last executing test programs: 2m32.737356085s ago: executing program 1 (id=2487): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) close(0x3) perf_event_open(&(0x7f0000001480)={0x2, 0x80, 0x85, 0x1, 0x0, 0x0, 0x0, 0x31ac4453, 0x20022, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x20000000}, 0x0, 0x0, 0x0, 0x9, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x10182) r2 = socket$kcm(0x10, 0x2, 0x10) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000505d25a806c8c6f94f90524fc600a080a0002000000051d82c137153e374c0c0980fc6310000300", 0x33fe0}], 0x1}, 0x0) syz_clone(0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0) 2m32.548763025s ago: executing program 1 (id=2492): recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000001d00)=""/4054, 0xfd6}, {0x0}, {0x0}, {&(0x7f0000000380)=""/234, 0xea}, {0x0}], 0x5}, 0x10182) sendmsg$unix(0xffffffffffffffff, 0x0, 0x800) r0 = socket$kcm(0x10, 0x2, 0x10) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) socket$kcm(0x2, 0x2, 0x73) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8946, &(0x7f0000000080)) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000380)="1400000016000b63d25a80648c2594f90b24fc60", 0x14}], 0x1}, 0x0) recvmsg(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000000100)=""/98, 0x62}, {&(0x7f0000000180)=""/151, 0x97}, {&(0x7f0000000240)=""/139, 0x8b}, {&(0x7f0000000580)=""/4096, 0x1000}], 0x4}, 0x100) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000505d25a806c8c6f94f90524fc600a080a0002000000051d82c137153e374c0c0980fc6310000300", 0x33fe0}], 0x1}, 0x0) 2m32.369535723s ago: executing program 1 (id=2495): openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa008, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xfffffffffffffffb}, 0x9000, 0x5, 0x0, 0x4, 0xed}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x20, 0x12506, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x8000000000000001, 0x8}, 0x7602, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_type(r0, &(0x7f0000000300), 0x2, 0x0) write$cgroup_type(r1, &(0x7f0000000280), 0x9) r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_pid(r2, &(0x7f0000000080), 0x12) r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000200)=0x1, 0x12) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_procs(r5, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r6, &(0x7f00000001c0), 0x12) 2m29.257166973s ago: executing program 1 (id=2532): socket$kcm(0x10, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x1c1341, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000029c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x2, @perf_config_ext={0x40000000000000, 0x3fef8000}, 0x0, 0x701, 0x43a1bd76, 0x0, 0x5, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x8, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa66a6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f375ffff86dd6317ce62070000000000000000431ccaf57b00000000000000000104"], 0xfe1b) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip_vti0\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f1, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f2, &(0x7f0000000080)) 2m28.868975421s ago: executing program 1 (id=2536): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x210e, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x32, 0xfffffbff, 0x3, 0x2, 0x0, 0xfffa, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x1e, 0x4, 0x0) socket$kcm(0x1e, 0x4, 0x0) socket$kcm(0xa, 0x6, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) socket$kcm(0x10, 0x400000002, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) socket$kcm(0x10, 0x2, 0x0) socket$kcm(0x2, 0x3, 0x106) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000100)=@pppoe={0x18, 0x0, {0x1, @remote, 'batadv_slave_1\x00'}}, 0x80, 0x0, 0x0, 0x0, 0x18, 0x68000000}, 0x0) r0 = socket$kcm(0xa, 0x6, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x4, &(0x7f0000002280)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x94) setsockopt$sock_attach_bpf(r0, 0x29, 0x22, &(0x7f0000000100)=r1, 0x120) 2m28.556003076s ago: executing program 1 (id=2540): openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa008, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xfffffffffffffffb}, 0x9000, 0x5, 0x0, 0x4, 0xed}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x20, 0x12506, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x8000000000000001, 0x8}, 0x7602, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_type(r0, &(0x7f0000000300), 0x2, 0x0) write$cgroup_type(r1, &(0x7f0000000280), 0x9) r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_pid(r2, &(0x7f0000000080), 0x12) r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000200)=0x1, 0x12) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_procs(r5, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r6, &(0x7f00000001c0), 0x12) 2m12.905070839s ago: executing program 32 (id=2540): openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa008, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xfffffffffffffffb}, 0x9000, 0x5, 0x0, 0x4, 0xed}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x20, 0x12506, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x8000000000000001, 0x8}, 0x7602, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_type(r0, &(0x7f0000000300), 0x2, 0x0) write$cgroup_type(r1, &(0x7f0000000280), 0x9) r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_pid(r2, &(0x7f0000000080), 0x12) r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000200)=0x1, 0x12) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_procs(r5, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r6, &(0x7f00000001c0), 0x12) 3.416680495s ago: executing program 0 (id=3513): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000b80)=ANY=[], 0xfe33) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x4, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1802000000000000950000004800000095000000000000000000000000000000802f107c6eefc99cd12c63f1059c0d423a0f9e0003628409c3e383eb6901e7d0cd1d7e429f36576bc8dfd816a157390735c8ff7fffffffffffff157a8220b67b6cc40eb50662a246c5f7ed904653b317bec368fdc8b26b706cb5d8085a791b71a9ac38af41bbd5fa9cebc525ce8c0bc88151e830f3f8b28d2ab50a169f3c44783a"], &(0x7f0000000080)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000640)={@map=0x1, 0x34, 0x1, 0x10001, &(0x7f0000000340)=[0x0, 0x0], 0x2, 0x0, &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000600)=[0x0, 0x0]}, 0x40) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xffffffffffffff69, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000011008188040f80ec59acbc0413a181014100000000010000000000000e000a000f00000002800200121f", 0x2e}], 0x1}, 0x0) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, 0x0}, 0x8) bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000580)=r2, 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f00000009c0)={0x3, 0x80, 0x0, 0x7, 0xb, 0x2, 0x0, 0x8000, 0x10014, 0xe, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x1, @perf_config_ext={0xffffffff, 0x7}, 0x8000, 0xd79a, 0x5, 0x1, 0x400, 0xd5b, 0x1, 0x0, 0xdb, 0x0, 0x1}) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b06d25a806c8c6f94f90424fc600400037a0a000900050282c137153e370e0c1180fc0b10000300", 0x33fe0}], 0x1}, 0x0) sendmsg$kcm(r3, &(0x7f00000000c0)={0x0, 0xd18c9b60, &(0x7f0000000080)=[{&(0x7f0000000100)="e03f03002a000b05d25a806c8c6f94f90524fc600400037a0a000900050282c137153e370e0c1180fc0b10000300", 0x33fe0}], 0x1}, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0xc41, 0x0) ioctl$TUNSETQUEUE(r4, 0x400454d9, 0x0) 2.819754044s ago: executing program 0 (id=3521): socket$kcm(0xa, 0x922000000003, 0x11) r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={&(0x7f00000001c0), 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x0, 0x32, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xcfa4) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r2 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33) recvmsg(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f00000033c0)=""/4074, 0xfea}, {&(0x7f0000000640)=""/204, 0xcc}], 0x2}, 0x40002120) 2.508324759s ago: executing program 0 (id=3525): bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)=@generic={0x0, 0x0, 0x10}, 0x18) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x404, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r0 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x29, 0x14, &(0x7f0000000100), 0x120) openat$tun(0xffffffffffffff9c, 0x0, 0x240000, 0x0) setsockopt$sock_attach_bpf(r0, 0x29, 0x15, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r1}, &(0x7f0000000080)=0x1000000, &(0x7f0000000180)}, 0x20) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x541b, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000980)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d030100000000009500000c000000006926000000000000bf67000000000000150600000fff07ffd7060000400000006a0200000ee60000bf050000000000003d35f3ff000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff6d53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded85d3cdd66d9c79f0529d045625b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1c2ea17f04537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5306f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c700e3806f825f1d0da2a304e06543b56d35235d7897a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664b44e22b72e843e7cf55f394cf75d1cd57c9150bfb98cc45b3fde43e42e150d4a2fddd9a9767748ca3522443097c55dc97c09d38485b18ad2cff787338bab324336f50c97b751f2ed2c4281858b428d1b2c1194b06f9bb7ffcc95c1bcfc5540f9574f20e7f513a2a7c5dad90e7d479724d69fa0c0bf97af1231a49ea166f743279d240e2e6f01d8704f313d68b16198be5f6a50e9e0fd20893b2922df566d2622edee5000000000000000000d91c6da09fa7cdbbf16d4780d8c2401c55aff772aced3ff966ff76d796c171f5f7a31e1b14b0c0c712c0fdd2710f37a3d15710d68e7326a7db043c57784bd9bdb047db75"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) 2.399982125s ago: executing program 4 (id=3527): recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000001d00)=""/4054, 0xfd6}, {0x0}, {0x0}, {&(0x7f0000000380)=""/234, 0xea}, {0x0}], 0x5}, 0x10182) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001300)={&(0x7f0000000c00)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001200)=[{&(0x7f0000000e80)="7393a636aa9d61a257fe86a7f10cfdd6d39ab251b167e86ba8861eb0ac0664eb9229b5bf94e8de371591654265c10a442ec7d8424fc888064c544a83551b4785c9aaeb3e970c2b4262a23993129c8f8617c0dc316b0c96584017be1d4b035c6cf6f6b5d4188dd86e7c", 0x69}, {0x0}], 0x2, 0x0, 0x0, 0x20000080}, 0x800) r0 = socket$kcm(0x10, 0x2, 0x10) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) socket$kcm(0x2, 0x2, 0x73) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8946, &(0x7f0000000080)) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000380)="1400000016000b63d25a80648c2594f90b24fc60", 0x14}], 0x1}, 0x0) recvmsg(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000001640)=[{0x0}, {&(0x7f0000000180)=""/151, 0x97}, {&(0x7f0000000240)=""/139, 0x8b}, {&(0x7f0000000580)=""/4096, 0x1000}], 0x4}, 0x100) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000505d25a806c8c6f94f90524fc600a080a0002000000051d82c137153e374c0c0980fc6310000300", 0x33fe0}], 0x1}, 0x0) 2.399378065s ago: executing program 0 (id=3528): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)=@generic={&(0x7f0000000080)='./file0\x00', 0x0, 0x10}, 0x18) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x404, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r1 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r1, 0x29, 0x14, &(0x7f0000000100), 0x120) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x10, 0x2, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x240000, 0x0) setsockopt$sock_attach_bpf(r1, 0x29, 0x15, &(0x7f0000000100), 0x3d) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="12000000060000000400000002"], 0x48) r3 = socket$kcm(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r2}, &(0x7f0000000080)=0x1000000, &(0x7f0000000180)=r3}, 0x20) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x541b, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000980)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d030100000000009500000c000000006926000000000000bf67000000000000150600000fff07ffd7060000400000006a0200000ee60000bf050000000000003d35f3ff000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff6d53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded85d3cdd66d9c79f0529d045625b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1c2ea17f04537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5306f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c700e3806f825f1d0da2a304e06543b56d35235d7897a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664b44e22b72e843e7cf55f394cf75d1cd57c9150bfb98cc45b3fde43e42e150d4a2fddd9a9767748ca3522443097c55dc97c09d38485b18ad2cff787338bab324336f50c97b751f2ed2c4281858b428d1b2c1194b06f9bb7ffcc95c1bcfc5540f9574f20e7f513a2a7c5dad90e7d479724d69fa0c0bf97af1231a49ea166f743279d240e2e6f01d8704f313d68b16198be5f6a50e9e0fd20893b2922df566d2622edee5000000000000000000d91c6da09fa7cdbbf16d4780d8c2401c55aff772aced3ff966ff76d796c171f5f7a31e1b14b0c0c712c0fdd2710f37a3d15710d68e7326a7db043c57784bd9bdb047db75"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) 2.232424873s ago: executing program 4 (id=3531): bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r0 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0100, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'\x00', 0x2}) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}, 0x10a194, 0x0, 0x0, 0x0, 0x0, 0x7, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TUNSETIFINDEX(r1, 0x400454da, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095001800000000006926000000000000bf67000000000000150600000fff070067060000200000006a0200000ee60000bf050000000000003d350000000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff3d53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1c2ea17f04537fc211576846ac629d1d93265ba4580047a9dc88de358ce795731891a2031de4e09740c64e5506f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfadfe6d4421c49fb6641cbf56914e76702f673b586c767562a90a3967093b000e3806f825f1d0da2a304e06543b56d35235d78b7a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664a44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45b3fde43e42e150d4a2fddd9a97677400ef0bd697d135324ce480c2960344de346bd511dea4ff7a07400b2d12dd1a8c4c300aee5f948777085ca142b79dfc3aca5fadaa0532ab0572169f68584ff2ee063bc7e75ecd5cc8973464629ba236e3ff97f6033d0800000000000000cef54a60aff12590a50ef147e3e640193d00263003a4ef412420a070dd0327e47c8c7abb77b4b53874788d7e2e5d554de4713db957afb56d4673f1b904c5a317d3670003000000183fb7d36e173044f4ab34"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x48) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x0, 0x0, 0x100000, 0x8, 0x2, 0x0, 0x80}, 0x0, 0xffffff7fffffffff, 0xffffffffffffffff, 0x8) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x5) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close(r3) r4 = socket$kcm(0x2b, 0x1, 0x0) sendmsg$kcm(r4, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x24000814) setsockopt$sock_attach_bpf(r4, 0x6, 0x1f, &(0x7f0000000200), 0x11) ioctl$SIOCSIFHWADDR(r3, 0x541b, 0x0) 2.130746387s ago: executing program 0 (id=3532): bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_config_ext={0x5, 0x1ff}, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x1, 0x56d, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffc}, 0x50) socket$kcm(0x2, 0x922000000001, 0x106) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) socket$kcm(0xa, 0x6, 0x0) socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000020000000000000800000000000061"], 0x0, 0x28}, 0x28) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001000)) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_config_ext={0xd, 0x5}, 0x8000, 0x10000, 0x43a1bd76, 0x7, 0x6, 0x400006, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x15, &(0x7f0000000580)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 1.462580429s ago: executing program 0 (id=3534): openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x20, 0x12506, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x8000000000000001, 0x8}, 0x7602, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_type(r0, &(0x7f0000000300), 0x2, 0x0) write$cgroup_type(r1, &(0x7f0000000280), 0x9) r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_pid(r2, &(0x7f0000000080), 0x12) r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000200)=0x1, 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_procs(r5, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r6, &(0x7f00000001c0), 0x12) 1.186369623s ago: executing program 4 (id=3538): bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)=@generic={0x0, 0x0, 0x10}, 0x18) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x404, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r0 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x29, 0x14, &(0x7f0000000100), 0x120) openat$tun(0xffffffffffffff9c, 0x0, 0x240000, 0x0) setsockopt$sock_attach_bpf(r0, 0x29, 0x15, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r1}, &(0x7f0000000080)=0x1000000, &(0x7f0000000180)}, 0x20) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x541b, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000980)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d030100000000009500000c000000006926000000000000bf67000000000000150600000fff07ffd7060000400000006a0200000ee60000bf050000000000003d35f3ff000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff6d53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded85d3cdd66d9c79f0529d045625b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1c2ea17f04537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5306f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c700e3806f825f1d0da2a304e06543b56d35235d7897a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664b44e22b72e843e7cf55f394cf75d1cd57c9150bfb98cc45b3fde43e42e150d4a2fddd9a9767748ca3522443097c55dc97c09d38485b18ad2cff787338bab324336f50c97b751f2ed2c4281858b428d1b2c1194b06f9bb7ffcc95c1bcfc5540f9574f20e7f513a2a7c5dad90e7d479724d69fa0c0bf97af1231a49ea166f743279d240e2e6f01d8704f313d68b16198be5f6a50e9e0fd20893b2922df566d2622edee5000000000000000000d91c6da09fa7cdbbf16d4780d8c2401c55aff772aced3ff966ff76d796c171f5f7a31e1b14b0c0c712c0fdd2710f37a3d15710d68e7326a7db043c57784bd9bdb047db75"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) 1.057108069s ago: executing program 2 (id=3539): recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000001d00)=""/4054, 0xfd6}, {0x0}, {0x0}, {&(0x7f0000000380)=""/234, 0xea}, {0x0}], 0x5}, 0x10182) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001300)={&(0x7f0000000c00)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001200)=[{&(0x7f0000000e80)="7393a636aa9d61a257fe86a7f10cfdd6d39ab251b167e86ba8861eb0ac0664eb9229b5bf94e8de371591654265c10a442ec7d8424fc888064c544a83551b4785c9aaeb3e970c2b4262a23993129c8f8617c0dc316b0c96584017be1d4b035c6cf6f6b5d4188dd86e7c", 0x69}, {0x0}], 0x2, 0x0, 0x0, 0x20000080}, 0x800) r0 = socket$kcm(0x10, 0x2, 0x10) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) socket$kcm(0x2, 0x2, 0x73) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8946, &(0x7f0000000080)) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000380)="1400000016000b63d25a80648c2594f90b24fc60", 0x14}], 0x1}, 0x0) recvmsg(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000001640)=[{0x0}, {&(0x7f0000000180)=""/151, 0x97}, {&(0x7f0000000240)=""/139, 0x8b}, {&(0x7f0000000580)=""/4096, 0x1000}], 0x4}, 0x100) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000505d25a806c8c6f94f90524fc600a080a0002000000051d82c137153e374c0c0980fc6310000300", 0x33fe0}], 0x1}, 0x0) 1.05460682s ago: executing program 4 (id=3540): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)=@generic={&(0x7f0000000080)='./file0\x00', 0x0, 0x10}, 0x18) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x404, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r1 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r1, 0x29, 0x14, &(0x7f0000000100), 0x120) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x10, 0x2, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x240000, 0x0) setsockopt$sock_attach_bpf(r1, 0x29, 0x15, &(0x7f0000000100), 0x3d) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="12000000060000000400000002"], 0x48) r3 = socket$kcm(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r2}, &(0x7f0000000080)=0x1000000, &(0x7f0000000180)=r3}, 0x20) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x541b, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000980)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d030100000000009500000c000000006926000000000000bf67000000000000150600000fff07ffd7060000400000006a0200000ee60000bf050000000000003d35f3ff000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff6d53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded85d3cdd66d9c79f0529d045625b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1c2ea17f04537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5306f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c700e3806f825f1d0da2a304e06543b56d35235d7897a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664b44e22b72e843e7cf55f394cf75d1cd57c9150bfb98cc45b3fde43e42e150d4a2fddd9a9767748ca3522443097c55dc97c09d38485b18ad2cff787338bab324336f50c97b751f2ed2c4281858b428d1b2c1194b06f9bb7ffcc95c1bcfc5540f9574f20e7f513a2a7c5dad90e7d479724d69fa0c0bf97af1231a49ea166f743279d240e2e6f01d8704f313d68b16198be5f6a50e9e0fd20893b2922df566d2622edee5000000000000000000d91c6da09fa7cdbbf16d4780d8c2401c55aff772aced3ff966ff76d796c171f5f7a31e1b14b0c0c712c0fdd2710f37a3d15710d68e7326a7db043c57784bd9bdb047db75"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) 949.308804ms ago: executing program 4 (id=3541): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)=@generic={&(0x7f0000000080)='./file0\x00', 0x0, 0x10}, 0x18) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000780)={&(0x7f0000000680)=ANY=[@ANYBLOB], 0x0, 0x39, 0x0, 0x1, 0x6cb}, 0x28) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x404, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r1 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r1, 0x29, 0x14, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x10, 0x2, &(0x7f0000000680)=ANY=[@ANYBLOB="911000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x240000, 0x0) setsockopt$sock_attach_bpf(r1, 0x29, 0x15, &(0x7f0000000100), 0x3d) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="12000000060000000400000002"], 0x48) r3 = socket$kcm(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r2}, &(0x7f0000000080)=0x1000000, &(0x7f0000000180)=r3}, 0x20) 900.796896ms ago: executing program 2 (id=3542): perf_event_open(&(0x7f0000000a00)={0x1, 0x80, 0x2, 0x0, 0xf, 0x0, 0x0, 0x400, 0x1e37cf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x401, 0x200, 0x0, 0x7, 0x0, 0x100}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x9, [@fwd={0x6}]}, {0x0, [0x2e, 0x2e, 0x0, 0x5f, 0x61, 0x5f, 0x5f]}}, 0x0, 0x2d, 0x0, 0x1, 0x4}, 0x28) r2 = socket$kcm(0x2b, 0x1, 0x0) sendmsg$inet(r2, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x200048cc) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)="d80000001000810468f70082db44b904021d080b01000000e8fe55a11800150006001400000000120800040043000000a80016000a00014006000d00036010fab94dcf5c0461c1d67f6f94000534cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88ac417898516277ce06bbace80177ccbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d0080000000000000b57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5588a63644caf1ce1bd6c769ad809d52a9ecbee", 0xd8}], 0x1}, 0x20000004) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8b06, &(0x7f0000000140)={'wlan1\x00', @random="0100000000eb"}) r5 = socket$kcm(0x2, 0x2, 0x73) sendmsg$inet(r5, &(0x7f0000000500)={&(0x7f0000000300)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000400)=[{&(0x7f0000000340)='+', 0x34000}], 0x1}, 0x900000000000000) 859.234649ms ago: executing program 4 (id=3543): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x4100, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x3) close(0xffffffffffffffff) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) r2 = getpid() write$cgroup_pid(r1, &(0x7f0000000000)=r2, 0x12) socket$kcm(0x10, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0xfffffffffffffff7}, 0x0, 0x35, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)}], 0x1}, 0x0) r4 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f91324fc60", 0x8c0}], 0x1}, 0x0) 681.644327ms ago: executing program 2 (id=3544): bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_config_ext={0x5, 0x1ff}, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x1, 0x56d, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffc}, 0x50) socket$kcm(0x2, 0x922000000001, 0x106) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) socket$kcm(0xa, 0x6, 0x0) socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000020000000000000800000000000061"], 0x0, 0x28}, 0x28) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001000)) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_config_ext={0xd, 0x5}, 0x8000, 0x10000, 0x43a1bd76, 0x7, 0x6, 0x400006, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x15, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000fcffffff0000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 624.85091ms ago: executing program 2 (id=3545): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000b80)=ANY=[], 0xfe33) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b83, 0x2, @perf_bp={0x0, 0x3}, 0x8000, 0x5, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x4, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1802000000000000950000004800000095000000000000000000000000000000802f107c6eefc99cd12c63f1059c0d423a0f9e0003628409c3e383eb6901e7d0cd1d7e429f36576bc8dfd816a157390735c8ff7fffffffffffff157a8220b67b6cc40eb50662a246c5f7ed904653b317bec368fdc8b26b706cb5d8085a791b71a9ac38af41bbd5fa9cebc525ce8c0bc88151e830f3f8b28d2ab50a169f3c44783a"], &(0x7f0000000080)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000640)={@map=0x1, 0x34, 0x1, 0x10001, &(0x7f0000000340)=[0x0, 0x0], 0x2, 0x0, &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000600)=[0x0, 0x0]}, 0x40) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xffffffffffffff69, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000011008188040f80ec59acbc0413a181014100000000010000000000000e000a000f00000002800200121f", 0x2e}], 0x1}, 0x0) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, 0x0}, 0x8) bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000580)=r2, 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f00000009c0)={0x3, 0x80, 0x0, 0x7, 0xb, 0x2, 0x0, 0x8000, 0x10014, 0xe, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x1, @perf_config_ext={0xffffffff, 0x7}, 0x8000, 0xd79a, 0x5, 0x1, 0x400, 0xd5b, 0x1, 0x0, 0xdb, 0x0, 0x1}) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b06d25a806c8c6f94f90424fc600400037a0a000900050282c137153e370e0c1180fc0b10000300", 0x33fe0}], 0x1}, 0x0) sendmsg$kcm(r3, &(0x7f00000000c0)={0x0, 0xd18c9b60, &(0x7f0000000080)=[{&(0x7f0000000100)="e03f03002a000b05d25a806c8c6f94f90524fc600400037a0a000900050282c137153e370e0c1180fc0b10000300", 0x33fe0}], 0x1}, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0xc41, 0x0) ioctl$TUNSETQUEUE(r4, 0x400454d9, 0x0) 404.20224ms ago: executing program 3 (id=3546): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r1, 0x0, 0x0}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000000)={r1, 0x0}, 0x20) bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r1}, 0x8) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x1}, 0x1090da, 0x0, 0x0, 0x0, 0x0, 0x4, 0x749}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r3, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e64, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x200088c0) close(r3) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r4, 0x0, 0x0}, 0x20) socket$kcm(0x11, 0x3, 0x300) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r5, &(0x7f0000000040)={0x0, 0x51, &(0x7f0000000100)=[{&(0x7f00000006c0)="5c00000013006bcd9e3fe3dc6e48aa310b6b87033c0000001f03000000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 285.470096ms ago: executing program 3 (id=3547): socket$kcm(0x10, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x1c1341, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000029c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x2, @perf_config_ext={0x40000000000000, 0x3fef8000}, 0x0, 0x701, 0x43a1bd76, 0x0, 0x5, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x8, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa66a6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f00000000c0)) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f375ffff86dd6317ce62070000000000000000431ccaf57b00000000000000000104"], 0xfe1b) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="851000000000000018100000", @ANYRES32, @ANYBLOB="f0f605748aed000000"], 0x0}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip_vti0\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000080)) 174.921081ms ago: executing program 3 (id=3548): bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)=@generic={0x0, 0x0, 0x10}, 0x18) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x404, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r0 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x29, 0x14, &(0x7f0000000100), 0x120) openat$tun(0xffffffffffffff9c, 0x0, 0x240000, 0x0) setsockopt$sock_attach_bpf(r0, 0x29, 0x15, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x541b, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000980)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d030100000000009500000c000000006926000000000000bf67000000000000150600000fff07ffd7060000400000006a0200000ee60000bf050000000000003d35f3ff000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff6d53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded85d3cdd66d9c79f0529d045625b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1c2ea17f04537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5306f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c700e3806f825f1d0da2a304e06543b56d35235d7897a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664b44e22b72e843e7cf55f394cf75d1cd57c9150bfb98cc45b3fde43e42e150d4a2fddd9a9767748ca3522443097c55dc97c09d38485b18ad2cff787338bab324336f50c97b751f2ed2c4281858b428d1b2c1194b06f9bb7ffcc95c1bcfc5540f9574f20e7f513a2a7c5dad90e7d479724d69fa0c0bf97af1231a49ea166f743279d240e2e6f01d8704f313d68b16198be5f6a50e9e0fd20893b2922df566d2622edee5000000000000000000d91c6da09fa7cdbbf16d4780d8c2401c55aff772aced3ff966ff76d796c171f5f7a31e1b14b0c0c712c0fdd2710f37a3d15710d68e7326a7db043c57784bd9bdb047db75"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) 155.605502ms ago: executing program 2 (id=3549): socket$kcm(0x10, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x1c1341, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000029c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x2, @perf_config_ext={0x40000000000000, 0x3fef8000}, 0x0, 0x701, 0x43a1bd76, 0x0, 0x5, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x8, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa66a6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f375ffff86dd6317ce62070000000000000000431ccaf57b00000000000000000104"], 0xfe1b) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="851000000000000018100000", @ANYRES32, @ANYBLOB="f0f605748aed000000"], 0x0}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip_vti0\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f1, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f2, &(0x7f0000000080)) 109.363985ms ago: executing program 3 (id=3550): recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000001d00)=""/4054, 0xfd6}, {0x0}, {0x0}, {&(0x7f0000000380)=""/234, 0xea}, {0x0}], 0x5}, 0x10182) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001300)={&(0x7f0000000c00)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001200)=[{&(0x7f0000000e80)="7393a636aa9d61a257fe86a7f10cfdd6d39ab251b167e86ba8861eb0ac0664eb9229b5bf94e8de371591654265c10a442ec7d8424fc888064c544a83551b4785c9aaeb3e970c2b4262a23993129c8f8617c0dc316b0c96584017be1d4b035c6cf6f6b5d4188dd86e7c", 0x69}, {0x0}], 0x2, 0x0, 0x0, 0x20000080}, 0x800) r0 = socket$kcm(0x10, 0x2, 0x10) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) socket$kcm(0x2, 0x2, 0x73) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8946, &(0x7f0000000080)) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000380)="1400000016000b63d25a80648c2594f90b24fc60", 0x14}], 0x1}, 0x0) recvmsg(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000000100)=""/98, 0x62}, {&(0x7f0000000180)=""/151, 0x97}, {&(0x7f0000000240)=""/139, 0x8b}, {&(0x7f0000000580)=""/4096, 0x1000}], 0x4}, 0x100) sendmsg$kcm(r0, 0x0, 0x0) 60.241917ms ago: executing program 3 (id=3551): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)=@generic={&(0x7f0000000080)='./file0\x00', 0x0, 0x10}, 0x18) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0}, 0x404, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r1 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r1, 0x29, 0x14, &(0x7f0000000100), 0x120) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x10, 0x2, &(0x7f0000000680)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x240000, 0x0) setsockopt$sock_attach_bpf(r1, 0x29, 0x15, &(0x7f0000000100), 0x3d) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, @perf_bp={0x0}, 0x0, 0x10000, 0x9e4, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="12000000060000000400000002"], 0x48) r3 = socket$kcm(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r2}, &(0x7f0000000080)=0x1000000, &(0x7f0000000180)=r3}, 0x20) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x541b, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000980)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d030100000000009500000c000000006926000000000000bf67000000000000150600000fff07ffd7060000400000006a0200000ee60000bf050000000000003d35f3ff000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff6d53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded85d3cdd66d9c79f0529d045625b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1c2ea17f04537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5306f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c700e3806f825f1d0da2a304e06543b56d35235d7897a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664b44e22b72e843e7cf55f394cf75d1cd57c9150bfb98cc45b3fde43e42e150d4a2fddd9a9767748ca3522443097c55dc97c09d38485b18ad2cff787338bab324336f50c97b751f2ed2c4281858b428d1b2c1194b06f9bb7ffcc95c1bcfc5540f9574f20e7f513a2a7c5dad90e7d479724d69fa0c0bf97af1231a49ea166f743279d240e2e6f01d8704f313d68b16198be5f6a50e9e0fd20893b2922df566d2622edee5000000000000000000d91c6da09fa7cdbbf16d4780d8c2401c55aff772aced3ff966ff76d796c171f5f7a31e1b14b0c0c712c0fdd2710f37a3d15710d68e7326a7db043c57784bd9bdb047db75"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) 1.24558ms ago: executing program 3 (id=3552): bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33a2d912}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) perf_event_open$cgroup(&(0x7f0000000000)={0x5, 0x80, 0xb3, 0x3, 0x6, 0x49, 0x0, 0x2, 0x2001, 0x2, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x4, @perf_config_ext={0x8, 0x1}, 0x1410, 0x401, 0x0, 0x5, 0x1b, 0xffff0001, 0x2, 0x0, 0x4, 0x0, 0x727}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0xa) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8916, &(0x7f0000000000)={'wlan1\x00', @random="0200ff7fffff"}) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0500000000f01f00810000007f00000001"], 0x48) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x9, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x20800, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$TUNSETLINK(r3, 0x400454cd, 0x336) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) close(r3) 0s ago: executing program 2 (id=3560): socket$kcm(0x10, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x1c1341, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000029c0)) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f, 0x2, @perf_config_ext={0x40000000000000, 0x3fef8000}, 0x0, 0x701, 0x43a1bd76, 0x0, 0x5, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x8, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa66a6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f375ffff86dd6317ce62070000000000000000431ccaf57b00000000000000000104"], 0xfe1b) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="851000000000000018100000", @ANYRES32, @ANYBLOB="f0f605748aed0000000000000c"], 0x0}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip_vti0\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f1, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f2, &(0x7f0000000080)) kernel console output (not intermixed with test programs): 506] netlink: 208556 bytes leftover after parsing attributes in process `syz.2.2152'. [ 457.423425][T11528] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.2154'. [ 457.610493][T11532] netlink: 208556 bytes leftover after parsing attributes in process `syz.3.2156'. [ 458.634125][T11549] netlink: 210880 bytes leftover after parsing attributes in process `syz.0.2171'. [ 458.773679][T11556] netlink: 208556 bytes leftover after parsing attributes in process `syz.3.2166'. [ 459.481770][ T5778] Bluetooth: hci1: unexpected event for opcode 0x0000 [ 459.629371][T11582] netlink: 210880 bytes leftover after parsing attributes in process `syz.0.2178'. [ 459.780423][T11591] netlink: 208556 bytes leftover after parsing attributes in process `syz.2.2181'. [ 460.394149][T11612] validate_nla: 13 callbacks suppressed [ 460.394178][T11612] netlink: 'syz.3.2191': attribute type 10 has an invalid length. [ 460.411262][T11612] nla_validate_range_unsigned: 200 callbacks suppressed [ 460.411310][T11612] netlink: 'syz.3.2191': attribute type 11 has an invalid length. [ 460.443957][T11612] netlink: 'syz.3.2191': attribute type 11 has an invalid length. [ 460.457605][T11612] netlink: 'syz.3.2191': attribute type 11 has an invalid length. [ 460.469881][T11612] netlink: 'syz.3.2191': attribute type 11 has an invalid length. [ 460.478716][T11612] netlink: 'syz.3.2191': attribute type 11 has an invalid length. [ 460.487026][T11612] netlink: 'syz.3.2191': attribute type 11 has an invalid length. [ 460.495906][T11612] netlink: 'syz.3.2191': attribute type 11 has an invalid length. [ 460.504358][T11612] netlink: 'syz.3.2191': attribute type 11 has an invalid length. [ 460.513019][T11612] netlink: 'syz.3.2191': attribute type 11 has an invalid length. [ 460.527201][T11612] netlink: 'syz.3.2191': attribute type 11 has an invalid length. [ 460.553131][T11612] netlink: 'syz.3.2191': attribute type 4 has an invalid length. [ 460.561556][T11612] netlink: 'syz.3.2191': attribute type 5 has an invalid length. [ 460.574008][T11612] netlink: 208556 bytes leftover after parsing attributes in process `syz.3.2191'. [ 460.586620][T11610] netlink: 'syz.2.2192': attribute type 10 has an invalid length. [ 460.597376][T11614] netlink: 'syz.1.2193': attribute type 10 has an invalid length. [ 460.618434][T11614] netlink: 'syz.1.2193': attribute type 4 has an invalid length. [ 460.628194][T11614] netlink: 'syz.1.2193': attribute type 5 has an invalid length. [ 461.007341][T11628] netlink: 'syz.2.2199': attribute type 10 has an invalid length. [ 461.180969][ T5778] Bluetooth: hci3: unexpected event for opcode 0x0000 [ 461.320660][T11646] netlink: 'syz.0.2205': attribute type 10 has an invalid length. [ 461.331913][T11646] netlink: 'syz.0.2205': attribute type 4 has an invalid length. [ 462.334055][T11664] __nla_validate_parse: 6 callbacks suppressed [ 462.334096][T11664] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.2214'. [ 462.490159][T11670] netlink: 208556 bytes leftover after parsing attributes in process `syz.1.2217'. [ 462.577550][T11676] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.2219'. [ 462.668719][ T5778] Bluetooth: hci2: unexpected event for opcode 0x0000 [ 462.687399][T11673] netlink: 208556 bytes leftover after parsing attributes in process `syz.2.2218'. [ 463.240365][T11693] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.2226'. [ 463.489891][T11696] netlink: 208556 bytes leftover after parsing attributes in process `syz.2.2228'. [ 463.493517][ T5778] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 463.508897][ T5778] Bluetooth: hci1: Injecting HCI hardware error event [ 463.516855][ T5782] Bluetooth: hci1: hardware error 0x00 [ 463.675145][T11700] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.2229'. [ 464.000039][ T5778] Bluetooth: hci0: unexpected event for opcode 0x0000 [ 464.010358][T11706] netlink: 210880 bytes leftover after parsing attributes in process `syz.0.2239'. [ 464.033337][T11708] netlink: 208556 bytes leftover after parsing attributes in process `syz.3.2232'. [ 464.485567][T11723] netlink: 208556 bytes leftover after parsing attributes in process `syz.1.2238'. [ 465.247924][ T5778] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 465.262693][ T5778] Bluetooth: hci3: Injecting HCI hardware error event [ 465.270645][ T5778] Bluetooth: hci3: hardware error 0x00 [ 465.441588][T11750] validate_nla: 30 callbacks suppressed [ 465.441626][T11750] netlink: 'syz.3.2254': attribute type 10 has an invalid length. [ 465.472655][T11750] nla_validate_range_unsigned: 340 callbacks suppressed [ 465.472687][T11750] netlink: 'syz.3.2254': attribute type 11 has an invalid length. [ 465.495596][T11750] netlink: 'syz.3.2254': attribute type 11 has an invalid length. [ 465.504763][T11750] netlink: 'syz.3.2254': attribute type 11 has an invalid length. [ 465.520128][T11750] netlink: 'syz.3.2254': attribute type 11 has an invalid length. [ 465.531072][T11750] netlink: 'syz.3.2254': attribute type 11 has an invalid length. [ 465.542977][T11750] netlink: 'syz.3.2254': attribute type 11 has an invalid length. [ 465.555326][T11750] netlink: 'syz.3.2254': attribute type 11 has an invalid length. [ 465.565955][T11750] netlink: 'syz.3.2254': attribute type 11 has an invalid length. [ 465.568686][ T5782] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 465.588257][T11750] netlink: 'syz.3.2254': attribute type 11 has an invalid length. [ 465.596661][T11750] netlink: 'syz.3.2254': attribute type 11 has an invalid length. [ 465.605537][T11750] netlink: 'syz.3.2254': attribute type 4 has an invalid length. [ 465.614006][T11750] netlink: 'syz.3.2254': attribute type 5 has an invalid length. [ 465.734601][T11757] netlink: 'syz.3.2255': attribute type 10 has an invalid length. [ 465.743697][T11757] netlink: 'syz.3.2255': attribute type 4 has an invalid length. [ 465.754986][T11757] netlink: 'syz.3.2255': attribute type 5 has an invalid length. [ 466.419484][T11779] netlink: 'syz.1.2266': attribute type 10 has an invalid length. [ 466.442738][T11779] netlink: 'syz.1.2266': attribute type 4 has an invalid length. [ 466.453698][T11779] netlink: 'syz.1.2266': attribute type 5 has an invalid length. [ 466.465116][T11778] netlink: 'syz.2.2265': attribute type 10 has an invalid length. [ 466.688887][ T5782] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 466.700272][ T5782] Bluetooth: hci2: Injecting HCI hardware error event [ 466.708199][ T5777] Bluetooth: hci2: hardware error 0x00 [ 467.329060][ T5778] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 467.412195][T11804] __nla_validate_parse: 10 callbacks suppressed [ 467.412238][T11804] netlink: 208556 bytes leftover after parsing attributes in process `syz.1.2277'. [ 467.697001][T11809] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.2280'. [ 468.042913][T11820] netlink: 210880 bytes leftover after parsing attributes in process `syz.1.2283'. [ 468.054135][ T5778] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 468.064341][ T5778] Bluetooth: hci0: Injecting HCI hardware error event [ 468.073517][ T5778] Bluetooth: hci0: hardware error 0x00 [ 468.149947][T11825] netlink: 208556 bytes leftover after parsing attributes in process `syz.2.2286'. [ 468.313995][T11832] netlink: 208556 bytes leftover after parsing attributes in process `syz.2.2288'. [ 468.360128][T11834] netlink: 210880 bytes leftover after parsing attributes in process `syz.1.2290'. [ 468.663658][T11841] syzkaller0: entered promiscuous mode [ 468.670607][T11841] syzkaller0: entered allmulticast mode [ 468.771015][ T5777] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 468.877022][T11850] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.2296'. [ 470.138518][ T5778] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 470.367040][T11854] netlink: 210880 bytes leftover after parsing attributes in process `syz.0.2297'. [ 470.465425][T11861] validate_nla: 21 callbacks suppressed [ 470.465485][T11861] netlink: 'syz.1.2301': attribute type 10 has an invalid length. [ 470.483516][T11861] netlink: 210880 bytes leftover after parsing attributes in process `syz.1.2301'. [ 471.044582][T11876] netlink: 'syz.1.2307': attribute type 10 has an invalid length. [ 471.058042][T11876] nla_validate_range_unsigned: 270 callbacks suppressed [ 471.058074][T11876] netlink: 'syz.1.2307': attribute type 11 has an invalid length. [ 471.105485][T11876] netlink: 'syz.1.2307': attribute type 11 has an invalid length. [ 471.134541][T11876] netlink: 'syz.1.2307': attribute type 11 has an invalid length. [ 471.155765][T11876] netlink: 'syz.1.2307': attribute type 11 has an invalid length. [ 471.178039][T11876] netlink: 'syz.1.2307': attribute type 11 has an invalid length. [ 471.186244][T11876] netlink: 'syz.1.2307': attribute type 11 has an invalid length. [ 471.200710][T11876] netlink: 'syz.1.2307': attribute type 11 has an invalid length. [ 471.209406][T11876] netlink: 'syz.1.2307': attribute type 11 has an invalid length. [ 471.238215][T11876] netlink: 'syz.1.2307': attribute type 11 has an invalid length. [ 471.253311][T11876] netlink: 'syz.1.2307': attribute type 11 has an invalid length. [ 471.278727][T11876] netlink: 'syz.1.2307': attribute type 4 has an invalid length. [ 471.302906][T11876] netlink: 'syz.1.2307': attribute type 5 has an invalid length. [ 471.322158][T11876] netlink: 208556 bytes leftover after parsing attributes in process `syz.1.2307'. [ 471.342798][T11882] netlink: 'syz.0.2310': attribute type 10 has an invalid length. [ 471.550454][T11890] netlink: 'syz.1.2313': attribute type 10 has an invalid length. [ 471.752877][T11896] syzkaller0: entered promiscuous mode [ 471.767839][T11896] syzkaller0: entered allmulticast mode [ 473.634555][T11911] netlink: 'syz.3.2321': attribute type 10 has an invalid length. [ 473.644965][T11911] netlink: 'syz.3.2321': attribute type 4 has an invalid length. [ 473.654067][T11911] netlink: 'syz.3.2321': attribute type 5 has an invalid length. [ 473.663504][T11911] __nla_validate_parse: 2 callbacks suppressed [ 473.663547][T11911] netlink: 208556 bytes leftover after parsing attributes in process `syz.3.2321'. [ 473.818261][T11915] netlink: 'syz.1.2323': attribute type 10 has an invalid length. [ 473.854642][T11915] netlink: 210880 bytes leftover after parsing attributes in process `syz.1.2323'. [ 473.942202][T11923] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.2325'. [ 473.964915][T11922] netlink: 208556 bytes leftover after parsing attributes in process `syz.0.2326'. [ 474.522573][T11938] netlink: 208556 bytes leftover after parsing attributes in process `syz.3.2333'. [ 474.670292][T11942] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.2335'. [ 474.683771][T11944] netlink: 208556 bytes leftover after parsing attributes in process `syz.0.2336'. [ 474.784545][T11946] netlink: 210880 bytes leftover after parsing attributes in process `syz.0.2337'. [ 475.192852][T11960] netlink: 208556 bytes leftover after parsing attributes in process `syz.3.2343'. [ 475.283302][T11966] netlink: 208556 bytes leftover after parsing attributes in process `syz.1.2345'. [ 475.515264][T11975] validate_nla: 19 callbacks suppressed [ 475.515308][T11975] netlink: 'syz.1.2349': attribute type 10 has an invalid length. [ 475.950701][T11991] netlink: 'syz.0.2356': attribute type 10 has an invalid length. [ 475.962543][T11991] netlink: 'syz.0.2356': attribute type 4 has an invalid length. [ 475.973740][T11991] netlink: 'syz.0.2356': attribute type 5 has an invalid length. [ 475.986895][T11996] netlink: 'syz.1.2357': attribute type 10 has an invalid length. [ 475.996940][T11996] netlink: 'syz.1.2357': attribute type 4 has an invalid length. [ 476.006750][T11996] netlink: 'syz.1.2357': attribute type 5 has an invalid length. [ 476.143514][T12001] netlink: 'syz.0.2360': attribute type 10 has an invalid length. [ 476.429356][T12013] netlink: 'syz.2.2366': attribute type 10 has an invalid length. [ 476.640455][T12020] netlink: 'syz.1.2368': attribute type 10 has an invalid length. [ 476.652435][T12020] nla_validate_range_unsigned: 305 callbacks suppressed [ 476.652472][T12020] netlink: 'syz.1.2368': attribute type 11 has an invalid length. [ 476.672892][T12020] netlink: 'syz.1.2368': attribute type 11 has an invalid length. [ 476.681951][T12020] netlink: 'syz.1.2368': attribute type 11 has an invalid length. [ 476.694715][T12020] netlink: 'syz.1.2368': attribute type 11 has an invalid length. [ 476.705393][T12020] netlink: 'syz.1.2368': attribute type 11 has an invalid length. [ 476.718102][T12020] netlink: 'syz.1.2368': attribute type 11 has an invalid length. [ 476.726900][T12020] netlink: 'syz.1.2368': attribute type 11 has an invalid length. [ 476.739260][T12020] netlink: 'syz.1.2368': attribute type 11 has an invalid length. [ 476.747453][T12020] netlink: 'syz.1.2368': attribute type 11 has an invalid length. [ 476.762535][T12020] netlink: 'syz.1.2368': attribute type 11 has an invalid length. [ 478.669375][T12077] __nla_validate_parse: 16 callbacks suppressed [ 478.669418][T12077] netlink: 208556 bytes leftover after parsing attributes in process `syz.0.2392'. [ 478.941588][T12083] netlink: 210880 bytes leftover after parsing attributes in process `syz.1.2394'. [ 479.032559][T12089] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.2396'. [ 479.206118][T12096] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.2399'. [ 479.599096][T12108] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.2401'. [ 479.754481][T12110] netlink: 210880 bytes leftover after parsing attributes in process `syz.1.2402'. [ 480.277727][T12119] netlink: 210880 bytes leftover after parsing attributes in process `syz.1.2406'. [ 480.310525][T12121] netlink: 65047 bytes leftover after parsing attributes in process `syz.0.2407'. [ 480.738335][T12128] validate_nla: 27 callbacks suppressed [ 480.738376][T12128] netlink: 'syz.0.2410': attribute type 10 has an invalid length. [ 480.778368][T12128] netlink: 210880 bytes leftover after parsing attributes in process `syz.0.2410'. [ 481.192784][T12136] netlink: 'syz.1.2412': attribute type 10 has an invalid length. [ 481.206228][T12136] netlink: 'syz.1.2412': attribute type 4 has an invalid length. [ 481.223674][T12136] netlink: 'syz.1.2412': attribute type 5 has an invalid length. [ 481.232354][T12136] netlink: 208556 bytes leftover after parsing attributes in process `syz.1.2412'. [ 483.833768][T12153] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.2416'. [ 483.982237][T12155] netlink: 'syz.2.2417': attribute type 10 has an invalid length. [ 484.046705][T12155] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.2417'. [ 484.384432][T12163] netlink: 'syz.3.2420': attribute type 10 has an invalid length. [ 484.404310][T12163] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.2420'. [ 484.704175][T12173] netlink: 'syz.3.2425': attribute type 10 has an invalid length. [ 484.723850][T12173] nla_validate_range_unsigned: 235 callbacks suppressed [ 484.723889][T12173] netlink: 'syz.3.2425': attribute type 11 has an invalid length. [ 484.757113][T12173] netlink: 'syz.3.2425': attribute type 11 has an invalid length. [ 484.776303][T12173] netlink: 'syz.3.2425': attribute type 11 has an invalid length. [ 484.797518][T12173] netlink: 'syz.3.2425': attribute type 11 has an invalid length. [ 484.816319][T12173] netlink: 'syz.3.2425': attribute type 11 has an invalid length. [ 484.834504][T12173] netlink: 'syz.3.2425': attribute type 11 has an invalid length. [ 484.855017][T12173] netlink: 'syz.3.2425': attribute type 11 has an invalid length. [ 484.873567][T12173] netlink: 'syz.3.2425': attribute type 11 has an invalid length. [ 484.894239][T12173] netlink: 'syz.3.2425': attribute type 11 has an invalid length. [ 484.915369][T12173] netlink: 'syz.3.2425': attribute type 11 has an invalid length. [ 484.938697][T12173] netlink: 'syz.3.2425': attribute type 4 has an invalid length. [ 484.958521][T12173] netlink: 'syz.3.2425': attribute type 5 has an invalid length. [ 484.979044][T12173] netlink: 208556 bytes leftover after parsing attributes in process `syz.3.2425'. [ 485.623587][T12179] netlink: 'syz.3.2428': attribute type 10 has an invalid length. [ 485.634190][T12181] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.2429'. [ 485.643803][T12179] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.2428'. [ 485.887603][T12184] netlink: 'syz.2.2430': attribute type 10 has an invalid length. [ 485.903140][T12184] netlink: 'syz.2.2430': attribute type 4 has an invalid length. [ 485.911837][T12184] netlink: 'syz.2.2430': attribute type 5 has an invalid length. [ 485.925318][T12184] netlink: 208556 bytes leftover after parsing attributes in process `syz.2.2430'. [ 486.044334][T12188] netlink: 'syz.3.2432': attribute type 10 has an invalid length. [ 486.061995][T12188] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.2432'. [ 486.326493][T12194] netlink: 'syz.0.2435': attribute type 10 has an invalid length. [ 486.345191][T12194] netlink: 'syz.0.2435': attribute type 4 has an invalid length. [ 486.354651][T12194] netlink: 'syz.0.2435': attribute type 5 has an invalid length. [ 486.363244][T12194] netlink: 208556 bytes leftover after parsing attributes in process `syz.0.2435'. [ 486.389031][T12195] netlink: 'syz.2.2434': attribute type 10 has an invalid length. [ 486.407854][T12195] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.2434'. [ 486.736490][T12203] netlink: 'syz.3.2439': attribute type 10 has an invalid length. [ 486.905105][T12211] netlink: 'syz.2.2441': attribute type 10 has an invalid length. [ 489.230159][T12257] __nla_validate_parse: 9 callbacks suppressed [ 489.230231][T12257] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.2458'. [ 489.770938][T12262] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.2460'. [ 490.202710][T12267] nla_validate_range_unsigned: 165 callbacks suppressed [ 490.202754][T12267] netlink: 'syz.3.2462': attribute type 11 has an invalid length. [ 490.222318][T12267] netlink: 'syz.3.2462': attribute type 11 has an invalid length. [ 490.233478][T12267] netlink: 'syz.3.2462': attribute type 11 has an invalid length. [ 490.246137][T12267] netlink: 'syz.3.2462': attribute type 11 has an invalid length. [ 490.261919][T12267] netlink: 'syz.3.2462': attribute type 11 has an invalid length. [ 490.270351][T12267] netlink: 'syz.3.2462': attribute type 11 has an invalid length. [ 490.282677][T12267] netlink: 'syz.3.2462': attribute type 11 has an invalid length. [ 490.291284][T12267] netlink: 'syz.3.2462': attribute type 11 has an invalid length. [ 490.303702][T12267] netlink: 'syz.3.2462': attribute type 11 has an invalid length. [ 490.312216][T12267] netlink: 'syz.3.2462': attribute type 11 has an invalid length. [ 490.321053][T12267] netlink: 208556 bytes leftover after parsing attributes in process `syz.3.2462'. [ 490.331717][T12269] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.2463'. [ 490.346134][T12271] netlink: 210880 bytes leftover after parsing attributes in process `syz.0.2464'. [ 490.590305][T12281] netlink: 210880 bytes leftover after parsing attributes in process `syz.0.2467'. [ 490.636007][T12279] netlink: 208556 bytes leftover after parsing attributes in process `syz.2.2466'. [ 490.784087][T12287] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.2469'. [ 491.015192][T12297] validate_nla: 20 callbacks suppressed [ 491.015224][T12297] netlink: 'syz.2.2473': attribute type 10 has an invalid length. [ 491.031216][T12297] netlink: 'syz.2.2473': attribute type 4 has an invalid length. [ 491.039766][T12297] netlink: 'syz.2.2473': attribute type 5 has an invalid length. [ 491.048593][T12297] netlink: 208556 bytes leftover after parsing attributes in process `syz.2.2473'. [ 491.118475][T12299] netlink: 'syz.0.2474': attribute type 10 has an invalid length. [ 491.126569][T12299] netlink: 210880 bytes leftover after parsing attributes in process `syz.0.2474'. [ 491.280631][T12303] netlink: 'syz.2.2476': attribute type 10 has an invalid length. [ 491.356996][T12306] netlink: 'syz.0.2477': attribute type 10 has an invalid length. [ 491.479367][T12310] netlink: 'syz.2.2478': attribute type 10 has an invalid length. [ 491.490301][T12310] netlink: 'syz.2.2478': attribute type 4 has an invalid length. [ 491.498638][T12310] netlink: 'syz.2.2478': attribute type 5 has an invalid length. [ 491.806043][T12320] netlink: 'syz.0.2483': attribute type 10 has an invalid length. [ 494.800591][T12420] __nla_validate_parse: 21 callbacks suppressed [ 494.800608][T12420] netlink: 210880 bytes leftover after parsing attributes in process `syz.0.2518'. [ 495.126666][T12424] netlink: 208556 bytes leftover after parsing attributes in process `syz.0.2520'. [ 495.566106][T12439] nla_validate_range_unsigned: 410 callbacks suppressed [ 495.566140][T12439] netlink: 'syz.2.2530': attribute type 11 has an invalid length. [ 495.601783][T12439] netlink: 'syz.2.2530': attribute type 11 has an invalid length. [ 495.638095][T12439] netlink: 'syz.2.2530': attribute type 11 has an invalid length. [ 495.669078][T12439] netlink: 'syz.2.2530': attribute type 11 has an invalid length. [ 495.677154][T12439] netlink: 'syz.2.2530': attribute type 11 has an invalid length. [ 495.717991][T12439] netlink: 'syz.2.2530': attribute type 11 has an invalid length. [ 495.740764][T12439] netlink: 'syz.2.2530': attribute type 11 has an invalid length. [ 495.751690][T12439] netlink: 'syz.2.2530': attribute type 11 has an invalid length. [ 495.766649][T12439] netlink: 'syz.2.2530': attribute type 11 has an invalid length. [ 495.776029][T12439] netlink: 'syz.2.2530': attribute type 11 has an invalid length. [ 495.785831][T12439] netlink: 208556 bytes leftover after parsing attributes in process `syz.2.2530'. [ 496.054971][T12455] validate_nla: 34 callbacks suppressed [ 496.055010][T12455] netlink: 'syz.2.2534': attribute type 10 has an invalid length. [ 496.101908][T12455] netlink: 'syz.2.2534': attribute type 4 has an invalid length. [ 496.120833][T12455] netlink: 'syz.2.2534': attribute type 5 has an invalid length. [ 496.168659][T12455] netlink: 208556 bytes leftover after parsing attributes in process `syz.2.2534'. [ 496.526037][T12470] netlink: 'syz.3.2542': attribute type 10 has an invalid length. [ 496.565603][T12470] netlink: 'syz.3.2542': attribute type 4 has an invalid length. [ 496.592103][T12470] netlink: 'syz.3.2542': attribute type 5 has an invalid length. [ 496.605238][T12470] netlink: 208556 bytes leftover after parsing attributes in process `syz.3.2542'. [ 497.243897][T12492] netlink: 'syz.3.2550': attribute type 10 has an invalid length. [ 497.260123][T12492] netlink: 'syz.3.2550': attribute type 4 has an invalid length. [ 497.271690][T12492] netlink: 'syz.3.2550': attribute type 5 has an invalid length. [ 497.284583][T12492] netlink: 208556 bytes leftover after parsing attributes in process `syz.3.2550'. [ 497.337253][T12498] netlink: 'syz.2.2552': attribute type 10 has an invalid length. [ 497.358824][T12498] netlink: 208556 bytes leftover after parsing attributes in process `syz.2.2552'. [ 498.696949][T12523] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.2561'. [ 498.747550][T12525] netlink: 208556 bytes leftover after parsing attributes in process `syz.3.2562'. [ 499.227385][T12539] netlink: 208556 bytes leftover after parsing attributes in process `syz.0.2574'. [ 501.570811][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.577185][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.887067][T12565] validate_nla: 11 callbacks suppressed [ 501.887092][T12565] netlink: 'syz.3.2578': attribute type 10 has an invalid length. [ 501.906310][T12565] nla_validate_range_unsigned: 270 callbacks suppressed [ 501.906346][T12565] netlink: 'syz.3.2578': attribute type 11 has an invalid length. [ 501.924975][T12565] netlink: 'syz.3.2578': attribute type 11 has an invalid length. [ 501.933580][T12565] netlink: 'syz.3.2578': attribute type 11 has an invalid length. [ 501.942732][T12565] netlink: 'syz.3.2578': attribute type 11 has an invalid length. [ 501.952299][T12565] netlink: 'syz.3.2578': attribute type 11 has an invalid length. [ 501.961630][T12565] netlink: 'syz.3.2578': attribute type 11 has an invalid length. [ 501.972724][T12565] netlink: 'syz.3.2578': attribute type 11 has an invalid length. [ 501.981337][T12565] netlink: 'syz.3.2578': attribute type 11 has an invalid length. [ 501.993667][T12565] netlink: 'syz.3.2578': attribute type 11 has an invalid length. [ 502.004858][T12565] netlink: 'syz.3.2578': attribute type 11 has an invalid length. [ 502.020892][T12565] netlink: 'syz.3.2578': attribute type 4 has an invalid length. [ 502.029967][T12565] netlink: 'syz.3.2578': attribute type 5 has an invalid length. [ 502.038457][T12565] __nla_validate_parse: 2 callbacks suppressed [ 502.038488][T12565] netlink: 208556 bytes leftover after parsing attributes in process `syz.3.2578'. [ 502.236971][T12574] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.2582'. [ 502.383648][T12578] netlink: 'syz.3.2584': attribute type 10 has an invalid length. [ 502.398188][T12578] netlink: 'syz.3.2584': attribute type 4 has an invalid length. [ 502.406409][T12578] netlink: 'syz.3.2584': attribute type 5 has an invalid length. [ 502.420593][T12578] netlink: 208556 bytes leftover after parsing attributes in process `syz.3.2584'. [ 502.670559][T12586] netlink: 'syz.2.2588': attribute type 10 has an invalid length. [ 502.684535][T12586] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.2588'. [ 512.164847][T12592] netlink: 'syz.2.2590': attribute type 10 has an invalid length. [ 512.193745][T12592] nla_validate_range_unsigned: 60 callbacks suppressed [ 512.193781][T12592] netlink: 'syz.2.2590': attribute type 11 has an invalid length. [ 512.257973][T12592] netlink: 'syz.2.2590': attribute type 11 has an invalid length. [ 512.297073][T12592] netlink: 'syz.2.2590': attribute type 11 has an invalid length. [ 512.327472][T12592] netlink: 'syz.2.2590': attribute type 11 has an invalid length. [ 512.357874][T12592] netlink: 'syz.2.2590': attribute type 11 has an invalid length. [ 512.391870][T12592] netlink: 'syz.2.2590': attribute type 11 has an invalid length. [ 512.425741][T12592] netlink: 'syz.2.2590': attribute type 11 has an invalid length. [ 512.458000][T12592] netlink: 'syz.2.2590': attribute type 11 has an invalid length. [ 512.487510][T12592] netlink: 'syz.2.2590': attribute type 11 has an invalid length. [ 512.517947][T12592] netlink: 'syz.2.2590': attribute type 11 has an invalid length. [ 512.548388][T12592] netlink: 'syz.2.2590': attribute type 4 has an invalid length. [ 512.570733][T12592] netlink: 'syz.2.2590': attribute type 5 has an invalid length. [ 512.645266][T12592] netlink: 208556 bytes leftover after parsing attributes in process `syz.2.2590'. [ 513.068038][T12601] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.2593'. [ 513.134310][ T5777] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 513.143474][ T5777] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 513.151686][ T5777] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 513.168637][ T5777] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 513.176384][ T5777] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 513.184282][ T5777] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 513.244524][ T49] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 513.338006][ T49] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 513.436743][ T49] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 513.505247][ T49] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 513.525136][T12606] chnl_net:caif_netlink_parms(): no params data found [ 513.593282][T12606] bridge0: port 1(bridge_slave_0) entered blocking state [ 513.600817][T12606] bridge0: port 1(bridge_slave_0) entered disabled state [ 513.608614][T12606] bridge_slave_0: entered allmulticast mode [ 513.615792][T12606] bridge_slave_0: entered promiscuous mode [ 513.625932][T12606] bridge0: port 2(bridge_slave_1) entered blocking state [ 513.633586][T12606] bridge0: port 2(bridge_slave_1) entered disabled state [ 513.642093][T12606] bridge_slave_1: entered allmulticast mode [ 513.654328][T12606] bridge_slave_1: entered promiscuous mode [ 513.683670][T12606] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 513.696461][T12606] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 513.753227][T12606] team0: Port device team_slave_0 added [ 513.797973][T12606] team0: Port device team_slave_1 added [ 513.841380][T12606] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 513.848722][T12606] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 513.874921][T12606] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 513.911046][T12606] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 513.922718][T12606] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 513.951977][T12606] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 514.075849][T12606] hsr_slave_0: entered promiscuous mode [ 514.082518][T12606] hsr_slave_1: entered promiscuous mode [ 514.089953][T12606] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 514.097540][T12606] Cannot create hsr debugfs directory [ 514.490681][T12606] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 514.507684][T12606] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 514.537029][T12606] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 514.554332][T12606] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 514.695971][T12606] 8021q: adding VLAN 0 to HW filter on device bond0 [ 514.720264][T12606] 8021q: adding VLAN 0 to HW filter on device team0 [ 514.743009][ T4188] bridge0: port 1(bridge_slave_0) entered blocking state [ 514.750229][ T4188] bridge0: port 1(bridge_slave_0) entered forwarding state [ 514.790655][ T1120] bridge0: port 2(bridge_slave_1) entered blocking state [ 514.797872][ T1120] bridge0: port 2(bridge_slave_1) entered forwarding state [ 515.234554][ T49] batadv0: left allmulticast mode [ 515.244107][ T49] batadv0: left promiscuous mode [ 515.250684][ T49] ¤: port 1(batadv0) entered disabled state [ 515.260352][ T5777] Bluetooth: hci3: command tx timeout [ 515.272738][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 515.284248][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 515.294245][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 515.304762][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 515.313565][ T49] batman_adv: batadv0: Interface deactivated: veth1_virt_wifi [ 515.322413][ T49] batman_adv: batadv0: Removing interface: veth1_virt_wifi [ 515.346031][ T49] veth1_macvtap: left promiscuous mode [ 515.352114][ T49] veth0_macvtap: left promiscuous mode [ 516.171108][T12606] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 516.568283][T12606] veth0_vlan: entered promiscuous mode [ 516.582146][T12606] veth1_vlan: entered promiscuous mode [ 516.617357][T12606] veth0_macvtap: entered promiscuous mode [ 516.642518][T12606] veth1_macvtap: entered promiscuous mode [ 516.673979][T12606] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 516.697572][T12606] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 516.708501][T12606] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 516.719751][T12606] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 516.730510][T12606] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 516.740831][T12606] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 516.755036][T12606] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 516.766628][T12606] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 516.785004][T12606] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 516.794155][T12606] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 516.807087][T12606] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 516.816886][T12606] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 516.920110][ T32] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 516.939274][ T32] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 516.972771][ T1301] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 516.981498][ T1301] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 517.328221][ T5777] Bluetooth: hci3: command tx timeout [ 517.359014][T12681] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2598'. [ 517.926251][T12689] syzkaller0: entered promiscuous mode [ 517.968712][T12689] syzkaller0: entered allmulticast mode [ 519.408009][ T5777] Bluetooth: hci3: command tx timeout [ 521.209570][T12757] wg2: entered promiscuous mode [ 521.214670][T12757] wg2: entered allmulticast mode [ 521.487902][ T5777] Bluetooth: hci3: command tx timeout [ 522.366861][T12802] wg2: entered promiscuous mode [ 522.383429][T12802] wg2: entered allmulticast mode [ 526.150312][T12906] netlink: 'syz.3.2659': attribute type 10 has an invalid length. [ 526.164293][T12906] nla_validate_range_unsigned: 25 callbacks suppressed [ 526.164330][T12906] netlink: 'syz.3.2659': attribute type 11 has an invalid length. [ 526.185533][T12906] netlink: 'syz.3.2659': attribute type 11 has an invalid length. [ 526.194334][T12906] netlink: 'syz.3.2659': attribute type 11 has an invalid length. [ 526.207477][T12906] netlink: 'syz.3.2659': attribute type 11 has an invalid length. [ 526.218752][T12906] netlink: 'syz.3.2659': attribute type 11 has an invalid length. [ 526.235911][T12906] netlink: 'syz.3.2659': attribute type 11 has an invalid length. [ 526.244735][T12906] netlink: 'syz.3.2659': attribute type 11 has an invalid length. [ 526.257973][T12906] netlink: 'syz.3.2659': attribute type 11 has an invalid length. [ 526.266951][T12906] netlink: 'syz.3.2659': attribute type 11 has an invalid length. [ 526.280584][T12906] netlink: 'syz.3.2659': attribute type 11 has an invalid length. [ 526.292304][T12906] netlink: 'syz.3.2659': attribute type 4 has an invalid length. [ 526.303325][T12906] netlink: 'syz.3.2659': attribute type 5 has an invalid length. [ 526.314104][T12906] netlink: 208556 bytes leftover after parsing attributes in process `syz.3.2659'. [ 526.696110][T12916] netlink: 'syz.3.2663': attribute type 1 has an invalid length. [ 526.704103][T12916] netlink: 'syz.3.2663': attribute type 2 has an invalid length. [ 526.712831][T12916] netlink: 11254 bytes leftover after parsing attributes in process `syz.3.2663'. [ 527.456122][T12931] netlink: 'syz.4.2670': attribute type 10 has an invalid length. [ 527.469389][T12931] netlink: 'syz.4.2670': attribute type 4 has an invalid length. [ 527.477617][T12931] netlink: 'syz.4.2670': attribute type 5 has an invalid length. [ 527.486399][T12931] netlink: 208556 bytes leftover after parsing attributes in process `syz.4.2670'. [ 527.971460][T12944] netlink: 'syz.2.2676': attribute type 1 has an invalid length. [ 527.986851][T12944] netlink: 'syz.2.2676': attribute type 2 has an invalid length. [ 528.008226][T12944] netlink: 11254 bytes leftover after parsing attributes in process `syz.2.2676'. [ 528.285928][T12952] netlink: 208556 bytes leftover after parsing attributes in process `syz.2.2679'. [ 528.923783][T12968] netlink: 208556 bytes leftover after parsing attributes in process `syz.0.2683'. [ 529.166155][T12983] netlink: 184 bytes leftover after parsing attributes in process `syz.4.2689'. [ 529.214453][T12983] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2689'. [ 529.229074][T12983] batadv0: entered promiscuous mode [ 529.234536][T12983] batadv0: entered allmulticast mode [ 529.245958][T12983] bridge0: port 3(batadv0) entered blocking state [ 529.253740][T12983] bridge0: port 3(batadv0) entered disabled state [ 529.274828][T12983] bridge0: port 3(batadv0) entered blocking state [ 529.281791][T12983] bridge0: port 3(batadv0) entered forwarding state [ 529.562939][ T32] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 529.572403][ T32] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 529.946380][T12993] netlink: 2 bytes leftover after parsing attributes in process `syz.4.2692'. [ 529.956718][T12993] bond0: entered promiscuous mode [ 529.964628][T12993] bond_slave_0: entered promiscuous mode [ 529.980531][T12993] bond_slave_1: entered promiscuous mode [ 529.987450][T12993] bridge0: port 4(bond0) entered blocking state [ 529.998192][T12993] bridge0: port 4(bond0) entered disabled state [ 530.007045][T12993] bond0: entered allmulticast mode [ 530.013597][T12993] bond_slave_0: entered allmulticast mode [ 530.020321][T12993] bond_slave_1: entered allmulticast mode [ 530.045340][T12993] bridge0: port 4(bond0) entered blocking state [ 530.052473][T12993] bridge0: port 4(bond0) entered forwarding state [ 531.054689][T13021] netlink: 184 bytes leftover after parsing attributes in process `syz.2.2700'. [ 531.085575][T13021] ¤: port 1(batadv0) entered disabled state [ 531.108941][T13021] bridge0: port 3(batadv0) entered blocking state [ 531.116120][T13021] bridge0: port 3(batadv0) entered disabled state [ 531.138547][T13021] bridge0: port 3(batadv0) entered blocking state [ 531.145611][T13021] bridge0: port 3(batadv0) entered forwarding state [ 531.615298][T13036] validate_nla: 9 callbacks suppressed [ 531.615331][T13036] netlink: 'syz.2.2703': attribute type 10 has an invalid length. [ 531.682001][T13036] __nla_validate_parse: 1 callbacks suppressed [ 531.682034][T13036] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2703'. [ 532.826919][T13068] netlink: 'syz.3.2715': attribute type 10 has an invalid length. [ 532.867009][T13068] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2715'. [ 533.909191][T13105] netlink: 184 bytes leftover after parsing attributes in process `syz.0.2722'. [ 533.946265][T13105] netlink: 'syz.0.2722': attribute type 10 has an invalid length. [ 533.968015][T13105] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2722'. [ 533.981353][T13105] ¤: port 1(batadv0) entered disabled state [ 534.019395][T13105] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 535.248133][T13135] netlink: 'syz.0.2726': attribute type 10 has an invalid length. [ 535.261898][T13135] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2726'. [ 535.268382][T13134] sock: sock_timestamping_bind_phc: sock not bind to device [ 537.202017][T13183] netlink: 'syz.4.2737': attribute type 10 has an invalid length. [ 537.211483][T13183] nla_validate_range_unsigned: 130 callbacks suppressed [ 537.211497][T13183] netlink: 'syz.4.2737': attribute type 11 has an invalid length. [ 537.245467][T13183] netlink: 'syz.4.2737': attribute type 11 has an invalid length. [ 537.271284][T13183] netlink: 'syz.4.2737': attribute type 11 has an invalid length. [ 537.294810][T13183] netlink: 'syz.4.2737': attribute type 11 has an invalid length. [ 537.311522][T13183] netlink: 'syz.4.2737': attribute type 11 has an invalid length. [ 537.329283][T13183] netlink: 'syz.4.2737': attribute type 11 has an invalid length. [ 537.358815][T13183] netlink: 'syz.4.2737': attribute type 11 has an invalid length. [ 537.374439][T13183] netlink: 'syz.4.2737': attribute type 11 has an invalid length. [ 537.394081][T13183] netlink: 'syz.4.2737': attribute type 11 has an invalid length. [ 537.412875][T13183] netlink: 'syz.4.2737': attribute type 11 has an invalid length. [ 537.444819][T13183] netlink: 'syz.4.2737': attribute type 4 has an invalid length. [ 537.461568][T13183] netlink: 'syz.4.2737': attribute type 5 has an invalid length. [ 537.483192][T13183] netlink: 208556 bytes leftover after parsing attributes in process `syz.4.2737'. [ 541.036307][T13259] netlink: 'syz.0.2755': attribute type 10 has an invalid length. [ 541.044649][T13259] netlink: 210880 bytes leftover after parsing attributes in process `syz.0.2755'. [ 543.386980][T13299] netlink: 'syz.4.2769': attribute type 10 has an invalid length. [ 543.401015][T13299] nla_validate_range_unsigned: 25 callbacks suppressed [ 543.401062][T13299] netlink: 'syz.4.2769': attribute type 11 has an invalid length. [ 543.421671][T13299] netlink: 'syz.4.2769': attribute type 11 has an invalid length. [ 543.429910][T13299] netlink: 'syz.4.2769': attribute type 11 has an invalid length. [ 543.440015][T13299] netlink: 'syz.4.2769': attribute type 11 has an invalid length. [ 543.449714][T13299] netlink: 'syz.4.2769': attribute type 11 has an invalid length. [ 543.468689][T13299] netlink: 'syz.4.2769': attribute type 11 has an invalid length. [ 543.479101][T13299] netlink: 'syz.4.2769': attribute type 11 has an invalid length. [ 543.487236][T13299] netlink: 'syz.4.2769': attribute type 11 has an invalid length. [ 543.496224][T13299] netlink: 'syz.4.2769': attribute type 11 has an invalid length. [ 543.504556][T13299] netlink: 'syz.4.2769': attribute type 11 has an invalid length. [ 543.514936][T13299] netlink: 'syz.4.2769': attribute type 4 has an invalid length. [ 543.527360][T13299] netlink: 'syz.4.2769': attribute type 5 has an invalid length. [ 543.535581][T13299] netlink: 208556 bytes leftover after parsing attributes in process `syz.4.2769'. [ 544.593724][T13331] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.2774'. [ 544.933793][T13337] netlink: 'syz.3.2775': attribute type 10 has an invalid length. [ 544.951821][T13337] netlink: 'syz.3.2775': attribute type 4 has an invalid length. [ 544.987955][T13337] netlink: 'syz.3.2775': attribute type 5 has an invalid length. [ 544.996300][T13337] netlink: 208556 bytes leftover after parsing attributes in process `syz.3.2775'. [ 545.193940][T13345] netlink: 'syz.3.2778': attribute type 10 has an invalid length. [ 545.208046][T13345] netlink: 'syz.3.2778': attribute type 4 has an invalid length. [ 545.222284][T13345] netlink: 'syz.3.2778': attribute type 5 has an invalid length. [ 545.247898][T13345] netlink: 208556 bytes leftover after parsing attributes in process `syz.3.2778'. [ 545.634162][T13356] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.2783'. [ 545.728403][ T27] page_pool_release_retry() stalled pool shutdown 1 inflight 60 sec [ 546.306009][T13369] netlink: 'syz.2.2787': attribute type 10 has an invalid length. [ 546.334555][T13369] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.2787'. [ 546.764660][T13378] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.2788'. [ 548.189030][T13396] netlink: 65047 bytes leftover after parsing attributes in process `syz.4.2793'. [ 548.419215][T13398] validate_nla: 1 callbacks suppressed [ 548.419254][T13398] netlink: 'syz.3.2796': attribute type 10 has an invalid length. [ 548.434020][T13398] nla_validate_range_unsigned: 95 callbacks suppressed [ 548.434079][T13398] netlink: 'syz.3.2796': attribute type 11 has an invalid length. [ 548.460505][T13398] netlink: 'syz.3.2796': attribute type 11 has an invalid length. [ 548.469888][T13398] netlink: 'syz.3.2796': attribute type 11 has an invalid length. [ 548.479056][T13398] netlink: 'syz.3.2796': attribute type 11 has an invalid length. [ 548.487413][T13398] netlink: 'syz.3.2796': attribute type 11 has an invalid length. [ 548.497667][T13398] netlink: 'syz.3.2796': attribute type 11 has an invalid length. [ 548.507427][T13398] netlink: 'syz.3.2796': attribute type 11 has an invalid length. [ 548.519106][T13398] netlink: 'syz.3.2796': attribute type 11 has an invalid length. [ 548.527240][T13398] netlink: 'syz.3.2796': attribute type 11 has an invalid length. [ 548.549158][T13398] netlink: 'syz.3.2796': attribute type 11 has an invalid length. [ 548.577357][T13398] netlink: 'syz.3.2796': attribute type 4 has an invalid length. [ 548.615516][T13398] netlink: 'syz.3.2796': attribute type 5 has an invalid length. [ 548.624492][T13398] netlink: 208556 bytes leftover after parsing attributes in process `syz.3.2796'. [ 548.713665][T13405] netlink: 'syz.0.2799': attribute type 10 has an invalid length. [ 548.747545][T13405] netlink: 'syz.0.2799': attribute type 4 has an invalid length. [ 548.794335][T13405] netlink: 'syz.0.2799': attribute type 5 has an invalid length. [ 548.842647][T13405] netlink: 208556 bytes leftover after parsing attributes in process `syz.0.2799'. [ 549.612974][T13421] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.2804'. [ 550.294563][T13434] netlink: 'syz.2.2809': attribute type 10 has an invalid length. [ 550.320579][T13434] netlink: 'syz.2.2809': attribute type 4 has an invalid length. [ 550.337289][T13434] netlink: 'syz.2.2809': attribute type 5 has an invalid length. [ 550.348300][T13434] netlink: 208556 bytes leftover after parsing attributes in process `syz.2.2809'. [ 550.381108][ T23] page_pool_release_retry() stalled pool shutdown 1 inflight 60 sec [ 550.551324][T13442] netlink: 'syz.4.2811': attribute type 10 has an invalid length. [ 550.582995][T13442] netlink: 210880 bytes leftover after parsing attributes in process `syz.4.2811'. [ 553.579513][T13470] netlink: 'syz.2.2822': attribute type 10 has an invalid length. [ 553.587585][T13470] nla_validate_range_unsigned: 95 callbacks suppressed [ 553.587627][T13470] netlink: 'syz.2.2822': attribute type 11 has an invalid length. [ 553.603542][T13470] netlink: 'syz.2.2822': attribute type 11 has an invalid length. [ 553.614474][T13470] netlink: 'syz.2.2822': attribute type 11 has an invalid length. [ 553.622803][T13470] netlink: 'syz.2.2822': attribute type 11 has an invalid length. [ 553.631801][T13470] netlink: 'syz.2.2822': attribute type 11 has an invalid length. [ 553.640226][T13470] netlink: 'syz.2.2822': attribute type 11 has an invalid length. [ 553.649317][T13470] netlink: 'syz.2.2822': attribute type 11 has an invalid length. [ 553.657535][T13470] netlink: 'syz.2.2822': attribute type 11 has an invalid length. [ 553.666067][T13470] netlink: 'syz.2.2822': attribute type 11 has an invalid length. [ 553.674787][T13470] netlink: 'syz.2.2822': attribute type 11 has an invalid length. [ 553.683790][T13470] netlink: 'syz.2.2822': attribute type 4 has an invalid length. [ 553.692285][T13470] netlink: 'syz.2.2822': attribute type 5 has an invalid length. [ 553.700874][T13470] netlink: 208556 bytes leftover after parsing attributes in process `syz.2.2822'. [ 554.015480][T13475] syzkaller0: entered promiscuous mode [ 554.021185][T13475] syzkaller0: entered allmulticast mode [ 557.687375][T13500] Dead loop on virtual device ip6_vti0, fix it urgently! [ 558.109373][T13515] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2841'. [ 558.131805][T13515] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô!' [ 558.146813][T13515] CPU: 1 PID: 13515 Comm: syz.0.2841 Not tainted syzkaller #0 [ 558.154340][T13515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 558.164441][T13515] Call Trace: [ 558.167758][T13515] [ 558.170719][T13515] dump_stack_lvl+0x18c/0x250 [ 558.175474][T13515] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 558.181701][T13515] ? show_regs_print_info+0x20/0x20 [ 558.186942][T13515] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 558.193149][T13515] ? dump_stack+0x9/0x20 [ 558.197447][T13515] sysfs_warn_dup+0x8e/0xa0 [ 558.201992][T13515] sysfs_do_create_link_sd+0xc0/0x110 [ 558.207402][T13515] device_add_class_symlinks+0x1cf/0x240 [ 558.213082][T13515] device_add+0x507/0xc20 [ 558.217458][T13515] wiphy_register+0x1dad/0x2ae0 [ 558.222371][T13515] ? cfg80211_event_work+0x40/0x40 [ 558.227522][T13515] ? minstrel_ht_alloc+0x88a/0x990 [ 558.232694][T13515] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 558.238810][T13515] ieee80211_register_hw+0x3464/0x4250 [ 558.244347][T13515] ? ieee80211_tasklet_handler+0x20/0x20 [ 558.250027][T13515] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 558.255973][T13515] ? __debug_object_init+0xec/0x450 [ 558.261221][T13515] ? __asan_memset+0x22/0x40 [ 558.265863][T13515] ? __hrtimer_init+0x186/0x270 [ 558.270770][T13515] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 558.276558][T13515] ? mac80211_hwsim_free+0x220/0x220 [ 558.281877][T13515] ? rcu_is_watching+0x15/0xb0 [ 558.286700][T13515] ? kstrndup+0xbd/0x140 [ 558.291025][T13515] hwsim_new_radio_nl+0xdc9/0x1a90 [ 558.296233][T13515] ? __nla_validate+0x50/0x50 [ 558.300981][T13515] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 558.307374][T13515] ? __nla_parse+0x40/0x50 [ 558.311828][T13515] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 558.318231][T13515] genl_family_rcv_msg_doit+0x211/0x310 [ 558.323826][T13515] ? end_current_label_crit_section+0x170/0x170 [ 558.330113][T13515] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 558.336048][T13515] ? bpf_lsm_capable+0x9/0x10 [ 558.340766][T13515] ? security_capable+0x89/0xb0 [ 558.345689][T13515] genl_rcv_msg+0x619/0x7a0 [ 558.350239][T13515] ? genl_bind+0x360/0x360 [ 558.354685][T13515] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 558.361080][T13515] netlink_rcv_skb+0x241/0x4d0 [ 558.365873][T13515] ? genl_bind+0x360/0x360 [ 558.370312][T13515] ? netlink_ack+0x1180/0x1180 [ 558.375113][T13515] ? __lock_acquire+0x7d40/0x7d40 [ 558.380162][T13515] ? down_read+0x1ac/0x2e0 [ 558.384630][T13515] genl_rcv+0x28/0x40 [ 558.388636][T13515] netlink_unicast+0x751/0x8d0 [ 558.393445][T13515] netlink_sendmsg+0x8d0/0xbf0 [ 558.398249][T13515] ? netlink_getsockopt+0x590/0x590 [ 558.403497][T13515] ? aa_sock_msg_perm+0x94/0x150 [ 558.408471][T13515] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 558.413783][T13515] ? security_socket_sendmsg+0x80/0xa0 [ 558.419257][T13515] ? netlink_getsockopt+0x590/0x590 [ 558.424518][T13515] ____sys_sendmsg+0x5ba/0x960 [ 558.429342][T13515] ? __asan_memset+0x22/0x40 [ 558.433976][T13515] ? __sys_sendmsg_sock+0x30/0x30 [ 558.439027][T13515] ? __import_iovec+0x5f2/0x850 [ 558.443911][T13515] ? import_iovec+0x73/0xa0 [ 558.448448][T13515] ___sys_sendmsg+0x2a6/0x360 [ 558.453161][T13515] ? __sys_sendmsg+0x2a0/0x2a0 [ 558.457959][T13515] ? seqcount_lockdep_reader_access+0x17b/0x1d0 [ 558.464258][T13515] __se_sys_sendmsg+0x1c2/0x2b0 [ 558.469135][T13515] ? __x64_sys_sendmsg+0x80/0x80 [ 558.474107][T13515] ? lockdep_hardirqs_on+0x98/0x150 [ 558.479333][T13515] do_syscall_64+0x55/0xa0 [ 558.483780][T13515] ? clear_bhb_loop+0x40/0x90 [ 558.488488][T13515] ? clear_bhb_loop+0x40/0x90 [ 558.493200][T13515] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 558.499118][T13515] RIP: 0033:0x7f923cb9c819 [ 558.503560][T13515] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 558.523236][T13515] RSP: 002b:00007f923d9a6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 558.531699][T13515] RAX: ffffffffffffffda RBX: 00007f923ce15fa0 RCX: 00007f923cb9c819 [ 558.539693][T13515] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 558.547683][T13515] RBP: 00007f923cc32c91 R08: 0000000000000000 R09: 0000000000000000 [ 558.555684][T13515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 558.563679][T13515] R13: 00007f923ce16038 R14: 00007f923ce15fa0 R15: 00007ffdc980f6b8 [ 558.571682][T13515] [ 558.729214][T13524] netlink: 'syz.2.2843': attribute type 10 has an invalid length. [ 558.737303][T13524] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.2843'. [ 561.202661][T13553] syzkaller0: entered promiscuous mode [ 561.223897][T13553] syzkaller0: entered allmulticast mode [ 562.315596][T13577] netlink: 'syz.0.2861': attribute type 10 has an invalid length. [ 562.324280][T13577] netlink: 210880 bytes leftover after parsing attributes in process `syz.0.2861'. [ 563.013032][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.021042][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.656602][T13596] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2871'. [ 563.695721][T13596] debugfs: Directory '!!ô!' with parent 'ieee80211' already present! [ 563.811105][T13600] netlink: 'syz.3.2872': attribute type 10 has an invalid length. [ 563.819173][T13600] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.2872'. [ 566.674154][T13604] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2876'. [ 567.438910][T13637] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 568.294520][T13656] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2897'. [ 568.323637][T13656] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 568.533696][T13673] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 570.264280][T13699] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.2915'. [ 570.286169][T13699] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 574.345728][T13751] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2936'. [ 575.507115][T13751] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô!' [ 575.519317][T13751] CPU: 0 PID: 13751 Comm: syz.3.2936 Not tainted syzkaller #0 [ 575.526831][T13751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 575.536923][T13751] Call Trace: [ 575.540241][T13751] [ 575.543201][T13751] dump_stack_lvl+0x18c/0x250 [ 575.547939][T13751] ? show_regs_print_info+0x20/0x20 [ 575.553193][T13751] ? load_image+0x420/0x420 [ 575.557749][T13751] sysfs_warn_dup+0x8e/0xa0 [ 575.562282][T13751] sysfs_do_create_link_sd+0xc0/0x110 [ 575.567697][T13751] device_add_class_symlinks+0x1cf/0x240 [ 575.573380][T13751] device_add+0x507/0xc20 [ 575.577758][T13751] wiphy_register+0x1dad/0x2ae0 [ 575.582672][T13751] ? cfg80211_event_work+0x40/0x40 [ 575.587822][T13751] ? minstrel_ht_alloc+0x88a/0x990 [ 575.592989][T13751] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 575.599106][T13751] ieee80211_register_hw+0x3464/0x4250 [ 575.604630][T13751] ? ieee80211_tasklet_handler+0x20/0x20 [ 575.610296][T13751] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 575.616234][T13751] ? __debug_object_init+0xec/0x450 [ 575.621509][T13751] ? __asan_memset+0x22/0x40 [ 575.626157][T13751] ? __hrtimer_init+0x186/0x270 [ 575.631051][T13751] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 575.636841][T13751] ? mac80211_hwsim_free+0x220/0x220 [ 575.642205][T13751] ? rcu_is_watching+0x15/0xb0 [ 575.647008][T13751] ? kstrndup+0xbd/0x140 [ 575.651310][T13751] hwsim_new_radio_nl+0xdc9/0x1a90 [ 575.656475][T13751] ? mark_lock+0x94/0x320 [ 575.660859][T13751] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 575.667245][T13751] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 575.673422][T13751] ? lockdep_hardirqs_on+0x98/0x150 [ 575.678665][T13751] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 575.684897][T13751] genl_family_rcv_msg_doit+0x211/0x310 [ 575.690493][T13751] ? end_current_label_crit_section+0x170/0x170 [ 575.696784][T13751] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 575.702742][T13751] ? bpf_lsm_capable+0x9/0x10 [ 575.707471][T13751] ? security_capable+0x89/0xb0 [ 575.712387][T13751] genl_rcv_msg+0x619/0x7a0 [ 575.716937][T13751] ? genl_bind+0x360/0x360 [ 575.721392][T13751] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 575.727766][T13751] ? perf_trace_preemptirq_template+0x269/0x330 [ 575.734051][T13751] ? rcu_read_unlock_special+0xf7/0x4d0 [ 575.739657][T13751] netlink_rcv_skb+0x241/0x4d0 [ 575.744464][T13751] ? genl_bind+0x360/0x360 [ 575.748911][T13751] ? netlink_ack+0x1180/0x1180 [ 575.753736][T13751] ? __lock_acquire+0x7d40/0x7d40 [ 575.758789][T13751] ? down_read+0x1ac/0x2e0 [ 575.763253][T13751] genl_rcv+0x28/0x40 [ 575.767287][T13751] netlink_unicast+0x751/0x8d0 [ 575.772111][T13751] netlink_sendmsg+0x8d0/0xbf0 [ 575.776920][T13751] ? lockdep_hardirqs_on+0x98/0x150 [ 575.782161][T13751] ? netlink_getsockopt+0x590/0x590 [ 575.787421][T13751] ? aa_sock_msg_perm+0x94/0x150 [ 575.792404][T13751] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 575.797725][T13751] ? security_socket_sendmsg+0x80/0xa0 [ 575.803225][T13751] ? netlink_getsockopt+0x590/0x590 [ 575.808466][T13751] ____sys_sendmsg+0x5ba/0x960 [ 575.813266][T13751] ? __asan_memset+0x22/0x40 [ 575.817886][T13751] ? __sys_sendmsg_sock+0x30/0x30 [ 575.822936][T13751] ? __import_iovec+0x5f2/0x850 [ 575.827826][T13751] ? import_iovec+0x73/0xa0 [ 575.832369][T13751] ___sys_sendmsg+0x2a6/0x360 [ 575.837092][T13751] ? __sys_sendmsg+0x2a0/0x2a0 [ 575.841941][T13751] __se_sys_sendmsg+0x1c2/0x2b0 [ 575.846840][T13751] ? __x64_sys_sendmsg+0x80/0x80 [ 575.851828][T13751] ? syscall_enter_from_user_mode+0x2e/0x80 [ 575.857771][T13751] do_syscall_64+0x55/0xa0 [ 575.862224][T13751] ? clear_bhb_loop+0x40/0x90 [ 575.866923][T13751] ? clear_bhb_loop+0x40/0x90 [ 575.871642][T13751] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 575.877569][T13751] RIP: 0033:0x7f5b7af9c819 [ 575.882016][T13751] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 575.901658][T13751] RSP: 002b:00007f5b7be32028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 575.910109][T13751] RAX: ffffffffffffffda RBX: 00007f5b7b215fa0 RCX: 00007f5b7af9c819 [ 575.918113][T13751] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 575.926142][T13751] RBP: 00007f5b7b032c91 R08: 0000000000000000 R09: 0000000000000000 [ 575.934165][T13751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 575.942171][T13751] R13: 00007f5b7b216038 R14: 00007f5b7b215fa0 R15: 00007ffc5d38aa38 [ 575.950207][T13751] [ 576.831073][T13761] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2939'. [ 578.522539][T13761] debugfs: Directory '!!ô' with parent 'ieee80211' already present! [ 581.842001][T13798] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.2956'. [ 581.870170][T13798] debugfs: Directory '!!ô!' with parent 'ieee80211' already present! [ 582.400037][T13811] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.2959'. [ 582.431125][T13811] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 582.439857][T13811] CPU: 0 PID: 13811 Comm: syz.4.2959 Not tainted syzkaller #0 [ 582.447387][T13811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 582.457533][T13811] Call Trace: [ 582.460841][T13811] [ 582.463823][T13811] dump_stack_lvl+0x18c/0x250 [ 582.468556][T13811] ? show_regs_print_info+0x20/0x20 [ 582.473808][T13811] ? load_image+0x420/0x420 [ 582.478369][T13811] sysfs_warn_dup+0x8e/0xa0 [ 582.482910][T13811] sysfs_do_create_link_sd+0xc0/0x110 [ 582.488314][T13811] device_add_class_symlinks+0x1cf/0x240 [ 582.494004][T13811] device_add+0x507/0xc20 [ 582.498383][T13811] wiphy_register+0x1dad/0x2ae0 [ 582.503305][T13811] ? cfg80211_event_work+0x40/0x40 [ 582.508450][T13811] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 582.514648][T13811] ? ieee80211_register_hw+0x3049/0x4250 [ 582.520335][T13811] ieee80211_register_hw+0x3464/0x4250 [ 582.525876][T13811] ? ieee80211_tasklet_handler+0x20/0x20 [ 582.531544][T13811] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 582.537467][T13811] ? __debug_object_init+0xec/0x450 [ 582.542695][T13811] ? __asan_memset+0x22/0x40 [ 582.547311][T13811] ? __hrtimer_init+0x186/0x270 [ 582.552194][T13811] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 582.557990][T13811] ? mac80211_hwsim_free+0x220/0x220 [ 582.563311][T13811] ? rcu_is_watching+0x15/0xb0 [ 582.568127][T13811] ? kstrndup+0xbd/0x140 [ 582.572430][T13811] hwsim_new_radio_nl+0xdc9/0x1a90 [ 582.577568][T13811] ? __nla_validate+0x50/0x50 [ 582.582267][T13811] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 582.588627][T13811] ? __nla_parse+0x40/0x50 [ 582.593088][T13811] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 582.599465][T13811] genl_family_rcv_msg_doit+0x211/0x310 [ 582.605046][T13811] ? end_current_label_crit_section+0x170/0x170 [ 582.611351][T13811] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 582.617313][T13811] ? bpf_lsm_capable+0x9/0x10 [ 582.622035][T13811] ? security_capable+0x89/0xb0 [ 582.626969][T13811] genl_rcv_msg+0x619/0x7a0 [ 582.631519][T13811] ? genl_bind+0x360/0x360 [ 582.635976][T13811] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 582.642365][T13811] netlink_rcv_skb+0x241/0x4d0 [ 582.647201][T13811] ? genl_bind+0x360/0x360 [ 582.651657][T13811] ? netlink_ack+0x1180/0x1180 [ 582.656481][T13811] ? __lock_acquire+0x7d40/0x7d40 [ 582.661566][T13811] ? down_read+0x1ac/0x2e0 [ 582.666025][T13811] genl_rcv+0x28/0x40 [ 582.670043][T13811] netlink_unicast+0x751/0x8d0 [ 582.674876][T13811] netlink_sendmsg+0x8d0/0xbf0 [ 582.679693][T13811] ? netlink_getsockopt+0x590/0x590 [ 582.684947][T13811] ? aa_sock_msg_perm+0x94/0x150 [ 582.689931][T13811] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 582.695264][T13811] ? security_socket_sendmsg+0x80/0xa0 [ 582.700758][T13811] ? netlink_getsockopt+0x590/0x590 [ 582.706028][T13811] ____sys_sendmsg+0x5ba/0x960 [ 582.710842][T13811] ? __asan_memset+0x22/0x40 [ 582.715485][T13811] ? __sys_sendmsg_sock+0x30/0x30 [ 582.720559][T13811] ? __import_iovec+0x5f2/0x850 [ 582.725473][T13811] ? import_iovec+0x73/0xa0 [ 582.730109][T13811] ___sys_sendmsg+0x2a6/0x360 [ 582.734840][T13811] ? __sys_sendmsg+0x2a0/0x2a0 [ 582.739665][T13811] ? seqcount_lockdep_reader_access+0x17b/0x1d0 [ 582.745979][T13811] __se_sys_sendmsg+0x1c2/0x2b0 [ 582.750873][T13811] ? __x64_sys_sendmsg+0x80/0x80 [ 582.755884][T13811] ? lockdep_hardirqs_on+0x98/0x150 [ 582.761151][T13811] do_syscall_64+0x55/0xa0 [ 582.765614][T13811] ? clear_bhb_loop+0x40/0x90 [ 582.770341][T13811] ? clear_bhb_loop+0x40/0x90 [ 582.775073][T13811] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 582.781015][T13811] RIP: 0033:0x7f6307f9c819 [ 582.785498][T13811] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 582.805143][T13811] RSP: 002b:00007f6308e8f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 582.813598][T13811] RAX: ffffffffffffffda RBX: 00007f6308215fa0 RCX: 00007f6307f9c819 [ 582.821609][T13811] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000a [ 582.829618][T13811] RBP: 00007f6308032c91 R08: 0000000000000000 R09: 0000000000000000 [ 582.837627][T13811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 582.845638][T13811] R13: 00007f6308216038 R14: 00007f6308215fa0 R15: 00007ffd0a99a848 [ 582.853662][T13811] [ 583.587271][T13835] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.2970'. [ 583.706414][T13835] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô!' [ 583.715139][T13835] CPU: 0 PID: 13835 Comm: syz.4.2970 Not tainted syzkaller #0 [ 583.722655][T13835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 583.732759][T13835] Call Trace: [ 583.736079][T13835] [ 583.739040][T13835] dump_stack_lvl+0x18c/0x250 [ 583.743776][T13835] ? show_regs_print_info+0x20/0x20 [ 583.749019][T13835] ? load_image+0x420/0x420 [ 583.753606][T13835] sysfs_warn_dup+0x8e/0xa0 [ 583.758149][T13835] sysfs_do_create_link_sd+0xc0/0x110 [ 583.763554][T13835] device_add_class_symlinks+0x1cf/0x240 [ 583.769230][T13835] device_add+0x507/0xc20 [ 583.773594][T13835] wiphy_register+0x1dad/0x2ae0 [ 583.778478][T13835] ? cfg80211_event_work+0x40/0x40 [ 583.783616][T13835] ? minstrel_ht_alloc+0x88a/0x990 [ 583.788820][T13835] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 583.794939][T13835] ieee80211_register_hw+0x3464/0x4250 [ 583.800455][T13835] ? ieee80211_tasklet_handler+0x20/0x20 [ 583.806155][T13835] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 583.812095][T13835] ? __debug_object_init+0xec/0x450 [ 583.817365][T13835] ? __asan_memset+0x22/0x40 [ 583.822001][T13835] ? __hrtimer_init+0x186/0x270 [ 583.826903][T13835] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 583.832670][T13835] ? mac80211_hwsim_free+0x220/0x220 [ 583.837980][T13835] ? rcu_is_watching+0x15/0xb0 [ 583.842792][T13835] ? kstrndup+0xbd/0x140 [ 583.847094][T13835] hwsim_new_radio_nl+0xdc9/0x1a90 [ 583.852253][T13835] ? __nla_validate+0x50/0x50 [ 583.856959][T13835] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 583.863318][T13835] ? __nla_parse+0x40/0x50 [ 583.867776][T13835] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 583.874150][T13835] genl_family_rcv_msg_doit+0x211/0x310 [ 583.879732][T13835] ? end_current_label_crit_section+0x170/0x170 [ 583.886044][T13835] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 583.891976][T13835] ? bpf_lsm_capable+0x9/0x10 [ 583.896707][T13835] ? security_capable+0x89/0xb0 [ 583.901633][T13835] genl_rcv_msg+0x619/0x7a0 [ 583.906183][T13835] ? genl_bind+0x360/0x360 [ 583.910636][T13835] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 583.917021][T13835] netlink_rcv_skb+0x241/0x4d0 [ 583.921821][T13835] ? genl_bind+0x360/0x360 [ 583.926268][T13835] ? netlink_ack+0x1180/0x1180 [ 583.931079][T13835] ? __lock_acquire+0x7d40/0x7d40 [ 583.936147][T13835] ? down_read+0x1ac/0x2e0 [ 583.940587][T13835] genl_rcv+0x28/0x40 [ 583.944597][T13835] netlink_unicast+0x751/0x8d0 [ 583.949423][T13835] netlink_sendmsg+0x8d0/0xbf0 [ 583.954241][T13835] ? netlink_getsockopt+0x590/0x590 [ 583.959494][T13835] ? aa_sock_msg_perm+0x94/0x150 [ 583.964479][T13835] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 583.969806][T13835] ? security_socket_sendmsg+0x80/0xa0 [ 583.975315][T13835] ? netlink_getsockopt+0x590/0x590 [ 583.980544][T13835] ____sys_sendmsg+0x5ba/0x960 [ 583.985349][T13835] ? __asan_memset+0x22/0x40 [ 583.989989][T13835] ? __sys_sendmsg_sock+0x30/0x30 [ 583.995057][T13835] ? __import_iovec+0x5f2/0x850 [ 583.999936][T13835] ? import_iovec+0x73/0xa0 [ 584.004489][T13835] ___sys_sendmsg+0x2a6/0x360 [ 584.009219][T13835] ? __sys_sendmsg+0x2a0/0x2a0 [ 584.014086][T13835] __se_sys_sendmsg+0x1c2/0x2b0 [ 584.018981][T13835] ? __x64_sys_sendmsg+0x80/0x80 [ 584.023981][T13835] ? syscall_enter_from_user_mode+0x2e/0x80 [ 584.029925][T13835] do_syscall_64+0x55/0xa0 [ 584.034414][T13835] ? clear_bhb_loop+0x40/0x90 [ 584.039142][T13835] ? clear_bhb_loop+0x40/0x90 [ 584.043874][T13835] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 584.049862][T13835] RIP: 0033:0x7f6307f9c819 [ 584.054321][T13835] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 584.073983][T13835] RSP: 002b:00007f6308e8f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 584.082414][T13835] RAX: ffffffffffffffda RBX: 00007f6308215fa0 RCX: 00007f6307f9c819 [ 584.090420][T13835] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 584.098430][T13835] RBP: 00007f6308032c91 R08: 0000000000000000 R09: 0000000000000000 [ 584.106423][T13835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 584.114405][T13835] R13: 00007f6308216038 R14: 00007f6308215fa0 R15: 00007ffd0a99a848 [ 584.122431][T13835] [ 585.257445][T13852] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2978'. [ 585.325768][T13852] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 585.346371][T13852] CPU: 0 PID: 13852 Comm: syz.2.2978 Not tainted syzkaller #0 [ 585.353888][T13852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 585.363988][T13852] Call Trace: [ 585.367294][T13852] [ 585.370256][T13852] dump_stack_lvl+0x18c/0x250 [ 585.374994][T13852] ? show_regs_print_info+0x20/0x20 [ 585.380241][T13852] ? load_image+0x420/0x420 [ 585.384806][T13852] sysfs_warn_dup+0x8e/0xa0 [ 585.389388][T13852] sysfs_do_create_link_sd+0xc0/0x110 [ 585.394825][T13852] device_add_class_symlinks+0x1cf/0x240 [ 585.400514][T13852] device_add+0x507/0xc20 [ 585.404899][T13852] wiphy_register+0x1dad/0x2ae0 [ 585.409810][T13852] ? cfg80211_event_work+0x40/0x40 [ 585.414952][T13852] ? minstrel_ht_alloc+0x88a/0x990 [ 585.420121][T13852] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 585.426252][T13852] ieee80211_register_hw+0x3464/0x4250 [ 585.431776][T13852] ? ieee80211_tasklet_handler+0x20/0x20 [ 585.437454][T13852] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 585.443394][T13852] ? __debug_object_init+0xec/0x450 [ 585.448637][T13852] ? __asan_memset+0x22/0x40 [ 585.453249][T13852] ? __hrtimer_init+0x186/0x270 [ 585.458125][T13852] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 585.463900][T13852] ? mac80211_hwsim_free+0x220/0x220 [ 585.469205][T13852] ? rcu_is_watching+0x15/0xb0 [ 585.473995][T13852] ? kstrndup+0xbd/0x140 [ 585.478273][T13852] hwsim_new_radio_nl+0xdc9/0x1a90 [ 585.483405][T13852] ? perf_trace_run_bpf_submit+0x125/0x1c0 [ 585.489239][T13852] ? mark_lock+0x94/0x320 [ 585.493600][T13852] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 585.499953][T13852] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 585.506133][T13852] ? lockdep_hardirqs_on+0x98/0x150 [ 585.511375][T13852] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 585.517562][T13852] genl_family_rcv_msg_doit+0x211/0x310 [ 585.523128][T13852] ? end_current_label_crit_section+0x170/0x170 [ 585.529414][T13852] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 585.535327][T13852] ? bpf_lsm_capable+0x9/0x10 [ 585.540023][T13852] ? security_capable+0x89/0xb0 [ 585.544904][T13852] genl_rcv_msg+0x619/0x7a0 [ 585.549438][T13852] ? genl_bind+0x360/0x360 [ 585.553871][T13852] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 585.560243][T13852] netlink_rcv_skb+0x241/0x4d0 [ 585.565055][T13852] ? genl_bind+0x360/0x360 [ 585.569488][T13852] ? netlink_ack+0x1180/0x1180 [ 585.574279][T13852] ? __lock_acquire+0x7d40/0x7d40 [ 585.579331][T13852] ? down_read+0x1ac/0x2e0 [ 585.583768][T13852] genl_rcv+0x28/0x40 [ 585.587768][T13852] netlink_unicast+0x751/0x8d0 [ 585.592568][T13852] netlink_sendmsg+0x8d0/0xbf0 [ 585.597369][T13852] ? netlink_getsockopt+0x590/0x590 [ 585.602604][T13852] ? aa_sock_msg_perm+0x94/0x150 [ 585.607565][T13852] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 585.612864][T13852] ? security_socket_sendmsg+0x80/0xa0 [ 585.618338][T13852] ? netlink_getsockopt+0x590/0x590 [ 585.623558][T13852] ____sys_sendmsg+0x5ba/0x960 [ 585.628350][T13852] ? __asan_memset+0x22/0x40 [ 585.632963][T13852] ? __sys_sendmsg_sock+0x30/0x30 [ 585.637999][T13852] ? __import_iovec+0x5f2/0x850 [ 585.642870][T13852] ? import_iovec+0x73/0xa0 [ 585.647396][T13852] ___sys_sendmsg+0x2a6/0x360 [ 585.652094][T13852] ? __sys_sendmsg+0x2a0/0x2a0 [ 585.656915][T13852] __se_sys_sendmsg+0x1c2/0x2b0 [ 585.661781][T13852] ? __x64_sys_sendmsg+0x80/0x80 [ 585.666754][T13852] ? lockdep_hardirqs_on+0x98/0x150 [ 585.671984][T13852] do_syscall_64+0x55/0xa0 [ 585.676423][T13852] ? clear_bhb_loop+0x40/0x90 [ 585.681126][T13852] ? clear_bhb_loop+0x40/0x90 [ 585.685830][T13852] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 585.691745][T13852] RIP: 0033:0x7f7edad9c819 [ 585.696182][T13852] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 585.715805][T13852] RSP: 002b:00007f7edbc78028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 585.724247][T13852] RAX: ffffffffffffffda RBX: 00007f7edb015fa0 RCX: 00007f7edad9c819 [ 585.732267][T13852] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000a [ 585.740252][T13852] RBP: 00007f7edae32c91 R08: 0000000000000000 R09: 0000000000000000 [ 585.748335][T13852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 585.756319][T13852] R13: 00007f7edb016038 R14: 00007f7edb015fa0 R15: 00007ffcfc689428 [ 585.764341][T13852] [ 586.350371][T13885] netlink: 'syz.2.2990': attribute type 10 has an invalid length. [ 586.365346][T13885] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.2990'. [ 586.689969][T13892] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2994'. [ 586.716122][T13892] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô!' [ 586.725009][T13892] CPU: 1 PID: 13892 Comm: syz.0.2994 Not tainted syzkaller #0 [ 586.732510][T13892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 586.742679][T13892] Call Trace: [ 586.745989][T13892] [ 586.748967][T13892] dump_stack_lvl+0x18c/0x250 [ 586.753797][T13892] ? show_regs_print_info+0x20/0x20 [ 586.759055][T13892] ? load_image+0x420/0x420 [ 586.763595][T13892] sysfs_warn_dup+0x8e/0xa0 [ 586.768128][T13892] sysfs_do_create_link_sd+0xc0/0x110 [ 586.773524][T13892] device_add_class_symlinks+0x1cf/0x240 [ 586.779179][T13892] device_add+0x507/0xc20 [ 586.783544][T13892] wiphy_register+0x1dad/0x2ae0 [ 586.788436][T13892] ? cfg80211_event_work+0x40/0x40 [ 586.793585][T13892] ? minstrel_ht_alloc+0x88a/0x990 [ 586.798731][T13892] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 586.804822][T13892] ieee80211_register_hw+0x3464/0x4250 [ 586.810321][T13892] ? ieee80211_tasklet_handler+0x20/0x20 [ 586.815982][T13892] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 586.821933][T13892] ? __debug_object_init+0xec/0x450 [ 586.827166][T13892] ? __asan_memset+0x22/0x40 [ 586.831786][T13892] ? __hrtimer_init+0x186/0x270 [ 586.836660][T13892] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 586.842467][T13892] ? mac80211_hwsim_free+0x220/0x220 [ 586.847787][T13892] ? rcu_is_watching+0x15/0xb0 [ 586.852584][T13892] ? kstrndup+0xbd/0x140 [ 586.856861][T13892] hwsim_new_radio_nl+0xdc9/0x1a90 [ 586.862004][T13892] ? mark_lock+0x94/0x320 [ 586.866362][T13892] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 586.872378][T13892] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 586.878747][T13892] ? lockdep_hardirqs_on+0x98/0x150 [ 586.883998][T13892] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 586.890215][T13892] ? genl_family_rcv_msg_attrs_parse+0x1ca/0x290 [ 586.896581][T13892] genl_family_rcv_msg_doit+0x211/0x310 [ 586.902160][T13892] ? end_current_label_crit_section+0x170/0x170 [ 586.908432][T13892] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 586.914353][T13892] ? bpf_lsm_capable+0x9/0x10 [ 586.919056][T13892] ? security_capable+0x89/0xb0 [ 586.923934][T13892] genl_rcv_msg+0x619/0x7a0 [ 586.928476][T13892] ? genl_bind+0x360/0x360 [ 586.932932][T13892] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 586.939306][T13892] netlink_rcv_skb+0x241/0x4d0 [ 586.944102][T13892] ? genl_bind+0x360/0x360 [ 586.948535][T13892] ? netlink_ack+0x1180/0x1180 [ 586.953325][T13892] ? __lock_acquire+0x7d40/0x7d40 [ 586.958384][T13892] ? down_read+0x1ac/0x2e0 [ 586.962829][T13892] genl_rcv+0x28/0x40 [ 586.966824][T13892] netlink_unicast+0x751/0x8d0 [ 586.971617][T13892] netlink_sendmsg+0x8d0/0xbf0 [ 586.976415][T13892] ? netlink_getsockopt+0x590/0x590 [ 586.981646][T13892] ? aa_sock_msg_perm+0x94/0x150 [ 586.986621][T13892] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 586.991927][T13892] ? security_socket_sendmsg+0x80/0xa0 [ 586.997411][T13892] ? netlink_getsockopt+0x590/0x590 [ 587.002638][T13892] ____sys_sendmsg+0x5ba/0x960 [ 587.007427][T13892] ? __asan_memset+0x22/0x40 [ 587.012040][T13892] ? __sys_sendmsg_sock+0x30/0x30 [ 587.017077][T13892] ? __import_iovec+0x5f2/0x850 [ 587.021957][T13892] ? import_iovec+0x73/0xa0 [ 587.026474][T13892] ___sys_sendmsg+0x2a6/0x360 [ 587.031173][T13892] ? __fget_files+0x28/0x4b0 [ 587.035813][T13892] ? __sys_sendmsg+0x2a0/0x2a0 [ 587.040626][T13892] ? trace_call_bpf+0xc3/0x6c0 [ 587.045437][T13892] ? seqcount_lockdep_reader_access+0x17b/0x1d0 [ 587.051732][T13892] __se_sys_sendmsg+0x1c2/0x2b0 [ 587.056623][T13892] ? __x64_sys_sendmsg+0x80/0x80 [ 587.061594][T13892] ? lockdep_hardirqs_on+0x98/0x150 [ 587.066844][T13892] do_syscall_64+0x55/0xa0 [ 587.071283][T13892] ? clear_bhb_loop+0x40/0x90 [ 587.075982][T13892] ? clear_bhb_loop+0x40/0x90 [ 587.080690][T13892] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 587.086619][T13892] RIP: 0033:0x7f923cb9c819 [ 587.091057][T13892] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 587.110678][T13892] RSP: 002b:00007f923d9a6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 587.119114][T13892] RAX: ffffffffffffffda RBX: 00007f923ce15fa0 RCX: 00007f923cb9c819 [ 587.127106][T13892] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 587.135099][T13892] RBP: 00007f923cc32c91 R08: 0000000000000000 R09: 0000000000000000 [ 587.143084][T13892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 587.151070][T13892] R13: 00007f923ce16038 R14: 00007f923ce15fa0 R15: 00007ffdc980f6b8 [ 587.159068][T13892] [ 587.480423][T13897] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.2996'. [ 587.502047][T13897] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 587.511323][T13897] CPU: 0 PID: 13897 Comm: syz.4.2996 Not tainted syzkaller #0 [ 587.518829][T13897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 587.528919][T13897] Call Trace: [ 587.532215][T13897] [ 587.535164][T13897] dump_stack_lvl+0x18c/0x250 [ 587.539877][T13897] ? show_regs_print_info+0x20/0x20 [ 587.545119][T13897] ? load_image+0x420/0x420 [ 587.549660][T13897] sysfs_warn_dup+0x8e/0xa0 [ 587.554208][T13897] sysfs_do_create_link_sd+0xc0/0x110 [ 587.559605][T13897] device_add_class_symlinks+0x1cf/0x240 [ 587.565284][T13897] device_add+0x507/0xc20 [ 587.569641][T13897] wiphy_register+0x1dad/0x2ae0 [ 587.574538][T13897] ? cfg80211_event_work+0x40/0x40 [ 587.579658][T13897] ? minstrel_ht_alloc+0x88a/0x990 [ 587.584808][T13897] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 587.590897][T13897] ieee80211_register_hw+0x3464/0x4250 [ 587.596398][T13897] ? ieee80211_tasklet_handler+0x20/0x20 [ 587.602045][T13897] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 587.607981][T13897] ? __debug_object_init+0xec/0x450 [ 587.613230][T13897] ? __asan_memset+0x22/0x40 [ 587.617872][T13897] ? __hrtimer_init+0x186/0x270 [ 587.622803][T13897] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 587.628616][T13897] ? mac80211_hwsim_free+0x220/0x220 [ 587.633948][T13897] ? rcu_is_watching+0x15/0xb0 [ 587.638772][T13897] ? kstrndup+0xbd/0x140 [ 587.643055][T13897] hwsim_new_radio_nl+0xdc9/0x1a90 [ 587.648195][T13897] ? __nla_validate+0x50/0x50 [ 587.652924][T13897] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 587.659340][T13897] ? __nla_parse+0x40/0x50 [ 587.663789][T13897] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 587.670146][T13897] genl_family_rcv_msg_doit+0x211/0x310 [ 587.675775][T13897] ? end_current_label_crit_section+0x170/0x170 [ 587.682042][T13897] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 587.687980][T13897] ? bpf_lsm_capable+0x9/0x10 [ 587.692701][T13897] ? security_capable+0x89/0xb0 [ 587.697601][T13897] genl_rcv_msg+0x619/0x7a0 [ 587.702152][T13897] ? genl_bind+0x360/0x360 [ 587.706589][T13897] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 587.712591][T13897] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 587.718978][T13897] ? ref_tracker_free+0x690/0x840 [ 587.724130][T13897] netlink_rcv_skb+0x241/0x4d0 [ 587.728925][T13897] ? genl_bind+0x360/0x360 [ 587.733377][T13897] ? netlink_ack+0x1180/0x1180 [ 587.738205][T13897] ? __lock_acquire+0x7d40/0x7d40 [ 587.743292][T13897] ? down_read+0x1ac/0x2e0 [ 587.747759][T13897] genl_rcv+0x28/0x40 [ 587.751773][T13897] netlink_unicast+0x751/0x8d0 [ 587.756579][T13897] netlink_sendmsg+0x8d0/0xbf0 [ 587.761360][T13897] ? netlink_getsockopt+0x590/0x590 [ 587.766580][T13897] ? netlink_getsockopt+0x590/0x590 [ 587.771807][T13897] ____sys_sendmsg+0x5ba/0x960 [ 587.776609][T13897] ? __asan_memset+0x22/0x40 [ 587.781221][T13897] ? __sys_sendmsg_sock+0x30/0x30 [ 587.786256][T13897] ? __import_iovec+0x5f2/0x850 [ 587.791141][T13897] ? import_iovec+0x73/0xa0 [ 587.795711][T13897] ___sys_sendmsg+0x2a6/0x360 [ 587.800444][T13897] ? __sys_sendmsg+0x2a0/0x2a0 [ 587.805230][T13897] ? irqentry_enter+0x37/0x50 [ 587.810011][T13897] __se_sys_sendmsg+0x1c2/0x2b0 [ 587.814911][T13897] ? __x64_sys_sendmsg+0x80/0x80 [ 587.819907][T13897] ? lockdep_hardirqs_on+0x98/0x150 [ 587.825143][T13897] do_syscall_64+0x55/0xa0 [ 587.829571][T13897] ? clear_bhb_loop+0x40/0x90 [ 587.834296][T13897] ? clear_bhb_loop+0x40/0x90 [ 587.839019][T13897] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 587.844942][T13897] RIP: 0033:0x7f6307f9c819 [ 587.849371][T13897] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 587.869011][T13897] RSP: 002b:00007f6308e8f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 587.877451][T13897] RAX: ffffffffffffffda RBX: 00007f6308215fa0 RCX: 00007f6307f9c819 [ 587.885430][T13897] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000a [ 587.893410][T13897] RBP: 00007f6308032c91 R08: 0000000000000000 R09: 0000000000000000 [ 587.901390][T13897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 587.909392][T13897] R13: 00007f6308216038 R14: 00007f6308215fa0 R15: 00007ffd0a99a848 [ 587.917395][T13897] [ 589.295853][T13918] netlink: 'syz.3.3003': attribute type 10 has an invalid length. [ 589.315106][T13918] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.3003'. [ 589.357270][T13921] netlink: 'syz.2.3004': attribute type 10 has an invalid length. [ 589.365251][T13921] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.3004'. [ 589.406168][T13924] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.3007'. [ 589.429265][T13924] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô!' [ 589.438097][T13924] CPU: 1 PID: 13924 Comm: syz.4.3007 Not tainted syzkaller #0 [ 589.445572][T13924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 589.455647][T13924] Call Trace: [ 589.458969][T13924] [ 589.461916][T13924] dump_stack_lvl+0x18c/0x250 [ 589.466623][T13924] ? show_regs_print_info+0x20/0x20 [ 589.471847][T13924] ? load_image+0x420/0x420 [ 589.476381][T13924] sysfs_warn_dup+0x8e/0xa0 [ 589.480906][T13924] sysfs_do_create_link_sd+0xc0/0x110 [ 589.486311][T13924] device_add_class_symlinks+0x1cf/0x240 [ 589.491980][T13924] device_add+0x507/0xc20 [ 589.496344][T13924] wiphy_register+0x1dad/0x2ae0 [ 589.501236][T13924] ? cfg80211_event_work+0x40/0x40 [ 589.506367][T13924] ? minstrel_ht_alloc+0x88a/0x990 [ 589.511510][T13924] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 589.517624][T13924] ieee80211_register_hw+0x3464/0x4250 [ 589.523116][T13924] ? ieee80211_tasklet_handler+0x20/0x20 [ 589.528809][T13924] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 589.534727][T13924] ? __debug_object_init+0xec/0x450 [ 589.539960][T13924] ? __asan_memset+0x22/0x40 [ 589.544585][T13924] ? __hrtimer_init+0x186/0x270 [ 589.549473][T13924] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 589.555239][T13924] ? mac80211_hwsim_free+0x220/0x220 [ 589.560556][T13924] ? rcu_is_watching+0x15/0xb0 [ 589.565353][T13924] ? kstrndup+0xbd/0x140 [ 589.569643][T13924] hwsim_new_radio_nl+0xdc9/0x1a90 [ 589.574785][T13924] ? __nla_validate+0x50/0x50 [ 589.579529][T13924] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 589.585890][T13924] ? __nla_parse+0x40/0x50 [ 589.590327][T13924] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 589.596689][T13924] genl_family_rcv_msg_doit+0x211/0x310 [ 589.602260][T13924] ? end_current_label_crit_section+0x170/0x170 [ 589.608556][T13924] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 589.614518][T13924] ? bpf_lsm_capable+0x9/0x10 [ 589.619294][T13924] ? security_capable+0x89/0xb0 [ 589.624182][T13924] genl_rcv_msg+0x619/0x7a0 [ 589.628714][T13924] ? genl_bind+0x360/0x360 [ 589.633172][T13924] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 589.639175][T13924] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 589.645545][T13924] ? ref_tracker_free+0x690/0x840 [ 589.650617][T13924] netlink_rcv_skb+0x241/0x4d0 [ 589.655427][T13924] ? genl_bind+0x360/0x360 [ 589.659870][T13924] ? netlink_ack+0x1180/0x1180 [ 589.664692][T13924] ? __lock_acquire+0x7d40/0x7d40 [ 589.669747][T13924] ? down_read+0x1ac/0x2e0 [ 589.674202][T13924] genl_rcv+0x28/0x40 [ 589.678226][T13924] netlink_unicast+0x751/0x8d0 [ 589.683046][T13924] netlink_sendmsg+0x8d0/0xbf0 [ 589.687848][T13924] ? netlink_getsockopt+0x590/0x590 [ 589.693082][T13924] ? aa_sock_msg_perm+0x94/0x150 [ 589.698047][T13924] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 589.703371][T13924] ? security_socket_sendmsg+0x80/0xa0 [ 589.708842][T13924] ? netlink_getsockopt+0x590/0x590 [ 589.714068][T13924] ____sys_sendmsg+0x5ba/0x960 [ 589.718859][T13924] ? __asan_memset+0x22/0x40 [ 589.723481][T13924] ? __sys_sendmsg_sock+0x30/0x30 [ 589.728527][T13924] ? __import_iovec+0x5f2/0x850 [ 589.733411][T13924] ? import_iovec+0x73/0xa0 [ 589.737942][T13924] ___sys_sendmsg+0x2a6/0x360 [ 589.742646][T13924] ? __sys_sendmsg+0x2a0/0x2a0 [ 589.747476][T13924] __se_sys_sendmsg+0x1c2/0x2b0 [ 589.752359][T13924] ? __x64_sys_sendmsg+0x80/0x80 [ 589.757330][T13924] ? syscall_enter_from_user_mode+0x2e/0x80 [ 589.763247][T13924] do_syscall_64+0x55/0xa0 [ 589.767675][T13924] ? clear_bhb_loop+0x40/0x90 [ 589.772379][T13924] ? clear_bhb_loop+0x40/0x90 [ 589.777080][T13924] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 589.782987][T13924] RIP: 0033:0x7f6307f9c819 [ 589.787417][T13924] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 589.807037][T13924] RSP: 002b:00007f6308e8f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 589.815466][T13924] RAX: ffffffffffffffda RBX: 00007f6308215fa0 RCX: 00007f6307f9c819 [ 589.823495][T13924] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 589.831496][T13924] RBP: 00007f6308032c91 R08: 0000000000000000 R09: 0000000000000000 [ 589.839483][T13924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 589.847470][T13924] R13: 00007f6308216038 R14: 00007f6308215fa0 R15: 00007ffd0a99a848 [ 589.855472][T13924] [ 590.361901][T13927] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.3008'. [ 590.444114][T13927] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 590.461927][T13927] CPU: 1 PID: 13927 Comm: syz.4.3008 Not tainted syzkaller #0 [ 590.469449][T13927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 590.479537][T13927] Call Trace: [ 590.482852][T13927] [ 590.485813][T13927] dump_stack_lvl+0x18c/0x250 [ 590.490543][T13927] ? show_regs_print_info+0x20/0x20 [ 590.495796][T13927] ? load_image+0x420/0x420 [ 590.500381][T13927] sysfs_warn_dup+0x8e/0xa0 [ 590.504942][T13927] sysfs_do_create_link_sd+0xc0/0x110 [ 590.510370][T13927] device_add_class_symlinks+0x1cf/0x240 [ 590.516083][T13927] device_add+0x507/0xc20 [ 590.520484][T13927] wiphy_register+0x1dad/0x2ae0 [ 590.525393][T13927] ? cfg80211_event_work+0x40/0x40 [ 590.530539][T13927] ? minstrel_ht_alloc+0x88a/0x990 [ 590.535704][T13927] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 590.541827][T13927] ieee80211_register_hw+0x3464/0x4250 [ 590.547355][T13927] ? ieee80211_tasklet_handler+0x20/0x20 [ 590.553031][T13927] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 590.558975][T13927] ? __debug_object_init+0xec/0x450 [ 590.564211][T13927] ? __asan_memset+0x22/0x40 [ 590.568833][T13927] ? __hrtimer_init+0x186/0x270 [ 590.573709][T13927] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 590.579481][T13927] ? mac80211_hwsim_free+0x220/0x220 [ 590.584787][T13927] ? rcu_is_watching+0x15/0xb0 [ 590.589587][T13927] ? kstrndup+0xbd/0x140 [ 590.593859][T13927] hwsim_new_radio_nl+0xdc9/0x1a90 [ 590.598993][T13927] ? __nla_validate+0x50/0x50 [ 590.603689][T13927] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 590.609706][T13927] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 590.616066][T13927] ? lockdep_hardirqs_on+0x98/0x150 [ 590.621308][T13927] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 590.627495][T13927] ? __nla_parse+0x40/0x50 [ 590.631943][T13927] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 590.638321][T13927] genl_family_rcv_msg_doit+0x211/0x310 [ 590.643902][T13927] ? end_current_label_crit_section+0x170/0x170 [ 590.650168][T13927] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 590.656085][T13927] ? bpf_lsm_capable+0x9/0x10 [ 590.660787][T13927] ? security_capable+0x89/0xb0 [ 590.665669][T13927] genl_rcv_msg+0x619/0x7a0 [ 590.670207][T13927] ? genl_bind+0x360/0x360 [ 590.674638][T13927] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 590.681000][T13927] ? netlink_rcv_skb+0x17d/0x4d0 [ 590.685970][T13927] netlink_rcv_skb+0x241/0x4d0 [ 590.690773][T13927] ? genl_bind+0x360/0x360 [ 590.695208][T13927] ? netlink_ack+0x1180/0x1180 [ 590.700007][T13927] ? __lock_acquire+0x7d40/0x7d40 [ 590.705055][T13927] ? down_read+0x1ac/0x2e0 [ 590.709497][T13927] genl_rcv+0x28/0x40 [ 590.713497][T13927] netlink_unicast+0x751/0x8d0 [ 590.718291][T13927] netlink_sendmsg+0x8d0/0xbf0 [ 590.723085][T13927] ? netlink_getsockopt+0x590/0x590 [ 590.728310][T13927] ? aa_sock_msg_perm+0x94/0x150 [ 590.733313][T13927] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 590.738622][T13927] ? security_socket_sendmsg+0x80/0xa0 [ 590.744099][T13927] ? netlink_getsockopt+0x590/0x590 [ 590.749325][T13927] ____sys_sendmsg+0x5ba/0x960 [ 590.754143][T13927] ? __asan_memset+0x22/0x40 [ 590.758758][T13927] ? __sys_sendmsg_sock+0x30/0x30 [ 590.763792][T13927] ? __import_iovec+0x5f2/0x850 [ 590.768663][T13927] ? import_iovec+0x73/0xa0 [ 590.773191][T13927] ___sys_sendmsg+0x2a6/0x360 [ 590.777890][T13927] ? __sys_sendmsg+0x2a0/0x2a0 [ 590.782713][T13927] ? seqcount_lockdep_reader_access+0x17b/0x1d0 [ 590.789007][T13927] __se_sys_sendmsg+0x1c2/0x2b0 [ 590.793890][T13927] ? __x64_sys_sendmsg+0x80/0x80 [ 590.798872][T13927] ? lockdep_hardirqs_on+0x98/0x150 [ 590.804110][T13927] do_syscall_64+0x55/0xa0 [ 590.808583][T13927] ? clear_bhb_loop+0x40/0x90 [ 590.813282][T13927] ? clear_bhb_loop+0x40/0x90 [ 590.817985][T13927] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 590.823899][T13927] RIP: 0033:0x7f6307f9c819 [ 590.828337][T13927] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 590.847975][T13927] RSP: 002b:00007f6308e8f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 590.856408][T13927] RAX: ffffffffffffffda RBX: 00007f6308215fa0 RCX: 00007f6307f9c819 [ 590.864427][T13927] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000a [ 590.872452][T13927] RBP: 00007f6308032c91 R08: 0000000000000000 R09: 0000000000000000 [ 590.880440][T13927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 590.888443][T13927] R13: 00007f6308216038 R14: 00007f6308215fa0 R15: 00007ffd0a99a848 [ 590.896443][T13927] [ 591.470168][T13958] netlink: 'syz.4.3018': attribute type 10 has an invalid length. [ 591.492836][T13958] netlink: 210880 bytes leftover after parsing attributes in process `syz.4.3018'. [ 591.886204][T13966] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.3023'. [ 591.917248][T13966] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 591.925484][T13966] CPU: 0 PID: 13966 Comm: syz.3.3023 Not tainted syzkaller #0 [ 591.932988][T13966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 591.943082][T13966] Call Trace: [ 591.946398][T13966] [ 591.949378][T13966] dump_stack_lvl+0x18c/0x250 [ 591.954121][T13966] ? show_regs_print_info+0x20/0x20 [ 591.959376][T13966] ? load_image+0x420/0x420 [ 591.963952][T13966] sysfs_warn_dup+0x8e/0xa0 [ 591.968493][T13966] sysfs_do_create_link_sd+0xc0/0x110 [ 591.973903][T13966] device_add_class_symlinks+0x1cf/0x240 [ 591.979594][T13966] device_add+0x507/0xc20 [ 591.983986][T13966] wiphy_register+0x1dad/0x2ae0 [ 591.988911][T13966] ? cfg80211_event_work+0x40/0x40 [ 591.994068][T13966] ? minstrel_ht_alloc+0x88a/0x990 [ 591.999251][T13966] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 592.005372][T13966] ieee80211_register_hw+0x3464/0x4250 [ 592.010921][T13966] ? ieee80211_tasklet_handler+0x20/0x20 [ 592.016628][T13966] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 592.022590][T13966] ? __debug_object_init+0xec/0x450 [ 592.027844][T13966] ? __asan_memset+0x22/0x40 [ 592.032479][T13966] ? __hrtimer_init+0x186/0x270 [ 592.037390][T13966] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 592.043176][T13966] ? mac80211_hwsim_free+0x220/0x220 [ 592.048500][T13966] ? rcu_is_watching+0x15/0xb0 [ 592.053321][T13966] ? kstrndup+0xbd/0x140 [ 592.057623][T13966] hwsim_new_radio_nl+0xdc9/0x1a90 [ 592.062789][T13966] ? __nla_validate+0x50/0x50 [ 592.067527][T13966] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 592.073930][T13966] ? __nla_parse+0x40/0x50 [ 592.078396][T13966] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 592.084768][T13966] genl_family_rcv_msg_doit+0x211/0x310 [ 592.090366][T13966] ? end_current_label_crit_section+0x170/0x170 [ 592.096706][T13966] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 592.102658][T13966] ? bpf_lsm_capable+0x9/0x10 [ 592.107388][T13966] ? security_capable+0x89/0xb0 [ 592.112296][T13966] genl_rcv_msg+0x619/0x7a0 [ 592.116870][T13966] ? genl_bind+0x360/0x360 [ 592.121331][T13966] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 592.127365][T13966] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 592.133737][T13966] ? ref_tracker_free+0x690/0x840 [ 592.138823][T13966] netlink_rcv_skb+0x241/0x4d0 [ 592.143659][T13966] ? genl_bind+0x360/0x360 [ 592.148125][T13966] ? netlink_ack+0x1180/0x1180 [ 592.152982][T13966] ? __lock_acquire+0x7d40/0x7d40 [ 592.158066][T13966] ? down_read+0x1ac/0x2e0 [ 592.162533][T13966] genl_rcv+0x28/0x40 [ 592.166568][T13966] netlink_unicast+0x751/0x8d0 [ 592.171400][T13966] netlink_sendmsg+0x8d0/0xbf0 [ 592.176233][T13966] ? netlink_getsockopt+0x590/0x590 [ 592.181484][T13966] ? aa_sock_msg_perm+0x94/0x150 [ 592.186477][T13966] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 592.191808][T13966] ? security_socket_sendmsg+0x80/0xa0 [ 592.197314][T13966] ? netlink_getsockopt+0x590/0x590 [ 592.202571][T13966] ____sys_sendmsg+0x5ba/0x960 [ 592.207393][T13966] ? __asan_memset+0x22/0x40 [ 592.212032][T13966] ? __sys_sendmsg_sock+0x30/0x30 [ 592.217081][T13966] ? __import_iovec+0x5f2/0x850 [ 592.221984][T13966] ? import_iovec+0x73/0xa0 [ 592.226542][T13966] ___sys_sendmsg+0x2a6/0x360 [ 592.231276][T13966] ? __sys_sendmsg+0x2a0/0x2a0 [ 592.236110][T13966] ? trace_call_bpf+0xc3/0x6c0 [ 592.240955][T13966] __se_sys_sendmsg+0x1c2/0x2b0 [ 592.245896][T13966] ? __x64_sys_sendmsg+0x80/0x80 [ 592.250909][T13966] ? lockdep_hardirqs_on+0x98/0x150 [ 592.256180][T13966] do_syscall_64+0x55/0xa0 [ 592.260646][T13966] ? clear_bhb_loop+0x40/0x90 [ 592.265383][T13966] ? clear_bhb_loop+0x40/0x90 [ 592.270136][T13966] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 592.276079][T13966] RIP: 0033:0x7f5b7af9c819 [ 592.280542][T13966] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 592.300191][T13966] RSP: 002b:00007f5b7be32028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 592.308709][T13966] RAX: ffffffffffffffda RBX: 00007f5b7b215fa0 RCX: 00007f5b7af9c819 [ 592.316731][T13966] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000a [ 592.324759][T13966] RBP: 00007f5b7b032c91 R08: 0000000000000000 R09: 0000000000000000 [ 592.332868][T13966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 592.340886][T13966] R13: 00007f5b7b216038 R14: 00007f5b7b215fa0 R15: 00007ffc5d38aa38 [ 592.348915][T13966] [ 593.132042][T13997] netlink: 'syz.4.3035': attribute type 10 has an invalid length. [ 593.144315][T13997] netlink: 210880 bytes leftover after parsing attributes in process `syz.4.3035'. [ 594.540987][T14043] netlink: 'syz.3.3057': attribute type 10 has an invalid length. [ 594.567643][T14043] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.3057'. [ 595.087500][T14061] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.3067'. [ 595.131185][T14061] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô!' [ 595.159379][T14061] CPU: 1 PID: 14061 Comm: syz.4.3067 Not tainted syzkaller #0 [ 595.166917][T14061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 595.177037][T14061] Call Trace: [ 595.180365][T14061] [ 595.183337][T14061] dump_stack_lvl+0x18c/0x250 [ 595.188097][T14061] ? show_regs_print_info+0x20/0x20 [ 595.193365][T14061] ? load_image+0x420/0x420 [ 595.197930][T14061] sysfs_warn_dup+0x8e/0xa0 [ 595.202477][T14061] sysfs_do_create_link_sd+0xc0/0x110 [ 595.207902][T14061] device_add_class_symlinks+0x1cf/0x240 [ 595.213583][T14061] device_add+0x507/0xc20 [ 595.217959][T14061] wiphy_register+0x1dad/0x2ae0 [ 595.222848][T14061] ? __rtnl_unlock+0x18/0xe0 [ 595.227502][T14061] ? cfg80211_event_work+0x40/0x40 [ 595.232669][T14061] ? minstrel_ht_alloc+0x88a/0x990 [ 595.237833][T14061] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 595.243951][T14061] ieee80211_register_hw+0x3464/0x4250 [ 595.249485][T14061] ? ieee80211_tasklet_handler+0x20/0x20 [ 595.255162][T14061] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 595.261103][T14061] ? __debug_object_init+0xec/0x450 [ 595.266363][T14061] ? __asan_memset+0x22/0x40 [ 595.271026][T14061] ? __hrtimer_init+0x186/0x270 [ 595.275935][T14061] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 595.281719][T14061] ? mac80211_hwsim_free+0x220/0x220 [ 595.287044][T14061] ? rcu_is_watching+0x15/0xb0 [ 595.291868][T14061] ? kstrndup+0xbd/0x140 [ 595.296231][T14061] hwsim_new_radio_nl+0xdc9/0x1a90 [ 595.301395][T14061] ? __nla_validate+0x50/0x50 [ 595.306124][T14061] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 595.312504][T14061] ? __nla_parse+0x40/0x50 [ 595.316959][T14061] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 595.323345][T14061] genl_family_rcv_msg_doit+0x211/0x310 [ 595.328937][T14061] ? end_current_label_crit_section+0x170/0x170 [ 595.335233][T14061] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 595.341183][T14061] ? bpf_lsm_capable+0x9/0x10 [ 595.345911][T14061] ? security_capable+0x89/0xb0 [ 595.350820][T14061] genl_rcv_msg+0x619/0x7a0 [ 595.355377][T14061] ? genl_bind+0x360/0x360 [ 595.359834][T14061] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 595.365857][T14061] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 595.372233][T14061] ? ref_tracker_free+0x690/0x840 [ 595.377308][T14061] netlink_rcv_skb+0x241/0x4d0 [ 595.382128][T14061] ? genl_bind+0x360/0x360 [ 595.386583][T14061] ? netlink_ack+0x1180/0x1180 [ 595.391412][T14061] ? __lock_acquire+0x7d40/0x7d40 [ 595.396496][T14061] ? down_read+0x1ac/0x2e0 [ 595.400951][T14061] genl_rcv+0x28/0x40 [ 595.404967][T14061] netlink_unicast+0x751/0x8d0 [ 595.409788][T14061] netlink_sendmsg+0x8d0/0xbf0 [ 595.414627][T14061] ? netlink_getsockopt+0x590/0x590 [ 595.419919][T14061] ? aa_sock_msg_perm+0x94/0x150 [ 595.424933][T14061] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 595.430268][T14061] ? security_socket_sendmsg+0x80/0xa0 [ 595.435781][T14061] ? netlink_getsockopt+0x590/0x590 [ 595.441041][T14061] ____sys_sendmsg+0x5ba/0x960 [ 595.445875][T14061] ? __asan_memset+0x22/0x40 [ 595.450517][T14061] ? __sys_sendmsg_sock+0x30/0x30 [ 595.455577][T14061] ? __import_iovec+0x5f2/0x850 [ 595.460473][T14061] ? import_iovec+0x73/0xa0 [ 595.465026][T14061] ___sys_sendmsg+0x2a6/0x360 [ 595.469783][T14061] ? __sys_sendmsg+0x2a0/0x2a0 [ 595.474656][T14061] __se_sys_sendmsg+0x1c2/0x2b0 [ 595.479553][T14061] ? __x64_sys_sendmsg+0x80/0x80 [ 595.484551][T14061] ? lockdep_hardirqs_on+0x98/0x150 [ 595.489799][T14061] do_syscall_64+0x55/0xa0 [ 595.494253][T14061] ? clear_bhb_loop+0x40/0x90 [ 595.498966][T14061] ? clear_bhb_loop+0x40/0x90 [ 595.503697][T14061] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 595.509629][T14061] RIP: 0033:0x7f6307f9c819 [ 595.514109][T14061] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 595.533760][T14061] RSP: 002b:00007f6308e8f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 595.542225][T14061] RAX: ffffffffffffffda RBX: 00007f6308215fa0 RCX: 00007f6307f9c819 [ 595.550230][T14061] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007 [ 595.558227][T14061] RBP: 00007f6308032c91 R08: 0000000000000000 R09: 0000000000000000 [ 595.566227][T14061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 595.574232][T14061] R13: 00007f6308216038 R14: 00007f6308215fa0 R15: 00007ffd0a99a848 [ 595.582256][T14061] [ 596.160002][T14085] netlink: 'syz.0.3076': attribute type 10 has an invalid length. [ 596.182620][T14085] netlink: 210880 bytes leftover after parsing attributes in process `syz.0.3076'. [ 596.197193][T14086] netlink: 'syz.3.3078': attribute type 10 has an invalid length. [ 596.205561][T14086] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.3078'. [ 597.379213][T14132] netlink: 'syz.3.3099': attribute type 10 has an invalid length. [ 597.387112][T14132] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.3099'. [ 597.585746][T14139] netlink: 'syz.0.3102': attribute type 10 has an invalid length. [ 597.594793][T14139] netlink: 210880 bytes leftover after parsing attributes in process `syz.0.3102'. [ 598.848499][T14171] netlink: 'syz.2.3116': attribute type 10 has an invalid length. [ 598.856445][T14171] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.3116'. [ 599.003540][T14176] netlink: 'syz.0.3119': attribute type 10 has an invalid length. [ 599.012228][T14176] netlink: 210880 bytes leftover after parsing attributes in process `syz.0.3119'. [ 600.206557][T14202] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.3133'. [ 600.244889][T14202] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 600.262065][T14202] CPU: 1 PID: 14202 Comm: syz.3.3133 Not tainted syzkaller #0 [ 600.269583][T14202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 600.279710][T14202] Call Trace: [ 600.283068][T14202] [ 600.286044][T14202] dump_stack_lvl+0x18c/0x250 [ 600.290766][T14202] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 600.296960][T14202] ? show_regs_print_info+0x20/0x20 [ 600.302250][T14202] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 600.308470][T14202] sysfs_warn_dup+0x8e/0xa0 [ 600.313023][T14202] sysfs_do_create_link_sd+0xc0/0x110 [ 600.318422][T14202] device_add_class_symlinks+0x1cf/0x240 [ 600.324102][T14202] device_add+0x507/0xc20 [ 600.328476][T14202] wiphy_register+0x1dad/0x2ae0 [ 600.333380][T14202] ? cfg80211_event_work+0x40/0x40 [ 600.338515][T14202] ? minstrel_ht_alloc+0x88a/0x990 [ 600.343670][T14202] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 600.349772][T14202] ieee80211_register_hw+0x3464/0x4250 [ 600.355282][T14202] ? ieee80211_tasklet_handler+0x20/0x20 [ 600.360941][T14202] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 600.366877][T14202] ? __debug_object_init+0xec/0x450 [ 600.372108][T14202] ? __asan_memset+0x22/0x40 [ 600.376731][T14202] ? __hrtimer_init+0x186/0x270 [ 600.381609][T14202] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 600.387406][T14202] ? lock_chain_count+0x20/0x20 [ 600.392310][T14202] ? mac80211_hwsim_free+0x220/0x220 [ 600.397617][T14202] ? kstrndup+0xbd/0x140 [ 600.401886][T14202] ? memcpy_orig+0x97/0x120 [ 600.406423][T14202] hwsim_new_radio_nl+0xdc9/0x1a90 [ 600.411566][T14202] ? __nla_validate+0x50/0x50 [ 600.416292][T14202] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 600.422665][T14202] ? __nla_parse+0x40/0x50 [ 600.427121][T14202] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 600.433511][T14202] genl_family_rcv_msg_doit+0x211/0x310 [ 600.439100][T14202] ? end_current_label_crit_section+0x170/0x170 [ 600.445370][T14202] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 600.451291][T14202] ? bpf_lsm_capable+0x9/0x10 [ 600.456046][T14202] ? security_capable+0x89/0xb0 [ 600.460966][T14202] genl_rcv_msg+0x619/0x7a0 [ 600.465499][T14202] ? genl_bind+0x360/0x360 [ 600.469932][T14202] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 600.475932][T14202] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 600.482281][T14202] ? ref_tracker_free+0x690/0x840 [ 600.487344][T14202] netlink_rcv_skb+0x241/0x4d0 [ 600.492134][T14202] ? genl_bind+0x360/0x360 [ 600.496599][T14202] ? netlink_ack+0x1180/0x1180 [ 600.501425][T14202] ? __lock_acquire+0x7d40/0x7d40 [ 600.506490][T14202] ? down_read+0x1ac/0x2e0 [ 600.510952][T14202] genl_rcv+0x28/0x40 [ 600.514958][T14202] netlink_unicast+0x751/0x8d0 [ 600.519784][T14202] netlink_sendmsg+0x8d0/0xbf0 [ 600.524590][T14202] ? netlink_getsockopt+0x590/0x590 [ 600.529830][T14202] ? aa_sock_msg_perm+0x94/0x150 [ 600.534813][T14202] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 600.540125][T14202] ? security_socket_sendmsg+0x80/0xa0 [ 600.545621][T14202] ? netlink_getsockopt+0x590/0x590 [ 600.550847][T14202] ____sys_sendmsg+0x5ba/0x960 [ 600.555655][T14202] ? __asan_memset+0x22/0x40 [ 600.560270][T14202] ? __sys_sendmsg_sock+0x30/0x30 [ 600.565318][T14202] ? __import_iovec+0x5f2/0x850 [ 600.570192][T14202] ? import_iovec+0x73/0xa0 [ 600.574711][T14202] ___sys_sendmsg+0x2a6/0x360 [ 600.579412][T14202] ? __sys_sendmsg+0x2a0/0x2a0 [ 600.584228][T14202] __se_sys_sendmsg+0x1c2/0x2b0 [ 600.589101][T14202] ? __x64_sys_sendmsg+0x80/0x80 [ 600.594077][T14202] ? lockdep_hardirqs_on+0x98/0x150 [ 600.599316][T14202] do_syscall_64+0x55/0xa0 [ 600.603746][T14202] ? clear_bhb_loop+0x40/0x90 [ 600.608448][T14202] ? clear_bhb_loop+0x40/0x90 [ 600.613162][T14202] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 600.619083][T14202] RIP: 0033:0x7f5b7af9c819 [ 600.623517][T14202] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 600.643141][T14202] RSP: 002b:00007f5b7be32028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 600.651576][T14202] RAX: ffffffffffffffda RBX: 00007f5b7b215fa0 RCX: 00007f5b7af9c819 [ 600.659575][T14202] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000a [ 600.667559][T14202] RBP: 00007f5b7b032c91 R08: 0000000000000000 R09: 0000000000000000 [ 600.675550][T14202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 600.683545][T14202] R13: 00007f5b7b216038 R14: 00007f5b7b215fa0 R15: 00007ffc5d38aa38 [ 600.691578][T14202] [ 600.930952][T14220] netlink: 'syz.4.3140': attribute type 10 has an invalid length. [ 600.954655][T14220] netlink: 210880 bytes leftover after parsing attributes in process `syz.4.3140'. [ 602.910566][T14277] netlink: 'syz.2.3165': attribute type 10 has an invalid length. [ 602.941063][T14277] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.3165'. [ 604.249229][T14302] netlink: 'syz.2.3178': attribute type 10 has an invalid length. [ 604.287442][T14302] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.3178'. [ 604.568292][T14308] mac80211_hwsim hwsim4 »»»»»»: renamed from wlan0 [ 604.590198][T14309] netlink: 'syz.2.3180': attribute type 10 has an invalid length. [ 604.613664][T14309] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.3180'. [ 605.184147][T14329] netlink: 'syz.3.3188': attribute type 10 has an invalid length. [ 605.211304][T14329] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.3188'. [ 605.806923][T14336] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3191'. [ 605.857644][T14336] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 605.877845][T14336] CPU: 0 PID: 14336 Comm: syz.0.3191 Not tainted syzkaller #0 [ 605.885367][T14336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 605.895483][T14336] Call Trace: [ 605.898806][T14336] [ 605.901763][T14336] dump_stack_lvl+0x18c/0x250 [ 605.906490][T14336] ? show_regs_print_info+0x20/0x20 [ 605.911735][T14336] ? load_image+0x420/0x420 [ 605.916281][T14336] ? kasan_save_alloc_info+0xb/0x30 [ 605.921546][T14336] sysfs_warn_dup+0x8e/0xa0 [ 605.926099][T14336] sysfs_do_create_link_sd+0xc0/0x110 [ 605.931511][T14336] device_add_class_symlinks+0x1cf/0x240 [ 605.937214][T14336] device_add+0x507/0xc20 [ 605.941604][T14336] wiphy_register+0x1dad/0x2ae0 [ 605.946509][T14336] ? cfg80211_event_work+0x40/0x40 [ 605.951651][T14336] ? minstrel_ht_alloc+0x88a/0x990 [ 605.956826][T14336] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 605.962953][T14336] ieee80211_register_hw+0x3464/0x4250 [ 605.968488][T14336] ? ieee80211_tasklet_handler+0x20/0x20 [ 605.974188][T14336] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 605.980136][T14336] ? __debug_object_init+0xec/0x450 [ 605.985380][T14336] ? __asan_memset+0x22/0x40 [ 605.990023][T14336] ? __hrtimer_init+0x186/0x270 [ 605.994927][T14336] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 606.000715][T14336] ? mac80211_hwsim_free+0x220/0x220 [ 606.006100][T14336] ? rcu_is_watching+0x15/0xb0 [ 606.010915][T14336] ? kstrndup+0xbd/0x140 [ 606.015213][T14336] hwsim_new_radio_nl+0xdc9/0x1a90 [ 606.020416][T14336] ? __nla_validate+0x50/0x50 [ 606.025146][T14336] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 606.031531][T14336] ? __nla_parse+0x40/0x50 [ 606.036006][T14336] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 606.042393][T14336] genl_family_rcv_msg_doit+0x211/0x310 [ 606.047977][T14336] ? end_current_label_crit_section+0x170/0x170 [ 606.054272][T14336] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 606.060230][T14336] ? bpf_lsm_capable+0x9/0x10 [ 606.064967][T14336] ? security_capable+0x89/0xb0 [ 606.069886][T14336] genl_rcv_msg+0x619/0x7a0 [ 606.074441][T14336] ? genl_bind+0x360/0x360 [ 606.078903][T14336] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 606.084918][T14336] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 606.091283][T14336] ? ref_tracker_free+0x690/0x840 [ 606.096375][T14336] netlink_rcv_skb+0x241/0x4d0 [ 606.101193][T14336] ? genl_bind+0x360/0x360 [ 606.105647][T14336] ? netlink_ack+0x1180/0x1180 [ 606.110470][T14336] ? __lock_acquire+0x7d40/0x7d40 [ 606.115547][T14336] ? down_read+0x1ac/0x2e0 [ 606.120017][T14336] genl_rcv+0x28/0x40 [ 606.124038][T14336] netlink_unicast+0x751/0x8d0 [ 606.128863][T14336] netlink_sendmsg+0x8d0/0xbf0 [ 606.133728][T14336] ? netlink_getsockopt+0x590/0x590 [ 606.138984][T14336] ? aa_sock_msg_perm+0x94/0x150 [ 606.143971][T14336] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 606.149292][T14336] ? security_socket_sendmsg+0x80/0xa0 [ 606.154793][T14336] ? netlink_getsockopt+0x590/0x590 [ 606.160048][T14336] ____sys_sendmsg+0x5ba/0x960 [ 606.164868][T14336] ? __asan_memset+0x22/0x40 [ 606.169513][T14336] ? __sys_sendmsg_sock+0x30/0x30 [ 606.174573][T14336] ? __import_iovec+0x5f2/0x850 [ 606.179465][T14336] ? import_iovec+0x73/0xa0 [ 606.184012][T14336] ___sys_sendmsg+0x2a6/0x360 [ 606.188733][T14336] ? __sys_sendmsg+0x2a0/0x2a0 [ 606.193591][T14336] __se_sys_sendmsg+0x1c2/0x2b0 [ 606.198491][T14336] ? __x64_sys_sendmsg+0x80/0x80 [ 606.203488][T14336] ? syscall_enter_from_user_mode+0x2e/0x80 [ 606.209465][T14336] do_syscall_64+0x55/0xa0 [ 606.213915][T14336] ? clear_bhb_loop+0x40/0x90 [ 606.218633][T14336] ? clear_bhb_loop+0x40/0x90 [ 606.223352][T14336] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 606.229304][T14336] RIP: 0033:0x7f923cb9c819 [ 606.233768][T14336] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 606.253412][T14336] RSP: 002b:00007f923d9a6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 606.261878][T14336] RAX: ffffffffffffffda RBX: 00007f923ce15fa0 RCX: 00007f923cb9c819 [ 606.269902][T14336] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000a [ 606.277917][T14336] RBP: 00007f923cc32c91 R08: 0000000000000000 R09: 0000000000000000 [ 606.285928][T14336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 606.293945][T14336] R13: 00007f923ce16038 R14: 00007f923ce15fa0 R15: 00007ffdc980f6b8 [ 606.301974][T14336] [ 606.543284][T14352] netlink: 'syz.2.3198': attribute type 10 has an invalid length. [ 606.560967][T14352] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.3198'. [ 606.655052][T14357] netlink: 'syz.3.3200': attribute type 10 has an invalid length. [ 606.683469][T14357] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.3200'. [ 608.194222][T14383] mac80211_hwsim hwsim8 »»»»»»: renamed from wlan0 [ 608.227570][T14385] netlink: 'syz.3.3210': attribute type 10 has an invalid length. [ 608.240013][T14385] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.3210'. [ 610.184562][T14415] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3223'. [ 610.254454][T14415] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô' [ 610.268269][T14415] CPU: 1 PID: 14415 Comm: syz.0.3223 Not tainted syzkaller #0 [ 610.275777][T14415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 610.285916][T14415] Call Trace: [ 610.289224][T14415] [ 610.292173][T14415] dump_stack_lvl+0x18c/0x250 [ 610.296887][T14415] ? show_regs_print_info+0x20/0x20 [ 610.302114][T14415] ? load_image+0x420/0x420 [ 610.306651][T14415] sysfs_warn_dup+0x8e/0xa0 [ 610.311183][T14415] sysfs_do_create_link_sd+0xc0/0x110 [ 610.316573][T14415] device_add_class_symlinks+0x1cf/0x240 [ 610.322238][T14415] device_add+0x507/0xc20 [ 610.326606][T14415] wiphy_register+0x1dad/0x2ae0 [ 610.331504][T14415] ? cfg80211_event_work+0x40/0x40 [ 610.336635][T14415] ? minstrel_ht_alloc+0x88a/0x990 [ 610.341789][T14415] ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0 [ 610.347882][T14415] ieee80211_register_hw+0x3464/0x4250 [ 610.353406][T14415] ? ieee80211_tasklet_handler+0x20/0x20 [ 610.359071][T14415] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 610.364990][T14415] ? __debug_object_init+0xec/0x450 [ 610.370260][T14415] ? __asan_memset+0x22/0x40 [ 610.374886][T14415] ? __hrtimer_init+0x186/0x270 [ 610.379773][T14415] mac80211_hwsim_new_radio+0x2a00/0x4d10 [ 610.385533][T14415] ? mac80211_hwsim_free+0x220/0x220 [ 610.390837][T14415] ? rcu_is_watching+0x15/0xb0 [ 610.395623][T14415] ? kstrndup+0xbd/0x140 [ 610.399900][T14415] hwsim_new_radio_nl+0xdc9/0x1a90 [ 610.405042][T14415] ? __nla_validate+0x50/0x50 [ 610.409765][T14415] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 610.416120][T14415] ? __nla_parse+0x40/0x50 [ 610.420559][T14415] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290 [ 610.426923][T14415] genl_family_rcv_msg_doit+0x211/0x310 [ 610.432506][T14415] ? end_current_label_crit_section+0x170/0x170 [ 610.438804][T14415] ? genl_family_rcv_msg_dumpit+0x310/0x310 [ 610.444765][T14415] ? bpf_lsm_capable+0x9/0x10 [ 610.449500][T14415] ? security_capable+0x89/0xb0 [ 610.454388][T14415] genl_rcv_msg+0x619/0x7a0 [ 610.458952][T14415] ? genl_bind+0x360/0x360 [ 610.463409][T14415] ? hwsim_tx_info_frame_received_nl+0xd60/0xd60 [ 610.469766][T14415] ? perf_trace_run_bpf_submit+0xf4/0x1c0 [ 610.475524][T14415] netlink_rcv_skb+0x241/0x4d0 [ 610.480332][T14415] ? genl_bind+0x360/0x360 [ 610.484781][T14415] ? netlink_ack+0x1180/0x1180 [ 610.489590][T14415] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 610.495794][T14415] ? down_read+0x1ac/0x2e0 [ 610.500235][T14415] genl_rcv+0x28/0x40 [ 610.504235][T14415] netlink_unicast+0x751/0x8d0 [ 610.509052][T14415] netlink_sendmsg+0x8d0/0xbf0 [ 610.513856][T14415] ? lockdep_hardirqs_on+0x98/0x150 [ 610.519091][T14415] ? netlink_getsockopt+0x590/0x590 [ 610.524331][T14415] ? aa_sock_msg_perm+0x94/0x150 [ 610.529320][T14415] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 610.534653][T14415] ? security_socket_sendmsg+0x80/0xa0 [ 610.540149][T14415] ? netlink_getsockopt+0x590/0x590 [ 610.545381][T14415] ____sys_sendmsg+0x5ba/0x960 [ 610.550184][T14415] ? __asan_memset+0x22/0x40 [ 610.554834][T14415] ? __sys_sendmsg_sock+0x30/0x30 [ 610.559875][T14415] ? __import_iovec+0x5f2/0x850 [ 610.564752][T14415] ? import_iovec+0x73/0xa0 [ 610.569294][T14415] ___sys_sendmsg+0x2a6/0x360 [ 610.573998][T14415] ? __sys_sendmsg+0x2a0/0x2a0 [ 610.578822][T14415] __se_sys_sendmsg+0x1c2/0x2b0 [ 610.583700][T14415] ? __x64_sys_sendmsg+0x80/0x80 [ 610.588664][T14415] ? syscall_enter_from_user_mode+0x2e/0x80 [ 610.594591][T14415] do_syscall_64+0x55/0xa0 [ 610.599037][T14415] ? clear_bhb_loop+0x40/0x90 [ 610.603748][T14415] ? clear_bhb_loop+0x40/0x90 [ 610.608458][T14415] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 610.614379][T14415] RIP: 0033:0x7f923cb9c819 [ 610.618842][T14415] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 610.638460][T14415] RSP: 002b:00007f923d9a6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 610.646891][T14415] RAX: ffffffffffffffda RBX: 00007f923ce15fa0 RCX: 00007f923cb9c819 [ 610.654880][T14415] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000a [ 610.662871][T14415] RBP: 00007f923cc32c91 R08: 0000000000000000 R09: 0000000000000000 [ 610.670861][T14415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 610.678860][T14415] R13: 00007f923ce16038 R14: 00007f923ce15fa0 R15: 00007ffdc980f6b8 [ 610.686878][T14415] [ 611.286282][T14435] mac80211_hwsim hwsim30 »»»»»»: renamed from wlan0 [ 612.752255][T14479] mac80211_hwsim hwsim27 »»»»»»: renamed from wlan0 [ 613.379837][T14499] netlink: 'syz.2.3256': attribute type 10 has an invalid length. [ 613.389363][T14499] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.3256'. [ 614.023083][T14521] netlink: 'syz.3.3266': attribute type 10 has an invalid length. [ 614.057831][T14521] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.3266'. [ 614.825779][T14546] netlink: 'syz.4.3276': attribute type 10 has an invalid length. [ 614.835550][T14546] netlink: 210880 bytes leftover after parsing attributes in process `syz.4.3276'. [ 614.970177][T14548] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 614.977616][T14548] IPv6: NLM_F_CREATE should be set when creating new route [ 614.985161][T14548] IPv6: NLM_F_CREATE should be set when creating new route [ 614.992627][T14548] IPv6: NLM_F_CREATE should be set when creating new route [ 616.084526][T14577] netlink: 'syz.2.3289': attribute type 10 has an invalid length. [ 616.092977][T14577] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.3289'. [ 616.793720][T14601] netlink: 'syz.4.3300': attribute type 10 has an invalid length. [ 616.802338][T14601] netlink: 210880 bytes leftover after parsing attributes in process `syz.4.3300'. [ 617.551088][T14622] netlink: 'syz.2.3309': attribute type 10 has an invalid length. [ 617.561183][T14622] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.3309'. [ 618.655774][T14646] netlink: 'syz.4.3319': attribute type 10 has an invalid length. [ 618.723667][T14646] netlink: 210880 bytes leftover after parsing attributes in process `syz.4.3319'. [ 619.760024][T14673] netlink: 'syz.4.3328': attribute type 10 has an invalid length. [ 619.808819][T14673] netlink: 210880 bytes leftover after parsing attributes in process `syz.4.3328'. [ 620.925430][T14696] netlink: 'syz.2.3337': attribute type 10 has an invalid length. [ 620.935976][T14696] netlink: 181084 bytes leftover after parsing attributes in process `syz.2.3337'. [ 620.957807][T14697] netlink: 'syz.0.3343': attribute type 10 has an invalid length. [ 620.966115][T14697] netlink: 210880 bytes leftover after parsing attributes in process `syz.0.3343'. [ 622.071010][T14721] netlink: 'syz.4.3347': attribute type 10 has an invalid length. [ 622.079193][T14721] netlink: 181084 bytes leftover after parsing attributes in process `syz.4.3347'. [ 622.772738][T14738] netlink: 'syz.3.3353': attribute type 10 has an invalid length. [ 622.793955][T14738] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.3353'. [ 624.541018][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.557922][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.883395][T14784] netlink: 'syz.4.3369': attribute type 10 has an invalid length. [ 624.894653][T14784] netlink: 210880 bytes leftover after parsing attributes in process `syz.4.3369'. [ 625.665292][T14808] netlink: 'syz.2.3379': attribute type 10 has an invalid length. [ 625.679738][T14808] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.3379'. [ 626.629518][T14831] netlink: 'syz.3.3389': attribute type 10 has an invalid length. [ 626.649065][T14831] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.3389'. [ 627.778303][T14856] netlink: 'syz.3.3401': attribute type 10 has an invalid length. [ 627.810268][T14856] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.3401'. [ 629.123308][T14885] netlink: 'syz.2.3413': attribute type 10 has an invalid length. [ 629.132130][T14885] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.3413'. [ 630.502604][T14913] netlink: 'syz.2.3424': attribute type 10 has an invalid length. [ 630.533398][T14913] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.3424'. [ 631.364318][T14934] netlink: 'syz.2.3434': attribute type 10 has an invalid length. [ 631.374785][T14934] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.3434'. [ 631.437807][T14937] delete_channel: no stack [ 632.395026][T14960] netlink: 'syz.2.3445': attribute type 10 has an invalid length. [ 632.421352][T14960] netlink: 210880 bytes leftover after parsing attributes in process `syz.2.3445'. [ 633.081359][T14983] netlink: 'syz.4.3457': attribute type 10 has an invalid length. [ 633.103316][T14983] netlink: 210880 bytes leftover after parsing attributes in process `syz.4.3457'. [ 633.270655][T14988] netlink: 'syz.3.3460': attribute type 21 has an invalid length. [ 633.297561][T14988] netlink: 16166 bytes leftover after parsing attributes in process `syz.3.3460'. [ 636.578054][T15026] netlink: 'syz.2.3474': attribute type 21 has an invalid length. [ 636.586541][T15026] netlink: 16166 bytes leftover after parsing attributes in process `syz.2.3474'. [ 636.776786][ T5777] Bluetooth: hci3: command 0x0406 tx timeout [ 639.211214][T15065] netlink: 'syz.4.3486': attribute type 21 has an invalid length. [ 639.229466][T15065] netlink: 16166 bytes leftover after parsing attributes in process `syz.4.3486'. [ 641.493270][T15121] netlink: 'syz.0.3513': attribute type 10 has an invalid length. [ 641.504672][T15121] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 641.524285][T15121] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 641.536674][T15121] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 641.546623][T15121] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 641.558750][T15124] netlink: 'syz.0.3513': attribute type 9 has an invalid length. [ 641.572264][T15124] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.3513'. [ 641.756276][T15125] netlink: 'syz.0.3513': attribute type 9 has an invalid length. [ 641.771093][T15125] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.3513'. [ 642.124706][T15141] netlink: 'syz.4.3522': attribute type 10 has an invalid length. [ 642.133455][T15141] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3522'. [ 642.146279][T15141] ipvlan1: entered promiscuous mode [ 642.167981][T15141] ipvlan1: entered allmulticast mode [ 642.173638][T15141] veth0_vlan: entered allmulticast mode [ 642.215449][T15141] bridge0: port 5(ipvlan1) entered blocking state [ 642.230834][T15141] bridge0: port 5(ipvlan1) entered disabled state [ 642.260088][T15141] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 642.511782][T15152] netlink: 'syz.4.3527': attribute type 10 has an invalid length. [ 642.521844][T15152] netlink: 181084 bytes leftover after parsing attributes in process `syz.4.3527'. [ 643.860799][T15186] netlink: 'syz.2.3539': attribute type 10 has an invalid length. [ 643.873708][T15186] netlink: 181084 bytes leftover after parsing attributes in process `syz.2.3539'. [ 644.016633][T15190] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 644.234256][T15198] netlink: 'syz.2.3545': attribute type 10 has an invalid length. [ 644.243995][T15198] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 644.253615][T15198] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 644.263520][T15198] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 644.275036][T15198] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 644.301117][T15199] netlink: 'syz.2.3545': attribute type 9 has an invalid length. [ 644.329112][T15199] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.3545'. [ 644.449758][T15202] netlink: 'syz.3.3546': attribute type 10 has an invalid length. [ 644.465400][T15202] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3546'. [ 644.501681][T15200] netlink: 'syz.2.3545': attribute type 9 has an invalid length. [ 644.517742][T15200] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.3545'. [ 644.936888][ T29] INFO: task syz.1.2540:12469 blocked for more than 143 seconds. [ 644.944921][ T29] Not tainted syzkaller #0 [ 644.953466][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 644.964577][ T29] task:syz.1.2540 state:D stack:26856 pid:12469 ppid:5770 flags:0x00004006 [ 644.974118][ T29] Call Trace: [ 644.977420][ T29] [ 644.981393][ T29] __schedule+0x1553/0x45a0 [ 644.986014][ T29] ? rcu_is_watching+0x15/0xb0 [ 644.992418][ T29] ? asan.module_dtor+0x20/0x20 [ 644.997352][ T29] ? trace_contention_end+0x39/0xe0 [ 645.004962][ T29] ? task_work_cancel+0xa5/0x220 [ 645.010145][ T29] ? task_work_cancel_func+0x210/0x210 [ 645.016134][ T29] schedule+0xbd/0x170 [ 645.020416][ T29] ? _free_event+0xfe/0xf30 [ 645.024977][ T29] _free_event+0x174/0xf30 [ 645.033461][ T29] perf_event_release_kernel+0x842/0x8d0 [ 645.039394][ T29] ? __might_sleep+0xe0/0xe0 [ 645.044048][ T29] ? calc_timer_values+0x400/0x400 [ 645.049323][ T29] ? __fput+0x61c/0x970 [ 645.054399][ T29] ? perf_mmap+0x15c0/0x15c0 [ 645.059081][ T29] perf_release+0x3b/0x40 [ 645.063463][ T29] __fput+0x234/0x970 [ 645.067506][ T29] task_work_run+0x1d4/0x260 [ 645.072531][ T29] ? task_work_cancel+0x220/0x220 [ 645.077651][ T29] do_exit+0x95a/0x2460 [ 645.082382][ T29] ? trace_irq_disable+0x37/0xe0 [ 645.087375][ T29] ? lock_chain_count+0x20/0x20 [ 645.095935][ T29] ? put_task_struct+0xc0/0xc0 [ 645.100820][ T29] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 645.107019][ T29] ? lockdep_hardirqs_on+0x98/0x150 [ 645.112277][ T29] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 645.118505][ T29] do_group_exit+0x21b/0x2d0 [ 645.123145][ T29] get_signal+0x12fc/0x13f0 [ 645.127769][ T29] arch_do_signal_or_restart+0xc2/0x800 [ 645.133353][ T29] ? mutex_unlock+0x10/0x10 [ 645.138179][ T29] ? get_sigframe_size+0x20/0x20 [ 645.143202][ T29] ? ksys_write+0x1fb/0x260 [ 645.148062][ T29] ? exit_to_user_mode_loop+0x3b/0x110 [ 645.153574][ T29] exit_to_user_mode_loop+0x70/0x110 [ 645.159265][ T29] exit_to_user_mode_prepare+0xee/0x180 [ 645.164857][ T29] syscall_exit_to_user_mode+0x1a/0x50 [ 645.175016][ T29] do_syscall_64+0x61/0xa0 [ 645.179499][ T29] ? clear_bhb_loop+0x40/0x90 [ 645.184235][ T29] ? clear_bhb_loop+0x40/0x90 [ 645.189001][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 645.194925][ T29] RIP: 0033:0x7f477ed9c819 [ 645.199466][ T29] RSP: 002b:00007f477fbbe028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 645.208002][ T29] RAX: 0000000000000012 RBX: 00007f477f015fa0 RCX: 00007f477ed9c819 [ 645.216938][ T29] RDX: 0000000000000012 RSI: 0000200000000080 RDI: 0000000000000007 [ 645.224999][ T29] RBP: 00007f477ee32c91 R08: 0000000000000000 R09: 0000000000000000 [ 645.233044][ T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 645.241113][ T29] R13: 00007f477f016038 R14: 00007f477f015fa0 R15: 00007ffc11fd2a78 [ 645.249506][ T29] [ 645.264227][ T29] [ 645.264227][ T29] Showing all locks held in the system: [ 645.272102][ T29] 1 lock held by khungtaskd/29: [ 645.277000][ T29] #0: ffffffff8d1320a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 [ 645.302734][ T29] 3 locks held by kworker/u4:7/1301: [ 645.321541][ T29] #0: ffff888017c71538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 645.337081][ T29] #1: ffffc90004c5fd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 645.360886][ T29] #2: ffffffff8e3c2748 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 645.371639][ T29] 3 locks held by udevd/5138: [ 645.376382][ T29] #0: ffff8880b8f3c018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 645.389924][ T29] #1: ffffffff8d1320a0 (rcu_read_lock){....}-{1:2}, at: ___perf_sw_event+0x199/0x730 [ 645.401093][ T29] #2: ffffffff8d1320a0 (rcu_read_lock){....}-{1:2}, at: dput+0x3b/0x1e0 [ 645.409882][ T29] 2 locks held by getty/5525: [ 645.414767][ T29] #0: ffff88803189a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 645.426370][ T29] #1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x433/0x1390 [ 645.437488][ T29] 2 locks held by kworker/0:4/5775: [ 645.444507][ T29] #0: ffff888017c72538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 645.456529][ T29] #1: ffffc90004b2fd00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 645.468770][ T29] 2 locks held by syz.2.3560/15215: [ 645.474166][ T29] #0: ffffffff8d1880e8 (event_mutex){+.+.}-{3:3}, at: perf_trace_destroy+0x2e/0x140 [ 645.483822][ T29] #1: ffffffff8d137a78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x3da/0x880 [ 645.494982][ T29] 2 locks held by syz.3.3552/15219: [ 645.501783][ T29] #0: ffffffff8e3c2748 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x41/0x1c0 [ 645.510922][ T29] #1: ffffffff8d137a78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x306/0x880 [ 645.531046][ T29] [ 645.537736][ T29] ============================================= [ 645.537736][ T29] [ 645.546562][ T29] NMI backtrace for cpu 1 [ 645.550940][ T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 645.558166][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 645.568244][ T29] Call Trace: [ 645.571548][ T29] [ 645.574514][ T29] dump_stack_lvl+0x18c/0x250 [ 645.579239][ T29] ? show_regs_print_info+0x20/0x20 [ 645.584507][ T29] ? load_image+0x420/0x420 [ 645.589062][ T29] nmi_cpu_backtrace+0x3a6/0x3e0 [ 645.594045][ T29] ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0 [ 645.600253][ T29] ? _printk+0xde/0x130 [ 645.604447][ T29] ? load_image+0x420/0x420 [ 645.609005][ T29] ? load_image+0x420/0x420 [ 645.613540][ T29] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 645.619615][ T29] nmi_trigger_cpumask_backtrace+0x17a/0x2f0 [ 645.625596][ T29] watchdog+0xf3d/0xf80 [ 645.629791][ T29] ? watchdog+0x1e1/0xf80 [ 645.634174][ T29] kthread+0x2fa/0x390 [ 645.638254][ T29] ? hungtask_pm_notify+0x90/0x90 [ 645.643311][ T29] ? kthread_blkcg+0xd0/0xd0 [ 645.647927][ T29] ret_from_fork+0x48/0x80 [ 645.652383][ T29] ? kthread_blkcg+0xd0/0xd0 [ 645.657021][ T29] ret_from_fork_asm+0x11/0x20 [ 645.661809][ T29] [ 645.665683][ T29] Sending NMI from CPU 1 to CPUs 0: [ 645.671320][ C0] NMI backtrace for cpu 0 [ 645.671330][ C0] CPU: 0 PID: 32 Comm: kworker/u4:2 Not tainted syzkaller #0 [ 645.671346][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 645.671356][ C0] Workqueue: events_unbound nsim_dev_trap_report_work [ 645.671376][ C0] RIP: 0010:__sanitizer_cov_trace_switch+0x7f/0x120 [ 645.671400][ C0] Code: e9 bc 00 00 00 b9 01 00 00 00 48 85 c0 0f 84 ae 00 00 00 41 57 41 56 41 54 53 48 8b 54 24 20 65 4c 8b 05 84 8e 7c 7e 45 31 c9 08 49 ff c1 4c 39 c8 74 77 4e 8b 54 ce 10 65 44 8b 1d 72 8e 7c [ 645.671414][ C0] RSP: 0018:ffffc90000a8f530 EFLAGS: 00000246 [ 645.671426][ C0] RAX: 0000000000000008 RBX: 0000000000000000 RCX: 0000000000000003 [ 645.671436][ C0] RDX: ffffffff813b3f02 RSI: ffffffff8cfa07a0 RDI: 0000000000000004 [ 645.671448][ C0] RBP: ffffc90000a8f678 R08: ffff88801e645a00 R09: 0000000000000000 [ 645.671459][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: ffffc90000a8f628 [ 645.671468][ C0] R13: dffffc0000000000 R14: 0000000000000004 R15: ffffffff8f0f1814 [ 645.671480][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 645.671493][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 645.671516][ C0] CR2: 00007f7edafe92f8 CR3: 000000007aa60000 CR4: 00000000003506f0 [ 645.671538][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 645.671547][ C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 645.671556][ C0] Call Trace: [ 645.671561][ C0] [ 645.671573][ C0] unwind_next_frame+0x742/0x2970 [ 645.671595][ C0] ? process_scheduled_works+0xa5d/0x15d0 [ 645.671616][ C0] ? process_scheduled_works+0xa5d/0x15d0 [ 645.671634][ C0] ? stack_trace_save+0x100/0x100 [ 645.671653][ C0] arch_stack_walk+0x144/0x190 [ 645.671672][ C0] ? process_scheduled_works+0xa5d/0x15d0 [ 645.671694][ C0] stack_trace_save+0xaa/0x100 [ 645.671712][ C0] ? stack_trace_snprint+0xf0/0xf0 [ 645.671730][ C0] ? mark_lock+0x94/0x320 [ 645.671749][ C0] ? __lock_acquire+0x1347/0x7d40 [ 645.671769][ C0] kasan_set_track+0x4e/0x70 [ 645.671786][ C0] ? kasan_set_track+0x4e/0x70 [ 645.671801][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 645.671818][ C0] ? slab_post_alloc_hook+0x6e/0x4b0 [ 645.671840][ C0] ? kmem_cache_alloc_node+0x14c/0x320 [ 645.671861][ C0] ? __alloc_skb+0x103/0x2c0 [ 645.671874][ C0] ? nsim_dev_trap_report_work+0x293/0xb00 [ 645.671889][ C0] ? process_scheduled_works+0xa5d/0x15d0 [ 645.671936][ C0] __kasan_slab_alloc+0x6c/0x80 [ 645.671955][ C0] slab_post_alloc_hook+0x6e/0x4b0 [ 645.671982][ C0] kmem_cache_alloc_node+0x14c/0x320 [ 645.672009][ C0] ? __alloc_skb+0x103/0x2c0 [ 645.672025][ C0] __alloc_skb+0x103/0x2c0 [ 645.672042][ C0] nsim_dev_trap_report_work+0x293/0xb00 [ 645.672069][ C0] ? process_scheduled_works+0x96f/0x15d0 [ 645.672089][ C0] process_scheduled_works+0xa5d/0x15d0 [ 645.672125][ C0] ? worker_attach_to_pool+0x380/0x380 [ 645.672148][ C0] ? assign_work+0x3d2/0x5d0 [ 645.672170][ C0] worker_thread+0xa55/0xfc0 [ 645.672190][ C0] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 645.672223][ C0] kthread+0x2fa/0x390 [ 645.672237][ C0] ? pr_cont_work+0x560/0x560 [ 645.672256][ C0] ? kthread_blkcg+0xd0/0xd0 [ 645.672271][ C0] ret_from_fork+0x48/0x80 [ 645.672289][ C0] ? kthread_blkcg+0xd0/0xd0 [ 645.672304][ C0] ret_from_fork_asm+0x11/0x20 [ 645.672334][ C0] [ 645.695334][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 645.695365][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 645.695400][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 645.695423][ T29] Call Trace: [ 645.695444][ T29] [ 645.695472][ T29] dump_stack_lvl+0x18c/0x250 [ 645.695578][ T29] ? show_regs_print_info+0x20/0x20 [ 645.695657][ T29] ? load_image+0x420/0x420 [ 645.695756][ T29] panic+0x2dc/0x730 [ 645.695815][ T29] ? schedule_preempt_disabled+0x20/0x20 [ 645.695904][ T29] ? bpf_jit_dump+0xd0/0xd0 [ 645.695962][ T29] ? __irq_work_queue_local+0x13a/0x3b0 [ 645.696032][ T29] ? nmi_trigger_cpumask_backtrace+0x2a4/0x2f0 [ 645.696100][ T29] watchdog+0xf7c/0xf80 [ 645.696174][ T29] ? watchdog+0x1e1/0xf80 [ 645.696255][ T29] kthread+0x2fa/0x390 [ 645.696310][ T29] ? hungtask_pm_notify+0x90/0x90 [ 645.696378][ T29] ? kthread_blkcg+0xd0/0xd0 [ 645.696441][ T29] ret_from_fork+0x48/0x80 [ 645.696519][ T29] ? kthread_blkcg+0xd0/0xd0 [ 645.696594][ T29] ret_from_fork_asm+0x11/0x20 [ 645.696723][ T29] [ 645.699660][ T29] Kernel Offset: disabled [ 646.121125][ T29] Rebooting in 86400 seconds..