last executing test programs: 2.238725627s ago: executing program 0 (id=2779): perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80100, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x8}, 0x100904, 0x401, 0x25, 0x0, 0x1, 0x200, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2, 0x5, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0xd, &(0x7f0000000000)=r3, 0x8) 2.238547697s ago: executing program 2 (id=2780): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r2}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 2.0901654s ago: executing program 0 (id=2783): socket$kcm(0xf, 0x3, 0x2) r0 = socket$kcm(0xf, 0x3, 0x2) sendmsg$inet(r0, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="020b070102000000e4a17c455b3a89e0", 0x10}], 0x1}, 0x0) r1 = socket$kcm(0xf, 0x3, 0x2) sendmsg$inet(r1, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="020b0700fc670000e4a17c45c8d260c9", 0x33fe0}], 0x1}, 0x0) r2 = socket$kcm(0xf, 0x3, 0x2) sendmsg$inet(r2, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="020b070102000000e4a17c455b3a89e0", 0x10}], 0x1}, 0x24000800) 2.04715073s ago: executing program 2 (id=2786): socket$kcm(0xa, 0x922000000003, 0x11) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x72) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0xc000000, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='inet_sk_error_report\x00', r0}, 0x18) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000640)="48000000150081fb7059ae08060c04000aff0f11000000040011018701506fabca1b4e7d06a6bd7c493872f750375ed08a562af5745e17b8c119418f0f000000d6e74703c48f93b8", 0x48}], 0x1}, 0x0) 1.930704063s ago: executing program 0 (id=2787): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$kcm(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8927, &(0x7f0000000080)) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe33) 1.752119356s ago: executing program 3 (id=2788): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0x40010) 1.751188086s ago: executing program 1 (id=2789): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x9, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0x0, 0x4, @dev}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=[{0x18, 0x110, 0x1, "dc"}], 0x18}, 0xfc00) r3 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0x0, 0x4, @dev}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=[{0x18, 0x110, 0x1, "dc"}], 0x18}, 0xfc00) 1.750584306s ago: executing program 2 (id=2790): bpf$MAP_CREATE(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x24, 0x12506, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x7602, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='signal_deliver\x00', r0}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 839.226453ms ago: executing program 1 (id=2791): perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xc, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100c, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f0000000080)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xad}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0x87, &(0x7f0000000480)=""/135}, 0x21) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000040000000800000001000000800000", @ANYBLOB="00000000007c0000000000000001000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000a50000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x35, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 837.269234ms ago: executing program 3 (id=2799): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000007000000ff0f000007"], 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 708.482146ms ago: executing program 1 (id=2792): perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80100, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x8}, 0x100904, 0x401, 0x25, 0x0, 0x1, 0x200, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2, 0x5, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0xd, &(0x7f0000000000)=r3, 0x8) 708.347996ms ago: executing program 3 (id=2793): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r2}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 707.520666ms ago: executing program 2 (id=2801): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$kcm(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8927, &(0x7f0000000080)) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe33) 707.112806ms ago: executing program 0 (id=2794): perf_event_open(&(0x7f0000001480)={0x2, 0x80, 0x83, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x20000000}, 0x0, 0x0, 0x0, 0x6, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x202}) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1812"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0x1}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f0, &(0x7f0000000080)) 587.708269ms ago: executing program 1 (id=2795): socket$kcm(0xf, 0x3, 0x2) r0 = socket$kcm(0xf, 0x3, 0x2) sendmsg$inet(r0, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="020b070102000000e4a17c455b3a89e0", 0x10}], 0x1}, 0x0) r1 = socket$kcm(0xf, 0x3, 0x2) sendmsg$inet(r1, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="020b0700fc670000e4a17c45c8d260c9", 0x33fe0}], 0x1}, 0x0) r2 = socket$kcm(0xf, 0x3, 0x2) sendmsg$inet(r2, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="020b070102000000e4a17c455b3a89e0", 0x10}], 0x1}, 0x24000800) 483.92848ms ago: executing program 0 (id=2796): bpf$ENABLE_STATS(0x20, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002f00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000c00)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20) sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3) 483.006431ms ago: executing program 3 (id=2806): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r2}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 440.802921ms ago: executing program 1 (id=2797): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80004}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x1e00, 0x28, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000a40)={{r0}, &(0x7f0000000980), &(0x7f0000000a00)='%ps \x00'}, 0x20) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 340.137314ms ago: executing program 3 (id=2798): socket$kcm(0xa, 0x922000000003, 0x11) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x72) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0xc000000, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='inet_sk_error_report\x00', r0}, 0x18) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000640)="48000000150081fb7059ae08060c04000aff0f11000000040011018701506fabca1b4e7d06a6bd7c493872f750375ed08a562af5745e17b8c119418f0f000000d6e74703c48f93b8", 0x48}], 0x1}, 0x0) 310.693344ms ago: executing program 2 (id=2800): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x9, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0x0, 0x4, @dev}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=[{0x18, 0x110, 0x1, "dc"}], 0x18}, 0xfc00) r3 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0x0, 0x4, @dev}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=[{0x18, 0x110, 0x1, "dc"}], 0x18}, 0xfc00) 129.535787ms ago: executing program 1 (id=2802): bpf$MAP_CREATE(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x24, 0x12506, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x7602, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='signal_deliver\x00', r0}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 97.302408ms ago: executing program 2 (id=2803): perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xc, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100c, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f0000000080)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xad}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0x87, &(0x7f0000000480)=""/135}, 0x21) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000040000000800000001000000800000", @ANYBLOB="00000000007c0000000000000001000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000a50000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x35, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 173.12µs ago: executing program 0 (id=2804): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000007000000ff0f000007"], 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 0s ago: executing program 3 (id=2805): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={0xffffffffffffffff, 0x0, 0x0}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[], 0x48) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.108' (ED25519) to the list of known hosts. syzkaller login: [ 81.631265][ T5775] cgroup: Unknown subsys name 'net' [ 81.801987][ T5775] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.538384][ T5775] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.543480][ T5798] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.550588][ T5796] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.553366][ T5798] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.561394][ T5796] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.574440][ T5796] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.583594][ T5796] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.594542][ T5796] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.602853][ T5798] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.614763][ T5802] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.629304][ T5802] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.635811][ T5799] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.647074][ T5796] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.647545][ T5802] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.655203][ T5796] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.664234][ T5802] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.672137][ T5796] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.680022][ T5802] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.690041][ T5796] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 85.698386][ T5802] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.711461][ T5796] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.713460][ T5802] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.729505][ T5802] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.730402][ T50] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.747474][ T5796] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.329956][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 86.376703][ T5794] chnl_net:caif_netlink_parms(): no params data found [ 86.489579][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 86.564042][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.571412][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.578897][ T5784] bridge_slave_0: entered allmulticast mode [ 86.586698][ T5784] bridge_slave_0: entered promiscuous mode [ 86.616727][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 86.648353][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.655843][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.663867][ T5784] bridge_slave_1: entered allmulticast mode [ 86.671265][ T5784] bridge_slave_1: entered promiscuous mode [ 86.689597][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.696982][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.704412][ T5794] bridge_slave_0: entered allmulticast mode [ 86.711755][ T5794] bridge_slave_0: entered promiscuous mode [ 86.764136][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.773993][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.781258][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.789549][ T5794] bridge_slave_1: entered allmulticast mode [ 86.796831][ T5794] bridge_slave_1: entered promiscuous mode [ 86.843232][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.911839][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.929568][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.939154][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.947071][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.955447][ T5785] bridge_slave_0: entered allmulticast mode [ 86.963476][ T5785] bridge_slave_0: entered promiscuous mode [ 86.974463][ T5784] team0: Port device team_slave_0 added [ 86.981100][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.988431][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.995840][ T5785] bridge_slave_1: entered allmulticast mode [ 87.003770][ T5785] bridge_slave_1: entered promiscuous mode [ 87.030263][ T5784] team0: Port device team_slave_1 added [ 87.121452][ T5794] team0: Port device team_slave_0 added [ 87.132854][ T5794] team0: Port device team_slave_1 added [ 87.153007][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.162826][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.170128][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.178301][ T5786] bridge_slave_0: entered allmulticast mode [ 87.186608][ T5786] bridge_slave_0: entered promiscuous mode [ 87.195605][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.203355][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.210753][ T5786] bridge_slave_1: entered allmulticast mode [ 87.218328][ T5786] bridge_slave_1: entered promiscuous mode [ 87.247448][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.254670][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.281278][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.296147][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.375507][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.384875][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.412268][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.454499][ T5785] team0: Port device team_slave_0 added [ 87.464285][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.474452][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.483835][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.510501][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.524215][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.531905][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.558938][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.593722][ T5784] hsr_slave_0: entered promiscuous mode [ 87.601138][ T5784] hsr_slave_1: entered promiscuous mode [ 87.611124][ T5785] team0: Port device team_slave_1 added [ 87.620694][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.762648][ T5802] Bluetooth: hci0: command tx timeout [ 87.768257][ T5790] Bluetooth: hci3: command tx timeout [ 87.786922][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.795962][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.823400][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.841760][ T5790] Bluetooth: hci1: command tx timeout [ 87.841920][ T5802] Bluetooth: hci2: command tx timeout [ 87.868985][ T5794] hsr_slave_0: entered promiscuous mode [ 87.882633][ T5794] hsr_slave_1: entered promiscuous mode [ 87.889709][ T5794] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.905317][ T5794] Cannot create hsr debugfs directory [ 87.915664][ T5786] team0: Port device team_slave_0 added [ 87.949365][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.958069][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.991237][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.032967][ T5786] team0: Port device team_slave_1 added [ 88.115447][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.124011][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.159666][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.212198][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.219692][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.246335][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.349480][ T5785] hsr_slave_0: entered promiscuous mode [ 88.357483][ T5785] hsr_slave_1: entered promiscuous mode [ 88.364812][ T5785] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.372665][ T5785] Cannot create hsr debugfs directory [ 88.425997][ T5786] hsr_slave_0: entered promiscuous mode [ 88.433905][ T5786] hsr_slave_1: entered promiscuous mode [ 88.440623][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.448962][ T5786] Cannot create hsr debugfs directory [ 88.694618][ T5784] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.707455][ T5784] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.719048][ T5784] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.764647][ T5784] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.852665][ T5794] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.870771][ T5794] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.885447][ T5794] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.906867][ T5794] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.977758][ T5786] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.999043][ T5786] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.010943][ T5786] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.022471][ T5786] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.116890][ T5785] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.129905][ T5785] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.141441][ T5785] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.164328][ T5785] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.309779][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.364384][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.385342][ T1083] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.392937][ T1083] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.417537][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.437229][ T1083] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.444585][ T1083] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.494347][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.526875][ T5794] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.569689][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.595863][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.618146][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.633149][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.640697][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.650426][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.657644][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.671120][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.678550][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.700805][ T1097] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.708045][ T1097] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.726270][ T1070] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.733583][ T1070] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.748532][ T1097] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.756159][ T1097] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.841827][ T5802] Bluetooth: hci0: command tx timeout [ 89.841885][ T5790] Bluetooth: hci3: command tx timeout [ 89.922218][ T5790] Bluetooth: hci2: command tx timeout [ 89.923739][ T5802] Bluetooth: hci1: command tx timeout [ 89.974063][ T5786] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.325269][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.475913][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.509492][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.537088][ T5784] veth0_vlan: entered promiscuous mode [ 90.594961][ T5784] veth1_vlan: entered promiscuous mode [ 90.656809][ T5794] veth0_vlan: entered promiscuous mode [ 90.676320][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.695802][ T5794] veth1_vlan: entered promiscuous mode [ 90.718457][ T5786] veth0_vlan: entered promiscuous mode [ 90.759269][ T5786] veth1_vlan: entered promiscuous mode [ 90.786486][ T5784] veth0_macvtap: entered promiscuous mode [ 90.828401][ T5784] veth1_macvtap: entered promiscuous mode [ 90.888118][ T5785] veth0_vlan: entered promiscuous mode [ 90.909251][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.925613][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.939673][ T5785] veth1_vlan: entered promiscuous mode [ 90.948312][ T5794] veth0_macvtap: entered promiscuous mode [ 90.965456][ T5794] veth1_macvtap: entered promiscuous mode [ 90.974641][ T5786] veth0_macvtap: entered promiscuous mode [ 90.986794][ T5784] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.996764][ T5784] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.005895][ T5784] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.015475][ T5784] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.050351][ T5786] veth1_macvtap: entered promiscuous mode [ 91.104121][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.115746][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.128840][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.149132][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.160528][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.171680][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.187952][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.200629][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.226265][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.238174][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.250653][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.262053][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.273354][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.290663][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.302510][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.316714][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.341019][ T5786] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.353519][ T5786] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.367924][ T5786] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.378325][ T5786] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.390012][ T5785] veth0_macvtap: entered promiscuous mode [ 91.417139][ T5794] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.427328][ T5794] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.436628][ T5794] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.446326][ T5794] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.469948][ T5785] veth1_macvtap: entered promiscuous mode [ 91.545490][ T1097] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.554820][ T1097] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.579907][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.592772][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.604662][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.616966][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.627187][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.638374][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.649810][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.738661][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.749779][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.761511][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.772966][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.783521][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.794498][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.806238][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.819437][ T5785] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.829092][ T5785] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.838313][ T5785] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.850961][ T5785] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.873218][ T1070] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.887743][ T1070] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.921713][ T5802] Bluetooth: hci0: command tx timeout [ 91.921932][ T5790] Bluetooth: hci3: command tx timeout [ 91.946067][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.954472][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.002207][ T5790] Bluetooth: hci2: command tx timeout [ 92.003132][ T5802] Bluetooth: hci1: command tx timeout [ 92.105682][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.141813][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.190642][ T2116] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.219282][ T2116] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.266371][ T2116] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.280707][ T2116] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.376409][ T1097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.403741][ T1097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.464073][ T1097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.483359][ T1097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.496080][ T8] cfg80211: failed to load regulatory.db [ 94.031762][ T5790] Bluetooth: hci3: command tx timeout [ 94.037373][ T5802] Bluetooth: hci0: command tx timeout [ 94.082989][ T5802] Bluetooth: hci1: command tx timeout [ 94.088498][ T5802] Bluetooth: hci2: command tx timeout [ 97.187893][ T5891] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 97.573501][ T5907] warning: `syz.2.13' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 97.796591][ T5914] netlink: 'syz.3.16': attribute type 1 has an invalid length. [ 97.817336][ T5914] netlink: 'syz.3.16': attribute type 4 has an invalid length. [ 97.826128][ T5914] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.16'. [ 97.846252][ T5915] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 97.871886][ T5915] syzkaller0: linktype set to 768 [ 98.096013][ C1] hrtimer: interrupt took 59998 ns [ 106.435522][ T6022] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.67'. [ 107.945721][ T6065] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1 [ 107.986262][ T6064] netlink: 152 bytes leftover after parsing attributes in process `syz.1.88'. [ 109.335003][ T6105] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:0603:0000:0023 with DS=0x3f [ 110.000188][ T5802] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 114.120497][ T6194] netlink: 'syz.2.148': attribute type 22 has an invalid length. [ 114.144948][ T6194] netlink: 148 bytes leftover after parsing attributes in process `syz.2.148'. [ 114.171006][ T6192] Driver unsupported XDP return value 0 on prog (id 94) dev N/A, expect packet loss! [ 115.153584][ T6209] syzkaller0: entered promiscuous mode [ 115.180481][ T6209] syzkaller0: entered allmulticast mode [ 118.783566][ T6255] netlink: 'syz.3.174': attribute type 10 has an invalid length. [ 118.800330][ T6255] macvlan0: entered promiscuous mode [ 118.809775][ T6255] macvlan0: entered allmulticast mode [ 118.947272][ T6255] veth1_vlan: entered allmulticast mode [ 119.010445][ T6255] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 119.255594][ T6255] syz.3.174 (6255) used greatest stack depth: 18856 bytes left [ 119.571818][ T6273] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.183'. [ 119.824669][ T6280] netlink: 65027 bytes leftover after parsing attributes in process `syz.3.186'. [ 120.658897][ T6309] syzkaller0: entered promiscuous mode [ 120.667931][ T6309] syzkaller0: entered allmulticast mode [ 122.951851][ T6352] sock: sock_set_timeout: `syz.2.216' (pid 6352) tries to set negative timeout [ 124.103956][ T6379] netlink: 64859 bytes leftover after parsing attributes in process `syz.2.227'. [ 124.589321][ T6387] netlink: 208064 bytes leftover after parsing attributes in process `syz.2.230'. [ 130.483100][ T11] wlan1: Trigger new scan to find an IBSS to join [ 132.416107][ T6449] netlink: 'syz.0.256': attribute type 22 has an invalid length. [ 133.454311][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.469826][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.504880][ T12] wlan1: Trigger new scan to find an IBSS to join [ 135.611272][ T1083] wlan1: Creating new IBSS network, BSSID 9e:91:98:51:64:ce [ 136.599120][ T6539] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x32 [ 139.415408][ T6585] sctp: [Deprecated]: syz.2.319 (pid 6585) Use of struct sctp_assoc_value in delayed_ack socket option. [ 139.415408][ T6585] Use struct sctp_sack_info instead [ 140.088200][ T6606] sock: sock_timestamping_bind_phc: sock not bind to device [ 140.345176][ T6612] netlink: 'syz.3.332': attribute type 3 has an invalid length. [ 140.381857][ T6612] netlink: 199824 bytes leftover after parsing attributes in process `syz.3.332'. [ 142.815007][ T6678] netlink: 'syz.2.362': attribute type 10 has an invalid length. [ 142.850991][ T6678] team0: Device ipvlan1 failed to register rx_handler [ 144.150088][ T6710] netlink: 'syz.3.379': attribute type 2 has an invalid length. [ 144.170859][ T6710] netlink: 132 bytes leftover after parsing attributes in process `syz.3.379'. [ 145.356969][ T6716] netlink: 'syz.1.381': attribute type 1 has an invalid length. [ 145.366126][ T6716] netlink: 'syz.1.381': attribute type 4 has an invalid length. [ 145.374629][ T6716] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.381'. [ 145.459929][ T6718] netlink: 'syz.3.382': attribute type 10 has an invalid length. [ 145.533465][ T6718] team0: Device veth1_vlan failed to register rx_handler [ 145.972590][ T6734] netlink: 14 bytes leftover after parsing attributes in process `syz.2.390'. [ 149.004861][ T6744] netlink: set zone limit has 8 unknown bytes [ 149.501131][ T6756] netlink: 'syz.0.401': attribute type 2 has an invalid length. [ 149.553200][ T6756] netlink: 164 bytes leftover after parsing attributes in process `syz.0.401'. [ 149.574436][ T6759] netlink: 61967 bytes leftover after parsing attributes in process `syz.3.403'. [ 149.884498][ T6770] netlink: 176 bytes leftover after parsing attributes in process `syz.2.408'. [ 150.586520][ T6790] netlink: 61211 bytes leftover after parsing attributes in process `syz.1.418'. [ 150.643570][ T6792] netlink: 'syz.3.417': attribute type 2 has an invalid length. [ 150.664558][ T6792] netlink: 17267 bytes leftover after parsing attributes in process `syz.3.417'. [ 151.253538][ T6812] netlink: 'syz.2.428': attribute type 10 has an invalid length. [ 151.269285][ T6812] netlink: 'syz.2.428': attribute type 10 has an invalid length. [ 151.288026][ T6812] netlink: 209216 bytes leftover after parsing attributes in process `syz.2.428'. [ 151.298745][ T6812] openvswitch: netlink: Message has 4 unknown bytes. [ 151.923345][ T6835] netlink: 60 bytes leftover after parsing attributes in process `syz.3.437'. [ 151.971826][ T6835] netlink: 60 bytes leftover after parsing attributes in process `syz.3.437'. [ 152.007457][ T6831] netlink: 60 bytes leftover after parsing attributes in process `syz.3.437'. [ 152.083598][ T6836] netlink: 60 bytes leftover after parsing attributes in process `syz.3.437'. [ 152.433072][ T6846] netlink: 61211 bytes leftover after parsing attributes in process `syz.3.444'. [ 152.679868][ T6848] netlink: 208064 bytes leftover after parsing attributes in process `syz.2.445'. [ 156.963393][ T6931] netlink: 188 bytes leftover after parsing attributes in process `syz.3.482'. [ 157.120102][ T6943] bond_slave_1: mtu less than device minimum [ 157.510693][ T6957] bridge0: port 3(bond0) entered blocking state [ 157.518970][ T6957] bridge0: port 3(bond0) entered disabled state [ 157.527319][ T6957] bond0: entered allmulticast mode [ 157.533205][ T6957] bond_slave_0: entered allmulticast mode [ 157.539150][ T6957] bond_slave_1: entered allmulticast mode [ 157.548770][ T6957] bond0: entered promiscuous mode [ 157.555152][ T6957] bond_slave_0: entered promiscuous mode [ 157.566376][ T6957] bond_slave_1: entered promiscuous mode [ 157.575121][ T6957] bridge0: port 3(bond0) entered blocking state [ 157.582036][ T6957] bridge0: port 3(bond0) entered forwarding state [ 157.605824][ T6958] bond0: left allmulticast mode [ 157.611125][ T6958] bond_slave_0: left allmulticast mode [ 157.641760][ T6958] bond_slave_1: left allmulticast mode [ 157.647518][ T6958] bond0: left promiscuous mode [ 157.665052][ T6958] bond_slave_0: left promiscuous mode [ 157.678162][ T6958] bond_slave_1: left promiscuous mode [ 157.698924][ T6958] bridge0: port 3(bond0) entered disabled state [ 162.169631][ T6984] netlink: 44 bytes leftover after parsing attributes in process `syz.3.506'. [ 162.219408][ T6984] netlink: 44 bytes leftover after parsing attributes in process `syz.3.506'. [ 162.241043][ T6983] netlink: 44 bytes leftover after parsing attributes in process `syz.3.506'. [ 162.278298][ T6988] netlink: 44 bytes leftover after parsing attributes in process `syz.3.506'. [ 162.287641][ T6989] netlink: 208092 bytes leftover after parsing attributes in process `syz.0.508'. [ 163.167061][ T7011] netlink: 142528 bytes leftover after parsing attributes in process `syz.0.518'. [ 163.222116][ T7011] netlink: 'syz.0.518': attribute type 1 has an invalid length. [ 163.833118][ T7031] netlink: 176 bytes leftover after parsing attributes in process `syz.2.527'. [ 163.966769][ T7036] netlink: 'syz.0.530': attribute type 3 has an invalid length. [ 163.991753][ T7036] netlink: 'syz.0.530': attribute type 5 has an invalid length. [ 164.441022][ T7049] syz.1.536[7049] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 164.441340][ T7049] syz.1.536[7049] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 165.633278][ T3496] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 165.695294][ T7067] syzkaller0: entered promiscuous mode [ 165.701053][ T7067] syzkaller0: entered allmulticast mode [ 168.556326][ T7091] netlink: 'syz.0.554': attribute type 2 has an invalid length. [ 168.564577][ T7091] netlink: 'syz.0.554': attribute type 8 has an invalid length. [ 168.573022][ T7091] netlink: 132 bytes leftover after parsing attributes in process `syz.0.554'. [ 170.311701][ T7127] netlink: 'syz.0.570': attribute type 1 has an invalid length. [ 170.557972][ T7131] netlink: 142556 bytes leftover after parsing attributes in process `syz.2.573'. [ 170.605021][ T7131] netlink: 'syz.2.573': attribute type 1 has an invalid length. [ 170.654905][ T7131] netlink: 'syz.2.573': attribute type 2 has an invalid length. [ 170.683391][ T7131] netlink: 'syz.2.573': attribute type 3 has an invalid length. [ 170.711611][ T7131] netlink: 'syz.2.573': attribute type 4 has an invalid length. [ 173.101334][ T7150] netlink: 4079 bytes leftover after parsing attributes in process `syz.3.581'. [ 173.514224][ T7162] netlink: 6 bytes leftover after parsing attributes in process `syz.0.587'. [ 173.730382][ T7171] syz.1.591[7171] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 173.730528][ T7171] syz.1.591[7171] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 183.567874][ T7204] netlink: 'syz.0.605': attribute type 39 has an invalid length. [ 183.748047][ T7211] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.609'. [ 185.458888][ T7218] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.612'. [ 185.662527][ T7233] vlan0: entered allmulticast mode [ 185.680690][ T7233] veth0_vlan: entered allmulticast mode [ 186.261319][ T7253] netlink: 'syz.2.628': attribute type 10 has an invalid length. [ 186.288440][ T7253] netlink: 65015 bytes leftover after parsing attributes in process `syz.2.628'. [ 191.868320][ T7292] syz.1.642: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 191.892929][ T7292] CPU: 0 PID: 7292 Comm: syz.1.642 Not tainted syzkaller #0 [ 191.900623][ T7292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 191.911104][ T7292] Call Trace: [ 191.914432][ T7292] [ 191.917427][ T7292] dump_stack_lvl+0x16c/0x230 [ 191.922183][ T7292] ? show_regs_print_info+0x20/0x20 [ 191.927786][ T7292] ? load_image+0x3b0/0x3b0 [ 191.932362][ T7292] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 191.939108][ T7292] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 191.945858][ T7292] warn_alloc+0x210/0x300 [ 191.950268][ T7292] ? stack_trace_save+0x9c/0xe0 [ 191.955253][ T7292] ? zone_watermark_ok_safe+0x230/0x230 [ 191.960917][ T7292] ? kasan_set_track+0x5f/0x70 [ 191.965745][ T7292] ? kasan_set_track+0x4e/0x70 [ 191.970755][ T7292] ? __kasan_kmalloc+0x8f/0xa0 [ 191.975686][ T7292] ? xsk_init_queue+0xb0/0x110 [ 191.980856][ T7292] ? xsk_setsockopt+0x4db/0x6f0 [ 191.985767][ T7292] ? do_sock_setsockopt+0x175/0x1a0 [ 191.991043][ T7292] ? __x64_sys_setsockopt+0x184/0x200 [ 191.996587][ T7292] __vmalloc_node_range+0x126/0x1320 [ 192.002062][ T7292] ? free_vm_area+0x50/0x50 [ 192.006653][ T7292] vmalloc_user+0x74/0x80 [ 192.011223][ T7292] ? xskq_create+0xbf/0x170 [ 192.015867][ T7292] xskq_create+0xbf/0x170 [ 192.020282][ T7292] xsk_init_queue+0xb0/0x110 [ 192.025030][ T7292] xsk_setsockopt+0x4db/0x6f0 [ 192.029945][ T7292] ? xsk_poll+0x670/0x670 [ 192.034428][ T7292] ? __fget_files+0x28/0x4d0 [ 192.039094][ T7292] ? aa_sock_opt_perm+0x74/0x100 [ 192.044095][ T7292] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 192.049707][ T7292] ? security_socket_setsockopt+0x7e/0xa0 [ 192.055596][ T7292] ? xsk_poll+0x670/0x670 [ 192.060250][ T7292] do_sock_setsockopt+0x175/0x1a0 [ 192.065428][ T7292] ? __fdget+0x180/0x210 [ 192.069828][ T7292] __x64_sys_setsockopt+0x184/0x200 [ 192.075259][ T7292] do_syscall_64+0x55/0xb0 [ 192.079755][ T7292] ? clear_bhb_loop+0x40/0x90 [ 192.084495][ T7292] ? clear_bhb_loop+0x40/0x90 [ 192.089330][ T7292] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 192.095382][ T7292] RIP: 0033:0x7f6c4318eec9 [ 192.099872][ T7292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.119714][ T7292] RSP: 002b:00007f6c44000038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 192.128386][ T7292] RAX: ffffffffffffffda RBX: 00007f6c433e5fa0 RCX: 00007f6c4318eec9 [ 192.136629][ T7292] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000004 [ 192.144832][ T7292] RBP: 00007f6c43211f91 R08: 0000000000000004 R09: 0000000000000000 [ 192.153359][ T7292] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 192.161458][ T7292] R13: 00007f6c433e6038 R14: 00007f6c433e5fa0 R15: 00007ffd027683a8 [ 192.170011][ T7292] [ 192.253350][ T7292] Mem-Info: [ 192.256594][ T7292] active_anon:5933 inactive_anon:0 isolated_anon:0 [ 192.256594][ T7292] active_file:11140 inactive_file:39907 isolated_file:0 [ 192.256594][ T7292] unevictable:768 dirty:96 writeback:0 [ 192.256594][ T7292] slab_reclaimable:10206 slab_unreclaimable:93789 [ 192.256594][ T7292] mapped:23943 shmem:1361 pagetables:516 [ 192.256594][ T7292] sec_pagetables:0 bounce:0 [ 192.256594][ T7292] kernel_misc_reclaimable:0 [ 192.256594][ T7292] free:1351354 free_pcp:11942 free_cma:0 [ 192.641787][ T7292] Node 0 active_anon:23672kB inactive_anon:0kB active_file:44560kB inactive_file:159428kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:95736kB dirty:384kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10960kB pagetables:2020kB sec_pagetables:0kB all_unreclaimable? no [ 193.051642][ T7292] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 193.280510][ T7292] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 193.591611][ T7292] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 193.598284][ T7292] Node 0 DMA32 free:1496336kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:23628kB inactive_anon:0kB active_file:44560kB inactive_file:158100kB unevictable:1536kB writepending:384kB present:3129332kB managed:2589600kB mlocked:0kB bounce:0kB free_pcp:26376kB local_pcp:12240kB free_cma:0kB [ 193.783100][ T7292] lowmem_reserve[]: 0 0 1 1 1 [ 193.788006][ T7292] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1328kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 193.916191][ T7292] lowmem_reserve[]: 0 0 0 0 0 [ 193.921471][ T7292] Node 1 Normal free:3893772kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:20288kB local_pcp:9408kB free_cma:0kB [ 194.111606][ T7292] lowmem_reserve[]: 0 0 0 0 0 [ 194.116439][ T7292] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 194.251581][ T7292] Node 0 DMA32: 4*4kB (ME) 418*8kB (M) 391*16kB (UM) 545*32kB (UME) 392*64kB (UME) 69*128kB (UME) 27*256kB (UME) 17*512kB (UM) 6*1024kB (ME) 2*2048kB (ME) 344*4096kB (UM) = 1495856kB [ 194.461639][ T7292] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 194.514448][ T7292] Node 1 Normal: 239*4kB (UME) 60*8kB (UME) 41*16kB (UME) 53*32kB (UME) 21*64kB (UME) 8*128kB (UME) 2*256kB (ME) 0*512kB 0*1024kB 2*2048kB (UE) 948*4096kB (M) = 3893772kB [ 194.601717][ T7292] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 194.668774][ T7292] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 194.680311][ T7292] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 194.708949][ T7292] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 194.719436][ T7292] 52408 total pagecache pages [ 194.724897][ T7292] 0 pages in swap cache [ 194.729291][ T7292] Free swap = 124996kB [ 194.733865][ T7292] Total swap = 124996kB [ 194.739246][ T7292] 2097051 pages RAM [ 194.743610][ T7292] 0 pages HighMem/MovableOnly [ 194.761657][ T7292] 416137 pages reserved [ 194.771626][ T7292] 0 pages cma reserved [ 194.886820][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.900412][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.897869][ T7324] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.656'. [ 195.998433][ T7334] netlink: 'syz.2.659': attribute type 39 has an invalid length. [ 196.551024][ T7345] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.671'. [ 196.848461][ T1097] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 197.901086][ T7370] netlink: 'syz.3.672': attribute type 39 has an invalid length. [ 203.959861][ T7430] syzkaller0: entered promiscuous mode [ 203.966917][ T7430] syzkaller0: entered allmulticast mode [ 206.891192][ T7437] netlink: 'syz.3.699': attribute type 2 has an invalid length. [ 206.996169][ T7437] netlink: 'syz.3.699': attribute type 8 has an invalid length. [ 207.173499][ T7437] netlink: 132 bytes leftover after parsing attributes in process `syz.3.699'. [ 210.442507][ T7459] syzkaller0: entered promiscuous mode [ 210.482095][ T7459] syzkaller0: entered allmulticast mode [ 212.326257][ T5793] Bluetooth: hci1: command 0x0406 tx timeout [ 212.327458][ T5102] Bluetooth: hci3: command 0x0406 tx timeout [ 212.335167][ T5793] Bluetooth: hci0: command 0x0406 tx timeout [ 212.349107][ T5801] Bluetooth: hci2: command 0x0406 tx timeout [ 214.240990][ T7482] netlink: 'syz.2.712': attribute type 2 has an invalid length. [ 214.250508][ T7482] netlink: 'syz.2.712': attribute type 8 has an invalid length. [ 214.270690][ T7482] netlink: 132 bytes leftover after parsing attributes in process `syz.2.712'. [ 215.734291][ T7508] syzkaller0: entered promiscuous mode [ 215.741337][ T7508] syzkaller0: entered allmulticast mode [ 215.759341][ T7505] netlink: 'syz.2.726': attribute type 2 has an invalid length. [ 215.789344][ T7505] netlink: 'syz.2.726': attribute type 8 has an invalid length. [ 215.819584][ T7505] netlink: 132 bytes leftover after parsing attributes in process `syz.2.726'. [ 216.032106][ T7512] netlink: 142528 bytes leftover after parsing attributes in process `syz.2.727'. [ 218.571175][ T7512] netlink: 'syz.2.727': attribute type 1 has an invalid length. [ 218.816449][ T7521] netlink: 208092 bytes leftover after parsing attributes in process `syz.1.731'. [ 220.186485][ T7537] netlink: 'syz.3.737': attribute type 2 has an invalid length. [ 220.186698][ T7542] netlink: 142528 bytes leftover after parsing attributes in process `syz.1.739'. [ 220.208737][ T7537] netlink: 'syz.3.737': attribute type 8 has an invalid length. [ 220.234077][ T7537] netlink: 132 bytes leftover after parsing attributes in process `syz.3.737'. [ 220.249810][ T7542] netlink: 'syz.1.739': attribute type 1 has an invalid length. [ 221.096181][ T7562] netlink: 208064 bytes leftover after parsing attributes in process `syz.1.750'. [ 221.592122][ T7569] netlink: 'syz.3.753': attribute type 2 has an invalid length. [ 221.608958][ T7569] netlink: 'syz.3.753': attribute type 8 has an invalid length. [ 221.637312][ T7569] netlink: 132 bytes leftover after parsing attributes in process `syz.3.753'. [ 221.989222][ T7573] netlink: 142528 bytes leftover after parsing attributes in process `syz.3.754'. [ 222.039610][ T7573] netlink: 'syz.3.754': attribute type 1 has an invalid length. [ 223.632095][ T7594] netlink: 'syz.1.763': attribute type 2 has an invalid length. [ 223.651303][ T7594] netlink: 'syz.1.763': attribute type 8 has an invalid length. [ 223.681602][ T7594] netlink: 132 bytes leftover after parsing attributes in process `syz.1.763'. [ 223.772200][ T7598] netlink: 60 bytes leftover after parsing attributes in process `syz.2.761'. [ 223.831911][ T7598] netlink: 60 bytes leftover after parsing attributes in process `syz.2.761'. [ 223.904643][ T7595] netlink: 60 bytes leftover after parsing attributes in process `syz.2.761'. [ 223.943162][ T7599] netlink: 60 bytes leftover after parsing attributes in process `syz.2.761'. [ 225.153674][ T7616] netlink: 'syz.0.771': attribute type 10 has an invalid length. [ 225.176626][ T7616] netlink: 'syz.0.771': attribute type 10 has an invalid length. [ 225.210211][ T7616] netlink: 209216 bytes leftover after parsing attributes in process `syz.0.771'. [ 225.249844][ T7616] openvswitch: netlink: Message has 4 unknown bytes. [ 226.502224][ T7632] netlink: 'syz.1.779': attribute type 2 has an invalid length. [ 226.510131][ T7632] netlink: 'syz.1.779': attribute type 8 has an invalid length. [ 226.520420][ T7632] netlink: 132 bytes leftover after parsing attributes in process `syz.1.779'. [ 227.057590][ T7644] netlink: 61967 bytes leftover after parsing attributes in process `syz.1.785'. [ 227.117234][ T7647] netlink: 'syz.3.786': attribute type 2 has an invalid length. [ 227.151774][ T7647] netlink: 164 bytes leftover after parsing attributes in process `syz.3.786'. [ 227.261425][ T7648] netlink: 'syz.0.794': attribute type 2 has an invalid length. [ 227.275337][ T7648] netlink: 'syz.0.794': attribute type 8 has an invalid length. [ 227.291148][ T7648] netlink: 132 bytes leftover after parsing attributes in process `syz.0.794'. [ 227.569736][ T7655] netlink: set zone limit has 8 unknown bytes [ 227.884059][ T3496] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 228.006148][ T7658] netlink: 'syz.0.800': attribute type 2 has an invalid length. [ 228.042139][ T7658] netlink: 'syz.0.800': attribute type 8 has an invalid length. [ 228.100523][ T7658] netlink: 132 bytes leftover after parsing attributes in process `syz.0.800'. [ 229.655791][ T7668] netlink: 14 bytes leftover after parsing attributes in process `syz.0.796'. [ 229.921684][ T7672] netlink: 'syz.2.798': attribute type 2 has an invalid length. [ 229.930849][ T7672] netlink: 132 bytes leftover after parsing attributes in process `syz.2.798'. [ 233.455004][ T7705] netlink: 'syz.1.819': attribute type 10 has an invalid length. [ 233.497550][ T7705] team0: Device ipvlan1 failed to register rx_handler [ 233.756373][ T7714] netlink: 14 bytes leftover after parsing attributes in process `syz.3.812'. [ 233.887750][ T7716] netlink: 'syz.1.813': attribute type 2 has an invalid length. [ 233.911366][ T7716] netlink: 132 bytes leftover after parsing attributes in process `syz.1.813'. [ 234.099923][ T7720] netlink: 'syz.0.816': attribute type 2 has an invalid length. [ 234.109743][ T7720] netlink: 'syz.0.816': attribute type 8 has an invalid length. [ 234.122662][ T7720] netlink: 132 bytes leftover after parsing attributes in process `syz.0.816'. [ 234.257594][ T7726] netlink: 14 bytes leftover after parsing attributes in process `syz.1.827'. [ 236.270739][ T7738] netlink: 'syz.0.824': attribute type 10 has an invalid length. [ 236.307926][ T7738] team0: Device ipvlan1 failed to register rx_handler [ 236.653287][ T7750] netlink: 'syz.0.829': attribute type 2 has an invalid length. [ 236.666689][ T7750] netlink: 'syz.0.829': attribute type 8 has an invalid length. [ 236.687044][ T7750] netlink: 132 bytes leftover after parsing attributes in process `syz.0.829'. [ 248.079212][ T7858] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x32 [ 252.822259][ T7952] netlink: 208064 bytes leftover after parsing attributes in process `syz.0.918'. [ 253.613384][ T7970] syzkaller0: entered promiscuous mode [ 253.619279][ T7970] syzkaller0: entered allmulticast mode [ 255.832473][ T7976] syzkaller0: entered promiscuous mode [ 255.838056][ T7976] syzkaller0: entered allmulticast mode [ 256.331233][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.337929][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.126568][ T8001] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.938'. [ 258.949364][ T8012] syzkaller0: entered promiscuous mode [ 258.960912][ T8012] syzkaller0: entered allmulticast mode [ 259.110518][ T3496] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 261.259499][ T8019] syzkaller0: entered promiscuous mode [ 261.265553][ T8019] syzkaller0: entered allmulticast mode [ 264.932080][ T8067] netlink: 156 bytes leftover after parsing attributes in process `syz.0.960'. [ 266.468370][ T8099] syzkaller0: entered promiscuous mode [ 266.481276][ T8099] syzkaller0: entered allmulticast mode [ 270.844239][ T8149] syzkaller0: entered promiscuous mode [ 270.850214][ T8149] syzkaller0: entered allmulticast mode [ 286.044103][ T8371] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1082'. [ 286.487976][ T8380] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.1086'. [ 289.537516][ T1083] wlan1: Trigger new scan to find an IBSS to join [ 290.942392][ T8466] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:0603:0000:0023 with DS=0x3f [ 293.549929][ T8532] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1151'. [ 294.483725][ T3496] wlan1: Trigger new scan to find an IBSS to join [ 295.464748][ T3496] wlan1: Creating new IBSS network, BSSID 36:10:32:b2:73:55 [ 296.038589][ T8597] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.1178'. [ 296.412582][ T8608] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.1185'. [ 301.441947][ T12] wlan1: Trigger new scan to find an IBSS to join [ 304.501595][ T1097] wlan1: Trigger new scan to find an IBSS to join [ 306.907551][ T3496] wlan1: Creating new IBSS network, BSSID 62:61:2c:13:9b:9d [ 317.617224][ T8805] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.1269'. [ 317.769559][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.776880][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.303474][ T8821] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.1283'. [ 318.420360][ T8826] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.1276'. [ 323.394444][ T8870] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.1289'. [ 327.165983][ T8890] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.1310'. [ 336.932992][ T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 338.186449][ T9026] netlink: 2759 bytes leftover after parsing attributes in process `syz.3.1356'. [ 341.030755][ T9060] netlink: 539 bytes leftover after parsing attributes in process `syz.0.1368'. [ 342.471753][ T9094] netlink: 15119 bytes leftover after parsing attributes in process `syz.3.1384'. [ 343.628993][ T9121] netlink: 15119 bytes leftover after parsing attributes in process `syz.1.1396'. [ 343.816910][ T9126] netlink: 15119 bytes leftover after parsing attributes in process `syz.2.1408'. [ 345.040697][ T9157] netlink: 15119 bytes leftover after parsing attributes in process `syz.2.1412'. [ 348.177816][ T9217] syzkaller0: entered promiscuous mode [ 348.184337][ T9217] syzkaller0: entered allmulticast mode [ 350.015283][ T9250] syzkaller0: entered promiscuous mode [ 350.021021][ T9250] syzkaller0: entered allmulticast mode [ 351.484271][ T9289] syzkaller0: entered promiscuous mode [ 351.512755][ T9289] syzkaller0: entered allmulticast mode [ 352.735109][ T9318] syzkaller0: entered promiscuous mode [ 352.745447][ T9318] syzkaller0: entered allmulticast mode [ 353.328175][ T9334] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.1490'. [ 353.567521][ T9340] sctp: [Deprecated]: syz.3.1492 (pid 9340) Use of struct sctp_assoc_value in delayed_ack socket option. [ 353.567521][ T9340] Use struct sctp_sack_info instead [ 354.210287][ T9360] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.1503'. [ 354.354027][ T9363] sctp: [Deprecated]: syz.2.1504 (pid 9363) Use of struct sctp_assoc_value in delayed_ack socket option. [ 354.354027][ T9363] Use struct sctp_sack_info instead [ 355.664470][ T9389] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1514'. [ 355.697338][ T9389] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1514'. [ 356.156779][ T9408] syzkaller0: entered promiscuous mode [ 356.166294][ T9408] syzkaller0: entered allmulticast mode [ 356.179742][ T9408] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 65487 [ 356.509048][ T9412] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1528'. [ 356.552728][ T9412] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1528'. [ 356.572904][ T9414] syzkaller0: entered promiscuous mode [ 356.591326][ T9414] syzkaller0: entered allmulticast mode [ 357.155370][ T9434] netlink: 'syz.1.1538': attribute type 12 has an invalid length. [ 357.174754][ T9434] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1538'. [ 357.745232][ T9443] netlink: 'syz.2.1551': attribute type 12 has an invalid length. [ 357.791665][ T9443] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1551'. [ 357.832655][ T9451] ±ÿ: renamed from team_slave_1 (while UP) [ 357.847939][ T9452] syzkaller0: entered promiscuous mode [ 357.861534][ T9452] syzkaller0: entered allmulticast mode [ 360.107437][ T9457] ±ÿ: renamed from team_slave_1 (while UP) [ 360.568186][ T9475] syzkaller0: entered promiscuous mode [ 360.574113][ T9475] syzkaller0: entered allmulticast mode [ 360.676040][ T9481] netlink: 'syz.0.1554': attribute type 12 has an invalid length. [ 360.684559][ T9481] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1554'. [ 361.669754][ T9501] ±ÿ: renamed from team_slave_1 (while UP) [ 368.319102][ T9634] syzkaller0: entered promiscuous mode [ 368.336728][ T9634] syzkaller0: entered allmulticast mode [ 370.113580][ T77] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 370.868254][ T9663] syz.3.1635[9663] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 370.868853][ T9663] syz.3.1635[9663] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 371.257526][ T9674] syzkaller0: entered promiscuous mode [ 371.278879][ T9674] syzkaller0: entered allmulticast mode [ 371.657532][ T9688] syz.1.1649[9688] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 371.657907][ T9688] syz.1.1649[9688] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 374.147253][ T9701] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.1664'. [ 374.850842][ T9734] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.1671'. [ 375.047287][ T9739] syzkaller0: entered promiscuous mode [ 375.064634][ T9739] syzkaller0: entered allmulticast mode [ 379.212225][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.219060][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 401.135771][ T11] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 402.169375][ T5802] Bluetooth: hci3: Malformed LE Event: 0x02 [ 402.932928][ T5802] Bluetooth: hci2: Malformed LE Event: 0x02 [ 405.873504][ T5802] Bluetooth: hci0: Malformed LE Event: 0x02 [ 407.123418][ T5802] Bluetooth: hci1: Malformed LE Event: 0x02 [ 407.346157][ T5802] Bluetooth: hci1: Malformed LE Event: 0x02 [ 409.056213][ T5802] Bluetooth: hci0: Malformed LE Event: 0x02 [ 412.321965][ T5802] Bluetooth: hci2: Malformed LE Event: 0x02 [ 415.207919][ T5802] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 416.022976][ T5802] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 424.698043][ T5802] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 425.114719][ T5802] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 431.724787][T10422] netlink: 'syz.2.1970': attribute type 9 has an invalid length. [ 431.757734][T10422] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1970'. [ 431.953170][T10429] netlink: 'syz.2.1970': attribute type 9 has an invalid length. [ 432.071563][T10429] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1970'. [ 432.265196][ T2116] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 433.839884][T10467] netlink: 'syz.3.1987': attribute type 9 has an invalid length. [ 433.873772][T10467] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1987'. [ 433.993937][T10468] netlink: 'syz.3.1987': attribute type 9 has an invalid length. [ 434.034641][T10468] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.1987'. [ 434.060120][T10469] udevd[10469]: failed to send result of seq 13514 to main daemon: Connection refused [ 434.140475][ T5802] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18 [ 434.149085][ T5802] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0' [ 434.159632][ T5802] CPU: 0 PID: 5802 Comm: kworker/u5:8 Not tainted syzkaller #0 [ 434.167417][ T5802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 434.177526][ T5802] Workqueue: hci1 hci_rx_work [ 434.182328][ T5802] Call Trace: [ 434.185623][ T5802] [ 434.188569][ T5802] dump_stack_lvl+0x16c/0x230 [ 434.193360][ T5802] ? show_regs_print_info+0x20/0x20 [ 434.198744][ T5802] ? load_image+0x3b0/0x3b0 [ 434.203433][ T5802] sysfs_create_dir_ns+0x256/0x280 [ 434.208707][ T5802] ? hci_rx_work+0x43a/0xd80 [ 434.213342][ T5802] ? sysfs_warn_dup+0xa0/0xa0 [ 434.218061][ T5802] ? do_raw_spin_unlock+0x121/0x230 [ 434.223398][ T5802] kobject_add_internal+0x6b8/0xc70 [ 434.228722][ T5802] kobject_add+0x156/0x220 [ 434.233198][ T5802] ? __rwlock_init+0x150/0x150 [ 434.238041][ T5802] ? kobject_init+0x1e0/0x1e0 [ 434.242769][ T5802] ? _raw_spin_unlock+0x28/0x40 [ 434.247752][ T5802] ? get_device_parent+0x366/0x390 [ 434.252916][ T5802] device_add+0x408/0xc20 [ 434.257293][ T5802] hci_conn_add_sysfs+0xd5/0x1e0 [ 434.262352][ T5802] le_conn_complete_evt+0xc37/0x1220 [ 434.267697][ T5802] ? bt_warn+0x10c/0x160 [ 434.272018][ T5802] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 434.278288][ T5802] ? bt_info+0x160/0x160 [ 434.282707][ T5802] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 434.288570][ T5802] ? skb_pull_data+0xfb/0x200 [ 434.293295][ T5802] hci_le_conn_complete_evt+0x187/0x440 [ 434.298973][ T5802] ? hci_remote_host_features_evt+0x160/0x160 [ 434.305184][ T5802] hci_event_packet+0x795/0x1210 [ 434.310170][ T5802] ? bis_list+0x290/0x290 [ 434.314548][ T5802] ? lockdep_hardirqs_on+0x98/0x150 [ 434.319787][ T5802] ? hci_send_to_monitor+0xd7/0x4f0 [ 434.325115][ T5802] hci_rx_work+0x43a/0xd80 [ 434.329665][ T5802] ? process_scheduled_works+0x957/0x15b0 [ 434.335671][ T5802] process_scheduled_works+0xa45/0x15b0 [ 434.341626][ T5802] ? assign_work+0x400/0x400 [ 434.346243][ T5802] ? assign_work+0x39e/0x400 [ 434.351028][ T5802] worker_thread+0xa55/0xfc0 [ 434.355707][ T5802] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 434.361973][ T5802] ? _raw_spin_unlock+0x40/0x40 [ 434.367014][ T5802] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 434.372948][ T5802] kthread+0x2fa/0x390 [ 434.377037][ T5802] ? pr_cont_work+0x560/0x560 [ 434.381754][ T5802] ? kthread_blkcg+0xd0/0xd0 [ 434.386613][ T5802] ret_from_fork+0x48/0x80 [ 434.391084][ T5802] ? kthread_blkcg+0xd0/0xd0 [ 434.395707][ T5802] ret_from_fork_asm+0x11/0x20 [ 434.400595][ T5802] [ 434.404833][ T5802] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 434.427718][ T5802] Bluetooth: hci1: failed to register connection device [ 436.081895][ T50] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 436.089975][ T50] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0' [ 436.099805][ T50] CPU: 0 PID: 50 Comm: kworker/u5:0 Not tainted syzkaller #0 [ 436.107349][ T50] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 436.117520][ T50] Workqueue: hci0 hci_rx_work [ 436.122257][ T50] Call Trace: [ 436.125582][ T50] [ 436.128551][ T50] dump_stack_lvl+0x16c/0x230 [ 436.133313][ T50] ? show_regs_print_info+0x20/0x20 [ 436.138574][ T50] ? load_image+0x3b0/0x3b0 [ 436.143158][ T50] sysfs_create_dir_ns+0x256/0x280 [ 436.148381][ T50] ? hci_rx_work+0x43a/0xd80 [ 436.153047][ T50] ? sysfs_warn_dup+0xa0/0xa0 [ 436.157806][ T50] ? do_raw_spin_unlock+0x121/0x230 [ 436.163348][ T50] kobject_add_internal+0x6b8/0xc70 [ 436.169167][ T50] kobject_add+0x156/0x220 [ 436.173713][ T50] ? __rwlock_init+0x150/0x150 [ 436.178580][ T50] ? kobject_init+0x1e0/0x1e0 [ 436.183328][ T50] ? _raw_spin_unlock+0x28/0x40 [ 436.188230][ T50] ? get_device_parent+0x366/0x390 [ 436.193407][ T50] device_add+0x408/0xc20 [ 436.197800][ T50] hci_conn_add_sysfs+0xd5/0x1e0 [ 436.202795][ T50] le_conn_complete_evt+0xc37/0x1220 [ 436.208158][ T50] ? bt_warn+0x10c/0x160 [ 436.212456][ T50] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 436.219094][ T50] ? bt_info+0x160/0x160 [ 436.223419][ T50] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 436.229154][ T50] ? skb_pull_data+0xfb/0x200 [ 436.233904][ T50] hci_le_conn_complete_evt+0x187/0x440 [ 436.239583][ T50] ? hci_remote_host_features_evt+0x160/0x160 [ 436.246035][ T50] hci_event_packet+0x795/0x1210 [ 436.251064][ T50] ? bis_list+0x290/0x290 [ 436.255475][ T50] ? lockdep_hardirqs_on+0x98/0x150 [ 436.261043][ T50] ? hci_send_to_monitor+0xd7/0x4f0 [ 436.266316][ T50] hci_rx_work+0x43a/0xd80 [ 436.270806][ T50] ? process_scheduled_works+0x957/0x15b0 [ 436.276613][ T50] process_scheduled_works+0xa45/0x15b0 [ 436.282436][ T50] ? assign_work+0x400/0x400 [ 436.287172][ T50] ? assign_work+0x39e/0x400 [ 436.291998][ T50] worker_thread+0xa55/0xfc0 [ 436.296674][ T50] kthread+0x2fa/0x390 [ 436.300786][ T50] ? pr_cont_work+0x560/0x560 [ 436.305794][ T50] ? kthread_blkcg+0xd0/0xd0 [ 436.310441][ T50] ret_from_fork+0x48/0x80 [ 436.314914][ T50] ? kthread_blkcg+0xd0/0xd0 [ 436.319548][ T50] ret_from_fork_asm+0x11/0x20 [ 436.324489][ T50] [ 436.332124][ T50] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 436.349088][ T50] Bluetooth: hci0: failed to register connection device [ 436.481596][ T50] Bluetooth: hci1: command 0x0406 tx timeout [ 436.844844][T10516] netlink: 'syz.0.2003': attribute type 9 has an invalid length. [ 436.885212][T10516] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2003'. [ 436.993711][T10521] netlink: 'syz.0.2003': attribute type 9 has an invalid length. [ 437.022988][T10521] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2003'. [ 437.849012][ T50] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10 [ 438.411848][ T50] Bluetooth: hci0: command 0x0406 tx timeout [ 439.050285][ T50] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18 [ 439.058424][ T50] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0' [ 439.068373][ T50] CPU: 1 PID: 50 Comm: kworker/u5:0 Not tainted syzkaller #0 [ 439.075857][ T50] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 439.086347][ T50] Workqueue: hci2 hci_rx_work [ 439.091178][ T50] Call Trace: [ 439.094500][ T50] [ 439.097470][ T50] dump_stack_lvl+0x16c/0x230 [ 439.102386][ T50] ? show_regs_print_info+0x20/0x20 [ 439.107696][ T50] ? load_image+0x3b0/0x3b0 [ 439.112706][ T50] sysfs_create_dir_ns+0x256/0x280 [ 439.117895][ T50] ? hci_rx_work+0x43a/0xd80 [ 439.122534][ T50] ? sysfs_warn_dup+0xa0/0xa0 [ 439.127274][ T50] ? do_raw_spin_unlock+0x121/0x230 [ 439.132640][ T50] kobject_add_internal+0x6b8/0xc70 [ 439.138436][ T50] kobject_add+0x156/0x220 [ 439.142990][ T50] ? __rwlock_init+0x150/0x150 [ 439.147800][ T50] ? kobject_init+0x1e0/0x1e0 [ 439.152627][ T50] ? _raw_spin_unlock+0x28/0x40 [ 439.157702][ T50] ? get_device_parent+0x366/0x390 [ 439.162941][ T50] device_add+0x408/0xc20 [ 439.167328][ T50] hci_conn_add_sysfs+0xd5/0x1e0 [ 439.172298][ T50] le_conn_complete_evt+0xc37/0x1220 [ 439.177620][ T50] ? bt_warn+0x10c/0x160 [ 439.181994][ T50] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 439.188303][ T50] ? bt_info+0x160/0x160 [ 439.192617][ T50] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 439.198282][ T50] ? skb_pull_data+0xfb/0x200 [ 439.203015][ T50] hci_le_conn_complete_evt+0x187/0x440 [ 439.208614][ T50] ? hci_remote_host_features_evt+0x160/0x160 [ 439.214772][ T50] hci_event_packet+0x795/0x1210 [ 439.219784][ T50] ? bis_list+0x290/0x290 [ 439.224267][ T50] ? lockdep_hardirqs_on+0x98/0x150 [ 439.229718][ T50] ? hci_send_to_monitor+0xd7/0x4f0 [ 439.235059][ T50] hci_rx_work+0x43a/0xd80 [ 439.239599][ T50] ? process_scheduled_works+0x957/0x15b0 [ 439.245380][ T50] process_scheduled_works+0xa45/0x15b0 [ 439.251108][ T50] ? assign_work+0x400/0x400 [ 439.255754][ T50] ? assign_work+0x39e/0x400 [ 439.260380][ T50] worker_thread+0xa55/0xfc0 [ 439.265107][ T50] kthread+0x2fa/0x390 [ 439.269212][ T50] ? pr_cont_work+0x560/0x560 [ 439.273961][ T50] ? kthread_blkcg+0xd0/0xd0 [ 439.278856][ T50] ret_from_fork+0x48/0x80 [ 439.283412][ T50] ? kthread_blkcg+0xd0/0xd0 [ 439.288042][ T50] ret_from_fork_asm+0x11/0x20 [ 439.292861][ T50] [ 439.301223][ T50] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 439.315605][ T50] Bluetooth: hci2: failed to register connection device [ 439.550298][T10544] netlink: 'syz.1.2016': attribute type 9 has an invalid length. [ 439.575998][T10544] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2016'. [ 439.765710][T10550] netlink: 'syz.1.2016': attribute type 9 has an invalid length. [ 439.790708][T10550] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2016'. [ 439.922114][ T5802] Bluetooth: hci2: command 0x0406 tx timeout [ 440.645882][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.661840][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.414448][ T5802] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10 [ 441.593565][ T5802] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 441.937190][T10590] netlink: 'syz.0.2031': attribute type 9 has an invalid length. [ 441.945453][T10590] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2031'. [ 442.012084][ T5802] Bluetooth: hci2: command 0x0406 tx timeout [ 442.035808][T10590] netlink: 'syz.0.2031': attribute type 9 has an invalid length. [ 442.044453][T10590] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2031'. [ 442.250601][ T5802] Bluetooth: hci3: unexpected event 0x04 length: 15 > 10 [ 442.347262][ T5802] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 442.364068][ T5802] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 443.304245][T10632] netlink: 'syz.2.2047': attribute type 9 has an invalid length. [ 443.316459][T10632] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2047'. [ 443.344035][ T5802] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 443.352725][ T5802] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 443.376722][T10636] netlink: 'syz.2.2047': attribute type 9 has an invalid length. [ 443.387731][T10636] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2047'. [ 443.441813][ T5802] Bluetooth: hci1: command 0x0406 tx timeout [ 443.681663][ T5802] Bluetooth: hci3: command 0x0406 tx timeout [ 444.113567][T10643] netlink: 'syz.0.2058': attribute type 9 has an invalid length. [ 444.131966][T10643] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2058'. [ 444.157577][ T5802] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 444.169831][ T5802] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 444.174560][ T50] Bluetooth: hci0: unexpected event 0x04 length: 15 > 10 [ 444.307414][T10643] netlink: 'syz.0.2058': attribute type 9 has an invalid length. [ 444.330656][T10643] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2058'. [ 444.713855][T10662] netlink: 'syz.3.2068': attribute type 9 has an invalid length. [ 444.742298][T10662] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.2068'. [ 444.809714][T10667] netlink: 'syz.3.2068': attribute type 9 has an invalid length. [ 444.817995][T10667] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.2068'. [ 445.510217][T10676] netlink: 'syz.3.2072': attribute type 9 has an invalid length. [ 445.534018][T10676] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.2072'. [ 445.631383][T10679] netlink: 'syz.3.2072': attribute type 9 has an invalid length. [ 445.691625][T10679] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.2072'. [ 445.767937][ T50] Bluetooth: hci3: command 0x0406 tx timeout [ 446.244072][ T50] Bluetooth: hci0: command 0x0406 tx timeout [ 449.483056][T10738] validate_nla: 2 callbacks suppressed [ 449.483076][T10738] netlink: 'syz.1.2092': attribute type 9 has an invalid length. [ 449.531651][T10738] __nla_validate_parse: 2 callbacks suppressed [ 449.531670][T10738] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2092'. [ 449.971788][T10746] netlink: 'syz.1.2092': attribute type 9 has an invalid length. [ 449.981251][T10746] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2092'. [ 458.907524][T10780] netlink: 'syz.1.2111': attribute type 9 has an invalid length. [ 458.931585][T10780] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2111'. [ 459.013535][T10785] netlink: 'syz.1.2111': attribute type 9 has an invalid length. [ 459.031870][T10785] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2111'. [ 459.038892][T10787] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.2115'. [ 459.496736][T10800] netlink: 'syz.0.2130': attribute type 9 has an invalid length. [ 459.508965][T10800] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2130'. [ 459.652979][T10803] netlink: 'syz.0.2130': attribute type 9 has an invalid length. [ 459.705421][T10803] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2130'. [ 460.169969][T10814] netlink: 'syz.0.2136': attribute type 9 has an invalid length. [ 460.178407][T10814] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2136'. [ 461.143621][T10814] netlink: 'syz.0.2136': attribute type 9 has an invalid length. [ 461.156590][T10814] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2136'. [ 461.503100][T10833] netlink: 'syz.0.2144': attribute type 9 has an invalid length. [ 461.531618][T10833] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2144'. [ 461.545489][T10832] netlink: 193500 bytes leftover after parsing attributes in process `syz.1.2133'. [ 461.656410][T10834] netlink: 'syz.0.2144': attribute type 9 has an invalid length. [ 461.714039][T10834] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2144'. [ 462.682423][T10864] netlink: 'syz.2.2159': attribute type 10 has an invalid length. [ 462.710906][T10867] netlink: 'syz.1.2152': attribute type 9 has an invalid length. [ 463.293685][ T1097] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 463.980754][T10905] validate_nla: 2 callbacks suppressed [ 463.980873][T10905] netlink: 'syz.1.2171': attribute type 9 has an invalid length. [ 463.996142][T10905] __nla_validate_parse: 4 callbacks suppressed [ 463.996157][T10905] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2171'. [ 464.126963][T10905] netlink: 'syz.1.2171': attribute type 9 has an invalid length. [ 464.135393][T10905] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2171'. [ 464.440020][T10922] netlink: 'syz.0.2180': attribute type 10 has an invalid length. [ 464.894638][T10932] netlink: 'syz.3.2193': attribute type 10 has an invalid length. [ 465.383949][T10950] netlink: 'syz.0.2191': attribute type 9 has an invalid length. [ 465.411600][T10950] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2191'. [ 465.520085][T10956] netlink: 'syz.0.2191': attribute type 9 has an invalid length. [ 465.531548][T10956] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2191'. [ 466.406469][T10970] syz.3.2203[10970] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 466.406876][T10970] syz.3.2203[10970] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 466.726430][T10985] netlink: 'syz.1.2210': attribute type 9 has an invalid length. [ 466.752197][T10985] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2210'. [ 466.824129][T10989] netlink: 'syz.1.2210': attribute type 9 has an invalid length. [ 466.841582][T10989] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2210'. [ 467.615629][T10997] syz.2.2214[10997] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 467.615919][T10997] syz.2.2214[10997] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 468.418142][T11009] netlink: 'syz.2.2220': attribute type 9 has an invalid length. [ 468.438622][T11009] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2220'. [ 468.551598][T11012] netlink: 'syz.2.2220': attribute type 9 has an invalid length. [ 468.570942][T11012] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2220'. [ 469.635824][T11019] syz.1.2224[11019] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 469.636107][T11019] syz.1.2224[11019] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 470.943137][T11053] syz.0.2237[11053] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 470.955670][T11053] syz.0.2237[11053] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 472.024358][ T50] Bluetooth: hci3: unexpected event 0x04 length: 15 > 10 [ 472.036837][ T50] Bluetooth: unknown link type 88 [ 472.049572][ T50] Bluetooth: hci3: connection err: -111 [ 473.985381][ T50] Bluetooth: hci0: unexpected event 0x04 length: 15 > 10 [ 473.985421][ T50] Bluetooth: unknown link type 88 [ 473.998170][ T50] Bluetooth: hci0: connection err: -111 [ 474.923251][ T50] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10 [ 474.923288][ T50] Bluetooth: unknown link type 88 [ 474.936102][ T50] Bluetooth: hci1: connection err: -111 [ 477.850336][ T50] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10 [ 477.850376][ T50] Bluetooth: unknown link type 88 [ 477.863161][ T50] Bluetooth: hci2: connection err: -111 [ 482.399948][ T50] Bluetooth: hci0: Malformed HCI Event [ 485.187333][ T50] Bluetooth: hci1: Malformed HCI Event [ 486.046563][ T50] Bluetooth: hci3: Malformed HCI Event [ 488.443311][T11302] netlink: 'syz.0.2351': attribute type 3 has an invalid length. [ 488.455839][T11302] netlink: 'syz.0.2351': attribute type 4 has an invalid length. [ 488.464727][T11302] netlink: 'syz.0.2351': attribute type 7 has an invalid length. [ 488.473467][T11302] netlink: 'syz.0.2351': attribute type 8 has an invalid length. [ 488.497026][T11302] netlink: 'syz.0.2351': attribute type 7 has an invalid length. [ 488.511104][ T50] Bluetooth: hci2: Malformed HCI Event [ 488.518614][T11302] netlink: 198048 bytes leftover after parsing attributes in process `syz.0.2351'. [ 488.951856][T11327] netlink: 'syz.3.2365': attribute type 3 has an invalid length. [ 488.966580][T11327] netlink: 'syz.3.2365': attribute type 4 has an invalid length. [ 488.985025][T11327] netlink: 'syz.3.2365': attribute type 7 has an invalid length. [ 488.999391][T11327] netlink: 'syz.3.2365': attribute type 8 has an invalid length. [ 489.010012][T11327] netlink: 'syz.3.2365': attribute type 7 has an invalid length. [ 489.018252][T11327] netlink: 198048 bytes leftover after parsing attributes in process `syz.3.2365'. [ 489.331258][T11341] netlink: 198048 bytes leftover after parsing attributes in process `syz.1.2378'. [ 489.893811][T11363] netlink: 198048 bytes leftover after parsing attributes in process `syz.2.2382'. [ 490.935586][T11398] syzkaller0: entered promiscuous mode [ 493.624897][T11429] syzkaller0: entered promiscuous mode [ 494.319737][ T1083] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 496.066645][T11447] syzkaller0: entered promiscuous mode [ 499.421328][T11498] syzkaller0: entered promiscuous mode [ 502.097289][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.104068][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.958907][ T50] Bluetooth: hci0: Malformed LE Event: 0x0d [ 503.539778][ T50] Bluetooth: hci1: Malformed LE Event: 0x0d [ 509.817313][ T50] Bluetooth: hci2: Malformed LE Event: 0x0d [ 511.703286][ T50] Bluetooth: hci3: Malformed LE Event: 0x0d [ 525.258212][ T1097] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 548.518450][T12100] sctp: [Deprecated]: syz.2.2701 (pid 12100) Use of struct sctp_assoc_value in delayed_ack socket option. [ 548.518450][T12100] Use struct sctp_sack_info instead [ 548.692506][ T50] Bluetooth: hci3: Malformed LE Event: 0x1b [ 550.809500][T12108] sock: sock_timestamping_bind_phc: sock not bind to device [ 551.010191][T12116] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2709'. [ 551.285188][T12128] sctp: [Deprecated]: syz.3.2716 (pid 12128) Use of struct sctp_assoc_value in delayed_ack socket option. [ 551.285188][T12128] Use struct sctp_sack_info instead [ 551.321064][ T50] Bluetooth: hci2: Malformed LE Event: 0x1b [ 551.466217][T12136] sock: sock_timestamping_bind_phc: sock not bind to device [ 553.657734][T12138] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2722'. [ 553.904133][T12153] sctp: [Deprecated]: syz.1.2726 (pid 12153) Use of struct sctp_assoc_value in delayed_ack socket option. [ 553.904133][T12153] Use struct sctp_sack_info instead [ 553.942330][ T50] Bluetooth: hci1: Malformed LE Event: 0x1b [ 554.064908][T12161] sock: sock_timestamping_bind_phc: sock not bind to device [ 554.284152][T12170] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2733'. [ 554.460242][ T50] Bluetooth: hci0: Malformed LE Event: 0x1b [ 554.689198][T12184] sctp: [Deprecated]: syz.0.2739 (pid 12184) Use of struct sctp_assoc_value in delayed_ack socket option. [ 554.689198][T12184] Use struct sctp_sack_info instead [ 554.878313][T12192] sock: sock_timestamping_bind_phc: sock not bind to device [ 555.007071][T12195] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2745'. [ 555.339485][T12213] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2761'. [ 555.770005][T12230] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2768'. [ 557.523656][ T1083] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) Connection to 10.128.1.108 closed by remote host. [ 560.427052][T12325] ------------[ cut here ]------------ [ 560.433129][T12325] WARNING: CPU: 1 PID: 12325 at kernel/events/core.c:6806 perf_pending_task+0x35c/0x470 [ 560.443460][T12325] Modules linked in: [ 560.447517][T12325] CPU: 1 PID: 12325 Comm: syz.1.2802 Not tainted syzkaller #0 [ 560.455344][T12325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 560.465504][T12325] RIP: 0010:perf_pending_task+0x35c/0x470 [ 560.472114][T12325] Code: ff 84 db 75 14 e8 54 49 d6 ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 40 49 d6 ff e8 bb 4d 51 ff eb e5 e8 34 49 d6 ff <0f> 0b e9 f3 fe ff ff e8 28 49 d6 ff 48 c7 c7 30 d0 dc 8c 4c 89 f6 [ 560.492133][T12325] RSP: 0018:ffffc900189d7a00 EFLAGS: 00010293 [ 560.498407][T12325] RAX: ffffffff81af4e6c RBX: ffff88802e5116b0 RCX: ffff888026493c00 [ 560.506561][T12325] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 560.514634][T12325] RBP: 0000000000000001 R08: ffffffff8e4a7fef R09: 1ffffffff1c94ffd [ 560.522731][T12325] R10: dffffc0000000000 R11: fffffbfff1c94ffe R12: ffff888026493c00 [ 560.530751][T12325] R13: ffff88801e6e9130 R14: ffff88802e511470 R15: 1ffff11005ca228e [ 560.539004][T12325] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 560.548106][T12325] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 560.554851][T12325] CR2: 0000000000000000 CR3: 0000000021bac000 CR4: 00000000003506e0 [ 560.563241][T12325] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 560.571255][T12325] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 560.580265][T12325] Call Trace: [ 560.583845][T12325] [ 560.586820][T12325] task_work_run+0x1ce/0x250 [ 560.591513][T12325] ? task_work_cancel+0x240/0x240 [ 560.596606][T12325] do_exit+0x90b/0x23c0 [ 560.600918][T12325] ? lock_chain_count+0x20/0x20 [ 560.606081][T12325] ? put_task_struct+0xc0/0xc0 [ 560.611024][T12325] ? asm_sysvec_irq_work+0x1a/0x20 [ 560.616246][T12325] ? lockdep_hardirqs_on+0x98/0x150 [ 560.621561][T12325] ? asm_sysvec_irq_work+0x1a/0x20 [ 560.626743][T12325] do_group_exit+0x21b/0x2d0 [ 560.631560][T12325] ? _raw_spin_unlock_irq+0x29/0x50 [ 560.636820][T12325] get_signal+0x12fc/0x1400 [ 560.641658][T12325] arch_do_signal_or_restart+0x96/0x780 [ 560.647543][T12325] ? get_sigframe_size+0x20/0x20 [ 560.652649][T12325] ? exit_to_user_mode_loop+0x3b/0x110 [ 560.658301][T12325] exit_to_user_mode_loop+0x70/0x110 [ 560.664678][T12325] exit_to_user_mode_prepare+0xf6/0x180 [ 560.671180][T12325] syscall_exit_to_user_mode+0x1a/0x50 [ 560.677915][T12325] do_syscall_64+0x61/0xb0 [ 560.682636][T12325] ? clear_bhb_loop+0x40/0x90 [ 560.687487][T12325] ? clear_bhb_loop+0x40/0x90 [ 560.692414][T12325] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 560.698896][T12325] RIP: 0033:0x7f6c4304d9b0 [ 560.703976][T12325] Code: Unable to access opcode bytes at 0x7f6c4304d986. [ 560.711796][T12325] RSP: 002b:00007f6c43ffe6b8 EFLAGS: 00000206 [ 560.718031][T12325] RAX: 0000000000000000 RBX: 00007f6c43ffedb0 RCX: 00007f6c43185d67 [ 560.726379][T12325] RDX: 00007f6c43ffe6c0 RSI: 00007f6c43ffe7f0 RDI: 0000000000000011 [ 560.734792][T12325] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 560.743220][T12325] R10: 00000000ffffffff R11: 0000000000000206 R12: 0000000000000073 [ 560.751335][T12325] R13: 00007f6c43fffeb0 R14: 9999999999999999 R15: 0000000000000000 [ 560.759526][T12325] [ 560.762748][T12325] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 560.770170][T12325] CPU: 1 PID: 12325 Comm: syz.1.2802 Not tainted syzkaller #0 [ 560.777757][T12325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 560.787875][T12325] Call Trace: [ 560.791247][T12325] [ 560.794205][T12325] dump_stack_lvl+0x16c/0x230 [ 560.798997][T12325] ? show_regs_print_info+0x20/0x20 [ 560.804214][T12325] ? load_image+0x3b0/0x3b0 [ 560.808750][T12325] panic+0x2c0/0x710 [ 560.812765][T12325] ? bpf_jit_dump+0xd0/0xd0 [ 560.817388][T12325] __warn+0x2e0/0x470 [ 560.821414][T12325] ? perf_pending_task+0x35c/0x470 [ 560.826587][T12325] ? perf_pending_task+0x35c/0x470 [ 560.831859][T12325] report_bug+0x2be/0x4f0 [ 560.836239][T12325] ? perf_pending_task+0x35c/0x470 [ 560.841382][T12325] ? perf_pending_task+0x35c/0x470 [ 560.846518][T12325] ? perf_pending_task+0x35e/0x470 [ 560.851649][T12325] handle_bug+0xcf/0x120 [ 560.855987][T12325] exc_invalid_op+0x1a/0x50 [ 560.860584][T12325] asm_exc_invalid_op+0x1a/0x20 [ 560.865462][T12325] RIP: 0010:perf_pending_task+0x35c/0x470 [ 560.871209][T12325] Code: ff 84 db 75 14 e8 54 49 d6 ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 40 49 d6 ff e8 bb 4d 51 ff eb e5 e8 34 49 d6 ff <0f> 0b e9 f3 fe ff ff e8 28 49 d6 ff 48 c7 c7 30 d0 dc 8c 4c 89 f6 [ 560.891195][T12325] RSP: 0018:ffffc900189d7a00 EFLAGS: 00010293 [ 560.897281][T12325] RAX: ffffffff81af4e6c RBX: ffff88802e5116b0 RCX: ffff888026493c00 [ 560.905618][T12325] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 560.913968][T12325] RBP: 0000000000000001 R08: ffffffff8e4a7fef R09: 1ffffffff1c94ffd [ 560.922056][T12325] R10: dffffc0000000000 R11: fffffbfff1c94ffe R12: ffff888026493c00 [ 560.930134][T12325] R13: ffff88801e6e9130 R14: ffff88802e511470 R15: 1ffff11005ca228e [ 560.938158][T12325] ? perf_pending_task+0x35c/0x470 [ 560.943385][T12325] task_work_run+0x1ce/0x250 [ 560.948095][T12325] ? task_work_cancel+0x240/0x240 [ 560.954074][T12325] do_exit+0x90b/0x23c0 [ 560.958510][T12325] ? lock_chain_count+0x20/0x20 [ 560.963485][T12325] ? put_task_struct+0xc0/0xc0 [ 560.968296][T12325] ? asm_sysvec_irq_work+0x1a/0x20 [ 560.973543][T12325] ? lockdep_hardirqs_on+0x98/0x150 [ 560.979248][T12325] ? asm_sysvec_irq_work+0x1a/0x20 [ 560.984414][T12325] do_group_exit+0x21b/0x2d0 [ 560.989064][T12325] ? _raw_spin_unlock_irq+0x29/0x50 [ 560.994291][T12325] get_signal+0x12fc/0x1400 [ 560.998872][T12325] arch_do_signal_or_restart+0x96/0x780 [ 561.004484][T12325] ? get_sigframe_size+0x20/0x20 [ 561.009483][T12325] ? exit_to_user_mode_loop+0x3b/0x110 [ 561.015429][T12325] exit_to_user_mode_loop+0x70/0x110 [ 561.020752][T12325] exit_to_user_mode_prepare+0xf6/0x180 [ 561.026421][T12325] syscall_exit_to_user_mode+0x1a/0x50 [ 561.031912][T12325] do_syscall_64+0x61/0xb0 [ 561.036348][T12325] ? clear_bhb_loop+0x40/0x90 [ 561.041217][T12325] ? clear_bhb_loop+0x40/0x90 [ 561.045925][T12325] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 561.052017][T12325] RIP: 0033:0x7f6c4304d9b0 [ 561.056755][T12325] Code: Unable to access opcode bytes at 0x7f6c4304d986. [ 561.063779][T12325] RSP: 002b:00007f6c43ffe6b8 EFLAGS: 00000206 [ 561.070039][T12325] RAX: 0000000000000000 RBX: 00007f6c43ffedb0 RCX: 00007f6c43185d67 [ 561.079098][T12325] RDX: 00007f6c43ffe6c0 RSI: 00007f6c43ffe7f0 RDI: 0000000000000011 [ 561.087559][T12325] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 561.095916][T12325] R10: 00000000ffffffff R11: 0000000000000206 R12: 0000000000000073 [ 561.104369][T12325] R13: 00007f6c43fffeb0 R14: 9999999999999999 R15: 0000000000000000 [ 561.112394][T12325] [ 561.115802][T12325] Kernel Offset: disabled [ 561.120142][T12325] Rebooting in 86400 seconds..