/0x230 [ 240.457792][T11121] ? show_regs_print_info+0x20/0x20 [ 240.463035][T11121] ? load_image+0x3b0/0x3b0 [ 240.467599][T11121] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 240.474045][T11121] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 240.480576][T11121] warn_alloc+0x210/0x300 [ 240.484951][T11121] ? stack_trace_save+0x9c/0xe0 [ 240.489832][T11121] ? zone_watermark_ok_safe+0x230/0x230 [ 240.495409][T11121] ? kasan_set_track+0x5f/0x70 [ 240.500201][T11121] ? kasan_set_track+0x4e/0x70 [ 240.504994][T11121] ? __kasan_kmalloc+0x8f/0xa0 [ 240.509784][T11121] ? xsk_init_queue+0xb0/0x110 [ 240.514574][T11121] ? xsk_setsockopt+0x43c/0x6f0 [ 240.519449][T11121] ? do_sock_setsockopt+0x254/0x3e0 [ 240.524674][T11121] ? __x64_sys_setsockopt+0x1be/0x250 [ 240.530076][T11121] __vmalloc_node_range+0x126/0x1320 [ 240.535407][T11121] ? free_vm_area+0x50/0x50 [ 240.539936][T11121] vmalloc_user+0x74/0x80 [ 240.544277][T11121] ? xskq_create+0xbf/0x170 [ 240.548784][T11121] xskq_create+0xbf/0x170 [ 240.553141][T11121] xsk_init_queue+0xb0/0x110 [ 240.557770][T11121] xsk_setsockopt+0x43c/0x6f0 [ 240.562475][T11121] ? xsk_poll+0x670/0x670 [ 240.566820][T11121] ? aa_sock_opt_perm+0x74/0x100 [ 240.571765][T11121] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 240.577320][T11121] ? security_socket_setsockopt+0x7e/0xa0 [ 240.583050][T11121] ? xsk_poll+0x670/0x670 [ 240.587398][T11121] do_sock_setsockopt+0x254/0x3e0 [ 240.592439][T11121] ? __ia32_sys_recv+0xb0/0xb0 [ 240.597243][T11121] ? __fdget+0x180/0x210 [ 240.601520][T11121] __x64_sys_setsockopt+0x1be/0x250 [ 240.606743][T11121] do_syscall_64+0x55/0xb0 [ 240.611172][T11121] ? clear_bhb_loop+0x40/0x90 [ 240.615849][T11121] ? clear_bhb_loop+0x40/0x90 [ 240.620525][T11121] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 240.626428][T11121] RIP: 0033:0x7fb7b818e929 [ 240.630844][T11121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 240.650452][T11121] RSP: 002b:00007fb7b8f63038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 240.658912][T11121] RAX: ffffffffffffffda RBX: 00007fb7b83b5fa0 RCX: 00007fb7b818e929 [ 240.666885][T11121] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006 [ 240.674863][T11121] RBP: 00007fb7b8210b39 R08: 0000000000000004 R09: 0000000000000000 [ 240.682841][T11121] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 240.690825][T11121] R13: 0000000000000000 R14: 00007fb7b83b5fa0 R15: 00007ffc8cbb64f8 [ 240.698812][T11121] [ 240.782793][T11121] Mem-Info: [ 240.785977][T11121] active_anon:8684 inactive_anon:0 isolated_anon:0 [ 240.785977][T11121] active_file:1236 inactive_file:39887 isolated_file:0 [ 240.785977][T11121] unevictable:768 dirty:150 writeback:0 [ 240.785977][T11121] slab_reclaimable:10158 slab_unreclaimable:99056 [ 240.785977][T11121] mapped:24332 shmem:1361 pagetables:562 [ 240.785977][T11121] sec_pagetables:0 bounce:0 [ 240.785977][T11121] kernel_misc_reclaimable:0 [ 240.785977][T11121] free:1358611 free_pcp:8346 free_cma:0 [ 240.855775][T11121] Node 0 active_anon:34836kB inactive_anon:0kB active_file:4944kB inactive_file:159348kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:97328kB dirty:600kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12692kB pagetables:2248kB sec_pagetables:0kB all_unreclaimable? no [ 240.897191][T11121] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 240.958499][T11121] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 241.009111][T11133] netlink: 'syz.0.2217': attribute type 1 has an invalid length. [ 241.018159][T11133] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.2217'. [ 241.041553][T11121] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 241.060979][T11121] Node 0 DMA32 free:1516616kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:35268kB inactive_anon:0kB active_file:4944kB inactive_file:158028kB unevictable:1536kB writepending:608kB present:3129332kB managed:2589668kB mlocked:0kB bounce:0kB free_pcp:16132kB local_pcp:13048kB free_cma:0kB [ 241.177824][T11121] lowmem_reserve[]: 0 0 1 1 1 [ 241.190838][T11121] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 241.240921][T11121] lowmem_reserve[]: 0 0 0 0 0 [ 241.246004][T11121] Node 1 Normal free:3901512kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:17504kB local_pcp:8384kB free_cma:0kB [ 241.306054][T11121] lowmem_reserve[]: 0 0 0 0 0 [ 241.326290][T11121] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 241.358025][T11121] Node 0 DMA32: 966*4kB (U) 238*8kB (UME) 95*16kB (UME) 175*32kB (UME) 94*64kB (UME) 43*128kB (UME) 10*256kB (UM) 6*512kB (M) 5*1024kB (ME) 3*2048kB (UME) 360*4096kB (UM) = 1515864kB [ 241.392953][T11121] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 241.416031][T11121] Node 1 Normal: 250*4kB (U) 48*8kB (UE) 34*16kB (UE) 92*32kB (UE) 25*64kB (UME) 8*128kB (UME) 1*256kB (E) 3*512kB (UME) 1*1024kB (U) 2*2048kB (UE) 949*4096kB (M) = 3901512kB [ 241.471553][T11121] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 241.490754][T11121] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 241.508937][T11143] netlink: 'syz.0.2222': attribute type 1 has an invalid length. [ 241.518663][T11121] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 241.529063][T11121] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 241.538589][T11121] 42484 total pagecache pages [ 241.551605][T11121] 0 pages in swap cache [ 241.555797][T11121] Free swap = 124996kB [ 241.559965][T11121] Total swap = 124996kB [ 241.577397][T11121] 2097051 pages RAM [ 241.583427][T11143] 8021q: adding VLAN 0 to HW filter on device bond15 [ 241.590200][T11121] 0 pages HighMem/MovableOnly [ 241.595023][T11121] 416120 pages reserved [ 241.599192][T11121] 0 pages cma reserved [ 241.632553][T11147] netlink: 'syz.3.2223': attribute type 1 has an invalid length. [ 241.720348][T11147] 8021q: adding VLAN 0 to HW filter on device bond8 [ 241.788013][T11145] bond15: (slave gretap1): making interface the new active one [ 241.805541][T11145] bond15: (slave gretap1): Enslaving as an active interface with an up link [ 241.847208][T11149] bond8: (slave veth5): Enslaving as an active interface with a down link [ 241.902223][T11147] bond2: (slave veth0_to_bond): Releasing active interface [ 241.921164][T11147] bond8: (slave veth0_to_bond): making interface the new active one [ 241.932702][T11147] veth0_to_bond: entered promiscuous mode [ 241.940493][T11147] bond8: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 242.785675][ T5779] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 242.997091][T11198] vlan3: entered promiscuous mode [ 244.674212][T11259] xt_hashlimit: size too large, truncated to 1048576 [ 244.808492][T11260] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2269'. [ 245.023364][ T5779] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 245.030982][T11223] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 245.370538][T11274] vlan3: entered promiscuous mode [ 246.034514][T11289] netlink: 'syz.0.2282': attribute type 1 has an invalid length. [ 246.071573][T11289] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.2282'. [ 248.417149][T11329] netlink: 'syz.1.2300': attribute type 1 has an invalid length. [ 248.575104][T11329] 8021q: adding VLAN 0 to HW filter on device bond9 [ 248.750934][ T5772] bridge0: port 3(syz_tun) entered disabled state [ 248.829601][ T5772] syz_tun (unregistering): left allmulticast mode [ 248.849078][ T5772] syz_tun (unregistering): left promiscuous mode [ 248.871835][ T5772] bridge0: port 3(syz_tun) entered disabled state [ 249.023953][ T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 249.038127][ T3515] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.044184][ T50] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 249.056281][ T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 249.076790][ T50] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 249.092618][ T50] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 249.100008][ T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 249.219194][ T3515] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.337387][ T3515] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.387812][T11339] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2303'. [ 249.452755][ T3515] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.636505][T11344] vlan3: entered promiscuous mode [ 250.192913][T11335] chnl_net:caif_netlink_parms(): no params data found [ 250.248218][ T3515] tipc: Left network mode [ 250.764915][T11365] netlink: 'syz.1.2308': attribute type 1 has an invalid length. [ 250.801887][T11365] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.2308'. [ 250.849693][T11335] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.868166][T11335] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.877548][T11335] bridge_slave_0: entered allmulticast mode [ 250.909833][T11335] bridge_slave_0: entered promiscuous mode [ 250.952336][T11335] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.966223][T11335] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.975284][T11335] bridge_slave_1: entered allmulticast mode [ 250.985338][T11335] bridge_slave_1: entered promiscuous mode [ 251.181872][ T5779] Bluetooth: hci2: command tx timeout [ 251.245413][T11335] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 251.269444][T11335] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 251.491061][T11335] team0: Port device team_slave_0 added [ 251.568217][T11335] team0: Port device team_slave_1 added [ 251.705592][ T3515] bond15: (slave gretap1): Releasing active interface [ 251.780417][T11396] netlink: 'syz.2.2318': attribute type 1 has an invalid length. [ 251.827466][T11396] 8021q: adding VLAN 0 to HW filter on device bond14 [ 251.847627][T11335] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 251.861549][T11335] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.887725][T11335] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 251.931686][T11400] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2319'. [ 251.960644][T11335] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 251.976922][T11335] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 252.051596][T11335] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 252.463156][T11335] hsr_slave_0: entered promiscuous mode [ 252.487675][T11335] hsr_slave_1: entered promiscuous mode [ 252.497748][T11335] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 252.511668][T11335] Cannot create hsr debugfs directory [ 252.754406][T11423] vlan4: entered promiscuous mode [ 252.970473][ T3515] hsr_slave_0: left promiscuous mode [ 252.992943][ T3515] hsr_slave_1: left promiscuous mode [ 253.009608][ T3515] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 253.035816][ T3515] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 253.048706][ T3515] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 253.056742][ T3515] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 253.068743][ T3515] bridge_slave_1: left allmulticast mode [ 253.087707][ T3515] bridge_slave_1: left promiscuous mode [ 253.095894][ T3515] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.109258][ T3515] bridge_slave_0: left allmulticast mode [ 253.117351][ T3515] bridge_slave_0: left promiscuous mode [ 253.123592][ T3515] bridge0: port 1(bridge_slave_0) entered disabled state [ 253.218578][ T3515] veth1: left promiscuous mode [ 253.228250][ T3515] veth1_macvtap: left promiscuous mode [ 253.234637][ T3515] veth0_macvtap: left promiscuous mode [ 253.240425][ T3515] veth1_vlan: left promiscuous mode [ 253.248640][ T3515] veth0_vlan: left promiscuous mode [ 253.261728][ T5779] Bluetooth: hci2: command tx timeout [ 253.626615][ T3515] bond15 (unregistering): Released all slaves [ 253.646071][ T3515] bond14 (unregistering): Released all slaves [ 253.664233][ T3515] bond13 (unregistering): Released all slaves [ 253.687268][ T3515] bond12 (unregistering): Released all slaves [ 253.711095][ T3515] bond11 (unregistering): Released all slaves [ 253.880920][ T3515] bond10 (unregistering): (slave veth0_to_bond): Releasing active interface [ 253.891213][ T3515] bond10 (unregistering): Released all slaves [ 253.925889][ T3515] bond9 (unregistering): (slave veth9): Releasing active interface [ 254.072517][ T3515] bond9 (unregistering): Released all slaves [ 254.285907][ T3515] bond8 (unregistering): Released all slaves [ 254.494270][ T3515] bond7 (unregistering): Released all slaves [ 254.648060][ T3515] bond6 (unregistering): Released all slaves [ 254.809283][ T3515] bond5 (unregistering): Released all slaves [ 254.849941][ T3515] bond4 (unregistering): Released all slaves [ 254.905218][ T3515] bond3 (unregistering): (slave veth7): Releasing active interface [ 255.077630][ T3515] bond3 (unregistering): Released all slaves [ 255.095059][ T3515] bond2 (unregistering): Released all slaves [ 255.138478][ T3515] bond1 (unregistering): (slave vlan2): Releasing active interface [ 255.171067][ T3515] bond1 (unregistering): (slave veth5): Releasing active interface [ 255.279088][ T3515] bond1 (unregistering): Released all slaves [ 255.342072][ T5779] Bluetooth: hci2: command tx timeout [ 255.666842][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.674091][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.729055][ T3515] team_slave_1 (unregistering): left promiscuous mode [ 255.748312][ T3515] team0 (unregistering): Port device team_slave_1 removed [ 255.802340][ T3515] team_slave_0 (unregistering): left promiscuous mode [ 255.819439][ T3515] team0 (unregistering): Port device team_slave_0 removed [ 255.894785][ T3515] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 255.957420][ T3515] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 256.297491][ T3515] bond0 (unregistering): Released all slaves [ 256.378654][T11430] netlink: 'syz.2.2328': attribute type 1 has an invalid length. [ 256.402954][T11430] 8021q: adding VLAN 0 to HW filter on device bond15 [ 256.410688][T11432] netlink: 'syz.3.2329': attribute type 1 has an invalid length. [ 256.432934][T11432] workqueue: Failed to create a rescuer kthread for wq "bond9": -EINTR [ 256.434181][T11435] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2329'. [ 256.600311][T11452] netlink: 'syz.3.2333': attribute type 1 has an invalid length. [ 256.608549][T11452] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.2333'. [ 257.022636][T11465] netlink: 'syz.3.2339': attribute type 1 has an invalid length. [ 257.108965][T11465] 8021q: adding VLAN 0 to HW filter on device bond9 [ 257.215025][ T42] veth0_to_bond: left promiscuous mode [ 257.244374][T11473] netlink: 'syz.1.2340': attribute type 1 has an invalid length. [ 257.333790][T11474] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2340'. [ 257.422299][ T5779] Bluetooth: hci2: command tx timeout [ 257.614482][T11481] netlink: 'syz.3.2342': attribute type 2 has an invalid length. [ 257.629566][ T3515] IPVS: stop unused estimator thread 0... [ 257.642906][T11481] netlink: 'syz.3.2342': attribute type 2 has an invalid length. [ 257.649347][T11491] dummy0: entered promiscuous mode [ 257.670622][T11491] vlan3: entered promiscuous mode [ 257.774414][T11497] netlink: 'syz.2.2345': attribute type 1 has an invalid length. [ 257.809412][T11497] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.2345'. [ 258.141762][T11335] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 258.159828][T11335] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 258.176407][T11335] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 258.201746][T11335] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 258.367063][T11519] netlink: 'syz.1.2351': attribute type 1 has an invalid length. [ 258.433717][T11519] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2351'. [ 258.572595][T11335] 8021q: adding VLAN 0 to HW filter on device bond0 [ 258.628174][T11527] vlan3: entered promiscuous mode [ 258.755471][T11335] 8021q: adding VLAN 0 to HW filter on device team0 [ 258.814093][ T1119] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.821272][ T1119] bridge0: port 1(bridge_slave_0) entered forwarding state [ 258.843973][ T1119] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.851157][ T1119] bridge0: port 2(bridge_slave_1) entered forwarding state [ 258.996210][T11335] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 259.358551][T11553] warn_alloc: 3 callbacks suppressed [ 259.358565][T11553] syz.1.2361: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 259.404211][T11335] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 259.418889][T11553] CPU: 0 PID: 11553 Comm: syz.1.2361 Not tainted 6.6.94-syzkaller #0 [ 259.427019][T11553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 259.437199][T11553] Call Trace: [ 259.440593][T11553] [ 259.443566][T11553] dump_stack_lvl+0x16c/0x230 [ 259.448294][T11553] ? show_regs_print_info+0x20/0x20 [ 259.453539][T11553] ? load_image+0x3b0/0x3b0 [ 259.458107][T11553] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 259.464552][T11553] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 259.471089][T11553] warn_alloc+0x210/0x300 [ 259.475454][T11553] ? stack_trace_save+0x9c/0xe0 [ 259.480345][T11553] ? zone_watermark_ok_safe+0x230/0x230 [ 259.485943][T11553] ? kasan_set_track+0x5f/0x70 [ 259.490751][T11553] ? kasan_set_track+0x4e/0x70 [ 259.495549][T11553] ? __kasan_kmalloc+0x8f/0xa0 [ 259.500354][T11553] ? xsk_init_queue+0xb0/0x110 [ 259.505148][T11553] ? xsk_setsockopt+0x43c/0x6f0 [ 259.510036][T11553] ? do_sock_setsockopt+0x254/0x3e0 [ 259.515267][T11553] ? __x64_sys_setsockopt+0x1be/0x250 [ 259.520671][T11553] __vmalloc_node_range+0x126/0x1320 [ 259.526128][T11553] ? free_vm_area+0x50/0x50 [ 259.530692][T11553] vmalloc_user+0x74/0x80 [ 259.535068][T11553] ? xskq_create+0xbf/0x170 [ 259.539612][T11553] xskq_create+0xbf/0x170 [ 259.544001][T11553] xsk_init_queue+0xb0/0x110 [ 259.548627][T11553] xsk_setsockopt+0x43c/0x6f0 [ 259.553345][T11553] ? xsk_poll+0x670/0x670 [ 259.557723][T11553] ? aa_sock_opt_perm+0x74/0x100 [ 259.562692][T11553] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 259.568302][T11553] ? security_socket_setsockopt+0x7e/0xa0 [ 259.574062][T11553] ? xsk_poll+0x670/0x670 [ 259.578427][T11553] do_sock_setsockopt+0x254/0x3e0 [ 259.583496][T11553] ? __ia32_sys_recv+0xb0/0xb0 [ 259.588313][T11553] ? __fdget+0x180/0x210 [ 259.592605][T11553] __x64_sys_setsockopt+0x1be/0x250 [ 259.597844][T11553] do_syscall_64+0x55/0xb0 [ 259.602296][T11553] ? clear_bhb_loop+0x40/0x90 [ 259.607000][T11553] ? clear_bhb_loop+0x40/0x90 [ 259.611752][T11553] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 259.617684][T11553] RIP: 0033:0x7fb7b818e929 [ 259.622126][T11553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 259.641791][T11553] RSP: 002b:00007fb7b8f63038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 259.650236][T11553] RAX: ffffffffffffffda RBX: 00007fb7b83b5fa0 RCX: 00007fb7b818e929 [ 259.658272][T11553] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000007 [ 259.666257][T11553] RBP: 00007fb7b8210b39 R08: 0000000000000004 R09: 0000000000000000 [ 259.674237][T11553] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 259.682211][T11553] R13: 0000000000000000 R14: 00007fb7b83b5fa0 R15: 00007ffc8cbb64f8 [ 259.690203][T11553] [ 259.738392][T11335] veth0_vlan: entered promiscuous mode [ 259.759905][T11335] veth1_vlan: entered promiscuous mode [ 259.760997][T11553] Mem-Info: [ 259.791545][T11553] active_anon:5657 inactive_anon:0 isolated_anon:0 [ 259.791545][T11553] active_file:1236 inactive_file:39896 isolated_file:0 [ 259.791545][T11553] unevictable:768 dirty:134 writeback:0 [ 259.791545][T11553] slab_reclaimable:10160 slab_unreclaimable:96596 [ 259.791545][T11553] mapped:24369 shmem:1361 pagetables:565 [ 259.791545][T11553] sec_pagetables:0 bounce:0 [ 259.791545][T11553] kernel_misc_reclaimable:0 [ 259.791545][T11553] free:1359581 free_pcp:12521 free_cma:0 [ 259.805472][T11335] veth0_macvtap: entered promiscuous mode [ 259.862683][T11335] veth1_macvtap: entered promiscuous mode [ 259.892010][T11553] Node 0 active_anon:22548kB inactive_anon:0kB active_file:4944kB inactive_file:159384kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:97476kB dirty:544kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12400kB pagetables:2140kB sec_pagetables:0kB all_unreclaimable? no [ 259.914180][T11335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.969640][T11335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.985818][T11553] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 259.997250][T11335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 260.027050][T11553] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 260.055575][T11553] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 260.061686][T11553] Node 0 DMA32 free:1520192kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:22604kB inactive_anon:0kB active_file:4944kB inactive_file:158064kB unevictable:1536kB writepending:540kB present:3129332kB managed:2589668kB mlocked:0kB bounce:0kB free_pcp:33752kB local_pcp:21124kB free_cma:0kB [ 260.071922][T11335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.106222][T11335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 260.114015][T11553] lowmem_reserve[]: 0 [ 260.117831][T11335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.124604][T11335] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 260.136922][T11553] 0 1 1 1 [ 260.144215][T11553] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:4kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 260.174554][T11553] lowmem_reserve[]: 0 0 0 0 0 [ 260.190259][T11335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.211544][T11335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.221376][T11335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.250755][T11553] Node 1 Normal free:3901768kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:17248kB local_pcp:8128kB free_cma:0kB [ 260.270368][T11335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.324679][T11335] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.331133][T11553] lowmem_reserve[]: 0 0 0 0 0 [ 260.340027][T11553] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 260.355291][T11335] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.382167][T11553] Node 0 DMA32: 979*4kB (UM) 558*8kB (UME) 343*16kB (UM) 520*32kB (UME) 181*64kB (UME) 118*128kB (UME) 6*256kB (UM) 9*512kB (UM) 6*1024kB (ME) 2*2048kB (ME) 358*4096kB (M) = 1539948kB [ 260.383959][T11335] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 260.421564][T11553] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 260.455443][T11553] Node 1 Normal: 250*4kB (U) 48*8kB (UE) 34*16kB (UE) 94*32kB (UE) 28*64kB (UME) 8*128kB (UME) 1*256kB (E) 3*512kB (UME) 1*1024kB (U) 2*2048kB (UE) 949*4096kB (M) = 3901768kB [ 260.496859][T11335] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.520632][T11335] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.539118][T11553] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 260.548828][T11335] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.559029][T11553] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 260.581468][T11553] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 260.582904][T11335] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.615328][T11553] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 260.635153][T11553] 42493 total pagecache pages [ 260.645465][T11553] 0 pages in swap cache [ 260.649650][T11553] Free swap = 124996kB [ 260.659621][T11577] net_ratelimit: 250 callbacks suppressed [ 260.659637][T11577] netlink: zone id is out of range [ 260.671485][T11553] Total swap = 124996kB [ 260.675670][T11553] 2097051 pages RAM [ 260.689748][T11553] 0 pages HighMem/MovableOnly [ 260.695278][T11577] netlink: zone id is out of range [ 260.711017][T11553] 416120 pages reserved [ 260.730907][T11553] 0 pages cma reserved [ 260.835519][ T3515] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 260.909350][ T3515] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 260.978002][ T3465] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 261.006325][ T3465] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 261.822822][ T5779] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 263.306208][ T5769] bridge0: port 4(syz_tun) entered disabled state [ 263.421345][ T5769] syz_tun (unregistering): left allmulticast mode [ 263.429268][ T5776] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 263.438367][ T5769] syz_tun (unregistering): left promiscuous mode [ 263.438781][ T5776] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 263.451550][ T5769] bridge0: port 4(syz_tun) entered disabled state [ 263.458655][ T5776] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 263.473125][ T5776] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 263.484177][ T5776] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 263.491925][ T5776] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 263.739349][ T1119] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.870380][T11671] netlink: zone id is out of range [ 263.887396][T11671] netlink: zone id is out of range [ 263.918957][ T1119] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.067186][ T1119] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.280046][ T1119] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.701932][ T5779] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 264.755416][T11664] chnl_net:caif_netlink_parms(): no params data found [ 264.819346][T11696] netlink: 'syz.1.2396': attribute type 1 has an invalid length. [ 264.884462][T11696] 8021q: adding VLAN 0 to HW filter on device bond12 [ 265.077152][T11698] bond12: (slave veth9): Enslaving as an active interface with a down link [ 265.103259][T11696] bond3: (slave veth0_to_bond): Releasing active interface [ 265.149841][T11696] bond12: (slave veth0_to_bond): making interface the new active one [ 265.176417][T11696] veth0_to_bond: entered promiscuous mode [ 265.203162][T11696] bond12: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 265.262000][ T1119] tipc: Left network mode [ 265.523953][T11664] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.531151][T11664] bridge0: port 1(bridge_slave_0) entered disabled state [ 265.553380][T11664] bridge_slave_0: entered allmulticast mode [ 265.560659][T11664] bridge_slave_0: entered promiscuous mode [ 265.581972][ T5779] Bluetooth: hci1: command tx timeout [ 265.666437][T11664] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.691680][T11664] bridge0: port 2(bridge_slave_1) entered disabled state [ 265.698955][T11664] bridge_slave_1: entered allmulticast mode [ 265.722793][T11664] bridge_slave_1: entered promiscuous mode [ 265.863248][T11664] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 265.885740][T11664] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 266.686429][T11664] team0: Port device team_slave_0 added [ 266.727247][T11664] team0: Port device team_slave_1 added [ 267.172254][T11664] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 267.179362][T11664] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 267.296873][T11664] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 267.471960][ T1119] bond5: (slave gretap1): Releasing active interface [ 267.503633][T11664] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 267.524350][T11664] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 267.563228][T11664] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 267.661506][ T5779] Bluetooth: hci1: command tx timeout [ 267.772546][T11664] hsr_slave_0: entered promiscuous mode [ 267.782810][T11664] hsr_slave_1: entered promiscuous mode [ 267.791317][T11664] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 267.809269][T11664] Cannot create hsr debugfs directory [ 268.353048][ T1119] hsr_slave_0: left promiscuous mode [ 268.377932][ T1119] hsr_slave_1: left promiscuous mode [ 268.394823][ T1119] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 268.404620][ T1119] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 268.416985][ T1119] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 268.431757][ T1119] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 268.447978][ T1119] vlan2: left allmulticast mode [ 268.458935][ T1119] bond0: left allmulticast mode [ 268.470203][ T1119] bond_slave_0: left allmulticast mode [ 268.482267][ T1119] bond_slave_1: left allmulticast mode [ 268.494616][ T1119] vlan2: left promiscuous mode [ 268.505157][ T1119] bond0: left promiscuous mode [ 268.515572][ T1119] bond_slave_0: left promiscuous mode [ 268.527036][ T1119] bond_slave_1: left promiscuous mode [ 268.538913][ T1119] bridge0: port 3(vlan2) entered disabled state [ 268.557071][ T1119] bridge_slave_1: left allmulticast mode [ 268.568529][ T1119] bridge_slave_1: left promiscuous mode [ 268.579951][ T1119] bridge0: port 2(bridge_slave_1) entered disabled state [ 268.601333][ T1119] bridge_slave_0: left allmulticast mode [ 268.611648][ T1119] bridge_slave_0: left promiscuous mode [ 268.624172][ T1119] bridge0: port 1(bridge_slave_0) entered disabled state [ 268.707239][ T1119] bridge0: left promiscuous mode [ 268.722515][ T1119] veth1_macvtap: left promiscuous mode [ 268.734872][ T1119] veth0_macvtap: left promiscuous mode [ 268.747135][ T1119] veth1_vlan: left promiscuous mode [ 268.757713][ T1119] veth0_vlan: left promiscuous mode [ 269.083215][ T1119] bond9 (unregistering): Released all slaves [ 269.111132][ T1119] bond8 (unregistering): (slave veth5): Releasing active interface [ 269.119205][ T1119] bond8 (unregistering): (slave veth5): the permanent HWaddr of slave - ee:9a:dd:87:53:4c - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 269.143098][ T1119] veth0_to_bond (unregistering): entered promiscuous mode [ 269.270321][ T1119] bond8 (unregistering): (slave veth0_to_bond): Releasing active interface [ 269.281374][ T1119] veth0_to_bond (unregistering): left promiscuous mode [ 269.292955][ T1119] bond8 (unregistering): Released all slaves [ 269.310241][ T1119] bond7 (unregistering): Released all slaves [ 269.444936][ T1119] bond6 (unregistering): Released all slaves [ 269.702262][ T1119] bond5 (unregistering): Released all slaves [ 269.742207][ T5779] Bluetooth: hci1: command tx timeout [ 269.836911][ T1119] bond4 (unregistering): Released all slaves [ 269.855200][ T1119] bond3 (unregistering): Released all slaves [ 270.167947][ T1119] bond2 (unregistering): (slave veth3): Releasing active interface [ 270.314808][ T1119] bond2 (unregistering): Released all slaves [ 270.394664][ T1119] bond1 (unregistering): Released all slaves [ 270.841798][ T1119] team_slave_1 (unregistering): left promiscuous mode [ 270.853562][ T1119] team0 (unregistering): Port device team_slave_1 removed [ 270.893486][ T1119] team_slave_0 (unregistering): left promiscuous mode [ 270.902824][ T1119] team0 (unregistering): Port device team_slave_0 removed [ 270.955736][ T1119] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 271.013618][ T1119] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 271.439100][ T1119] bond0 (unregistering): Released all slaves [ 271.822621][ T5779] Bluetooth: hci1: command tx timeout [ 272.429816][ T1119] IPVS: stop unused estimator thread 0... [ 272.676971][T11793] tipc: Started in network mode [ 272.711805][T11793] tipc: Node identity ac14140f, cluster identity 4711 [ 272.787064][T11793] tipc: New replicast peer: 255.255.255.255 [ 272.844240][T11793] tipc: Enabled bearer , priority 10 [ 272.965622][T11795] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2416'. [ 273.022221][T11795] tipc: Disabling bearer [ 273.305580][T11664] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 273.353077][T11664] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 273.386334][T11664] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 273.432238][T11664] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 273.602102][T11804] netlink: 184 bytes leftover after parsing attributes in process `syz.2.2419'. [ 273.903872][T11664] 8021q: adding VLAN 0 to HW filter on device bond0 [ 273.986356][T11664] 8021q: adding VLAN 0 to HW filter on device team0 [ 274.037256][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.044481][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 274.084802][ T1143] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.092097][ T1143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 274.474854][T11831] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2429'. [ 274.588116][T11664] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 274.675379][T11664] veth0_vlan: entered promiscuous mode [ 274.708829][T11664] veth1_vlan: entered promiscuous mode [ 274.822058][T11664] veth0_macvtap: entered promiscuous mode [ 274.852222][T11664] veth1_macvtap: entered promiscuous mode [ 274.899756][T11664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 274.950255][T11664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 274.976175][T11664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 275.005403][T11664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 275.021821][T11664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 275.035777][T11664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 275.048638][T11664] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 275.069892][T11848] dummy0: entered promiscuous mode [ 275.076334][T11848] vlan2: entered promiscuous mode [ 275.147229][T11664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 275.191492][T11664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 275.221455][T11664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 275.241481][T11664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 275.251342][T11664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 275.288110][T11664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 275.299780][T11664] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 275.314062][T11851] syzkaller0: entered allmulticast mode [ 275.349825][T11856] syzkaller0 (unregistering): left allmulticast mode [ 275.448047][T11858] netlink: 'syz.0.2440': attribute type 1 has an invalid length. [ 275.507418][T11664] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.530326][T11664] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.546670][T11664] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.555818][T11664] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.596267][T11861] vlan2: entered allmulticast mode [ 275.626755][T11861] veth1: entered allmulticast mode [ 275.814241][ T1119] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 275.853026][ T1119] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 275.964685][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 275.993091][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 276.560071][T11895] netlink: 'syz.3.2456': attribute type 1 has an invalid length. [ 276.703345][ T1119] veth0_to_bond: left promiscuous mode [ 276.907008][ T5773] bridge0: port 3(syz_tun) entered disabled state [ 276.991492][ T50] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 277.000886][ T50] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 277.011675][ T50] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 277.020191][ T50] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 277.041841][ T50] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 277.050258][ T50] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 277.061579][ T5773] syz_tun (unregistering): left allmulticast mode [ 277.068051][ T5773] syz_tun (unregistering): left promiscuous mode [ 277.077322][ T5773] bridge0: port 3(syz_tun) entered disabled state [ 277.596617][T11926] netlink: 'syz.3.2465': attribute type 1 has an invalid length. [ 277.770509][T11906] chnl_net:caif_netlink_parms(): no params data found [ 277.806442][T11933] netlink: 184 bytes leftover after parsing attributes in process `syz.3.2468'. [ 278.244415][T11906] bridge0: port 1(bridge_slave_0) entered blocking state [ 278.253478][T11906] bridge0: port 1(bridge_slave_0) entered disabled state [ 278.266355][T11906] bridge_slave_0: entered allmulticast mode [ 278.282594][T11906] bridge_slave_0: entered promiscuous mode [ 278.356743][T11906] bridge0: port 2(bridge_slave_1) entered blocking state [ 278.382365][T11906] bridge0: port 2(bridge_slave_1) entered disabled state [ 278.389590][T11906] bridge_slave_1: entered allmulticast mode [ 278.424391][T11906] bridge_slave_1: entered promiscuous mode [ 278.554933][T11960] vlan3: entered promiscuous mode [ 278.588749][T11906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 278.598766][T11962] netlink: 184 bytes leftover after parsing attributes in process `syz.3.2479'. [ 278.632968][T11906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 278.745652][T11906] team0: Port device team_slave_0 added [ 278.764340][T11906] team0: Port device team_slave_1 added [ 278.896614][T11906] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 278.922703][T11906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 278.971517][T11906] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 279.010575][T11906] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 279.041462][T11906] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 279.101229][T11906] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 279.112266][ T50] Bluetooth: hci3: command tx timeout [ 279.216026][T11906] hsr_slave_0: entered promiscuous mode [ 279.273796][T11906] hsr_slave_1: entered promiscuous mode [ 279.321516][T11906] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 279.329417][T11906] Cannot create hsr debugfs directory [ 279.580572][T11992] tipc: New replicast peer: 255.255.255.255 [ 279.594685][T11992] tipc: Enabled bearer , priority 10 [ 279.602279][T11995] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2494'. [ 279.615443][T11995] tipc: Disabling bearer [ 279.622283][T11994] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2495'. [ 279.804502][T11999] warn_alloc: 2 callbacks suppressed [ 279.804518][T11999] syz.0.2496: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 279.876887][T11999] CPU: 0 PID: 11999 Comm: syz.0.2496 Not tainted 6.6.94-syzkaller #0 [ 279.885028][T11999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 279.895108][T11999] Call Trace: [ 279.898424][T11999] [ 279.901375][T11999] dump_stack_lvl+0x16c/0x230 [ 279.906095][T11999] ? show_regs_print_info+0x20/0x20 [ 279.911328][T11999] ? load_image+0x3b0/0x3b0 [ 279.915864][T11999] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 279.922311][T11999] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 279.928841][T11999] warn_alloc+0x210/0x300 [ 279.933209][T11999] ? stack_trace_save+0x9c/0xe0 [ 279.938107][T11999] ? zone_watermark_ok_safe+0x230/0x230 [ 279.943708][T11999] ? kasan_set_track+0x5f/0x70 [ 279.948506][T11999] ? kasan_set_track+0x4e/0x70 [ 279.953302][T11999] ? __kasan_kmalloc+0x8f/0xa0 [ 279.958109][T11999] ? xsk_init_queue+0xb0/0x110 [ 279.962916][T11999] ? xsk_setsockopt+0x43c/0x6f0 [ 279.967805][T11999] ? do_sock_setsockopt+0x254/0x3e0 [ 279.973037][T11999] ? __x64_sys_setsockopt+0x1be/0x250 [ 279.978449][T11999] __vmalloc_node_range+0x126/0x1320 [ 279.983810][T11999] ? free_vm_area+0x50/0x50 [ 279.988377][T11999] vmalloc_user+0x74/0x80 [ 279.992763][T11999] ? xskq_create+0xbf/0x170 [ 279.997306][T11999] xskq_create+0xbf/0x170 [ 280.001671][T11999] xsk_init_queue+0xb0/0x110 [ 280.006289][T11999] xsk_setsockopt+0x43c/0x6f0 [ 280.010997][T11999] ? xsk_poll+0x670/0x670 [ 280.015361][T11999] ? aa_sock_opt_perm+0x74/0x100 [ 280.020334][T11999] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 280.025910][T11999] ? security_socket_setsockopt+0x7e/0xa0 [ 280.031664][T11999] ? xsk_poll+0x670/0x670 [ 280.036027][T11999] do_sock_setsockopt+0x254/0x3e0 [ 280.041103][T11999] ? __ia32_sys_recv+0xb0/0xb0 [ 280.045874][T11999] ? __fdget+0x180/0x210 [ 280.050130][T11999] __x64_sys_setsockopt+0x1be/0x250 [ 280.055341][T11999] do_syscall_64+0x55/0xb0 [ 280.059766][T11999] ? clear_bhb_loop+0x40/0x90 [ 280.064443][T11999] ? clear_bhb_loop+0x40/0x90 [ 280.069119][T11999] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 280.075020][T11999] RIP: 0033:0x7f1215b8e929 [ 280.079433][T11999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 280.099045][T11999] RSP: 002b:00007f1216923038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 280.107467][T11999] RAX: ffffffffffffffda RBX: 00007f1215db6080 RCX: 00007f1215b8e929 [ 280.115527][T11999] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000007 [ 280.123507][T11999] RBP: 00007f1215c10b39 R08: 0000000000000004 R09: 0000000000000000 [ 280.131488][T11999] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 280.139467][T11999] R13: 0000000000000000 R14: 00007f1215db6080 R15: 00007ffce92a43b8 [ 280.147459][T11999] [ 280.206875][T11999] Mem-Info: [ 280.210037][T11999] active_anon:4585 inactive_anon:0 isolated_anon:0 [ 280.210037][T11999] active_file:1236 inactive_file:39908 isolated_file:0 [ 280.210037][T11999] unevictable:768 dirty:201 writeback:0 [ 280.210037][T11999] slab_reclaimable:10254 slab_unreclaimable:99998 [ 280.210037][T11999] mapped:24115 shmem:1361 pagetables:401 [ 280.210037][T11999] sec_pagetables:0 bounce:0 [ 280.210037][T11999] kernel_misc_reclaimable:0 [ 280.210037][T11999] free:1355501 free_pcp:12887 free_cma:0 [ 280.276009][T11999] Node 0 active_anon:16840kB inactive_anon:0kB active_file:4944kB inactive_file:159432kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:97060kB dirty:800kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11856kB pagetables:1604kB sec_pagetables:0kB all_unreclaimable? no [ 280.326798][T11999] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 280.342276][T11906] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.406437][T11999] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 280.454237][T11999] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 280.460141][T11999] Node 0 DMA32 free:1504132kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:16996kB inactive_anon:0kB active_file:4944kB inactive_file:158112kB unevictable:1536kB writepending:796kB present:3129332kB managed:2589668kB mlocked:0kB bounce:0kB free_pcp:36448kB local_pcp:20352kB free_cma:0kB [ 280.504212][T11999] lowmem_reserve[]: 0 0 1 1 1 [ 280.514082][T11997] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 280.538676][T11999] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:4kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 280.583333][T11999] lowmem_reserve[]: 0 0 0 0 0 [ 280.588128][T11999] Node 1 Normal free:3902280kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:16736kB local_pcp:8864kB free_cma:0kB [ 280.620098][T11999] lowmem_reserve[]: 0 0 0 0 0 [ 280.625404][T11999] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 280.639424][T11999] Node 0 DMA32: 941*4kB (UM) 150*8kB (UME) 196*16kB (UM) 195*32kB (M) 134*64kB (ME) 113*128kB (UME) 46*256kB (UM) 33*512kB (UM) 18*1024kB (UME) 7*2048kB (UME) 343*4096kB (M) = 1503748kB [ 280.660596][T11999] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 280.670812][T11906] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.673148][T11999] Node 1 Normal: 250*4kB (U) 48*8kB (UE) 34*16kB (UE) 100*32kB (UE) 31*64kB (UME) 9*128kB (UME) 1*256kB (E) 3*512kB (UME) 1*1024kB (U) 2*2048kB (UE) 949*4096kB (M) = 3902280kB [ 280.688333][T12020] netlink: 168 bytes leftover after parsing attributes in process `syz.1.2503'. [ 280.705270][T11999] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 280.705290][T11999] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 280.705306][T11999] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 280.705322][T11999] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 280.705336][T11999] 42505 total pagecache pages [ 280.705344][T11999] 0 pages in swap cache [ 280.705351][T11999] Free swap = 124996kB [ 280.705358][T11999] Total swap = 124996kB [ 280.705367][T11999] 2097051 pages RAM [ 280.705374][T11999] 0 pages HighMem/MovableOnly [ 280.705381][T11999] 416120 pages reserved [ 280.705388][T11999] 0 pages cma reserved [ 280.877158][T11906] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.001926][T11906] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.031045][T12026] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2505'. [ 281.044344][T12027] syzkaller0: entered allmulticast mode [ 281.059452][T12027] syzkaller0 (unregistering): left allmulticast mode [ 281.182390][ T5779] Bluetooth: hci3: command tx timeout [ 281.199227][T11906] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 281.210050][T11906] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 281.223833][T11906] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 281.236376][T11906] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 281.413370][T11906] 8021q: adding VLAN 0 to HW filter on device bond0 [ 281.451889][T11906] 8021q: adding VLAN 0 to HW filter on device team0 [ 281.471634][ T1119] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.478805][ T1119] bridge0: port 1(bridge_slave_0) entered forwarding state [ 281.510336][ T1119] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.517571][ T1119] bridge0: port 2(bridge_slave_1) entered forwarding state [ 281.982758][T11906] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 281.992997][T12061] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2515'. [ 282.089748][T11906] veth0_vlan: entered promiscuous mode [ 282.117557][T11906] veth1_vlan: entered promiscuous mode [ 282.162691][T11906] veth0_macvtap: entered promiscuous mode [ 282.181362][T11906] veth1_macvtap: entered promiscuous mode [ 282.200476][T11906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 282.218903][T11906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 282.241605][T11906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 282.253770][T11906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 282.276305][T11906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 282.298163][T11906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 282.311592][T11906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 282.329504][T11906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 282.341184][T11906] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 282.370150][T11906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 282.400896][T11906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 282.418609][T11906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 282.429580][T11906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 282.440233][T11906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 282.451030][T11906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 282.461294][T11906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 282.474330][T11906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 282.486476][T11906] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 282.518520][T11906] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 282.535495][T11906] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 282.570371][T11906] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 282.590254][T11906] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 282.632467][ T50] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 282.884569][T12029] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 283.261765][ T50] Bluetooth: hci3: command tx timeout [ 283.311657][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 283.338275][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 283.370738][ T3515] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 283.387068][ T3515] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 283.408852][T12086] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2524'. [ 283.675295][T12090] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 284.312466][ T5776] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 284.324506][ T5776] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 284.332449][ T5776] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 284.341023][ T5776] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 284.350392][ T5776] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 284.361024][ T5776] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 284.650107][T12111] chnl_net:caif_netlink_parms(): no params data found [ 284.749446][T12111] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.756887][T12111] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.764500][T12111] bridge_slave_0: entered allmulticast mode [ 284.774428][T12111] bridge_slave_0: entered promiscuous mode [ 284.788523][T12111] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.798280][T12111] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.816856][T12111] bridge_slave_1: entered allmulticast mode [ 284.825980][T12111] bridge_slave_1: entered promiscuous mode [ 284.881623][T12111] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 284.902501][T12111] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 284.969947][T12111] team0: Port device team_slave_0 added [ 284.978247][T12111] team0: Port device team_slave_1 added [ 285.011799][T12111] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 285.018841][T12111] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.047494][T12111] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 285.078752][T12111] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 285.086141][T12111] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.127600][T12111] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 285.240471][T12111] hsr_slave_0: entered promiscuous mode [ 285.247363][T12111] hsr_slave_1: entered promiscuous mode [ 285.255448][T12111] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 285.269350][T12111] Cannot create hsr debugfs directory [ 285.342326][ T5779] Bluetooth: hci3: command tx timeout [ 285.548714][T12111] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 285.688503][T12111] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 285.743387][ T50] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 285.758886][T12100] ================================================================== [ 285.766993][T12100] BUG: KASAN: slab-use-after-free in __lock_acquire+0xff/0x7c80 [ 285.774650][T12100] Read of size 8 at addr ffff888141261088 by task syz.3.2529/12100 [ 285.782554][T12100] [ 285.784891][T12100] CPU: 1 PID: 12100 Comm: syz.3.2529 Not tainted 6.6.94-syzkaller #0 [ 285.792979][T12100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 285.803066][T12100] Call Trace: [ 285.806370][T12100] [ 285.809313][T12100] dump_stack_lvl+0x16c/0x230 [ 285.814022][T12100] ? __lock_acquire+0x7c80/0x7c80 [ 285.819083][T12100] ? show_regs_print_info+0x20/0x20 [ 285.824308][T12100] ? load_image+0x3b0/0x3b0 [ 285.828838][T12100] ? __virt_addr_valid+0x469/0x540 [ 285.833982][T12100] print_report+0xac/0x230 [ 285.838449][T12100] ? __lock_acquire+0xff/0x7c80 [ 285.843320][T12100] kasan_report+0x117/0x150 [ 285.847854][T12100] ? __lock_acquire+0xff/0x7c80 [ 285.852760][T12100] __lock_acquire+0xff/0x7c80 [ 285.857486][T12100] ? verify_lock_unused+0x140/0x140 [ 285.862714][T12100] ? verify_lock_unused+0x140/0x140 [ 285.867984][T12100] lock_acquire+0x197/0x410 [ 285.872508][T12100] ? skb_queue_purge_reason+0x36/0x1c0 [ 285.877995][T12100] ? read_lock_is_recursive+0x20/0x20 [ 285.883477][T12100] ? __lock_acquire+0x7c80/0x7c80 [ 285.888527][T12100] ? rcu_is_watching+0x15/0xb0 [ 285.893321][T12100] _raw_spin_lock_irqsave+0xa8/0xf0 [ 285.898556][T12100] ? skb_queue_purge_reason+0x36/0x1c0 [ 285.904038][T12100] ? _raw_spin_lock+0x40/0x40 [ 285.908744][T12100] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 285.914415][T12100] ? mutex_unlock+0x10/0x10 [ 285.918939][T12100] ? _raw_spin_unlock_irq+0x23/0x50 [ 285.924169][T12100] skb_queue_purge_reason+0x36/0x1c0 [ 285.929486][T12100] vhci_flush+0x44/0x50 [ 285.933675][T12100] ? vhci_close_dev+0x50/0x50 [ 285.938383][T12100] hci_dev_reset+0x44f/0x610 [ 285.943004][T12100] sock_do_ioctl+0xd7/0x2f0 [ 285.947532][T12100] ? sock_show_fdinfo+0xb0/0xb0 [ 285.952396][T12100] sock_ioctl+0x623/0x7a0 [ 285.956742][T12100] ? sock_poll+0x3d0/0x3d0 [ 285.961271][T12100] ? bpf_lsm_file_ioctl+0x9/0x10 [ 285.966215][T12100] ? security_file_ioctl+0x80/0xa0 [ 285.971328][T12100] ? sock_poll+0x3d0/0x3d0 [ 285.975753][T12100] __se_sys_ioctl+0xfd/0x170 [ 285.980350][T12100] do_syscall_64+0x55/0xb0 [ 285.984776][T12100] ? clear_bhb_loop+0x40/0x90 [ 285.989457][T12100] ? clear_bhb_loop+0x40/0x90 [ 285.994228][T12100] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 286.000137][T12100] RIP: 0033:0x7f36bf58e929 [ 286.004563][T12100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 286.024166][T12100] RSP: 002b:00007f36bf3ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 286.032771][T12100] RAX: ffffffffffffffda RBX: 00007f36bf7b5fa0 RCX: 00007f36bf58e929 [ 286.040749][T12100] RDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000009 [ 286.048715][T12100] RBP: 00007f36bf610b39 R08: 0000000000000000 R09: 0000000000000000 [ 286.056698][T12100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 286.064681][T12100] R13: 0000000000000000 R14: 00007f36bf7b5fa0 R15: 00007ffd550a7e58 [ 286.072662][T12100] [ 286.075678][T12100] [ 286.077998][T12100] Allocated by task 5768: [ 286.082331][T12100] kasan_set_track+0x4e/0x70 [ 286.086931][T12100] __kasan_kmalloc+0x8f/0xa0 [ 286.091528][T12100] vhci_open+0x57/0x360 [ 286.095785][T12100] misc_open+0x2f9/0x370 [ 286.100026][T12100] chrdev_open+0x59e/0x670 [ 286.104440][T12100] do_dentry_open+0x8c6/0x1500 [ 286.109202][T12100] path_openat+0x274b/0x3190 [ 286.113888][T12100] do_filp_open+0x1c5/0x3d0 [ 286.118391][T12100] do_sys_openat2+0x12c/0x1c0 [ 286.123073][T12100] __x64_sys_openat+0x139/0x160 [ 286.128021][T12100] do_syscall_64+0x55/0xb0 [ 286.132437][T12100] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 286.138335][T12100] [ 286.140651][T12100] Freed by task 5768: [ 286.144626][T12100] kasan_set_track+0x4e/0x70 [ 286.149213][T12100] kasan_save_free_info+0x2e/0x50 [ 286.154241][T12100] ____kasan_slab_free+0x126/0x1e0 [ 286.159350][T12100] slab_free_freelist_hook+0x130/0x1b0 [ 286.164806][T12100] __kmem_cache_free+0xba/0x1f0 [ 286.169654][T12100] vhci_release+0xbf/0xd0 [ 286.173986][T12100] __fput+0x234/0x970 [ 286.177975][T12100] task_work_run+0x1ce/0x250 [ 286.182573][T12100] do_exit+0x903/0x23c0 [ 286.186732][T12100] do_group_exit+0x21b/0x2d0 [ 286.191321][T12100] get_signal+0x12fc/0x1400 [ 286.195827][T12100] arch_do_signal_or_restart+0x96/0x780 [ 286.201375][T12100] exit_to_user_mode_loop+0x70/0x110 [ 286.206666][T12100] exit_to_user_mode_prepare+0xb1/0x140 [ 286.212213][T12100] syscall_exit_to_user_mode+0x1a/0x50 [ 286.217671][T12100] do_syscall_64+0x61/0xb0 [ 286.222112][T12100] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 286.228023][T12100] [ 286.230340][T12100] The buggy address belongs to the object at ffff888141261000 [ 286.230340][T12100] which belongs to the cache kmalloc-1k of size 1024 [ 286.244387][T12100] The buggy address is located 136 bytes inside of [ 286.244387][T12100] freed 1024-byte region [ffff888141261000, ffff888141261400) [ 286.258264][T12100] [ 286.260580][T12100] The buggy address belongs to the physical page: [ 286.267004][T12100] page:ffffea0005049800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x141260 [ 286.277259][T12100] head:ffffea0005049800 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 286.286192][T12100] flags: 0x57ff00000000840(slab|head|node=1|zone=2|lastcpupid=0x7ff) [ 286.294249][T12100] page_type: 0xffffffff() [ 286.298657][T12100] raw: 057ff00000000840 ffff888017841dc0 dead000000000100 dead000000000122 [ 286.307231][T12100] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 286.315803][T12100] page dumped because: kasan: bad access detected [ 286.322213][T12100] page_owner tracks the page as allocated [ 286.327920][T12100] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52000(__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 0, tgid 0 (swapper/0), ts 1864618578, free_ts 0 [ 286.344493][T12100] post_alloc_hook+0x1cd/0x210 [ 286.349254][T12100] get_page_from_freelist+0x195c/0x19f0 [ 286.354889][T12100] __alloc_pages+0x1e3/0x460 [ 286.359476][T12100] alloc_page_interleave+0x24/0x1e0 [ 286.364675][T12100] alloc_slab_page+0x5d/0x170 [ 286.369361][T12100] new_slab+0x87/0x2e0 [ 286.373436][T12100] ___slab_alloc+0xc6d/0x12f0 [ 286.378116][T12100] __kmem_cache_alloc_node+0x1a2/0x260 [ 286.383578][T12100] kmalloc_trace+0x2a/0xe0 [ 286.387996][T12100] kernfs_create_root+0x5e/0x690 [ 286.392938][T12100] cgroup_setup_root+0x26e/0xb30 [ 286.397879][T12100] cgroup_init+0x19f/0xc50 [ 286.402290][T12100] start_kernel+0x440/0x4e0 [ 286.406795][T12100] x86_64_start_reservations+0x2a/0x30 [ 286.412362][T12100] copy_bootdata+0x0/0xe0 [ 286.416692][T12100] secondary_startup_64_no_verify+0x179/0x17b [ 286.422777][T12100] page_owner free stack trace missing [ 286.428141][T12100] [ 286.430457][T12100] Memory state around the buggy address: [ 286.436074][T12100] ffff888141260f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 286.444126][T12100] ffff888141261000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 286.452185][T12100] >ffff888141261080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 286.460234][T12100] ^ [ 286.464572][T12100] ffff888141261100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 286.472629][T12100] ffff888141261180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 286.480686][T12100] ================================================================== [ 286.488748][T12100] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 286.495932][T12100] CPU: 1 PID: 12100 Comm: syz.3.2529 Not tainted 6.6.94-syzkaller #0 [ 286.503994][T12100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 286.514045][T12100] Call Trace: [ 286.517414][T12100] [ 286.520344][T12100] dump_stack_lvl+0x16c/0x230 [ 286.525028][T12100] ? show_regs_print_info+0x20/0x20 [ 286.530233][T12100] ? load_image+0x3b0/0x3b0 [ 286.534738][T12100] panic+0x2c0/0x710 [ 286.538629][T12100] ? bpf_jit_dump+0xd0/0xd0 [ 286.543133][T12100] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 286.549039][T12100] ? _raw_spin_unlock+0x40/0x40 [ 286.553896][T12100] ? print_memory_metadata+0x314/0x400 [ 286.559373][T12100] ? __lock_acquire+0xff/0x7c80 [ 286.564221][T12100] check_panic_on_warn+0x84/0xa0 [ 286.569160][T12100] ? __lock_acquire+0xff/0x7c80 [ 286.574019][T12100] end_report+0x6f/0x140 [ 286.578264][T12100] kasan_report+0x128/0x150 [ 286.582785][T12100] ? __lock_acquire+0xff/0x7c80 [ 286.587644][T12100] __lock_acquire+0xff/0x7c80 [ 286.592330][T12100] ? verify_lock_unused+0x140/0x140 [ 286.597534][T12100] ? verify_lock_unused+0x140/0x140 [ 286.602765][T12100] lock_acquire+0x197/0x410 [ 286.607269][T12100] ? skb_queue_purge_reason+0x36/0x1c0 [ 286.612751][T12100] ? read_lock_is_recursive+0x20/0x20 [ 286.618131][T12100] ? __lock_acquire+0x7c80/0x7c80 [ 286.623161][T12100] ? rcu_is_watching+0x15/0xb0 [ 286.627934][T12100] _raw_spin_lock_irqsave+0xa8/0xf0 [ 286.633142][T12100] ? skb_queue_purge_reason+0x36/0x1c0 [ 286.638608][T12100] ? _raw_spin_lock+0x40/0x40 [ 286.643295][T12100] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 286.648943][T12100] ? mutex_unlock+0x10/0x10 [ 286.653446][T12100] ? _raw_spin_unlock_irq+0x23/0x50 [ 286.658654][T12100] skb_queue_purge_reason+0x36/0x1c0 [ 286.663960][T12100] vhci_flush+0x44/0x50 [ 286.668116][T12100] ? vhci_close_dev+0x50/0x50 [ 286.672813][T12100] hci_dev_reset+0x44f/0x610 [ 286.677423][T12100] sock_do_ioctl+0xd7/0x2f0 [ 286.681945][T12100] ? sock_show_fdinfo+0xb0/0xb0 [ 286.686808][T12100] sock_ioctl+0x623/0x7a0 [ 286.691142][T12100] ? sock_poll+0x3d0/0x3d0 [ 286.695572][T12100] ? bpf_lsm_file_ioctl+0x9/0x10 [ 286.700513][T12100] ? security_file_ioctl+0x80/0xa0 [ 286.705623][T12100] ? sock_poll+0x3d0/0x3d0 [ 286.710036][T12100] __se_sys_ioctl+0xfd/0x170 [ 286.714645][T12100] do_syscall_64+0x55/0xb0 [ 286.719073][T12100] ? clear_bhb_loop+0x40/0x90 [ 286.723755][T12100] ? clear_bhb_loop+0x40/0x90 [ 286.728436][T12100] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 286.734331][T12100] RIP: 0033:0x7f36bf58e929 [ 286.738742][T12100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 286.758364][T12100] RSP: 002b:00007f36bf3ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 286.766786][T12100] RAX: ffffffffffffffda RBX: 00007f36bf7b5fa0 RCX: 00007f36bf58e929 [ 286.774764][T12100] RDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000009 [ 286.782768][T12100] RBP: 00007f36bf610b39 R08: 0000000000000000 R09: 0000000000000000 [ 286.790743][T12100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 286.798745][T12100] R13: 0000000000000000 R14: 00007f36bf7b5fa0 R15: 00007ffd550a7e58 [ 286.806718][T12100] [ 286.810135][T12100] Kernel Offset: disabled [ 286.814546][T12100] Rebooting in 86400 seconds..