last executing test programs:

5.663199493s ago: executing program 4 (id=35845):
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="27032700590200000000002f1eafbcf706e10500000086ddffff1104ee162bd4b8bf4a82f6184b8a34f90186cee844000000080000000019", 0x38}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10c80, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x13)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
close(r1)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x2102)
write$cgroup_subtree(r2, &(0x7f00000006c0)=ANY=[@ANYBLOB="8f03000000000060007538e486dd630ace2211057300fe80000000000000875a65059ff57b00000000000000000000000000ac1414aa"], 0xcfa4)

5.539879888s ago: executing program 4 (id=35847):
socket$kcm(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffa}, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, 0x0}, 0x3000c085)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r1, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0)

5.232698748s ago: executing program 4 (id=35849):
r0 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x0, 0x0, 0x0, 0x0, 0x15, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0x0, 0x9}, {0x10000002, 0x0, 0x0, 0xc}]}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext, 0x10c002, 0x89}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x1c092, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0xb3e, 0xfffffffffffffff8}, 0x840, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10)
sendmsg$inet(r0, &(0x7f0000000140)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001940)='{', 0x34000}], 0x1}, 0x80d1)

4.58031131s ago: executing program 1 (id=35852):
r0 = socket$kcm(0x2, 0x922000000001, 0x106)
setsockopt$sock_attach_bpf(r0, 0x1, 0x1d, &(0x7f00000000c0)=r0, 0x4)
perf_event_open(&(0x7f00000010c0)={0x2, 0x80, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xc, 0x7}, 0x8601, 0x2000000, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000b00)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xd, 0x3, 0x0, &(0x7f0000000480)='GPL\x00'}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xfffbffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x108, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x1}, 0x0, 0x2, 0xfffffffe, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x7, &(0x7f0000000d80), 0x4)
close(0x3)

4.437924594s ago: executing program 3 (id=35854):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={0x0, 0x0, 0x52}, 0x28)
socket$kcm(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xd, 0x4, 0x4, 0xffffffff, 0x0, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x3, 0x300, 0x1, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
r0 = socket$kcm(0x2, 0x2, 0x73)
setsockopt$sock_attach_bpf(r0, 0x0, 0x29, 0x0, 0x17)

4.25827985s ago: executing program 2 (id=35855):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x1, 0x4, 0x8}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x2, 0x20029, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x401}, 0x806, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f00000008c0)="7a7fa22c2aff88df53ef2a2d280f", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

4.098485275s ago: executing program 1 (id=35856):
r0 = socket$kcm(0x2, 0x1, 0x84)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
socket$kcm(0x2b, 0x1, 0x0)
sendmsg(0xffffffffffffffff, 0x0, 0x20000040)
r1 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x208, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0xc2ba, 0x0, 0x4000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001240)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000aecd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad94ed406f21caf5adcf920569c00cc1199684fa75814709fea019af247c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c1faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6fab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b79db2e3d5986c82b5aa94e539b204d58f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c7160ec83070000020000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72b0000000000001cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2cc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78ac02ca3cdf6a662db1c9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad943e392955f4f979ea13201bafedcd2063d11dd665647223c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd89346cfbb5567e54d3504723177d356c4604b7a492ecec37e83efceefd7ca2533659edc8be05cc85451c6a14507434eb54b6f43caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffca9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a294351c5356c1d06c92cf8ce3c7c56cd31121624d74517fd3666277f670e812b28e2f30d035cee5d0e77a3c7220000000000000005a474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f034b8d3ebce68663ef5af469abe75b314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041e12282ce24463aaf28345bd168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f09000000000000004fc4bda3453602004535a976eacd3adaa4d2ee6fe0d072ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d401adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb40f7f02f750d6c977a191852c9ae031db044b2353199546609f9f69a6cfefdf879d447df53f3b9b70d10355b00300000000000000553d18a6cc50feeb7bfad9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f58fab987baab97a9bfbd8f185b5631820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe527340935aa3c0b4f3f45b418a18217747ae442e31560e5b741445ea2a1acee2a81425ff000000d2a0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51423b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f88735fce5115dc83ed73d8ee4a91322608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf5000000000000fa08ad0631c4b839688b22c4da2a6bc4cf45854d221a2d5f96bc64647f15daa2ba79cd0f4254ed55217912ef84bd2927df82fc061aef2920c49b2a90886da75561173fa186cb7ee86dd4285c4721eb428c953296bb2f5d825da54dbef07c1b349b4901e093d13e6b9a0000009b5b22e887bc061d40bcaf0aa18623fd9b7179ccc692ba74b531b65c4decf9d080a8ac7e82d4cde1267aa64b2a94fd87a009e6742c2ddc3a9d7eccbb1831b1fa218277c2814a91cab7cb59c697166d6f1bb1a360470000000000000000000000000000000000000000000000000000f9f9b4ce7e871f507084c8c88e0652decbe579b03ed84ea94597dd1059620a050f69ea03b99b4e19d35f4a3b54e96ae2172effecec80f6baa4bf69a6ebf5392882df78b0983e662dc0cb64b77f3f006b6b25443197ae93f0be6de5a703d003f00720943c0e4b33af00000000000000000021a688b2d7007fcc4b59f719afb0b3b7e0aee306ca70fe42bf4984a68f40e1fc043a03a17e4744359b87dc27c82d51cbeb64e52a28daeb6a78d6fe06181ecc840000"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48)
perf_event_open(0x0, 0x0, 0x100000000, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
setsockopt$sock_attach_bpf(r0, 0x84, 0x14, &(0x7f0000000040), 0x4)

4.079480276s ago: executing program 0 (id=35857):
r0 = socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x31}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x10040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x0, 0x20000}, 0x0, 0x0, 0x0, 0x6, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x6eab22e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xe2, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffffffffffff}, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffc}, 0x0, 0x100000000, 0xffffffffffffffff, 0x0)
socket$kcm(0x29, 0x5, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))
sendmsg$kcm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb92e0a4831371400000069bd6efb2502eaf60d000300020400bf050005001201", 0x2e}], 0x1}, 0x0)

3.94313093s ago: executing program 3 (id=35858):
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="27032700590200000000002f1eafbcf706e10500000086ddffff1104ee162bd4b8bf4a82f6184b8a34f90186cee844000000080000000019", 0x38}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10c80, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x13)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
close(r1)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x2102)
write$cgroup_subtree(r2, &(0x7f00000006c0)=ANY=[@ANYBLOB="8f03000000000060007538e486dd630ace2211057300fe80000000000000875a65059ff57b00000000000000000000000000ac1414aa"], 0xcfa4)

3.760387196s ago: executing program 4 (id=35859):
socket$kcm(0xa, 0x3, 0x73)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1, <r2=>0xffffffffffffffff}, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xa, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000020000007b8a00fe0000000087080000000000007b8af0ff00000000bda100000000000027000000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000008000000850000001a00000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x5350a0e2ad0fd2e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000007c0)={r3, 0x18000000000002a0, 0x16, 0x0, &(0x7f0000000100)="76389e6a65585578f830e900000058c54feb682e25d3", 0x0, 0x10001, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

3.708033318s ago: executing program 2 (id=35860):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
close(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1a69, 0x5}, 0x0, 0x5, 0x0, 0x0, 0x1}, 0x0, 0xb, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(r0, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x8b04, &(0x7f0000000000)={'wlan1\x00', @random="0200008d00"})

3.506294255s ago: executing program 2 (id=35861):
socket$kcm(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffa}, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10, 0x0}, 0x3000c085)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r1, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0)

3.506116425s ago: executing program 3 (id=35862):
r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000640)={@cgroup=r2, 0x24, 0x0, 0xffff, &(0x7f0000000580)=[0x0, 0x0], 0x2, 0x0, 0x0, 0x0, 0x0}, 0x40)

3.505184325s ago: executing program 0 (id=35871):
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="27032700590200000000002f1eafbcf706e10500000086ddffff1104ee162bd4b8bf4a82f6184b8a34f90186cee844000000080000000019", 0x38}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10c80, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x13)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
close(r1)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x2102)
write$cgroup_subtree(r2, &(0x7f00000006c0)=ANY=[@ANYBLOB="8f03000000000060007538e486dd630ace2211057300fe80000000000000875a65059ff57b00000000000000000000000000ac1414aa"], 0xcfa4)

3.504581575s ago: executing program 1 (id=35863):
perf_event_open(0x0, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xa}, 0x10c002, 0xac5d, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x3, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
recvmsg$unix(r0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x0)
r3 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r3, 0x6, 0x22, &(0x7f0000000200)=r2, 0x4)

3.323296601s ago: executing program 3 (id=35864):
socket$kcm(0x21, 0x2, 0x2)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
perf_event_open(&(0x7f0000000900)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffc}, 0x2420, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x8c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0}, 0x10800a, 0x6f5f, 0x8000, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x2, 0x922000000001, 0x106)
setsockopt$sock_attach_bpf(r1, 0x1, 0x25, &(0x7f00000002c0), 0x8)

3.322961661s ago: executing program 4 (id=35865):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000b0"], 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x18, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000800000850000001b"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, @perf_bp={0x0, 0x8}, 0x40, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_int(r3, &(0x7f0000000000), 0xfffffd26)

3.322548101s ago: executing program 2 (id=35866):
socket$kcm(0xa, 0x5, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000700)={&(0x7f0000000200)="d854f92f25f25b69259318e9d39c93c1f65b7539539a91280459404f5c99057ff02acbe38ca21eec06f53270a9cc13159eac1293f5e661a598de6f3747b2ef8013e72ceea8e3f32a2fe44e23f2e1aa355fa6a112eb74b0531b4e80d343528ebc282182bcbc60b5247466739b20d10ad27dfe0e148d04c993b1cfee8396d1a88bd7d0a19775bdb78ca10bfc09aba928d9bf38216865b09d869d1674c247aab0398d268e7d6e88a388831a6ed3fa359a86", &(0x7f0000000340)=""/77, 0x0, 0x0, 0xb4, 0x1, 0x4}, 0x38)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000002c80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3efd7ab4c41335d9, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x3801}, {0x2c}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0xffff0000}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.306377391s ago: executing program 0 (id=35867):
r0 = socket$kcm(0x2, 0x922000000001, 0x106)
setsockopt$sock_attach_bpf(r0, 0x1, 0x1d, &(0x7f00000000c0)=r0, 0x4)
perf_event_open(&(0x7f00000010c0)={0x2, 0x80, 0xb9, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xc, 0x7}, 0x8601, 0x2000000, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000b00)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xd, 0x3, 0x0, &(0x7f0000000480)='GPL\x00'}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @perf_config_ext, 0x10c002, 0xac5d}, 0x0, 0xfffbffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x108, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x1}, 0x0, 0x2, 0xfffffffe, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x7, &(0x7f0000000d80), 0x4)
close(0x3)

3.102155188s ago: executing program 0 (id=35868):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={0x0, 0x0, 0x52}, 0x28)
socket$kcm(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xd, 0x4, 0x4, 0xffffffff, 0x0, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x3, 0x300, 0x1, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
r0 = socket$kcm(0x2, 0x2, 0x73)
setsockopt$sock_attach_bpf(r0, 0x0, 0x29, 0x0, 0x17)

3.101981468s ago: executing program 1 (id=35869):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
socketpair(0xa, 0x2, 0x7, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x12, 0x8, 0x4, 0x7cb4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5}, 0x50)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000040)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000000500)=[{&(0x7f00000001c0)="c976a4b73330fd5218bdfef69ac4394b5d9b66e5e5f906070c21340621fc675d80", 0x21}, {&(0x7f0000000200)="e859285423e72230afd84ea7eac7c012bba5094ab75658c5d1b32082d3d3a3e3a6600e8c2fd18a436570e63597bcd86654b504ae36d33dffee7eae1fa8b3d5c1ce18b8f9406357fd949387ffbf4b99dd320ff2d5f28fb95bccd93216a9166ab0f846f57cb20eb687c93a4c30aa", 0x6d}, {&(0x7f0000000400)="0b867ada70c959fb1495d028d3bd45f1ea14f560aac29d8826ea9f0e128e1133e613016cd72e38b241be4bf4bbe3a4e9e5fa2ff4abed73156d84cb8b04255ae6d4876a4edf688ad6ba170a819ed8a8dfe6bafc9d42eea46dd79936fe4ed1ac39c9e08d020fee386007f610352b4254aa16eb38b6361d042810e419a7769119ef96c7a44bccad067038a35e549460e567facbb978881b226a47bd907706419d1d2e31a71531fa66a2d18d86974ae58b9a180dfb674cf3c70aaf48f14664a3debd33507e8f81a4", 0xc6}], 0x3, &(0x7f0000000540)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0xd}}, @ip_retopts={{0x38, 0x0, 0x7, {[@lsrr={0x83, 0x1b, 0xbe, [@multicast2, @private=0xa010102, @rand_addr=0x64010102, @broadcast, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @lsrr={0x83, 0xb, 0xd7, [@rand_addr=0x64010101, @multicast1]}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x400}}], 0x68}, 0x4004000)
recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f00000017c0)=""/4113, 0x1011}, {&(0x7f0000006740)=""/4170, 0x104a}, {&(0x7f0000000300)=""/128, 0x80}, {&(0x7f00000000c0)=""/193, 0xc1}], 0x4}, 0x10100)

3.091129058s ago: executing program 3 (id=35879):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$kcm(0xa, 0x922000000003, 0x11)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001540)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000001c0)="131a85f015872414836a5cd6f0bb3d97fb1e26e66b2f933768573a0698343b1c0684514c3e1c9922c31019951ff3b82031093cc957418e4a4b48dba82b118b76236402d7f776d4e9db6ccfee030d7169049e6c60010dec14b93d6e6780c3099ce2c017db6482365ba1b0c6b7d8e82b1ac6f379ba59e492830cc55d0f12bf6f58151590e4905d141173ddb0157ae01bc8788d4e9fe3b126852762a9ebc16e85e65167ff7cc03fef4a1594c933a6a407fbc60364bd5242b5c65bdd1e538b67ce2ca3711a59eeef9b9091ee91f83691106477351e56f995e0f56283a91c95621685864d42266bfa3dd6dc16f91e313d129f3ecb2f27ce9cafbf7b847dd2217e0b00285ca750d67b0aa0181b746b9e11df132d60670682d32494bc9913706b0e4ebfb47a71070ecdf6cd4efea8259002173851e265b43a0001a723d07c3f589a9b765e2b2e6bd1413d3c4ad14ff5759a11c8c8997e5bf0727d5398a8c7bbfca0b22501c8b8477b29c78db78cc5d95aae11f62955eeb3c8f2296176021ff9053900b1b6f32cb2c4bd654c2c6805504e2c31fa524c911ebe62b434572e024ede1e15df9ee334ae4d0fee8881a7304c5b7c17c15c2a3804b39f4b02e873e5e7f2366bd134621761b3ac11d5ef4ecd9d864336471a1723620fbdce473b87cd833bcf2467fa376601d17875f61003ca175b9d776c374910461bc29cd04a552efe20b3277eac59e457a1911552a919e0facb080d3c4c3ae8e670af1cbe1e2a2c19d6b9e5321e4df0250700aa86973a9f3ff768f9408546bd03a8be7b7c74f49c5db758b3d2047e43879bb69f4e9fd18e5c4a8cf175cfd983310677a2ca54108bbe05f32c24e34d8993e3148701bdf57fb8763938ae4327ae23770e602fe4f1925e0d95cb187a7aa12dd06114ec728f983fecbe5932bbf3bc83f35307b19407103161daa2545f54248995924c90a0271d065c5087197d0a4435bc3923a8c5f00eb00f6518f98174059d87eafaedb3af2abdcf1e5032c5ad1c714646301e9a4d5de05cf59c4c5caafbb3bf23ce4224ec9d486356989df548d64ab3f8fe9d58b9ef8b86e183c8d436c5d1860a0db1641389d5a227aeee811016369956587130c86c6b629934b1ad6694d6d60c3faeadaf2262abe61e5d683da3eabbe7f50c09415634a20ded7f8ec86c29fee69458936d12cd9ac9f8f19d33a512234a761bd21ca4b0db568d19d2772a5aad1018bae5c87c2ad0e40659854a540c6707a9439ad166eac6c5f9ec28b52fbcf16edcaf2e8d16236125ce1cfae02fdb2dd10938bdeecff0d98734b85de95e8dc5318f5282e3fd85cc73a36bedddb014fb12e6e53868e219a60e7589e13552bf5f83c7da348ac9685f215b424e7028cd8fb04b71efd2a830f7d0d00725f160e12fac925c86a09dac0c8df0ee99edc9ba1673582670273b7c667835368129f72459a180804488064a079da2e0f30d3b7870d10cf5244afa7c0c0ef9e3509972cae2ab2c48c0fd65f3af99e14fc8d1c9a393a5537b357a335d32d04e1894cf3e756331dd0610d358b2d2197a24c89e0e88ec9ab6dfadc26c3281c248a44a818b46a3399d2034b2176fb8e892d954ba5e9a09cacf36e511e252e4b61724a776705b0d118e407d3a115d52bf067e33e6b8d77b6deb50a3cbeace7c14f7d29a3e67ca92cc20a80a4b4a1a7ccafd0392e11b650567fce3630ea20279f89886b8777193288314a3dab8205953dfbcb8b19059c9cebfb3abccc7e8d7fe2a39d6bcf09df82fa39cbd01871295ee50028bfbe2755435375d276497d1ff86afe25043bd765e4d6204f94d8d2d97ccee92b340c55fb45e7d4a4570533816b020972455f8aac2636bbebfa44f08ca9a5d41be906d0bb81012cac6951ddec2e94be53df9c48588c762e77868d3c297b4ca6d43606b19f16d61ce35bfff5fde9356e24e5b8e709492fa4b1bf237980f592fb0cab461b8259dfcabcde8a11e7909ed9a3f40e89035a748787ce607748d39031380624b602c43021d9881d46fb36b3f3f9446a010b6bd10c57ebeb59985977505950640508b1509e8f2c5aefc25700ae4cf7abc3bc8761d22e1acdf3972e67f521dd10d83d89bd2c6af7441a2e71e4ccbe56de04c4a37aa6ee239e2eb49fccd4633b6eccccaca39dc59acd077eb1d22086075596f3b86c48ae00b611c9d732a1ad02df4d1727133473d612fa7d4a6427774e89284be3725587fcf3abc97370b62e6957dc63972aedcae924c7fff9a6a6466b0f14e3b64a36f506633caeb50d93a7f2bc37f9bfc1f8858a0a34f290fea00ee6d57907393ede213bdc64a677c3636d55b9606e1669eef6f66edb3a51d53130064272b9ad0c9446bcb4d94cd12ea3c6311", 0x691}], 0x1}, 0x4000080)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000880))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_devices(r0, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef289a630182700008"], 0xffdd)

2.150114989s ago: executing program 2 (id=35870):
r0 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x0, 0x0, 0x0, 0x0, 0x15, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0x0, 0x9}, {0x10000002, 0x0, 0x0, 0xc}]}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext, 0x10c002, 0x89}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x1c092, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0xb3e, 0xfffffffffffffff8}, 0x840, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10)
sendmsg$inet(r0, &(0x7f0000000140)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001940)='{', 0x34000}], 0x1}, 0x80d1)

2.149108629s ago: executing program 0 (id=35882):
r0 = socket$kcm(0x11, 0x200000000000002, 0x300)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000300)="d800000018008114e00212ba0d8105040a020200030f100b067c55a1bc000900b8000699040000000500160002038178a80015000400014002000e0901ac040000d67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f27260e970300000000000000000000000000000000000000008dc5", 0xd4}], 0x1}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000003840)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000380)="fbe6bd8dfcdda5a210b8cfefbd66f459c7261b927d25d3cf74d2f7c97735eba47f606a290d18492592230700000000000000081fdbd921ed4db0e67c9d5ab1452445a1e0da5ac68b13f4afe2712eeaad350d07", 0x53}], 0x1}, 0x0)
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0x12, &(0x7f00000008c0)=r3, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400090000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000010000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e1a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080e71113610e10d858e8327edb1fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18c65ae1bd4f4390af9a9ceafd07ed00b0000002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a891588d818a0afc0b3116a130974cac0615232f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a469398685211bbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72c7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9624d37c10223fdae7ed04935c3c9068000000bc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b40000000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f3ca1664fe2f3ced8416dc180604b60c2499d16d7d9158ffffffff00000000ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a9e90d7676074a0bde4471414c99d4894ee7f8139dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8070000001fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b2042b8ff8c21ad702cca54728acad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd20785f653b621491d04aaee0d409731091f4fb94c06006e3c1be2f633c1d987591ec3db58a7bb3042ec3f84e4272d2cc72d4e771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e1590bab105b0cb578af7dc7d5e87d48d376444e2de02f47c61e8e84ff828de457f34c2b08660b080efc707e676e1fb4d5865c0ca177a4c7fbb4e829ab0894a1062b445c00f576b2b5cc7f819abd0f885cc4806f47ffb966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d3676329bb8cda690d192a070886df42b2708398773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169cdfaa4252d4ea6b8f6216ff202b5bfc182cb5e8380100632d03a7ca6f6d0339f9953c30930804fdc3690d10ecb65dc5b47481edbf1eee2e8893e903054d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026def743f1213bf817becd9e5a225d67521d1128eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979030000007081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f324661351df747aa6a65872dfdcfa68f65bd06b4082d43e121861b5cc09b986bf56c747d9a1cc5b506892c3a16ff10feea20bdac89bfb758cf3500000000000000000000000000000098e6db5a96055e764a3bfd4ccb20d2e800994f4b602d25b2c076f21c7102687e054bb93b2d013be6227fd99902b074c0de00733128c81c48c5e140b17d71ac48f137d10798c4272826d2ba55bbda0059636528c132ed06759d880d1bc291a76456cd7ee8bcb392fdf886dbc74879ec4b831904d7c101ebbaef3c0ae6d0cf0000000000000000000000000000000011cb735f66a559ef0cdb5163a15c0bb986474bf5d9542e3e48805ce53127e4c076d69d868df543717aaaa07d7aca056f7f036c2bcba0795d1a64868a29ac5321b3cd6ef5b1a741afc7124ee3df3a35e8014d6cb5fd6c054a10bb2146174c1d68b45fcfd7e531090ceae2f05536a4d5d6a4081e743827fb9c031d1fc9f195c2da189c49eaed6c30c71da0452e502ef393efeb02ebe82b1851cae5fa7c958ba23110b5e0e5b890803f28a356b2920e74564e0f8377b0ba5187fed2882b4780a1bcb583f1cb1470003ef9b592b9461328cfc01ebfce0ecdcea714a517dc40000000000000000000000000006bd0561e1cc72880cc3ec1bdf35eb670a9040e3b53cd826b94ad8aeb014e74787fe89fb3247a87d8bfb6d400142369f88964708d1d4db5a5df9d62ea6d805dfce568b885a50ed8e2eaf8a932287a1d3bfac17774e58875a63b77e07298e4b4f515189c6fcac3cd35dac9240e633219bb6a5a25865e6ed8e16caa5406b56702afe0befcabbc9a2a772a1a087f0d633d457bceb695b2cba3a1a2daa2dda796373cc0fe0a53236d028fc1076bb746b2717c8b6052f58c91bb8cc19474ab9d4d2160773829f078727f6c684ca749136a7f46ca28b00bb4237695b4"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x2e0, 0xfe, 0x60000004, &(0x7f0000000100)="b9ff03076044238cb89e14f008000de0ffff00184000632b77fbac14140ce000006a62079f4b4d2f87e505ca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x25, &(0x7f0000000040)="ded6e0966ec1cf6ba4b897a54e4e062b311453dcbb62932a01105d0a8066ca8e5e1f2f575d0d6e996b57fd408d420abb7337934e59815d75b4eb3e7206afce", &(0x7f0000000380)="af5fa441b438b5156d8a9fcc090f586e979858f64170cde36889dcc8539ffcca62621a4c3ea3f7acee366e6fb0b94314f91731dec60fed6c9fee64af416c29f65e47110b81f6b4da06db5e1aad1f627acb", 0x0, 0x3}, 0x2c)

2.099650581s ago: executing program 1 (id=35872):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x1, 0x4, 0x8}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x2, 0x20029, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x401}, 0x806, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f00000008c0)="7a7fa22c2aff88df53ef2a2d280f", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.82378ms ago: executing program 3 (id=35873):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
close(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x10021, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1a69, 0x5}, 0x0, 0x5, 0x0, 0x0, 0x1}, 0x0, 0xb, 0xffffffffffffffff, 0xb)
ioctl$SIOCSIFHWADDR(r0, 0x8b1a, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x8b04, &(0x7f0000000000)={'wlan1\x00', @random="0200008d00"})

1.608ms ago: executing program 4 (id=35874):
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x7e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
recvmsg(r2, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)

915.8µs ago: executing program 0 (id=35885):
r0 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x0, 0x0, 0x0, 0x0, 0x15, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2, 0x0, 0x9}, {0x10000002, 0x0, 0x0, 0xc}]}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext, 0x10c002, 0x89}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x1c092, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0xb3e, 0xfffffffffffffff8}, 0x840, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10)
sendmsg$inet(r0, &(0x7f0000000140)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001940)='{', 0x34000}], 0x1}, 0x80d1)

575.16µs ago: executing program 2 (id=35875):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x13}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x6}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c000000040000000400000009"], 0x48)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0xffffffff, r1}, 0x38)

0s ago: executing program 1 (id=35886):
r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000640)={@cgroup=r2, 0x24, 0x0, 0xffff, &(0x7f0000000580)=[0x0, 0x0], 0x2, 0x0, 0x0, 0x0, 0x0}, 0x40)

kernel console output (not intermixed with test programs):

n invalid length.
[ 1964.378939][ T2307] netlink: 'syz.4.29514': attribute type 10 has an invalid length.
[ 1964.414352][ T2307] __nla_validate_parse: 1 callbacks suppressed
[ 1964.414374][ T2307] netlink: 65015 bytes leftover after parsing attributes in process `syz.4.29514'.
[ 1964.884475][ T2318] netlink: 'syz.4.29520': attribute type 13 has an invalid length.
[ 1965.402154][ T2328] netlink: 'syz.0.29532': attribute type 13 has an invalid length.
[ 1966.417707][ T2359] netlink: 14 bytes leftover after parsing attributes in process `syz.3.29537'.
[ 1966.457560][ T2359] openvswitch: netlink: Flow key attr not present in new flow.
[ 1966.847019][ T2367] netlink: 'syz.2.29540': attribute type 39 has an invalid length.
[ 1967.958015][ T2367] device hsr_slave_1 left promiscuous mode
[ 1968.345906][ T2398] netlink: 14 bytes leftover after parsing attributes in process `syz.2.29552'.
[ 1968.405619][ T2398] openvswitch: netlink: Flow key attr not present in new flow.
[ 1968.598296][ T2408] netlink: 'syz.0.29555': attribute type 2 has an invalid length.
[ 1968.612984][ T2408] netlink: 199848 bytes leftover after parsing attributes in process `syz.0.29555'.
[ 1969.777538][ T2444] netlink: 14 bytes leftover after parsing attributes in process `syz.4.29569'.
[ 1969.806969][ T2444] openvswitch: netlink: Flow key attr not present in new flow.
[ 1971.592984][ T2492] netlink: 'syz.0.29585': attribute type 39 has an invalid length.
[ 1974.550700][ T2611] netlink: 'syz.1.29625': attribute type 22 has an invalid length.
[ 1975.302493][ T2625] netlink: 'syz.4.29631': attribute type 27 has an invalid length.
[ 1975.326804][ T2625] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[ 1976.009212][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[ 1976.015637][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[ 1979.852679][ T2757] netlink: 'syz.2.29680': attribute type 27 has an invalid length.
[ 1979.898134][ T2757] C: renamed from team_slave_0
[ 1981.614334][ T2804] netlink: 'syz.3.29695': attribute type 27 has an invalid length.
[ 1981.654923][ T2804] C: renamed from team_slave_0
[ 1981.935770][   T48] Bluetooth: hci4: ACL packet too small
[ 1982.298895][ T2847] netlink: 'syz.3.29710': attribute type 3 has an invalid length.
[ 1982.355821][ T2847] netlink: 132 bytes leftover after parsing attributes in process `syz.3.29710'.
[ 1982.535716][ T2853] netlink: 'syz.1.29711': attribute type 27 has an invalid length.
[ 1982.581417][ T2853] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[ 1982.711832][ T2855] netlink: 'syz.4.29714': attribute type 2 has an invalid length.
[ 1982.725830][ T2855] netlink: 'syz.4.29714': attribute type 1 has an invalid length.
[ 1982.738606][ T2855] netlink: 'syz.4.29714': attribute type 4 has an invalid length.
[ 1982.763752][ T2855] netlink: 'syz.4.29714': attribute type 6 has an invalid length.
[ 1982.775188][ T2855] netlink: 'syz.4.29714': attribute type 7 has an invalid length.
[ 1982.789203][ T2855] netlink: 'syz.4.29714': attribute type 5 has an invalid length.
[ 1982.805386][ T2855] netlink: 206468 bytes leftover after parsing attributes in process `syz.4.29714'.
[ 1983.092591][ T2864] netlink: 192432 bytes leftover after parsing attributes in process `syz.1.29720'.
[ 1983.109938][ T2864] netlink: get zone limit has 4 unknown bytes
[ 1984.554062][ T2903] netlink: 116 bytes leftover after parsing attributes in process `syz.2.29735'.
[ 1984.571748][ T2903] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[ 1984.773692][ T2909] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.29749'.
[ 1985.080546][   T48] Bluetooth: hci2: ACL packet too small
[ 1985.544020][ T2931] validate_nla: 3 callbacks suppressed
[ 1985.544040][ T2931] netlink: 'syz.3.29750': attribute type 3 has an invalid length.
[ 1985.640704][ T2931] netlink: 116 bytes leftover after parsing attributes in process `syz.3.29750'.
[ 1985.701278][ T2931] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[ 1985.742013][   T48] Bluetooth: hci3: unexpected event 0x2c length: 151 > 17
[ 1987.914901][ T2977] netlink: 192432 bytes leftover after parsing attributes in process `syz.2.29767'.
[ 1987.934838][ T2977] netlink: get zone limit has 4 unknown bytes
[ 1987.946717][ T2979] netlink: 'syz.0.29766': attribute type 10 has an invalid length.
[ 1987.964995][ T2979] netlink: 65015 bytes leftover after parsing attributes in process `syz.0.29766'.
[ 1989.056428][ T2995] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.29787'.
[ 1990.261178][ T3029] netlink: 132 bytes leftover after parsing attributes in process `syz.0.29791'.
[ 1991.314126][   T48] Bluetooth: hci2: unexpected event 0x2c length: 151 > 17
[ 1991.600892][ T3060] netlink: 132 bytes leftover after parsing attributes in process `syz.1.29805'.
[ 1992.681849][ T3070] device syzkaller0 entered promiscuous mode
[ 1993.023162][ T3073] device syzkaller0 entered promiscuous mode
[ 1997.176494][ T3090] netlink: 132 bytes leftover after parsing attributes in process `syz.4.29817'.
[ 2002.696036][ T3188] device syzkaller0 entered promiscuous mode
[ 2004.971112][ T3222] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.29873'.
[ 2009.554872][ T3270] device syzkaller0 entered promiscuous mode
[ 2013.235787][ T3308] netlink: 'syz.3.29910': attribute type 10 has an invalid length.
[ 2013.255754][ T3308] bridge0: port 3(team0) entered disabled state
[ 2013.267716][ T3308] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2013.282675][ T3308] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2013.352143][ T3308] team0: Device bridge0 is already an upper device of the team interface
[ 2014.890626][ T3354] netlink: 60 bytes leftover after parsing attributes in process `syz.0.29927'.
[ 2015.016465][ T3358] netlink: 65039 bytes leftover after parsing attributes in process `syz.4.29930'.
[ 2018.427412][   T48] Bluetooth: hci0: unexpected event 0x03 length: 15 > 11
[ 2020.529065][ T3439] netlink: 10 bytes leftover after parsing attributes in process `syz.2.29961'.
[ 2020.610147][   T48] Bluetooth: hci2: unexpected event 0x03 length: 15 > 11
[ 2021.787623][ T3464] netlink: 15743 bytes leftover after parsing attributes in process `syz.2.29972'.
[ 2023.229207][ T3488] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.29978'.
[ 2026.907077][ T3520] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.29991'.
[ 2028.910517][ T3552] device pim6reg1 entered promiscuous mode
[ 2028.986712][ T3557] netlink: 112 bytes leftover after parsing attributes in process `syz.4.30004'.
[ 2029.948157][ T3563] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.30007'.
[ 2030.371017][ T3577] device syzkaller0 entered promiscuous mode
[ 2037.448498][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[ 2037.454881][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[ 2037.863216][ T3637] netlink: 61211 bytes leftover after parsing attributes in process `syz.2.30044'.
[ 2038.135137][ T3640] device syzkaller0 entered promiscuous mode
[ 2038.145033][ T3646] netlink: 10 bytes leftover after parsing attributes in process `syz.3.30035'.
[ 2040.479913][ T3651] netlink: 'syz.1.30038': attribute type 10 has an invalid length.
[ 2040.488634][ T3651] bridge0: port 3(team0) entered disabled state
[ 2040.495070][ T3651] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2040.502779][ T3651] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2040.522264][ T3651] team0: Device bridge0 is already an upper device of the team interface
[ 2040.543681][ T3662] netlink: 168 bytes leftover after parsing attributes in process `syz.4.30045'.
[ 2042.021595][ T3704] device syzkaller0 entered promiscuous mode
[ 2045.967512][ T3735] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.30075'.
[ 2046.002957][ T3734] netlink: 'syz.2.30074': attribute type 3 has an invalid length.
[ 2046.025764][ T3734] netlink: 199824 bytes leftover after parsing attributes in process `syz.2.30074'.
[ 2047.856969][ T3796] netlink: 61211 bytes leftover after parsing attributes in process `syz.3.30099'.
[ 2048.272428][ T3792] device syzkaller0 entered promiscuous mode
[ 2052.125315][ T3829] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.30113'.
[ 2053.120426][ T3865] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.30125'.
[ 2053.324633][ T3873] netlink: 'syz.4.30131': attribute type 25 has an invalid length.
[ 2053.343692][ T3873] netlink: 'syz.4.30131': attribute type 25 has an invalid length.
[ 2056.939085][ T3924] netlink: 'syz.4.30162': attribute type 2 has an invalid length.
[ 2056.964812][ T3924] netlink: 10 bytes leftover after parsing attributes in process `syz.4.30162'.
[ 2058.122555][ T3969] netlink: 'syz.3.30167': attribute type 25 has an invalid length.
[ 2058.136732][ T3969] netlink: 'syz.3.30167': attribute type 25 has an invalid length.
[ 2058.864523][ T3989] netlink: 'syz.1.30175': attribute type 9 has an invalid length.
[ 2058.894195][ T3989] netlink: 126588 bytes leftover after parsing attributes in process `syz.1.30175'.
[ 2062.551842][ T4045] netlink: 'syz.3.30205': attribute type 2 has an invalid length.
[ 2062.560315][ T4045] netlink: 10 bytes leftover after parsing attributes in process `syz.3.30205'.
[ 2068.234995][ T4187] netlink: 'syz.1.30251': attribute type 2 has an invalid length.
[ 2068.243225][ T4187] netlink: 128 bytes leftover after parsing attributes in process `syz.1.30251'.
[ 2069.134456][ T4218] netlink: 'syz.4.30264': attribute type 9 has an invalid length.
[ 2069.208028][ T4218] netlink: 61951 bytes leftover after parsing attributes in process `syz.4.30264'.
[ 2072.332016][ T4275] netlink: 'syz.0.30288': attribute type 9 has an invalid length.
[ 2072.363819][ T4275] netlink: 61951 bytes leftover after parsing attributes in process `syz.0.30288'.
[ 2074.459068][ T4314] netlink: 'syz.1.30303': attribute type 9 has an invalid length.
[ 2074.505395][ T4314] netlink: 61951 bytes leftover after parsing attributes in process `syz.1.30303'.
[ 2074.761925][ T4326] netlink: 144 bytes leftover after parsing attributes in process `syz.3.30309'.
[ 2074.923979][ T4330] netlink: 176 bytes leftover after parsing attributes in process `syz.4.30312'.
[ 2076.500560][ T4361] netlink: 144 bytes leftover after parsing attributes in process `syz.4.30325'.
[ 2077.961528][ T4396] netlink: 125520 bytes leftover after parsing attributes in process `syz.3.30350'.
[ 2078.189709][ T4408] netlink: 144 bytes leftover after parsing attributes in process `syz.1.30339'.
[ 2078.769639][ T4431] netlink: 125520 bytes leftover after parsing attributes in process `syz.1.30354'.
[ 2080.631004][ T4478] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.30374'.
[ 2080.834315][ T4489] netlink: 176 bytes leftover after parsing attributes in process `syz.1.30378'.
[ 2080.848152][ T4486] netlink: 'syz.2.30376': attribute type 4 has an invalid length.
[ 2080.905654][ T4486] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.30376'.
[ 2081.164475][ T4498] netlink: 168 bytes leftover after parsing attributes in process `syz.0.30381'.
[ 2082.748341][ T4531] netlink: 168 bytes leftover after parsing attributes in process `syz.2.30397'.
[ 2082.970167][ T4541] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.30401'.
[ 2083.264453][ T4551] netlink: 'syz.3.30406': attribute type 4 has an invalid length.
[ 2083.281322][ T4551] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.30406'.
[ 2083.478295][ T4562] netlink: 168 bytes leftover after parsing attributes in process `syz.3.30412'.
[ 2083.802206][ T4574] netlink: 9286 bytes leftover after parsing attributes in process `syz.4.30415'.
[ 2083.994757][ T4582] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[ 2084.088523][ T4586] netlink: 'syz.0.30421': attribute type 4 has an invalid length.
[ 2084.115050][ T4586] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.30421'.
[ 2085.184211][ T4629] netlink: 'syz.4.30439': attribute type 4 has an invalid length.
[ 2089.367207][ T4724] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[ 2090.593487][ T4767] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[ 2094.480340][ T4862] netlink: 'syz.3.30536': attribute type 7 has an invalid length.
[ 2094.505550][ T4862] __nla_validate_parse: 1 callbacks suppressed
[ 2094.505569][ T4862] netlink: 191184 bytes leftover after parsing attributes in process `syz.3.30536'.
[ 2098.887086][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[ 2098.893525][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[ 2099.352764][ T4918] netlink: 132 bytes leftover after parsing attributes in process `syz.0.30561'.
[ 2099.655145][ T4927] device syzkaller0 entered promiscuous mode
[ 2099.744330][ T4929] netlink: 'syz.3.30566': attribute type 1 has an invalid length.
[ 2100.130063][ T4940] netlink: 'syz.4.30571': attribute type 1 has an invalid length.
[ 2100.155314][ T4940] netlink: 'syz.4.30571': attribute type 4 has an invalid length.
[ 2100.181398][ T4940] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.30571'.
[ 2100.542410][ T4949] netlink: 'syz.3.30585': attribute type 1 has an invalid length.
[ 2100.579606][ T4949] netlink: 'syz.3.30585': attribute type 4 has an invalid length.
[ 2100.591537][ T4949] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.30585'.
[ 2100.851371][ T4957] netlink: 'syz.0.30579': attribute type 1 has an invalid length.
[ 2101.144443][ T4963] netlink: 132 bytes leftover after parsing attributes in process `syz.4.30580'.
[ 2101.743189][ T4985] netlink: 'syz.2.30591': attribute type 1 has an invalid length.
[ 2101.789810][ T4985] netlink: 'syz.2.30591': attribute type 4 has an invalid length.
[ 2101.833599][ T4985] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.30591'.
[ 2101.884944][ T4987] netlink: 'syz.4.30592': attribute type 1 has an invalid length.
[ 2103.484068][ T5010] netlink: 61967 bytes leftover after parsing attributes in process `syz.4.30603'.
[ 2103.680498][ T5014] netlink: 180900 bytes leftover after parsing attributes in process `syz.4.30604'.
[ 2103.695321][ T5014] openvswitch: netlink: Flow actions attr not present in new flow.
[ 2105.569448][ T5027] bridge0: port 4(batadv0) entered blocking state
[ 2105.587035][ T5027] bridge0: port 4(batadv0) entered disabled state
[ 2105.613422][ T5027] device batadv0 entered promiscuous mode
[ 2106.006475][T32587] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[ 2106.016449][T32587] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[ 2108.640643][ T5119] netlink: 9275 bytes leftover after parsing attributes in process `syz.4.30654'.
[ 2109.380260][ T5136] bridge0: port 4(batadv0) entered blocking state
[ 2109.408668][ T5136] bridge0: port 4(batadv0) entered disabled state
[ 2109.442447][ T5136] device batadv0 entered promiscuous mode
[ 2109.471944][ T5136] bridge0: port 4(batadv0) entered blocking state
[ 2109.478910][ T5136] bridge0: port 4(batadv0) entered forwarding state
[ 2109.727043][T21723] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[ 2109.736536][T21723] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[ 2113.052831][ T5168] bridge0: port 4(batadv0) entered blocking state
[ 2113.059853][ T5168] bridge0: port 4(batadv0) entered disabled state
[ 2113.068409][ T5168] device batadv0 entered promiscuous mode
[ 2113.310786][T21728] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[ 2113.320157][T21728] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[ 2113.420414][ T5180] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.30680'.
[ 2114.622999][ T5219] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.30695'.
[ 2115.885488][ T5257] netlink: 65047 bytes leftover after parsing attributes in process `syz.4.30712'.
[ 2119.713283][ T5338] netlink: 180900 bytes leftover after parsing attributes in process `syz.1.30747'.
[ 2119.738913][ T5338] openvswitch: netlink: Flow actions attr not present in new flow.
[ 2121.227227][ T5360] netlink: 'syz.0.30756': attribute type 22 has an invalid length.
[ 2122.008955][ T5378] netlink: 'syz.2.30773': attribute type 22 has an invalid length.
[ 2122.029428][ T5372] netlink: 180900 bytes leftover after parsing attributes in process `syz.0.30772'.
[ 2122.045936][ T5372] openvswitch: netlink: Flow actions attr not present in new flow.
[ 2122.373918][ T5387] sctp: [Deprecated]: syz.3.30768 (pid 5387) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2122.373918][ T5387] Use struct sctp_sack_info instead
[ 2123.261121][ T5408] netlink: 'syz.3.30778': attribute type 22 has an invalid length.
[ 2123.620694][ T5416] netlink: 180900 bytes leftover after parsing attributes in process `syz.3.30780'.
[ 2123.626775][ T5418] sctp: [Deprecated]: syz.4.30782 (pid 5418) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2123.626775][ T5418] Use struct sctp_sack_info instead
[ 2123.643446][ T5416] openvswitch: netlink: Flow actions attr not present in new flow.
[ 2123.959288][ T5425] sctp: [Deprecated]: syz.2.30785 (pid 5425) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2123.959288][ T5425] Use struct sctp_sack_info instead
[ 2123.963174][ T5426] sock: sock_timestamping_bind_phc: sock not bind to device
[ 2124.808134][ T5446] sctp: [Deprecated]: syz.1.30794 (pid 5446) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2124.808134][ T5446] Use struct sctp_sack_info instead
[ 2125.320540][ T5458] sctp: [Deprecated]: syz.1.30800 (pid 5458) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2125.320540][ T5458] Use struct sctp_sack_info instead
[ 2125.350124][ T5460] sock: sock_timestamping_bind_phc: sock not bind to device
[ 2126.848196][   T48] Bluetooth: hci2: unexpected event 0x01 length: 15 > 1
[ 2127.491551][ T5489] sctp: [Deprecated]: syz.0.30814 (pid 5489) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2127.491551][ T5489] Use struct sctp_sack_info instead
[ 2127.641263][ T5490] device syzkaller0 entered promiscuous mode
[ 2127.697681][ T5493] sock: sock_timestamping_bind_phc: sock not bind to device
[ 2128.024947][ T5499] netlink: 122896 bytes leftover after parsing attributes in process `syz.2.30820'.
[ 2130.492397][ T5518] device lo entered promiscuous mode
[ 2130.600184][ T5518] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[ 2130.994851][ T5532] device syzkaller0 entered promiscuous mode
[ 2136.230818][ T5616] netlink: 168 bytes leftover after parsing attributes in process `syz.2.30871'.
[ 2137.707778][ T5643] netlink: 122896 bytes leftover after parsing attributes in process `syz.4.30884'.
[ 2137.747207][ T5643] debugfs: Directory '.!
' with parent 'ieee80211' already present!
[ 2141.078239][ T5699] netlink: 'syz.2.30906': attribute type 3 has an invalid length.
[ 2141.116733][ T5699] netlink: 'syz.2.30906': attribute type 4 has an invalid length.
[ 2141.155535][ T5699] netlink: 9067 bytes leftover after parsing attributes in process `syz.2.30906'.
[ 2141.395667][ T5705] netlink: 'syz.0.30911': attribute type 39 has an invalid length.
[ 2142.877275][ T5737] netlink: 'syz.4.30923': attribute type 3 has an invalid length.
[ 2142.915107][ T5737] netlink: 'syz.4.30923': attribute type 4 has an invalid length.
[ 2142.952697][ T5737] netlink: 9067 bytes leftover after parsing attributes in process `syz.4.30923'.
[ 2144.562728][ T5768] netlink: 132 bytes leftover after parsing attributes in process `syz.1.30937'.
[ 2147.597873][ T5826] sock: sock_timestamping_bind_phc: sock not bind to device
[ 2148.942234][ T5856] sock: sock_timestamping_bind_phc: sock not bind to device
[ 2150.193621][ T5880] sock: sock_timestamping_bind_phc: sock not bind to device
[ 2150.501831][ T5894] netlink: 9275 bytes leftover after parsing attributes in process `syz.2.30996'.
[ 2151.043774][ T5913] sock: sock_timestamping_bind_phc: sock not bind to device
[ 2153.072923][   T48] Bluetooth: hci1: Malformed Event: 0x02
[ 2153.434213][ T5984] netlink: 'syz.3.31037': attribute type 2 has an invalid length.
[ 2153.983839][   T48] Bluetooth: hci3: Malformed Event: 0x02
[ 2154.444766][ T6031] netlink: 'syz.4.31057': attribute type 2 has an invalid length.
[ 2154.602396][ T6037] netlink: 'syz.2.31060': attribute type 7 has an invalid length.
[ 2154.628938][ T6037] netlink: 'syz.2.31060': attribute type 7 has an invalid length.
[ 2154.645924][ T6037] netlink: 198580 bytes leftover after parsing attributes in process `syz.2.31060'.
[ 2154.823122][   T48] Bluetooth: hci2: Malformed Event: 0x02
[ 2155.452275][ T6065] netlink: 'syz.1.31072': attribute type 2 has an invalid length.
[ 2158.564497][ T6088] netlink: 126288 bytes leftover after parsing attributes in process `syz.4.31091'.
[ 2159.386145][ T6091] netlink: 9275 bytes leftover after parsing attributes in process `syz.4.31083'.
[ 2160.329388][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[ 2160.335965][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[ 2160.997561][ T6108] skbuff: bad partial csum: csum=65535/127 headroom=178 headlen=65664
[ 2162.194131][ T6160] netlink: 9275 bytes leftover after parsing attributes in process `syz.2.31115'.
[ 2162.363006][ T6166] netlink: 'syz.2.31117': attribute type 2 has an invalid length.
[ 2163.377368][ T6201] skbuff: bad partial csum: csum=65535/127 headroom=178 headlen=65664
[ 2163.431480][ T6206] netlink: 'syz.0.31131': attribute type 2 has an invalid length.
[ 2164.312041][ T6236] netlink: 'syz.0.31150': attribute type 2 has an invalid length.
[ 2164.325129][ T6239] device pim6reg1 entered promiscuous mode
[ 2166.993078][ T6274] netlink: 'syz.3.31164': attribute type 2 has an invalid length.
[ 2166.994954][ T6278] device pim6reg1 entered promiscuous mode
[ 2169.143367][ T6320] netlink: 'syz.3.31182': attribute type 2 has an invalid length.
[ 2169.911800][ T6327] device pim6reg1 entered promiscuous mode
[ 2176.298806][   T48] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[ 2176.566574][ T6407] Bluetooth: hci4: unexpected subevent 0x01 length: 150 > 18
[ 2178.325393][T21671] Bluetooth: hci1: command 0x2016 tx timeout
[ 2178.645815][T21671] Bluetooth: hci4: command 0x2016 tx timeout
[ 2183.774929][T21671] Bluetooth: hci3: SCO packet for unknown connection handle 0
[ 2187.982391][ T6601] netlink: 9286 bytes leftover after parsing attributes in process `syz.4.31300'.
[ 2188.609675][T21671] Bluetooth: hci4: unexpected subevent 0x01 length: 150 > 18
[ 2189.035774][ T6628] netlink: 122896 bytes leftover after parsing attributes in process `syz.3.31313'.
[ 2189.108271][ T6628] debugfs: Directory '.!
' with parent 'ieee80211' already present!
[ 2189.256358][ T6631] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.31315'.
[ 2190.831245][ T6660] netlink: 64859 bytes leftover after parsing attributes in process `syz.3.31326'.
[ 2191.219248][ T6664] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.31329'.
[ 2192.507870][ T6696] netlink: 168 bytes leftover after parsing attributes in process `syz.3.31342'.
[ 2196.075097][ T6759] netlink: 122896 bytes leftover after parsing attributes in process `syz.1.31364'.
[ 2196.104846][ T6759] debugfs: Directory '.!
' with parent 'ieee80211' already present!
[ 2196.433963][ T6765] device syzkaller0 entered promiscuous mode
[ 2199.864288][ T6802] netlink: 122896 bytes leftover after parsing attributes in process `syz.4.31385'.
[ 2199.896946][ T6802] sysfs: cannot create duplicate filename '/class/ieee80211/.!
'
[ 2199.904885][ T6802] CPU: 1 PID: 6802 Comm: syz.4.31385 Not tainted syzkaller #0
[ 2199.912401][ T6802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 2199.922498][ T6802] Call Trace:
[ 2199.925818][ T6802]  <TASK>
[ 2199.928787][ T6802]  dump_stack_lvl+0x188/0x24e
[ 2199.933518][ T6802]  ? show_regs_print_info+0x12/0x12
[ 2199.938777][ T6802]  ? load_image+0x400/0x400
[ 2199.943329][ T6802]  sysfs_warn_dup+0x8a/0xa0
[ 2199.947848][ T6802]  sysfs_do_create_link_sd+0xc0/0x110
[ 2199.953251][ T6802]  device_add+0x7f6/0x1000
[ 2199.957767][ T6802]  wiphy_register+0x1d9f/0x2ac0
[ 2199.962641][ T6802]  ? cfg80211_event_work+0x40/0x40
[ 2199.967753][ T6802]  ? minstrel_ht_alloc+0x894/0xa20
[ 2199.972869][ T6802]  ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0
[ 2199.978956][ T6802]  ieee80211_register_hw+0x2d00/0x39f0
[ 2199.984427][ T6802]  ? ieee80211_register_hw+0xec1/0x39f0
[ 2199.989985][ T6802]  ? ieee80211_register_hw+0xec1/0x39f0
[ 2199.995535][ T6802]  ? ieee80211_tasklet_handler+0x20/0x20
[ 2200.001180][ T6802]  ? memset+0x1e/0x40
[ 2200.005178][ T6802]  ? __hrtimer_init+0x186/0x270
[ 2200.010082][ T6802]  mac80211_hwsim_new_radio+0x28c2/0x4c40
[ 2200.015830][ T6802]  hwsim_new_radio_nl+0xafa/0xce0
[ 2200.021037][ T6802]  genl_family_rcv_msg_doit+0x22a/0x330
[ 2200.026609][ T6802]  ? end_current_label_crit_section+0x170/0x170
[ 2200.032895][ T6802]  ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0
[ 2200.038806][ T6802]  ? bpf_lsm_capable+0x5/0x10
[ 2200.043507][ T6802]  ? security_capable+0x85/0xb0
[ 2200.048381][ T6802]  genl_rcv_msg+0x604/0x790
[ 2200.052912][ T6802]  ? genl_bind+0x360/0x360
[ 2200.057338][ T6802]  ? hwsim_tx_info_frame_received_nl+0xfc0/0xfc0
[ 2200.063698][ T6802]  netlink_rcv_skb+0x1fb/0x450
[ 2200.068486][ T6802]  ? genl_bind+0x360/0x360
[ 2200.072931][ T6802]  ? netlink_ack+0x1170/0x1170
[ 2200.077764][ T6802]  ? down_read+0x1a8/0x2d0
[ 2200.082206][ T6802]  genl_rcv+0x24/0x40
[ 2200.086225][ T6802]  netlink_unicast+0x74d/0x8d0
[ 2200.091646][ T6802]  netlink_sendmsg+0x8ad/0xbd0
[ 2200.096443][ T6802]  ? netlink_getsockopt+0x550/0x550
[ 2200.101677][ T6802]  ? aa_sock_msg_perm+0x94/0x150
[ 2200.106651][ T6802]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 2200.111959][ T6802]  ? security_socket_sendmsg+0x7c/0xa0
[ 2200.117463][ T6802]  ? netlink_getsockopt+0x550/0x550
[ 2200.122942][ T6802]  ____sys_sendmsg+0x5be/0x970
[ 2200.127739][ T6802]  ? __sys_sendmsg_sock+0x30/0x30
[ 2200.132787][ T6802]  ? __import_iovec+0x315/0x500
[ 2200.137688][ T6802]  ? import_iovec+0x6f/0xa0
[ 2200.142203][ T6802]  ___sys_sendmsg+0x2a2/0x360
[ 2200.146889][ T6802]  ? try_to_wake_up+0x6ae/0x1080
[ 2200.151933][ T6802]  ? __sys_sendmsg+0x290/0x290
[ 2200.156730][ T6802]  __se_sys_sendmsg+0x1bb/0x2a0
[ 2200.161627][ T6802]  ? __x64_sys_sendmsg+0x80/0x80
[ 2200.166597][ T6802]  ? lockdep_hardirqs_on+0x94/0x140
[ 2200.171891][ T6802]  do_syscall_64+0x4c/0xa0
[ 2200.176347][ T6802]  ? clear_bhb_loop+0x60/0xb0
[ 2200.181042][ T6802]  ? clear_bhb_loop+0x60/0xb0
[ 2200.185731][ T6802]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2200.191871][ T6802] RIP: 0033:0x7fabbc19ce59
[ 2200.196312][ T6802] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2200.215943][ T6802] RSP: 002b:00007fabbd037028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2200.224377][ T6802] RAX: ffffffffffffffda RBX: 00007fabbc415fa0 RCX: 00007fabbc19ce59
[ 2200.232352][ T6802] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[ 2200.240347][ T6802] RBP: 00007fabbc232d6f R08: 0000000000000000 R09: 0000000000000000
[ 2200.248333][ T6802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2200.256326][ T6802] R13: 00007fabbc416038 R14: 00007fabbc415fa0 R15: 00007ffeec580d58
[ 2200.264317][ T6802]  </TASK>
[ 2202.195826][ T6844] netlink: 'syz.3.31406': attribute type 29 has an invalid length.
[ 2202.219783][ T6844] netlink: 'syz.3.31406': attribute type 29 has an invalid length.
[ 2202.257472][ T6847] netlink: 'syz.3.31406': attribute type 29 has an invalid length.
[ 2202.307671][ T6844] netlink: 'syz.3.31406': attribute type 29 has an invalid length.
[ 2202.343181][ T6844] netlink: 'syz.3.31406': attribute type 29 has an invalid length.
[ 2202.393423][ T6847] netlink: 'syz.3.31406': attribute type 29 has an invalid length.
[ 2203.500143][ T6881] netlink: 'syz.1.31423': attribute type 29 has an invalid length.
[ 2203.529983][ T6881] netlink: 'syz.1.31423': attribute type 29 has an invalid length.
[ 2203.575696][ T6885] netlink: 'syz.1.31423': attribute type 29 has an invalid length.
[ 2203.593101][ T6881] netlink: 'syz.1.31423': attribute type 29 has an invalid length.
[ 2205.007230][ T6916] device syzkaller0 entered promiscuous mode
[ 2210.751603][ T6931] validate_nla: 4 callbacks suppressed
[ 2210.751619][ T6931] netlink: 'syz.0.31440': attribute type 29 has an invalid length.
[ 2210.767400][ T6966] netlink: 'syz.2.31453': attribute type 22 has an invalid length.
[ 2210.795441][ T6980] device sit0 entered promiscuous mode
[ 2211.263163][T21671] Bluetooth: hci4: unexpected subevent 0x03 length: 150 > 9
[ 2211.444608][ T7009] netlink: 'syz.3.31476': attribute type 22 has an invalid length.
[ 2211.445263][ T7012] netlink: 'syz.2.31474': attribute type 29 has an invalid length.
[ 2211.485858][ T7012] netlink: 'syz.2.31474': attribute type 29 has an invalid length.
[ 2211.506747][ T7015] netlink: 'syz.2.31474': attribute type 29 has an invalid length.
[ 2211.572645][ T7012] netlink: 'syz.2.31474': attribute type 29 has an invalid length.
[ 2211.597592][ T7012] netlink: 'syz.2.31474': attribute type 29 has an invalid length.
[ 2211.618795][ T7012] netlink: 'syz.2.31474': attribute type 29 has an invalid length.
[ 2211.936471][T21671] Bluetooth: hci3: unexpected subevent 0x03 length: 150 > 9
[ 2212.392937][ T7057] netlink: 'syz.4.31494': attribute type 29 has an invalid length.
[ 2212.619762][T21671] Bluetooth: hci0: unexpected subevent 0x03 length: 150 > 9
[ 2213.026358][ T7081] device syzkaller0 entered promiscuous mode
[ 2216.305608][ T7121] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.31524'.
[ 2217.148439][ T7148] netlink: 9275 bytes leftover after parsing attributes in process `syz.0.31537'.
[ 2219.186424][ T7196] device sit0 entered promiscuous mode
[ 2219.397544][ T7206] netlink: 9275 bytes leftover after parsing attributes in process `syz.3.31562'.
[ 2219.880651][ T7225] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.31582'.
[ 2220.251321][ T7237] device sit0 entered promiscuous mode
[ 2221.500677][ T7281] device sit0 entered promiscuous mode
[ 2221.770308][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[ 2221.776753][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[ 2222.053604][ T7298] netlink: 168 bytes leftover after parsing attributes in process `syz.3.31604'.
[ 2225.459080][ T7376] syz.2.31638[7376] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2225.459193][ T7376] syz.2.31638[7376] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2225.862857][ T7386] netlink: 168 bytes leftover after parsing attributes in process `syz.0.31645'.
[ 2226.923149][ T7412] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
[ 2227.336876][ T7421] netlink: 168 bytes leftover after parsing attributes in process `syz.1.31662'.
[ 2233.349115][ T7536] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.31726'.
[ 2235.410747][ T7563] netlink: 15119 bytes leftover after parsing attributes in process `syz.2.31729'.
[ 2235.450686][ T7564] syz.1.31739[7564] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2235.450812][ T7564] syz.1.31739[7564] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2237.444971][ T7608] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.31750'.
[ 2239.656575][ T7641] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.31764'.
[ 2240.901231][ T7666] netlink: 60 bytes leftover after parsing attributes in process `syz.4.31785'.
[ 2240.982250][ T7666] netlink: 60 bytes leftover after parsing attributes in process `syz.4.31785'.
[ 2244.208461][ T7730] device wg2 entered promiscuous mode
[ 2244.399401][ T7734] netlink: 60 bytes leftover after parsing attributes in process `syz.1.31803'.
[ 2244.425506][ T7734] netlink: 60 bytes leftover after parsing attributes in process `syz.1.31803'.
[ 2245.940228][ T7765] netlink: 60 bytes leftover after parsing attributes in process `syz.2.31819'.
[ 2245.992725][ T7765] netlink: 60 bytes leftover after parsing attributes in process `syz.2.31819'.
[ 2249.666965][ T7843] device wg2 entered promiscuous mode
[ 2253.240594][ T7924] validate_nla: 11 callbacks suppressed
[ 2253.240613][ T7924] netlink: 'syz.2.31886': attribute type 17 has an invalid length.
[ 2253.296875][ T7924] netlink: 'syz.2.31886': attribute type 16 has an invalid length.
[ 2253.311126][ T7924] netlink: 152 bytes leftover after parsing attributes in process `syz.2.31886'.
[ 2254.373533][ T7950] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.31899'.
[ 2254.934746][ T7964] netlink: 15999 bytes leftover after parsing attributes in process `syz.0.31906'.
[ 2254.987160][ T7964] netlink: 'syz.0.31906': attribute type 1 has an invalid length.
[ 2255.002525][ T7964] netlink: 15999 bytes leftover after parsing attributes in process `syz.0.31906'.
[ 2256.340742][ T7999] syz.2.31918[7999] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2256.350566][ T7999] syz.2.31918[7999] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2256.766174][ T8006] netlink: 'syz.4.31921': attribute type 17 has an invalid length.
[ 2256.865880][ T8006] netlink: 'syz.4.31921': attribute type 16 has an invalid length.
[ 2256.894756][ T8006] netlink: 152 bytes leftover after parsing attributes in process `syz.4.31921'.
[ 2258.995079][ T8046] netlink: 'syz.1.31939': attribute type 17 has an invalid length.
[ 2259.015745][ T8046] netlink: 'syz.1.31939': attribute type 16 has an invalid length.
[ 2259.041456][ T8046] netlink: 152 bytes leftover after parsing attributes in process `syz.1.31939'.
[ 2259.259948][ T8053] netlink: 15999 bytes leftover after parsing attributes in process `syz.4.31941'.
[ 2259.420731][ T8058] netlink: 'syz.4.31941': attribute type 1 has an invalid length.
[ 2259.477296][ T8052] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.31952'.
[ 2259.491942][ T8058] netlink: 15999 bytes leftover after parsing attributes in process `syz.4.31941'.
[ 2259.966191][ T8062] netlink: 'syz.1.31945': attribute type 7 has an invalid length.
[ 2262.029766][ T8095] syz.3.31963[8095] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2262.033503][ T8095] syz.3.31963[8095] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2262.136694][ T8097] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.31961'.
[ 2263.651264][T21671] Bluetooth: hci2: ISO packet for unknown connection handle 0
[ 2264.699718][ T8154] netlink: 'syz.2.31987': attribute type 7 has an invalid length.
[ 2265.333171][ T8180] netlink: 65047 bytes leftover after parsing attributes in process `syz.1.32001'.
[ 2266.398603][ T8195] syz.4.32007[8195] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2266.405950][ T8195] syz.4.32007[8195] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 2269.024107][ T8221] netlink: 'syz.0.32017': attribute type 2 has an invalid length.
[ 2269.112484][ T8221] netlink: 'syz.0.32017': attribute type 1 has an invalid length.
[ 2269.149969][ T8221] netlink: 185292 bytes leftover after parsing attributes in process `syz.0.32017'.
[ 2269.197984][ T8215] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.32014'.
[ 2271.280436][ T8265] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.32034'.
[ 2273.079834][ T8303] netlink: 56843 bytes leftover after parsing attributes in process `syz.1.32054'.
[ 2273.445262][ T8310] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.32057'.
[ 2273.951189][ T8318] netlink: 65047 bytes leftover after parsing attributes in process `syz.2.32069'.
[ 2275.090873][ T8334] netlink: 61967 bytes leftover after parsing attributes in process `syz.1.32065'.
[ 2276.540210][ T8356] netlink: 65047 bytes leftover after parsing attributes in process `syz.3.32074'.
[ 2276.972042][ T8366] netlink: 'syz.3.32078': attribute type 21 has an invalid length.
[ 2277.010940][ T8366] netlink: 14548 bytes leftover after parsing attributes in process `syz.3.32078'.
[ 2277.267574][ T8372] netlink: 56843 bytes leftover after parsing attributes in process `syz.3.32080'.
[ 2277.789481][ T8389] netlink: 56843 bytes leftover after parsing attributes in process `syz.2.32097'.
[ 2278.260162][ T8407] netlink: 'syz.2.32094': attribute type 4 has an invalid length.
[ 2278.279818][ T8407] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.32094'.
[ 2281.535306][ T8446] netlink: 'syz.4.32113': attribute type 21 has an invalid length.
[ 2281.543378][ T8446] netlink: 14548 bytes leftover after parsing attributes in process `syz.4.32113'.
[ 2282.734217][T21671] Bluetooth: hci0: unexpected subevent 0x04 length: 150 > 11
[ 2282.963269][ T8478] netlink: 'syz.1.32129': attribute type 21 has an invalid length.
[ 2283.035518][ T8478] netlink: 14548 bytes leftover after parsing attributes in process `syz.1.32129'.
[ 2283.213751][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[ 2283.222609][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[ 2283.380332][ T8493] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.32135'.
[ 2283.565439][ T8491] netlink: 'syz.1.32134': attribute type 4 has an invalid length.
[ 2283.585473][ T8491] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.32134'.
[ 2285.391950][T21671] Bluetooth: hci1: unexpected subevent 0x04 length: 150 > 11
[ 2286.074959][ T8562] netlink: 143932 bytes leftover after parsing attributes in process `syz.3.32166'.
[ 2286.106100][ T8562] netlink: zone id is out of range
[ 2286.111943][ T8562] netlink: zone id is out of range
[ 2286.143461][ T8562] netlink: zone id is out of range
[ 2286.165653][ T8562] netlink: zone id is out of range
[ 2286.170878][ T8562] netlink: zone id is out of range
[ 2286.195348][ T8562] netlink: zone id is out of range
[ 2286.215113][ T8562] netlink: zone id is out of range
[ 2286.221394][ T8562] netlink: zone id is out of range
[ 2286.242735][ T8562] netlink: zone id is out of range
[ 2286.275275][ T8562] netlink: zone id is out of range
[ 2286.339512][ T8566] netlink: 'syz.1.32170': attribute type 10 has an invalid length.
[ 2286.360205][ T8566] device hsr0 entered promiscuous mode
[ 2286.432649][ T8566] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 2286.467265][ T8566] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[ 2286.486601][ T8566] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[ 2286.500789][ T8566] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[ 2286.643214][T21671] Bluetooth: hci1: unexpected event 0x33 length: 15 > 10
[ 2286.831652][T21671] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[ 2286.847101][T21671] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0'
[ 2286.857070][T21671] CPU: 0 PID: 21671 Comm: kworker/u5:1 Not tainted syzkaller #0
[ 2286.864824][T21671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 2286.874898][T21671] Workqueue: hci1 hci_rx_work
[ 2286.879603][T21671] Call Trace:
[ 2286.882898][T21671]  <TASK>
[ 2286.885860][T21671]  dump_stack_lvl+0x188/0x24e
[ 2286.890652][T21671]  ? show_regs_print_info+0x12/0x12
[ 2286.895868][T21671]  ? load_image+0x400/0x400
[ 2286.900418][T21671]  sysfs_create_dir_ns+0x26a/0x290
[ 2286.905549][T21671]  ? sysfs_warn_dup+0xa0/0xa0
[ 2286.910343][T21671]  ? do_raw_spin_unlock+0x11d/0x230
[ 2286.915675][T21671]  kobject_add_internal+0x61c/0xcc0
[ 2286.920986][T21671]  kobject_add+0x160/0x230
[ 2286.925423][T21671]  ? kobject_init+0x1d0/0x1d0
[ 2286.930319][T21671]  ? klist_children_get+0x50/0x50
[ 2286.935596][T21671]  ? get_device_parent+0x121/0x3f0
[ 2286.940764][T21671]  device_add+0x48c/0x1000
[ 2286.945210][T21671]  ? kmem_cache_free+0xf7/0x290
[ 2286.950095][T21671]  hci_conn_add_sysfs+0xd1/0x1e0
[ 2286.955200][T21671]  le_conn_complete_evt+0x1062/0x1670
[ 2286.960735][T21671]  ? le_conn_complete_evt+0xe9/0x1670
[ 2286.966247][T21671]  ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0
[ 2286.972614][T21671]  ? bt_info+0x180/0x180
[ 2286.976898][T21671]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[ 2286.982633][T21671]  ? skb_pull_data+0xf7/0x200
[ 2286.987439][T21671]  hci_le_conn_complete_evt+0x183/0x440
[ 2286.993010][T21671]  ? hci_remote_host_features_evt+0x270/0x270
[ 2286.999534][T21671]  hci_event_packet+0x7b9/0x1280
[ 2287.004663][T21671]  ? bis_list+0x280/0x280
[ 2287.009012][T21671]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 2287.014933][T21671]  ? kcov_remote_start+0x4c7/0x7e0
[ 2287.020064][T21671]  ? mt_dump_node+0x750/0x1920
[ 2287.024846][T21671]  ? hci_send_to_monitor+0x9c/0x4a0
[ 2287.030068][T21671]  hci_rx_work+0x3eb/0xd40
[ 2287.034504][T21671]  ? _raw_spin_unlock+0x40/0x40
[ 2287.039386][T21671]  ? process_one_work+0x7b0/0x1160
[ 2287.044511][T21671]  process_one_work+0x8a2/0x1160
[ 2287.049476][T21671]  ? worker_detach_from_pool+0x240/0x240
[ 2287.055125][T21671]  ? _raw_spin_lock_irq+0xb7/0xf0
[ 2287.060170][T21671]  ? _raw_spin_lock_irqsave+0x100/0x100
[ 2287.065731][T21671]  ? kthread_data+0x4b/0xc0
[ 2287.070263][T21671]  worker_thread+0xaa2/0x1270
[ 2287.074985][T21671]  kthread+0x29d/0x330
[ 2287.079063][T21671]  ? worker_clr_flags+0x1a0/0x1a0
[ 2287.084140][T21671]  ? kthread_blkcg+0xd0/0xd0
[ 2287.088753][T21671]  ret_from_fork+0x1f/0x30
[ 2287.093313][T21671]  </TASK>
[ 2287.114266][T21671] kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 2287.127547][T21671] Bluetooth: hci1: failed to register connection device
[ 2287.470939][ T8590] netlink: 'syz.1.32188': attribute type 3 has an invalid length.
[ 2287.585313][ T8590] netlink: 'syz.1.32188': attribute type 1 has an invalid length.
[ 2287.593611][ T8590] netlink: 198452 bytes leftover after parsing attributes in process `syz.1.32188'.
[ 2288.212166][ T6407] Bluetooth: hci2: unexpected event 0x33 length: 15 > 10
[ 2288.216817][ T8606] netlink: 'syz.4.32185': attribute type 10 has an invalid length.
[ 2288.274553][ T8606] device hsr0 entered promiscuous mode
[ 2288.295462][ T8606] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 2288.319500][ T8606] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[ 2288.332912][ T8606] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[ 2288.346877][ T8606] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[ 2289.122222][ T6407] Bluetooth: hci0: unexpected event 0x33 length: 15 > 10
[ 2289.211850][ T6407] Bluetooth: hci1: command 0x2016 tx timeout
[ 2289.911865][ T8641] netlink: 'syz.2.32203': attribute type 10 has an invalid length.
[ 2289.922357][ T8641] device hsr0 entered promiscuous mode
[ 2289.948379][ T8641] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 2289.991131][ T8641] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[ 2290.050381][ T8641] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[ 2290.130223][ T8641] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[ 2290.187521][ T8647] netlink: 14 bytes leftover after parsing attributes in process `syz.1.32206'.
[ 2290.888948][T32570] wlan1: Trigger new scan to find an IBSS to join
[ 2291.189469][ T8669] net_ratelimit: 3542 callbacks suppressed
[ 2291.189492][ T8669] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 2291.285380][ T6407] Bluetooth: hci1: command 0x0406 tx timeout
[ 2291.323749][ T8669] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 2291.333836][ T8669] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 2291.343115][ T8669] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 2291.352381][ T8669] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 2291.361636][ T8669] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 2291.371072][ T8669] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 2291.380357][ T8669] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 2291.389786][ T8669] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 2291.399122][ T8669] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 2292.035032][ T8685] device syzkaller0 entered promiscuous mode
[ 2292.807293][T32587] wlan1: Trigger new scan to find an IBSS to join
[ 2293.845701][T32570] wlan1: Trigger new scan to find an IBSS to join
[ 2294.805563][T32570] wlan1: Trigger new scan to find an IBSS to join
[ 2295.845369][T32570] wlan1: Trigger new scan to find an IBSS to join
[ 2295.852160][T21728] wlan1: Trigger new scan to find an IBSS to join
[ 2296.869796][T32570] wlan1: Creating new IBSS network, BSSID f2:bf:bc:b4:65:69
[ 2297.846796][T32581] wlan1: Trigger new scan to find an IBSS to join
[ 2298.806706][T32570] wlan1: Creating new IBSS network, BSSID 46:b7:04:f4:92:36
[ 2299.845858][T32577] wlan1: Trigger new scan to find an IBSS to join
[ 2300.755823][T32570] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2301.582694][ T8907] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.32314'.
[ 2301.601372][ T8907] net_ratelimit: 9788 callbacks suppressed
[ 2301.601392][ T8907] netlink: zone id is out of range
[ 2301.615158][ T8907] netlink: zone id is out of range
[ 2301.805091][ T8907] netlink: del zone limit has 4 unknown bytes
[ 2302.811369][T32577] wlan1: Trigger new scan to find an IBSS to join
[ 2303.881663][T32570] wlan1: Creating new IBSS network, BSSID ca:4a:02:77:ed:9b
[ 2304.493252][ T8951] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.32344'.
[ 2304.525403][ T8951] netlink: zone id is out of range
[ 2304.612076][ T8951] netlink: zone id is out of range
[ 2304.852328][ T8951] netlink: del zone limit has 4 unknown bytes
[ 2308.062597][ T9028] can: request_module (can-proto-0) failed.
[ 2310.153940][ T9042] netlink: 'syz.4.32376': attribute type 10 has an invalid length.
[ 2310.187212][ T9042] bridge0: port 4(batadv0) entered disabled state
[ 2310.194394][ T9042] bridge0: port 3(team0) entered disabled state
[ 2310.201263][ T9042] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2310.208754][ T9042] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2310.326485][ T9042] team0: Device bridge0 is already an upper device of the team interface
[ 2310.677465][ T9048] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.32370'.
[ 2310.755727][ T9048] netlink: zone id is out of range
[ 2310.762680][ T9048] netlink: zone id is out of range
[ 2310.929544][ T9048] netlink: del zone limit has 4 unknown bytes
[ 2311.630076][ T9078] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 2311.636721][ T9078] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 2312.043312][ T9092] netlink: 168864 bytes leftover after parsing attributes in process `syz.4.32391'.
[ 2312.054124][ T9092] netlink: zone id is out of range
[ 2312.077694][ T9092] netlink: zone id is out of range
[ 2312.285622][ T9092] netlink: del zone limit has 4 unknown bytes
[ 2313.071684][ T9105] can: request_module (can-proto-0) failed.
[ 2314.766825][ T9115] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.32395'.
[ 2314.851676][ T9117] netlink: 122896 bytes leftover after parsing attributes in process `syz.4.32396'.
[ 2314.885102][ T9117] sysfs: cannot create duplicate filename '/class/ieee80211/.!
'
[ 2314.911301][ T9117] CPU: 0 PID: 9117 Comm: syz.4.32396 Not tainted syzkaller #0
[ 2314.918845][ T9117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 2314.928954][ T9117] Call Trace:
[ 2314.932271][ T9117]  <TASK>
[ 2314.935237][ T9117]  dump_stack_lvl+0x188/0x24e
[ 2314.939965][ T9117]  ? show_regs_print_info+0x12/0x12
[ 2314.945205][ T9117]  ? load_image+0x400/0x400
[ 2314.949773][ T9117]  sysfs_warn_dup+0x8a/0xa0
[ 2314.954317][ T9117]  sysfs_do_create_link_sd+0xc0/0x110
[ 2314.959739][ T9117]  device_add+0x7f6/0x1000
[ 2314.964451][ T9117]  wiphy_register+0x1d9f/0x2ac0
[ 2314.969343][ T9117]  ? cfg80211_event_work+0x40/0x40
[ 2314.974481][ T9117]  ? minstrel_ht_alloc+0x894/0xa20
[ 2314.979617][ T9117]  ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0
[ 2314.985716][ T9117]  ieee80211_register_hw+0x2d00/0x39f0
[ 2314.991204][ T9117]  ? ieee80211_register_hw+0xec1/0x39f0
[ 2314.996770][ T9117]  ? ieee80211_register_hw+0xec1/0x39f0
[ 2315.002335][ T9117]  ? ieee80211_tasklet_handler+0x20/0x20
[ 2315.007992][ T9117]  ? memset+0x1e/0x40
[ 2315.011990][ T9117]  ? __hrtimer_init+0x186/0x270
[ 2315.016859][ T9117]  mac80211_hwsim_new_radio+0x28c2/0x4c40
[ 2315.022615][ T9117]  hwsim_new_radio_nl+0xafa/0xce0
[ 2315.028277][ T9117]  genl_family_rcv_msg_doit+0x22a/0x330
[ 2315.033926][ T9117]  ? end_current_label_crit_section+0x170/0x170
[ 2315.040228][ T9117]  ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0
[ 2315.046148][ T9117]  ? bpf_lsm_capable+0x5/0x10
[ 2315.050862][ T9117]  ? security_capable+0x85/0xb0
[ 2315.055876][ T9117]  genl_rcv_msg+0x604/0x790
[ 2315.060583][ T9117]  ? genl_bind+0x360/0x360
[ 2315.065095][ T9117]  ? hwsim_tx_info_frame_received_nl+0xfc0/0xfc0
[ 2315.071554][ T9117]  netlink_rcv_skb+0x1fb/0x450
[ 2315.076329][ T9117]  ? genl_bind+0x360/0x360
[ 2315.080761][ T9117]  ? netlink_ack+0x1170/0x1170
[ 2315.085544][ T9117]  ? down_read+0x1a8/0x2d0
[ 2315.089995][ T9117]  genl_rcv+0x24/0x40
[ 2315.093986][ T9117]  netlink_unicast+0x74d/0x8d0
[ 2315.098772][ T9117]  netlink_sendmsg+0x8ad/0xbd0
[ 2315.103556][ T9117]  ? netlink_getsockopt+0x550/0x550
[ 2315.108780][ T9117]  ? aa_sock_msg_perm+0x94/0x150
[ 2315.113730][ T9117]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 2315.119026][ T9117]  ? security_socket_sendmsg+0x7c/0xa0
[ 2315.124500][ T9117]  ? netlink_getsockopt+0x550/0x550
[ 2315.129731][ T9117]  ____sys_sendmsg+0x5be/0x970
[ 2315.134520][ T9117]  ? __sys_sendmsg_sock+0x30/0x30
[ 2315.139589][ T9117]  ? __import_iovec+0x315/0x500
[ 2315.144497][ T9117]  ? import_iovec+0x6f/0xa0
[ 2315.149032][ T9117]  ___sys_sendmsg+0x2a2/0x360
[ 2315.153728][ T9117]  ? try_to_wake_up+0x67c/0x1080
[ 2315.158690][ T9117]  ? __sys_sendmsg+0x290/0x290
[ 2315.163511][ T9117]  __se_sys_sendmsg+0x1bb/0x2a0
[ 2315.168377][ T9117]  ? __x64_sys_sendmsg+0x80/0x80
[ 2315.173337][ T9117]  ? lockdep_hardirqs_on+0x94/0x140
[ 2315.178553][ T9117]  do_syscall_64+0x4c/0xa0
[ 2315.182980][ T9117]  ? clear_bhb_loop+0x60/0xb0
[ 2315.187856][ T9117]  ? clear_bhb_loop+0x60/0xb0
[ 2315.192547][ T9117]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2315.198461][ T9117] RIP: 0033:0x7fabbc19ce59
[ 2315.202885][ T9117] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2315.222502][ T9117] RSP: 002b:00007fabbd037028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2315.230970][ T9117] RAX: ffffffffffffffda RBX: 00007fabbc415fa0 RCX: 00007fabbc19ce59
[ 2315.238984][ T9117] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[ 2315.246968][ T9117] RBP: 00007fabbc232d6f R08: 0000000000000000 R09: 0000000000000000
[ 2315.254956][ T9117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2315.262940][ T9117] R13: 00007fabbc416038 R14: 00007fabbc415fa0 R15: 00007ffeec580d58
[ 2315.270943][ T9117]  </TASK>
[ 2315.293895][ T6407] Bluetooth: hci0: unexpected event 0x04 length: 15 > 10
[ 2316.195146][ T9142] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.32405'.
[ 2316.233016][ T9142] netlink: zone id is out of range
[ 2316.242303][ T9142] netlink: zone id is out of range
[ 2316.345828][ T9142] netlink: del zone limit has 4 unknown bytes
[ 2316.671801][ T9153] can: request_module (can-proto-0) failed.
[ 2317.365691][T21671] Bluetooth: hci0: command 0x0409 tx timeout
[ 2317.391479][ T9180] netlink: 63503 bytes leftover after parsing attributes in process `syz.4.32424'.
[ 2317.731503][ T9188] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.32426'.
[ 2317.771528][ T9188] netlink: zone id is out of range
[ 2317.803340][ T9188] netlink: zone id is out of range
[ 2317.999265][ T9188] netlink: del zone limit has 4 unknown bytes
[ 2318.010434][T21671] Bluetooth: hci4: unexpected event 0x04 length: 15 > 10
[ 2318.290482][ T9211] netlink: 'syz.3.32446': attribute type 10 has an invalid length.
[ 2318.311942][ T9211] team0: Device bridge0 is already an upper device of the team interface
[ 2318.394604][ T9206] can: request_module (can-proto-0) failed.
[ 2319.771173][ T6407] Bluetooth: hci3: unexpected event 0x04 length: 15 > 10
[ 2319.855489][ T9241] netlink: 122896 bytes leftover after parsing attributes in process `syz.2.32445'.
[ 2319.922780][ T9241] sysfs: cannot create duplicate filename '/class/ieee80211/.!
'
[ 2319.957618][ T9241] CPU: 1 PID: 9241 Comm: syz.2.32445 Not tainted syzkaller #0
[ 2319.965252][ T9241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 2319.975538][ T9241] Call Trace:
[ 2319.978860][ T9241]  <TASK>
[ 2319.981826][ T9241]  dump_stack_lvl+0x188/0x24e
[ 2319.986570][ T9241]  ? show_regs_print_info+0x12/0x12
[ 2319.991810][ T9241]  ? load_image+0x400/0x400
[ 2319.996373][ T9241]  sysfs_warn_dup+0x8a/0xa0
[ 2320.000922][ T9241]  sysfs_do_create_link_sd+0xc0/0x110
[ 2320.006345][ T9241]  device_add+0x7f6/0x1000
[ 2320.010812][ T9241]  wiphy_register+0x1d9f/0x2ac0
[ 2320.015742][ T9241]  ? cfg80211_event_work+0x40/0x40
[ 2320.020899][ T9241]  ? minstrel_ht_alloc+0x894/0xa20
[ 2320.026059][ T9241]  ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0
[ 2320.032186][ T9241]  ieee80211_register_hw+0x2d00/0x39f0
[ 2320.037700][ T9241]  ? ieee80211_register_hw+0xec1/0x39f0
[ 2320.043283][ T9241]  ? ieee80211_register_hw+0xec1/0x39f0
[ 2320.048865][ T9241]  ? ieee80211_tasklet_handler+0x20/0x20
[ 2320.054559][ T9241]  ? memset+0x1e/0x40
[ 2320.058623][ T9241]  ? __hrtimer_init+0x186/0x270
[ 2320.063615][ T9241]  mac80211_hwsim_new_radio+0x28c2/0x4c40
[ 2320.069401][ T9241]  hwsim_new_radio_nl+0xafa/0xce0
[ 2320.074482][ T9241]  genl_family_rcv_msg_doit+0x22a/0x330
[ 2320.080144][ T9241]  ? end_current_label_crit_section+0x170/0x170
[ 2320.086416][ T9241]  ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0
[ 2320.092340][ T9241]  ? bpf_lsm_capable+0x5/0x10
[ 2320.097125][ T9241]  ? security_capable+0x85/0xb0
[ 2320.102001][ T9241]  genl_rcv_msg+0x604/0x790
[ 2320.106539][ T9241]  ? genl_bind+0x360/0x360
[ 2320.111055][ T9241]  ? hwsim_tx_info_frame_received_nl+0xfc0/0xfc0
[ 2320.117414][ T9241]  netlink_rcv_skb+0x1fb/0x450
[ 2320.122212][ T9241]  ? genl_bind+0x360/0x360
[ 2320.126644][ T9241]  ? netlink_ack+0x1170/0x1170
[ 2320.131427][ T9241]  ? down_read+0x1a8/0x2d0
[ 2320.135855][ T9241]  genl_rcv+0x24/0x40
[ 2320.139855][ T9241]  netlink_unicast+0x74d/0x8d0
[ 2320.144637][ T9241]  netlink_sendmsg+0x8ad/0xbd0
[ 2320.149420][ T9241]  ? netlink_getsockopt+0x550/0x550
[ 2320.154633][ T9241]  ? aa_sock_msg_perm+0x94/0x150
[ 2320.159584][ T9241]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 2320.165035][ T9241]  ? security_socket_sendmsg+0x7c/0xa0
[ 2320.170594][ T9241]  ? netlink_getsockopt+0x550/0x550
[ 2320.175896][ T9241]  ____sys_sendmsg+0x5be/0x970
[ 2320.180680][ T9241]  ? __sys_sendmsg_sock+0x30/0x30
[ 2320.185715][ T9241]  ? __import_iovec+0x315/0x500
[ 2320.190584][ T9241]  ? import_iovec+0x6f/0xa0
[ 2320.195097][ T9241]  ___sys_sendmsg+0x2a2/0x360
[ 2320.199795][ T9241]  ? try_to_wake_up+0x67c/0x1080
[ 2320.204752][ T9241]  ? __sys_sendmsg+0x290/0x290
[ 2320.209584][ T9241]  __se_sys_sendmsg+0x1bb/0x2a0
[ 2320.214446][ T9241]  ? __x64_sys_sendmsg+0x80/0x80
[ 2320.219504][ T9241]  ? lockdep_hardirqs_on+0x94/0x140
[ 2320.224814][ T9241]  do_syscall_64+0x4c/0xa0
[ 2320.229244][ T9241]  ? clear_bhb_loop+0x60/0xb0
[ 2320.233937][ T9241]  ? clear_bhb_loop+0x60/0xb0
[ 2320.238634][ T9241]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2320.244546][ T9241] RIP: 0033:0x7faa2a79ce59
[ 2320.248980][ T9241] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2320.268865][ T9241] RSP: 002b:00007faa289f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2320.277384][ T9241] RAX: ffffffffffffffda RBX: 00007faa2aa15fa0 RCX: 00007faa2a79ce59
[ 2320.285369][ T9241] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[ 2320.293349][ T9241] RBP: 00007faa2a832d6f R08: 0000000000000000 R09: 0000000000000000
[ 2320.301332][ T9241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2320.309310][ T9241] R13: 00007faa2aa16038 R14: 00007faa2aa15fa0 R15: 00007ffea83fbd28
[ 2320.317326][ T9241]  </TASK>
[ 2320.320673][T21671] Bluetooth: hci4: command 0x0409 tx timeout
[ 2320.835718][T21671] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10
[ 2321.361185][ T9291] netlink: 122896 bytes leftover after parsing attributes in process `syz.1.32471'.
[ 2321.451362][ T9291] sysfs: cannot create duplicate filename '/class/ieee80211/.!
'
[ 2321.459867][ T9291] CPU: 0 PID: 9291 Comm: syz.1.32471 Not tainted syzkaller #0
[ 2321.467488][ T9291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 2321.477587][ T9291] Call Trace:
[ 2321.480908][ T9291]  <TASK>
[ 2321.483876][ T9291]  dump_stack_lvl+0x188/0x24e
[ 2321.488609][ T9291]  ? show_regs_print_info+0x12/0x12
[ 2321.493857][ T9291]  ? load_image+0x400/0x400
[ 2321.498447][ T9291]  sysfs_warn_dup+0x8a/0xa0
[ 2321.503006][ T9291]  sysfs_do_create_link_sd+0xc0/0x110
[ 2321.508427][ T9291]  device_add+0x7f6/0x1000
[ 2321.512906][ T9291]  wiphy_register+0x1d9f/0x2ac0
[ 2321.517828][ T9291]  ? cfg80211_event_work+0x40/0x40
[ 2321.522986][ T9291]  ? minstrel_ht_alloc+0x894/0xa20
[ 2321.528215][ T9291]  ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0
[ 2321.534386][ T9291]  ieee80211_register_hw+0x2d00/0x39f0
[ 2321.539851][ T9291]  ? ieee80211_register_hw+0xec1/0x39f0
[ 2321.545417][ T9291]  ? ieee80211_register_hw+0xec1/0x39f0
[ 2321.551017][ T9291]  ? ieee80211_tasklet_handler+0x20/0x20
[ 2321.556708][ T9291]  ? memset+0x1e/0x40
[ 2321.560730][ T9291]  ? __hrtimer_init+0x186/0x270
[ 2321.565629][ T9291]  mac80211_hwsim_new_radio+0x28c2/0x4c40
[ 2321.571422][ T9291]  hwsim_new_radio_nl+0xafa/0xce0
[ 2321.576511][ T9291]  genl_family_rcv_msg_doit+0x22a/0x330
[ 2321.582102][ T9291]  ? end_current_label_crit_section+0x170/0x170
[ 2321.588386][ T9291]  ? genl_family_rcv_msg_dumpit+0x3c0/0x3c0
[ 2321.594341][ T9291]  ? bpf_lsm_capable+0x5/0x10
[ 2321.599065][ T9291]  ? security_capable+0x85/0xb0
[ 2321.603976][ T9291]  genl_rcv_msg+0x604/0x790
[ 2321.608545][ T9291]  ? genl_bind+0x360/0x360
[ 2321.613006][ T9291]  ? hwsim_tx_info_frame_received_nl+0xfc0/0xfc0
[ 2321.619398][ T9291]  netlink_rcv_skb+0x1fb/0x450
[ 2321.624205][ T9291]  ? genl_bind+0x360/0x360
[ 2321.628659][ T9291]  ? netlink_ack+0x1170/0x1170
[ 2321.633477][ T9291]  ? down_read+0x1a8/0x2d0
[ 2321.637942][ T9291]  genl_rcv+0x24/0x40
[ 2321.641959][ T9291]  netlink_unicast+0x74d/0x8d0
[ 2321.646799][ T9291]  netlink_sendmsg+0x8ad/0xbd0
[ 2321.651611][ T9291]  ? netlink_getsockopt+0x550/0x550
[ 2321.656881][ T9291]  ? aa_sock_msg_perm+0x94/0x150
[ 2321.661897][ T9291]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 2321.667234][ T9291]  ? security_socket_sendmsg+0x7c/0xa0
[ 2321.672740][ T9291]  ? netlink_getsockopt+0x550/0x550
[ 2321.677990][ T9291]  ____sys_sendmsg+0x5be/0x970
[ 2321.682829][ T9291]  ? __sys_sendmsg_sock+0x30/0x30
[ 2321.687896][ T9291]  ? __import_iovec+0x315/0x500
[ 2321.692819][ T9291]  ? import_iovec+0x6f/0xa0
[ 2321.697362][ T9291]  ___sys_sendmsg+0x2a2/0x360
[ 2321.702076][ T9291]  ? try_to_wake_up+0x67c/0x1080
[ 2321.707071][ T9291]  ? __sys_sendmsg+0x290/0x290
[ 2321.711953][ T9291]  __se_sys_sendmsg+0x1bb/0x2a0
[ 2321.716862][ T9291]  ? __x64_sys_sendmsg+0x80/0x80
[ 2321.722003][ T9291]  ? lockdep_hardirqs_on+0x94/0x140
[ 2321.727263][ T9291]  do_syscall_64+0x4c/0xa0
[ 2321.731727][ T9291]  ? clear_bhb_loop+0x60/0xb0
[ 2321.736453][ T9291]  ? clear_bhb_loop+0x60/0xb0
[ 2321.741197][ T9291]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2321.747151][ T9291] RIP: 0033:0x7f918559ce59
[ 2321.751692][ T9291] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 2321.771442][ T9291] RSP: 002b:00007f91864af028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2321.779921][ T9291] RAX: ffffffffffffffda RBX: 00007f9185815fa0 RCX: 00007f918559ce59
[ 2321.788021][ T9291] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[ 2321.796010][ T9291] RBP: 00007f9185632d6f R08: 0000000000000000 R09: 0000000000000000
[ 2321.804005][ T9291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2321.812343][ T9291] R13: 00007f9185816038 R14: 00007f9185815fa0 R15: 00007ffd42a9e228
[ 2321.820361][ T9291]  </TASK>
[ 2321.845305][ T6407] Bluetooth: hci3: command 0x0409 tx timeout
[ 2321.973981][ T6407] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10
[ 2322.887805][T21671] Bluetooth: hci1: command 0x0409 tx timeout
[ 2323.471980][T21671] Bluetooth: hci3: unexpected event 0x05 length: 15 > 4
[ 2323.684689][ T9336] netlink: 122896 bytes leftover after parsing attributes in process `syz.0.32490'.
[ 2323.727889][ T9336] debugfs: Directory '.!
' with parent 'ieee80211' already present!
[ 2324.005423][T21671] Bluetooth: hci2: command 0x0409 tx timeout
[ 2324.648094][ T6407] Bluetooth: hci0: unexpected event 0x05 length: 15 > 4
[ 2325.084660][ T9368] can: request_module (can-proto-0) failed.
[ 2326.203249][ T6407] Bluetooth: hci4: unexpected event 0x05 length: 15 > 4
[ 2326.949524][T21728] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2326.967564][T32596] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2328.013535][ T9431] netlink: 'syz.4.32544': attribute type 2 has an invalid length.
[ 2328.031206][ T9431] netlink: 'syz.4.32544': attribute type 9 has an invalid length.
[ 2328.043753][ T9431] netlink: 'syz.4.32544': attribute type 10 has an invalid length.
[ 2328.102552][ T9431] netlink: 'syz.4.32544': attribute type 11 has an invalid length.
[ 2328.126498][ T9431] netlink: 16 bytes leftover after parsing attributes in process `syz.4.32544'.
[ 2328.388611][ T6407] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4
[ 2329.320759][ T9445] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.32537'.
[ 2329.340552][ T9445] netlink: zone id is out of range
[ 2330.825552][T32570] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2331.419613][ T6407] Bluetooth: hci2: unexpected event 0x03 length: 151 > 11
[ 2332.608409][ T9505] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.32562'.
[ 2332.633360][ T9505] netlink: zone id is out of range
[ 2333.297323][ T6407] Bluetooth: hci0: unexpected event 0x03 length: 151 > 11
[ 2333.452703][T21671] Bluetooth: hci2: command 0x040f tx timeout
[ 2333.975954][T32577] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2335.266608][ T6407] Bluetooth: hci3: unexpected event 0x03 length: 151 > 11
[ 2335.365267][ T6407] Bluetooth: hci0: command 0x040f tx timeout
[ 2337.286139][T21671] Bluetooth: hci3: command 0x040f tx timeout
[ 2338.762331][ T9624] netlink: 'syz.3.32609': attribute type 2 has an invalid length.
[ 2338.816386][ T9624] netlink: 132 bytes leftover after parsing attributes in process `syz.3.32609'.
[ 2344.914059][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[ 2344.920680][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[ 2345.795488][ T9714] can: request_module (can-proto-0) failed.
[ 2348.122092][ T9759] can: request_module (can-proto-0) failed.
[ 2348.559199][ T9772] netlink: 'syz.4.32669': attribute type 2 has an invalid length.
[ 2348.588084][ T9772] netlink: 17267 bytes leftover after parsing attributes in process `syz.4.32669'.
[ 2350.208911][ T9810] netlink: 'syz.2.32684': attribute type 2 has an invalid length.
[ 2350.234801][ T9810] netlink: 17267 bytes leftover after parsing attributes in process `syz.2.32684'.
[ 2352.200367][ T9843] netlink: 'syz.3.32700': attribute type 2 has an invalid length.
[ 2352.261154][ T9843] netlink: 17267 bytes leftover after parsing attributes in process `syz.3.32700'.
[ 2352.413460][ T9849] netlink: 'syz.3.32702': attribute type 3 has an invalid length.
[ 2352.451598][ T9849] netlink: 'syz.3.32702': attribute type 8 has an invalid length.
[ 2352.477101][ T9849] netlink: 'syz.3.32702': attribute type 7 has an invalid length.
[ 2352.516307][ T9849] netlink: 194740 bytes leftover after parsing attributes in process `syz.3.32702'.
[ 2352.734741][ T9855] can: request_module (can-proto-0) failed.
[ 2357.155544][ T9889] netlink: 'syz.0.32718': attribute type 20 has an invalid length.
[ 2357.946102][ T9914] netlink: 830 bytes leftover after parsing attributes in process `syz.4.32726'.
[ 2357.948803][T32581] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2358.063111][T32596] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2359.251868][ T9943] netlink: 830 bytes leftover after parsing attributes in process `syz.0.32740'.
[ 2359.452315][ T9950] netlink: 'syz.2.32743': attribute type 20 has an invalid length.
[ 2361.931466][T21728] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2362.922406][ T9991] netlink: 830 bytes leftover after parsing attributes in process `syz.2.32757'.
[ 2364.100445][T10005] netlink: 'syz.1.32764': attribute type 21 has an invalid length.
[ 2364.912083][T10027] netlink: 830 bytes leftover after parsing attributes in process `syz.3.32774'.
[ 2365.001900][T32581] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2365.382172][T10042] netlink: 'syz.1.32782': attribute type 3 has an invalid length.
[ 2365.390449][T10042] netlink: 'syz.1.32782': attribute type 1 has an invalid length.
[ 2365.398646][T10042] netlink: 60387 bytes leftover after parsing attributes in process `syz.1.32782'.
[ 2366.504778][T10057] netlink: 'syz.1.32800': attribute type 20 has an invalid length.
[ 2367.639045][T10073] netlink: 'syz.4.32807': attribute type 20 has an invalid length.
[ 2367.684556][T10086] netlink: 'syz.2.32802': attribute type 1 has an invalid length.
[ 2367.713150][T10086] netlink: 'syz.2.32802': attribute type 4 has an invalid length.
[ 2367.723960][T10086] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.32802'.
[ 2370.493614][T10133] netlink: 'syz.3.32820': attribute type 20 has an invalid length.
[ 2371.458665][T10147] netlink: 'syz.3.32825': attribute type 3 has an invalid length.
[ 2371.502640][T10147] netlink: 'syz.3.32825': attribute type 1 has an invalid length.
[ 2371.520361][T10147] netlink: 60387 bytes leftover after parsing attributes in process `syz.3.32825'.
[ 2375.020174][T10181] netlink: 'syz.1.32839': attribute type 20 has an invalid length.
[ 2375.116572][T10185] netlink: 'syz.2.32840': attribute type 3 has an invalid length.
[ 2375.166781][T10185] netlink: 'syz.2.32840': attribute type 1 has an invalid length.
[ 2375.174824][T10185] netlink: 60387 bytes leftover after parsing attributes in process `syz.2.32840'.
[ 2376.241294][T10194] netlink: 'syz.0.32844': attribute type 1 has an invalid length.
[ 2376.260568][T10194] netlink: 'syz.0.32844': attribute type 4 has an invalid length.
[ 2376.286761][T10194] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.32844'.
[ 2376.704255][T10210] netlink: 'syz.0.32850': attribute type 3 has an invalid length.
[ 2376.758973][T10210] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.32850'.
[ 2377.583737][T10215] netlink: 14 bytes leftover after parsing attributes in process `syz.2.32853'.
[ 2377.610029][T10215] device veth0_macvtap left promiscuous mode
[ 2379.963118][T10220] netlink: 'syz.4.32855': attribute type 20 has an invalid length.
[ 2380.137760][T10230] netlink: 'syz.4.32856': attribute type 3 has an invalid length.
[ 2380.165337][T10230] netlink: 'syz.4.32856': attribute type 1 has an invalid length.
[ 2380.193404][T10230] netlink: 60387 bytes leftover after parsing attributes in process `syz.4.32856'.
[ 2380.579807][T10240] netlink: 'syz.1.32859': attribute type 1 has an invalid length.
[ 2380.604298][T10240] netlink: 'syz.1.32859': attribute type 4 has an invalid length.
[ 2380.612683][T10240] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.32859'.
[ 2383.488701][T10258] netlink: 'syz.3.32869': attribute type 20 has an invalid length.
[ 2383.736372][T10269] netlink: 'syz.0.32883': attribute type 20 has an invalid length.
[ 2385.224865][T10304] netlink: 'syz.0.32888': attribute type 21 has an invalid length.
[ 2389.069328][T32577] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2389.168579][T32596] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2390.254430][T10366] netlink: 'syz.1.32914': attribute type 3 has an invalid length.
[ 2390.263788][T10366] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.32914'.
[ 2390.520751][T10376] sctp: [Deprecated]: syz.2.32916 (pid 10376) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2390.520751][T10376] Use struct sctp_sack_info instead
[ 2392.959002][T21728] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2393.297323][T10418] sctp: [Deprecated]: syz.0.32935 (pid 10418) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2393.297323][T10418] Use struct sctp_sack_info instead
[ 2394.623649][T10420] netlink: 'syz.4.32932': attribute type 3 has an invalid length.
[ 2394.652632][T10420] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.32932'.
[ 2394.927479][T10438] netlink: 'syz.2.32942': attribute type 21 has an invalid length.
[ 2395.347298][T10447] netlink: 'syz.2.32945': attribute type 10 has an invalid length.
[ 2396.131510][T21728] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2402.735409][T10536] device syzkaller0 entered promiscuous mode
[ 2403.876296][T21671] Bluetooth: hci4: unexpected subevent 0x05 length: 150 > 12
[ 2405.925571][T21671] Bluetooth: hci4: command 0x201b tx timeout
[ 2406.011241][T21671] Bluetooth: hci0: unexpected subevent 0x05 length: 150 > 12
[ 2406.206992][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[ 2406.213400][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[ 2406.297221][T10592] netlink: 'syz.3.33012': attribute type 3 has an invalid length.
[ 2406.352193][T10592] netlink: 13435 bytes leftover after parsing attributes in process `syz.3.33012'.
[ 2408.085346][T21671] Bluetooth: hci0: command 0x201b tx timeout
[ 2408.452652][T10619] device syzkaller0 entered promiscuous mode
[ 2412.171534][T10677] device syzkaller0 entered promiscuous mode
[ 2414.196629][T10723] netlink: 15007 bytes leftover after parsing attributes in process `syz.0.33051'.
[ 2417.160874][T10775] netlink: 15007 bytes leftover after parsing attributes in process `syz.1.33071'.
[ 2418.807158][T10805] netlink: 'syz.3.33084': attribute type 13 has an invalid length.
[ 2418.832185][T10805] netlink: 152 bytes leftover after parsing attributes in process `syz.3.33084'.
[ 2418.872911][T10805] syz_tun: refused to change device tx_queue_len
[ 2418.898678][T10805] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[ 2419.202265][T10817] netlink: 15007 bytes leftover after parsing attributes in process `syz.2.33086'.
[ 2420.096994][T21728] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2420.196288][T32577] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2420.257215][T10834] netlink: 'syz.3.33094': attribute type 3 has an invalid length.
[ 2420.266732][T10834] netlink: 'syz.3.33094': attribute type 1 has an invalid length.
[ 2420.274596][T10834] netlink: 60387 bytes leftover after parsing attributes in process `syz.3.33094'.
[ 2422.283425][T10871] netlink: 'syz.2.33109': attribute type 3 has an invalid length.
[ 2422.325629][T10871] netlink: 'syz.2.33109': attribute type 1 has an invalid length.
[ 2422.343535][T10871] netlink: 60387 bytes leftover after parsing attributes in process `syz.2.33109'.
[ 2423.352501][T10884] netlink: 8 bytes leftover after parsing attributes in process `syz.0.33125'.
[ 2423.535344][T10884] netlink: 4 bytes leftover after parsing attributes in process `syz.0.33125'.
[ 2423.635948][T10884] netlink: 33 bytes leftover after parsing attributes in process `syz.0.33125'.
[ 2423.745971][T10884] netlink: 4 bytes leftover after parsing attributes in process `syz.0.33125'.
[ 2423.771198][T10884] netlink: 33 bytes leftover after parsing attributes in process `syz.0.33125'.
[ 2423.824221][T10884] netlink: 4 bytes leftover after parsing attributes in process `syz.0.33125'.
[ 2423.852447][T10884] netlink: 33 bytes leftover after parsing attributes in process `syz.0.33125'.
[ 2424.196856][T32570] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2425.070731][T21671] Bluetooth: hci2: Malformed HCI Event
[ 2425.082651][T21671] Bluetooth: hci4: unexpected subevent 0x01 length: 150 > 18
[ 2425.090290][T21671] Bluetooth: hci4: Invalid handle: 0xffff > 0x0eff
[ 2425.582578][T10921] netlink: 143932 bytes leftover after parsing attributes in process `syz.4.33131'.
[ 2425.601227][T10921] netlink: zone id is out of range
[ 2425.607016][T10921] netlink: zone id is out of range
[ 2425.612405][T10921] netlink: zone id is out of range
[ 2425.619994][T10921] netlink: zone id is out of range
[ 2425.638027][T10921] netlink: zone id is out of range
[ 2425.643289][T10921] netlink: zone id is out of range
[ 2425.648978][T10921] netlink: zone id is out of range
[ 2425.657585][T10921] netlink: zone id is out of range
[ 2425.668623][T10921] netlink: zone id is out of range
[ 2425.678899][T10921] netlink: zone id is out of range
[ 2426.593447][T10952] netlink: 143932 bytes leftover after parsing attributes in process `syz.0.33144'.
[ 2426.756281][T10958] netlink: 'syz.1.33147': attribute type 14 has an invalid length.
[ 2426.769855][T10958] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.33147'.
[ 2427.145379][T10971] netlink: 'syz.2.33153': attribute type 19 has an invalid length.
[ 2427.260964][T21723] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2429.047680][T10984] netlink: 'syz.0.33157': attribute type 3 has an invalid length.
[ 2429.082672][T10984] netlink: 'syz.0.33157': attribute type 1 has an invalid length.
[ 2429.129586][T10984] netlink: 60387 bytes leftover after parsing attributes in process `syz.0.33157'.
[ 2429.439527][T10995] netlink: 'syz.0.33162': attribute type 14 has an invalid length.
[ 2429.471672][T10995] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.33162'.
[ 2429.524726][T10994] netlink: 143932 bytes leftover after parsing attributes in process `syz.3.33160'.
[ 2430.050172][T11009] netlink: 8 bytes leftover after parsing attributes in process `syz.1.33181'.
[ 2430.074612][T11009] netlink: 4 bytes leftover after parsing attributes in process `syz.1.33181'.
[ 2430.092421][T11009] netlink: 33 bytes leftover after parsing attributes in process `syz.1.33181'.
[ 2430.105021][T11009] netlink: 4 bytes leftover after parsing attributes in process `syz.1.33181'.
[ 2431.919791][T11019] netlink: 'syz.4.33173': attribute type 3 has an invalid length.
[ 2431.975150][T11019] netlink: 'syz.4.33173': attribute type 1 has an invalid length.
[ 2431.983035][T11019] __nla_validate_parse: 3 callbacks suppressed
[ 2431.983049][T11019] netlink: 60387 bytes leftover after parsing attributes in process `syz.4.33173'.
[ 2432.306882][T11037] netlink: 'syz.2.33180': attribute type 14 has an invalid length.
[ 2432.327580][T11037] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.33180'.
[ 2432.743800][T11049] netlink: 'syz.0.33188': attribute type 19 has an invalid length.
[ 2433.785359][T11057] netlink: 143932 bytes leftover after parsing attributes in process `syz.2.33189'.
[ 2433.798838][T11057] net_ratelimit: 10649 callbacks suppressed
[ 2433.798855][T11057] netlink: zone id is out of range
[ 2433.803006][T11053] device syzkaller0 entered promiscuous mode
[ 2433.808256][T11057] netlink: zone id is out of range
[ 2433.849329][T11057] netlink: zone id is out of range
[ 2433.859280][T11057] netlink: zone id is out of range
[ 2433.877265][T11057] netlink: zone id is out of range
[ 2433.902504][T11057] netlink: zone id is out of range
[ 2433.936301][T11057] netlink: zone id is out of range
[ 2433.944289][T11057] netlink: zone id is out of range
[ 2433.965343][T11057] netlink: zone id is out of range
[ 2433.972510][T11057] netlink: zone id is out of range
[ 2434.282077][T11069] netlink: 'syz.1.33195': attribute type 3 has an invalid length.
[ 2434.312173][T11069] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.33195'.
[ 2437.497389][T11079] netlink: 'syz.4.33201': attribute type 19 has an invalid length.
[ 2439.089937][T11108] device syzkaller0 entered promiscuous mode
[ 2439.115625][T11108] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 65487
[ 2440.579683][T11146] IPv6: Can't replace route, no match found
[ 2448.237006][T11244] netlink: 9286 bytes leftover after parsing attributes in process `syz.4.33268'.
[ 2451.266610][T11280] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2451.336628][T32596] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 2451.363145][T32596] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2451.370460][T32596] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2451.735517][T32577] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2451.746544][T21723] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2452.060572][T11283] device syzkaller0 entered promiscuous mode
[ 2455.320712][T21728] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2455.371715][T32577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 2456.893924][T11340] device syzkaller0 entered promiscuous mode
[ 2457.541901][T11347] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.33312'.
[ 2458.597918][T10312] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2460.003911][T11393] netlink: 'syz.0.33331': attribute type 10 has an invalid length.
[ 2460.141531][T11395] sctp: [Deprecated]: syz.1.33332 (pid 11395) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2460.141531][T11395] Use struct sctp_sack_info instead
[ 2461.742673][T11429] device syzkaller0 entered promiscuous mode
[ 2467.595016][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[ 2467.601625][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[ 2470.134433][T11531] device syzkaller0 entered promiscuous mode
[ 2483.600014][T32570] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2483.610647][T21728] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2485.543323][T11710] device syzkaller0 entered promiscuous mode
[ 2486.566340][T32581] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2489.623228][T21723] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2492.856731][T11819] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.33508'.
[ 2493.756096][T21671] Bluetooth: hci0: Malformed LE Event: 0x02
[ 2496.946797][T11889] netlink: 'syz.2.33538': attribute type 3 has an invalid length.
[ 2496.987232][T11889] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.33538'.
[ 2498.586883][T21671] Bluetooth: hci3: Malformed LE Event: 0x02
[ 2498.807390][T21671] Bluetooth: hci1: Malformed LE Event: 0x02
[ 2502.070645][T21671] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[ 2502.078612][T21671] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0'
[ 2502.091461][T21671] CPU: 1 PID: 21671 Comm: kworker/u5:1 Not tainted syzkaller #0
[ 2502.099158][T21671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 2502.109310][T21671] Workqueue: hci1 hci_rx_work
[ 2502.114040][T21671] Call Trace:
[ 2502.117341][T21671]  <TASK>
[ 2502.120292][T21671]  dump_stack_lvl+0x188/0x24e
[ 2502.125000][T21671]  ? show_regs_print_info+0x12/0x12
[ 2502.130246][T21671]  ? load_image+0x400/0x400
[ 2502.134789][T21671]  sysfs_create_dir_ns+0x26a/0x290
[ 2502.139942][T21671]  ? sysfs_warn_dup+0xa0/0xa0
[ 2502.144671][T21671]  ? do_raw_spin_unlock+0x11d/0x230
[ 2502.149918][T21671]  kobject_add_internal+0x61c/0xcc0
[ 2502.155165][T21671]  kobject_add+0x160/0x230
[ 2502.159612][T21671]  ? kobject_init+0x1d0/0x1d0
[ 2502.164326][T21671]  ? klist_children_get+0x50/0x50
[ 2502.169373][T21671]  ? get_device_parent+0x121/0x3f0
[ 2502.174523][T21671]  device_add+0x48c/0x1000
[ 2502.178961][T21671]  ? kmem_cache_free+0xf7/0x290
[ 2502.183834][T21671]  hci_conn_add_sysfs+0xd1/0x1e0
[ 2502.188798][T21671]  le_conn_complete_evt+0x1062/0x1670
[ 2502.194205][T21671]  ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0
[ 2502.200467][T21671]  ? bt_info+0x180/0x180
[ 2502.204736][T21671]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[ 2502.210390][T21671]  ? skb_pull_data+0xf7/0x200
[ 2502.215103][T21671]  hci_le_conn_complete_evt+0x183/0x440
[ 2502.220761][T21671]  ? hci_remote_host_features_evt+0x270/0x270
[ 2502.226842][T21671]  hci_event_packet+0x7b9/0x1280
[ 2502.231829][T21671]  ? bis_list+0x280/0x280
[ 2502.236169][T21671]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 2502.242170][T21671]  ? kcov_remote_start+0x4c7/0x7e0
[ 2502.247303][T21671]  ? mt_dump_node+0x750/0x1920
[ 2502.252089][T21671]  ? hci_send_to_monitor+0x9c/0x4a0
[ 2502.257313][T21671]  hci_rx_work+0x3eb/0xd40
[ 2502.261750][T21671]  ? _raw_spin_unlock+0x40/0x40
[ 2502.266641][T21671]  ? process_one_work+0x7b0/0x1160
[ 2502.271771][T21671]  process_one_work+0x8a2/0x1160
[ 2502.276741][T21671]  ? worker_detach_from_pool+0x240/0x240
[ 2502.282474][T21671]  ? _raw_spin_lock_irq+0x86/0xf0
[ 2502.287520][T21671]  ? _raw_spin_lock_irq+0xb7/0xf0
[ 2502.292563][T21671]  ? _raw_spin_lock_irqsave+0x100/0x100
[ 2502.298128][T21671]  ? kthread_data+0x4b/0xc0
[ 2502.302667][T21671]  worker_thread+0xaa2/0x1270
[ 2502.307479][T21671]  kthread+0x29d/0x330
[ 2502.311564][T21671]  ? worker_clr_flags+0x1a0/0x1a0
[ 2502.316619][T21671]  ? kthread_blkcg+0xd0/0xd0
[ 2502.321313][T21671]  ret_from_fork+0x1f/0x30
[ 2502.325779][T21671]  </TASK>
[ 2502.330556][T21671] kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 2502.355433][T21671] Bluetooth: hci1: failed to register connection device
[ 2502.527027][T11986] netlink: 'syz.1.33569': attribute type 11 has an invalid length.
[ 2502.536000][T11986] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.33569'.
[ 2502.552338][T11986] netlink: 'syz.1.33569': attribute type 11 has an invalid length.
[ 2502.575256][T11986] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.33569'.
[ 2502.638251][T11985] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2502.816435][T11990] netlink: 'syz.4.33570': attribute type 2 has an invalid length.
[ 2502.824537][T11990] netlink: 17267 bytes leftover after parsing attributes in process `syz.4.33570'.
[ 2507.232907][T12054] device syzkaller0 entered promiscuous mode
[ 2510.597343][T12090] device syzkaller0 entered promiscuous mode
[ 2510.621361][T12090] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 65487
[ 2511.931710][T12103] netlink: 'syz.0.33620': attribute type 3 has an invalid length.
[ 2512.065938][T12103] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.33620'.
[ 2512.241374][T12108] device syzkaller0 entered promiscuous mode
[ 2512.616858][T12118] netlink: 'syz.1.33632': attribute type 3 has an invalid length.
[ 2512.624762][T12118] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.33632'.
[ 2514.816362][T32577] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2514.827164][T21723] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2515.494219][T12135] netlink: 126288 bytes leftover after parsing attributes in process `syz.2.33629'.
[ 2517.352367][T12147] device syzkaller0 entered promiscuous mode
[ 2517.374038][T12150] netlink: 'syz.2.33636': attribute type 2 has an invalid length.
[ 2517.402837][T12150] netlink: 17267 bytes leftover after parsing attributes in process `syz.2.33636'.
[ 2517.628098][T21728] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2518.761347][T12169] netlink: 'syz.2.33646': attribute type 9 has an invalid length.
[ 2518.781120][T12169] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.33646'.
[ 2519.037593][T12177] netlink: 14 bytes leftover after parsing attributes in process `syz.2.33649'.
[ 2519.057368][T12177] net_ratelimit: 3543 callbacks suppressed
[ 2519.057407][T12177] openvswitch: netlink: Message has 6 unknown bytes.
[ 2520.561649][T10312] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2521.511800][T12196] netlink: 126288 bytes leftover after parsing attributes in process `syz.1.33656'.
[ 2521.780453][T12202] netlink: 'syz.3.33659': attribute type 3 has an invalid length.
[ 2521.788621][T12202] netlink: 'syz.3.33659': attribute type 7 has an invalid length.
[ 2521.802779][T12202] netlink: 194740 bytes leftover after parsing attributes in process `syz.3.33659'.
[ 2523.463595][T12218] netlink: 125520 bytes leftover after parsing attributes in process `syz.1.33667'.
[ 2524.049660][T12226] netlink: 14 bytes leftover after parsing attributes in process `syz.3.33670'.
[ 2524.074881][T12226] openvswitch: netlink: Message has 6 unknown bytes.
[ 2525.411455][T12257] netlink: 125520 bytes leftover after parsing attributes in process `syz.0.33685'.
[ 2525.420803][T12259] netlink: 14 bytes leftover after parsing attributes in process `syz.1.33686'.
[ 2525.446484][T12259] openvswitch: netlink: Message has 6 unknown bytes.
[ 2525.578084][T12266] netlink: 'syz.4.33689': attribute type 3 has an invalid length.
[ 2525.618377][T12266] netlink: 'syz.4.33689': attribute type 7 has an invalid length.
[ 2525.648710][T12266] netlink: 194740 bytes leftover after parsing attributes in process `syz.4.33689'.
[ 2527.292038][T12303] netlink: 14 bytes leftover after parsing attributes in process `syz.0.33702'.
[ 2527.369896][T12303] openvswitch: netlink: Message has 6 unknown bytes.
[ 2527.584258][T12308] netlink: 125520 bytes leftover after parsing attributes in process `syz.2.33703'.
[ 2528.737043][T12347] netlink: 'syz.1.33724': attribute type 3 has an invalid length.
[ 2528.775544][T12347] netlink: 13435 bytes leftover after parsing attributes in process `syz.1.33724'.
[ 2528.977463][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[ 2528.983879][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[ 2529.122460][T12354] netlink: 14 bytes leftover after parsing attributes in process `syz.1.33735'.
[ 2529.160553][T12354] openvswitch: netlink: Message has 6 unknown bytes.
[ 2529.863920][T12376] device syzkaller0 entered promiscuous mode
[ 2532.436912][T12395] netlink: 14 bytes leftover after parsing attributes in process `syz.1.33744'.
[ 2532.453529][T12395] openvswitch: netlink: Message has 6 unknown bytes.
[ 2533.710902][T12422] netlink: 'syz.4.33755': attribute type 3 has an invalid length.
[ 2533.722969][T12422] netlink: 13435 bytes leftover after parsing attributes in process `syz.4.33755'.
[ 2536.030723][T12425] device syzkaller0 entered promiscuous mode
[ 2538.840838][T12486] netlink: 64859 bytes leftover after parsing attributes in process `syz.4.33776'.
[ 2539.166034][T12498] netlink: 64859 bytes leftover after parsing attributes in process `syz.0.33792'.
[ 2542.047756][T12535] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.33791'.
[ 2543.170463][T11978] Bluetooth: hci3: Dropping invalid advertising data
[ 2543.177900][T11978] Bluetooth: hci3: unknown advertising packet type: 0xff
[ 2543.177929][T11978] Bluetooth: hci3: Malformed LE Event: 0x02
[ 2545.098821][T11978] Bluetooth: hci1: Dropping invalid advertising data
[ 2545.105810][T11978] Bluetooth: hci1: unknown advertising packet type: 0xff
[ 2545.105839][T11978] Bluetooth: hci1: Malformed LE Event: 0x02
[ 2545.840119][T21728] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2545.850771][T32577] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2548.036666][T11978] Bluetooth: hci2: Dropping invalid advertising data
[ 2548.043898][T11978] Bluetooth: hci2: unknown advertising packet type: 0xff
[ 2548.043930][T11978] Bluetooth: hci2: Malformed LE Event: 0x02
[ 2548.605568][T21728] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2551.126479][T11978] Bluetooth: hci4: Malformed LE Event: 0x1d
[ 2551.321860][T11978] Bluetooth: hci1: Malformed LE Event: 0x1d
[ 2551.519762][T12662] device syzkaller0 entered promiscuous mode
[ 2551.574592][T32570] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2552.163991][T11978] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[ 2552.171828][T11978] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0'
[ 2552.186660][T11978] CPU: 0 PID: 11978 Comm: kworker/u5:0 Not tainted syzkaller #0
[ 2552.194383][T11978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 2552.204495][T11978] Workqueue: hci1 hci_rx_work
[ 2552.209242][T11978] Call Trace:
[ 2552.212563][T11978]  <TASK>
[ 2552.215539][T11978]  dump_stack_lvl+0x188/0x24e
[ 2552.220270][T11978]  ? show_regs_print_info+0x12/0x12
[ 2552.225519][T11978]  ? load_image+0x400/0x400
[ 2552.230084][T11978]  sysfs_create_dir_ns+0x26a/0x290
[ 2552.235250][T11978]  ? sysfs_warn_dup+0xa0/0xa0
[ 2552.239989][T11978]  ? do_raw_spin_unlock+0x11d/0x230
[ 2552.245236][T11978]  kobject_add_internal+0x61c/0xcc0
[ 2552.250503][T11978]  kobject_add+0x160/0x230
[ 2552.254980][T11978]  ? kobject_init+0x1d0/0x1d0
[ 2552.259705][T11978]  ? klist_children_get+0x50/0x50
[ 2552.264771][T11978]  ? get_device_parent+0x121/0x3f0
[ 2552.269936][T11978]  device_add+0x48c/0x1000
[ 2552.274395][T11978]  ? kmem_cache_free+0xf7/0x290
[ 2552.279312][T11978]  hci_conn_add_sysfs+0xd1/0x1e0
[ 2552.284311][T11978]  le_conn_complete_evt+0x1062/0x1670
[ 2552.289741][T11978]  ? le_conn_complete_evt+0xe9/0x1670
[ 2552.295172][T11978]  ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0
[ 2552.301464][T11978]  ? bt_info+0x180/0x180
[ 2552.305762][T11978]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[ 2552.311443][T11978]  ? skb_pull_data+0xf7/0x200
[ 2552.316204][T11978]  hci_le_conn_complete_evt+0x183/0x440
[ 2552.321826][T11978]  ? hci_remote_host_features_evt+0x270/0x270
[ 2552.327954][T11978]  hci_event_packet+0x7b9/0x1280
[ 2552.332943][T11978]  ? bis_list+0x280/0x280
[ 2552.337642][T11978]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 2552.343621][T11978]  ? kcov_remote_start+0x4c7/0x7e0
[ 2552.348778][T11978]  ? mt_dump_node+0x750/0x1920
[ 2552.353603][T11978]  ? hci_send_to_monitor+0x9c/0x4a0
[ 2552.358846][T11978]  hci_rx_work+0x3eb/0xd40
[ 2552.363288][T11978]  ? _raw_spin_unlock+0x40/0x40
[ 2552.368162][T11978]  ? process_one_work+0x7b0/0x1160
[ 2552.373299][T11978]  process_one_work+0x8a2/0x1160
[ 2552.378266][T11978]  ? worker_detach_from_pool+0x240/0x240
[ 2552.384005][T11978]  ? _raw_spin_lock_irq+0xb7/0xf0
[ 2552.389048][T11978]  ? _raw_spin_lock_irqsave+0x100/0x100
[ 2552.394609][T11978]  ? kthread_data+0x4b/0xc0
[ 2552.399227][T11978]  worker_thread+0xaa2/0x1270
[ 2552.403951][T11978]  ? __kthread_parkme+0x162/0x1c0
[ 2552.409027][T11978]  kthread+0x29d/0x330
[ 2552.413102][T11978]  ? worker_clr_flags+0x1a0/0x1a0
[ 2552.418139][T11978]  ? kthread_blkcg+0xd0/0xd0
[ 2552.422742][T11978]  ret_from_fork+0x1f/0x30
[ 2552.427192][T11978]  </TASK>
[ 2552.431908][T11978] kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 2552.445197][T11978] Bluetooth: hci1: failed to register connection device
[ 2552.521306][T11978] Bluetooth: hci3: Malformed LE Event: 0x1d
[ 2554.497814][T11978] Bluetooth: hci1: command 0x2016 tx timeout
[ 2556.740050][T12665] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.33842'.
[ 2557.012866][T12748] netlink: 56843 bytes leftover after parsing attributes in process `syz.4.33883'.
[ 2559.026657][T12777] netlink: 15794 bytes leftover after parsing attributes in process `syz.1.33892'.
[ 2559.400146][ T6407] Bluetooth: hci4: unexpected subevent 0x01 length: 150 > 18
[ 2559.716170][T12791] netlink: 143932 bytes leftover after parsing attributes in process `syz.1.33898'.
[ 2559.762322][T12791] netlink: zone id is out of range
[ 2559.797644][T12791] netlink: zone id is out of range
[ 2559.803181][T12791] netlink: zone id is out of range
[ 2559.829093][T12791] netlink: zone id is out of range
[ 2559.834674][T12791] netlink: zone id is out of range
[ 2559.885319][T12791] netlink: zone id is out of range
[ 2559.891084][T12791] netlink: zone id is out of range
[ 2559.929666][T12791] netlink: zone id is out of range
[ 2559.963695][T12791] netlink: zone id is out of range
[ 2559.976130][T12795] netlink: 56843 bytes leftover after parsing attributes in process `syz.2.33899'.
[ 2559.990853][T12791] netlink: zone id is out of range
[ 2561.000210][T12823] netlink: 56843 bytes leftover after parsing attributes in process `syz.0.33915'.
[ 2561.445218][T11978] Bluetooth: hci4: command 0x2016 tx timeout
[ 2564.332285][T12846] netlink: 65047 bytes leftover after parsing attributes in process `syz.4.33924'.
[ 2564.341906][T12863] netlink: 'syz.3.33932': attribute type 10 has an invalid length.
[ 2564.403582][T12863] device wg1 entered promiscuous mode
[ 2564.431288][T12863] team0: Device wg1 is of different type
[ 2564.983545][T12889] netlink: 143932 bytes leftover after parsing attributes in process `syz.3.33944'.
[ 2565.017389][T12889] net_ratelimit: 3660 callbacks suppressed
[ 2565.017462][T12889] netlink: zone id is out of range
[ 2565.068699][T12889] netlink: zone id is out of range
[ 2565.074546][T12889] netlink: zone id is out of range
[ 2565.112759][T12889] netlink: zone id is out of range
[ 2565.129999][T12889] netlink: zone id is out of range
[ 2565.143453][T12889] netlink: zone id is out of range
[ 2565.173152][T12889] netlink: zone id is out of range
[ 2565.191134][T12889] netlink: zone id is out of range
[ 2565.225412][T12889] netlink: zone id is out of range
[ 2565.253656][T12889] netlink: zone id is out of range
[ 2565.575457][T12906] netlink: 'syz.0.33949': attribute type 3 has an invalid length.
[ 2565.601572][T12906] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.33949'.
[ 2566.366499][T12931] netlink: 15794 bytes leftover after parsing attributes in process `syz.0.33959'.
[ 2567.203304][T12939] netlink: 143932 bytes leftover after parsing attributes in process `syz.0.33961'.
[ 2568.047538][T12949] netlink: 143932 bytes leftover after parsing attributes in process `syz.2.33978'.
[ 2575.402347][T13085] netlink: 'syz.1.34023': attribute type 10 has an invalid length.
[ 2575.858499][T13085] device wg1 entered promiscuous mode
[ 2575.876655][T13085] team0: Device wg1 is of different type
[ 2576.524082][T13108] netlink: 'syz.0.34043': attribute type 10 has an invalid length.
[ 2576.811286][T32570] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2576.821927][T21723] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2579.442568][T13117] netlink: 'syz.4.34046': attribute type 10 has an invalid length.
[ 2579.473822][T13117] device wg1 entered promiscuous mode
[ 2579.482155][T13117] team0: Device wg1 is of different type
[ 2579.530179][T32570] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2580.372988][T13149] netlink: 'syz.0.34050': attribute type 10 has an invalid length.
[ 2580.391816][T13149] netlink: 'syz.0.34050': attribute type 11 has an invalid length.
[ 2580.412068][T13149] netlink: 5145 bytes leftover after parsing attributes in process `syz.0.34050'.
[ 2582.807095][T32570] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2582.840572][T13159] netlink: 'syz.2.34052': attribute type 10 has an invalid length.
[ 2585.501043][T13201] netlink: 'syz.4.34073': attribute type 10 has an invalid length.
[ 2586.138273][T13201] team0: Device wg1 is of different type
[ 2587.712403][T13226] netlink: 'syz.0.34090': attribute type 10 has an invalid length.
[ 2590.408363][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[ 2590.414767][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[ 2592.914222][T13257] netlink: 'syz.2.34096': attribute type 10 has an invalid length.
[ 2594.424812][T13312] sock: sock_timestamping_bind_phc: sock not bind to device
[ 2599.316338][T13373] sock: sock_timestamping_bind_phc: sock not bind to device
[ 2602.338737][T13412] sock: sock_timestamping_bind_phc: sock not bind to device
[ 2602.392088][T13414] netlink: 'syz.0.34160': attribute type 2 has an invalid length.
[ 2602.437100][T13414] netlink: 'syz.0.34160': attribute type 1 has an invalid length.
[ 2602.455275][T13414] netlink: 170140 bytes leftover after parsing attributes in process `syz.0.34160'.
[ 2602.570201][T13420] netlink: 'syz.4.34161': attribute type 1 has an invalid length.
[ 2602.585106][T13420] netlink: 'syz.4.34161': attribute type 4 has an invalid length.
[ 2602.603780][T13420] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.34161'.
[ 2602.905762][T11978] Bluetooth: hci1: unexpected subevent 0x06 length: 150 > 10
[ 2603.000280][T13428] netlink: 132 bytes leftover after parsing attributes in process `syz.0.34166'.
[ 2603.421267][T11978] Bluetooth: hci1: SCO packet for unknown connection handle 4095
[ 2604.501391][T13469] netlink: 132 bytes leftover after parsing attributes in process `syz.2.34181'.
[ 2604.735547][T13480] netlink: 132 bytes leftover after parsing attributes in process `syz.1.34195'.
[ 2604.965366][T11978] Bluetooth: hci1: command 0x2021 tx timeout
[ 2605.600501][T11978] Bluetooth: hci4: unexpected event 0x04 length: 15 > 10
[ 2606.897167][T13520] netlink: 132 bytes leftover after parsing attributes in process `syz.3.34200'.
[ 2606.945568][T13522] netlink: 'syz.0.34212': attribute type 10 has an invalid length.
[ 2607.032060][T13528] netlink: 'syz.4.34201': attribute type 2 has an invalid length.
[ 2607.042523][T13528] netlink: 'syz.4.34201': attribute type 1 has an invalid length.
[ 2607.064662][T13528] netlink: 170140 bytes leftover after parsing attributes in process `syz.4.34201'.
[ 2607.366607][T13543] netlink: 129384 bytes leftover after parsing attributes in process `syz.4.34210'.
[ 2607.635453][ T6407] Bluetooth: hci4: command 0x0409 tx timeout
[ 2607.952145][T32581] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2607.956675][T32570] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2608.969455][T13567] netlink: 'syz.3.34220': attribute type 10 has an invalid length.
[ 2609.117402][T13567] device team0 left promiscuous mode
[ 2609.123455][T13567] device C left promiscuous mode
[ 2609.141590][T13567] device team_slave_1 left promiscuous mode
[ 2609.181219][T13567] bridge0: port 3(team0) entered disabled state
[ 2609.237936][T13567] 8021q: adding VLAN 0 to HW filter on device team0
[ 2609.269974][T13567] bond0: (slave team0): Enslaving as an active interface with an up link
[ 2609.299961][T13571] netlink: 'syz.1.34222': attribute type 2 has an invalid length.
[ 2609.349765][T13571] netlink: 'syz.1.34222': attribute type 1 has an invalid length.
[ 2609.365244][T13571] netlink: 170140 bytes leftover after parsing attributes in process `syz.1.34222'.
[ 2610.584540][T21723] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2610.901325][T13606] netlink: 129384 bytes leftover after parsing attributes in process `syz.3.34237'.
[ 2611.070829][T13613] netlink: 'syz.2.34239': attribute type 10 has an invalid length.
[ 2611.144660][T13614] netlink: 132 bytes leftover after parsing attributes in process `syz.1.34240'.
[ 2612.280146][T13645] netlink: 129384 bytes leftover after parsing attributes in process `syz.1.34252'.
[ 2612.790018][T13649] device syzkaller0 entered promiscuous mode
[ 2613.876662][T32581] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2617.567430][T13659] netlink: 'syz.4.34257': attribute type 10 has an invalid length.
[ 2617.590216][T13659] device team0 left promiscuous mode
[ 2617.595693][T13659] device team_slave_0 left promiscuous mode
[ 2617.601785][T13659] device team_slave_1 left promiscuous mode
[ 2617.610024][T13659] bridge0: port 3(team0) entered disabled state
[ 2617.620122][T13659] 8021q: adding VLAN 0 to HW filter on device team0
[ 2617.629518][T13659] bond0: (slave team0): Enslaving as an active interface with an up link
[ 2618.304092][T13684] device syzkaller0 entered promiscuous mode
[ 2618.989217][T13693] netlink: 132 bytes leftover after parsing attributes in process `syz.4.34274'.
[ 2619.443409][ T6407] Bluetooth: hci2: unexpected event 0x04 length: 15 > 10
[ 2619.447680][T13705] netlink: 132 bytes leftover after parsing attributes in process `syz.2.34287'.
[ 2621.445394][T11978] Bluetooth: hci2: command 0x0409 tx timeout
[ 2623.911826][T13714] netlink: 'syz.1.34278': attribute type 10 has an invalid length.
[ 2623.934892][T13714] device team0 left promiscuous mode
[ 2623.940327][T13714] device team_slave_0 left promiscuous mode
[ 2623.946460][T13714] device team_slave_1 left promiscuous mode
[ 2623.952529][T13714] bridge0: port 3(team0) entered disabled state
[ 2623.961131][T13714] 8021q: adding VLAN 0 to HW filter on device team0
[ 2623.972282][T13714] bond0: (slave team0): Enslaving as an active interface with an up link
[ 2623.997329][T13740] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.34289'.
[ 2624.021852][T13734] device syzkaller0 entered promiscuous mode
[ 2624.989113][T13759] Q�6�`Ҙ: renamed from lo
[ 2626.036718][T11978] Bluetooth: hci3: unexpected event 0x04 length: 15 > 10
[ 2628.104020][ T6407] Bluetooth: hci3: command 0x0409 tx timeout
[ 2630.223030][T13842] device syzkaller0 entered promiscuous mode
[ 2638.253359][T13879] Q�6�`Ҙ: renamed from lo
[ 2639.354920][T32570] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2639.368436][T21728] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2639.817697][T13930] netlink: 'syz.3.34365': attribute type 153 has an invalid length.
[ 2639.829969][T13930] netlink: 69544 bytes leftover after parsing attributes in process `syz.3.34365'.
[ 2640.107072][T13929] device lo left promiscuous mode
[ 2640.169256][T13931] Q�6�`Ҙ: renamed from lo
[ 2641.686942][T32587] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2641.755922][T13971] Q�6�`Ҙ: renamed from lo
[ 2644.933702][T14026] Q�6�`Ҙ: renamed from lo
[ 2645.475608][T32587] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2646.034911][T14044] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.34410'.
[ 2651.860898][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[ 2651.867426][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[ 2653.480783][T14112] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.34443'.
[ 2653.783374][T14125] device syzkaller0 entered promiscuous mode
[ 2653.942418][ T6407] Bluetooth: Frame is too long (len 149, expected len 4)
[ 2657.391121][ T6407] Bluetooth: Frame is too long (len 149, expected len 4)
[ 2657.581342][ T6407] Bluetooth: Frame is too long (len 149, expected len 4)
[ 2658.772308][T14214] netlink: 63503 bytes leftover after parsing attributes in process `syz.4.34471'.
[ 2659.644202][ T6407] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
[ 2659.653507][ T6407] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 2659.664892][ T6407] CPU: 0 PID: 6407 Comm: kworker/u5:2 Not tainted syzkaller #0
[ 2659.674173][ T6407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 2659.684357][ T6407] Workqueue: hci0 hci_rx_work
[ 2659.689079][ T6407] Call Trace:
[ 2659.692376][ T6407]  <TASK>
[ 2659.695326][ T6407]  dump_stack_lvl+0x188/0x24e
[ 2659.700030][ T6407]  ? show_regs_print_info+0x12/0x12
[ 2659.705251][ T6407]  ? load_image+0x400/0x400
[ 2659.709801][ T6407]  sysfs_create_dir_ns+0x26a/0x290
[ 2659.714943][ T6407]  ? sysfs_warn_dup+0xa0/0xa0
[ 2659.719651][ T6407]  ? do_raw_spin_unlock+0x11d/0x230
[ 2659.724877][ T6407]  kobject_add_internal+0x61c/0xcc0
[ 2659.730111][ T6407]  kobject_add+0x160/0x230
[ 2659.734560][ T6407]  ? kobject_init+0x1d0/0x1d0
[ 2659.739266][ T6407]  ? klist_children_get+0x50/0x50
[ 2659.744317][ T6407]  ? get_device_parent+0x121/0x3f0
[ 2659.749452][ T6407]  device_add+0x48c/0x1000
[ 2659.753886][ T6407]  ? kmem_cache_free+0xf7/0x290
[ 2659.758771][ T6407]  hci_conn_add_sysfs+0xd1/0x1e0
[ 2659.763754][ T6407]  le_conn_complete_evt+0x1062/0x1670
[ 2659.769188][ T6407]  ? le_conn_complete_evt+0xe9/0x1670
[ 2659.774634][ T6407]  ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0
[ 2659.780924][ T6407]  ? bt_info+0x180/0x180
[ 2659.785206][ T6407]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[ 2659.790868][ T6407]  ? skb_pull_data+0xf7/0x200
[ 2659.795595][ T6407]  hci_le_conn_complete_evt+0x183/0x440
[ 2659.801187][ T6407]  ? hci_remote_host_features_evt+0x270/0x270
[ 2659.807281][ T6407]  hci_event_packet+0x7b9/0x1280
[ 2659.812260][ T6407]  ? bis_list+0x280/0x280
[ 2659.816613][ T6407]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 2659.822541][ T6407]  ? kcov_remote_start+0x4c7/0x7e0
[ 2659.828218][ T6407]  ? mt_dump_node+0x750/0x1920
[ 2659.833021][ T6407]  ? hci_send_to_monitor+0x9c/0x4a0
[ 2659.838262][ T6407]  hci_rx_work+0x3eb/0xd40
[ 2659.842812][ T6407]  ? _raw_spin_unlock+0x40/0x40
[ 2659.847704][ T6407]  ? process_one_work+0x7b0/0x1160
[ 2659.852917][ T6407]  process_one_work+0x8a2/0x1160
[ 2659.857935][ T6407]  ? worker_detach_from_pool+0x240/0x240
[ 2659.863608][ T6407]  ? _raw_spin_lock_irq+0xb7/0xf0
[ 2659.868835][ T6407]  ? _raw_spin_lock_irqsave+0x100/0x100
[ 2659.874422][ T6407]  ? kthread_data+0x4b/0xc0
[ 2659.878962][ T6407]  worker_thread+0xaa2/0x1270
[ 2659.883702][ T6407]  kthread+0x29d/0x330
[ 2659.887787][ T6407]  ? worker_clr_flags+0x1a0/0x1a0
[ 2659.892829][ T6407]  ? kthread_blkcg+0xd0/0xd0
[ 2659.897437][ T6407]  ret_from_fork+0x1f/0x30
[ 2659.901905][ T6407]  </TASK>
[ 2659.906485][ T6407] kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 2659.920035][ T6407] Bluetooth: hci0: failed to register connection device
[ 2660.200825][ T6407] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3
[ 2662.006353][T11978] Bluetooth: hci0: command 0x2016 tx timeout
[ 2665.464435][T14342] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.34521'.
[ 2665.474028][T11978] Bluetooth: hci3: unexpected event 0x06 length: 15 > 3
[ 2667.672152][ T6407] Bluetooth: hci4: unexpected event 0x06 length: 15 > 3
[ 2667.685476][T14395] netlink: 55631 bytes leftover after parsing attributes in process `syz.1.34543'.
[ 2669.618420][T11978] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[ 2669.626476][T11978] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0'
[ 2669.637387][T11978] CPU: 1 PID: 11978 Comm: kworker/u5:0 Not tainted syzkaller #0
[ 2669.645085][T11978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 2669.655180][T11978] Workqueue: hci1 hci_rx_work
[ 2669.659917][T11978] Call Trace:
[ 2669.663229][T11978]  <TASK>
[ 2669.666218][T11978]  dump_stack_lvl+0x188/0x24e
[ 2669.670948][T11978]  ? show_regs_print_info+0x12/0x12
[ 2669.676180][T11978]  ? load_image+0x400/0x400
[ 2669.680757][T11978]  sysfs_create_dir_ns+0x26a/0x290
[ 2669.685923][T11978]  ? sysfs_warn_dup+0xa0/0xa0
[ 2669.690644][T11978]  ? do_raw_spin_unlock+0x11d/0x230
[ 2669.695888][T11978]  kobject_add_internal+0x61c/0xcc0
[ 2669.701138][T11978]  kobject_add+0x160/0x230
[ 2669.705618][T11978]  ? kobject_init+0x1d0/0x1d0
[ 2669.710361][T11978]  ? klist_children_get+0x50/0x50
[ 2669.715608][T11978]  ? get_device_parent+0x121/0x3f0
[ 2669.720764][T11978]  device_add+0x48c/0x1000
[ 2669.725214][T11978]  ? kmem_cache_free+0xf7/0x290
[ 2669.730113][T11978]  hci_conn_add_sysfs+0xd1/0x1e0
[ 2669.735200][T11978]  le_conn_complete_evt+0x1062/0x1670
[ 2669.740633][T11978]  ? le_conn_complete_evt+0xe9/0x1670
[ 2669.746062][T11978]  ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0
[ 2669.752434][T11978]  ? bt_info+0x180/0x180
[ 2669.756719][T11978]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[ 2669.762399][T11978]  ? skb_pull_data+0xf7/0x200
[ 2669.767122][T11978]  hci_le_conn_complete_evt+0x183/0x440
[ 2669.772713][T11978]  ? hci_remote_host_features_evt+0x270/0x270
[ 2669.778827][T11978]  hci_event_packet+0x7b9/0x1280
[ 2669.783816][T11978]  ? bis_list+0x280/0x280
[ 2669.788173][T11978]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 2669.794285][T11978]  ? kcov_remote_start+0x4c7/0x7e0
[ 2669.799434][T11978]  ? mt_dump_node+0x750/0x1920
[ 2669.804237][T11978]  ? hci_send_to_monitor+0x9c/0x4a0
[ 2669.809501][T11978]  hci_rx_work+0x3eb/0xd40
[ 2669.814043][T11978]  ? _raw_spin_unlock+0x40/0x40
[ 2669.818956][T11978]  ? process_one_work+0x7b0/0x1160
[ 2669.824098][T11978]  process_one_work+0x8a2/0x1160
[ 2669.829568][T11978]  ? worker_detach_from_pool+0x240/0x240
[ 2669.835321][T11978]  ? _raw_spin_lock_irq+0x86/0xf0
[ 2669.840385][T11978]  ? _raw_spin_lock_irq+0xb7/0xf0
[ 2669.845441][T11978]  ? _raw_spin_lock_irqsave+0x100/0x100
[ 2669.851037][T11978]  ? kthread_data+0x4b/0xc0
[ 2669.855616][T11978]  worker_thread+0xaa2/0x1270
[ 2669.860376][T11978]  ? __kthread_parkme+0x162/0x1c0
[ 2669.865461][T11978]  kthread+0x29d/0x330
[ 2669.869655][T11978]  ? worker_clr_flags+0x1a0/0x1a0
[ 2669.874751][T11978]  ? kthread_blkcg+0xd0/0xd0
[ 2669.879384][T11978]  ret_from_fork+0x1f/0x30
[ 2669.883848][T11978]  </TASK>
[ 2669.900272][T11978] kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 2669.913513][T11978] Bluetooth: hci1: failed to register connection device
[ 2670.359985][T32577] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2670.461007][T32570] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2671.932087][T11978] Bluetooth: hci1: command 0x2016 tx timeout
[ 2673.024035][T21728] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2673.552637][T14446] device syzkaller0 entered promiscuous mode
[ 2675.397067][T14479] sctp: [Deprecated]: syz.3.34576 (pid 14479) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2675.397067][T14479] Use struct sctp_sack_info instead
[ 2676.687258][T21723] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2679.783547][T14528] netlink: 9286 bytes leftover after parsing attributes in process `syz.4.34591'.
[ 2682.632375][T14517] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.34588'.
[ 2686.098990][T14616] sctp: [Deprecated]: syz.1.34624 (pid 14616) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2686.098990][T14616] Use struct sctp_sack_info instead
[ 2689.185627][T14662] netlink: 60583 bytes leftover after parsing attributes in process `syz.3.34643'.
[ 2689.219063][T14662] netlink: 4 bytes leftover after parsing attributes in process `syz.3.34643'.
[ 2690.829504][T14694] netlink: 'syz.4.34656': attribute type 29 has an invalid length.
[ 2691.221834][T14705] sctp: [Deprecated]: syz.0.34659 (pid 14705) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2691.221834][T14705] Use struct sctp_sack_info instead
[ 2693.708408][T14694] netlink: 'syz.4.34656': attribute type 29 has an invalid length.
[ 2694.559014][ T6407] Bluetooth: hci2: ISO packet too small
[ 2696.138630][ T6407] Bluetooth: hci3: ISO packet too small
[ 2698.162596][ T6407] Bluetooth: hci4: ISO packet too small
[ 2701.350957][ T6407] Bluetooth: hci0: unexpected event 0x04 length: 15 > 10
[ 2701.393799][T32587] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2701.492290][T21723] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2702.696909][T14879] device syzkaller0 entered promiscuous mode
[ 2703.375508][ T6407] Bluetooth: hci0: command 0x0409 tx timeout
[ 2704.571642][T32587] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2707.741691][T32577] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2711.990313][T14952] device syzkaller0 entered promiscuous mode
[ 2712.090754][T14959] device syzkaller0 entered promiscuous mode
[ 2713.297644][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[ 2713.311712][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[ 2717.783760][T11978] Bluetooth: hci4: unexpected event 0x04 length: 15 > 10
[ 2719.863481][ T6407] Bluetooth: hci4: command 0x0409 tx timeout
[ 2721.159367][T15028] device syzkaller0 entered promiscuous mode
[ 2726.767176][T15125] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.34826'.
[ 2728.958238][T15169] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.34842'.
[ 2730.643518][T15215] netlink: 63503 bytes leftover after parsing attributes in process `syz.4.34859'.
[ 2731.912449][T15243] netlink: 'syz.1.34871': attribute type 2 has an invalid length.
[ 2731.991084][T15243] netlink: 'syz.1.34871': attribute type 1 has an invalid length.
[ 2732.078625][T15243] netlink: 170140 bytes leftover after parsing attributes in process `syz.1.34871'.
[ 2732.937193][T32577] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2733.030159][T21728] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2734.412584][T15302] netlink: 'syz.3.34886': attribute type 2 has an invalid length.
[ 2734.526755][T15302] netlink: 'syz.3.34886': attribute type 1 has an invalid length.
[ 2734.539379][T15302] netlink: 170140 bytes leftover after parsing attributes in process `syz.3.34886'.
[ 2735.802044][T32587] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2738.144240][T15330] device batadv0 left promiscuous mode
[ 2738.153941][T15330] bridge0: port 4(batadv0) entered disabled state
[ 2738.174881][T15330] device bridge_slave_1 left promiscuous mode
[ 2738.181301][T15330] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2738.190706][T15330] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2738.707951][T15343] netlink: 'syz.2.34900': attribute type 2 has an invalid length.
[ 2738.831607][T15343] netlink: 'syz.2.34900': attribute type 1 has an invalid length.
[ 2738.866720][T15343] netlink: 170140 bytes leftover after parsing attributes in process `syz.2.34900'.
[ 2740.854422][T32596] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2741.744361][T15404] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.34922'.
[ 2742.186626][T15406] device syzkaller0 entered promiscuous mode
[ 2758.920612][T15601] netlink: 14 bytes leftover after parsing attributes in process `syz.0.34989'.
[ 2763.670182][T15679] netlink: 2639 bytes leftover after parsing attributes in process `syz.2.35022'.
[ 2764.157241][T32587] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2764.167940][T32581] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2764.215257][T15692] netlink: 2639 bytes leftover after parsing attributes in process `syz.0.35037'.
[ 2766.841469][T32596] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2767.188662][T15738] netlink: 'syz.1.35046': attribute type 4 has an invalid length.
[ 2767.966842][T15748] netlink: 'syz.4.35051': attribute type 10 has an invalid length.
[ 2768.189126][T15748] team0: Device bond0 is already an upper device of the team interface
[ 2768.843234][T15757] device syzkaller0 entered promiscuous mode
[ 2769.444384][T15778] netlink: 'syz.3.35061': attribute type 4 has an invalid length.
[ 2772.041927][T32581] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2774.762160][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[ 2774.768696][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[ 2777.921988][T15852] netlink: 'syz.3.35090': attribute type 1 has an invalid length.
[ 2777.947371][T15852] netlink: 'syz.3.35090': attribute type 1 has an invalid length.
[ 2777.970217][T15852] netlink: 116376 bytes leftover after parsing attributes in process `syz.3.35090'.
[ 2781.437185][T15913] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.35114'.
[ 2783.362107][T15950] device syzkaller0 entered promiscuous mode
[ 2791.272823][T16002] netlink: 'syz.0.35148': attribute type 1 has an invalid length.
[ 2791.283766][T16002] netlink: 112865 bytes leftover after parsing attributes in process `syz.0.35148'.
[ 2793.228748][T16015] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.35164'.
[ 2795.185684][T32570] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2795.288210][T32596] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2798.054186][T32596] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2803.060471][T16142] netlink: 8161 bytes leftover after parsing attributes in process `syz.1.35201'.
[ 2803.069139][T21723] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2804.498621][ T6407] Bluetooth: hci2: unexpected event 0x08 length: 15 > 4
[ 2810.027036][T16230] netlink: 8161 bytes leftover after parsing attributes in process `syz.0.35238'.
[ 2810.786806][T16241] device syzkaller0 entered promiscuous mode
[ 2818.337669][T16260] netlink: 8161 bytes leftover after parsing attributes in process `syz.2.35253'.
[ 2818.348872][T16267] netlink: 63503 bytes leftover after parsing attributes in process `syz.4.35255'.
[ 2826.212810][T32587] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2826.315320][T32577] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2829.137470][T32587] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2832.087867][T16435] delete_channel: no stack
[ 2834.063743][T21723] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2835.709367][T16476] device syzkaller0 entered promiscuous mode
[ 2836.211324][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[ 2836.217790][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[ 2839.851476][T16519] netlink: 16178 bytes leftover after parsing attributes in process `syz.4.35354'.
[ 2841.932625][T16558] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.35368'.
[ 2842.023258][T16562] netlink: 'syz.4.35369': attribute type 7 has an invalid length.
[ 2842.063606][T16562] netlink: 191184 bytes leftover after parsing attributes in process `syz.4.35369'.
[ 2843.897407][T16600] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.35385'.
[ 2844.390509][T16612] netlink: 134056 bytes leftover after parsing attributes in process `syz.3.35392'.
[ 2844.924859][T16618] device syzkaller0 entered promiscuous mode
[ 2847.296977][T16651] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.35401'.
[ 2850.739054][T16673] device syzkaller0 entered promiscuous mode
[ 2857.238933][T32581] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2857.365514][T21723] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2860.925233][T32581] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2863.031448][T16823] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.35487'.
[ 2865.304225][T16834] netlink: 55631 bytes leftover after parsing attributes in process `syz.4.35479'.
[ 2865.328237][T21728] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2865.472804][T16844] netlink: 2739 bytes leftover after parsing attributes in process `syz.1.35493'.
[ 2866.646587][T16865] netlink: 63503 bytes leftover after parsing attributes in process `syz.4.35501'.
[ 2868.689198][T16903] netlink: 2739 bytes leftover after parsing attributes in process `syz.4.35508'.
[ 2872.968976][T16937] netlink: 2739 bytes leftover after parsing attributes in process `syz.3.35521'.
[ 2873.387861][ T6407] Bluetooth: hci2: unexpected event 0x03 length: 15 > 11
[ 2876.496026][T16981] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.35534'.
[ 2877.128470][T16995] netlink: 180900 bytes leftover after parsing attributes in process `syz.2.35542'.
[ 2877.158529][T16995] net_ratelimit: 11000 callbacks suppressed
[ 2877.158552][T16995] openvswitch: netlink: Flow actions attr not present in new flow.
[ 2881.475571][T17062] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app
[ 2881.649107][T17072] netlink: 'syz.3.35575': attribute type 1 has an invalid length.
[ 2881.670447][T17072] netlink: 'syz.3.35575': attribute type 4 has an invalid length.
[ 2881.688319][T17072] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.35575'.
[ 2881.857469][T17082] mac80211_hwsim hwsim44 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2881.882569][T32577] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2881.895083][T32577] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2882.049913][T17086] netlink: 'syz.1.35581': attribute type 7 has an invalid length.
[ 2882.086453][T17086] netlink: 191184 bytes leftover after parsing attributes in process `syz.1.35581'.
[ 2883.041721][T17103] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app
[ 2883.474635][T17119] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2885.222813][T17136] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app
[ 2885.562453][T17146] mac80211_hwsim hwsim38 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2887.888512][T21728] wlan1: Trigger new scan to find an IBSS to join
[ 2888.410680][T21723] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2891.910701][T32581] wlan1: Trigger new scan to find an IBSS to join
[ 2893.448318][T21723] wlan1: Creating new IBSS network, BSSID c6:47:5b:ca:c9:b7
[ 2896.414029][T32587] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2897.607441][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[ 2897.613828][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[ 2898.289912][ T6407] Bluetooth: hci3: unexpected event 0x05 length: 15 > 4
[ 2900.215254][T17343] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.35699'.
[ 2900.666655][ T6407] Bluetooth: hci0: unexpected event 0x05 length: 15 > 4
[ 2902.738847][ T6407] Bluetooth: hci1: unexpected event 0x05 length: 15 > 4
[ 2905.301915][ T6407] Bluetooth: hci1: Malformed HCI Event: 0x22
[ 2905.870609][ T6407] Bluetooth: hci0: Malformed HCI Event: 0x22
[ 2906.246876][T17425] netlink: 'syz.1.35725': attribute type 11 has an invalid length.
[ 2906.260316][T17425] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.35725'.
[ 2906.823363][T17424] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2912.219259][T17519] device syzkaller0 entered promiscuous mode
[ 2916.517504][T17567] batman_adv: The newly added mac address (f6:4c:00:00:00:00) already exists on: batadv_slave_0
[ 2916.537264][T17567] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2916.792495][ T6407] Bluetooth: hci1: unexpected event 0x07 length: 15 < 255
[ 2918.252117][T17592] can: request_module (can-proto-0) failed.
[ 2919.395281][T32581] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2919.572432][T17615] netlink: 'syz.1.35806': attribute type 11 has an invalid length.
[ 2919.632537][T17615] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.35806'.
[ 2922.534289][T17622] mac80211_hwsim hwsim46 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2922.544251][T17614] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2922.688737][T17628] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[ 2922.765053][T17628] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[ 2922.790380][T17628] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 2923.943078][ T6407] Bluetooth: hci4: unexpected event 0x07 length: 15 < 255
[ 2924.497787][ T6407] Bluetooth: hci0: unexpected event 0x04 length: 15 > 10
[ 2924.902060][T32596] wlan1: Trigger new scan to find an IBSS to join
[ 2926.568816][T11978] Bluetooth: hci0: command 0x0409 tx timeout
[ 2927.382489][T21723] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 2928.885245][T21723] wlan1: Trigger new scan to find an IBSS to join
[ 2929.809544][T32587] wlan1: Creating new IBSS network, BSSID 76:84:fa:9c:e3:bb
[ 2930.829533][T17699] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2931.020539][T17715] mac80211_hwsim hwsim38 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2932.670132][T17738] sctp: [Deprecated]: syz.1.35856 (pid 17738) Use of int in max_burst socket option deprecated.
[ 2932.670132][T17738] Use struct sctp_assoc_value instead
[ 2932.941700][T17747] mac80211_hwsim hwsim48 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2933.846284][T32570] wlan1: Trigger new scan to find an IBSS to join
[ 2936.812741][T32587] wlan1: Trigger new scan to find an IBSS to join
[ 2936.819360][T21728] wlan1: Trigger new scan to find an IBSS to join
[ 2936.824829][T17789] mac80211_hwsim hwsim44 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[ 2936.836673][T21723] wlan1: Created IBSS using preconfigured BSSID 00:8d:8d:ff:00:00
[ 2936.851509][T21723] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[ 2936.869902][T32570] ------------[ cut here ]------------
[ 2936.876094][T32570] WARNING: CPU: 0 PID: 32570 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x428/0x4b0
[ 2936.886307][T32570] Modules linked in:
[ 2936.890246][T32570] CPU: 0 PID: 32570 Comm: kworker/u4:10 Not tainted syzkaller #0
[ 2936.898174][T32570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 2936.908413][T32570] Workqueue: cfg80211 cfg80211_event_work
[ 2936.914181][T32570] RIP: 0010:__cfg80211_ibss_joined+0x428/0x4b0
[ 2936.920423][T32570] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 57 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 d1 2f ec f7 0f 0b eb bb e8 c8 2f ec f7 <0f> 0b eb b2 e8 bf 2f ec f7 0f 0b e9 77 fd ff ff e8 b3 2f ec f7 0f
[ 2936.940918][T32570] RSP: 0018:ffffc9000c907aa0 EFLAGS: 00010293
[ 2936.947119][T32570] RAX: ffffffff89964bd8 RBX: dffffc0000000000 RCX: ffff888052438000
[ 2936.955286][T32570] RDX: 0000000000000000 RSI: ffffffff8a8c1aa0 RDI: ffffffff8adf2060
[ 2936.963312][T32570] RBP: ffffc9000c907b70 R08: ffffffff90aff2a7 R09: 1ffffffff215fe54
[ 2936.971501][T32570] R10: dffffc0000000000 R11: fffffbfff215fe55 R12: ffff888029a5b5f8
[ 2936.979597][T32570] R13: 1ffff92001920f5c R14: 000000000000001f R15: ffff888028980c90
[ 2936.987645][T32570] FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[ 2936.996664][T32570] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2937.003289][T32570] CR2: 0000000100000000 CR3: 000000003b4cf000 CR4: 00000000003506f0
[ 2937.011728][T32570] DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000
[ 2937.019786][T32570] DR3: 0000000000008d24 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[ 2937.027820][T32570] Call Trace:
[ 2937.031135][T32570]  <TASK>
[ 2937.034099][T32570]  ? mutex_lock_nested+0x10/0x10
[ 2937.039336][T32570]  ? trace_rdev_return_void+0x240/0x240
[ 2937.045091][T32570]  cfg80211_process_wdev_events+0x3ad/0x550
[ 2937.051081][T32570]  cfg80211_process_rdev_events+0x9d/0x110
[ 2937.057165][T32570]  ? process_one_work+0x7b0/0x1160
[ 2937.062317][T32570]  cfg80211_event_work+0x2b/0x40
[ 2937.067419][T32570]  process_one_work+0x8a2/0x1160
[ 2937.072412][T32570]  ? worker_detach_from_pool+0x240/0x240
[ 2937.078146][T32570]  ? _raw_spin_lock_irq+0x86/0xf0
[ 2937.083215][T32570]  ? _raw_spin_lock_irq+0xb7/0xf0
[ 2937.088311][T32570]  ? _raw_spin_lock_irqsave+0x100/0x100
[ 2937.093899][T32570]  ? kthread_data+0x4b/0xc0
[ 2937.098570][T32570]  worker_thread+0xaa2/0x1270
[ 2937.103322][T32570]  kthread+0x29d/0x330
[ 2937.107472][T32570]  ? worker_clr_flags+0x1a0/0x1a0
[ 2937.112648][T32570]  ? kthread_blkcg+0xd0/0xd0
[ 2937.117319][T32570]  ret_from_fork+0x1f/0x30
[ 2937.121818][T32570]  </TASK>
[ 2937.125255][T32570] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 2937.132570][T32570] CPU: 0 PID: 32570 Comm: kworker/u4:10 Not tainted syzkaller #0
[ 2937.140331][T32570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 2937.150432][T32570] Workqueue: cfg80211 cfg80211_event_work
[ 2937.156210][T32570] Call Trace:
[ 2937.159602][T32570]  <TASK>
[ 2937.162560][T32570]  dump_stack_lvl+0x188/0x24e
[ 2937.167278][T32570]  ? memcpy+0x3c/0x60
[ 2937.171294][T32570]  ? show_regs_print_info+0x12/0x12
[ 2937.176707][T32570]  ? load_image+0x400/0x400
[ 2937.181258][T32570]  panic+0x2e5/0x730
[ 2937.185202][T32570]  ? bpf_jit_dump+0xd0/0xd0
[ 2937.189745][T32570]  ? ret_from_fork+0x1f/0x30
[ 2937.194379][T32570]  __warn+0x2f8/0x4f0
[ 2937.198430][T32570]  ? __cfg80211_ibss_joined+0x428/0x4b0
[ 2937.204025][T32570]  ? __cfg80211_ibss_joined+0x428/0x4b0
[ 2937.209600][T32570]  report_bug+0x2ba/0x4f0
[ 2937.213957][T32570]  ? __cfg80211_ibss_joined+0x428/0x4b0
[ 2937.219538][T32570]  handle_bug+0x3a/0x70
[ 2937.223722][T32570]  exc_invalid_op+0x16/0x40
[ 2937.228348][T32570]  asm_exc_invalid_op+0x16/0x20
[ 2937.233231][T32570] RIP: 0010:__cfg80211_ibss_joined+0x428/0x4b0
[ 2937.239415][T32570] Code: 00 00 00 48 3b 84 24 80 00 00 00 75 57 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 d1 2f ec f7 0f 0b eb bb e8 c8 2f ec f7 <0f> 0b eb b2 e8 bf 2f ec f7 0f 0b e9 77 fd ff ff e8 b3 2f ec f7 0f
[ 2937.259055][T32570] RSP: 0018:ffffc9000c907aa0 EFLAGS: 00010293
[ 2937.265150][T32570] RAX: ffffffff89964bd8 RBX: dffffc0000000000 RCX: ffff888052438000
[ 2937.273147][T32570] RDX: 0000000000000000 RSI: ffffffff8a8c1aa0 RDI: ffffffff8adf2060
[ 2937.281147][T32570] RBP: ffffc9000c907b70 R08: ffffffff90aff2a7 R09: 1ffffffff215fe54
[ 2937.289168][T32570] R10: dffffc0000000000 R11: fffffbfff215fe55 R12: ffff888029a5b5f8
[ 2937.297166][T32570] R13: 1ffff92001920f5c R14: 000000000000001f R15: ffff888028980c90
[ 2937.305190][T32570]  ? __cfg80211_ibss_joined+0x428/0x4b0
[ 2937.310777][T32570]  ? mutex_lock_nested+0x10/0x10
[ 2937.315747][T32570]  ? trace_rdev_return_void+0x240/0x240
[ 2937.321342][T32570]  cfg80211_process_wdev_events+0x3ad/0x550
[ 2937.327368][T32570]  cfg80211_process_rdev_events+0x9d/0x110
[ 2937.333206][T32570]  ? process_one_work+0x7b0/0x1160
[ 2937.338353][T32570]  cfg80211_event_work+0x2b/0x40
[ 2937.343321][T32570]  process_one_work+0x8a2/0x1160
[ 2937.348415][T32570]  ? worker_detach_from_pool+0x240/0x240
[ 2937.354081][T32570]  ? _raw_spin_lock_irq+0x86/0xf0
[ 2937.359188][T32570]  ? _raw_spin_lock_irq+0xb7/0xf0
[ 2937.364248][T32570]  ? _raw_spin_lock_irqsave+0x100/0x100
[ 2937.369830][T32570]  ? kthread_data+0x4b/0xc0
[ 2937.374373][T32570]  worker_thread+0xaa2/0x1270
[ 2937.379114][T32570]  kthread+0x29d/0x330
[ 2937.383205][T32570]  ? worker_clr_flags+0x1a0/0x1a0
[ 2937.388266][T32570]  ? kthread_blkcg+0xd0/0xd0
[ 2937.392892][T32570]  ret_from_fork+0x1f/0x30
[ 2937.397369][T32570]  </TASK>
[ 2937.400787][T32570] Kernel Offset: disabled
[ 2937.405210][T32570] Rebooting in 86400 seconds..