last executing test programs: 3.745073272s ago: executing program 3 (id=2579): perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x91c, 0x4156, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xfffffffffffffffc, 0x1}, 0x18404, 0x0, 0xfffffffe, 0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000067dfb4a518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='contention_end\x00', r1}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f0000000880), 0x12) 3.742275932s ago: executing program 2 (id=2587): perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0xb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r0 = socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x10000002}]}, 0x94) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10) r4 = socket$kcm(0x2, 0x1, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r6) recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r4, 0x84, 0x64, &(0x7f0000000000)=r7, 0x10) 3.585778194s ago: executing program 3 (id=2580): r0 = socket$kcm(0x10, 0x2, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x48) r3 = perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x480283, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x7606}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r3, 0x2402, 0xa) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001ac0)={r2, 0x0, 0x0, 0x4}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x4, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x0, 0x2}]}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x30}, 0x28) ioctl$TUNSETOFFLOAD(r1, 0x4004743d, 0x110e22ffff) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 3.584144674s ago: executing program 0 (id=2589): r0 = socket$kcm(0x11, 0x2, 0x300) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x10000002}]}, 0x94) r1 = socket$kcm(0x11, 0x200000000000002, 0x300) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c40)={0xffffffffffffffff, 0xffffffffffffffff}) close(r3) recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0x12, &(0x7f0000000340)=r4, 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r6) recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0x12, &(0x7f00000008c0)=r7, 0x4) close(0x3) 3.500645656s ago: executing program 2 (id=2582): sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) r0 = socket$kcm(0x2, 0x5, 0x84) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b1b, &(0x7f0000000000)={'wlan1\x00', @random='\x00\x00\\ \x00'}) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x0, 0x0, 0xc}, {0x10000002, 0x0, 0x0, 0x2}]}, 0x94) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x6e, &(0x7f0000000000)=r3, 0x10) r4 = socket$kcm(0x2, 0x5, 0x84) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r4, 0x84, 0x72, &(0x7f0000000000)=r5, 0xc) 3.407374697s ago: executing program 0 (id=2583): perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x806, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r0 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r1 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r2 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43) write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[], 0xfdef) close(r2) recvmsg(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000002a80)=""/4096, 0xfdef}], 0x1}, 0x10021) 3.260522689s ago: executing program 0 (id=2584): bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00), 0x8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000071106600000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000fc0)={0xffffffffffffffff, r2, 0x0, r2}, 0x10) sendmsg$inet(r0, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000080)="3bfdd75fa5717852d59a9367444a2130e72cd4dabc8854532cca0c32a5b9f844a4610c7525650ce3d3b76b15026d93e6dee896115e9364066aa3d14e33ef732b4681335c576902153114bdb9c74b538a71115fb1d1a63d1b04129661b29aab89d0be999a6b7c9bea755adedbf305a79f70b71d3d4c98577b49db4963ce89b0def5e840f459659cb6f86d56b069a5de11d601d348ff88ca6e5e2cfe40176880b33e9e8dbc32ba2e6a99b1b50276dc4f06166000d7069a3cc76f", 0xb9}, {&(0x7f0000000180)="892950e2405ee8629d9384a90f16d1706a3e61f305119f95cac0f1927f4c205b971eb41147cb1f86883d6910e68ac3996551800b3ec64b77f8444b18345a2c8b178eeeba0cde7319a5a46bfe7f5770e019efd9d52069edcced33a758c4e657f3a792dc193a1911b4e82ea800ad7afe03c851a8", 0x73}, {&(0x7f0000000200)="a68cde0d56b170df7710b54f17d9a39c4f98f3547190", 0x20000216}, {&(0x7f0000000240)="45e04400f2b383517a08c397dd0a76e67ecfc8e74573c24dedd3a48fb62418c1412fdcd15e888cb0f5d02e77bfecefda6b064c0bb2b66a9a522e63873dde02330510255eec7dfa1af708cdab59fb71eca786a359a2c3b0cbad35144ec5b069c53f90e43339845dc7fd140c55b0149ab38eb27c140f374bcc2c95b0b121d1a9302f3a01b888243b3fc0d46f0de0", 0x8d}, {&(0x7f0000000300)="87fb74cf4d67adbbd062637f514c1f5eb18d7b442e6457a356c6cb1f71a43dfae773c8489cce5145f92615d4bdb13ef54d6ae90ec7733180fcf5adf3e13fdb05b57b748bd14eda042a97fdd84498304a504a0a159b972e8200c2d0f536a3465ec498ed12b924bd134057df36129d3ebe3dd3ce9f0671e5278143e4afa3d43f444681de1b5f9725fca34fa357fe2154981666fb9dc202fc17a0199eb1c25bdd1005e590e84783ee9894c888998dc25a83c14aeee31d114acfa0bcd235d571cd765f4b9259ba43e6fc30291d8a642146c4771898030b736aeee6b247abb0784b154e104e7dcda401f9b1736fea30a41a4153fe6a9a525bd0a3487571f914f05b590e242341ade289d8f5b842c6be4a93c2755dfd47174def782a2f8f61c068b5a012f02c0801601e860def788121e8808c01fed4c920a3698d0d684920918c95b17f76bbcb4f265c931d8f79560ff8114b70f4dd6791e2ed70cfeb89905791b88be26efe1c5c66b7b50b3d2be0dbc066dfc31618f9507f6f340b85a2f76a6dcac9d6ccc289ace5e5fecd25afe22ffa451f5e365ab33cc985f2e9d7f7fb1be4794740a94215d7db14b0ffcec19e5e3c5ae0d8578ef3b65d2a7a77a11e390a6c3a6b391061c886b961e3c2f42d62047bfe1356a44b840d3d956105f4c0fa95db08c4933f00de77cdc057c28b41fecfc8398c442be1ad065954f6c9dfeb2fd7207e8548a00a1d50bdf522d2abfdafd71723616a34830fbfa8fc81e0c2639cc12f363a4919b7a00ac8189dad3e7e54122a2ef430f623658d5e281c9a19442995bb9b0e3f7d13e3016b6f9523be196bf23bbcc5ec802f43ef8b651d688d9d5a44f35c9847e4c32bce3e9ebed2326adadc76f06a195db32c80b3090d7cd65c9d8518ba4e528c5eb5c7a1c5695b21595fa8a8621734bfda8afddd65e1f37a1990220a00fa9bd2c22b0117ceb08ae6af3c944c2eca924abfddad065d1472d0c3f742a49b1e78c669471873706ad157d831d7482b773f07b0673a6ce1e227a7a4d13744bf459434c0ab1c323a38b1a84cbf1ce9741f2b8fdcc2e073e56171603d035aacd83e71d5132831f4f1e8bf517979f132a33fd03783272e9b8c96dfa4e1d320a58d82acfc8d3d53a5a52daafe4dc8be08f4ad53e11cc21374b6ff4ff5ea2ecc5d3f7c057f74f0098e57d990090475cdaffdef0da917653ed10fb70b94b72e5b4d95cbea0fc1dd2579635ad6ab545ba4d7b6d2f5442bdb78beb6c8ed62942a439117025b4566b48d9f3a17fdf4577e8606a4bc4c26557e58312fd2d1a541ebec3e5ae28eef8b2ab0597083716dd12889335570ee7839530eee879d9b137606cd4dd7103991671b4464bb68529eb19fb7a8845e3491bfbac688a87cf0744f429ea112014402915c4c1f6bae08d689d3cb7d641d7befe8fc74a2242310a9a367a39531b4c86da5b39df524e52f33ff9c40b48cb196ffc9ca855b6e698ade8a83e52b9ddc5031ff09e1907e4f8b0d07e64e1fb8e427f8819a7be907aa216bf8e2a4c7cc87ed53bf9490d4cc788b91f3b9f705e984a7e62c7a495e8421b97c39dc954b35468f17c6682334f4e16308448f457faeffff6d1f818522fa441d3a48168bdb12ffebace436a3915b63076cb6a655718647f87eaaf313b5bbd430421eed3a2215e439600a56eac8c65291eb103326a8034662bd337ab51577d9110ec7151be5cc9c54b2a30891acac5ad006ed537dbeb8f16eecbde7cf4e71373faf3c36b772f6d7ea9346875c8cf1049d49d4f8eb01b946c11e8c8e3ab2015f282167acddcc77fff03e1be9134252af0abfe538b4d25fc4ff874b52b9fb0996b5f32b4141dbd30578ff46e13ef6c63fc1620f62cb11a3dce401993976c272a5f62fde3f2a0e654d19e7a39dcdb622b9526d2a15cc18e6f817c916a00775353dd9c8954e66d0445b59bb0f5e6e3b46447232f52a0e398b057d123ef503afcbd48544db6434d2025bfc8dab72262a4fa5426a03061e7f8966e0086ff8ab5a91ab59f19b830394ee8bc76d6fb4816b8f4cde35b7eb9d3811228d51c54828f97fd1e648196c81bc73ed56249a59f318704e84656a6cedd2b8c1e1808d1cc648749abc643131e494c01336d4a14b8609656f2c972dc23c5c2e43fe40119fb88b5ec2aade35c03646e347354c493de8ab3672ccf94af0df333c6678299129d79be0eec281c5b3858ce3995566a390b674635b356692e3e9c53a089638ba0d69e772b7b410a5ae03de12e7de755ee559e1707b7b8003aabc8e2ce03c01e3183ff2d93262f6d5ceaafecdae66bc7cb3952c5a6571d864d502f281db5a228695badca5d022fdb6da56ab15dc377d1c1f8581ff56e28c2b2a84edb629547d28275c2ed571103b4ca7cdeb0776ba9f9dffcd78d21c3d4caa9289ed199672f4e7b912068c49c817114c37d37ea03954bae87d1ddae3da2ad85feb2fbb735b75a51f7bee5c8d88cc7bf64700d1a46ec6b631ae22ac7b06730a86a26bdcb992e1c7b50142de96b14a8468e4514068a30896fc677fddefaebb125c693a8d460469c7fe535f844781940f66d6abd091191c3122d584f5b0f5b0d443713d7d5186124d73de28aca30b719d4a55e09d259bddbf16995aeb1000880890afbd24d4066b0398985a40999de22ce176348e1c1f57eaf75b92a1e4f1482e89a00ac2cc36b20e36af9ec310599c19a5b1d6f8fadba104c58c801c6633315f82ebfa88faddd0b693e2f827f586c1cc5538e93bcf10f81af6dd7ee727df3b5018c0b4e31e40d040a47503b6ace4d29a1162ce487351825255f5584aff7cbd421f85c3d9fbb3784abd9848f16028b68f0d32ed8bb80106e8cc4acb939ff88bd39976d166b2addebf628b3fcd056da2f60e1b90f7a32702954921908ebccb683622a1f574ceba6951bef5e751c338c8279318dc28e36b9fc2bb17c3ad08aceb00fc388e6db112a738f86a4a1eb11526e1b9d73250b326285ed47c4398d93a3933d9a784249b65ad7d78a1f81d96ef36493ed693045a2150a8eb43cecc0c93e7d20b15b39a0646b081c2923b816365b7fbb41683a41732d942c5aa12faf876ec7f036becde8f3295af6dacff38d076d8e06260fee167703bb610745374a2758a6b88e465ca77d1f3105ae8b6b04a1eb509fb178d6249dbbc84d5d1d069278449a89d03e4a9a395d8170c329a296cfc329798cb9b9f1078d098cf3f989fd4ec53e013fbe917df35292d44fb1f3da4da4432a1847d4721514ade8cda5e5c0b51183580fc35266a970ebba74faeda56d4dcb56df51f96ad237452cedbd0cb2bee112713c3d450835811bf3da9745136d428e148fd0932dc77c8d8e61a16c625241fad8425b4ece394eedd5f165bd94923bfa1172be8edc8a4fcaae5f77ee8cc510192b27964da09c3e84efb4bc7154da1a24da8b7e544b42278d2574687ec76143afa6cf193d52a2a7f4c20ee57b6056a1337d5e408117a6cf1ab49c8980f39597f69902085d3e8d374d44e6ab4ed1185a26be2bc7281e9cfbbeb6bed899aa1924d3faa06d95999fbeaf2337494e0c2c39eef5a73fcde84459a9ea48d4e015d9e5bb5839354967ce02f637bc8678d2595b9a918fc36b927d7501f0ac2e3471ce02b5df355689c87f191ef5390900a41deec29984e45a878ece964b0009aad561316fc3b30ce1b49266d32eb17cd30f3e17e1f59014e8c518940dd0a093d1349c1a7c2581963bbe0ba372b6426e81c33c71b2ec8141c5713e52a37fff0a417a5b259e1420d9fb6a731f5baa0cc494221947895aa8fa14745a986a366bff9d0c239a19f85372497565b5b703da16439019df5f3d29f4247fb528854c9648630f03e9dedde5a08a47728ea6a4d42e62eff6fa3bd402325e0f4387b60171c37c180f958ad80955779c899517e7ea76eed00598e01552eaaf08b723daf9d466e8c57af43a15a46528b1119f5074aa3c51f77357ebe158275bc06b89640d7ce3c0a03af01418d7dc6ae8a1be8ab08c1722d66d1e9277480b8b178447667c024f9b78f8a878a2d7cf8e83e5104f6964b2907a989abafc7d7d0df941abf3d7283b6a11d46c2911a42182ec27ab785d92946e1ee8ef44846d561850d2a98c305c382f36d4cfc9b2bfd3b86ef21a0d187adcafbec8268c7d662a34dda1c83c4967097743133bc8c587edf249f5668c34ddb112fa4eb1bea9c8f6a000f1f34428b54688a5e214a7919868b25dbe930e86a243ecf54afe0b518c647d04873d2cf62cb2ab27f00015537a4fd2ea3dc8777abdf3284622347016566da0b9c406ca8c40694e4013a53fbf2e803d51b0bbe5e9df5fc74f66be618856357ccf803c53ed0e3b3fe79f69f0ede9b565d8f7a8ce5aa8cbb4e8fa61be3fd00ffb07e45065498925c14c0b311942d4ed951ad6237aadb5405bc7b2d79e1fd295b7c2ed8efa883e44c86a5053e2f421c6d4dc0c47d3a05d911db37d6efdb8e50fb3f06139ac147bc7162c21aece79eaf72e9779f19eb5395cec3d15a7594ea70a6b373d98651d2215b210f037ea3f8a57ded74474f6fdb64a08b56af52168da70b30aee03472cd8bee5af04cad7303004a4aba464b99", 0xcb3}], 0x5, &(0x7f0000001480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private, @multicast1}}}], 0x20}, 0x0) recvmsg$unix(r1, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001040)=[{&(0x7f00000015c0)=""/4096, 0x7ffff000}], 0x1}, 0x40000100) 3.248559149s ago: executing program 3 (id=2585): perf_event_open$cgroup(&(0x7f00000003c0)={0x2, 0x80, 0x13, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4060, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x6a04, 0x8, 0x3, 0x0, 0x0, 0x2}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x40) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_procs(r0, 0x0, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000210018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000807b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r2}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x7, 0x4, 0x8, 0x7, 0x14, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffd}, 0x50) 3.20847877s ago: executing program 1 (id=2586): perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2b, 0x1, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x200048cc) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x22a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x4, 0x4, 0x4, 0x8001, 0x808, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) close(r0) 3.136918221s ago: executing program 3 (id=2588): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xe82, 0x0) close(r1) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x19, 0x4, 0x4, 0x20002, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c0000000400000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r3}, 0x10) 2.962521634s ago: executing program 1 (id=2590): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000000400000000000000008500000030000000180100002020702500000000002020207b1af8ff00000000"], &(0x7f0000000080)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf, 0x5}, 0x100e64, 0xc78, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000003c0), 0x4) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x65, 0xa, 0x0, 0x0, 0x700, 0x61, 0x11, 0x38}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0x18, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a00)={0xffffffffffffffff, 0x0, 0x3f, 0x0, &(0x7f0000000580)="473eeb8bad2e2d2e344ed4823bdd2bccc754b1b4ac7a6542a0f36937f95685f4b66bccd9be1ae85467d6bd243c06db909d23ba075c007541ddafa1441bfe17", 0x0, 0x5, 0x0, 0xbc, 0x78, &(0x7f0000000740)="8253888b07d0c374d1e6419d88488097fe2834958d430e2caf61829695c36c22dae76848bd97713b14f83ed2955f33d95ec05f3746d1e96af0fe9031c306394fd7ce0054305151e23232158cc237a5548af1055ae162134f7886a7548b6fed6e7ff6189e8a6739540bc6d5a27f5607edd37fc907321e672c55f7adf4d15dabebfd1c502989c255cbb1313e169fd640907aacb3f4ccbcfdf6779599146203a84bd319648a5fef3502ff86712e9c76694308793b9e5e2c429de6aa5367", &(0x7f0000000900)="34dd382ce11870e904ec3ae6afdfe3e180ce8701d2d14979d3ec1b0033a9e55c97d61a4533de71b438882f7b688d04730a7dd11872bdc9f6613c4643b8058bcc7ed97a8d53c2ec509d78e2b11ae2c8f97b5a1f8e2c8e6656c21a940990600091f01e1a6984c8848094d769324b6e5482c8aa794e2a54f623", 0x2, 0x0, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xe, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sk_skb=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) 2.707853178s ago: executing program 1 (id=2591): perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x91c, 0x4156, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xfffffffffffffffc, 0x1}, 0x18404, 0x0, 0xfffffffe, 0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000067dfb4a518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='contention_end\x00', r1}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f0000000880), 0x12) 2.034773028s ago: executing program 0 (id=2592): socket$kcm(0x10, 0x2, 0x10) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="18010000200000000000000000000000850000006d0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008230000b7040000000000008500000001000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000060ff850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) syz_clone(0x108200, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = perf_event_open$cgroup(&(0x7f00000011c0)={0x3, 0x80, 0x4, 0x3, 0x61, 0x76, 0x0, 0xfffffffffffffff9, 0x8000, 0x2, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001140), 0xb}, 0x412, 0xdcc8, 0x5, 0x2, 0x81, 0x10000, 0x1, 0x0, 0x81, 0x0, 0x4c}, 0xffffffffffffffff, 0xf, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xde, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1000}, 0x108800}, 0x0, 0xffffffffffffffff, r2, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848360000005e140602000000000e000a00100000000a8000001294", 0x2e}], 0x1}, 0x0) 2.034522058s ago: executing program 1 (id=2593): perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0xb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r0 = socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x10000002}]}, 0x94) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10) r4 = socket$kcm(0x2, 0x1, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r6) recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r4, 0x84, 0x64, &(0x7f0000000000)=r7, 0x10) 2.034323178s ago: executing program 2 (id=2594): r0 = socket$kcm(0x11, 0x2, 0x300) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x10000002}]}, 0x94) r1 = socket$kcm(0x11, 0x200000000000002, 0x300) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c40)={0xffffffffffffffff, 0xffffffffffffffff}) close(r3) recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0x12, &(0x7f0000000340)=r4, 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r6) recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0x12, &(0x7f00000008c0)=r7, 0x4) close(0x3) 1.959910809s ago: executing program 2 (id=2595): perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x806, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r0 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r1 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r2 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43) write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[], 0xfdef) close(r2) recvmsg(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000002a80)=""/4096, 0xfdef}], 0x1}, 0x10021) 1.818270412s ago: executing program 1 (id=2596): r0 = socket$kcm(0x10, 0x2, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x48) r3 = perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x480283, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x7606}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r3, 0x2402, 0xa) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001ac0)={r2, 0x0, 0x0, 0x4}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x4, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x0, 0x2}]}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x30}, 0x28) ioctl$TUNSETOFFLOAD(r1, 0x4004743d, 0x110e22ffff) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 1.784949132s ago: executing program 2 (id=2597): perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0x200000000000002, 0x300) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) socket$kcm(0x11, 0x200000000000002, 0x300) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) socket$kcm(0x11, 0x2, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8481f0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) 287.272556ms ago: executing program 3 (id=2598): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r3}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, &(0x7f0000000040)=""/155, 0x1000000, 0x9b, 0x1}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x401}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r5, 0x0, 0xfdef) 124.170708ms ago: executing program 0 (id=2599): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, 0x0, 0x0) sendmsg$inet(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="bb204ce418bce1d51ccf970aea9d6c48c7e65218a4fb00d2abb46c8b95bdd303a8dd", 0x22}, {0x0}], 0x2, &(0x7f0000000600)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x7}}, @ip_ttl={{0x14, 0x0, 0x2, 0x3a04}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @loopback, @remote}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x8}}], 0x68}, 0x44) close(0x3) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x202}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f00000002c0)}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="8500000002"], 0x0}, 0x94) ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000000)=0x3b) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'netdevsim0\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8946, &(0x7f0000000080)) 888.52µs ago: executing program 0 (id=2600): perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x91c, 0x4156, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0xfffffffffffffffc, 0x1}, 0x18404, 0x0, 0xfffffffe, 0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000067dfb4a518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='contention_end\x00', r1}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f0000000880), 0x12) 510.98µs ago: executing program 1 (id=2601): sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) r0 = socket$kcm(0x2, 0x5, 0x84) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b1b, &(0x7f0000000000)={'wlan1\x00', @random='\x00\x00\\ \x00'}) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x0, 0x0, 0xc}, {0x10000002, 0x0, 0x0, 0x2}]}, 0x94) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x6e, &(0x7f0000000000)=r3, 0x10) r4 = socket$kcm(0x2, 0x5, 0x84) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r4, 0x84, 0x72, &(0x7f0000000000)=r5, 0xc) 266.44µs ago: executing program 2 (id=2602): r0 = socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x2}]}, 0x94) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) close(r0) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) r4 = socket$kcm(0x2, 0x1, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r6) recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r4, 0x84, 0x64, &(0x7f0000000000)=r7, 0x10) setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10) 0s ago: executing program 3 (id=2603): r0 = socket$kcm(0x11, 0x2, 0x300) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x10000002}]}, 0x94) r1 = socket$kcm(0x11, 0x200000000000002, 0x300) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c40)={0xffffffffffffffff, 0xffffffffffffffff}) close(r3) recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0x12, &(0x7f0000000340)=r4, 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r6) recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0x12, &(0x7f00000008c0)=r7, 0x4) close(0x3) kernel console output (not intermixed with test programs): wn hosts. syzkaller login: [ 81.262275][ T5774] cgroup: Unknown subsys name 'net' [ 81.425962][ T5774] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.276166][ T5774] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 84.847141][ T5787] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.859163][ T5797] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.867060][ T5797] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.875045][ T5797] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.883825][ T5799] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.898723][ T5799] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.918171][ T5799] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.924291][ T5798] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.928232][ T5799] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.934035][ T5798] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.947831][ T5798] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.957640][ T5798] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.965854][ T5798] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 84.971313][ T5797] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.973959][ T5798] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 84.988368][ T5801] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.998826][ T5798] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.007207][ T5798] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.014521][ T5801] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.021857][ T5799] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.024195][ T5801] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.037262][ T50] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.037281][ T5801] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.051772][ T50] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.596999][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 85.662711][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 85.674673][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 85.796475][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 85.808305][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.815542][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.823474][ T5784] bridge_slave_0: entered allmulticast mode [ 85.831794][ T5784] bridge_slave_0: entered promiscuous mode [ 85.865898][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.873293][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.880773][ T5784] bridge_slave_1: entered allmulticast mode [ 85.887857][ T5784] bridge_slave_1: entered promiscuous mode [ 85.982622][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.989924][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.997119][ T5790] bridge_slave_0: entered allmulticast mode [ 86.004323][ T5790] bridge_slave_0: entered promiscuous mode [ 86.013313][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.020643][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.027808][ T5785] bridge_slave_0: entered allmulticast mode [ 86.037056][ T5785] bridge_slave_0: entered promiscuous mode [ 86.044724][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.052078][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.059450][ T5785] bridge_slave_1: entered allmulticast mode [ 86.066457][ T5785] bridge_slave_1: entered promiscuous mode [ 86.091991][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.099202][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.106397][ T5790] bridge_slave_1: entered allmulticast mode [ 86.114010][ T5790] bridge_slave_1: entered promiscuous mode [ 86.139050][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.183442][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.227612][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.275358][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.286797][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.300552][ T5784] team0: Port device team_slave_0 added [ 86.307044][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.314797][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.322275][ T5788] bridge_slave_0: entered allmulticast mode [ 86.329368][ T5788] bridge_slave_0: entered promiscuous mode [ 86.339115][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.371495][ T5784] team0: Port device team_slave_1 added [ 86.381808][ T5785] team0: Port device team_slave_0 added [ 86.388325][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.395474][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.403215][ T5788] bridge_slave_1: entered allmulticast mode [ 86.410294][ T5788] bridge_slave_1: entered promiscuous mode [ 86.444203][ T5785] team0: Port device team_slave_1 added [ 86.541154][ T5790] team0: Port device team_slave_0 added [ 86.551464][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.561630][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.569165][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.595527][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.608457][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.615430][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.642085][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.656053][ T5790] team0: Port device team_slave_1 added [ 86.675437][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.696486][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.703653][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.729728][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.748353][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.755332][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.783411][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.824422][ T5788] team0: Port device team_slave_0 added [ 86.836070][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.843775][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.874397][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.906101][ T5788] team0: Port device team_slave_1 added [ 86.939359][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.946435][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.973284][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.013191][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.020386][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.046417][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.071027][ T5784] hsr_slave_0: entered promiscuous mode [ 87.077642][ T5784] hsr_slave_1: entered promiscuous mode [ 87.104772][ T5102] Bluetooth: hci2: command tx timeout [ 87.106623][ T50] Bluetooth: hci3: command tx timeout [ 87.111054][ T5787] Bluetooth: hci1: command tx timeout [ 87.117847][ T5801] Bluetooth: hci0: command tx timeout [ 87.128682][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.135656][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.162313][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.201623][ T5785] hsr_slave_0: entered promiscuous mode [ 87.211364][ T5785] hsr_slave_1: entered promiscuous mode [ 87.217766][ T5785] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.226370][ T5785] Cannot create hsr debugfs directory [ 87.261122][ T5790] hsr_slave_0: entered promiscuous mode [ 87.267507][ T5790] hsr_slave_1: entered promiscuous mode [ 87.275262][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.283614][ T5790] Cannot create hsr debugfs directory [ 87.394389][ T5788] hsr_slave_0: entered promiscuous mode [ 87.402672][ T5788] hsr_slave_1: entered promiscuous mode [ 87.409430][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.417013][ T5788] Cannot create hsr debugfs directory [ 87.790244][ T5784] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 87.804337][ T5784] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 87.816041][ T5784] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 87.829156][ T5784] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 87.917189][ T5785] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 87.936734][ T5785] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 87.946643][ T5785] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 87.965745][ T5785] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.071055][ T5790] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.083139][ T5790] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.093979][ T5790] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.106031][ T5790] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.148935][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.254553][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.262439][ T5788] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.277181][ T5788] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.289044][ T5788] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.303844][ T5788] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.353177][ T3461] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.360596][ T3461] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.387126][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.394324][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.442672][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.491288][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.512742][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.519956][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.566996][ T3461] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.574188][ T3461] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.596853][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.621898][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.660606][ T3461] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.667739][ T3461] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.714053][ T3461] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.721379][ T3461] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.834048][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.902592][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.944728][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.951985][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.972823][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.980062][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.003789][ T5790] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.087348][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.173651][ T5788] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 89.184485][ T5801] Bluetooth: hci2: command tx timeout [ 89.184552][ T5801] Bluetooth: hci3: command tx timeout [ 89.189494][ T5787] Bluetooth: hci0: command tx timeout [ 89.201836][ T5801] Bluetooth: hci1: command tx timeout [ 89.209046][ T5788] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.285629][ T5784] veth0_vlan: entered promiscuous mode [ 89.337020][ T5784] veth1_vlan: entered promiscuous mode [ 89.391853][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.490750][ T5784] veth0_macvtap: entered promiscuous mode [ 89.527384][ T5784] veth1_macvtap: entered promiscuous mode [ 89.571018][ T5785] veth0_vlan: entered promiscuous mode [ 89.584426][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.603323][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.620451][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.641886][ T5785] veth1_vlan: entered promiscuous mode [ 89.661657][ T5784] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.671437][ T5784] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.681158][ T5784] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.692335][ T5784] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.742027][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.793212][ T5785] veth0_macvtap: entered promiscuous mode [ 89.813541][ T5785] veth1_macvtap: entered promiscuous mode [ 89.912862][ T5790] veth0_vlan: entered promiscuous mode [ 89.930524][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.939676][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.949042][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.960679][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.972120][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.998660][ T5788] veth0_vlan: entered promiscuous mode [ 90.006418][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.017402][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.032259][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.067592][ T5788] veth1_vlan: entered promiscuous mode [ 90.085226][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.094499][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.099759][ T5785] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.112035][ T5785] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.123391][ T5785] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.132430][ T5785] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.147752][ T5790] veth1_vlan: entered promiscuous mode [ 90.252798][ T5790] veth0_macvtap: entered promiscuous mode [ 90.304241][ T5790] veth1_macvtap: entered promiscuous mode [ 90.407329][ T5788] veth0_macvtap: entered promiscuous mode [ 90.424376][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.435230][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.445374][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.456852][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.472028][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.487651][ T5788] veth1_macvtap: entered promiscuous mode [ 90.504602][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.514228][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.515112][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.534986][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.551797][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.563976][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.577027][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.651576][ T5790] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.662023][ T5790] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.672381][ T5790] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.681981][ T5790] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.700050][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.712466][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.722907][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.735112][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.747555][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.758897][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.790847][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.839820][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.854244][ T3461] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.854873][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.870908][ T3461] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.875440][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.891435][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.901570][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.912243][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.923703][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.046674][ T5788] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.063276][ T5788] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.077731][ T5788] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.091504][ T5788] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.262537][ T5801] Bluetooth: hci1: command tx timeout [ 91.268079][ T5801] Bluetooth: hci3: command tx timeout [ 91.268102][ T5102] Bluetooth: hci2: command tx timeout [ 91.273603][ T5787] Bluetooth: hci0: command tx timeout [ 91.493069][ T5891] netlink: 'syz.2.8': attribute type 2 has an invalid length. [ 91.507542][ T5891] netlink: 17267 bytes leftover after parsing attributes in process `syz.2.8'. [ 91.954743][ T5897] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.11'. [ 91.974197][ T5897] netlink: zone id is out of range [ 91.986373][ T5897] netlink: del zone limit has 8 unknown bytes [ 92.152008][ T23] cfg80211: failed to load regulatory.db [ 92.731281][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.752693][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.869741][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.877638][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.948133][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.964446][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.091366][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.124961][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.176846][ T5909] syz.0.15: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 93.232348][ T5909] CPU: 0 PID: 5909 Comm: syz.0.15 Not tainted 6.6.99-syzkaller #0 [ 93.240277][ T5909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 93.250388][ T5909] Call Trace: [ 93.253709][ T5909] [ 93.256685][ T5909] dump_stack_lvl+0x16c/0x230 [ 93.261429][ T5909] ? show_regs_print_info+0x20/0x20 [ 93.266673][ T5909] ? load_image+0x3b0/0x3b0 [ 93.271277][ T5909] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 93.277719][ T5909] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 93.284258][ T5909] warn_alloc+0x210/0x300 [ 93.288651][ T5909] ? stack_trace_save+0x9c/0xe0 [ 93.293578][ T5909] ? zone_watermark_ok_safe+0x230/0x230 [ 93.299177][ T5909] ? kasan_set_track+0x5f/0x70 [ 93.304010][ T5909] ? kasan_set_track+0x4e/0x70 [ 93.308793][ T5909] ? __kasan_kmalloc+0x8f/0xa0 [ 93.313616][ T5909] ? xsk_init_queue+0xb0/0x110 [ 93.318407][ T5909] ? xsk_setsockopt+0x4db/0x6f0 [ 93.323280][ T5909] ? do_sock_setsockopt+0x175/0x1a0 [ 93.328499][ T5909] ? __x64_sys_setsockopt+0x184/0x200 [ 93.333900][ T5909] __vmalloc_node_range+0x126/0x1320 [ 93.339228][ T5909] ? free_vm_area+0x50/0x50 [ 93.343760][ T5909] vmalloc_user+0x74/0x80 [ 93.348115][ T5909] ? xskq_create+0xbf/0x170 [ 93.352638][ T5909] xskq_create+0xbf/0x170 [ 93.356976][ T5909] xsk_init_queue+0xb0/0x110 [ 93.361591][ T5909] xsk_setsockopt+0x4db/0x6f0 [ 93.366301][ T5909] ? xsk_poll+0x670/0x670 [ 93.370652][ T5909] ? __fget_files+0x28/0x4d0 [ 93.375260][ T5909] ? aa_sock_opt_perm+0x74/0x100 [ 93.380234][ T5909] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 93.385797][ T5909] ? security_socket_setsockopt+0x7e/0xa0 [ 93.391531][ T5909] ? xsk_poll+0x670/0x670 [ 93.395878][ T5909] do_sock_setsockopt+0x175/0x1a0 [ 93.400918][ T5909] ? __fdget+0x180/0x210 [ 93.405179][ T5909] __x64_sys_setsockopt+0x184/0x200 [ 93.410404][ T5909] do_syscall_64+0x55/0xb0 [ 93.414833][ T5909] ? clear_bhb_loop+0x40/0x90 [ 93.419524][ T5909] ? clear_bhb_loop+0x40/0x90 [ 93.424389][ T5909] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 93.430299][ T5909] RIP: 0033:0x7f49a038e9a9 [ 93.434748][ T5909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.454375][ T5909] RSP: 002b:00007f49a115c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 93.462808][ T5909] RAX: ffffffffffffffda RBX: 00007f49a05b6080 RCX: 00007f49a038e9a9 [ 93.470784][ T5909] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000004 [ 93.479019][ T5909] RBP: 00007f49a0410d69 R08: 0000000000000004 R09: 0000000000000000 [ 93.487008][ T5909] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 93.494999][ T5909] R13: 0000000000000001 R14: 00007f49a05b6080 R15: 00007ffe3b471e98 [ 93.503006][ T5909] [ 93.520107][ T5787] Bluetooth: hci0: command tx timeout [ 93.525609][ T5787] Bluetooth: hci3: command tx timeout [ 93.531390][ T5787] Bluetooth: hci1: command tx timeout [ 93.536841][ T5787] Bluetooth: hci2: command tx timeout [ 93.568939][ T5102] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10 [ 93.568975][ T5102] Bluetooth: unknown link type 88 [ 93.583328][ T5102] Bluetooth: hci1: connection err: -111 [ 93.589701][ T5909] Mem-Info: [ 93.592889][ T5909] active_anon:5175 inactive_anon:0 isolated_anon:0 [ 93.592889][ T5909] active_file:643 inactive_file:39820 isolated_file:0 [ 93.592889][ T5909] unevictable:768 dirty:298 writeback:0 [ 93.592889][ T5909] slab_reclaimable:9840 slab_unreclaimable:92774 [ 93.592889][ T5909] mapped:23784 shmem:1361 pagetables:534 [ 93.592889][ T5909] sec_pagetables:0 bounce:0 [ 93.592889][ T5909] kernel_misc_reclaimable:0 [ 93.592889][ T5909] free:1365064 free_pcp:10200 free_cma:0 [ 93.690877][ T5909] Node 0 active_anon:20800kB inactive_anon:0kB active_file:2772kB inactive_file:159076kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:95136kB dirty:1184kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11288kB pagetables:2236kB sec_pagetables:0kB all_unreclaimable? no [ 93.726023][ T5909] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 93.762956][ T5909] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 93.792596][ T5909] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 93.799894][ T5909] Node 0 DMA32 free:1555740kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:20848kB inactive_anon:0kB active_file:2972kB inactive_file:157764kB unevictable:1536kB writepending:1180kB present:3129332kB managed:2589600kB mlocked:0kB bounce:0kB free_pcp:16928kB local_pcp:2656kB free_cma:0kB [ 93.849178][ T5909] lowmem_reserve[]: 0 0 1 1 1 [ 93.856478][ T5909] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:4kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 93.907305][ T5909] lowmem_reserve[]: 0 0 0 0 0 [ 93.914820][ T5909] Node 1 Normal free:3888892kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:8kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:23048kB local_pcp:13668kB free_cma:0kB [ 94.017829][ T5909] lowmem_reserve[]: 0 0 0 0 0 [ 94.037095][ T5909] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 94.072797][ T5909] Node 0 DMA32: 173*4kB (UME) 363*8kB (UM) 65*16kB (UM) 60*32kB (M) 14*64kB (UME) 7*128kB (UM) 7*256kB (UME) 9*512kB (M) 4*1024kB (UM) 4*2048kB (M) 373*4096kB (M) = 1554844kB [ 94.103167][ C1] hrtimer: interrupt took 60246 ns [ 94.108047][ T5909] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 94.144151][ T5909] Node 1 Normal: 241*4kB (UME) 59*8kB (UME) 44*16kB (UME) 47*32kB (UME) 25*64kB (UME) 9*128kB (UME) 2*256kB (ME) 0*512kB 1*1024kB (E) 1*2048kB (E) 947*4096kB (UM) = 3888892kB [ 94.229480][ T5909] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 94.277033][ T5909] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 94.333753][ T5909] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 94.432977][ T5909] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 94.469525][ T5909] 41942 total pagecache pages [ 94.474271][ T5909] 0 pages in swap cache [ 94.498975][ T5909] Free swap = 124996kB [ 94.503206][ T5909] Total swap = 124996kB [ 94.507410][ T5909] 2097051 pages RAM [ 94.512659][ T5909] 0 pages HighMem/MovableOnly [ 94.517387][ T5909] 416137 pages reserved [ 94.558096][ T5909] 0 pages cma reserved [ 98.229455][ T5102] Bluetooth: hci2: Malformed LE Event: 0x0d [ 98.429394][ T5962] warning: `syz.2.35' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 101.362698][ T5976] netlink: 172 bytes leftover after parsing attributes in process `syz.3.42'. [ 101.529717][ T5102] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 101.969031][ T5998] netlink: 539 bytes leftover after parsing attributes in process `syz.3.52'. [ 103.578240][ T5102] Bluetooth: hci0: command tx timeout [ 106.851060][ T6063] netlink: 61211 bytes leftover after parsing attributes in process `syz.1.87'. [ 107.872503][ T6094] netlink: 'syz.1.91': attribute type 2 has an invalid length. [ 107.908123][ T6094] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.91'. [ 108.498101][ T6112] syzkaller0: entered promiscuous mode [ 108.503653][ T6112] syzkaller0: entered allmulticast mode [ 109.080480][ T6131] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.105'. [ 109.832517][ T6150] syz.2.114[6150] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 109.832677][ T6150] syz.2.114[6150] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 113.663422][ T5102] Bluetooth: hci0: unknown advertising packet type: 0x6c [ 113.675184][ T5102] Bluetooth: hci0: Malformed LE Event: 0x02 [ 114.218357][ T5102] Bluetooth: hci0: Malformed LE Event: 0x0d [ 114.561726][ T6229] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 115.938297][ T5102] Bluetooth: hci0: unexpected subevent 0x03 length: 150 > 9 [ 116.006327][ T6248] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.156'. [ 116.619031][ T6268] netlink: 'syz.0.172': attribute type 10 has an invalid length. [ 116.639051][ T6268] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 116.694651][ T6269] netlink: 'syz.3.164': attribute type 10 has an invalid length. [ 116.724794][ T6269] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 116.889524][ T6275] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 116.915475][ T6275] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 116.929978][ T6275] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 116.941285][ T6275] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 117.510703][ T6292] syzkaller0: entered promiscuous mode [ 117.517018][ T6292] syzkaller0: entered allmulticast mode [ 117.535041][ T6292] PF_CAN: dropped non conform CAN FD skbuff: dev type 280, len 65487 [ 117.735382][ T6299] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1 [ 117.850698][ T6298] netlink: 'syz.3.171': attribute type 8 has an invalid length. [ 117.884046][ T6298] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.171'. [ 128.693337][ T6378] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 128.700312][ T6378] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 129.771029][ T6398] syzkaller0: entered promiscuous mode [ 129.798231][ T6398] syzkaller0: entered allmulticast mode [ 132.024997][ T6427] syzkaller0: entered promiscuous mode [ 132.045136][ T6427] syzkaller0: entered allmulticast mode [ 133.114476][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.125153][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.671433][ T6445] netlink: 'syz.1.239': attribute type 3 has an invalid length. [ 133.679287][ T6445] netlink: 'syz.1.239': attribute type 1 has an invalid length. [ 133.698022][ T6445] netlink: 60387 bytes leftover after parsing attributes in process `syz.1.239'. [ 133.943915][ T6453] netlink: 'syz.3.251': attribute type 3 has an invalid length. [ 133.957515][ T6453] netlink: 'syz.3.251': attribute type 1 has an invalid length. [ 133.975747][ T6453] netlink: 60387 bytes leftover after parsing attributes in process `syz.3.251'. [ 134.091259][ T6458] syzkaller0: entered promiscuous mode [ 134.097789][ T6458] syzkaller0: entered allmulticast mode [ 135.886026][ T6478] syzkaller0: entered promiscuous mode [ 135.910063][ T6478] syzkaller0: entered allmulticast mode [ 135.945992][ T6483] netlink: 'syz.2.255': attribute type 3 has an invalid length. [ 135.962692][ T6483] netlink: 'syz.2.255': attribute type 1 has an invalid length. [ 135.973353][ T6483] netlink: 60387 bytes leftover after parsing attributes in process `syz.2.255'. [ 136.806880][ T5102] Bluetooth: hci1: Dropping invalid advertising data [ 136.814621][ T5102] Bluetooth: hci1: unknown advertising packet type: 0xff [ 136.814651][ T5102] Bluetooth: hci1: Malformed LE Event: 0x02 [ 138.587334][ T5102] Bluetooth: hci2: Dropping invalid advertising data [ 138.595171][ T5102] Bluetooth: hci2: unknown advertising packet type: 0xff [ 138.595203][ T5102] Bluetooth: hci2: Malformed LE Event: 0x02 [ 138.676693][ T6528] syzkaller0: entered promiscuous mode [ 138.682443][ T6528] syzkaller0: entered allmulticast mode [ 138.745154][ T6530] netlink: 132 bytes leftover after parsing attributes in process `syz.1.272'. [ 138.778568][ T6530] netlink: 132 bytes leftover after parsing attributes in process `syz.1.272'. [ 139.907725][ T6542] netlink: 'syz.0.278': attribute type 3 has an invalid length. [ 139.920258][ T6542] netlink: 'syz.0.278': attribute type 4 has an invalid length. [ 139.936357][ T6542] netlink: 'syz.0.278': attribute type 7 has an invalid length. [ 139.944243][ T6542] netlink: 'syz.0.278': attribute type 8 has an invalid length. [ 139.951964][ T6542] netlink: 'syz.0.278': attribute type 7 has an invalid length. [ 139.962242][ T6542] netlink: 198048 bytes leftover after parsing attributes in process `syz.0.278'. [ 141.068761][ T5102] Bluetooth: hci2: Dropping invalid advertising data [ 141.076384][ T5102] Bluetooth: hci2: unknown advertising packet type: 0xff [ 141.076414][ T5102] Bluetooth: hci2: Malformed LE Event: 0x02 [ 141.387033][ T6563] netlink: 132 bytes leftover after parsing attributes in process `syz.2.286'. [ 141.459583][ T6563] netlink: 132 bytes leftover after parsing attributes in process `syz.2.286'. [ 142.311669][ T6573] netlink: 'syz.3.292': attribute type 3 has an invalid length. [ 142.341086][ T6573] netlink: 'syz.3.292': attribute type 4 has an invalid length. [ 142.382290][ T6573] netlink: 'syz.3.292': attribute type 7 has an invalid length. [ 142.418073][ T6573] netlink: 'syz.3.292': attribute type 8 has an invalid length. [ 142.425868][ T6573] netlink: 'syz.3.292': attribute type 7 has an invalid length. [ 142.437194][ T6573] netlink: 198048 bytes leftover after parsing attributes in process `syz.3.292'. [ 144.381337][ T6600] netlink: 132 bytes leftover after parsing attributes in process `syz.0.299'. [ 144.593543][ T6600] netlink: 132 bytes leftover after parsing attributes in process `syz.0.299'. [ 146.450919][ T6633] netlink: 132 bytes leftover after parsing attributes in process `syz.3.316'. [ 146.510094][ T6633] netlink: 132 bytes leftover after parsing attributes in process `syz.3.316'. [ 149.307416][ T5102] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3 [ 155.418180][ T5787] Bluetooth: hci2: command 0x0406 tx timeout [ 163.334843][ T6824] syz.2.393[6824] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 163.335097][ T6824] syz.2.393[6824] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 163.763930][ T6830] syzkaller0: entered promiscuous mode [ 163.833486][ T6830] syzkaller0: entered allmulticast mode [ 164.406712][ T6853] syz.1.407[6853] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 164.406998][ T6853] syz.1.407[6853] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 171.067673][ T6933] syzkaller0: entered promiscuous mode [ 171.084698][ T6933] syzkaller0: entered allmulticast mode [ 175.373719][ T7011] netlink: 'syz.3.469': attribute type 2 has an invalid length. [ 175.391706][ T7011] netlink: 17267 bytes leftover after parsing attributes in process `syz.3.469'. [ 175.649005][ T7017] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.473'. [ 175.661928][ T7017] netlink: zone id is out of range [ 175.667801][ T7017] netlink: del zone limit has 8 unknown bytes [ 177.489237][ T5102] Bluetooth: hci3: unexpected event 0x04 length: 15 > 10 [ 177.489282][ T5102] Bluetooth: unknown link type 88 [ 177.502168][ T5102] Bluetooth: hci3: connection err: -111 [ 177.606167][ T7043] netlink: 'syz.1.482': attribute type 2 has an invalid length. [ 177.614408][ T7043] netlink: 17267 bytes leftover after parsing attributes in process `syz.1.482'. [ 178.198065][ T7056] warn_alloc: 1 callbacks suppressed [ 178.198081][ T7056] syz.3.488: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 178.299297][ T7056] CPU: 0 PID: 7056 Comm: syz.3.488 Not tainted 6.6.99-syzkaller #0 [ 178.307287][ T7056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 178.317405][ T7056] Call Trace: [ 178.320735][ T7056] [ 178.323713][ T7056] dump_stack_lvl+0x16c/0x230 [ 178.328465][ T7056] ? show_regs_print_info+0x20/0x20 [ 178.333823][ T7056] ? load_image+0x3b0/0x3b0 [ 178.338398][ T7056] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 178.344873][ T7056] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 178.351450][ T7056] warn_alloc+0x210/0x300 [ 178.355838][ T7056] ? stack_trace_save+0x9c/0xe0 [ 178.360748][ T7056] ? zone_watermark_ok_safe+0x230/0x230 [ 178.366383][ T7056] ? kasan_set_track+0x5f/0x70 [ 178.371217][ T7056] ? kasan_set_track+0x4e/0x70 [ 178.376025][ T7056] ? __kasan_kmalloc+0x8f/0xa0 [ 178.380837][ T7056] ? xsk_init_queue+0xb0/0x110 [ 178.385654][ T7056] ? xsk_setsockopt+0x4db/0x6f0 [ 178.390564][ T7056] ? do_sock_setsockopt+0x175/0x1a0 [ 178.395819][ T7056] ? __x64_sys_setsockopt+0x184/0x200 [ 178.401254][ T7056] __vmalloc_node_range+0x126/0x1320 [ 178.406661][ T7056] ? free_vm_area+0x50/0x50 [ 178.411248][ T7056] vmalloc_user+0x74/0x80 [ 178.415632][ T7056] ? xskq_create+0xbf/0x170 [ 178.420172][ T7056] xskq_create+0xbf/0x170 [ 178.424539][ T7056] xsk_init_queue+0xb0/0x110 [ 178.429150][ T7056] xsk_setsockopt+0x4db/0x6f0 [ 178.433845][ T7056] ? xsk_poll+0x670/0x670 [ 178.438209][ T7056] ? __fget_files+0x28/0x4d0 [ 178.442821][ T7056] ? aa_sock_opt_perm+0x74/0x100 [ 178.447773][ T7056] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 178.453329][ T7056] ? security_socket_setsockopt+0x7e/0xa0 [ 178.459058][ T7056] ? xsk_poll+0x670/0x670 [ 178.463439][ T7056] do_sock_setsockopt+0x175/0x1a0 [ 178.468492][ T7056] ? __fdget+0x180/0x210 [ 178.472769][ T7056] __x64_sys_setsockopt+0x184/0x200 [ 178.478006][ T7056] do_syscall_64+0x55/0xb0 [ 178.482449][ T7056] ? clear_bhb_loop+0x40/0x90 [ 178.487140][ T7056] ? clear_bhb_loop+0x40/0x90 [ 178.491834][ T7056] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 178.497744][ T7056] RIP: 0033:0x7f3e74d8e9a9 [ 178.502191][ T7056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.521819][ T7056] RSP: 002b:00007f3e75c60038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 178.530253][ T7056] RAX: ffffffffffffffda RBX: 00007f3e74fb5fa0 RCX: 00007f3e74d8e9a9 [ 178.538263][ T7056] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005 [ 178.546265][ T7056] RBP: 00007f3e74e10d69 R08: 0000000000000004 R09: 0000000000000000 [ 178.554249][ T7056] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 178.562236][ T7056] R13: 0000000000000000 R14: 00007f3e74fb5fa0 R15: 00007ffd3226cb98 [ 178.570248][ T7056] [ 178.583055][ T7056] Mem-Info: [ 178.586364][ T7056] active_anon:8219 inactive_anon:0 isolated_anon:0 [ 178.586364][ T7056] active_file:15616 inactive_file:39854 isolated_file:0 [ 178.586364][ T7056] unevictable:768 dirty:118 writeback:0 [ 178.586364][ T7056] slab_reclaimable:9833 slab_unreclaimable:93587 [ 178.586364][ T7056] mapped:23773 shmem:1373 pagetables:436 [ 178.586364][ T7056] sec_pagetables:0 bounce:0 [ 178.586364][ T7056] kernel_misc_reclaimable:0 [ 178.586364][ T7056] free:1344014 free_pcp:12667 free_cma:0 [ 178.633261][ T7056] Node 0 active_anon:32876kB inactive_anon:0kB active_file:62464kB inactive_file:159212kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:95092kB dirty:472kB writeback:0kB shmem:3956kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10748kB pagetables:1744kB sec_pagetables:0kB all_unreclaimable? no [ 178.669009][ T7056] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 178.699818][ T7056] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 178.730550][ T7056] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 178.736444][ T7056] Node 0 DMA32 free:1470764kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:32688kB inactive_anon:0kB active_file:62464kB inactive_file:157900kB unevictable:1536kB writepending:488kB present:3129332kB managed:2589600kB mlocked:0kB bounce:0kB free_pcp:28436kB local_pcp:20860kB free_cma:0kB [ 178.768650][ T7056] lowmem_reserve[]: 0 0 1 1 1 [ 178.773465][ T7056] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 178.801057][ T7056] lowmem_reserve[]: 0 0 0 0 0 [ 178.805897][ T7056] Node 1 Normal free:3889920kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:22276kB local_pcp:12832kB free_cma:0kB [ 178.835530][ T7056] lowmem_reserve[]: 0 0 0 0 0 [ 178.840445][ T7056] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 178.854675][ T7056] Node 0 DMA32: 1931*4kB (U) 1086*8kB (UME) 1041*16kB (UME) 754*32kB (UME) 409*64kB (UME) 81*128kB (UME) 37*256kB (M) 19*512kB (UME) 10*1024kB (M) 6*2048kB (UME) 326*4096kB (M) = 1470764kB [ 178.876541][ T7056] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 178.889205][ T7056] Node 1 Normal: 242*4kB (UME) 59*8kB (UME) 44*16kB (UME) 69*32kB (UME) 30*64kB (UME) 9*128kB (UME) 2*256kB (ME) 0*512kB 1*1024kB (E) 1*2048kB (E) 947*4096kB (UM) = 3889920kB [ 178.907018][ T7056] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 178.916704][ T7056] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 178.926233][ T7056] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 178.935883][ T7056] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 178.945484][ T7056] 56844 total pagecache pages [ 178.951336][ T7056] 0 pages in swap cache [ 178.955548][ T7056] Free swap = 124996kB [ 178.959843][ T7056] Total swap = 124996kB [ 178.964043][ T7056] 2097051 pages RAM [ 178.967982][ T7056] 0 pages HighMem/MovableOnly [ 178.972684][ T7056] 416137 pages reserved [ 178.976845][ T7056] 0 pages cma reserved [ 179.138237][ T5102] Bluetooth: hci1: Malformed LE Event: 0x0d [ 180.444261][ T5102] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18 [ 182.457975][ T5102] Bluetooth: hci1: command tx timeout [ 184.239308][ T7133] netlink: 539 bytes leftover after parsing attributes in process `syz.1.525'. [ 184.967727][ T5102] Bluetooth: hci3: unexpected subevent 0x01 length: 150 > 18 [ 185.208612][ T7155] netlink: 172 bytes leftover after parsing attributes in process `syz.1.531'. [ 187.018278][ T5102] Bluetooth: hci3: command tx timeout [ 189.726112][ T7173] syz.3.548[7173] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 189.726257][ T7173] syz.3.548[7173] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 190.818320][ T5102] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 190.838208][ T5102] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 191.780924][ T7201] syzkaller0: entered promiscuous mode [ 191.786459][ T7201] syzkaller0: entered allmulticast mode [ 192.023441][ T7205] syzkaller0: entered promiscuous mode [ 192.036668][ T7205] syzkaller0: entered allmulticast mode [ 192.408660][ T7221] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.559'. [ 192.671402][ T7232] syzkaller0: entered promiscuous mode [ 192.681852][ T7232] syzkaller0: entered allmulticast mode [ 194.543878][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.550723][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.822675][ T7264] netlink: 'syz.2.575': attribute type 2 has an invalid length. [ 194.855101][ T7264] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.575'. [ 195.230927][ T7276] netlink: 61211 bytes leftover after parsing attributes in process `syz.3.580'. [ 195.728929][ T7289] syzkaller0: entered promiscuous mode [ 195.734567][ T7289] syzkaller0: entered allmulticast mode [ 199.728966][ T5102] Bluetooth: hci2: unknown advertising packet type: 0x6c [ 199.729022][ T5102] Bluetooth: hci2: Malformed LE Event: 0x02 [ 199.909756][ T5102] Bluetooth: hci1: Malformed LE Event: 0x0d [ 200.771563][ T5102] Bluetooth: hci3: unknown advertising packet type: 0x6c [ 200.771609][ T5102] Bluetooth: hci3: Malformed LE Event: 0x02 [ 200.826057][ T7391] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.640'. [ 201.418236][ T5102] Bluetooth: hci3: unexpected subevent 0x03 length: 150 > 9 [ 204.955774][ T7450] netlink: 'syz.1.652': attribute type 10 has an invalid length. [ 205.014544][ T7450] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 205.280487][ T7459] netlink: 'syz.2.665': attribute type 10 has an invalid length. [ 205.316480][ T7459] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 205.851341][ T7473] netlink: 'syz.2.671': attribute type 10 has an invalid length. [ 206.868958][ T7484] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 206.876669][ T7484] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 206.889993][ T7484] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 206.897510][ T7484] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 207.611579][ T5102] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 207.620120][ T5102] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 208.965420][ T7519] syzkaller0: entered promiscuous mode [ 208.981717][ T7519] syzkaller0: entered allmulticast mode [ 211.774448][ T7564] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 211.788108][ T7564] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 211.796863][ T7564] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 211.829601][ T7564] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 211.982121][ T5799] Bluetooth: hci0: command 0x0406 tx timeout [ 211.982656][ T5798] Bluetooth: hci3: command 0x0406 tx timeout [ 211.989278][ T5797] Bluetooth: hci2: command 0x0406 tx timeout [ 211.995727][ T5798] Bluetooth: hci1: command 0x0406 tx timeout [ 212.010099][ T7568] syzkaller0: entered promiscuous mode [ 212.016074][ T7568] syzkaller0: entered allmulticast mode [ 216.445958][ T7642] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.727'. [ 217.150362][ T7655] netlink: 140 bytes leftover after parsing attributes in process `syz.1.732'. [ 217.502851][ T7668] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.739'. [ 219.884967][ T7690] netlink: 140 bytes leftover after parsing attributes in process `syz.3.747'. [ 220.034012][ T7695] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.748'. [ 221.741395][ T7732] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.763'. [ 223.113568][ T7739] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.768'. [ 223.134345][ T7742] syz.3.769[7742] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 223.134492][ T7742] syz.3.769[7742] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 223.896559][ T7767] syz.2.780[7767] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 223.896701][ T7767] syz.2.780[7767] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 223.935282][ T7766] wg2: entered promiscuous mode [ 223.994047][ T7766] wg2: entered allmulticast mode [ 224.045139][ T7771] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.783'. [ 225.253489][ T7800] -1: renamed from syzkaller0 [ 226.092722][ T7831] -1: renamed from syzkaller0 [ 226.578305][ T7849] wg2: entered promiscuous mode [ 226.591798][ T7849] wg2: entered allmulticast mode [ 227.479294][ T7886] netlink: 'syz.0.835': attribute type 17 has an invalid length. [ 227.498586][ T7886] netlink: 'syz.0.835': attribute type 16 has an invalid length. [ 227.508556][ T7886] netlink: 152 bytes leftover after parsing attributes in process `syz.0.835'. [ 227.747084][ T7895] netlink: 'syz.1.847': attribute type 17 has an invalid length. [ 227.763977][ T7895] netlink: 'syz.1.847': attribute type 16 has an invalid length. [ 227.772114][ T7895] netlink: 152 bytes leftover after parsing attributes in process `syz.1.847'. [ 228.296026][ T7918] netlink: 138036 bytes leftover after parsing attributes in process `syz.2.860'. [ 228.320946][ T7918] netlink: zone id is out of range [ 228.326208][ T7918] netlink: zone id is out of range [ 228.339376][ T7918] netlink: zone id is out of range [ 228.344693][ T7918] netlink: zone id is out of range [ 228.350279][ T7918] netlink: zone id is out of range [ 228.355531][ T7918] netlink: zone id is out of range [ 228.371246][ T7918] netlink: zone id is out of range [ 228.376509][ T7918] netlink: zone id is out of range [ 228.383621][ T7918] netlink: zone id is out of range [ 228.389213][ T7918] netlink: zone id is out of range [ 228.403739][ T7922] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.853'. [ 228.583479][ T7927] netlink: 'syz.2.855': attribute type 17 has an invalid length. [ 228.591985][ T7927] netlink: 'syz.2.855': attribute type 16 has an invalid length. [ 228.612020][ T7927] netlink: 152 bytes leftover after parsing attributes in process `syz.2.855'. [ 230.179513][ T5102] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3 [ 230.800306][ T5102] Bluetooth: hci2: unexpected event 0x06 length: 15 > 3 [ 231.690591][ T8019] syzkaller0: entered promiscuous mode [ 231.712611][ T8019] syzkaller0: entered allmulticast mode [ 231.770477][ T5102] Bluetooth: hci0: unexpected event 0x06 length: 15 > 3 [ 233.295365][ T8044] netlink: 'syz.1.915': attribute type 3 has an invalid length. [ 233.342990][ T8044] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.915'. [ 233.603145][ T8052] syz.3.910 uses obsolete (PF_INET,SOCK_PACKET) [ 233.635350][ T5102] Bluetooth: hci2: Unknown advertising packet type: 0x70 [ 233.635390][ T5102] Bluetooth: hci2: Malformed LE Event: 0x0d [ 233.674619][ T8057] netlink: 138036 bytes leftover after parsing attributes in process `syz.0.918'. [ 233.720457][ T8057] net_ratelimit: 43 callbacks suppressed [ 233.720473][ T8057] netlink: zone id is out of range [ 233.769186][ T8057] netlink: zone id is out of range [ 233.791429][ T8057] netlink: zone id is out of range [ 233.814072][ T8057] netlink: zone id is out of range [ 233.822316][ T8057] netlink: zone id is out of range [ 233.827634][ T8057] netlink: zone id is out of range [ 233.845030][ T8057] netlink: zone id is out of range [ 233.859999][ T8057] netlink: zone id is out of range [ 233.880332][ T8057] netlink: zone id is out of range [ 233.888309][ T8057] netlink: zone id is out of range [ 234.089507][ T8068] syzkaller0: entered promiscuous mode [ 234.095130][ T8068] syzkaller0: entered allmulticast mode [ 237.053625][ T5102] Bluetooth: hci0: Unknown advertising packet type: 0x70 [ 237.053669][ T5102] Bluetooth: hci0: Malformed LE Event: 0x0d [ 239.339025][ T8158] syz.1.963[8158] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 239.339278][ T8158] syz.1.963[8158] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 239.378536][ T8158] syz.1.963[8158] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 239.411561][ T8158] syz.1.963[8158] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 242.244726][ T5102] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4 [ 246.672137][ T8280] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.997'. [ 246.690171][ T8277] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.997'. [ 246.841555][ T8283] syzkaller0: entered promiscuous mode [ 246.852908][ T8283] syzkaller0: entered allmulticast mode [ 246.943656][ T8285] netlink: 'syz.3.1000': attribute type 3 has an invalid length. [ 246.971519][ T8285] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1000'. [ 247.985325][ T8311] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1008'. [ 248.048409][ T8307] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1008'. [ 248.385807][ T8315] syzkaller0: entered promiscuous mode [ 248.392182][ T8315] syzkaller0: entered allmulticast mode [ 248.461014][ T8317] netlink: 'syz.1.1012': attribute type 3 has an invalid length. [ 248.501641][ T8317] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1012'. [ 249.195472][ T8340] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1019'. [ 249.228522][ T8335] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1019'. [ 249.593796][ T8347] syzkaller0: entered promiscuous mode [ 249.618022][ T8347] syzkaller0: entered allmulticast mode [ 249.670803][ T8350] netlink: 'syz.0.1023': attribute type 3 has an invalid length. [ 249.699371][ T8350] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1023'. [ 250.071442][ T8363] netlink: 'syz.3.1030': attribute type 10 has an invalid length. [ 250.157049][ T8363] team0: Device ipvlan1 failed to register rx_handler [ 250.460938][ T8363] syz.3.1030 (8363) used greatest stack depth: 17832 bytes left [ 250.889530][ T8389] netlink: 'syz.2.1040': attribute type 21 has an invalid length. [ 250.904189][ T8389] netlink: 'syz.2.1040': attribute type 12 has an invalid length. [ 250.921902][ T8389] netlink: 'syz.2.1040': attribute type 13 has an invalid length. [ 250.945140][ T8389] netlink: 'syz.2.1040': attribute type 14 has an invalid length. [ 250.980436][ T8389] netlink: 'syz.2.1040': attribute type 15 has an invalid length. [ 251.028670][ T8389] netlink: 'syz.2.1040': attribute type 16 has an invalid length. [ 251.037386][ T8389] netlink: 12226 bytes leftover after parsing attributes in process `syz.2.1040'. [ 254.881020][ T8506] validate_nla: 3 callbacks suppressed [ 254.881046][ T8506] netlink: 'syz.3.1091': attribute type 21 has an invalid length. [ 254.897423][ T8506] netlink: 'syz.3.1091': attribute type 12 has an invalid length. [ 254.907446][ T8506] netlink: 'syz.3.1091': attribute type 13 has an invalid length. [ 254.917902][ T8506] netlink: 'syz.3.1091': attribute type 14 has an invalid length. [ 254.925877][ T8506] netlink: 'syz.3.1091': attribute type 15 has an invalid length. [ 254.935634][ T8506] netlink: 'syz.3.1091': attribute type 16 has an invalid length. [ 254.946177][ T8506] netlink: 'syz.3.1091': attribute type 19 has an invalid length. [ 254.954434][ T8506] netlink: 'syz.3.1091': attribute type 21 has an invalid length. [ 254.962791][ T8506] netlink: 'syz.3.1091': attribute type 22 has an invalid length. [ 254.971063][ T8506] netlink: 12226 bytes leftover after parsing attributes in process `syz.3.1091'. [ 255.898331][ T5102] Bluetooth: hci1: command 0x206a tx timeout [ 255.905070][ T5787] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 256.039484][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.046397][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.935397][ T8629] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1147'. [ 258.946399][ T8629] net_ratelimit: 43 callbacks suppressed [ 258.946434][ T8629] openvswitch: netlink: IP tunnel attribute has 3064 unknown bytes. [ 260.886717][ T8661] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1162'. [ 266.485626][ T8688] syz.0.1173[8688] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 266.485756][ T8688] syz.0.1173[8688] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 266.712740][ T5787] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4 [ 267.042448][ T5787] Bluetooth: hci2: unexpected event 0x05 length: 15 > 4 [ 267.505167][ T8731] syz.3.1188[8731] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 267.512808][ T8731] syz.3.1188[8731] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 267.717513][ T5787] Bluetooth: hci0: unexpected event 0x05 length: 15 > 4 [ 267.968241][ T8752] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.1203'. [ 268.326490][ T8767] Driver unsupported XDP return value 0 on prog (id 736) dev N/A, expect packet loss! [ 268.540626][ T5787] Bluetooth: hci1: unexpected event 0x07 length: 15 < 255 [ 268.699858][ T8781] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.1214'. [ 269.276254][ T5787] Bluetooth: hci2: unexpected event 0x07 length: 15 < 255 [ 269.833835][ T8823] netlink: 'syz.3.1235': attribute type 2 has an invalid length. [ 269.843921][ T8823] netlink: 199824 bytes leftover after parsing attributes in process `syz.3.1235'. [ 271.494105][ T8860] netlink: 'syz.2.1248': attribute type 2 has an invalid length. [ 271.512562][ T8860] netlink: 199824 bytes leftover after parsing attributes in process `syz.2.1248'. [ 273.966349][ T5787] Bluetooth: hci1: ISO packet for unknown connection handle 2681 [ 274.213682][ T5787] Bluetooth: hci3: ISO packet for unknown connection handle 2681 [ 274.410651][ T8892] netlink: 'syz.0.1259': attribute type 2 has an invalid length. [ 274.422546][ T8892] netlink: 199824 bytes leftover after parsing attributes in process `syz.0.1259'. [ 274.465976][ T8896] netlink: 'syz.3.1261': attribute type 10 has an invalid length. [ 274.487192][ T8896] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1261'. [ 274.507752][ T8896] netlink: 'syz.3.1261': attribute type 10 has an invalid length. [ 274.525501][ T8896] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1261'. [ 274.590014][ T8895] netlink: 'syz.3.1261': attribute type 10 has an invalid length. [ 274.609027][ T8895] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1261'. [ 275.894401][ T5787] Bluetooth: hci2: ISO packet for unknown connection handle 2681 [ 276.029871][ T8919] netlink: 'syz.2.1275': attribute type 2 has an invalid length. [ 276.044790][ T8919] netlink: 199824 bytes leftover after parsing attributes in process `syz.2.1275'. [ 276.185880][ T8924] netlink: 'syz.0.1276': attribute type 10 has an invalid length. [ 276.194120][ T8924] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1276'. [ 276.344675][ T8927] __sock_release: fasync list not empty! [ 278.195751][ T8924] netlink: 'syz.0.1276': attribute type 10 has an invalid length. [ 278.203868][ T8924] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1276'. [ 278.366795][ T8945] netlink: 'syz.3.1286': attribute type 2 has an invalid length. [ 278.375250][ T8945] netlink: 199824 bytes leftover after parsing attributes in process `syz.3.1286'. [ 278.375850][ T5787] Bluetooth: hci1: ISO packet for unknown connection handle 2681 [ 279.357624][ T5787] Bluetooth: hci0: ISO packet for unknown connection handle 2681 [ 279.678398][ T8961] __sock_release: fasync list not empty! [ 280.540881][ T8977] netlink: 'syz.2.1297': attribute type 2 has an invalid length. [ 280.549063][ T8977] netlink: 199824 bytes leftover after parsing attributes in process `syz.2.1297'. [ 281.463584][ T8984] __sock_release: fasync list not empty! [ 281.535223][ T8988] veth1_macvtap: left promiscuous mode [ 281.569339][ T8988] veth1_macvtap: entered promiscuous mode [ 281.575499][ T8988] macsec0: entered promiscuous mode [ 281.584198][ T8988] macsec0: entered allmulticast mode [ 281.591304][ T8988] veth1_macvtap: entered allmulticast mode [ 281.949641][ T9001] veth1_macvtap: left promiscuous mode [ 282.005603][ T9001] veth1_macvtap: entered promiscuous mode [ 282.011806][ T9001] macsec0: entered promiscuous mode [ 282.017488][ T9001] macsec0: entered allmulticast mode [ 282.023836][ T9001] veth1_macvtap: entered allmulticast mode [ 284.300921][ T9030] veth1_macvtap: left promiscuous mode [ 284.358076][ T9030] veth1_macvtap: entered promiscuous mode [ 284.378594][ T9030] macsec0: entered promiscuous mode [ 284.384066][ T9030] macsec0: entered allmulticast mode [ 284.400162][ T9030] veth1_macvtap: entered allmulticast mode [ 284.668250][ T9045] veth1_macvtap: left allmulticast mode [ 284.677291][ T9045] veth1_macvtap: left promiscuous mode [ 284.696442][ T9045] macsec0: left promiscuous mode [ 284.722587][ T9045] macsec0: left allmulticast mode [ 284.764406][ T9049] veth1_macvtap: entered promiscuous mode [ 284.799106][ T9049] macsec0: entered promiscuous mode [ 284.830068][ T9049] macsec0: entered allmulticast mode [ 284.849792][ T9049] veth1_macvtap: entered allmulticast mode [ 287.708712][ T9076] veth1_macvtap: left promiscuous mode [ 287.732578][ T9077] veth1_macvtap: entered promiscuous mode [ 287.748581][ T9077] macsec0: entered promiscuous mode [ 287.753976][ T9077] macsec0: entered allmulticast mode [ 287.764452][ T9077] veth1_macvtap: entered allmulticast mode [ 290.234450][ T9122] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 292.026796][ T9165] netlink: 'syz.0.1364': attribute type 39 has an invalid length. [ 292.257031][ T9171] netlink: 'syz.2.1365': attribute type 10 has an invalid length. [ 292.286645][ T9171] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1365'. [ 292.990756][ T9176] veth1_macvtap: left allmulticast mode [ 292.997146][ T9176] veth1_macvtap: left promiscuous mode [ 293.004426][ T9176] macsec0: left promiscuous mode [ 293.014980][ T9176] macsec0: left allmulticast mode [ 293.037006][ T9178] veth1_macvtap: entered promiscuous mode [ 293.043795][ T9178] macsec0: entered promiscuous mode [ 293.060405][ T9178] macsec0: entered allmulticast mode [ 293.072462][ T9178] veth1_macvtap: entered allmulticast mode [ 293.415865][ T9183] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 295.670941][ T9221] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 295.729087][ T9225] veth1_macvtap: left allmulticast mode [ 295.738617][ T9225] veth1_macvtap: left promiscuous mode [ 295.744251][ T9225] macsec0: left promiscuous mode [ 295.760132][ T9225] macsec0: left allmulticast mode [ 295.826624][ T9225] veth1_macvtap: entered promiscuous mode [ 295.844594][ T9225] macsec0: entered promiscuous mode [ 295.875034][ T9225] macsec0: entered allmulticast mode [ 295.897930][ T9225] veth1_macvtap: entered allmulticast mode [ 296.110079][ T5787] Bluetooth: hci3: unexpected event 0x08 length: 15 > 4 [ 299.011560][ T9268] netlink: 'syz.1.1400': attribute type 39 has an invalid length. [ 299.648254][ T9281] syzkaller0: entered promiscuous mode [ 299.653943][ T9281] syzkaller0: entered allmulticast mode [ 300.198090][ T9290] veth1_macvtap: left allmulticast mode [ 300.210424][ T9290] veth1_macvtap: left promiscuous mode [ 300.215951][ T9290] macsec0: left promiscuous mode [ 300.218143][ T5102] Bluetooth: hci3: command 0x0406 tx timeout [ 300.233107][ T9290] macsec0: left allmulticast mode [ 300.277240][ T9294] veth1_macvtap: entered promiscuous mode [ 300.285621][ T9294] macsec0: entered promiscuous mode [ 300.291884][ T9294] macsec0: entered allmulticast mode [ 300.298684][ T9294] veth1_macvtap: entered allmulticast mode [ 300.329186][ T9298] netlink: 'syz.2.1412': attribute type 39 has an invalid length. [ 300.918598][ T9304] netlink: 'syz.2.1424': attribute type 39 has an invalid length. [ 301.019077][ T5787] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 301.485112][ T9323] netlink: 'syz.0.1419': attribute type 21 has an invalid length. [ 306.440316][ T9361] netlink: 'syz.3.1436': attribute type 21 has an invalid length. [ 311.992001][ T9423] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.1470'. [ 315.602075][ T9460] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.1488'. [ 316.819811][ T9492] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.1490'. [ 317.422611][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.429474][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 320.913856][ T9543] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1511'. [ 321.657567][ T9565] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.1526'. [ 323.993755][ T9580] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1524'. [ 324.426346][ T9599] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.1529'. [ 327.303518][ T9635] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.1539'. [ 333.142526][ T9701] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.1564'. [ 334.824735][ T9729] netlink: 'syz.3.1573': attribute type 64 has an invalid length. [ 335.203725][ T9733] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.1577'. [ 336.146126][ T9752] netlink: 199820 bytes leftover after parsing attributes in process `syz.3.1591'. [ 340.045742][ T9786] pim6reg1: entered promiscuous mode [ 340.051403][ T9786] pim6reg1: entered allmulticast mode [ 345.543355][ T9830] netlink: 'syz.1.1611': attribute type 21 has an invalid length. [ 345.568084][ T9830] IPv6: NLM_F_CREATE should be specified when creating new route [ 345.576161][ T9830] IPv6: Can't replace route, no match found [ 349.786214][ T9875] netlink: 'syz.1.1631': attribute type 10 has an invalid length. [ 349.816886][ T9875] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 350.041304][ T9879] netlink: 'syz.2.1632': attribute type 8 has an invalid length. [ 350.062221][ T9879] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1632'. [ 351.243605][ T9907] netlink: 'syz.1.1643': attribute type 8 has an invalid length. [ 351.442162][ T9907] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1643'. [ 352.204870][ T9932] netlink: 'syz.1.1655': attribute type 10 has an invalid length. [ 352.257523][ T9932] team0: Port device wlan1 added [ 352.289986][ T9931] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 352.525849][ T9937] netlink: 'syz.0.1657': attribute type 8 has an invalid length. [ 352.555093][ T9937] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1657'. [ 352.979201][ T9948] syzkaller0: create flow: hash 4104629707 index 1 [ 353.097478][ T54] syzkaller0: tun_net_xmit 76 [ 353.110049][ T54] syzkaller0: tun_net_xmit 48 [ 353.129122][ T5776] syzkaller0: tun_net_xmit 76 [ 353.284676][ T9942] syzkaller0: delete flow: hash 4104629707 index 1 [ 354.940880][ T9962] netlink: 'syz.2.1669': attribute type 8 has an invalid length. [ 354.951325][ T9962] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1669'. [ 357.662834][ T9998] netlink: 'syz.1.1680': attribute type 8 has an invalid length. [ 357.708141][ T9998] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1680'. [ 357.922008][T10005] netlink: 'syz.0.1683': attribute type 10 has an invalid length. [ 357.968648][T10005] team0: Port device wlan1 added [ 358.001445][T10003] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 359.089147][T10023] netlink: 'syz.2.1691': attribute type 8 has an invalid length. [ 359.112292][T10023] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1691'. [ 360.413280][T10035] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 360.641104][T10036] netlink: 'syz.2.1695': attribute type 10 has an invalid length. [ 360.661023][T10036] team0: Port device wlan1 added [ 361.055747][T10047] 7B’ç÷ï: renamed from syzkaller0 [ 361.196489][T10056] netlink: 'syz.1.1701': attribute type 8 has an invalid length. [ 361.204993][T10056] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1701'. [ 364.504661][T10078] netlink: 'syz.3.1712': attribute type 8 has an invalid length. [ 364.528097][T10078] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1712'. [ 364.594769][T10080] 7B’ç÷ï: renamed from syzkaller0 [ 365.134910][ T5102] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 365.279769][T10097] netlink: 'syz.1.1720': attribute type 2 has an invalid length. [ 365.307923][T10097] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1720'. [ 366.153711][T10109] pim6reg1: entered promiscuous mode [ 366.164937][T10109] pim6reg1: entered allmulticast mode [ 366.177171][T10108] 7B’ç÷ï: renamed from syzkaller0 [ 369.244518][ T5102] Bluetooth: Frame is too long (len 13, expected len 4) [ 369.477290][T10132] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 369.485459][T10132] syzkaller0: entered allmulticast mode [ 369.855840][T10146] Zero length message leads to an empty skb [ 369.869638][T10146] netlink: 'syz.1.1741': attribute type 10 has an invalid length. [ 369.889079][T10146] bridge0: port 3(team0) entered blocking state [ 369.895750][T10146] bridge0: port 3(team0) entered disabled state [ 369.910092][T10146] team0: entered allmulticast mode [ 369.915287][T10146] team_slave_0: entered allmulticast mode [ 369.935750][T10146] team_slave_1: entered allmulticast mode [ 369.942106][T10146] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 369.968823][T10146] team0: entered promiscuous mode [ 369.978123][T10146] team_slave_0: entered promiscuous mode [ 369.998667][T10146] team_slave_1: entered promiscuous mode [ 370.004848][T10146] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode [ 370.030899][T10146] bridge0: port 3(team0) entered blocking state [ 370.038026][T10146] bridge0: port 3(team0) entered forwarding state [ 370.195453][ T5102] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 370.622503][T10173] netlink: 'syz.2.1753': attribute type 3 has an invalid length. [ 370.632339][T10173] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.1753'. [ 371.002117][T10181] netlink: 'syz.0.1757': attribute type 1 has an invalid length. [ 371.029275][T10181] netlink: 'syz.0.1757': attribute type 4 has an invalid length. [ 371.037071][T10181] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1757'. [ 371.566761][T10197] netlink: 207496 bytes leftover after parsing attributes in process `syz.3.1763'. [ 372.178819][T10210] syzkaller0: entered promiscuous mode [ 372.184366][T10210] syzkaller0: entered allmulticast mode [ 372.232386][ T5832] syzkaller0: tun_net_xmit 48 [ 374.727350][T10225] pim6reg1: entered promiscuous mode [ 374.732787][T10225] pim6reg1: entered allmulticast mode [ 375.044897][T10240] syzkaller0: entered promiscuous mode [ 375.053424][T10240] syzkaller0: entered allmulticast mode [ 375.067502][ T1188] syzkaller0: tun_net_xmit 48 [ 375.088418][T10241] syzkaller0: tun_net_xmit 1280 [ 375.114079][T10241] syzkaller0: create flow: hash 3319856857 index 1 [ 375.276683][T10239] syzkaller0: delete flow: hash 3319856857 index 1 [ 377.342778][T10263] netlink: 'syz.2.1796': attribute type 1 has an invalid length. [ 377.353547][T10263] netlink: 'syz.2.1796': attribute type 4 has an invalid length. [ 377.363209][T10263] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.1796'. [ 377.554523][T10269] netlink: 'syz.3.1789': attribute type 11 has an invalid length. [ 378.871646][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.882232][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.617059][T10282] pim6reg1: entered promiscuous mode [ 379.640269][T10282] pim6reg1: entered allmulticast mode [ 380.674495][T10304] netlink: 207496 bytes leftover after parsing attributes in process `syz.0.1804'. [ 381.094863][T10318] pim6reg1: entered promiscuous mode [ 381.110048][T10318] pim6reg1: entered allmulticast mode [ 381.513684][T10333] netlink: 207496 bytes leftover after parsing attributes in process `syz.1.1817'. [ 382.355056][T10345] netlink: 'syz.0.1822': attribute type 10 has an invalid length. [ 382.374868][T10345] bridge0: port 3(team0) entered blocking state [ 382.392043][T10345] bridge0: port 3(team0) entered disabled state [ 382.408257][T10345] team0: entered allmulticast mode [ 382.418324][T10345] team_slave_0: entered allmulticast mode [ 382.436231][T10345] team_slave_1: entered allmulticast mode [ 382.456346][T10345] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 382.484207][T10345] team0: entered promiscuous mode [ 382.496234][T10345] team_slave_0: entered promiscuous mode [ 382.509727][T10345] team_slave_1: entered promiscuous mode [ 382.526674][T10345] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 382.544561][T10345] bridge0: port 3(team0) entered blocking state [ 382.551219][T10345] bridge0: port 3(team0) entered forwarding state [ 386.084232][T10406] netlink: 'syz.2.1854': attribute type 11 has an invalid length. [ 387.699329][ T5102] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 387.708766][ T5102] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 392.028356][ T5102] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 395.725746][T10558] netlink: 'syz.1.1905': attribute type 10 has an invalid length. [ 395.740777][T10558] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1905'. [ 395.760418][T10558] ipvlan1: entered promiscuous mode [ 395.779741][T10558] ipvlan1: entered allmulticast mode [ 395.785690][T10558] veth0_vlan: entered allmulticast mode [ 395.834363][T10558] bridge0: port 4(ipvlan1) entered blocking state [ 395.851755][T10558] bridge0: port 4(ipvlan1) entered disabled state [ 395.896209][T10558] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 397.699676][T10623] netlink: 'syz.2.1932': attribute type 10 has an invalid length. [ 397.709198][T10623] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1932'. [ 398.036406][ T5787] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 398.045171][ T5787] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 399.625369][T10662] netlink: 'syz.0.1943': attribute type 10 has an invalid length. [ 399.648184][T10662] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1943'. [ 399.671212][T10662] ipvlan1: entered promiscuous mode [ 399.677279][T10662] ipvlan1: entered allmulticast mode [ 399.699762][T10662] veth0_vlan: entered allmulticast mode [ 399.788016][T10662] bridge0: port 4(ipvlan1) entered blocking state [ 399.797627][T10662] bridge0: port 4(ipvlan1) entered disabled state [ 399.872588][T10662] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 403.918816][ T5787] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 403.933605][ T5787] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 406.598581][T10796] netlink: 'syz.3.1997': attribute type 15 has an invalid length. [ 408.142063][T10844] netlink: 'syz.2.2016': attribute type 15 has an invalid length. [ 411.680883][ T5787] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 414.127932][T10941] netlink: 'syz.2.2056': attribute type 19 has an invalid length. [ 414.158080][T10941] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2056'. [ 414.318426][T10944] delete_channel: no stack [ 414.479649][T10949] syzkaller0: entered promiscuous mode [ 414.485306][T10949] syzkaller0: entered allmulticast mode [ 414.507157][T10954] lo: entered allmulticast mode [ 414.552519][T10954] lo: entered promiscuous mode [ 414.564564][T10954] lo: left allmulticast mode [ 416.831764][T10990] lo: entered allmulticast mode [ 416.926573][T10990] lo: entered promiscuous mode [ 416.932811][T10990] lo: left allmulticast mode [ 418.594586][ T5102] Bluetooth: hci0: unexpected subevent 0x0a length: 150 > 30 [ 418.607177][ T5102] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0' [ 418.616739][ T5102] CPU: 0 PID: 5102 Comm: kworker/u5:1 Not tainted 6.6.99-syzkaller #0 [ 418.624936][ T5102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 418.635025][ T5102] Workqueue: hci0 hci_rx_work [ 418.639749][ T5102] Call Trace: [ 418.643046][ T5102] [ 418.645985][ T5102] dump_stack_lvl+0x16c/0x230 [ 418.650684][ T5102] ? show_regs_print_info+0x20/0x20 [ 418.655892][ T5102] ? load_image+0x3b0/0x3b0 [ 418.660427][ T5102] sysfs_create_dir_ns+0x256/0x280 [ 418.665560][ T5102] ? hci_rx_work+0x43a/0xd80 [ 418.670175][ T5102] ? sysfs_warn_dup+0xa0/0xa0 [ 418.674878][ T5102] ? do_raw_spin_unlock+0x121/0x230 [ 418.680106][ T5102] kobject_add_internal+0x6b8/0xc70 [ 418.685321][ T5102] kobject_add+0x156/0x220 [ 418.689771][ T5102] ? __rwlock_init+0x150/0x150 [ 418.694555][ T5102] ? kobject_init+0x1e0/0x1e0 [ 418.699253][ T5102] ? _raw_spin_unlock+0x28/0x40 [ 418.704124][ T5102] ? get_device_parent+0x366/0x390 [ 418.709254][ T5102] device_add+0x408/0xc20 [ 418.713602][ T5102] hci_conn_add_sysfs+0xd5/0x1e0 [ 418.718564][ T5102] le_conn_complete_evt+0xc37/0x1220 [ 418.723878][ T5102] ? bt_warn+0x10c/0x160 [ 418.728135][ T5102] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 418.734391][ T5102] ? bt_info+0x160/0x160 [ 418.738641][ T5102] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 418.744282][ T5102] ? skb_pull_data+0xfb/0x200 [ 418.748974][ T5102] hci_le_enh_conn_complete_evt+0x189/0x460 [ 418.754882][ T5102] ? hci_le_remote_conn_param_req_evt+0xcc0/0xcc0 [ 418.761326][ T5102] ? hci_remote_host_features_evt+0x160/0x160 [ 418.767423][ T5102] hci_event_packet+0x795/0x1210 [ 418.772390][ T5102] ? bis_list+0x290/0x290 [ 418.776735][ T5102] ? lockdep_hardirqs_on+0x98/0x150 [ 418.781949][ T5102] ? hci_send_to_monitor+0xd7/0x4f0 [ 418.787166][ T5102] hci_rx_work+0x43a/0xd80 [ 418.791603][ T5102] ? process_scheduled_works+0x957/0x15b0 [ 418.797332][ T5102] process_scheduled_works+0xa45/0x15b0 [ 418.802932][ T5102] ? assign_work+0x400/0x400 [ 418.807544][ T5102] ? assign_work+0x39e/0x400 [ 418.812153][ T5102] worker_thread+0xa55/0xfc0 [ 418.816758][ T5102] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 418.822668][ T5102] ? _raw_spin_unlock+0x40/0x40 [ 418.827547][ T5102] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 418.833478][ T5102] kthread+0x2fa/0x390 [ 418.837553][ T5102] ? pr_cont_work+0x560/0x560 [ 418.842251][ T5102] ? kthread_blkcg+0xd0/0xd0 [ 418.846853][ T5102] ret_from_fork+0x48/0x80 [ 418.851286][ T5102] ? kthread_blkcg+0xd0/0xd0 [ 418.855899][ T5102] ret_from_fork_asm+0x11/0x20 [ 418.860694][ T5102] [ 418.865099][ T5102] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 418.882758][ T5102] Bluetooth: hci0: failed to register connection device [ 420.275556][T11009] syzkaller0: entered promiscuous mode [ 420.281114][T11009] syzkaller0: entered allmulticast mode [ 420.942647][ T5102] Bluetooth: hci0: command 0x0406 tx timeout [ 421.966652][T11026] lo: entered allmulticast mode [ 422.020014][T11028] lo: entered promiscuous mode [ 422.027879][T11028] lo: left allmulticast mode [ 423.254452][T11065] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2101'. [ 425.439971][ T5102] Bluetooth: hci3: unexpected subevent 0x0a length: 150 > 30 [ 426.355893][T11115] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2117'. [ 427.499180][ T5102] Bluetooth: hci3: command 0x0406 tx timeout [ 427.784528][T11132] syz.3.2136[11132] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 427.784662][T11132] syz.3.2136[11132] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 428.506350][ T5102] Bluetooth: hci1: unexpected subevent 0x0a length: 150 > 30 [ 428.591177][T11150] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2135'. [ 429.983771][T11172] syz.2.2144[11172] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 429.983910][T11172] syz.2.2144[11172] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 430.547248][ T5102] Bluetooth: hci1: command 0x206a tx timeout [ 431.261828][ T5102] Bluetooth: hci2: unexpected subevent 0x0a length: 150 > 30 [ 431.551013][T11193] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2151'. [ 431.564126][T11193] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 431.768128][T11199] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2164'. [ 431.785622][T11199] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 432.141512][T11211] syzkaller0: entered promiscuous mode [ 432.147147][T11211] syzkaller0: entered allmulticast mode [ 433.342323][ T5102] Bluetooth: hci2: command 0x0406 tx timeout [ 434.098381][ T5102] Bluetooth: hci3: unexpected event 0x03 length: 15 > 11 [ 435.054066][T11243] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2170'. [ 435.112511][T11243] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 435.201064][T11252] pim6reg1: entered promiscuous mode [ 435.206431][T11252] pim6reg1: entered allmulticast mode [ 435.752601][ T5102] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 435.762697][ T5102] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0' [ 435.773032][ T5102] CPU: 1 PID: 5102 Comm: kworker/u5:1 Not tainted 6.6.99-syzkaller #0 [ 435.781236][ T5102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 435.791323][ T5102] Workqueue: hci0 hci_rx_work [ 435.796043][ T5102] Call Trace: [ 435.799345][ T5102] [ 435.802300][ T5102] dump_stack_lvl+0x16c/0x230 [ 435.807102][ T5102] ? show_regs_print_info+0x20/0x20 [ 435.812353][ T5102] ? load_image+0x3b0/0x3b0 [ 435.816927][ T5102] sysfs_create_dir_ns+0x256/0x280 [ 435.822176][ T5102] ? hci_rx_work+0x43a/0xd80 [ 435.826807][ T5102] ? sysfs_warn_dup+0xa0/0xa0 [ 435.831557][ T5102] ? do_raw_spin_unlock+0x121/0x230 [ 435.836801][ T5102] kobject_add_internal+0x6b8/0xc70 [ 435.842068][ T5102] kobject_add+0x156/0x220 [ 435.846534][ T5102] ? __rwlock_init+0x150/0x150 [ 435.851347][ T5102] ? kobject_init+0x1e0/0x1e0 [ 435.856158][ T5102] ? _raw_spin_unlock+0x28/0x40 [ 435.861061][ T5102] ? get_device_parent+0x366/0x390 [ 435.866218][ T5102] device_add+0x408/0xc20 [ 435.870598][ T5102] hci_conn_add_sysfs+0xd5/0x1e0 [ 435.875590][ T5102] le_conn_complete_evt+0xc37/0x1220 [ 435.880911][ T5102] ? bt_warn+0x10c/0x160 [ 435.885184][ T5102] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 435.891442][ T5102] ? bt_info+0x160/0x160 [ 435.895700][ T5102] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 435.901355][ T5102] ? skb_pull_data+0xfb/0x200 [ 435.906060][ T5102] hci_le_conn_complete_evt+0x187/0x440 [ 435.911636][ T5102] ? hci_remote_host_features_evt+0x160/0x160 [ 435.917731][ T5102] hci_event_packet+0x795/0x1210 [ 435.922706][ T5102] ? bis_list+0x290/0x290 [ 435.927057][ T5102] ? lockdep_hardirqs_on+0x98/0x150 [ 435.932297][ T5102] ? hci_send_to_monitor+0xd7/0x4f0 [ 435.937516][ T5102] hci_rx_work+0x43a/0xd80 [ 435.941957][ T5102] ? process_scheduled_works+0x957/0x15b0 [ 435.947694][ T5102] process_scheduled_works+0xa45/0x15b0 [ 435.953278][ T5102] ? assign_work+0x400/0x400 [ 435.957885][ T5102] ? assign_work+0x39e/0x400 [ 435.962493][ T5102] worker_thread+0xa55/0xfc0 [ 435.967095][ T5102] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 435.973008][ T5102] ? _raw_spin_unlock+0x40/0x40 [ 435.977888][ T5102] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 435.983838][ T5102] kthread+0x2fa/0x390 [ 435.987916][ T5102] ? pr_cont_work+0x560/0x560 [ 435.992616][ T5102] ? kthread_blkcg+0xd0/0xd0 [ 435.997217][ T5102] ret_from_fork+0x48/0x80 [ 436.001665][ T5102] ? kthread_blkcg+0xd0/0xd0 [ 436.006270][ T5102] ret_from_fork_asm+0x11/0x20 [ 436.011069][ T5102] [ 436.016261][ T5102] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 436.032753][ T5102] Bluetooth: hci0: failed to register connection device [ 436.821048][T11289] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2190'. [ 436.880209][T11289] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 436.917913][T11289] CPU: 1 PID: 11289 Comm: syz.2.2190 Not tainted 6.6.99-syzkaller #0 [ 436.926063][T11289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 436.936171][T11289] Call Trace: [ 436.939495][T11289] [ 436.942447][T11289] dump_stack_lvl+0x16c/0x230 [ 436.947162][T11289] ? show_regs_print_info+0x20/0x20 [ 436.952391][T11289] ? load_image+0x3b0/0x3b0 [ 436.956957][T11289] sysfs_warn_dup+0x8e/0xa0 [ 436.961509][T11289] sysfs_do_create_link_sd+0xc0/0x110 [ 436.966935][T11289] device_add_class_symlinks+0x1cf/0x240 [ 436.972607][T11289] device_add+0x507/0xc20 [ 436.976979][T11289] wiphy_register+0x1e74/0x2c00 [ 436.981891][T11289] ? cfg80211_event_work+0x40/0x40 [ 436.987026][T11289] ? minstrel_ht_alloc+0x88a/0x990 [ 436.992184][T11289] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 436.998296][T11289] ieee80211_register_hw+0x2dc2/0x3ac0 [ 437.003827][T11289] ? ieee80211_tasklet_handler+0x20/0x20 [ 437.009498][T11289] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 437.015443][T11289] ? __debug_object_init+0xe8/0x430 [ 437.020678][T11289] ? __asan_memset+0x22/0x40 [ 437.025303][T11289] ? __hrtimer_init+0x186/0x270 [ 437.030192][T11289] mac80211_hwsim_new_radio+0x2a00/0x4cf0 [ 437.035975][T11289] ? mac80211_hwsim_free+0x220/0x220 [ 437.041306][T11289] ? rcu_is_watching+0x15/0xb0 [ 437.046098][T11289] ? kstrndup+0xbd/0x140 [ 437.050405][T11289] hwsim_new_radio_nl+0xd78/0x19d0 [ 437.055575][T11289] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 437.061951][T11289] ? __nla_parse+0x40/0x50 [ 437.066411][T11289] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 437.072783][T11289] genl_family_rcv_msg_doit+0x209/0x2f0 [ 437.078375][T11289] ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0 [ 437.084318][T11289] ? bpf_lsm_capable+0x9/0x10 [ 437.089030][T11289] ? security_capable+0x89/0xb0 [ 437.093923][T11289] genl_rcv_msg+0x60b/0x790 [ 437.098468][T11289] ? genl_bind+0x360/0x360 [ 437.102915][T11289] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 437.109272][T11289] ? trace_event_raw_event_lock_acquire+0x2a0/0x2a0 [ 437.115890][T11289] ? ref_tracker_free+0x634/0x7d0 [ 437.120958][T11289] netlink_rcv_skb+0x216/0x480 [ 437.125754][T11289] ? genl_bind+0x360/0x360 [ 437.130212][T11289] ? netlink_ack+0x1110/0x1110 [ 437.135033][T11289] ? __lock_acquire+0x7c80/0x7c80 [ 437.140102][T11289] ? down_read+0x1ac/0x2e0 [ 437.144560][T11289] genl_rcv+0x28/0x40 [ 437.148573][T11289] netlink_unicast+0x751/0x8d0 [ 437.153382][T11289] netlink_sendmsg+0x8c1/0xbe0 [ 437.158193][T11289] ? netlink_getsockopt+0x580/0x580 [ 437.163426][T11289] ? aa_sock_msg_perm+0x94/0x150 [ 437.168397][T11289] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 437.173706][T11289] ? security_socket_sendmsg+0x80/0xa0 [ 437.179198][T11289] ? netlink_getsockopt+0x580/0x580 [ 437.184431][T11289] ____sys_sendmsg+0x5bf/0x950 [ 437.189295][T11289] ? __asan_memset+0x22/0x40 [ 437.193918][T11289] ? __sys_sendmsg_sock+0x30/0x30 [ 437.198990][T11289] ? __import_iovec+0x5f2/0x860 [ 437.203903][T11289] ? import_iovec+0x73/0xa0 [ 437.208538][T11289] ___sys_sendmsg+0x220/0x290 [ 437.213264][T11289] ? __sys_sendmsg+0x270/0x270 [ 437.218169][T11289] __se_sys_sendmsg+0x1a5/0x270 [ 437.223055][T11289] ? __x64_sys_sendmsg+0x80/0x80 [ 437.228071][T11289] ? lockdep_hardirqs_on+0x98/0x150 [ 437.233307][T11289] do_syscall_64+0x55/0xb0 [ 437.237750][T11289] ? clear_bhb_loop+0x40/0x90 [ 437.242452][T11289] ? clear_bhb_loop+0x40/0x90 [ 437.247150][T11289] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 437.253090][T11289] RIP: 0033:0x7fb36cd8e9a9 [ 437.257568][T11289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 437.277414][T11289] RSP: 002b:00007fb36dc7b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 437.285903][T11289] RAX: ffffffffffffffda RBX: 00007fb36cfb5fa0 RCX: 00007fb36cd8e9a9 [ 437.293910][T11289] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 437.301904][T11289] RBP: 00007fb36ce10d69 R08: 0000000000000000 R09: 0000000000000000 [ 437.309898][T11289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 437.317895][T11289] R13: 0000000000000000 R14: 00007fb36cfb5fa0 R15: 00007ffd31291b08 [ 437.325920][T11289] [ 437.682118][T11301] sit0: entered allmulticast mode [ 437.927491][ T5787] Bluetooth: hci0: unexpected subevent 0x0a length: 150 > 30 [ 437.936038][ T5787] Bluetooth: hci0: Invalid handle: 0x85b0 > 0x0eff [ 438.059275][ T5787] Bluetooth: hci0: command 0x0406 tx timeout [ 438.854865][T11325] netlink: 'syz.3.2205': attribute type 39 has an invalid length. [ 439.149455][T11335] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2216'. [ 439.185696][T11335] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 439.208424][T11335] CPU: 1 PID: 11335 Comm: syz.1.2216 Not tainted 6.6.99-syzkaller #0 [ 439.216583][T11335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 439.226666][T11335] Call Trace: [ 439.229970][T11335] [ 439.232927][T11335] dump_stack_lvl+0x16c/0x230 [ 439.237652][T11335] ? show_regs_print_info+0x20/0x20 [ 439.243061][T11335] ? load_image+0x3b0/0x3b0 [ 439.247636][T11335] sysfs_warn_dup+0x8e/0xa0 [ 439.252191][T11335] sysfs_do_create_link_sd+0xc0/0x110 [ 439.257606][T11335] device_add_class_symlinks+0x1cf/0x240 [ 439.263297][T11335] device_add+0x507/0xc20 [ 439.267675][T11335] wiphy_register+0x1e74/0x2c00 [ 439.272591][T11335] ? cfg80211_event_work+0x40/0x40 [ 439.277734][T11335] ? minstrel_ht_alloc+0x88a/0x990 [ 439.282919][T11335] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 439.289025][T11335] ieee80211_register_hw+0x2dc2/0x3ac0 [ 439.294547][T11335] ? ieee80211_tasklet_handler+0x20/0x20 [ 439.300204][T11335] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 439.306138][T11335] ? __debug_object_init+0xe8/0x430 [ 439.311375][T11335] ? __asan_memset+0x22/0x40 [ 439.315991][T11335] ? __hrtimer_init+0x186/0x270 [ 439.320892][T11335] mac80211_hwsim_new_radio+0x2a00/0x4cf0 [ 439.326683][T11335] ? mac80211_hwsim_free+0x220/0x220 [ 439.331986][T11335] ? rcu_is_watching+0x15/0xb0 [ 439.336793][T11335] ? kstrndup+0xbd/0x140 [ 439.341168][T11335] hwsim_new_radio_nl+0xd78/0x19d0 [ 439.346361][T11335] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 439.352738][T11335] ? __nla_parse+0x40/0x50 [ 439.357205][T11335] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 439.363589][T11335] genl_family_rcv_msg_doit+0x209/0x2f0 [ 439.369183][T11335] ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0 [ 439.375126][T11335] ? bpf_lsm_capable+0x9/0x10 [ 439.379824][T11335] ? security_capable+0x89/0xb0 [ 439.384731][T11335] genl_rcv_msg+0x60b/0x790 [ 439.389288][T11335] ? genl_bind+0x360/0x360 [ 439.393740][T11335] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 439.400110][T11335] ? trace_event_raw_event_lock_acquire+0x2a0/0x2a0 [ 439.406730][T11335] ? ref_tracker_free+0x634/0x7d0 [ 439.411787][T11335] netlink_rcv_skb+0x216/0x480 [ 439.416583][T11335] ? genl_bind+0x360/0x360 [ 439.421050][T11335] ? netlink_ack+0x1110/0x1110 [ 439.425885][T11335] ? __lock_acquire+0x7c80/0x7c80 [ 439.430971][T11335] ? down_read+0x1ac/0x2e0 [ 439.435521][T11335] genl_rcv+0x28/0x40 [ 439.439538][T11335] netlink_unicast+0x751/0x8d0 [ 439.444352][T11335] netlink_sendmsg+0x8c1/0xbe0 [ 439.449172][T11335] ? netlink_getsockopt+0x580/0x580 [ 439.454410][T11335] ? aa_sock_msg_perm+0x94/0x150 [ 439.459378][T11335] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 439.464704][T11335] ? security_socket_sendmsg+0x80/0xa0 [ 439.470192][T11335] ? netlink_getsockopt+0x580/0x580 [ 439.475419][T11335] ____sys_sendmsg+0x5bf/0x950 [ 439.480232][T11335] ? __asan_memset+0x22/0x40 [ 439.484860][T11335] ? __sys_sendmsg_sock+0x30/0x30 [ 439.489935][T11335] ? __import_iovec+0x5f2/0x860 [ 439.494851][T11335] ? import_iovec+0x73/0xa0 [ 439.499405][T11335] ___sys_sendmsg+0x220/0x290 [ 439.504136][T11335] ? __sys_sendmsg+0x270/0x270 [ 439.509030][T11335] __se_sys_sendmsg+0x1a5/0x270 [ 439.513919][T11335] ? __x64_sys_sendmsg+0x80/0x80 [ 439.518915][T11335] ? lockdep_hardirqs_on+0x98/0x150 [ 439.524151][T11335] do_syscall_64+0x55/0xb0 [ 439.528591][T11335] ? clear_bhb_loop+0x40/0x90 [ 439.533306][T11335] ? clear_bhb_loop+0x40/0x90 [ 439.538027][T11335] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 439.543950][T11335] RIP: 0033:0x7ff388d8e9a9 [ 439.548409][T11335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 439.568047][T11335] RSP: 002b:00007ff389c2e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 439.576488][T11335] RAX: ffffffffffffffda RBX: 00007ff388fb5fa0 RCX: 00007ff388d8e9a9 [ 439.584481][T11335] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 439.592473][T11335] RBP: 00007ff388e10d69 R08: 0000000000000000 R09: 0000000000000000 [ 439.600463][T11335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 439.608457][T11335] R13: 0000000000000000 R14: 00007ff388fb5fa0 R15: 00007ffc74e7c178 [ 439.616480][T11335] [ 439.737480][T11339] netlink: 'syz.3.2210': attribute type 10 has an invalid length. [ 439.746782][T11339] veth1_macvtap: left allmulticast mode [ 439.757121][T11339] veth1_macvtap: left promiscuous mode [ 439.944911][ T5787] Bluetooth: hci2: unexpected subevent 0x0a length: 150 > 30 [ 439.953684][ T5787] Bluetooth: hci2: Invalid handle: 0x85b0 > 0x0eff [ 439.998896][T11350] syzkaller0: entered promiscuous mode [ 440.004687][T11350] syzkaller0: entered allmulticast mode [ 440.331134][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.337514][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.727293][T11371] netlink: 'syz.1.2219': attribute type 10 has an invalid length. [ 440.767002][T11371] netlink: 'syz.1.2219': attribute type 10 has an invalid length. [ 440.782191][T11371] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2219'. [ 440.808292][T11362] syzkaller0: entered promiscuous mode [ 440.822366][T11362] syzkaller0: entered allmulticast mode [ 440.965715][ T5787] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10 [ 441.050319][T11373] syzkaller0: entered promiscuous mode [ 441.077113][T11373] syzkaller0: entered allmulticast mode [ 442.847213][T11380] netlink: 'syz.2.2223': attribute type 10 has an invalid length. [ 442.896049][T11384] netlink: 61211 bytes leftover after parsing attributes in process `syz.1.2226'. [ 443.018470][ T5787] Bluetooth: hci2: command 0x0406 tx timeout [ 444.781981][T11414] netlink: 'syz.0.2235': attribute type 39 has an invalid length. [ 445.110021][T11429] netlink: 'syz.1.2240': attribute type 10 has an invalid length. [ 445.209104][T11431] netlink: 'syz.0.2239': attribute type 10 has an invalid length. [ 445.224613][T11438] netlink: 'syz.0.2239': attribute type 10 has an invalid length. [ 445.237154][T11438] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2239'. [ 445.332373][T11437] pim6reg1: entered promiscuous mode [ 445.348366][T11437] pim6reg1: entered allmulticast mode [ 445.750751][T11457] netlink: 'syz.1.2249': attribute type 39 has an invalid length. [ 446.083227][T11464] wg2: entered promiscuous mode [ 446.091650][T11464] wg2: entered allmulticast mode [ 446.239840][T11469] netlink: 'syz.2.2254': attribute type 10 has an invalid length. [ 446.297185][T11469] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 446.307262][T11469] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 446.317417][T11470] netlink: 'syz.0.2253': attribute type 10 has an invalid length. [ 446.392997][T11474] bridge0: port 1(bridge_slave_0) entered disabled state [ 446.409198][T11466] netlink: 'syz.2.2254': attribute type 10 has an invalid length. [ 446.419742][T11466] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2254'. [ 446.432028][T11466] batadv0: entered promiscuous mode [ 446.437306][T11466] batadv0: entered allmulticast mode [ 446.450208][T11466] bond0: (slave batadv0): Releasing backup interface [ 446.470915][T11466] bridge0: port 3(batadv0) entered blocking state [ 446.484314][T11466] bridge0: port 3(batadv0) entered disabled state [ 446.710719][T11475] bridge0: port 1(bridge_slave_0) entered blocking state [ 446.717980][T11475] bridge0: port 1(bridge_slave_0) entered listening state [ 446.790161][ T48] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 446.799952][ T48] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 446.826278][T11485] pim6reg1: entered promiscuous mode [ 446.847584][T11485] pim6reg1: entered allmulticast mode [ 447.981175][T11511] netlink: 'syz.3.2267': attribute type 10 has an invalid length. [ 448.323642][T11524] netlink: 'syz.3.2268': attribute type 10 has an invalid length. [ 448.369495][T11521] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2268'. [ 449.516216][T11550] wg2: entered promiscuous mode [ 449.521490][T11550] wg2: entered allmulticast mode [ 449.744688][T11559] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2287'. [ 450.082739][T11564] bridge0: port 1(bridge_slave_0) entered disabled state [ 450.164396][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 450.171714][ T11] bridge0: port 1(bridge_slave_0) entered listening state [ 451.419354][T11593] bridge0: port 1(bridge_slave_0) entered disabled state [ 451.462212][T11593] bridge0: port 1(bridge_slave_0) entered blocking state [ 451.469547][T11593] bridge0: port 1(bridge_slave_0) entered listening state [ 452.566673][ T5787] Bluetooth: hci3: unexpected subevent 0x0a length: 150 > 30 [ 452.574364][ T5787] Bluetooth: hci3: Invalid handle: 0x85b0 > 0x0eff [ 455.169700][T11672] syzkaller0: entered promiscuous mode [ 455.195328][T11672] syzkaller0: entered allmulticast mode [ 459.321870][T11748] netlink: 194488 bytes leftover after parsing attributes in process `syz.3.2356'. [ 459.938777][T11756] syzkaller0: entered promiscuous mode [ 459.977228][T11756] syzkaller0: entered allmulticast mode [ 460.100203][T11760] syzkaller0: entered allmulticast mode [ 460.114522][T11760] syzkaller0: entered promiscuous mode [ 460.120595][T11760] syzkaller0: left allmulticast mode [ 460.434249][T11773] syzkaller0: entered promiscuous mode [ 460.470116][T11773] syzkaller0: entered allmulticast mode [ 461.394599][T11797] syzkaller0: entered allmulticast mode [ 461.461201][T11797] syzkaller0: entered promiscuous mode [ 461.466752][T11797] syzkaller0: left allmulticast mode [ 461.469188][T11800] netlink: 194488 bytes leftover after parsing attributes in process `syz.1.2371'. [ 461.657523][T11803] syzkaller0: entered promiscuous mode [ 461.673930][T11803] syzkaller0: entered allmulticast mode [ 462.059228][ C1] bridge0: port 1(bridge_slave_0) entered learning state [ 462.627320][T11834] netlink: 194488 bytes leftover after parsing attributes in process `syz.2.2385'. [ 462.821012][T11840] syzkaller0: entered allmulticast mode [ 462.878638][T11840] syzkaller0: entered promiscuous mode [ 462.890358][T11840] syzkaller0: left allmulticast mode [ 463.266102][T11857] bridge0: port 2(bridge_slave_1) entered disabled state [ 463.273589][T11857] bridge0: port 1(bridge_slave_0) entered disabled state [ 463.362446][T11857] bridge0: entered allmulticast mode [ 463.502242][T11860] bridge0: port 3(batadv0) entered disabled state [ 463.517044][T11860] bridge_slave_1: left allmulticast mode [ 463.523151][T11860] bridge_slave_1: left promiscuous mode [ 463.529609][T11860] bridge0: port 2(bridge_slave_1) entered disabled state [ 463.539046][T11860] bridge_slave_0: left allmulticast mode [ 463.545095][T11860] bridge_slave_0: left promiscuous mode [ 463.551406][T11860] bridge0: port 1(bridge_slave_0) entered disabled state [ 463.645171][T11867] validate_nla: 3 callbacks suppressed [ 463.645184][T11867] netlink: 'syz.0.2399': attribute type 10 has an invalid length. [ 463.659680][T11867] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2399'. [ 463.671108][T11867] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 464.661044][T11902] netlink: 'syz.1.2413': attribute type 10 has an invalid length. [ 464.674801][T11902] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2413'. [ 464.709894][T11902] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 465.017245][T11913] netlink: 'syz.2.2417': attribute type 39 has an invalid length. [ 465.257934][ C1] bridge0: port 1(bridge_slave_0) entered learning state [ 465.510945][T11924] syzkaller0: entered promiscuous mode [ 465.516496][T11924] syzkaller0: entered allmulticast mode [ 466.542098][ C0] bridge0: port 1(bridge_slave_0) entered learning state [ 467.610534][T11934] netlink: 'syz.2.2425': attribute type 10 has an invalid length. [ 467.620030][T11934] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2425'. [ 467.633726][T11934] batman_adv: batadv0: Adding interface: virt_wifi0 [ 467.640773][T11934] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 467.666691][T11934] batman_adv: batadv0: Interface activated: virt_wifi0 [ 468.851114][T11966] Dead loop on virtual device ip6_vti0, fix it urgently! [ 468.985635][T11972] syzkaller0: entered allmulticast mode [ 469.004351][T11972] syzkaller0: entered promiscuous mode [ 469.020285][T11972] syzkaller0: left allmulticast mode [ 469.096396][T11976] bond_slave_1: mtu less than device minimum [ 469.331161][T11979] syzkaller0: entered allmulticast mode [ 471.474989][T12063] syzkaller0: entered allmulticast mode [ 472.033662][T12078] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.2460'. [ 472.063418][T12078] netlink: 6324 bytes leftover after parsing attributes in process `syz.2.2460'. [ 472.075819][T12078] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2460'. [ 472.144069][T12080] syz.3.2461: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 472.160027][T12080] CPU: 1 PID: 12080 Comm: syz.3.2461 Not tainted 6.6.99-syzkaller #0 [ 472.168163][T12080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 472.178275][T12080] Call Trace: [ 472.181619][T12080] [ 472.184613][T12080] dump_stack_lvl+0x16c/0x230 [ 472.189350][T12080] ? show_regs_print_info+0x20/0x20 [ 472.194595][T12080] ? load_image+0x3b0/0x3b0 [ 472.199177][T12080] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 472.205654][T12080] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 472.212208][T12080] warn_alloc+0x210/0x300 [ 472.216678][T12080] ? stack_trace_save+0x9c/0xe0 [ 472.221585][T12080] ? zone_watermark_ok_safe+0x230/0x230 [ 472.227219][T12080] ? kasan_set_track+0x5f/0x70 [ 472.232014][T12080] ? kasan_set_track+0x4e/0x70 [ 472.236817][T12080] ? __kasan_kmalloc+0x8f/0xa0 [ 472.241615][T12080] ? xsk_init_queue+0xb0/0x110 [ 472.246421][T12080] ? xsk_setsockopt+0x4db/0x6f0 [ 472.251310][T12080] ? do_sock_setsockopt+0x175/0x1a0 [ 472.256548][T12080] ? __x64_sys_setsockopt+0x184/0x200 [ 472.262004][T12080] __vmalloc_node_range+0x126/0x1320 [ 472.267458][T12080] ? free_vm_area+0x50/0x50 [ 472.272051][T12080] vmalloc_user+0x74/0x80 [ 472.276429][T12080] ? xskq_create+0xbf/0x170 [ 472.280974][T12080] xskq_create+0xbf/0x170 [ 472.285361][T12080] xsk_init_queue+0xb0/0x110 [ 472.290021][T12080] xsk_setsockopt+0x4db/0x6f0 [ 472.294760][T12080] ? xsk_poll+0x670/0x670 [ 472.299148][T12080] ? __fget_files+0x28/0x4d0 [ 472.303790][T12080] ? aa_sock_opt_perm+0x74/0x100 [ 472.308774][T12080] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 472.314351][T12080] ? security_socket_setsockopt+0x7e/0xa0 [ 472.320098][T12080] ? xsk_poll+0x670/0x670 [ 472.324479][T12080] do_sock_setsockopt+0x175/0x1a0 [ 472.329553][T12080] ? __fdget+0x180/0x210 [ 472.333844][T12080] __x64_sys_setsockopt+0x184/0x200 [ 472.339192][T12080] do_syscall_64+0x55/0xb0 [ 472.343653][T12080] ? clear_bhb_loop+0x40/0x90 [ 472.348364][T12080] ? clear_bhb_loop+0x40/0x90 [ 472.353075][T12080] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 472.359013][T12080] RIP: 0033:0x7f3e74d8e9a9 [ 472.363466][T12080] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 472.383153][T12080] RSP: 002b:00007f3e75c60038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 472.391713][T12080] RAX: ffffffffffffffda RBX: 00007f3e74fb5fa0 RCX: 00007f3e74d8e9a9 [ 472.399721][T12080] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000006 [ 472.407718][T12080] RBP: 00007f3e74e10d69 R08: 0000000000000004 R09: 0000000000000000 [ 472.415722][T12080] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 472.423727][T12080] R13: 0000000000000000 R14: 00007f3e74fb5fa0 R15: 00007ffd3226cb98 [ 472.431788][T12080] [ 472.448343][T12080] Mem-Info: [ 472.458675][T12080] active_anon:31324 inactive_anon:0 isolated_anon:0 [ 472.458675][T12080] active_file:18492 inactive_file:39968 isolated_file:0 [ 472.458675][T12080] unevictable:768 dirty:251 writeback:0 [ 472.458675][T12080] slab_reclaimable:10185 slab_unreclaimable:96252 [ 472.458675][T12080] mapped:23749 shmem:1361 pagetables:458 [ 472.458675][T12080] sec_pagetables:0 bounce:0 [ 472.458675][T12080] kernel_misc_reclaimable:0 [ 472.458675][T12080] free:1314199 free_pcp:12938 free_cma:0 [ 472.597377][T12080] Node 0 active_anon:125196kB inactive_anon:0kB active_file:73968kB inactive_file:159668kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:94996kB dirty:1004kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10684kB pagetables:1832kB sec_pagetables:0kB all_unreclaimable? no [ 472.658469][T12080] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 472.725212][T12080] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 472.809175][T12080] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 472.815157][T12080] Node 0 DMA32 free:1349196kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:125044kB inactive_anon:0kB active_file:73968kB inactive_file:158356kB unevictable:1536kB writepending:1004kB present:3129332kB managed:2589600kB mlocked:0kB bounce:0kB free_pcp:32700kB local_pcp:12244kB free_cma:0kB [ 472.858777][T12081] __sock_release: fasync list not empty! [ 472.877569][T12080] lowmem_reserve[]: 0 0 1 1 1 [ 472.882741][T12080] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 472.942058][T12080] lowmem_reserve[]: 0 0 0 0 0 [ 472.946987][T12080] Node 1 Normal free:3892228kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:20064kB local_pcp:8768kB free_cma:0kB [ 473.001427][T12080] lowmem_reserve[]: 0 0 0 0 0 [ 473.006848][T12080] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 473.021341][T12084] syzkaller0: entered promiscuous mode [ 473.022401][T12080] Node 0 [ 473.026854][T12084] syzkaller0: entered allmulticast mode [ 473.035734][T12080] DMA32: 1419*4kB (UM) 848*8kB (UME) 726*16kB (UM) 460*32kB (UME) 187*64kB (UME) 32*128kB (UME) 68*256kB (UME) 70*512kB (UM) 36*1024kB (UM) 14*2048kB (ME) 287*4096kB (M) = 1349196kB [ 473.054440][T12080] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 473.067878][T12080] Node 1 Normal: 243*4kB (UME) 59*8kB (UME) 44*16kB (UME) 109*32kB (UME) 42*64kB (UME) 11*128kB (UME) 2*256kB (ME) 0*512kB 1*1024kB (E) 1*2048kB (E) 947*4096kB (UM) = 3892228kB [ 473.086153][T12080] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 473.095867][T12080] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 473.105300][T12080] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 473.115211][T12080] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 473.124672][T12080] 59820 total pagecache pages [ 473.129696][T12080] 0 pages in swap cache [ 473.133896][T12080] Free swap = 124996kB [ 473.138277][T12080] Total swap = 124996kB [ 473.142952][T12080] 2097051 pages RAM [ 473.146808][T12080] 0 pages HighMem/MovableOnly [ 473.151677][T12080] 416137 pages reserved [ 473.155880][T12080] 0 pages cma reserved [ 473.529540][T12095] __sock_release: fasync list not empty! [ 474.424045][T12113] syzkaller0: entered promiscuous mode [ 474.431472][T12113] syzkaller0: entered allmulticast mode [ 476.372123][T12126] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.2478'. [ 476.388985][T12126] netlink: 6324 bytes leftover after parsing attributes in process `syz.1.2478'. [ 476.398855][T12126] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2478'. [ 476.619977][T12131] __sock_release: fasync list not empty! [ 477.417912][ C1] bridge0: port 1(bridge_slave_0) entered forwarding state [ 477.425281][ C1] bridge0: topology change detected, propagating [ 478.102239][T12154] syzkaller0: entered promiscuous mode [ 478.118917][T12154] syzkaller0: entered allmulticast mode [ 478.301750][T12162] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.2495'. [ 478.323348][T12162] netlink: 6324 bytes leftover after parsing attributes in process `syz.3.2495'. [ 478.357127][T12162] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2495'. [ 478.693730][T12170] syzkaller0: entered promiscuous mode [ 478.699546][T12170] syzkaller0: entered allmulticast mode [ 480.617908][ C1] bridge0: port 1(bridge_slave_0) entered forwarding state [ 480.625292][ C1] bridge0: topology change detected, propagating [ 481.898010][ C0] bridge0: port 1(bridge_slave_0) entered forwarding state [ 481.905318][ C0] bridge0: topology change detected, propagating [ 483.951865][T12196] warn_alloc: 1 callbacks suppressed [ 483.951882][T12196] syz.0.2507: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 483.979094][T12196] CPU: 0 PID: 12196 Comm: syz.0.2507 Not tainted 6.6.99-syzkaller #0 [ 483.987248][T12196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 483.997342][T12196] Call Trace: [ 484.000663][T12196] [ 484.003717][T12196] dump_stack_lvl+0x16c/0x230 [ 484.008493][T12196] ? show_regs_print_info+0x20/0x20 [ 484.013749][T12196] ? load_image+0x3b0/0x3b0 [ 484.018315][T12196] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 484.024780][T12196] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 484.031335][T12196] warn_alloc+0x210/0x300 [ 484.035800][T12196] ? stack_trace_save+0x9c/0xe0 [ 484.040697][T12196] ? zone_watermark_ok_safe+0x230/0x230 [ 484.046323][T12196] ? kasan_set_track+0x5f/0x70 [ 484.051136][T12196] ? kasan_set_track+0x4e/0x70 [ 484.055932][T12196] ? __kasan_kmalloc+0x8f/0xa0 [ 484.060738][T12196] ? xsk_init_queue+0xb0/0x110 [ 484.065542][T12196] ? xsk_setsockopt+0x4db/0x6f0 [ 484.070446][T12196] ? do_sock_setsockopt+0x175/0x1a0 [ 484.075685][T12196] ? __x64_sys_setsockopt+0x184/0x200 [ 484.081113][T12196] __vmalloc_node_range+0x126/0x1320 [ 484.086530][T12196] ? free_vm_area+0x50/0x50 [ 484.091105][T12196] vmalloc_user+0x74/0x80 [ 484.095476][T12196] ? xskq_create+0xbf/0x170 [ 484.100032][T12196] xskq_create+0xbf/0x170 [ 484.104410][T12196] xsk_init_queue+0xb0/0x110 [ 484.109055][T12196] xsk_setsockopt+0x4db/0x6f0 [ 484.113784][T12196] ? xsk_poll+0x670/0x670 [ 484.118172][T12196] ? __fget_files+0x28/0x4d0 [ 484.122802][T12196] ? aa_sock_opt_perm+0x74/0x100 [ 484.127884][T12196] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 484.133485][T12196] ? security_socket_setsockopt+0x7e/0xa0 [ 484.139257][T12196] ? xsk_poll+0x670/0x670 [ 484.143636][T12196] do_sock_setsockopt+0x175/0x1a0 [ 484.148709][T12196] ? __fdget+0x180/0x210 [ 484.153008][T12196] __x64_sys_setsockopt+0x184/0x200 [ 484.158264][T12196] do_syscall_64+0x55/0xb0 [ 484.162717][T12196] ? clear_bhb_loop+0x40/0x90 [ 484.167440][T12196] ? clear_bhb_loop+0x40/0x90 [ 484.172153][T12196] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 484.178096][T12196] RIP: 0033:0x7f49a038e9a9 [ 484.182555][T12196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 484.202470][T12196] RSP: 002b:00007f49a117d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 484.210940][T12196] RAX: ffffffffffffffda RBX: 00007f49a05b5fa0 RCX: 00007f49a038e9a9 [ 484.218954][T12196] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000006 [ 484.226988][T12196] RBP: 00007f49a0410d69 R08: 0000000000000004 R09: 0000000000000000 [ 484.235003][T12196] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 484.243037][T12196] R13: 0000000000000000 R14: 00007f49a05b5fa0 R15: 00007ffe3b471e98 [ 484.251088][T12196] [ 484.290219][T12196] Mem-Info: [ 484.293731][T12196] active_anon:31184 inactive_anon:0 isolated_anon:0 [ 484.293731][T12196] active_file:18492 inactive_file:39974 isolated_file:0 [ 484.293731][T12196] unevictable:768 dirty:140 writeback:0 [ 484.293731][T12196] slab_reclaimable:10149 slab_unreclaimable:97676 [ 484.293731][T12196] mapped:23655 shmem:1361 pagetables:460 [ 484.293731][T12196] sec_pagetables:0 bounce:0 [ 484.293731][T12196] kernel_misc_reclaimable:0 [ 484.293731][T12196] free:1316224 free_pcp:9348 free_cma:0 [ 484.356421][T12196] Node 0 active_anon:124876kB inactive_anon:0kB active_file:73968kB inactive_file:159692kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:94692kB dirty:588kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10672kB pagetables:1868kB sec_pagetables:0kB all_unreclaimable? no [ 484.438196][T12196] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 484.497900][T12196] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 484.534755][T12196] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 484.542368][T12196] Node 0 DMA32 free:1357296kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:125024kB inactive_anon:0kB active_file:73968kB inactive_file:158380kB unevictable:1536kB writepending:588kB present:3129332kB managed:2589600kB mlocked:0kB bounce:0kB free_pcp:17112kB local_pcp:12164kB free_cma:0kB [ 484.574089][T12196] lowmem_reserve[]: 0 0 1 1 1 [ 484.580303][T12196] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 484.671720][T12196] lowmem_reserve[]: 0 0 0 0 0 [ 484.676627][T12196] Node 1 Normal free:3892228kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:20064kB local_pcp:11296kB free_cma:0kB [ 484.797475][T12196] lowmem_reserve[]: 0 0 0 0 0 [ 484.840421][T12196] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 484.963129][T12196] Node 0 DMA32: 227*4kB (UME) 181*8kB (ME) 580*16kB (UME) 710*32kB (UME) 277*64kB (UME) 67*128kB (UME) 72*256kB (UME) 70*512kB (UM) 35*1024kB (UM) 13*2048kB (ME) 288*4096kB (M) = 1357044kB [ 485.087025][T12207] netlink: 209820 bytes leftover after parsing attributes in process `syz.1.2511'. [ 485.098113][T12196] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 485.150155][T12196] Node 1 Normal: 243*4kB (UME) 59*8kB (UME) 44*16kB (UME) 109*32kB (UME) 42*64kB (UME) 11*128kB (UME) 2*256kB (ME) 0*512kB 1*1024kB (E) 1*2048kB (E) 947*4096kB (UM) = 3892228kB [ 485.179153][T12196] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 485.189057][T12196] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 485.198900][T12196] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 485.208987][T12196] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 485.219258][T12196] 59827 total pagecache pages [ 485.224032][T12196] 0 pages in swap cache [ 485.229050][T12196] Free swap = 124996kB [ 485.233397][T12196] Total swap = 124996kB [ 485.237648][T12196] 2097051 pages RAM [ 485.241659][T12196] 0 pages HighMem/MovableOnly [ 485.247115][T12196] 416137 pages reserved [ 485.251908][T12196] 0 pages cma reserved [ 485.453700][ T5102] Bluetooth: hci0: unexpected subevent 0x0c length: 150 > 5 [ 486.122776][T12232] syzkaller0: entered promiscuous mode [ 486.129680][T12232] syzkaller0: entered allmulticast mode [ 486.674379][T12242] netlink: 209820 bytes leftover after parsing attributes in process `syz.3.2526'. [ 489.648927][ T5102] Bluetooth: hci3: unexpected subevent 0x0c length: 150 > 5 [ 489.733487][T12282] netlink: 209820 bytes leftover after parsing attributes in process `syz.0.2537'. [ 489.992946][T12288] syzkaller0: entered promiscuous mode [ 490.006669][T12288] syzkaller0: entered allmulticast mode [ 493.051402][T12305] netlink: 'syz.0.2549': attribute type 10 has an invalid length. [ 493.068163][T12305] bridge0: port 2(bridge_slave_1) entered disabled state [ 493.078858][T12305] bridge_slave_1: left allmulticast mode [ 493.084557][T12305] bridge_slave_1: left promiscuous mode [ 493.092432][T12305] bridge0: port 2(bridge_slave_1) entered disabled state [ 493.107655][T12305] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 493.234627][ T5102] Bluetooth: hci1: unexpected subevent 0x0c length: 150 > 5 [ 493.245099][T12319] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.545600][T12326] team0: Port device team_slave_0 removed [ 493.560472][T12326] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 494.162946][T12332] netlink: 'syz.2.2562': attribute type 10 has an invalid length. [ 495.448804][T12350] netlink: 'syz.0.2575': attribute type 29 has an invalid length. [ 495.465459][T12350] netlink: 'syz.0.2575': attribute type 29 has an invalid length. [ 495.592007][T12352] syzkaller0: entered promiscuous mode [ 495.597659][T12352] syzkaller0: entered allmulticast mode [ 495.618497][T12354] netlink: 'syz.3.2567': attribute type 10 has an invalid length. [ 495.661029][T12354] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.678486][T12354] bridge_slave_1: left allmulticast mode [ 495.684705][T12354] bridge_slave_1: left promiscuous mode [ 495.691026][T12354] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.731686][T12354] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 499.348427][T12364] team0: Port device team_slave_0 removed [ 499.354602][T12364] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 499.383363][T12381] netlink: 'syz.1.2578': attribute type 10 has an invalid length. [ 499.441169][T12381] veth0_vlan: left promiscuous mode [ 499.470314][T12381] veth0_vlan: entered promiscuous mode [ 499.493029][T12381] team0: Device veth0_vlan failed to register rx_handler [ 499.745990][T12392] netlink: 'syz.1.2581': attribute type 10 has an invalid length. [ 499.754212][T12391] netlink: 'syz.3.2580': attribute type 29 has an invalid length. [ 499.773483][T12392] bridge0: port 2(bridge_slave_1) entered disabled state [ 499.809508][T12392] bridge_slave_1: left allmulticast mode [ 499.820475][T12392] bridge_slave_1: left promiscuous mode [ 499.826531][T12392] bridge0: port 2(bridge_slave_1) entered disabled state [ 499.842561][T12392] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 499.852638][T12391] netlink: 'syz.3.2580': attribute type 29 has an invalid length. [ 501.038138][T12408] syzkaller0: entered promiscuous mode [ 501.043692][T12408] syzkaller0: entered allmulticast mode [ 501.543145][T12425] netlink: 'syz.1.2596': attribute type 29 has an invalid length. [ 501.762884][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.769641][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.851765][T12416] netlink: 'syz.0.2592': attribute type 10 has an invalid length. [ 502.899428][T12416] veth0_vlan: left promiscuous mode [ 502.919633][T12416] veth0_vlan: entered promiscuous mode [ 502.941843][T12416] team0: Device veth0_vlan failed to register rx_handler [ 502.996539][T12423] netlink: 'syz.2.2597': attribute type 10 has an invalid length. [ 503.024661][T12423] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 503.049052][T12425] netlink: 'syz.1.2596': attribute type 29 has an invalid length. [ 503.152727][T12430] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 503.238062][ C1] [ 503.240439][ C1] ====================================================== [ 503.247456][ C1] WARNING: possible circular locking dependency detected [ 503.254480][ C1] 6.6.99-syzkaller #0 Not tainted [ 503.259501][ C1] ------------------------------------------------------ [ 503.266520][ C1] syz-executor/5790 is trying to acquire lock: [ 503.272662][ C1] ffff8880718dda38 (&trie->lock){-.-.}-{2:2}, at: trie_delete_elem+0x96/0x6a0 [ 503.281557][ C1] [ 503.281557][ C1] but task is already holding lock: [ 503.288909][ C1] ffffffff970b1330 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_deactivate+0x67/0x350 [ 503.298909][ C1] [ 503.298909][ C1] which lock already depends on the new lock. [ 503.298909][ C1] [ 503.309304][ C1] [ 503.309304][ C1] the existing dependency chain (in reverse order) is: [ 503.318314][ C1] [ 503.318314][ C1] -> #1 (&obj_hash[i].lock){-.-.}-{2:2}: [ 503.326137][ C1] _raw_spin_lock_irqsave+0xa8/0xf0 [ 503.331859][ C1] debug_check_no_obj_freed+0x13a/0x540 [ 503.337966][ C1] slab_free_freelist_hook+0xd2/0x1b0 [ 503.343859][ C1] __kmem_cache_free+0xba/0x1f0 [ 503.349241][ C1] trie_update_elem+0x6d1/0xea0 [ 503.354737][ C1] bpf_map_update_value+0x660/0x720 [ 503.360473][ C1] map_update_elem+0x57b/0x700 [ 503.365757][ C1] __sys_bpf+0x652/0x800 [ 503.370515][ C1] __x64_sys_bpf+0x7c/0x90 [ 503.375450][ C1] do_syscall_64+0x55/0xb0 [ 503.380396][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 503.386815][ C1] [ 503.386815][ C1] -> #0 (&trie->lock){-.-.}-{2:2}: [ 503.394109][ C1] __lock_acquire+0x2ddb/0x7c80 [ 503.399476][ C1] lock_acquire+0x197/0x410 [ 503.404492][ C1] _raw_spin_lock_irqsave+0xa8/0xf0 [ 503.410206][ C1] trie_delete_elem+0x96/0x6a0 [ 503.415487][ C1] bpf_prog_ae0c3e605f35524c+0x45/0x49 [ 503.421460][ C1] bpf_trace_run2+0x1d1/0x3c0 [ 503.426676][ C1] __bpf_trace_contention_end+0xdd/0x130 [ 503.432840][ C1] trace_contention_end+0xe6/0x110 [ 503.438471][ C1] __pv_queued_spin_lock_slowpath+0x7ec/0x9d0 [ 503.445054][ C1] do_raw_spin_lock+0x24e/0x2c0 [ 503.450431][ C1] _raw_spin_lock_irqsave+0xb4/0xf0 [ 503.456156][ C1] debug_object_deactivate+0x67/0x350 [ 503.462050][ C1] rcu_core+0xc4a/0x1720 [ 503.466804][ C1] handle_softirqs+0x280/0x820 [ 503.472078][ C1] __irq_exit_rcu+0xc7/0x190 [ 503.477189][ C1] irq_exit_rcu+0x9/0x20 [ 503.481941][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 503.488105][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 503.494605][ C1] __sanitizer_cov_trace_const_cmp8+0x36/0x80 [ 503.501205][ C1] copy_page_range+0x1186/0x3600 [ 503.506672][ C1] copy_mm+0x1124/0x1c20 [ 503.511461][ C1] copy_process+0x16d3/0x3d70 [ 503.516650][ C1] kernel_clone+0x21b/0x840 [ 503.521662][ C1] __x64_sys_clone+0x18c/0x1e0 [ 503.526952][ C1] do_syscall_64+0x55/0xb0 [ 503.531883][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 503.538302][ C1] [ 503.538302][ C1] other info that might help us debug this: [ 503.538302][ C1] [ 503.548521][ C1] Possible unsafe locking scenario: [ 503.548521][ C1] [ 503.555956][ C1] CPU0 CPU1 [ 503.561309][ C1] ---- ---- [ 503.566661][ C1] lock(&obj_hash[i].lock); [ 503.571263][ C1] lock(&trie->lock); [ 503.577846][ C1] lock(&obj_hash[i].lock); [ 503.584967][ C1] lock(&trie->lock); [ 503.589024][ C1] [ 503.589024][ C1] *** DEADLOCK *** [ 503.589024][ C1] [ 503.597149][ C1] 9 locks held by syz-executor/5790: [ 503.602420][ C1] #0: ffffffff8cdd2130 (dup_mmap_sem){++++}-{0:0}, at: copy_mm+0x266/0x1c20 [ 503.611285][ C1] #1: ffff88802c815720 (&mm->mmap_lock){++++}-{3:3}, at: copy_mm+0x281/0x1c20 [ 503.620243][ C1] #2: ffff888079558b20 (&mm->mmap_lock/1){+.+.}-{3:3}, at: copy_mm+0x3be/0x1c20 [ 503.629374][ C1] #3: ffffffff8cd2fba0 (rcu_read_lock){....}-{1:2}, at: __pte_offset_map+0x2c/0x2c0 [ 503.638835][ C1] #4: ffff88802e04c6d8 (ptlock_ptr(ptdesc)#2){+.+.}-{2:2}, at: __pte_offset_map_lock+0x107/0x1e0 [ 503.649439][ C1] #5: ffffffff8cd2fba0 (rcu_read_lock){....}-{1:2}, at: __pte_offset_map+0x2c/0x2c0 [ 503.658937][ C1] #6: ffff8880793e1d38 (ptlock_ptr(ptdesc)#2/1){+.+.}-{2:2}, at: copy_page_range+0xf72/0x3600 [ 503.669304][ C1] #7: ffffffff970b1330 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_deactivate+0x67/0x350 [ 503.679757][ C1] #8: ffffffff8cd2fba0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0xde/0x3c0 [ 503.689060][ C1] [ 503.689060][ C1] stack backtrace: [ 503.694937][ C1] CPU: 1 PID: 5790 Comm: syz-executor Not tainted 6.6.99-syzkaller #0 [ 503.703084][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 503.713155][ C1] Call Trace: [ 503.716434][ C1] [ 503.719285][ C1] dump_stack_lvl+0x16c/0x230 [ 503.723959][ C1] ? load_image+0x3b0/0x3b0 [ 503.728550][ C1] ? show_regs_print_info+0x20/0x20 [ 503.733750][ C1] ? print_circular_bug+0x12b/0x1a0 [ 503.738951][ C1] check_noncircular+0x2bd/0x3c0 [ 503.743887][ C1] ? print_deadlock_bug+0x5d0/0x5d0 [ 503.749081][ C1] ? lockdep_lock+0xe0/0x220 [ 503.753668][ C1] ? _find_first_zero_bit+0xd3/0x100 [ 503.758956][ C1] __lock_acquire+0x2ddb/0x7c80 [ 503.763811][ C1] ? mark_lock+0x94/0x320 [ 503.768138][ C1] ? verify_lock_unused+0x140/0x140 [ 503.773333][ C1] ? __lock_acquire+0x1260/0x7c80 [ 503.778360][ C1] lock_acquire+0x197/0x410 [ 503.782865][ C1] ? trie_delete_elem+0x96/0x6a0 [ 503.787821][ C1] ? mark_lock+0x94/0x320 [ 503.792162][ C1] ? read_lock_is_recursive+0x20/0x20 [ 503.797542][ C1] _raw_spin_lock_irqsave+0xa8/0xf0 [ 503.802748][ C1] ? trie_delete_elem+0x96/0x6a0 [ 503.807691][ C1] ? _raw_spin_lock+0x40/0x40 [ 503.812381][ C1] ? deref_stack_reg+0x1bd/0x240 [ 503.817327][ C1] trie_delete_elem+0x96/0x6a0 [ 503.822091][ C1] ? __cant_sleep+0x210/0x210 [ 503.826772][ C1] ? mark_lock+0x94/0x320 [ 503.831101][ C1] bpf_prog_ae0c3e605f35524c+0x45/0x49 [ 503.836559][ C1] bpf_trace_run2+0x1d1/0x3c0 [ 503.841234][ C1] ? stack_trace_save+0xe0/0xe0 [ 503.846085][ C1] ? bpf_trace_run2+0xde/0x3c0 [ 503.850844][ C1] ? bpf_trace_run1+0x3b0/0x3b0 [ 503.855693][ C1] ? __bpf_trace_contention_end+0xce/0x130 [ 503.861503][ C1] __bpf_trace_contention_end+0xdd/0x130 [ 503.867144][ C1] ? __bpf_trace_contention_begin+0x130/0x130 [ 503.873216][ C1] ? verify_lock_unused+0x140/0x140 [ 503.878414][ C1] trace_contention_end+0xe6/0x110 [ 503.883529][ C1] __pv_queued_spin_lock_slowpath+0x7ec/0x9d0 [ 503.889602][ C1] ? copy_page_range+0x1186/0x3600 [ 503.894717][ C1] ? __pv_queued_spin_unlock_slowpath+0x2a0/0x2a0 [ 503.901133][ C1] do_raw_spin_lock+0x24e/0x2c0 [ 503.905985][ C1] ? __rwlock_init+0x150/0x150 [ 503.910753][ C1] _raw_spin_lock_irqsave+0xb4/0xf0 [ 503.915957][ C1] ? _raw_spin_lock+0x40/0x40 [ 503.920638][ C1] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 503.926542][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 503.931742][ C1] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 503.937638][ C1] ? _raw_spin_unlock+0x40/0x40 [ 503.942487][ C1] ? __d_free_external+0x60/0x60 [ 503.947422][ C1] debug_object_deactivate+0x67/0x350 [ 503.952793][ C1] ? __d_free_external+0x60/0x60 [ 503.957724][ C1] ? rcu_core+0xc51/0x1720 [ 503.962150][ C1] rcu_core+0xc4a/0x1720 [ 503.966396][ C1] ? rcu_cpu_kthread_park+0x90/0x90 [ 503.971590][ C1] ? __run_timers+0x781/0x7d0 [ 503.976349][ C1] ? __run_timers+0x74e/0x7d0 [ 503.981045][ C1] ? detach_timer+0x2b0/0x2b0 [ 503.985719][ C1] ? lock_chain_count+0x20/0x20 [ 503.990572][ C1] handle_softirqs+0x280/0x820 [ 503.995332][ C1] ? __irq_exit_rcu+0xc7/0x190 [ 504.000094][ C1] ? do_softirq+0x180/0x180 [ 504.004605][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 504.009800][ C1] __irq_exit_rcu+0xc7/0x190 [ 504.014382][ C1] ? irq_exit_rcu+0x20/0x20 [ 504.018898][ C1] irq_exit_rcu+0x9/0x20 [ 504.023155][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 504.028792][ C1] [ 504.031738][ C1] [ 504.034665][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 504.040650][ C1] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x36/0x80 [ 504.047505][ C1] Code: 80 1f 7e 7e 65 8b 15 81 1f 7e 7e 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 57 83 b9 1c 16 00 00 00 74 4e 8b 91 f8 15 00 00 <83> fa 03 75 43 48 8b 91 00 16 00 00 44 8b 89 fc 15 00 00 49 c1 e1 [ 504.067107][ C1] RSP: 0018:ffffc9000465f538 EFLAGS: 00000246 [ 504.073189][ C1] RAX: ffffffff81c70986 RBX: ffff8880624bcbc8 RCX: ffff8880295c9e00 [ 504.081159][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 504.089124][ C1] RBP: ffffc9000465f850 R08: ffffffff8e4a7cef R09: 1ffffffff1c94f9d [ 504.097088][ C1] R10: dffffc0000000000 R11: fffffbfff1c94f9e R12: 0000000000000000 [ 504.105055][ C1] R13: dffffc0000000000 R14: ffffea0001adcb08 R15: ffffea0001adcb00 [ 504.113024][ C1] ? copy_page_range+0x1186/0x3600 [ 504.118140][ C1] copy_page_range+0x1186/0x3600 [ 504.123100][ C1] ? pfn_valid+0x450/0x450 [ 504.127526][ C1] ? mas_wr_store_entry+0x151/0x340 [ 504.132736][ C1] ? mas_store+0x34d/0x500 [ 504.137149][ C1] ? mas_empty_area_rev+0x1880/0x1880 [ 504.142522][ C1] ? up_write+0x1c3/0x410 [ 504.146867][ C1] ? anon_vma_interval_tree_verify+0x150/0x150 [ 504.153023][ C1] copy_mm+0x1124/0x1c20 [ 504.157266][ C1] ? copy_signal+0x680/0x680 [ 504.161883][ C1] ? lockdep_init_map_type+0xa1/0x880 [ 504.167288][ C1] ? __init_rwsem+0x122/0x160 [ 504.172048][ C1] ? copy_signal+0x556/0x680 [ 504.176630][ C1] copy_process+0x16d3/0x3d70 [ 504.181308][ C1] ? copy_process+0x945/0x3d70 [ 504.186159][ C1] ? __pidfd_prepare+0x140/0x140 [ 504.191089][ C1] ? vma_end_read+0x18/0x170 [ 504.195701][ C1] kernel_clone+0x21b/0x840 [ 504.200204][ C1] ? create_io_thread+0x140/0x140 [ 504.205234][ C1] __x64_sys_clone+0x18c/0x1e0 [ 504.210169][ C1] ? __ia32_sys_vfork+0x100/0x100 [ 504.215192][ C1] ? lock_chain_count+0x20/0x20 [ 504.220038][ C1] ? lock_chain_count+0x20/0x20 [ 504.224900][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 504.230098][ C1] do_syscall_64+0x55/0xb0 [ 504.234511][ C1] ? clear_bhb_loop+0x40/0x90 [ 504.239177][ C1] ? clear_bhb_loop+0x40/0x90 [ 504.243857][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 504.249753][ C1] RIP: 0033:0x7f3e74d85213 [ 504.254162][ C1] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00 [ 504.273773][ C1] RSP: 002b:00007ffd3226ce18 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 504.282188][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3e74d85213 [ 504.290160][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 504.298124][ C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 504.306087][ C1] R10: 000055555d35a7d0 R11: 0000000000000246 R12: 0000000000000000 [ 504.314052][ C1] R13: 00000000000927c0 R14: 000000000007ad59 R15: 00007ffd3226cfb0 [ 504.322039][ C1]