last executing test programs: 11.72075278s ago: executing program 0 (id=6530): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48) close(0x3) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001c40)={0x14, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) 11.508492272s ago: executing program 0 (id=6534): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1, 0x0, 0x20}, 0x1f00) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x22a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000001100)={0xffffffffffffffff, 0x0, 0x0, 0x2}, 0x20) 11.38196556s ago: executing program 1 (id=6545): perf_event_open(0x0, 0x0, 0xfffffffffffffdff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) socket$kcm(0x1e, 0x4, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c0d3, 0xac5e, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0x100, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02002c000b07d25a806f8c6394f90424fc60040001002b1b0100083582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 7.685164188s ago: executing program 3 (id=6538): perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xc2ba}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(0xffffffffffffffff) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8943, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="5c00000014006b04000000d86e6c1d0002847ea6ea6567e75110623400cdd46b44dacff32c6e020075e300250002000f00000017d34460bc24eab55600000000000000bf9367b4fa51f60a64c9f4d4938037e786a6d0bdd700000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 7.684121738s ago: executing program 0 (id=6548): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000}, 0x0, 0x0, 0xffffffffffffffff, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x0, 0x0, 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.time\x00', 0x26e1, 0x0) close(r0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$SIOCSIFHWADDR(r0, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1d}}) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67db3e6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b19abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f0000000000f8e10238d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4082d43e12186195cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea209b53b230ef0f2ab85cbdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bd3339403004b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab900000000000000000000d71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdbf24a0c5441ce046078492b53467cfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89cb349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb15f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c00c57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137df47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b558982016b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8b49e3d0168bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85a3009a5d30f479e293a3302e11350ea857b37e76ca3f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c8ffe0d508dcee3070e8b42ac38545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b217eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4444e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24000000000000000000000000000000000000cd3211b3842b68a4eddca2eae28529e97a98d7ec3fd902df1ba8fc2ad2377e72d4e7aeacbbccef5614cd965511558f40720025c022bc9c213e407f6bc4b673c55aa8e729299a37fd6339acd906ac861ba56c9fa9b8b12b5e68a3cdadb906355e1f1d336a243172affe50d0fb36c3718a7498eed3d398f405a34d494414e87ef1ce1845510d43d00171d6b4b762f89564c22d542a119878709cd6822c3a3eb47a849b0737929fe9e1eecd1bff5a2b9880e2a6d8a3b3b7e88a673c96cda4455eff1c530db0e6598a2686aa09aeaf0f1aed95aeb8b0a2cc5ca31c0f56285cc05f7090a0e0583cf540d18cd8817e685c7b4ff176178ac1234f23e54445ec20b2689832d78409897a0307e89ebcd5f4ba042a3d10237a5a8a9a6eda36d2f337dc54537b80e8433341b135b4c5bb0173ffde46ccd260e1d4f2c51e8b07bb256f1317912cb1fc9e491e0bb9109e475cc795c23ad9f4f0042c5e9c655a4d865bc4a266e6a1d3d2b7ee53be9efb33a98933b5ba74ee3ac8d34b6af8c1fdbffade3abc80842b74354162f5b994ab5254cb068bc5e2ae242a1d37d0d49947c9317fa1a46c9e259ce0e1f9db992c53f7830a5e8f4fac6b187eb9f15ba61f730f86d7d7b63bbc7a1d9ff37e87a90a14e0655304da069f9009b62717649b6c6af94fcba713f8ee6fcce25aef44d009966614b61be9369ffc589a79051b0a0000000000000003ebd34c41afe268c33c9322c3a783772aec998f51a6e70fb932a8019e72ef5ab127bb30c79ebfd867441083546305fb39449c40a166ea389a6b77b7c87f66e8bf5806726b8fc50b943627314803a12c33312dce0a10f852da3e000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x8, 0x0, 0xee, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001a00)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000480)="b9fb0307683a0600000000378100", 0x0, 0xfe, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50) 7.617849901s ago: executing program 1 (id=6539): socket$kcm(0x10, 0x2, 0x0) socket$kcm(0x11, 0x200000000000002, 0x300) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0600000004000000040000002c"], 0x50) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x0, 0x36, 0x0, &(0x7f0000000900)="c1dfb080cd21d308098ee68886dd", 0x0, 0xadf0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 7.524042197s ago: executing program 3 (id=6541): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000008c0)=[{0x2, 0x1, 0x3}], 0x10, 0x5}, 0x94) r0 = socket$kcm(0x1e, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f00000008c0), 0x43) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r1) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) r3 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f00000008c0), 0x43) sendmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 7.172524568s ago: executing program 3 (id=6554): perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2ba}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x440, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x9db155b4338cbebb, 0x0) close(r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)) ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="001300"}) 4.493207556s ago: executing program 2 (id=6544): r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x7b}]}, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, @perf_bp={0x0, 0xf}, 0x2210}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0x40010) 4.492003536s ago: executing program 0 (id=6546): bpf$ENABLE_STATS(0x20, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x1, 0xf, &(0x7f0000000140)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$kcm(0x11, 0x200000000000002, 0x300) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000900)=r1, 0x4) r3 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r3, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$kcm(r3, &(0x7f00000001c0)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000440)="f4000900062b8825fe80000000000000dc8f850f23846632189c54ebcc00007a000000ad6e911b51", 0x28}], 0x1}, 0x0) 4.363079623s ago: executing program 2 (id=6547): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, @perf_config_ext={0x1}, 0x10c002, 0xac5d, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) 4.362889514s ago: executing program 3 (id=6549): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES16, @ANYRES32, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000101"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e486dd63"], 0xfdef) 4.349899894s ago: executing program 1 (id=6559): r0 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x2, 0x4e24, @private=0xa010102}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)="b7", 0x1}], 0x1}, 0x20008050) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000980)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0xfffffffd}, {0x2, 0x0, 0xffffeffc, 0x8}]}, 0x94) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) setsockopt$sock_attach_bpf(r0, 0x84, 0x10, &(0x7f0000000000)=r3, 0xc) 4.290862718s ago: executing program 0 (id=6550): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c040, 0xac5d, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x2, 0x17, &(0x7f0000000880)=ANY=[@ANYBLOB="1800000000004000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000076000000bf0900000000000026090600000003e7040000000600000018010000756c6c2500000000002020207d9af8ff00000000ad9100000000000037010000f8ffffffb702000008000000b703000000000000140000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$kcm(0x10, 0x2, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000fdffffde18000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="5400020029000b05d25a806f8c6394f90424fc602f0011002e2f0100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 4.130535667s ago: executing program 2 (id=6552): perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x60000000, 0x6, 0x0, &(0x7f0000000040)="ded6e0966ec1", 0x0, 0x0, 0x3}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="8c38f0ff10"], 0x0, 0x42, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7ff}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000c9"], 0x0}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa067707"], 0xfdef) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0xffc0) 4.090949119s ago: executing program 1 (id=6553): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x3}, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x3, [@var={0x1, 0x0, 0x0, 0xe, 0x3}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x10}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2, 0xf4c9}}]}, {0x0, [0x61]}}, 0x0, 0x53}, 0x28) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r0, &(0x7f00000002c0), &(0x7f00000006c0)=""/4096}, 0x20) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xe4, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6150000, 0x0, @perf_config_ext={0xabd, 0xfffffffffffffffd}, 0x0, 0x0, 0x8000c2ba}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) 3.853100564s ago: executing program 2 (id=6555): openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x8, 0x4, 0x4, 0x9}, 0x50) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x8, &(0x7f0000000240)=ANY=[@ANYRES8, @ANYRES64=r0, @ANYRESDEC=0x0, @ANYRESOCT=r0], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x702, 0x0, 0x0, &(0x7f0000000540), 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x783}, 0x50) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x210}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f1, &(0x7f0000000080)) 2.245000028s ago: executing program 1 (id=6556): bpf$TOKEN_CREATE(0x24, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000004c0)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="8fedcb96f37538e486dd637288a8"], 0xe) 2.21900614s ago: executing program 4 (id=6557): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) r2 = socket$kcm(0x11, 0x200000000000002, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r4) recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r2, 0x107, 0x12, &(0x7f00000008c0)=r5, 0x4) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0x12, &(0x7f00000008c0)=r6, 0x4) 2.141898265s ago: executing program 4 (id=6558): r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000008"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) bpf$ENABLE_STATS(0x20, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0x40010) 1.987359124s ago: executing program 4 (id=6560): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xcfa4) close(0xffffffffffffffff) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000440)="b9ff03076804268c989e14f088a8", 0x0, 0x90d, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.767508696s ago: executing program 4 (id=6561): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x10000002}]}, 0x94) r0 = socket$kcm(0x2, 0x5, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000), 0xc) close(r2) close(r0) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10) 1.722621799s ago: executing program 4 (id=6562): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 256.830916ms ago: executing program 1 (id=6563): bpf$PROG_LOAD(0x5, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000001, 0x1, @perf_bp={0x0}, 0x8061, 0x3, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x2, 0x88) sendmsg$inet(r0, &(0x7f0000000000)={&(0x7f0000001340)={0x2, 0x6, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000001580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x41}, @multicast1}}}], 0x20}, 0x8000) sendmsg$inet(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000280)=[{0x0}, {&(0x7f0000000300)="fa74", 0x2}], 0x2}, 0x0) r1 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="1800000000000000100100000100000051d833483cc75dd6900000000000000004000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c"], 0x10b8}, 0x0) 256.653275ms ago: executing program 2 (id=6564): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'rose0\x00', 0x800}) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4}, 0x0, 0xc8, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="8c38f0ff10"], 0x0, 0x42, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7ff}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000c9"], 0x0}, 0x90) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa067707"], 0xfdef) write$cgroup_subtree(r2, &(0x7f0000000000), 0xffc0) 256.484535ms ago: executing program 3 (id=6565): r0 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x2, 0x4e24, @private=0xa010102}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)="b7", 0x1}], 0x1}, 0x20008050) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000980)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0xfffffffd}, {0x2, 0x0, 0xffffeffc, 0x8}]}, 0x94) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) setsockopt$sock_attach_bpf(r0, 0x84, 0x10, &(0x7f0000000000)=r3, 0xc) 256.353806ms ago: executing program 4 (id=6566): socketpair$unix(0x1, 0x1, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001500)}, 0x4) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext={0x8000000000000000}, 0x8210, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f903", 0x11}], 0x1}, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a6c52d922ba2a05dd4242"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 227.205387ms ago: executing program 0 (id=6573): perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2ba, 0x0, 0x4000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0f000000040000000800000001"], 0x37) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=ANY=[@ANYBLOB="12000000020000000800000002"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, &(0x7f00000000c0), &(0x7f00000002c0)=r1}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001540)={{r2}, &(0x7f00000014c0), &(0x7f0000001500)=r1}, 0x20) 107.235994ms ago: executing program 2 (id=6567): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe68db8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3542646bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xf, 0x4, 0x4, 0x16}, 0x50) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r3, r2, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) sendmsg$inet(r1, &(0x7f0000000500)={0x0, 0x4000000, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x20000281}], 0x1}, 0x0) 0s ago: executing program 3 (id=6568): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x3}, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x3, [@var={0x1, 0x0, 0x0, 0xe, 0x3}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x10}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2, 0xf4c9}}]}, {0x0, [0x61]}}, 0x0, 0x53}, 0x28) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r0, &(0x7f00000002c0), &(0x7f00000006c0)=""/4096}, 0x20) perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0xe4, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6150000, 0x0, @perf_config_ext={0xabd, 0xfffffffffffffffd}, 0x0, 0x0, 0x8000c2ba}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) kernel console output (not intermixed with test programs): w_radio_nl+0xafa/0xce0 [ 215.687289][ T6639] genl_family_rcv_msg_doit+0x22a/0x330 [ 215.692912][ T6639] ? end_current_label_crit_section+0x170/0x170 [ 215.699227][ T6639] ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0 [ 215.705208][ T6639] ? bpf_lsm_capable+0x5/0x10 [ 215.709955][ T6639] ? security_capable+0x85/0xb0 [ 215.714905][ T6639] genl_rcv_msg+0x604/0x790 [ 215.719513][ T6639] ? genl_bind+0x360/0x360 [ 215.723999][ T6639] ? hwsim_tx_info_frame_received_nl+0xfc0/0xfc0 [ 215.730434][ T6639] netlink_rcv_skb+0x1fb/0x450 [ 215.735264][ T6639] ? genl_bind+0x360/0x360 [ 215.739758][ T6639] ? netlink_ack+0x1170/0x1170 [ 215.744613][ T6639] ? down_read+0x1a8/0x2d0 [ 215.749101][ T6639] genl_rcv+0x24/0x40 [ 215.753157][ T6639] netlink_unicast+0x74d/0x8d0 [ 215.758033][ T6639] netlink_sendmsg+0x8ad/0xbd0 [ 215.762890][ T6639] ? netlink_getsockopt+0x550/0x550 [ 215.768197][ T6639] ? aa_sock_msg_perm+0x94/0x150 [ 215.773200][ T6639] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 215.778544][ T6639] ? security_socket_sendmsg+0x7c/0xa0 [ 215.784084][ T6639] ? netlink_getsockopt+0x550/0x550 [ 215.789357][ T6639] ____sys_sendmsg+0x5be/0x970 [ 215.794215][ T6639] ? __sys_sendmsg_sock+0x30/0x30 [ 215.799309][ T6639] ? __import_iovec+0x315/0x500 [ 215.804273][ T6639] ? import_iovec+0x6f/0xa0 [ 215.808844][ T6639] ___sys_sendmsg+0x2a2/0x360 [ 215.813590][ T6639] ? try_to_wake_up+0x67c/0x1080 [ 215.818644][ T6639] ? __sys_sendmsg+0x290/0x290 [ 215.823585][ T6639] __se_sys_sendmsg+0x1bb/0x2a0 [ 215.828701][ T6639] ? __x64_sys_sendmsg+0x80/0x80 [ 215.833753][ T6639] ? lockdep_hardirqs_on+0x94/0x140 [ 215.839036][ T6639] do_syscall_64+0x4c/0xa0 [ 215.843517][ T6639] ? clear_bhb_loop+0x60/0xb0 [ 215.848256][ T6639] ? clear_bhb_loop+0x60/0xb0 [ 215.853000][ T6639] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 215.858986][ T6639] RIP: 0033:0x7f5b9259aeb9 [ 215.863456][ T6639] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 215.883131][ T6639] RSP: 002b:00007f5b933c3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 215.891622][ T6639] RAX: ffffffffffffffda RBX: 00007f5b92815fa0 RCX: 00007f5b9259aeb9 [ 215.899686][ T6639] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004 [ 215.907731][ T6639] RBP: 00007f5b92608c1f R08: 0000000000000000 R09: 0000000000000000 [ 215.915770][ T6639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 215.923974][ T6639] R13: 00007f5b92816038 R14: 00007f5b92815fa0 R15: 00007ffebb2ba6c8 [ 215.932035][ T6639] [ 217.687701][ T4271] Bluetooth: hci0: unexpected subevent 0x04 length: 150 > 11 [ 219.458574][ T6719] netlink: 9275 bytes leftover after parsing attributes in process `syz.2.1032'. [ 220.986727][ T6752] netlink: 9275 bytes leftover after parsing attributes in process `syz.3.1046'. [ 225.722617][ T4271] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 226.147512][ T6823] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1078'. [ 227.233705][ T4271] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 232.810373][ T6909] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1120'. [ 232.929376][ T6909] device hsr_slave_0 left promiscuous mode [ 232.964645][ T6909] device hsr_slave_1 left promiscuous mode [ 247.359852][ T4361] device hsr_slave_0 left promiscuous mode [ 247.388453][ T4361] device hsr_slave_1 left promiscuous mode [ 247.423302][ T4361] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 247.454996][ T4361] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 247.509237][ T4361] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 247.567047][ T4361] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 247.644214][ T4361] device bridge_slave_1 left promiscuous mode [ 247.669500][ T4361] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.714453][ T4361] device bridge_slave_0 left promiscuous mode [ 247.720847][ T4361] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.881179][ T4361] device veth1_macvtap left promiscuous mode [ 247.911823][ T4361] device veth0_macvtap left promiscuous mode [ 247.954901][ T4361] device veth1_vlan left promiscuous mode [ 247.979172][ T4361] device veth0_vlan left promiscuous mode [ 250.792697][ T4361] team0 (unregistering): Port device team_slave_1 removed [ 251.830943][ T4361] team0 (unregistering): Port device team_slave_0 removed [ 252.168062][ T4361] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 252.468423][ T4361] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 253.117534][ T4361] bond0 (unregistering): Released all slaves [ 253.267169][ T7195] syz.2.1247 (7195) used obsolete PPPIOCDETACH ioctl [ 255.707445][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.713891][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.800476][ T48] Bluetooth: hci2: command 0x0406 tx timeout [ 259.020534][ T7309] device veth0_to_team entered promiscuous mode [ 262.190418][ T7358] device veth0_to_team entered promiscuous mode [ 265.244566][ T7394] device syzkaller0 entered promiscuous mode [ 268.549351][ T7398] device veth0_to_team entered promiscuous mode [ 268.860939][ T7442] netlink: 127868 bytes leftover after parsing attributes in process `syz.1.1341'. [ 268.912635][ T7442] netlink: 6955 bytes leftover after parsing attributes in process `syz.1.1341'. [ 275.492417][ T4271] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 275.501923][ T4271] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 275.513782][ T4271] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 275.541251][ T4271] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 275.549181][ T4271] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 275.556648][ T4271] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 275.743447][ T7519] chnl_net:caif_netlink_parms(): no params data found [ 275.799987][ T7519] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.807261][ T7519] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.815826][ T7519] device bridge_slave_0 entered promiscuous mode [ 275.824557][ T7519] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.831705][ T7519] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.841754][ T7519] device bridge_slave_1 entered promiscuous mode [ 275.868182][ T7519] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 275.880332][ T7519] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 275.911676][ T7519] team0: Port device team_slave_0 added [ 275.919513][ T7519] team0: Port device team_slave_1 added [ 275.939224][ T7519] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 275.946784][ T7519] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 275.972827][ T7519] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 275.994200][ T7519] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 276.001220][ T7519] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 276.027911][ T7519] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 276.080927][ T7519] device hsr_slave_0 entered promiscuous mode [ 276.088111][ T7519] device hsr_slave_1 entered promiscuous mode [ 276.239043][ T7519] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 276.332508][ T7519] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 276.423223][ T7519] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 276.501468][ T7519] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 276.633889][ T7519] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 276.644753][ T7519] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 276.654235][ T7519] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 276.663209][ T7519] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 276.690408][ T7519] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.697576][ T7519] bridge0: port 2(bridge_slave_1) entered forwarding state [ 276.705049][ T7519] bridge0: port 1(bridge_slave_0) entered blocking state [ 276.712186][ T7519] bridge0: port 1(bridge_slave_0) entered forwarding state [ 276.748663][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 276.759795][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.793474][ T7519] 8021q: adding VLAN 0 to HW filter on device bond0 [ 276.808349][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 276.817036][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 276.832577][ T7519] 8021q: adding VLAN 0 to HW filter on device team0 [ 276.845415][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 276.855058][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 276.864030][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 276.871177][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 276.881426][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 276.890473][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 276.899455][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.906627][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 276.919640][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 276.937795][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 276.952175][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 276.963952][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 276.982003][ T7519] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 276.992881][ T7519] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 277.008524][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 277.017087][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 277.025973][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 277.038848][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 277.048919][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 277.059626][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 277.068450][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 277.077405][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 277.281778][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 277.290146][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 277.307879][ T7519] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 277.327361][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 277.339990][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 277.361150][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 277.369611][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 277.383171][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 277.392543][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 277.405242][ T7519] device veth0_vlan entered promiscuous mode [ 277.418763][ T7519] device veth1_vlan entered promiscuous mode [ 277.442601][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 277.451490][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 277.460249][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 277.469776][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 277.481405][ T7519] device veth0_macvtap entered promiscuous mode [ 277.494903][ T7519] device veth1_macvtap entered promiscuous mode [ 277.512098][ T7519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.524547][ T7519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.534630][ T7519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.546333][ T7519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.556314][ T7519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.566895][ T7519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.576933][ T7519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.587449][ T7519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.600473][ T7519] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 277.610939][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 277.619639][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 277.629162][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 277.637416][ T4271] Bluetooth: hci2: command 0x0409 tx timeout [ 277.639973][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 277.656237][ T7519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.666837][ T7519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.677110][ T7519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.687937][ T7519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.697867][ T7519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.708647][ T7519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.718558][ T7519] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.729139][ T7519] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.740532][ T7519] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 277.750761][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 277.760021][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 277.771350][ T7519] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.780704][ T7519] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.791141][ T7519] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.800056][ T7519] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 277.866611][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.882860][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 277.902834][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 277.914057][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.922085][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 277.933261][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 279.499056][ T4271] Bluetooth: hci2: unexpected event 0x03 length: 151 > 11 [ 279.711383][ T4271] Bluetooth: hci2: command 0x041b tx timeout [ 279.918976][ T4271] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 280.581853][ T4271] Bluetooth: hci3: unexpected event 0x03 length: 151 > 11 [ 281.073163][ T4271] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 281.789888][ T4271] Bluetooth: hci2: command 0x040f tx timeout [ 283.863842][ T4271] Bluetooth: hci2: command 0x0419 tx timeout [ 284.446533][ T7663] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1427'. [ 287.713854][ T7720] netlink: 196 bytes leftover after parsing attributes in process `syz.1.1451'. [ 289.305185][ T7762] netlink: 196 bytes leftover after parsing attributes in process `syz.0.1465'. [ 289.745254][ T7772] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1470'. [ 289.823952][ T7772] openvswitch: netlink: Message has 6 unknown bytes. [ 289.887648][ T7776] device syzkaller0 entered promiscuous mode [ 291.050636][ T7796] device syzkaller0 entered promiscuous mode [ 291.242925][ T4271] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 291.375998][ T7806] netlink: 196 bytes leftover after parsing attributes in process `syz.3.1481'. [ 291.586203][ T4271] Bluetooth: hci0: ISO packet for unknown connection handle 0 [ 292.743148][ T7817] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1487'. [ 292.755212][ T7817] openvswitch: netlink: Message has 6 unknown bytes. [ 293.296077][ T7831] netlink: 'syz.0.1503': attribute type 2 has an invalid length. [ 293.338431][ T7831] netlink: 'syz.0.1503': attribute type 1 has an invalid length. [ 293.394427][ T7831] netlink: 170140 bytes leftover after parsing attributes in process `syz.0.1503'. [ 294.495946][ T7849] device syzkaller0 entered promiscuous mode [ 297.362436][ T4271] Bluetooth: hci4: unknown advertising packet type: 0x20 [ 297.974701][ T7881] netlink: 15743 bytes leftover after parsing attributes in process `syz.1.1512'. [ 299.560566][ T4271] Bluetooth: hci0: unknown advertising packet type: 0x20 [ 299.686241][ T7913] sctp: [Deprecated]: syz.0.1529 (pid 7913) Use of int in maxseg socket option. [ 299.686241][ T7913] Use struct sctp_assoc_value instead [ 300.023242][ T7925] netlink: 'syz.0.1534': attribute type 22 has an invalid length. [ 300.482289][ T7940] netlink: 830 bytes leftover after parsing attributes in process `syz.4.1541'. [ 301.240710][ T7963] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.1551'. [ 303.900064][ T7978] netlink: 61211 bytes leftover after parsing attributes in process `syz.3.1558'. [ 304.874130][ T8009] netlink: 61211 bytes leftover after parsing attributes in process `syz.1.1573'. [ 306.250857][ T8052] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1585'. [ 308.760547][ T8065] netlink: 'syz.1.1588': attribute type 22 has an invalid length. [ 309.943711][ T8087] netlink: 'syz.4.1603': attribute type 10 has an invalid length. [ 310.060828][ T8087] team0: Device ipvlan1 failed to register rx_handler [ 311.372013][ T8101] netlink: 'syz.2.1610': attribute type 3 has an invalid length. [ 311.410692][ T8101] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.1610'. [ 312.829798][ T8147] netlink: 'syz.1.1627': attribute type 3 has an invalid length. [ 312.884455][ T8147] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.1627'. [ 314.871986][ T8202] netlink: 61967 bytes leftover after parsing attributes in process `syz.2.1654'. [ 314.875402][ T8200] netlink: 192432 bytes leftover after parsing attributes in process `syz.1.1653'. [ 314.927718][ T8200] netlink: get zone limit has 4 unknown bytes [ 315.270509][ T4271] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 316.016903][ T8234] netlink: 192432 bytes leftover after parsing attributes in process `syz.4.1668'. [ 316.056348][ T8234] netlink: get zone limit has 4 unknown bytes [ 316.395876][ T48] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18 [ 316.418084][ T8246] netlink: 61967 bytes leftover after parsing attributes in process `syz.3.1674'. [ 317.170243][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.176840][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.314380][ T48] Bluetooth: hci0: command 0x2016 tx timeout [ 318.423702][ T48] Bluetooth: hci2: command 0x2016 tx timeout [ 319.661698][ T8275] netlink: 'syz.4.1695': attribute type 29 has an invalid length. [ 319.797498][ T8277] netlink: 192432 bytes leftover after parsing attributes in process `syz.2.1684'. [ 319.857984][ T8277] netlink: get zone limit has 4 unknown bytes [ 320.769112][ T8304] netlink: 'syz.2.1699': attribute type 29 has an invalid length. [ 321.160419][ T8309] netlink: 'syz.4.1702': attribute type 10 has an invalid length. [ 321.388725][ T8309] device veth0_vlan left promiscuous mode [ 321.436232][ T8309] device veth0_vlan entered promiscuous mode [ 321.516604][ T8309] team0: Device veth0_vlan failed to register rx_handler [ 322.444414][ T8323] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1707'. [ 322.871711][ T8339] netlink: 'syz.0.1715': attribute type 29 has an invalid length. [ 324.883797][ T8379] device wg2 entered promiscuous mode [ 327.364160][ T8443] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1763'. [ 328.497320][ T8463] device pim6reg1 entered promiscuous mode [ 329.861584][ T8500] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1789'. [ 334.031901][ T48] Bluetooth: hci0: unexpected event 0x18 length: 151 > 23 [ 334.651088][ T8612] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1833'. [ 336.752192][ T48] Bluetooth: hci3: unexpected event 0x18 length: 151 > 23 [ 338.545936][ T8752] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1897'. [ 338.759149][ T8755] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1899'. [ 338.942619][ T8763] netlink: 'syz.0.1901': attribute type 2 has an invalid length. [ 340.172690][ T8794] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1915'. [ 340.908264][ T8820] netlink: 'syz.1.1926': attribute type 2 has an invalid length. [ 341.518377][ T8840] netlink: 126288 bytes leftover after parsing attributes in process `syz.0.1933'. [ 342.915589][ T8879] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.1949'. [ 344.388211][ T8912] netlink: 'syz.2.1964': attribute type 2 has an invalid length. [ 355.168888][ T9047] syz.2.2018 uses obsolete (PF_INET,SOCK_PACKET) [ 356.840673][ T9081] netlink: 16278 bytes leftover after parsing attributes in process `syz.0.2034'. [ 361.761424][ T9182] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2083'. [ 362.688826][ T9195] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2089'. [ 363.555173][ T9218] netlink: 16083 bytes leftover after parsing attributes in process `syz.2.2100'. [ 364.948752][ T9252] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2126'. [ 366.162743][ T9289] Zero length message leads to an empty skb [ 366.839269][ T9306] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.2141'. [ 368.944381][ T9348] netlink: 'syz.3.2160': attribute type 39 has an invalid length. [ 369.590977][ T9366] netlink: 'syz.2.2168': attribute type 29 has an invalid length. [ 369.690610][ T9366] netlink: 'syz.2.2168': attribute type 29 has an invalid length. [ 369.737438][ T9367] netlink: 'syz.2.2168': attribute type 29 has an invalid length. [ 369.766338][ T9365] netlink: 'syz.2.2168': attribute type 29 has an invalid length. [ 370.416610][ T9380] netlink: 'syz.1.2173': attribute type 10 has an invalid length. [ 370.459540][ T9380] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2173'. [ 370.505975][ T9380] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check. [ 371.199328][ T9408] netlink: 'syz.0.2185': attribute type 29 has an invalid length. [ 371.232784][ T9408] netlink: 'syz.0.2185': attribute type 29 has an invalid length. [ 371.252897][ T9407] netlink: 'syz.0.2185': attribute type 29 has an invalid length. [ 371.262816][ T9407] netlink: 'syz.0.2185': attribute type 29 has an invalid length. [ 372.969277][ T9464] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.2213'. [ 373.723872][ T9468] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2214'. [ 373.738841][ T9468] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check. [ 374.566719][ T9496] netlink: 65027 bytes leftover after parsing attributes in process `syz.3.2226'. [ 375.860578][ T9519] validate_nla: 6 callbacks suppressed [ 375.860596][ T9519] netlink: 'syz.0.2235': attribute type 1 has an invalid length. [ 375.886563][ T9519] netlink: 112865 bytes leftover after parsing attributes in process `syz.0.2235'. [ 378.328167][ T9547] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.2244'. [ 378.587002][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.593391][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.568301][ T9583] netlink: 'syz.3.2261': attribute type 1 has an invalid length. [ 379.603661][ T9583] netlink: 112865 bytes leftover after parsing attributes in process `syz.3.2261'. [ 379.864112][ T11] wlan1: Trigger new scan to find an IBSS to join [ 381.729351][ T9619] netlink: 'syz.1.2277': attribute type 1 has an invalid length. [ 381.742886][ T9619] netlink: 112865 bytes leftover after parsing attributes in process `syz.1.2277'. [ 384.618885][ T9660] netlink: 'syz.4.2295': attribute type 7 has an invalid length. [ 384.643905][ T9660] netlink: 191184 bytes leftover after parsing attributes in process `syz.4.2295'. [ 384.826332][ T4352] wlan1: Trigger new scan to find an IBSS to join [ 385.664785][ T9672] netlink: 63503 bytes leftover after parsing attributes in process `syz.4.2302'. [ 385.689729][ T9681] netlink: 168 bytes leftover after parsing attributes in process `syz.1.2305'. [ 385.853211][ T56] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00 [ 386.057336][ T9691] netlink: 'syz.0.2308': attribute type 39 has an invalid length. [ 386.602000][ T9707] netlink: 168 bytes leftover after parsing attributes in process `syz.4.2317'. [ 386.979846][ T9716] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.2320'. [ 387.053161][ T32] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 387.079311][ T32] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 387.117694][ T32] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 387.137442][ T32] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 387.168041][ T32] device bridge_slave_1 left promiscuous mode [ 387.195960][ T32] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.223192][ T32] device bridge_slave_0 left promiscuous mode [ 387.242365][ T32] bridge0: port 1(bridge_slave_0) entered disabled state [ 387.310296][ T32] device veth1_macvtap left promiscuous mode [ 387.327529][ T32] device veth0_macvtap left promiscuous mode [ 387.336372][ T32] device veth1_vlan left promiscuous mode [ 387.342391][ T32] device veth0_vlan left promiscuous mode [ 388.392350][ T32] team0 (unregistering): Port device team_slave_1 removed [ 388.470503][ T32] team0 (unregistering): Port device team_slave_0 removed [ 388.530492][ T32] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 388.577462][ T32] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 388.860145][ T32] bond0 (unregistering): Released all slaves [ 388.966694][ T9732] netlink: 'syz.2.2326': attribute type 22 has an invalid length. [ 388.980138][ T9744] netlink: 168 bytes leftover after parsing attributes in process `syz.0.2333'. [ 389.519939][ T9765] netlink: 'syz.3.2342': attribute type 9 has an invalid length. [ 389.576275][ T9765] netlink: 207496 bytes leftover after parsing attributes in process `syz.3.2342'. [ 392.937155][ T9834] netlink: 'syz.1.2374': attribute type 39 has an invalid length. [ 394.120898][ T9861] netlink: 'syz.2.2387': attribute type 9 has an invalid length. [ 394.142319][ T9861] netlink: 207496 bytes leftover after parsing attributes in process `syz.2.2387'. [ 396.517935][ T9901] netlink: 'syz.1.2402': attribute type 9 has an invalid length. [ 396.538869][ T9901] netlink: 207496 bytes leftover after parsing attributes in process `syz.1.2402'. [ 397.787295][ T9917] ref_ctr_offset mismatch. inode: 0x9d5 offset: 0x0 ref_ctr_offset(old): 0x7602 ref_ctr_offset(new): 0x0 [ 401.144084][ T48] Bluetooth: hci2: command 0x0406 tx timeout [ 415.881659][ T56] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 416.911010][ T4361] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 417.161683][T10196] ref_ctr_offset mismatch. inode: 0xa00 offset: 0x0 ref_ctr_offset(old): 0x7602 ref_ctr_offset(new): 0x0 [ 419.875164][T10251] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2554'. [ 419.931029][T10251] device hsr_slave_0 left promiscuous mode [ 420.023641][T10251] device hsr_slave_1 left promiscuous mode [ 427.488708][T10335] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2584'. [ 427.560631][T10335] device hsr_slave_0 left promiscuous mode [ 427.633944][T10335] device hsr_slave_1 left promiscuous mode [ 430.296145][T10370] device syzkaller0 entered promiscuous mode [ 430.851064][ T4271] Bluetooth: hci3: Malformed LE Event: 0x02 [ 434.519205][T10381] netlink: 'syz.0.2607': attribute type 9 has an invalid length. [ 434.825272][ T4271] Bluetooth: hci0: Malformed LE Event: 0x02 [ 435.385286][T10439] netlink: 'syz.3.2629': attribute type 9 has an invalid length. [ 436.367606][T10471] netlink: 'syz.4.2645': attribute type 9 has an invalid length. [ 438.366895][T10512] netlink: 'syz.2.2661': attribute type 9 has an invalid length. [ 440.032800][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.039278][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.561667][ T4271] Bluetooth: hci1: Malformed LE Event: 0x02 [ 441.198192][T10560] device syzkaller0 entered promiscuous mode [ 444.704083][T10631] device syzkaller0 entered promiscuous mode [ 445.446011][T10658] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2727'. [ 446.078408][T10671] netlink: 'syz.4.2731': attribute type 3 has an invalid length. [ 446.100776][T10671] netlink: 'syz.4.2731': attribute type 1 has an invalid length. [ 446.109408][T10671] netlink: 60387 bytes leftover after parsing attributes in process `syz.4.2731'. [ 448.139948][ T4352] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 448.606043][T10696] cgroup: fork rejected by pids controller in /syz0 [ 449.531466][T10722] device syzkaller0 entered promiscuous mode [ 449.616664][T10724] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 450.631653][ T4271] Bluetooth: hci0: Malformed HCI Event [ 451.231512][ T48] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 451.246974][ T48] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 451.255067][ T48] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 451.278538][ T48] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 451.295951][ T48] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 451.304105][ T48] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 452.524056][ T32] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.628893][ T32] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.750281][ T32] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.839643][T10740] cgroup: fork rejected by pids controller in /syz4 [ 452.938112][ T32] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.271466][T10733] chnl_net:caif_netlink_parms(): no params data found [ 453.383877][ T4271] Bluetooth: hci4: command 0x0409 tx timeout [ 455.464282][ T4271] Bluetooth: hci4: command 0x041b tx timeout [ 456.076015][ T4271] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18 [ 456.083928][ T4271] Bluetooth: hci1: Invalid handle: 0xffff > 0x0eff [ 456.853091][ T48] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 456.868947][ T48] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 456.883678][ T48] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 456.895140][ T48] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 456.907209][ T48] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 456.914703][ T48] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 457.547043][ T48] Bluetooth: hci4: command 0x040f tx timeout [ 458.208339][T10733] bridge0: port 1(bridge_slave_0) entered blocking state [ 458.227676][T10733] bridge0: port 1(bridge_slave_0) entered disabled state [ 458.238424][T10733] device bridge_slave_0 entered promiscuous mode [ 458.339382][T10733] bridge0: port 2(bridge_slave_1) entered blocking state [ 458.358672][T10733] bridge0: port 2(bridge_slave_1) entered disabled state [ 458.369484][T10733] device bridge_slave_1 entered promiscuous mode [ 458.459440][T10733] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 458.501530][T10733] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 458.540860][T10733] team0: Port device team_slave_0 added [ 458.572522][T10733] team0: Port device team_slave_1 added [ 458.643731][T10733] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 458.650747][T10733] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 458.706469][T10733] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 458.738219][T10733] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 458.749544][T10733] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 458.781702][T10733] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 458.879547][T10733] device hsr_slave_0 entered promiscuous mode [ 458.887570][T10733] device hsr_slave_1 entered promiscuous mode [ 458.895506][T10733] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 458.903129][T10733] Cannot create hsr debugfs directory [ 458.983864][ T48] Bluetooth: hci3: command 0x0409 tx timeout [ 459.107684][T10800] chnl_net:caif_netlink_parms(): no params data found [ 459.401273][T10800] bridge0: port 1(bridge_slave_0) entered blocking state [ 459.411752][T10800] bridge0: port 1(bridge_slave_0) entered disabled state [ 459.421361][T10800] device bridge_slave_0 entered promiscuous mode [ 459.440584][T10800] bridge0: port 2(bridge_slave_1) entered blocking state [ 459.448778][T10800] bridge0: port 2(bridge_slave_1) entered disabled state [ 459.457462][T10800] device bridge_slave_1 entered promiscuous mode [ 459.510447][ T32] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 459.518400][ T32] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 459.526464][ T32] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 459.534002][ T32] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 459.541702][ T32] device bridge_slave_1 left promiscuous mode [ 459.548930][ T32] bridge0: port 2(bridge_slave_1) entered disabled state [ 459.561088][ T32] device bridge_slave_0 left promiscuous mode [ 459.567471][ T32] bridge0: port 1(bridge_slave_0) entered disabled state [ 459.588915][ T32] device veth1_macvtap left promiscuous mode [ 459.595983][ T32] device veth0_macvtap left promiscuous mode [ 459.602627][ T32] device veth1_vlan left promiscuous mode [ 459.608813][ T32] device veth0_vlan left promiscuous mode [ 459.623703][ T48] Bluetooth: hci4: command 0x0419 tx timeout [ 460.062278][ T32] team0 (unregistering): Port device team_slave_1 removed [ 460.101618][ T32] team0 (unregistering): Port device team_slave_0 removed [ 460.139866][ T32] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 460.179549][ T32] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 460.455944][ T32] bond0 (unregistering): Released all slaves [ 460.551462][T10800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 460.591773][T10800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 460.648911][T10800] team0: Port device team_slave_0 added [ 460.678505][T10800] team0: Port device team_slave_1 added [ 460.711023][T10800] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 460.718173][T10800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 460.756375][T10800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 460.772145][T10800] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 460.779797][T10800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 460.807407][T10800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 460.871492][T10800] device hsr_slave_0 entered promiscuous mode [ 460.878403][T10800] device hsr_slave_1 entered promiscuous mode [ 460.885434][T10800] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 460.893036][T10800] Cannot create hsr debugfs directory [ 460.906152][T10733] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 460.937362][T10733] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 460.948969][T10733] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 460.958668][T10733] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 461.063849][ T48] Bluetooth: hci3: command 0x041b tx timeout [ 461.140157][T10733] 8021q: adding VLAN 0 to HW filter on device bond0 [ 461.191055][T10800] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.218130][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 461.226268][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 461.253184][T10733] 8021q: adding VLAN 0 to HW filter on device team0 [ 461.280967][T10800] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.315188][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 461.334255][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 461.347024][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 461.354191][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 461.378551][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 461.402659][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 461.411617][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 461.418806][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 461.434584][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 461.448112][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 461.474307][T10800] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.495506][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 461.516094][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 461.526498][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 461.541266][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 461.558087][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 461.570540][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 461.630147][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 461.642298][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 461.657910][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 461.668826][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 461.695345][T10800] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.756555][T10733] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 462.008538][T10800] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 462.030285][T10800] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 462.098875][T10800] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 462.112379][T10800] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 462.290288][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 462.304244][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 462.326115][T10733] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 462.391889][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 462.402990][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 462.422027][T10800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 462.496067][T10800] 8021q: adding VLAN 0 to HW filter on device team0 [ 462.506794][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 462.521659][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 462.552730][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 462.566495][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 462.581639][T10733] device veth0_vlan entered promiscuous mode [ 462.604985][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 462.628122][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 462.639628][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 462.652123][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 462.663340][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 462.670554][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 462.691259][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 462.700305][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 462.715283][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 462.722442][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 462.742652][T10733] device veth1_vlan entered promiscuous mode [ 462.759907][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 462.781847][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 462.815751][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 462.900960][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 462.910213][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 462.951179][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 462.963373][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 462.972558][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 462.984487][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 463.000506][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 463.009561][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 463.026603][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 463.046339][T10733] device veth0_macvtap entered promiscuous mode [ 463.108310][T10800] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 463.120611][T10800] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 463.132522][ T4351] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 463.143661][ T48] Bluetooth: hci3: command 0x040f tx timeout [ 463.150283][ T4351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 463.161318][ T4351] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 463.175998][T10733] device veth1_macvtap entered promiscuous mode [ 463.198396][ T32] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 463.206610][ T32] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 463.224850][ T32] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 463.232317][ T32] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 463.242709][ T32] bridge0: port 3(team0) entered disabled state [ 463.257310][ T32] device bridge_slave_1 left promiscuous mode [ 463.267229][ T32] bridge0: port 2(bridge_slave_1) entered disabled state [ 463.278577][ T32] device bridge_slave_0 left promiscuous mode [ 463.288004][ T32] bridge0: port 1(bridge_slave_0) entered disabled state [ 463.329270][ T32] device veth1_macvtap left promiscuous mode [ 463.338029][ T32] device veth0_macvtap left promiscuous mode [ 463.349446][ T32] device veth1_vlan left promiscuous mode [ 463.811328][ T32] device team_slave_1 left promiscuous mode [ 463.819786][ T32] team0 (unregistering): Port device team_slave_1 removed [ 463.856756][ T32] device team_slave_0 left promiscuous mode [ 463.863678][ T32] team0 (unregistering): Port device team_slave_0 removed [ 463.901582][ T32] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 463.942115][ T32] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 464.207141][ T32] bond0 (unregistering): Released all slaves [ 464.296576][ T4351] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 464.319636][T10733] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 464.344096][T10733] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.354433][T10733] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 464.365881][T10733] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.377606][T10733] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 464.390464][ T4351] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 464.422280][ T4351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 464.450361][T10733] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 464.461796][T10733] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.472165][T10733] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 464.482970][T10733] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 464.499931][T10733] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 464.512004][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 464.528196][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 464.544598][T10733] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.559491][T10733] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.569609][T10733] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.586909][T10733] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.643677][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 464.652278][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 464.677734][T10800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 464.719111][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 464.744605][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 464.755975][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 464.790860][ T4361] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 464.803625][ T4361] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 464.812941][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 465.152297][T10878] device syzkaller0 entered promiscuous mode [ 465.223936][ T48] Bluetooth: hci3: command 0x0419 tx timeout [ 465.916684][T10900] cgroup: fork rejected by pids controller in /syz3 [ 467.550894][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 467.589645][ T4361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 467.759100][ T32] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 467.790755][T10800] device veth0_vlan entered promiscuous mode [ 467.809117][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 467.820081][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 467.856324][ T32] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 467.893072][T10800] device veth1_vlan entered promiscuous mode [ 467.909326][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 467.919351][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 467.930763][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 467.972129][ T32] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 468.033359][T10800] device veth0_macvtap entered promiscuous mode [ 468.107900][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 468.129016][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 468.153660][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 468.177198][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 468.221304][T10923] netlink: 'syz.1.2795': attribute type 3 has an invalid length. [ 468.259764][T10923] netlink: 'syz.1.2795': attribute type 1 has an invalid length. [ 468.283824][T10923] netlink: 60387 bytes leftover after parsing attributes in process `syz.1.2795'. [ 468.483273][ T48] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 468.492589][ T48] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 468.500578][ T48] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 468.510466][ T48] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 468.520115][ T48] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 468.528323][ T48] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 468.953052][ T32] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.018495][T10800] device veth1_macvtap entered promiscuous mode [ 469.133204][T10800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 469.153594][T10800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.171120][T10800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 469.192202][T10800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.210379][T10800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 469.237799][T10800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.256803][T10800] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 469.307530][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 469.325098][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 469.394506][T10800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 469.434089][T10800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.468789][T10800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 469.503990][T10800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.525476][T10800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 469.553545][T10800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.573362][T10800] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 469.651306][ T4352] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 469.672312][ T4352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 469.699448][T10800] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.738776][T10800] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.763604][T10800] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.772418][T10800] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 470.436466][ T4361] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 470.455935][ T4361] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 470.544799][ T4352] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 470.594704][ T48] Bluetooth: hci1: command 0x0409 tx timeout [ 470.687324][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 470.722827][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 470.779859][T10926] chnl_net:caif_netlink_parms(): no params data found [ 472.671140][ T48] Bluetooth: hci1: command 0x041b tx timeout [ 474.520198][ T4352] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 474.753740][ T48] Bluetooth: hci1: command 0x040f tx timeout [ 475.042489][T10926] bridge0: port 1(bridge_slave_0) entered blocking state [ 475.063937][T10926] bridge0: port 1(bridge_slave_0) entered disabled state [ 475.097975][T10926] device bridge_slave_0 entered promiscuous mode [ 475.200228][T10926] bridge0: port 2(bridge_slave_1) entered blocking state [ 475.230920][T10926] bridge0: port 2(bridge_slave_1) entered disabled state [ 475.245821][T10926] device bridge_slave_1 entered promiscuous mode [ 475.485875][T10926] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 475.523012][T10926] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 475.687252][T10926] team0: Port device team_slave_0 added [ 475.754327][T10926] team0: Port device team_slave_1 added [ 475.956961][T11028] netlink: 16083 bytes leftover after parsing attributes in process `syz.1.2829'. [ 476.051902][T10926] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 476.086427][T10926] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 476.210063][T11040] sctp: [Deprecated]: syz.2.2833 (pid 11040) Use of int in maxseg socket option. [ 476.210063][T11040] Use struct sctp_assoc_value instead [ 476.234770][T10926] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 476.350041][T10926] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 476.363835][T10926] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 476.481824][T10926] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 476.559117][ T32] device hsr_slave_0 left promiscuous mode [ 476.569341][ T32] device hsr_slave_1 left promiscuous mode [ 476.580508][ T32] device bridge_slave_1 left promiscuous mode [ 476.587342][ T32] bridge0: port 2(bridge_slave_1) entered disabled state [ 476.610260][ T32] device bridge_slave_0 left promiscuous mode [ 476.620216][ T32] bridge0: port 1(bridge_slave_0) entered disabled state [ 476.719526][ T32] device veth1_macvtap left promiscuous mode [ 476.740799][ T32] device veth0_macvtap left promiscuous mode [ 476.747808][ T32] device veth1_vlan left promiscuous mode [ 476.759892][ T32] device veth0_vlan left promiscuous mode [ 476.823825][ T48] Bluetooth: hci1: command 0x0419 tx timeout [ 477.342518][T11073] netlink: 'syz.0.2843': attribute type 11 has an invalid length. [ 477.363175][T11073] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2843'. [ 477.385326][T11074] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 477.721709][ T32] team0 (unregistering): Port device team_slave_1 removed [ 477.763282][ T32] team0 (unregistering): Port device team_slave_0 removed [ 477.803948][ T32] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 477.851752][ T32] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 478.119575][ T32] bond0 (unregistering): Released all slaves [ 478.256735][T10926] device hsr_slave_0 entered promiscuous mode [ 478.270864][T10926] device hsr_slave_1 entered promiscuous mode [ 478.278686][T10926] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 478.286395][T10926] Cannot create hsr debugfs directory [ 478.306812][T11078] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.2845'. [ 478.660786][T11087] netlink: 'syz.1.2849': attribute type 10 has an invalid length. [ 478.691322][T11087] netlink: 3819 bytes leftover after parsing attributes in process `syz.1.2849'. [ 479.996016][T10926] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 480.024630][T10926] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 480.057697][T10926] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 480.105993][T10926] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 480.207787][T11119] netlink: 'syz.1.2858': attribute type 11 has an invalid length. [ 480.267036][T11119] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2858'. [ 480.320207][T11119] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 480.363988][T10926] 8021q: adding VLAN 0 to HW filter on device bond0 [ 480.404062][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 480.427809][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 480.467284][T10926] 8021q: adding VLAN 0 to HW filter on device team0 [ 480.501677][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 480.514758][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 480.545131][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 480.552283][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 480.634941][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 480.666209][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 480.685047][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 480.710360][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 480.717626][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 480.750206][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 480.786032][T11137] netlink: 'syz.4.2862': attribute type 10 has an invalid length. [ 480.795440][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 480.844594][T11137] netlink: 3819 bytes leftover after parsing attributes in process `syz.4.2862'. [ 480.895339][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 480.916150][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 480.954487][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 480.975594][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 481.044130][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 481.052364][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 481.078255][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 481.106718][T10926] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 481.125282][T10926] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 481.146301][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 481.165067][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 482.348320][ T4352] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 482.379202][ T4352] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 482.417397][T10926] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 482.431120][T11183] sctp: [Deprecated]: syz.0.2876 (pid 11183) Use of int in maxseg socket option. [ 482.431120][T11183] Use struct sctp_assoc_value instead [ 482.632173][ T4352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 482.658357][ T4352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 482.717474][T11192] netlink: 'syz.0.2878': attribute type 10 has an invalid length. [ 482.742181][T11192] netlink: 3819 bytes leftover after parsing attributes in process `syz.0.2878'. [ 482.784845][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 482.797408][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 482.827980][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 482.837402][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 482.869561][T10926] device veth0_vlan entered promiscuous mode [ 482.949111][T10926] device veth1_vlan entered promiscuous mode [ 483.089313][T10926] device veth0_macvtap entered promiscuous mode [ 483.110583][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 483.128367][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 483.163044][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 483.203246][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 483.247184][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 483.306289][T10926] device veth1_macvtap entered promiscuous mode [ 483.420594][T10926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 483.441730][T10926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.522492][T10926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 483.597631][T10926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.648411][T10926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 483.710794][T10926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.751471][T10926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 483.812678][T10926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.873777][T10926] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 483.884878][ T4352] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 483.908651][ T4352] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 483.974054][ T4352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 484.031254][T10926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 484.123540][T10926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 484.159179][T10926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 484.247283][T10926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 484.273294][T10926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 484.298690][T10926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 484.315519][T10926] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 484.331063][T10926] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 484.375909][T10926] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 484.448250][ T4352] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 484.478105][ T4352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 484.539167][T10926] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.607379][T10926] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.656781][T10926] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.709324][T10926] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.526596][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.543491][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 487.555755][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 487.664636][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.678764][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 487.759246][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 494.452363][T11363] netlink: 'syz.4.2926': attribute type 2 has an invalid length. [ 494.503888][T11363] netlink: 'syz.4.2926': attribute type 8 has an invalid length. [ 494.542316][T11363] netlink: 'syz.4.2926': attribute type 9 has an invalid length. [ 494.609864][T11363] netlink: 'syz.4.2926': attribute type 10 has an invalid length. [ 494.691592][T11363] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2926'. [ 501.466449][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.473077][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 506.255339][T11505] netlink: 'syz.0.2987': attribute type 1 has an invalid length. [ 506.272738][T11505] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.2987'. [ 507.673598][T11515] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.2992'. [ 508.696478][T11535] netlink: 'syz.1.3001': attribute type 1 has an invalid length. [ 508.732880][T11535] netlink: 105120 bytes leftover after parsing attributes in process `syz.1.3001'. [ 511.096960][T11594] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.3026'. [ 512.069567][T11617] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3036'. [ 512.676476][T11639] netlink: 'syz.0.3048': attribute type 33 has an invalid length. [ 512.703883][T11639] netlink: 164 bytes leftover after parsing attributes in process `syz.0.3048'. [ 512.723285][T11641] netlink: 14 bytes leftover after parsing attributes in process `syz.4.3049'. [ 512.838935][T11641] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 512.879189][T11641] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 512.928511][T11641] bond0 (unregistering): Released all slaves [ 513.099253][T11651] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3052'. [ 513.191849][T11649] netlink: 'syz.3.3062': attribute type 1 has an invalid length. [ 513.229305][T11649] netlink: 105120 bytes leftover after parsing attributes in process `syz.3.3062'. [ 514.098102][T11677] netlink: 64859 bytes leftover after parsing attributes in process `syz.1.3066'. [ 514.925810][T11683] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3068'. [ 514.970887][T11685] netlink: 'syz.2.3069': attribute type 1 has an invalid length. [ 514.980224][T11685] netlink: 105120 bytes leftover after parsing attributes in process `syz.2.3069'. [ 516.272489][T11716] netlink: 'syz.4.3082': attribute type 33 has an invalid length. [ 516.315825][T11716] netlink: 164 bytes leftover after parsing attributes in process `syz.4.3082'. [ 516.410838][T11720] netlink: 14 bytes leftover after parsing attributes in process `syz.3.3084'. [ 516.563243][T11720] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 516.603072][T11720] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 516.644617][T11720] bond0 (unregistering): Released all slaves [ 517.136054][T11743] netlink: 'syz.4.3091': attribute type 1 has an invalid length. [ 517.183957][T11743] netlink: 105120 bytes leftover after parsing attributes in process `syz.4.3091'. [ 518.118642][T11769] netlink: 14 bytes leftover after parsing attributes in process `syz.2.3105'. [ 518.261774][T11769] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 518.396521][T11769] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 518.444455][T11769] bond0 (unregistering): Released all slaves [ 519.880799][T11809] netlink: 14 bytes leftover after parsing attributes in process `syz.1.3125'. [ 520.002199][T11809] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 520.052745][T11809] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 520.075486][T11809] bond0 (unregistering): Released all slaves [ 521.922181][T11850] netlink: 14 bytes leftover after parsing attributes in process `syz.0.3141'. [ 522.074189][ T48] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18 [ 522.090195][T11850] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 522.136122][T11850] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 522.161783][T11850] bond0 (unregistering): Released all slaves [ 524.103938][ T48] Bluetooth: hci1: command 0x2016 tx timeout [ 524.740996][T11879] netlink: 'syz.3.3166': attribute type 39 has an invalid length. [ 526.260491][ T48] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 526.270051][ T48] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0' [ 526.279599][ T48] CPU: 1 PID: 48 Comm: kworker/u5:0 Not tainted syzkaller #0 [ 526.287038][ T48] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 526.297161][ T48] Workqueue: hci0 hci_rx_work [ 526.301920][ T48] Call Trace: [ 526.305249][ T48] [ 526.308246][ T48] dump_stack_lvl+0x188/0x24e [ 526.313010][ T48] ? show_regs_print_info+0x12/0x12 [ 526.318282][ T48] ? load_image+0x400/0x400 [ 526.322912][ T48] sysfs_create_dir_ns+0x26a/0x290 [ 526.328099][ T48] ? sysfs_warn_dup+0xa0/0xa0 [ 526.332877][ T48] ? do_raw_spin_unlock+0x11d/0x230 [ 526.338143][ T48] kobject_add_internal+0x61c/0xcc0 [ 526.343396][ T48] kobject_add+0x160/0x230 [ 526.347873][ T48] ? kobject_init+0x1d0/0x1d0 [ 526.352597][ T48] ? klist_children_get+0x50/0x50 [ 526.357649][ T48] ? get_device_parent+0x121/0x3f0 [ 526.362798][ T48] device_add+0x483/0xfb0 [ 526.367170][ T48] ? kmem_cache_free+0xf7/0x290 [ 526.372062][ T48] hci_conn_add_sysfs+0xd1/0x1e0 [ 526.377084][ T48] le_conn_complete_evt+0x105f/0x1670 [ 526.382496][ T48] ? le_conn_complete_evt+0xe6/0x1670 [ 526.387901][ T48] ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0 [ 526.394174][ T48] ? bt_info+0x180/0x180 [ 526.398448][ T48] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 526.404119][ T48] ? skb_pull_data+0xf7/0x200 [ 526.408835][ T48] hci_le_conn_complete_evt+0x183/0x440 [ 526.414408][ T48] ? hci_remote_host_features_evt+0x270/0x270 [ 526.420505][ T48] hci_event_packet+0x7b6/0x1280 [ 526.425472][ T48] ? bis_list+0x280/0x280 [ 526.429836][ T48] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 526.435761][ T48] ? kcov_remote_start+0x4c7/0x7e0 [ 526.440888][ T48] ? mt_dump_node+0x8f0/0x1920 [ 526.445704][ T48] ? hci_send_to_monitor+0x9c/0x4a0 [ 526.450939][ T48] hci_rx_work+0x3eb/0xd40 [ 526.455384][ T48] ? _raw_spin_unlock+0x40/0x40 [ 526.460311][ T48] ? process_one_work+0x7b0/0x1160 [ 526.465464][ T48] process_one_work+0x8a2/0x1160 [ 526.470434][ T48] ? worker_detach_from_pool+0x240/0x240 [ 526.476101][ T48] ? _raw_spin_lock_irq+0xb7/0xf0 [ 526.481196][ T48] ? _raw_spin_lock_irqsave+0x100/0x100 [ 526.486828][ T48] ? kthread_data+0x4b/0xc0 [ 526.491369][ T48] worker_thread+0xaa2/0x1270 [ 526.496099][ T48] kthread+0x29d/0x330 [ 526.500214][ T48] ? worker_clr_flags+0x1a0/0x1a0 [ 526.505324][ T48] ? kthread_blkcg+0xd0/0xd0 [ 526.509963][ T48] ret_from_fork+0x1f/0x30 [ 526.514461][ T48] [ 526.519943][ T48] kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 526.533493][ T48] Bluetooth: hci0: failed to register connection device [ 527.170954][T11934] netlink: 'syz.2.3181': attribute type 8 has an invalid length. [ 527.203737][T11934] netlink: 'syz.2.3181': attribute type 9 has an invalid length. [ 527.225429][T11934] netlink: 'syz.2.3181': attribute type 10 has an invalid length. [ 527.242656][T11934] netlink: 'syz.2.3181': attribute type 11 has an invalid length. [ 527.252657][T11934] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3181'. [ 527.417106][T11940] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.3184'. [ 527.542981][T11948] netlink: 'syz.1.3195': attribute type 2 has an invalid length. [ 527.633703][T11948] netlink: 17267 bytes leftover after parsing attributes in process `syz.1.3195'. [ 528.152469][ T48] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18 [ 528.160501][ T48] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0' [ 528.170709][ T48] CPU: 1 PID: 48 Comm: kworker/u5:0 Not tainted syzkaller #0 [ 528.178227][ T48] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 528.188337][ T48] Workqueue: hci2 hci_rx_work [ 528.193085][ T48] Call Trace: [ 528.196404][ T48] [ 528.199409][ T48] dump_stack_lvl+0x188/0x24e [ 528.204146][ T48] ? show_regs_print_info+0x12/0x12 [ 528.209398][ T48] ? load_image+0x400/0x400 [ 528.213960][ T48] sysfs_create_dir_ns+0x26a/0x290 [ 528.219123][ T48] ? sysfs_warn_dup+0xa0/0xa0 [ 528.223938][ T48] ? do_raw_spin_unlock+0x11d/0x230 [ 528.229182][ T48] kobject_add_internal+0x61c/0xcc0 [ 528.234414][ T48] kobject_add+0x160/0x230 [ 528.238867][ T48] ? kobject_init+0x1d0/0x1d0 [ 528.243600][ T48] ? klist_children_get+0x50/0x50 [ 528.248645][ T48] ? get_device_parent+0x121/0x3f0 [ 528.253790][ T48] device_add+0x483/0xfb0 [ 528.258173][ T48] ? kmem_cache_free+0xf7/0x290 [ 528.263083][ T48] hci_conn_add_sysfs+0xd1/0x1e0 [ 528.268053][ T48] le_conn_complete_evt+0x105f/0x1670 [ 528.273463][ T48] ? le_conn_complete_evt+0xe6/0x1670 [ 528.278862][ T48] ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0 [ 528.285128][ T48] ? bt_info+0x180/0x180 [ 528.289404][ T48] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 528.295100][ T48] ? skb_pull_data+0xf7/0x200 [ 528.299822][ T48] hci_le_conn_complete_evt+0x183/0x440 [ 528.305403][ T48] ? hci_remote_host_features_evt+0x270/0x270 [ 528.311498][ T48] hci_event_packet+0x7b6/0x1280 [ 528.316490][ T48] ? bis_list+0x280/0x280 [ 528.320844][ T48] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 528.326762][ T48] ? kcov_remote_start+0x4c7/0x7e0 [ 528.331894][ T48] ? mt_dump_node+0x8f0/0x1920 [ 528.336704][ T48] ? hci_send_to_monitor+0x9c/0x4a0 [ 528.341931][ T48] hci_rx_work+0x3eb/0xd40 [ 528.346369][ T48] ? _raw_spin_unlock+0x40/0x40 [ 528.351253][ T48] ? process_one_work+0x7b0/0x1160 [ 528.356477][ T48] process_one_work+0x8a2/0x1160 [ 528.361466][ T48] ? worker_detach_from_pool+0x240/0x240 [ 528.367132][ T48] ? _raw_spin_lock_irq+0x86/0xf0 [ 528.372200][ T48] ? _raw_spin_lock_irq+0xb7/0xf0 [ 528.377264][ T48] ? _raw_spin_lock_irqsave+0x100/0x100 [ 528.382846][ T48] ? kthread_data+0x4b/0xc0 [ 528.387380][ T48] worker_thread+0xaa2/0x1270 [ 528.392121][ T48] kthread+0x29d/0x330 [ 528.396254][ T48] ? worker_clr_flags+0x1a0/0x1a0 [ 528.401331][ T48] ? kthread_blkcg+0xd0/0xd0 [ 528.405991][ T48] ret_from_fork+0x1f/0x30 [ 528.410529][ T48] [ 528.423808][ T48] kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 528.437258][ T48] Bluetooth: hci2: failed to register connection device [ 528.585381][ T48] Bluetooth: hci0: command 0x2016 tx timeout [ 528.771018][T11958] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.3191'. [ 528.991003][T11963] bridge0: port 1(bridge_slave_0) entered disabled state [ 529.930686][ T48] Bluetooth: hci0: unexpected event 0x01 length: 15 > 1 [ 530.268741][T11982] netlink: 'syz.1.3213': attribute type 39 has an invalid length. [ 530.513926][ T48] Bluetooth: hci2: command 0x2016 tx timeout [ 530.636389][T11991] netlink: 'syz.0.3216': attribute type 2 has an invalid length. [ 530.710588][T11991] netlink: 17267 bytes leftover after parsing attributes in process `syz.0.3216'. [ 530.842138][ T48] Bluetooth: hci2: unexpected event 0x01 length: 15 > 1 [ 530.906625][ T48] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 531.411334][T12017] netlink: 15999 bytes leftover after parsing attributes in process `syz.3.3220'. [ 531.697126][T12022] device syzkaller0 entered promiscuous mode [ 531.901823][ T48] Bluetooth: hci1: unexpected event 0x01 length: 15 > 1 [ 532.071546][T12030] netlink: 'syz.0.3224': attribute type 2 has an invalid length. [ 532.987421][ T48] Bluetooth: hci3: command 0x2016 tx timeout [ 533.771920][T12030] device .d entered promiscuous mode [ 534.039848][ T4271] Bluetooth: hci4: unexpected subevent 0x01 length: 150 > 18 [ 534.637886][T12052] netlink: 'syz.4.3236': attribute type 8 has an invalid length. [ 534.673445][T12052] netlink: 'syz.4.3236': attribute type 9 has an invalid length. [ 534.701909][T12052] netlink: 'syz.4.3236': attribute type 10 has an invalid length. [ 534.720342][T12052] netlink: 'syz.4.3236': attribute type 11 has an invalid length. [ 534.753698][T12052] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3236'. [ 534.942499][T12062] netlink: 15999 bytes leftover after parsing attributes in process `syz.0.3239'. [ 536.103959][ T4271] Bluetooth: hci4: command 0x2016 tx timeout [ 538.001227][T12092] netlink: 'syz.0.3251': attribute type 8 has an invalid length. [ 538.020849][T12092] netlink: 'syz.0.3251': attribute type 9 has an invalid length. [ 538.049569][T12092] netlink: 'syz.0.3251': attribute type 10 has an invalid length. [ 538.078411][T12092] netlink: 'syz.0.3251': attribute type 11 has an invalid length. [ 538.108373][T12092] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3251'. [ 538.829214][T12105] netlink: 15999 bytes leftover after parsing attributes in process `syz.1.3255'. [ 541.206946][ T4271] Bluetooth: hci4: unexpected subevent 0x05 length: 150 > 12 [ 541.301389][T12137] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3267'. [ 543.107586][T12153] netlink: 161700 bytes leftover after parsing attributes in process `syz.4.3277'. [ 543.143358][T12153] openvswitch: netlink: Key 2 has unexpected len 41210 expected 4 [ 543.230834][ T4271] Bluetooth: hci4: command 0x201b tx timeout [ 545.451514][T12172] device syzkaller0 entered promiscuous mode [ 547.380868][T12193] netlink: 161700 bytes leftover after parsing attributes in process `syz.1.3292'. [ 547.398006][T12193] openvswitch: netlink: Key 2 has unexpected len 41210 expected 4 [ 547.577714][T12199] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3294'. [ 548.557176][T12214] device syzkaller0 entered promiscuous mode [ 549.015189][T12226] netlink: 161700 bytes leftover after parsing attributes in process `syz.0.3306'. [ 549.052962][T12226] openvswitch: netlink: Key 2 has unexpected len 41210 expected 4 [ 549.600970][T12242] netlink: 'syz.0.3312': attribute type 3 has an invalid length. [ 549.621436][T12242] netlink: 'syz.0.3312': attribute type 1 has an invalid length. [ 549.644857][T12242] netlink: 60387 bytes leftover after parsing attributes in process `syz.0.3312'. [ 549.970008][T12249] netlink: 'syz.3.3315': attribute type 29 has an invalid length. [ 551.643327][T12256] device syzkaller0 entered promiscuous mode [ 551.867012][ T4271] Bluetooth: hci3: unexpected subevent 0x05 length: 150 > 12 [ 553.921759][T12283] netlink: 'syz.1.3339': attribute type 3 has an invalid length. [ 553.935601][T12283] netlink: 'syz.1.3339': attribute type 1 has an invalid length. [ 553.947600][T12283] netlink: 60387 bytes leftover after parsing attributes in process `syz.1.3339'. [ 553.959892][ T4271] Bluetooth: hci3: command 0x201b tx timeout [ 554.265109][T12292] netlink: 'syz.1.3332': attribute type 29 has an invalid length. [ 555.898585][T12296] device syzkaller0 entered promiscuous mode [ 560.922713][T12327] device syzkaller0 entered promiscuous mode [ 561.082589][T12334] netlink: 'syz.2.3350': attribute type 29 has an invalid length. [ 562.906165][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.912602][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.236874][T12361] device syzkaller0 entered promiscuous mode [ 566.026399][T12387] device syzkaller0 entered promiscuous mode [ 568.194360][T12413] device syzkaller0 entered promiscuous mode [ 568.542760][T12426] netlink: 'syz.3.3381': attribute type 4 has an invalid length. [ 568.551535][T12426] netlink: 'syz.3.3381': attribute type 8 has an invalid length. [ 568.567697][T12426] netlink: 193092 bytes leftover after parsing attributes in process `syz.3.3381'. [ 573.849179][T12457] netlink: 'syz.1.3395': attribute type 4 has an invalid length. [ 573.877770][T12457] netlink: 'syz.1.3395': attribute type 8 has an invalid length. [ 573.902726][T12461] netlink: 126288 bytes leftover after parsing attributes in process `syz.0.3397'. [ 573.924534][T12457] netlink: 193092 bytes leftover after parsing attributes in process `syz.1.3395'. [ 574.229879][T12472] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3401'. [ 574.580832][T12472] team0: Port device team_slave_0 removed [ 574.630431][T12472] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 575.089594][T12490] device syzkaller0 entered promiscuous mode [ 575.223676][ T4271] Bluetooth: hci4: command 0x0406 tx timeout [ 576.847196][T12511] netlink: 'syz.4.3417': attribute type 4 has an invalid length. [ 576.856557][T12511] netlink: 'syz.4.3417': attribute type 8 has an invalid length. [ 576.864892][T12511] netlink: 193092 bytes leftover after parsing attributes in process `syz.4.3417'. [ 577.958294][T12517] netlink: 126288 bytes leftover after parsing attributes in process `syz.3.3419'. [ 580.343909][ T48] Bluetooth: hci3: command 0x0406 tx timeout [ 581.083938][T12552] netlink: 16083 bytes leftover after parsing attributes in process `syz.2.3436'. [ 581.906910][T12562] device syzkaller0 entered promiscuous mode [ 582.735813][T12566] sctp: [Deprecated]: syz.0.3451 (pid 12566) Use of struct sctp_assoc_value in delayed_ack socket option. [ 582.735813][T12566] Use struct sctp_sack_info instead [ 585.288917][T12590] netlink: 16083 bytes leftover after parsing attributes in process `syz.0.3450'. [ 587.615026][T12634] device syzkaller0 entered promiscuous mode [ 588.100018][T12649] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 590.663888][T12688] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 591.116189][T12696] device syzkaller0 entered promiscuous mode [ 591.931174][T12719] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 595.714098][ T4271] Bluetooth: hci1: command 0x0406 tx timeout [ 602.271305][T12942] netlink: 'syz.2.3609': attribute type 10 has an invalid length. [ 602.286130][T12942] netlink: 55 bytes leftover after parsing attributes in process `syz.2.3609'. [ 604.193623][T12979] netlink: 16083 bytes leftover after parsing attributes in process `syz.2.3623'. [ 606.200468][T13024] netlink: 16083 bytes leftover after parsing attributes in process `syz.3.3645'. [ 609.095626][T13059] netlink: 16083 bytes leftover after parsing attributes in process `syz.0.3662'. [ 612.309246][T13121] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:0603:0000:0023 with DS=0x3f [ 613.544280][T13153] netlink: 'syz.3.3703': attribute type 1 has an invalid length. [ 613.616858][T13153] netlink: 'syz.3.3703': attribute type 4 has an invalid length. [ 613.671063][T13153] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.3703'. [ 614.749479][ T4271] Bluetooth: hci2: Malformed LE Event: 0x1d [ 614.762837][T13182] netlink: 'syz.0.3718': attribute type 1 has an invalid length. [ 614.831459][T13182] netlink: 'syz.0.3718': attribute type 4 has an invalid length. [ 614.862789][T13182] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.3718'. [ 616.683054][T13239] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:0603:0000:0023 with DS=0x3f [ 617.392220][ T4271] Bluetooth: hci1: Malformed LE Event: 0x1d [ 617.606539][T13270] netlink: 'syz.4.3755': attribute type 14 has an invalid length. [ 617.723499][T13270] netlink: 63503 bytes leftover after parsing attributes in process `syz.4.3755'. [ 618.576736][ T4271] Bluetooth: hci4: Malformed LE Event: 0x1d [ 621.613166][T13365] netlink: 'syz.1.3798': attribute type 25 has an invalid length. [ 622.712516][T13394] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.3810'. [ 623.752200][ T4271] Bluetooth: hci1: Dropping invalid advertising data [ 623.759811][ T4271] Bluetooth: hci1: unknown advertising packet type: 0xff [ 623.759836][ T4271] Bluetooth: hci1: Malformed LE Event: 0x02 [ 623.904922][T13425] netlink: 'syz.4.3823': attribute type 17 has an invalid length. [ 623.939268][T13425] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3823'. [ 623.987285][T13425] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 624.377887][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.384296][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 628.628752][T13470] netlink: 'syz.3.3841': attribute type 25 has an invalid length. [ 634.343179][ T4271] Bluetooth: hci0: unexpected event 0x04 length: 15 > 10 [ 636.343684][ T4271] Bluetooth: hci0: command 0x0409 tx timeout [ 644.557828][T13652] netlink: 'syz.0.3934': attribute type 17 has an invalid length. [ 644.611204][T13652] netlink: 152 bytes leftover after parsing attributes in process `syz.0.3934'. [ 644.731065][T13652] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 649.108965][T13702] delete_channel: no stack [ 653.133512][ T48] Bluetooth: hci4: unknown advertising packet type: 0x80 [ 653.133585][ T48] Bluetooth: hci4: Malformed LE Event: 0x02 [ 653.542176][T13804] device syzkaller0 entered promiscuous mode [ 655.046131][ T48] Bluetooth: hci3: unknown advertising packet type: 0x80 [ 655.046204][ T48] Bluetooth: hci3: Malformed LE Event: 0x02 [ 655.394242][T13838] delete_channel: no stack [ 657.735247][T13858] netlink: 'syz.0.4019': attribute type 1 has an invalid length. [ 657.743048][T13858] netlink: 'syz.0.4019': attribute type 4 has an invalid length. [ 657.751321][T13858] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.4019'. [ 657.887579][T13866] netlink: 'syz.0.4022': attribute type 1 has an invalid length. [ 657.928109][T13866] netlink: 83992 bytes leftover after parsing attributes in process `syz.0.4022'. [ 658.963256][T13892] netlink: 'syz.1.4034': attribute type 3 has an invalid length. [ 659.017772][T13892] netlink: 13435 bytes leftover after parsing attributes in process `syz.1.4034'. [ 659.511299][T13906] netlink: 'syz.3.4040': attribute type 1 has an invalid length. [ 659.573603][T13906] netlink: 83992 bytes leftover after parsing attributes in process `syz.3.4040'. [ 659.706589][T13915] sctp: [Deprecated]: syz.4.4045 (pid 13915) Use of struct sctp_assoc_value in delayed_ack socket option. [ 659.706589][T13915] Use struct sctp_sack_info instead [ 659.908809][T13919] sctp: [Deprecated]: syz.2.4047 (pid 13919) Use of int in maxseg socket option. [ 659.908809][T13919] Use struct sctp_assoc_value instead [ 660.280705][T13929] netlink: 'syz.4.4054': attribute type 3 has an invalid length. [ 660.311472][T13929] netlink: 13435 bytes leftover after parsing attributes in process `syz.4.4054'. [ 660.991128][T13950] sctp: [Deprecated]: syz.3.4062 (pid 13950) Use of int in maxseg socket option. [ 660.991128][T13950] Use struct sctp_assoc_value instead [ 661.500933][T13967] netlink: 'syz.3.4070': attribute type 3 has an invalid length. [ 661.546325][T13967] netlink: 13435 bytes leftover after parsing attributes in process `syz.3.4070'. [ 662.499844][T13983] sctp: [Deprecated]: syz.0.4077 (pid 13983) Use of int in maxseg socket option. [ 662.499844][T13983] Use struct sctp_assoc_value instead [ 663.718437][T14001] sctp: [Deprecated]: syz.1.4087 (pid 14001) Use of struct sctp_assoc_value in delayed_ack socket option. [ 663.718437][T14001] Use struct sctp_sack_info instead [ 665.266097][T14034] netlink: 65039 bytes leftover after parsing attributes in process `syz.4.4101'. [ 665.941153][T14044] device syzkaller0 entered promiscuous mode [ 667.008686][T14073] sctp: [Deprecated]: syz.2.4116 (pid 14073) Use of struct sctp_assoc_value in delayed_ack socket option. [ 667.008686][T14073] Use struct sctp_sack_info instead [ 671.976097][T14115] sock: sock_timestamping_bind_phc: sock not bind to device [ 672.248819][T14126] netlink: 'syz.3.4142': attribute type 2 has an invalid length. [ 672.279513][T14126] netlink: 'syz.3.4142': attribute type 1 has an invalid length. [ 672.314825][T14126] netlink: 170140 bytes leftover after parsing attributes in process `syz.3.4142'. [ 673.483902][T14135] netlink: 65039 bytes leftover after parsing attributes in process `syz.3.4146'. [ 673.967882][T14146] device syzkaller0 entered promiscuous mode [ 675.050761][T14163] sock: sock_timestamping_bind_phc: sock not bind to device [ 677.090381][T14196] sock: sock_timestamping_bind_phc: sock not bind to device [ 681.763293][T14269] device syzkaller0 entered promiscuous mode [ 685.786522][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.792955][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 688.694008][T14357] device syzkaller0 entered promiscuous mode [ 692.170823][T14397] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.4252'. [ 697.575245][ T48] Bluetooth: hci4: unexpected event 0x31 length: 15 > 6 [ 699.975961][T14514] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.4302'. [ 702.820389][T14558] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.4322'. [ 710.259784][T14665] tap0: tun_chr_ioctl cmd 1074025675 [ 710.274041][T14665] tap0: persist disabled [ 713.658015][T14699] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.4379'. [ 713.720347][T14699] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.4379'. [ 713.761496][T14703] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.4379'. [ 713.851866][T14699] netlink: 4595 bytes leftover after parsing attributes in process `syz.3.4379'. [ 716.936327][T14740] netlink: 4595 bytes leftover after parsing attributes in process `syz.4.4393'. [ 716.937785][T14739] tap0: tun_chr_ioctl cmd 1074025675 [ 716.965331][T14739] tap0: persist disabled [ 717.017825][T14740] netlink: 4595 bytes leftover after parsing attributes in process `syz.4.4393'. [ 717.066627][T14741] netlink: 4595 bytes leftover after parsing attributes in process `syz.4.4393'. [ 717.113745][T14742] netlink: 4595 bytes leftover after parsing attributes in process `syz.4.4393'. [ 717.265333][T14750] netlink: 'syz.0.4398': attribute type 21 has an invalid length. [ 717.312466][T14750] netlink: 'syz.0.4398': attribute type 3 has an invalid length. [ 717.324818][T14750] netlink: 144 bytes leftover after parsing attributes in process `syz.0.4398'. [ 718.152057][T14787] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.4412'. [ 718.224245][T14789] netlink: 'syz.2.4414': attribute type 21 has an invalid length. [ 718.232269][T14789] netlink: 'syz.2.4414': attribute type 3 has an invalid length. [ 720.376571][T14829] netlink: 'syz.3.4431': attribute type 21 has an invalid length. [ 720.457783][T14829] netlink: 'syz.3.4431': attribute type 3 has an invalid length. [ 720.523690][T14829] __nla_validate_parse: 4 callbacks suppressed [ 720.523831][T14829] netlink: 144 bytes leftover after parsing attributes in process `syz.3.4431'. [ 726.611389][T14909] netlink: 194236 bytes leftover after parsing attributes in process `syz.0.4469'. [ 726.627022][T14909] netlink: zone id is out of range [ 726.633229][T14909] netlink: zone id is out of range [ 726.645246][T14909] netlink: get zone limit has 8 unknown bytes [ 731.309324][T14977] netlink: 194236 bytes leftover after parsing attributes in process `syz.4.4497'. [ 731.319653][T14977] netlink: zone id is out of range [ 731.325391][T14977] netlink: zone id is out of range [ 731.330929][T14977] netlink: get zone limit has 8 unknown bytes [ 731.982057][T14991] netlink: 134056 bytes leftover after parsing attributes in process `syz.3.4503'. [ 732.857532][T14991] syz.3.4503 (14991) used greatest stack depth: 18096 bytes left [ 734.820146][T15035] netlink: 134056 bytes leftover after parsing attributes in process `syz.1.4519'. [ 736.522872][T15035] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 736.533197][T15035] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 736.550258][T15035] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 736.574408][T15037] netlink: 'syz.0.4520': attribute type 10 has an invalid length. [ 736.582393][T15037] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 736.633195][T15037] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 739.716907][T15064] netlink: 2639 bytes leftover after parsing attributes in process `syz.4.4532'. [ 740.701910][T15082] netlink: 134056 bytes leftover after parsing attributes in process `syz.3.4541'. [ 743.120416][T15108] netlink: 2639 bytes leftover after parsing attributes in process `syz.2.4548'. [ 746.542412][T15082] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 746.551982][T15082] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 746.562067][T15082] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 746.905985][T15148] device syzkaller0 entered promiscuous mode [ 747.229180][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.235627][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.040220][T15175] netlink: 134056 bytes leftover after parsing attributes in process `syz.1.4581'. [ 749.878649][T15175] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 749.888312][T15182] netlink: 164 bytes leftover after parsing attributes in process `syz.3.4583'. [ 749.901824][T15183] netlink: 164 bytes leftover after parsing attributes in process `syz.3.4583'. [ 749.904521][T15175] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 749.921532][T15175] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 753.579783][T15227] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.4601'. [ 753.589200][T15231] netlink: 164 bytes leftover after parsing attributes in process `syz.4.4603'. [ 753.606011][T15232] netlink: 164 bytes leftover after parsing attributes in process `syz.4.4603'. [ 755.457902][T15281] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.4620'. [ 755.845725][T15285] netlink: 164 bytes leftover after parsing attributes in process `syz.0.4622'. [ 755.869188][T15285] netlink: 164 bytes leftover after parsing attributes in process `syz.0.4622'. [ 756.101118][T15287] device syzkaller0 entered promiscuous mode [ 756.994045][T15302] netlink: 134056 bytes leftover after parsing attributes in process `syz.4.4630'. [ 758.822181][T15320] netlink: 'syz.2.4635': attribute type 2 has an invalid length. [ 760.931591][T15302] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 760.941082][T15302] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 760.943814][T15338] netlink: 'syz.1.4643': attribute type 10 has an invalid length. [ 760.951134][T15302] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 760.984986][T15338] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4643'. [ 761.005751][T15338] batman_adv: batadv0: Adding interface: virt_wifi0 [ 761.012413][T15338] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 761.170081][T15338] batman_adv: batadv0: Interface activated: virt_wifi0 [ 763.600966][T15379] netlink: 134056 bytes leftover after parsing attributes in process `syz.2.4657'. [ 763.918221][T15381] device syzkaller0 entered promiscuous mode [ 765.899759][T15409] syz.3.4670[15409] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 765.900693][T15409] syz.3.4670[15409] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 767.127302][T15390] netlink: 'syz.4.4659': attribute type 10 has an invalid length. [ 767.147027][T15390] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4659'. [ 767.157993][T15390] batman_adv: batadv0: Adding interface: virt_wifi0 [ 767.173440][T15390] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 767.210285][T15390] batman_adv: batadv0: Interface activated: virt_wifi0 [ 767.221003][T15391] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.4663'. [ 767.348177][T15402] device syzkaller0 entered promiscuous mode [ 769.422475][T15420] __sock_release: fasync list not empty! [ 770.045641][T15431] netlink: 'syz.2.4679': attribute type 25 has an invalid length. [ 770.055002][T15431] netlink: 'syz.2.4679': attribute type 7 has an invalid length. [ 771.994045][T15458] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.4692'. [ 772.923568][T15477] syz.4.4699[15477] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 772.924315][T15477] syz.4.4699[15477] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 773.214769][T15483] __sock_release: fasync list not empty! [ 774.004838][T15503] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.4709'. [ 774.591290][T15517] __sock_release: fasync list not empty! [ 775.669203][T15549] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.4729'. [ 780.703115][T15541] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.4724'. [ 780.767819][T15592] netlink: 'syz.0.4746': attribute type 10 has an invalid length. [ 780.813789][T15592] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4746'. [ 780.885132][T15592] batman_adv: batadv0: Adding interface: virt_wifi0 [ 780.913713][T15592] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 780.978210][ T48] Bluetooth: hci2: unexpected event 0x04 length: 151 > 10 [ 781.001701][T15592] batman_adv: batadv0: Interface activated: virt_wifi0 [ 782.792981][T15628] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.4763'. [ 782.983810][ T48] Bluetooth: hci2: command 0x0409 tx timeout [ 787.669155][T15667] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.4779'. [ 790.536308][T15682] netlink: 'syz.2.4787': attribute type 8 has an invalid length. [ 790.544526][T15682] netlink: 'syz.2.4787': attribute type 9 has an invalid length. [ 790.552285][T15682] netlink: 'syz.2.4787': attribute type 10 has an invalid length. [ 790.560378][T15682] netlink: 'syz.2.4787': attribute type 11 has an invalid length. [ 790.568684][T15682] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4787'. [ 792.107024][T15726] netlink: 129384 bytes leftover after parsing attributes in process `syz.3.4804'. [ 792.394533][T15733] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.4806'. [ 796.070531][T15764] netlink: 'syz.3.4815': attribute type 10 has an invalid length. [ 796.079031][T15764] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4815'. [ 796.106098][T15764] batman_adv: batadv0: Adding interface: virt_wifi0 [ 796.112770][T15764] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 796.146031][T15764] batman_adv: batadv0: Interface activated: virt_wifi0 [ 797.590094][T15799] __sock_release: fasync list not empty! [ 801.594763][T15856] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4855'. [ 801.858362][T15863] netlink: 'syz.1.4862': attribute type 2 has an invalid length. [ 805.701985][T15892] netlink: 'syz.4.4881': attribute type 1 has an invalid length. [ 805.729383][T15892] netlink: 83992 bytes leftover after parsing attributes in process `syz.4.4881'. [ 808.676298][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.682953][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.324493][T15931] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.4886'. [ 809.474904][T15939] netlink: 'syz.1.4888': attribute type 1 has an invalid length. [ 809.503201][T15939] netlink: 83992 bytes leftover after parsing attributes in process `syz.1.4888'. [ 810.842619][T15971] netlink: 60 bytes leftover after parsing attributes in process `syz.4.4903'. [ 812.076568][T15981] netlink: 'syz.0.4906': attribute type 1 has an invalid length. [ 812.084443][T15981] netlink: 83992 bytes leftover after parsing attributes in process `syz.0.4906'. [ 812.330046][ T4271] Bluetooth: hci4: ISO packet too small [ 816.480576][T16027] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4927'. [ 818.203625][ T4271] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 819.704269][T16101] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.4956'. [ 819.959564][T16111] netlink: 'syz.0.4959': attribute type 10 has an invalid length. [ 820.016348][T16111] bridge0: port 2(bridge_slave_1) entered disabled state [ 820.025788][T16111] bridge0: port 1(bridge_slave_0) entered disabled state [ 820.063000][T16111] bridge0: port 2(bridge_slave_1) entered blocking state [ 820.070742][T16111] bridge0: port 2(bridge_slave_1) entered forwarding state [ 820.080017][T16111] bridge0: port 1(bridge_slave_0) entered blocking state [ 820.087624][T16111] bridge0: port 1(bridge_slave_0) entered forwarding state [ 820.264982][T16111] team0: Port device bridge0 added [ 820.299914][ T48] Bluetooth: hci1: ISO packet too small [ 822.034665][T16069] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 822.226686][T16069] Bluetooth: hci0: ISO packet too small [ 823.748509][T16069] Bluetooth: hci4: unexpected subevent 0x01 length: 150 > 18 [ 823.995374][T16069] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 825.461720][T16214] netlink: 161700 bytes leftover after parsing attributes in process `syz.4.5007'. [ 825.471660][T16214] openvswitch: netlink: Key 2 has unexpected len 41210 expected 4 [ 825.791962][ T48] Bluetooth: hci4: command 0x2016 tx timeout [ 825.969770][T16218] netlink: 161700 bytes leftover after parsing attributes in process `syz.4.5010'. [ 825.985801][T16218] openvswitch: netlink: Key 2 has unexpected len 41210 expected 4 [ 826.023819][ T48] Bluetooth: hci3: command 0x2016 tx timeout [ 827.975377][T16212] netlink: 'syz.1.5005': attribute type 10 has an invalid length. [ 827.984274][T16212] bridge0: port 2(bridge_slave_1) entered disabled state [ 827.992180][T16212] bridge0: port 1(bridge_slave_0) entered disabled state [ 828.011457][T16212] bridge0: port 2(bridge_slave_1) entered blocking state [ 828.018779][T16212] bridge0: port 2(bridge_slave_1) entered forwarding state [ 828.027612][T16212] bridge0: port 1(bridge_slave_0) entered blocking state [ 828.035435][T16212] bridge0: port 1(bridge_slave_0) entered forwarding state [ 828.070526][T16212] team0: Port device bridge0 added [ 828.076896][T16245] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5021'. [ 828.137590][T16245] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5021'. [ 828.166833][T16245] netlink: 33 bytes leftover after parsing attributes in process `syz.0.5021'. [ 828.221161][T16245] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5021'. [ 828.293269][T16245] netlink: 33 bytes leftover after parsing attributes in process `syz.0.5021'. [ 828.326326][T16245] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5021'. [ 828.339629][T16245] netlink: 33 bytes leftover after parsing attributes in process `syz.0.5021'. [ 829.928861][T16290] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5040'. [ 830.547238][T16310] __nla_validate_parse: 6 callbacks suppressed [ 830.547258][T16310] netlink: 14 bytes leftover after parsing attributes in process `syz.4.5050'. [ 831.036288][T16321] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5056'. [ 831.065591][T16321] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5056'. [ 831.095055][T16321] netlink: 33 bytes leftover after parsing attributes in process `syz.4.5056'. [ 831.113989][T16321] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5056'. [ 831.173971][T16321] netlink: 33 bytes leftover after parsing attributes in process `syz.4.5056'. [ 831.198119][T16321] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5056'. [ 831.232584][T16321] netlink: 33 bytes leftover after parsing attributes in process `syz.4.5056'. [ 831.263528][T16328] netlink: 14 bytes leftover after parsing attributes in process `syz.1.5068'. [ 832.947987][T16361] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5074'. [ 838.647151][T16460] __nla_validate_parse: 14 callbacks suppressed [ 838.647170][T16460] netlink: 60583 bytes leftover after parsing attributes in process `syz.1.5115'. [ 838.683797][T16460] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5115'. [ 838.693244][T16456] netlink: 'syz.0.5117': attribute type 10 has an invalid length. [ 838.701942][T16456] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5117'. [ 838.728367][T16456] bridge0: port 3(veth0_vlan) entered blocking state [ 838.746644][T16456] bridge0: port 3(veth0_vlan) entered disabled state [ 838.797995][T16456] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 840.385158][T16486] netlink: 60583 bytes leftover after parsing attributes in process `syz.0.5129'. [ 840.442794][T16486] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5129'. [ 840.516941][T16492] netlink: 'syz.1.5132': attribute type 10 has an invalid length. [ 840.536443][T16492] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5132'. [ 840.558496][T16492] device veth0_vlan left promiscuous mode [ 840.573894][T16492] device veth0_vlan entered promiscuous mode [ 840.727885][T16492] bridge0: port 3(veth0_vlan) entered blocking state [ 840.755638][T16492] bridge0: port 3(veth0_vlan) entered disabled state [ 840.802705][T16492] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 840.822338][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 840.834333][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 840.843589][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 841.248017][T16519] netlink: 60583 bytes leftover after parsing attributes in process `syz.2.5144'. [ 841.263100][T16519] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5144'. [ 842.408826][T16536] netlink: 'syz.3.5152': attribute type 10 has an invalid length. [ 842.433962][T16536] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5152'. [ 842.461452][T16536] bridge0: port 3(veth0_vlan) entered blocking state [ 842.472714][T16536] bridge0: port 3(veth0_vlan) entered disabled state [ 842.504636][T16536] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 844.779516][T16572] netlink: 'syz.4.5176': attribute type 4 has an invalid length. [ 845.331450][T16588] netlink: 'syz.4.5167': attribute type 10 has an invalid length. [ 845.352671][T16588] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5167'. [ 845.393111][T16588] bridge0: port 3(veth0_vlan) entered blocking state [ 845.421924][T16588] bridge0: port 3(veth0_vlan) entered disabled state [ 845.497505][T16588] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 845.533029][T16592] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5174'. [ 845.714028][ T48] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 847.282587][T16069] Bluetooth: hci2: unexpected subevent 0x06 length: 150 > 10 [ 849.303626][ T48] Bluetooth: hci2: command 0x2021 tx timeout [ 849.515703][T16629] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 849.521668][T16629] syzkaller0: linktype set to 825 [ 849.634830][T16626] device syzkaller0 entered promiscuous mode [ 849.644793][T16642] netlink: 'syz.2.5193': attribute type 10 has an invalid length. [ 849.669079][T16642] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5193'. [ 849.702031][T16642] bridge0: port 3(veth0_vlan) entered blocking state [ 849.726709][T16642] bridge0: port 3(veth0_vlan) entered disabled state [ 849.739863][T16642] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 849.863898][T16069] Bluetooth: hci0: command 0x0406 tx timeout [ 851.999307][T16667] netlink: 'syz.1.5203': attribute type 4 has an invalid length. [ 852.118270][T16668] device syzkaller0 entered promiscuous mode [ 852.149716][T16673] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 852.165739][T16673] syzkaller0: Linktype set failed because interface is up [ 852.239062][T10945] syzkaller0: tun_net_xmit 48 [ 852.371071][ T48] Bluetooth: hci4: unexpected event 0x06 length: 15 > 3 [ 856.513643][ T48] Bluetooth: hci4: command 0x0406 tx timeout [ 858.671366][T16704] netlink: 'syz.0.5217': attribute type 10 has an invalid length. [ 858.679362][T16704] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5217'. [ 858.688651][T16704] bridge0: port 3(veth0_vlan) entered blocking state [ 858.695614][T16704] bridge0: port 3(veth0_vlan) entered disabled state [ 858.714528][T16704] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 861.613004][T16770] device syzkaller0 entered promiscuous mode [ 861.635470][T16769] netlink: 'syz.3.5245': attribute type 10 has an invalid length. [ 861.694673][T16769] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5245'. [ 861.743811][T16769] bridge0: port 3(veth0_vlan) entered blocking state [ 861.766282][T16769] bridge0: port 3(veth0_vlan) entered disabled state [ 861.930312][T16769] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 861.950663][T16774] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 861.963361][T16774] syzkaller0: Linktype set failed because interface is up [ 861.970910][ T22] syzkaller0: tun_net_xmit 48 [ 867.811655][T16809] syz.0.5272[16809] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 867.811770][T16809] syz.0.5272[16809] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 870.138309][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.164778][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.427828][T16850] syz.3.5280[16850] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 870.427944][T16850] syz.3.5280[16850] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 870.456378][T16848] device syzkaller0 entered promiscuous mode [ 870.485931][T16851] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 870.491914][T16851] syzkaller0: Linktype set failed because interface is up [ 870.515127][ T4306] syzkaller0: tun_net_xmit 48 [ 873.740749][T16900] syz.4.5294[16900] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 873.740895][T16900] syz.4.5294[16900] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 883.251175][T17030] device syzkaller0 entered promiscuous mode [ 883.321764][T17034] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.5350'. [ 887.587588][T17121] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.5386'. [ 888.194203][T17135] netlink: 'syz.0.5400': attribute type 10 has an invalid length. [ 888.229397][T17135] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5400'. [ 888.312799][T17135] bridge0: port 3(veth0_vlan) entered blocking state [ 888.394162][T17135] bridge0: port 3(veth0_vlan) entered disabled state [ 888.402906][T17135] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 894.968962][T17171] netlink: 'syz.4.5406': attribute type 7 has an invalid length. [ 894.996462][T17171] netlink: 'syz.4.5406': attribute type 1 has an invalid length. [ 895.009493][T17171] netlink: 'syz.4.5406': attribute type 1 has an invalid length. [ 895.074636][T17171] netlink: 'syz.4.5406': attribute type 2 has an invalid length. [ 895.084202][T17171] netlink: 'syz.4.5406': attribute type 14 has an invalid length. [ 895.101049][T17171] netlink: 'syz.4.5406': attribute type 3 has an invalid length. [ 895.117727][T17171] netlink: 'syz.4.5406': attribute type 4 has an invalid length. [ 895.139603][T17171] netlink: 'syz.4.5406': attribute type 6 has an invalid length. [ 895.167154][T17171] netlink: 'syz.4.5406': attribute type 7 has an invalid length. [ 895.184083][T17171] netlink: 'syz.4.5406': attribute type 5 has an invalid length. [ 895.202965][T17171] netlink: 207236 bytes leftover after parsing attributes in process `syz.4.5406'. [ 899.480371][T17221] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.5428'. [ 900.095520][T17228] validate_nla: 3 callbacks suppressed [ 900.095638][T17228] netlink: 'syz.3.5433': attribute type 7 has an invalid length. [ 900.129248][T17228] netlink: 'syz.3.5433': attribute type 1 has an invalid length. [ 900.158811][T17228] netlink: 'syz.3.5433': attribute type 1 has an invalid length. [ 900.178917][T17228] netlink: 'syz.3.5433': attribute type 2 has an invalid length. [ 900.209322][T17228] netlink: 'syz.3.5433': attribute type 14 has an invalid length. [ 900.229701][T17228] netlink: 'syz.3.5433': attribute type 3 has an invalid length. [ 900.249355][T17228] netlink: 'syz.3.5433': attribute type 4 has an invalid length. [ 900.261254][T17228] netlink: 'syz.3.5433': attribute type 6 has an invalid length. [ 900.270843][T17228] netlink: 'syz.3.5433': attribute type 7 has an invalid length. [ 900.287518][T17228] netlink: 'syz.3.5433': attribute type 5 has an invalid length. [ 900.299085][T17228] netlink: 207236 bytes leftover after parsing attributes in process `syz.3.5433'. [ 901.696792][T17269] netlink: 207236 bytes leftover after parsing attributes in process `syz.0.5451'. [ 903.796331][T17299] netlink: 207236 bytes leftover after parsing attributes in process `syz.2.5465'. [ 904.736530][T17314] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.5472'. [ 907.684517][T17323] validate_nla: 31 callbacks suppressed [ 907.684535][T17323] netlink: 'syz.3.5475': attribute type 1 has an invalid length. [ 907.929546][T17339] netlink: 'syz.1.5479': attribute type 7 has an invalid length. [ 908.016430][T17339] netlink: 'syz.1.5479': attribute type 1 has an invalid length. [ 908.061914][T17339] netlink: 'syz.1.5479': attribute type 1 has an invalid length. [ 908.124748][T17339] netlink: 'syz.1.5479': attribute type 2 has an invalid length. [ 908.132788][T17339] netlink: 'syz.1.5479': attribute type 14 has an invalid length. [ 908.198689][T17339] netlink: 'syz.1.5479': attribute type 3 has an invalid length. [ 908.234163][T17339] netlink: 'syz.1.5479': attribute type 4 has an invalid length. [ 908.282614][T17339] netlink: 'syz.1.5479': attribute type 6 has an invalid length. [ 908.303722][T17339] netlink: 'syz.1.5479': attribute type 7 has an invalid length. [ 908.332989][T17339] netlink: 207236 bytes leftover after parsing attributes in process `syz.1.5479'. [ 908.465308][T17350] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.5487'. [ 909.685809][T16069] Bluetooth: hci0: unexpected event 0x05 length: 15 > 4 [ 910.174824][T17370] -1: renamed from syzkaller0 [ 911.370829][T16069] Bluetooth: hci2: unexpected event 0x05 length: 15 > 4 [ 912.697329][T17408] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.5511'. [ 916.705438][T16069] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3 [ 923.368087][ T48] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 925.338442][ T48] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3 [ 931.548383][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.554859][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 936.086162][T17704] device syzkaller0 entered promiscuous mode [ 942.160215][ T48] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3 [ 942.935056][T17798] device syzkaller0 entered promiscuous mode [ 948.263603][T16069] Bluetooth: hci2: command 0x0406 tx timeout [ 950.566852][T17885] device syzkaller0 entered promiscuous mode [ 957.876908][T17972] device syzkaller0 entered promiscuous mode [ 961.918284][T18034] device pim6reg1 entered promiscuous mode [ 962.729833][T18056] netlink: 126288 bytes leftover after parsing attributes in process `syz.2.5787'. [ 963.479965][T18084] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.5792'. [ 963.947030][T18100] netlink: 126288 bytes leftover after parsing attributes in process `syz.3.5800'. [ 964.549696][T18116] device pim6reg1 entered promiscuous mode [ 967.537792][T18180] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.5837'. [ 967.722028][T18184] device pim6reg1 entered promiscuous mode [ 969.531899][T18218] validate_nla: 4 callbacks suppressed [ 969.531917][T18218] netlink: 'syz.0.5851': attribute type 1 has an invalid length. [ 969.568434][T18218] netlink: 181400 bytes leftover after parsing attributes in process `syz.0.5851'. [ 969.857594][T18229] netlink: 'syz.3.5856': attribute type 1 has an invalid length. [ 969.910617][T18229] netlink: 83992 bytes leftover after parsing attributes in process `syz.3.5856'. [ 973.548075][T18261] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.5868'. [ 973.843658][T18267] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.5871'. [ 973.951156][T18271] netlink: 'syz.4.5874': attribute type 1 has an invalid length. [ 973.989267][T18271] netlink: 181400 bytes leftover after parsing attributes in process `syz.4.5874'. [ 977.653658][T18310] netlink: 'syz.3.5890': attribute type 10 has an invalid length. [ 986.064287][T16069] Bluetooth: hci2: unexpected subevent 0x01 length: 128 > 18 [ 990.127505][T18471] netlink: 16054 bytes leftover after parsing attributes in process `syz.4.5965'. [ 992.264073][T16069] Bluetooth: hci3: command 0x206e tx timeout [ 992.987380][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 992.993881][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.382570][T18505] netlink: 16054 bytes leftover after parsing attributes in process `syz.2.5978'. [ 993.753330][T18513] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 993.760627][T18513] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 994.343549][T16069] Bluetooth: hci3: command 0x206e tx timeout [ 996.602640][T18533] netlink: 16054 bytes leftover after parsing attributes in process `syz.1.5996'. [ 997.411428][T18559] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 997.418540][T18559] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 999.779332][T18617] netlink: 'syz.1.6029': attribute type 3 has an invalid length. [ 999.809011][T18617] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.6029'. [ 1000.797491][T18654] device syzkaller0 entered promiscuous mode [ 1001.046449][T16069] Bluetooth: hci2: unexpected event 0x05 length: 15 > 4 [ 1008.401272][T16069] Bluetooth: hci3: unexpected event 0x05 length: 15 > 4 [ 1013.799004][T16069] Bluetooth: hci4: unexpected event 0x05 length: 15 > 4 [ 1014.686788][T18831] netlink: 'syz.0.6116': attribute type 3 has an invalid length. [ 1014.753918][T18831] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.6116'. [ 1018.935230][T16069] Bluetooth: hci0: unexpected event 0x05 length: 15 > 4 [ 1020.142513][T18880] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.6139'. [ 1021.721096][T16069] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4 [ 1023.614730][T18944] device syzkaller0 entered promiscuous mode [ 1035.480421][T19108] device syzkaller0 entered promiscuous mode [ 1042.130739][T19131] netlink: 'syz.4.6246': attribute type 10 has an invalid length. [ 1042.138721][T19131] netlink: 55 bytes leftover after parsing attributes in process `syz.4.6246'. [ 1043.279691][T19233] device syzkaller0 entered promiscuous mode [ 1045.423019][T19250] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.6309'. [ 1046.155121][T19278] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.6316'. [ 1046.221927][T19281] netlink: 129384 bytes leftover after parsing attributes in process `syz.1.6311'. [ 1046.530432][T19295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1047.740531][T19315] netlink: 161700 bytes leftover after parsing attributes in process `syz.0.6327'. [ 1047.787307][T19315] openvswitch: netlink: Key 2 has unexpected len 41210 expected 4 [ 1048.049756][T19321] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.6329'. [ 1048.200563][T19327] netlink: 129384 bytes leftover after parsing attributes in process `syz.2.6332'. [ 1048.451011][T16069] Bluetooth: hci0: unexpected event 0x07 length: 15 < 255 [ 1049.202689][T19362] netlink: 129384 bytes leftover after parsing attributes in process `syz.4.6349'. [ 1050.492733][T19380] netlink: 'syz.2.6359': attribute type 4 has an invalid length. [ 1050.501466][T19380] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.6359'. [ 1052.292022][T19395] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1053.189905][T19423] netlink: 161700 bytes leftover after parsing attributes in process `syz.2.6388'. [ 1053.238207][T19423] openvswitch: netlink: Key 2 has unexpected len 41210 expected 4 [ 1054.431167][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.437683][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.211329][T19428] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1055.219167][T19430] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.6381'. [ 1056.913829][T19460] netlink: 161700 bytes leftover after parsing attributes in process `syz.3.6391'. [ 1056.949299][T19460] openvswitch: netlink: Key 2 has unexpected len 41210 expected 4 [ 1058.261454][T19494] netlink: 161700 bytes leftover after parsing attributes in process `syz.4.6412'. [ 1058.290741][T19494] openvswitch: netlink: Key 2 has unexpected len 41210 expected 4 [ 1059.386552][T19530] netlink: 161700 bytes leftover after parsing attributes in process `syz.1.6426'. [ 1059.413708][T19530] openvswitch: netlink: Key 2 has unexpected len 41210 expected 4 [ 1060.242416][T19564] netlink: 122896 bytes leftover after parsing attributes in process `syz.3.6443'. [ 1060.282017][T19570] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.6445'. [ 1060.357846][T19564] debugfs: Directory '.!' with parent 'ieee80211' already present! [ 1060.521417][T19576] netlink: 194236 bytes leftover after parsing attributes in process `syz.2.6448'. [ 1060.568000][T19576] netlink: zone id is out of range [ 1060.594160][T19576] netlink: zone id is out of range [ 1060.614544][T19576] netlink: get zone limit has 8 unknown bytes [ 1073.895464][T16069] Bluetooth: hci4: unexpected event 0x05 length: 15 > 4 [ 1078.217362][T19704] netlink: 122896 bytes leftover after parsing attributes in process `syz.4.6502'. [ 1079.049081][T19704] debugfs: Directory '.!' with parent 'ieee80211' already present! [ 1082.518859][T19748] netlink: 122896 bytes leftover after parsing attributes in process `syz.2.6526'. [ 1082.556086][T16069] Bluetooth: Frame is too long (len 13, expected len 4) [ 1082.619824][T19748] debugfs: Directory '.!' with parent 'ieee80211' already present! [ 1090.355208][T19810] netlink: 122896 bytes leftover after parsing attributes in process `syz.0.6550'. [ 1090.400431][T19810] debugfs: Directory '.!' with parent 'ieee80211' already present! [ 1094.638148][ T4361] ------------[ cut here ]------------ [ 1094.644152][ T4361] intf 08:02:11:00:00:01 [link=0]: bad STA 06:00:00:00:00:37 bandwidth 20 MHz (0) > channel config 1 MHz (8) [ 1094.732405][ T4361] WARNING: CPU: 0 PID: 4361 at drivers/net/wireless/mac80211_hwsim.c:2438 mac80211_hwsim_sta_rc_update+0x541/0x6e0 [ 1094.744946][ T4361] Modules linked in: [ 1094.748899][ T4361] CPU: 0 PID: 4361 Comm: kworker/u4:8 Not tainted syzkaller #0 [ 1094.756557][ T4361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1094.766771][ T4361] Workqueue: phy26 ieee80211_iface_work [ 1094.772397][ T4361] RIP: 0010:mac80211_hwsim_sta_rc_update+0x541/0x6e0 [ 1094.779200][ T4361] Code: e8 c4 0c 00 00 48 c7 c7 80 00 28 8b 48 8b 74 24 28 89 ea 48 8b 4c 24 10 41 89 d8 45 89 e1 41 57 50 e8 f3 1c 52 fb 48 83 c4 10 <0f> 0b e9 8b fe ff ff e8 93 aa 86 fb 0f 0b e9 7f fe ff ff e8 87 aa [ 1094.799265][ T4361] RSP: 0018:ffffc9000481f7f8 EFLAGS: 00010282 [ 1094.805562][ T4361] RAX: 94b2c670a8294200 RBX: 0000000000000014 RCX: ffff88802c1e3b80 [ 1094.813651][ T4361] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 1094.821673][ T4361] RBP: 0000000000000000 R08: ffffc9000481f467 R09: 1ffff92000903e8c [ 1094.829743][ T4361] R10: dffffc0000000000 R11: fffff52000903e8d R12: 0000000000000000 [ 1094.837799][ T4361] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000008 [ 1094.845846][ T4361] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 1094.854860][ T4361] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1094.861482][ T4361] CR2: 00002000002ed000 CR3: 0000000073098000 CR4: 00000000003506f0 [ 1094.869546][ T4361] DR0: 0000000000000000 DR1: 0000200000000300 DR2: 0000000000000000 [ 1094.877594][ T4361] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 1094.885664][ T4361] Call Trace: [ 1094.888996][ T4361] [ 1094.891961][ T4361] ? mac80211_hwsim_sta_rc_update+0x53/0x6e0 [ 1094.898038][ T4361] mac80211_hwsim_sta_add+0x92/0x280 [ 1094.903398][ T4361] ? mac80211_hwsim_sw_scan_complete+0xd0/0xd0 [ 1094.909640][ T4361] drv_sta_state+0x62a/0x1280 [ 1094.914448][ T4361] sta_info_insert_rcu+0xc1e/0x1550 [ 1094.919714][ T4361] ? sta_info_insert_rcu+0x1b0/0x1550 [ 1094.925194][ T4361] ieee80211_ibss_finish_sta+0x286/0x360 [ 1094.930889][ T4361] ? ieee80211_ibss_work+0x10f0/0x10f0 [ 1094.936474][ T4361] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1094.942539][ T4361] ieee80211_ibss_work+0x23c/0x10f0 [ 1094.947881][ T4361] ? lockdep_hardirqs_on+0x94/0x140 [ 1094.953150][ T4361] ? kcov_remote_stop+0x174/0x6e0 [ 1094.958272][ T4361] ? ieee80211_ibss_rx_queued_mgmt+0x2cd0/0x2cd0 [ 1094.964722][ T4361] ? skb_dequeue+0x120/0x150 [ 1094.969372][ T4361] ? ieee80211_iface_work+0x97c/0xc80 [ 1094.974858][ T4361] ? ieee80211_iface_work+0xb98/0xc80 [ 1094.980283][ T4361] ? _raw_spin_unlock_irq+0x1f/0x40 [ 1094.985598][ T4361] ? process_one_work+0x7b0/0x1160 [ 1094.990757][ T4361] process_one_work+0x8a2/0x1160 [ 1094.995810][ T4361] ? worker_detach_from_pool+0x240/0x240 [ 1095.001486][ T4361] ? _raw_spin_lock_irq+0x86/0xf0 [ 1095.006607][ T4361] ? _raw_spin_lock_irq+0xb7/0xf0 [ 1095.011680][ T4361] ? _raw_spin_lock_irqsave+0x100/0x100 [ 1095.017315][ T4361] ? kthread_data+0x4b/0xc0 [ 1095.021878][ T4361] worker_thread+0xaa2/0x1270 [ 1095.026669][ T4361] ? __kthread_parkme+0x162/0x1c0 [ 1095.031751][ T4361] kthread+0x29d/0x330 [ 1095.035903][ T4361] ? worker_clr_flags+0x1a0/0x1a0 [ 1095.040971][ T4361] ? kthread_blkcg+0xd0/0xd0 [ 1095.045665][ T4361] ret_from_fork+0x1f/0x30 [ 1095.050152][ T4361] [ 1095.053248][ T4361] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1095.060549][ T4361] CPU: 0 PID: 4361 Comm: kworker/u4:8 Not tainted syzkaller #0 [ 1095.068113][ T4361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1095.078182][ T4361] Workqueue: phy26 ieee80211_iface_work [ 1095.083764][ T4361] Call Trace: [ 1095.087060][ T4361] [ 1095.090003][ T4361] dump_stack_lvl+0x188/0x24e [ 1095.094722][ T4361] ? memcpy+0x3c/0x60 [ 1095.098766][ T4361] ? show_regs_print_info+0x12/0x12 [ 1095.104005][ T4361] ? load_image+0x400/0x400 [ 1095.108557][ T4361] panic+0x2e5/0x730 [ 1095.112490][ T4361] ? bpf_jit_dump+0xd0/0xd0 [ 1095.117029][ T4361] ? ret_from_fork+0x1f/0x30 [ 1095.121648][ T4361] __warn+0x2f8/0x4f0 [ 1095.125649][ T4361] ? mac80211_hwsim_sta_rc_update+0x541/0x6e0 [ 1095.131750][ T4361] ? mac80211_hwsim_sta_rc_update+0x541/0x6e0 [ 1095.137852][ T4361] report_bug+0x2ba/0x4f0 [ 1095.142228][ T4361] ? mac80211_hwsim_sta_rc_update+0x541/0x6e0 [ 1095.148334][ T4361] handle_bug+0x3a/0x70 [ 1095.152510][ T4361] exc_invalid_op+0x16/0x40 [ 1095.157043][ T4361] asm_exc_invalid_op+0x16/0x20 [ 1095.161921][ T4361] RIP: 0010:mac80211_hwsim_sta_rc_update+0x541/0x6e0 [ 1095.168638][ T4361] Code: e8 c4 0c 00 00 48 c7 c7 80 00 28 8b 48 8b 74 24 28 89 ea 48 8b 4c 24 10 41 89 d8 45 89 e1 41 57 50 e8 f3 1c 52 fb 48 83 c4 10 <0f> 0b e9 8b fe ff ff e8 93 aa 86 fb 0f 0b e9 7f fe ff ff e8 87 aa [ 1095.188274][ T4361] RSP: 0018:ffffc9000481f7f8 EFLAGS: 00010282 [ 1095.194356][ T4361] RAX: 94b2c670a8294200 RBX: 0000000000000014 RCX: ffff88802c1e3b80 [ 1095.202343][ T4361] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 1095.210332][ T4361] RBP: 0000000000000000 R08: ffffc9000481f467 R09: 1ffff92000903e8c [ 1095.218343][ T4361] R10: dffffc0000000000 R11: fffff52000903e8d R12: 0000000000000000 [ 1095.226336][ T4361] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000008 [ 1095.234343][ T4361] ? mac80211_hwsim_sta_rc_update+0x53/0x6e0 [ 1095.240361][ T4361] mac80211_hwsim_sta_add+0x92/0x280 [ 1095.245673][ T4361] ? mac80211_hwsim_sw_scan_complete+0xd0/0xd0 [ 1095.251860][ T4361] drv_sta_state+0x62a/0x1280 [ 1095.256572][ T4361] sta_info_insert_rcu+0xc1e/0x1550 [ 1095.261817][ T4361] ? sta_info_insert_rcu+0x1b0/0x1550 [ 1095.267215][ T4361] ieee80211_ibss_finish_sta+0x286/0x360 [ 1095.272877][ T4361] ? ieee80211_ibss_work+0x10f0/0x10f0 [ 1095.278353][ T4361] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 1095.284365][ T4361] ieee80211_ibss_work+0x23c/0x10f0 [ 1095.289593][ T4361] ? lockdep_hardirqs_on+0x94/0x140 [ 1095.294829][ T4361] ? kcov_remote_stop+0x174/0x6e0 [ 1095.299876][ T4361] ? ieee80211_ibss_rx_queued_mgmt+0x2cd0/0x2cd0 [ 1095.306254][ T4361] ? skb_dequeue+0x120/0x150 [ 1095.310875][ T4361] ? ieee80211_iface_work+0x97c/0xc80 [ 1095.316271][ T4361] ? ieee80211_iface_work+0xb98/0xc80 [ 1095.321661][ T4361] ? _raw_spin_unlock_irq+0x1f/0x40 [ 1095.326912][ T4361] ? process_one_work+0x7b0/0x1160 [ 1095.332039][ T4361] process_one_work+0x8a2/0x1160 [ 1095.337007][ T4361] ? worker_detach_from_pool+0x240/0x240 [ 1095.342694][ T4361] ? _raw_spin_lock_irq+0x86/0xf0 [ 1095.347754][ T4361] ? _raw_spin_lock_irq+0xb7/0xf0 [ 1095.352803][ T4361] ? _raw_spin_lock_irqsave+0x100/0x100 [ 1095.358402][ T4361] ? kthread_data+0x4b/0xc0 [ 1095.362944][ T4361] worker_thread+0xaa2/0x1270 [ 1095.367691][ T4361] ? __kthread_parkme+0x162/0x1c0 [ 1095.372782][ T4361] kthread+0x29d/0x330 [ 1095.376887][ T4361] ? worker_clr_flags+0x1a0/0x1a0 [ 1095.381930][ T4361] ? kthread_blkcg+0xd0/0xd0 [ 1095.386561][ T4361] ret_from_fork+0x1f/0x30 [ 1095.391034][ T4361] [ 1095.394652][ T4361] Kernel Offset: disabled [ 1095.399087][ T4361] Rebooting in 86400 seconds..