last executing test programs:

26.514654178s ago: executing program 0 (id=666):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000000604"], 0x0, 0x26}, 0x20)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={r0, 0x29, &(0x7f0000003fc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0}}, 0x10)
socket$kcm(0x11, 0x200000000000002, 0x300)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$kcm(0x11, 0x200000000000002, 0x300)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r2, 0x107, 0x12, &(0x7f0000000100)=r3, 0x4)
sendmsg(r2, &(0x7f0000000580)={&(0x7f0000000140)=@hci={0x1f, 0x1, 0x1}, 0x80, 0x0}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000780)=ANY=[@ANYBLOB="180500006300000000000000feffffffb7080000000000007b030000000000000008000000007fb45b096ac7c0ed577cdadfa200007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800049ce9a81f5661514b952da2f184425220c7bc37822be09688f269d943648ea01751f91938e35aaebd84052dd81073aac8254dda005aef49f952a2dc4fc237f943a8f851834bf9cc7819ba98884def3fff00522eec9281263ea7c3001c846db4463400711b1c63b9be66e2fa4c61ac80260c5880b61341346449d8763399a5d3c8658aa7dbc89633a54e8dd8a78e1ea8b0b232a2d0958a161d00460fb9e4dd872ffd04999bba627991ec24a6243bce", @ANYRES32, @ANYBLOB="0000000000000000b704000008000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r4, 0xfffff000, 0xe, 0x0, &(0x7f0000000040)="61df7100c80400d5721ff59fe864b3c81a70c772ceed5fdb950e99903b901ba23e4cb8990eee22c5ba9159ab37f79a8803bee1e10dd83577407f38a01e13183c6af509", 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)=""/5, 0x63}], 0x1, 0xfffffffffffffffe, 0x19}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0), 0x2, &(0x7f0000000180)=ANY=[@ANYRES16=r1], 0x11f0}, 0x10008014)
syz_clone(0x10eb22f000, 0x0, 0x0, 0x0, 0x0, 0x0)

25.349417422s ago: executing program 0 (id=676):
r0 = syz_clone(0x40280000, &(0x7f0000000200)="730fc3c99c6a3a22eed974f9406e3969bd93ac831d6fe1c8efa20b7bf138bf246f746593cb6664af8d164db8", 0x2c, &(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000340)="f0b83bf273bf8a04d7ff99b0ac7ef949b1e7090b77eba74bd24ac1b9")
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x81, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1208, 0x0, 0x0, 0x0, 0x28000000}, r0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50)
close(0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0xa, &(0x7f0000000680)=ANY=[], 0x0, 0x4, 0xee, &(0x7f0000000340)=""/238}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x0, &(0x7f0000000280), &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0x82, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x20000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0500000004000000040000000a"], 0x50)
close(0x3)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0x8, 0x6, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r2}, 0x38)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
syz_clone(0xae003400, 0x0, 0xffffff39, 0xfffffffffffffffd, 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0)
openat$cgroup_subtree(r4, &(0x7f0000000140), 0x2, 0x0)
mkdirat$cgroup(r4, &(0x7f0000000640)='syz1\x00', 0x1ff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00'}, 0x10)
perf_event_open$cgroup(&(0x7f00000002c0)={0x0, 0x80, 0xff, 0x8, 0x6, 0x30, 0x0, 0x9, 0x2000, 0x5, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x100, 0x1, @perf_bp={0x0, 0x1}, 0x108, 0x5, 0x40, 0x2, 0x572, 0xc2, 0x2, 0x0, 0x4, 0x0, 0x100000000}, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0x498dde7bc5ee1ac3)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$cgroup_int(r6, &(0x7f0000000040)='cpuset.sched_load_balance\x00', 0x2, 0x0)
write$cgroup_int(r7, &(0x7f00000000c0)=0x100000000, 0x12)

25.336548863s ago: executing program 3 (id=677):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18080000000000000000000000000000852000000600000018100000", @ANYRES32, @ANYBLOB="00000000000000006100ed0000000000180000000000000000000000000000009500000000000000b50a00000000000095000000000000001315c1"], &(0x7f0000000000)='GPL\x00', 0x4, 0x1e, &(0x7f0000000340)=""/238, 0x0, 0x0, '\x00', 0x0, 0x900}, 0x21) (fail_nth: 3)

24.703748074s ago: executing program 3 (id=680):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000f0a9c8085000000040000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000380)={r1}, 0xc)
perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$PERF_EVENT_IOC_RESET(r2, 0x2403, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100008000008100000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

24.681769245s ago: executing program 2 (id=681):
r0 = socket$kcm(0xa, 0x2, 0x73)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg$unix(r1, &(0x7f00000002c0)={&(0x7f0000000040)=@abs, 0x6e, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000140)=""/212, 0xd4}], 0x2, &(0x7f0000000280)=[@rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x38}, 0x60)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x7, 0x6}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r3}, 0x25)
sendmsg$kcm(r0, &(0x7f0000006900)={&(0x7f0000006640)=@un=@abs={0x0, 0x0, 0x4e24}, 0x80, 0x0, 0x0, &(0x7f0000000040)=ANY=[], 0x3}, 0x800)

24.543740537s ago: executing program 3 (id=683):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x16, 0x13, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c252500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000180100002020702500000000002020207b1ad8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000080000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe, 0xfffffffffffffffd, &(0x7f00000001c0)="186bf7ffffffffffffffef0a3254", 0x0, 0xff, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x8, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000300000000000000ff07000004000000000000009500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
r4 = socket$kcm(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x7, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000ae00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1190e95fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9b24be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6eab1aa7d55545a34effa077faa56d59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e59a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d0faab186d94af98af1da2b5952eb15855933a202304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f949c479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad9433269af3be5fa6a9a5c24e392955f4e979ea13201bafe4f0f6ea508000000a0c548552b571bed5647223c78a992810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ede62fc28839b5301160ecec37e83efceefd7ca2533659edc8be05cc85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d35a142a9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a2946501559335781092cf8ce3c7c56cd31121624d76517fd3666276c3c0e812b28e2f30d035cee5d0e77a3c70008ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856cf24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31651e0ecea5ece8fb11a4ee288eb149f1fa33669cc8d901fa8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463baf28345bde0c195bc9f021da8f3025ee9c8e3168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262fa3f1dabeb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a4601adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a8640724a5f4e12ad99012a2e01ce79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bfad9b7be3283b6450d014e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5671820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff2418a18217747ae442e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51427a7f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d17eb0000000000000000000000fa08ad0731c4b839688b22c4da2a6b00008a1949a6ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282bffff2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae05334d5a44a020000001c0d882a564d74a7c72bf9a2152b261e58fea6d2f93589cfe261dc0410b5ccc92a5a0eab327a33431d62d2b7c75ce654d556c9e1817c1abca762ab53d40da51560351b673363652e1ecb56cfe4a746a45ab13c6014e9f361ab687d1cd1795ce9e05c817b83d76046bdb3709de5df7499a02d2f636a454b85b987580ada025d83bd7b8df28a540d5ec5537942e79f2f1ab25ea5f563bc77e4f9468bd309469880c7e34150ca886d1f13dff7e82dbe296c877d925c38c54cc8137b29028854b6bd57ca893927c331300e16aba792289e135589d93302fc37c73c303e383cdf8ef3f6d6265fe5ee01759d24027475c8901039a898582022bc95992b86dce0710887c8a625d9cbb897bdbfaf49a3f642a169827a9bae4fcfa5212461db000000000000e6ed75ca8fcda7ef3ee336189fef3b3ffb9f38fefc5ff39c4e69e3fa1f8b10ee97123e99b61eba065b1ad67530e7c4f11f9da7ae000002000000610101ad7f79cb9bbf64a0fc109f49fe50151f5ddfe51833ec65ece70e07ce8ab5d97db47da8f80000664dc0b86ae2b3ff9d4e220752a6b2f3ea9f793612386496dca5af7b8952aafa332482e6137e994d3f5259b7f51544cdc6d8cb4becc20dd3a57545b0c2621e4c5f94a23f73ee02c22ee7e27c2cc491a85947baac523c347c9b9ede5d6265997f2ad6e9719aafdb323988e62b7ec84545cd63b7a7"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffdf2}, 0x48)
bpf$OBJ_PIN_PROG(0x6, &(0x7f00000002c0)=@generic={&(0x7f0000000140)='./file0\x00', r3}, 0x18)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x200})
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8922, &(0x7f0000000080))
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b11d25a806c8c6f94f90424fc601000407a0a000600053582c137153e37000c11802f2ff4070300", 0x33fe0}], 0x1, 0x0, 0x0, 0x35}, 0x0)

24.515684249s ago: executing program 2 (id=684):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000000604"], 0x0, 0x26}, 0x20)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={r0, 0x29, &(0x7f0000003fc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0}}, 0x10)
socket$kcm(0x11, 0x200000000000002, 0x300)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$kcm(0x11, 0x200000000000002, 0x300)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r2, 0x107, 0x12, &(0x7f0000000100)=r3, 0x4)
sendmsg(r2, &(0x7f0000000580)={&(0x7f0000000140)=@hci={0x1f, 0x1, 0x1}, 0x80, 0x0}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000780)=ANY=[@ANYBLOB="180500006300000000000000feffffffb7080000000000007b030000000000000008000000007fb45b096ac7c0ed577cdadfa200007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800049ce9a81f5661514b952da2f184425220c7bc37822be09688f269d943648ea01751f91938e35aaebd84052dd81073aac8254dda005aef49f952a2dc4fc237f943a8f851834bf9cc7819ba98884def3fff00522eec9281263ea7c3001c846db4463400711b1c63b9be66e2fa4c61ac80260c5880b61341346449d8763399a5d3c8658aa7dbc89633a54e8dd8a78e1ea8b0b232a2d0958a161d00460fb9e4dd872ffd04999bba627991ec24a6243bce626449ed43637a2b61ede04fb9389fc59eedb2cb02f56be37efb263e2d67865514f71a3fb45485664975102c1424fd51cf75df8cc662601cbde3319ec73bf351789b03363a6854eafc54cde335d99fe8021dcf5c0009b93b3ada0e1efed253ad5f296d1f04afd75d1c0c3125be55a74a92464b39bb0c615b67217d427db9530397f9237f0c5c5fd95f", @ANYRES32, @ANYBLOB="0000000000000000b704000008000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r4, 0xfffff000, 0xe, 0x0, &(0x7f0000000040)="61df7100c80400d5721ff59fe864b3c81a70c772ceed5fdb950e99903b901ba23e4cb8990eee22c5ba9159ab37f79a8803bee1e10dd83577407f38a01e13183c6af509", 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)=""/5, 0x63}], 0x1, 0xfffffffffffffffe, 0x19}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0), 0x2, &(0x7f0000000180)=ANY=[@ANYRES16=r1], 0x11f0}, 0x10008014)
syz_clone(0x10eb22f000, 0x0, 0x0, 0x0, 0x0, 0x0)

23.767674559s ago: executing program 0 (id=686):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x20010000)
write$cgroup_subtree(r2, &(0x7f0000000000), 0xfdef)
ioctl$TUNSETLINK(r2, 0x400454cd, 0x30d) (async, rerun: 32)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x578, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async, rerun: 32)
r3 = socket$kcm(0x11, 0x200000000000002, 0x300) (async)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={r5, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r6=>0x0}}, 0x10)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x6, 0x3, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000004000000000000000000000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x1f00, 0x0, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000b80)=@bpf_ext={0x1c, 0x2, &(0x7f00000007c0)=@raw=[@btf_id={0x18, 0x4, 0x3, 0x0, 0x4}], &(0x7f0000000840)='syzkaller\x00', 0x1, 0x0, 0x0, 0x71be12af7866cf22, 0xe, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1b081, r7, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r4, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async, rerun: 32)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (rerun: 32)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r8, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
socket$kcm(0x11, 0x200000000000002, 0x300)
recvmsg$unix(r1, &(0x7f0000000380)={&(0x7f00000000c0)=@abs, 0x6e, &(0x7f0000000340)=[{&(0x7f0000000140)=""/154, 0x9a}, {&(0x7f0000000200)=""/50, 0x32}, {&(0x7f0000000240)=""/194, 0xc2}], 0x3}, 0x2000) (async)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x9, 0x92, 0x3, 0x9, 0x0, 0x100000080001, 0x91239, 0xa, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, @perf_config_ext={0x3, 0x1}, 0x102200, 0x1, 0xb, 0x6, 0x3, 0x8, 0x43, 0x0, 0xe18a, 0x0, 0x1000000000000007}, 0x0, 0x2, 0xffffffffffffffff, 0xb) (async)
r9 = socket$kcm(0xf, 0x3, 0x2)
sendmsg$inet(r9, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="020b0700fc670000e4a17c45c8d260c9", 0x33fe0}], 0x1}, 0x0)
close(r3)

23.649343439s ago: executing program 3 (id=687):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$tipc(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, 0x4000041)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r2=>0xffffffffffffffff})
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x541b, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r4, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r4, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="180000df000095000000000000ae"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r5}, 0x94)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
r7 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r7, 0x1, 0x3e, &(0x7f00000002c0)=r6, 0x161)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
close(r9)
recvmsg$unix(r8, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r10=>0xffffffffffffffff]}}], 0x18}, 0x0)
r11 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
write$cgroup_subtree(r10, &(0x7f0000000200)=ANY=[@ANYRES8=r9, @ANYRES8=r11], 0x12)
r12 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='hugetlb.1GB.usage_in_bytes\x00', 0x0, 0x0)
r13 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x800, 0x400, 0xccedeb6dc403c70d, r3, 0x6, '\x00', r5, r6, 0x4, 0x0, 0x1, 0x3, @value=r10, @void, @value=r12}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r13}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={r13, 0x0, &(0x7f0000000000)=""/48}, 0x20)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
close(r1)
close(r0)

23.466650763s ago: executing program 1 (id=688):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000980)={<r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7fffffffffffffff, 0x1}, 0x0, 0xffffffffffffffff, 0x0, 0x8, 0x0, 0x4482000a, 0x4, 0x0, 0x800}, 0x0, 0x8, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r1, 0x29, 0x23, &(0x7f0000000040), 0xcf)
ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000040)={'batadv0\x00', @random="0100"})

23.466012453s ago: executing program 2 (id=689):
socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x400000000004, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0xc001, 0x0, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x87}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

23.251528931s ago: executing program 1 (id=690):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48)
bpf$ENABLE_STATS(0x20, 0x0, 0x0) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) (async)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000200"/28], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000000000085000000a800000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) (async)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r3}, 0xc) (async)
socket$kcm(0x10, 0x3, 0x10) (async)
r4 = socket$kcm(0x29, 0x2, 0x0) (async)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000340)={{r5, <r6=>0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000b80)='%pB    \x00'}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001300)={{r6, <r7=>0xffffffffffffffff}, &(0x7f0000001280), &(0x7f0000000080)='%+9llu \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r7}, 0x4) (async)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x10, &(0x7f0000000bc0)=@framed={{}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x40005}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='signal_generate\x00', r8}, 0x18)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) (async)
bpf$ENABLE_STATS(0x20, 0x0, 0x0) (async)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) (async)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x20, 0x12506, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0xffffffff}, 0x7402, 0x0, 0x0, 0x4, 0x0, 0xffffffff, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
syz_clone(0x126400, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$kcm(r4, &(0x7f00000000c0)={0x0, 0x53, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030033000b63d25a80648c2594f91324fc60100c21400200000305050400371500000248078000f01700d1bd", 0x2e}], 0x1000000000000005}, 0x4004094)

23.251310761s ago: executing program 0 (id=691):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000004"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r2}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

23.250089471s ago: executing program 2 (id=692):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000980)={<r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000040)={'batadv0\x00', @random="0100"}) (fail_nth: 3)

23.174283987s ago: executing program 1 (id=693):
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080))
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000070000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r1}, 0x10)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000001c0)={<r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b18, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
close(r3)
r4 = openat$cgroup(r2, &(0x7f0000000700)='syz0\x00', 0x200002, 0x0)
openat$cgroup_procs(r4, &(0x7f0000000740)='cgroup.threads\x00', 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)="5c0000001e006bcd9e3fe3dc6e080000070200001d0000007ea60864160af3653c005425198bc3488bc3a0e69ee517d34460bc24eab556a705251d6182949a3651f668c3", 0x44}, {&(0x7f0000000080)="a656aa6d2d5a6d59030fd7a573d57d82d9fcca35d31be78168cb6947bd4c5d8395a51398ee875fde0a1215bc83793a7a4356143d7ba21a7f3be96a2ec76c89769486a4340b5e515663b87af95414ab96a1dc629b26179d2c3e3a823a37975e8158c4de4bc0b591fc9626579248bb33dc45e71f19d696c7d9e0", 0x79}, {&(0x7f0000000180)="cb4ff58ed90d6c65a59b1890df786a54bfe0fd9ca68f50e55d67af4bb109233516e52e", 0x23}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000140)={{0x1, <r5=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)='%+9llu \x00'}, 0x20)
sendmsg$tipc(r2, &(0x7f00000006c0)={&(0x7f0000000300)=@nameseq={0x1e, 0x1, 0x1, {0x2, 0x4, 0x4}}, 0x10, &(0x7f0000000500)=[{&(0x7f0000000340)="0f2d33ee81f79dfab7", 0x9}, {&(0x7f0000000380)="d135df7a9a1bee2c6a28e49036f3696356a7786e34e00e3ac8397e8c042b3ae93746c75b2d6324f4c521454beb50acda94cd32a858c173b65067864abf20523d0118cdc09d86e7942634748f35be1c718b984521acdbd64e7ddd03d59ad23ee212c17e201f8212396ad16ef754c8f8ea0a0ea98f92944b1c179f9461513213a212ca6c1d344a8586a91d51d2b9d042bbba96d183681d88bc3995", 0x9a}, {&(0x7f0000000440)="2b2457fe15e13416d9ec6b631f6c3c69b7a9a20b8cb8aa26766926b4ea78971e873a5b192ac349f3f8a0d9475a0d636cd7b63c8b197bac7afe7c5f43a0761d568f97dc8b1f64f20b4678e23c712b0015a567709670238dd841466aed739a4285f322b35de2455dbfc57d48b95598cef157c6da7d915f8ba1bb4e46ba39308a3255a5072c1b0ace813a96131419270fa0cad2fdfa1f3b0443676c67f083dc9d0c6accc74aab705ad225ac4b296106754cafc4ff294f9e", 0xb6}, {&(0x7f00000005c0)="0d6ad9c685e439c2fa04abc4ea904d2bdb7a07e4e432f784a33d4af31bd6dceaf46086a3d6c508456334b999779cf18eb4eceecea8f811a7f2b1699da8d9724ea4439dc6d64be521441541a8ef969a0dd8c44b4ff6d83bee8647426ed0ac211bc50a7d1431e239a572f7fda38df5298680cb270bdf114f21b335d8dcc810304164d86b2867718e9155cedaf23f5bccf23d1ee1df5ff748d14a4941c25291f866255e703339a1ab822736d9ff1c134df40245280cdc751b1b0a267554259b3af5b7076f5dd46effb3a5", 0xc9}], 0x4, 0x0, 0x0, 0x10}, 0x8000)
bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000180)=r5, 0x4)
syz_clone(0x200400, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x3, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8e100000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008000000181a0000", @ANYRES32=r6, @ANYBLOB="0000000000000000b705000008000000850000006a0000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000780), 0x101840, 0x0)
ioctl$TUNGETFEATURES(r8, 0x800454cf, &(0x7f00000007c0))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000240)='percpu_alloc_percpu\x00', r7}, 0x66)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0xaa}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0xe}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000580)=@o_path={&(0x7f0000000540)='./cgroup\x00', 0x0, 0x4008, r0}, 0x18)

22.795305267s ago: executing program 0 (id=694):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0xd, 0x9, &(0x7f0000000680)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000500000085000000a0008000a70000000000000018000000000000000009000000961c9f8998500c9b0000009500000000000000"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x13}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000c4bd7097495aeeeb3ca14200d06bc8d7d9e675ec4ddfc0583da5954b877163c7ff106d69a1ca9d820a206b"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x200000000000005f, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYRES16=r1], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$unix(r5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r6], 0x18}, 0x8810)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7e, &(0x7f0000000180)='/mroc/s\xc9\v/net/ipv/syG\x8a^=\xcd,\xb8)u\x8b[\xcdnc_\x00le\xf44.\xab%nN\xd4\x03\x00\x00\x001=\x11\xc8\xdd\x0fR\xd3s\x87`B\x92\xd0}\xbe\xdd\xc4\x01\xc2s\xa3\xfd\xa7\xe2;\xf48\xe7\xab\x9b\x8e%3\xeb.HeX\xcf\"\xbf\x82\xa502\x86\x9f*K\xc6\x1d\"\xa0\xe6\x9b\x9f\x8f=\x8d\xad\xb3\xaa\xa8\xbc\xbd \xea\x97v\xe7\xd1\xfbP(\xa4'}, 0x30)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r9)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000180)='r}!\x00')
write$cgroup_devices(r7, &(0x7f0000000140)=ANY=[@ANYBLOB="1e031c00008c71ef288563"], 0xffdd)
close(r6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
close(r10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x2d)
syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0)

22.739678642s ago: executing program 2 (id=695):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x16, 0x13, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c252500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000180100002020702500000000002020207b1ad8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000080000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe, 0xfffffffffffffffd, &(0x7f00000001c0)="186bf7ffffffffffffffef0a3254", 0x0, 0xff, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x8, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000300000000000000ff07000004000000000000009500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
r4 = socket$kcm(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x7, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000ae00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1190e95fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9b24be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6eab1aa7d55545a34effa077faa56d59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e59a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d0faab186d94af98af1da2b5952eb15855933a202304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f949c479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad9433269af3be5fa6a9a5c24e392955f4e979ea13201bafe4f0f6ea508000000a0c548552b571bed5647223c78a992810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ede62fc28839b5301160ecec37e83efceefd7ca2533659edc8be05cc85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d35a142a9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a2946501559335781092cf8ce3c7c56cd31121624d76517fd3666276c3c0e812b28e2f30d035cee5d0e77a3c70008ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856cf24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31651e0ecea5ece8fb11a4ee288eb149f1fa33669cc8d901fa8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463baf28345bde0c195bc9f021da8f3025ee9c8e3168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262fa3f1dabeb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a4601adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a8640724a5f4e12ad99012a2e01ce79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bfad9b7be3283b6450d014e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5671820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff2418a18217747ae442e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51427a7f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d17eb0000000000000000000000fa08ad0731c4b839688b22c4da2a6b00008a1949a6ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282bffff2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae05334d5a44a020000001c0d882a564d74a7c72bf9a2152b261e58fea6d2f93589cfe261dc0410b5ccc92a5a0eab327a33431d62d2b7c75ce654d556c9e1817c1abca762ab53d40da51560351b673363652e1ecb56cfe4a746a45ab13c6014e9f361ab687d1cd1795ce9e05c817b83d76046bdb3709de5df7499a02d2f636a454b85b987580ada025d83bd7b8df28a540d5ec5537942e79f2f1ab25ea5f563bc77e4f9468bd309469880c7e34150ca886d1f13dff7e82dbe296c877d925c38c54cc8137b29028854b6bd57ca893927c331300e16aba792289e135589d93302fc37c73c303e383cdf8ef3f6d6265fe5ee01759d24027475c8901039a898582022bc95992b86dce0710887c8a625d9cbb897bdbfaf49a3f642a169827a9bae4fcfa5212461db000000000000e6ed75ca8fcda7ef3ee336189fef3b3ffb9f38fefc5ff39c4e69e3fa1f8b10ee97123e99b61eba065b1ad67530e7c4f11f9da7ae000002000000610101ad7f79cb9bbf64a0fc109f49fe50151f5ddfe51833ec65ece70e07ce8ab5d97db47da8f80000664dc0b86ae2b3ff9d4e220752a6b2f3ea9f793612386496dca5af7b8952aafa332482e6137e994d3f5259b7f51544cdc6d8cb4becc20dd3a57545b0c2621e4c5f94a23f73ee02c22ee7e27c2cc491a85947baac523c347c9b9ede5d6265997f2ad6e9719aafdb323988e62b7ec84545cd63b7a7"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffdf2}, 0x48)
bpf$OBJ_PIN_PROG(0x6, &(0x7f00000002c0)=@generic={&(0x7f0000000140)='./file0\x00', r3}, 0x18)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x200})
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8922, &(0x7f0000000080))
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b11d25a806c8c6f94f90424fc601000407a0a000600053582c137153e37000c11802f2ff4070300", 0x33fe0}], 0x1, 0x0, 0x0, 0x35}, 0x0)

22.658030768s ago: executing program 3 (id=696):
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080))
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000070000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r1}, 0x10)
syz_clone(0x200400, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000580)=@o_path={&(0x7f0000000540)='./cgroup\x00', 0x0, 0x4008, r0}, 0x18) (fail_nth: 3)

22.367836262s ago: executing program 2 (id=697):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x89fe, &(0x7f0000000680)={'wg0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1a}})

22.0159861s ago: executing program 32 (id=697):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x89fe, &(0x7f0000000680)={'wg0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1a}})

21.971348514s ago: executing program 1 (id=699):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000400000004"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="0500000004000000032000000c00000000000000", @ANYRES32, @ANYBLOB="feffffff00000000000000000000000000000000a8c1f36db2a2109507731f9a386841ed65812b70602efbc74c997eecadeceb9cff94024560a6b4134c1fc79c032cf52740b253fe0da2616bcaf9b945b47bbb4bb9cbf65286c7074251acd7c67b90", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
close(0x3)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r2, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
r4 = socket$kcm(0xa, 0x5, 0x0)
r5 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6)
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4003, 0x3}, 0x50)
setsockopt$sock_attach_bpf(r4, 0x29, 0x21, &(0x7f0000000100), 0x120)
sendmsg$kcm(r4, &(0x7f0000002dc0)={&(0x7f0000001580)=@l2tp6={0xa, 0x0, 0x0, @private1, 0x0, 0x3}, 0x80, &(0x7f00000029c0)=[{&(0x7f0000001480)="89", 0x1}], 0x1}, 0x8c1)
close(r4)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x80}, 0x50)
close(0x3)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0b000000080000000c000000ffbfffff01"], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x11, 0x10, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x19383fb31bd4d798}, {0x85, 0x0, 0x0, 0x3}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r9}, 0x10)
perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x10, 0x2, 0x0, 0xff, 0x0, 0xcbf0, 0x241a2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x3, @perf_config_ext={0x3e, 0x1}, 0x0, 0x2, 0xffffffff, 0x0, 0x4, 0xfffffffc, 0x8000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x9}, 0x50)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f0000000080)=ANY=[@ANYRES32=r8], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x6a}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r10, @ANYRES32=r11, @ANYBLOB="04"], 0x10)
close(0x3)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={&(0x7f00000002c0)="49ad64ba6beb8d5b3956f9b9ce95e4b218e5389a217b05248424e22ee0f5ff2f3105f8e44d26a3bef2", &(0x7f0000000580)=""/72, &(0x7f0000000780)="74c3cf5490c6b9778e6472fa2f59803701e93337cd1ca8b5a5b136210cf24b3be02bbeec86f33af3e9011c0dadd22abd6af50d24aef96ec9a91e81407b77d451020e67dedc5d27645691762bee75325fe0061dd8c39b876b4e98d5654d4d42137fdc6a9ce88cd630f69abbebc7d65df19d5904ab23601ef690530939f58d723d8921f93d2493cd84ea8c968426457146ed51623d4775120bc910d967c3eece3519cf40cb34f95d729b9d3afd615e07a508aa71ab4922ed03f4e2858bacee9d0bcda71631db40", &(0x7f0000000300)="52cffbd6cb19edd79f69", 0x0, 0x1, 0x4}, 0x38)
openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000140), 0x2, 0x0)
r12 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000000000000000000ffffffff180800002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000400008500000006000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r12, @ANYBLOB="0000000000000000b70500000800000085000000a700000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

21.970920454s ago: executing program 3 (id=700):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1700000007000000ec04009ac0f9ab6fe04969e50000ff000000000000", @ANYRES32=0x1, @ANYRES8, @ANYRES32=0x0, @ANYRES32, @ANYRES8=r0], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_type(r2, &(0x7f0000000300), 0x2, 0x0)
write$cgroup_type(r3, &(0x7f0000000280), 0x9)
r4 = openat$cgroup_procs(r2, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f00000001c0), 0x12)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_ro(r5, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000200)=0x1, 0x12)
write$cgroup_int(r6, &(0x7f00000000c0), 0x12)
r7 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r7, 0x401054d5, &(0x7f0000000780)={0x1, &(0x7f00000001c0)=[{0x45, 0x0, 0x2, 0x8}]})
r8 = openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0)
openat$cgroup_pressure(r8, 0x0, 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0xf, &(0x7f0000000340)=ANY=[@ANYRESDEC=0x0], &(0x7f0000000600)='GPL\x00', 0x2, 0xa5, &(0x7f0000000540)=""/165, 0x41000, 0x40, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f00000003c0)={0x7, 0x5}, 0x8, 0x10, &(0x7f0000000440)={0x0, 0xa, 0x3}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000740)=[r1, r6, r6, r1, r1], &(0x7f00000006c0)=[{0x5, 0x1, 0xf, 0xc}, {0x4, 0x1, 0x10, 0x4}, {0x3, 0x5, 0x0, 0xa}, {0x1, 0x4, 0x4, 0x9}, {0x0, 0x3, 0x5, 0x5}, {0x5, 0x5, 0x1, 0x6}, {0x3, 0x2, 0xb, 0x8}], 0x10, 0x5}, 0x94)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)

21.586759095s ago: executing program 33 (id=700):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1700000007000000ec04009ac0f9ab6fe04969e50000ff000000000000", @ANYRES32=0x1, @ANYRES8, @ANYRES32=0x0, @ANYRES32, @ANYRES8=r0], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_type(r2, &(0x7f0000000300), 0x2, 0x0)
write$cgroup_type(r3, &(0x7f0000000280), 0x9)
r4 = openat$cgroup_procs(r2, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f00000001c0), 0x12)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_ro(r5, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000200)=0x1, 0x12)
write$cgroup_int(r6, &(0x7f00000000c0), 0x12)
r7 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r7, 0x401054d5, &(0x7f0000000780)={0x1, &(0x7f00000001c0)=[{0x45, 0x0, 0x2, 0x8}]})
r8 = openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0)
openat$cgroup_pressure(r8, 0x0, 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0xf, &(0x7f0000000340)=ANY=[@ANYRESDEC=0x0], &(0x7f0000000600)='GPL\x00', 0x2, 0xa5, &(0x7f0000000540)=""/165, 0x41000, 0x40, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f00000003c0)={0x7, 0x5}, 0x8, 0x10, &(0x7f0000000440)={0x0, 0xa, 0x3}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000740)=[r1, r6, r6, r1, r1], &(0x7f00000006c0)=[{0x5, 0x1, 0xf, 0xc}, {0x4, 0x1, 0x10, 0x4}, {0x3, 0x5, 0x0, 0xa}, {0x1, 0x4, 0x4, 0x9}, {0x0, 0x3, 0x5, 0x5}, {0x5, 0x5, 0x1, 0x6}, {0x3, 0x2, 0xb, 0x8}], 0x10, 0x5}, 0x94)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)

21.576910326s ago: executing program 0 (id=701):
socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x400000000004, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0xc001, 0x0, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x87}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

21.02334399s ago: executing program 34 (id=701):
socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x400000000004, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0xc001, 0x0, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x87}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

21.016877641s ago: executing program 1 (id=703):
socket$kcm(0x2, 0xa, 0x2)
socket$kcm(0x2, 0xa, 0x73)
close(0x3)

20.788597689s ago: executing program 1 (id=704):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/249, 0x101d0}], 0x1}, 0x0)
close(r0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000300)='sys_enter\x00', r3}, 0x10)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x954b3baf63a6dd35}, 0x10)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x810100, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1, 0x0, 0x0, 0x3}, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) (async)
recvmsg(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/249, 0x101d0}], 0x1}, 0x0) (async)
close(r0) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000300)='sys_enter\x00', r3}, 0x10) (async)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x954b3baf63a6dd35}, 0x10) (async)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x810100, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1, 0x0, 0x0, 0x3}, 0x0) (async)

0s ago: executing program 35 (id=704):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/249, 0x101d0}], 0x1}, 0x0)
close(r0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000300)='sys_enter\x00', r3}, 0x10)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x954b3baf63a6dd35}, 0x10)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x810100, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1, 0x0, 0x0, 0x3}, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) (async)
recvmsg(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/249, 0x101d0}], 0x1}, 0x0) (async)
close(r0) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000300)='sys_enter\x00', r3}, 0x10) (async)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x954b3baf63a6dd35}, 0x10) (async)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x810100, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1, 0x0, 0x0, 0x3}, 0x0) (async)

kernel console output (not intermixed with test programs):

x8c1/0xbe0
[  173.117878][ T7222]  ? lockdep_hardirqs_on+0x98/0x150
[  173.123118][ T7222]  ? netlink_getsockopt+0x580/0x580
[  173.128361][ T7222]  ? audit_tree_destroy_watch+0x20/0x20
[  173.134019][ T7222]  ? security_socket_sendmsg+0x80/0xa0
[  173.139500][ T7222]  ? netlink_getsockopt+0x580/0x580
[  173.144719][ T7222]  ____sys_sendmsg+0x5bf/0x950
[  173.149514][ T7222]  ? __asan_memset+0x22/0x40
[  173.154185][ T7222]  ? __sys_sendmsg_sock+0x30/0x30
[  173.159262][ T7222]  ? __import_iovec+0x5f2/0x860
[  173.164161][ T7222]  ? import_iovec+0x73/0xa0
[  173.168730][ T7222]  ___sys_sendmsg+0x220/0x290
[  173.173443][ T7222]  ? __sys_sendmsg+0x270/0x270
[  173.178276][ T7222]  ? seqcount_lockdep_reader_access+0x160/0x1c0
[  173.184564][ T7222]  __se_sys_sendmsg+0x1a5/0x270
[  173.189488][ T7222]  ? hrtimer_interrupt+0x7bb/0x9c0
[  173.194623][ T7222]  ? __x64_sys_sendmsg+0x80/0x80
[  173.199615][ T7222]  ? lockdep_hardirqs_on+0x98/0x150
[  173.204843][ T7222]  do_syscall_64+0x55/0xb0
[  173.209281][ T7222]  ? clear_bhb_loop+0x40/0x90
[  173.214000][ T7222]  ? clear_bhb_loop+0x40/0x90
[  173.218699][ T7222]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  173.224627][ T7222] RIP: 0033:0x7f503418ebe9
[  173.229067][ T7222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.248708][ T7222] RSP: 002b:00007f5034f8c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  173.257144][ T7222] RAX: ffffffffffffffda RBX: 00007f50343b5fa0 RCX: 00007f503418ebe9
[  173.265137][ T7222] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000009
[  173.273126][ T7222] RBP: 00007f5034211e19 R08: 0000000000000000 R09: 0000000000000000
[  173.281122][ T7222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  173.289122][ T7222] R13: 00007f50343b6038 R14: 00007f50343b5fa0 R15: 00007ffe01a99138
[  173.297146][ T7222]  </TASK>
[  173.885163][ T7249] netlink: 'syz.1.495': attribute type 3 has an invalid length.
[  173.926051][ T7249] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.495'.
[  174.172409][ T7250] netlink: 'syz.1.495': attribute type 3 has an invalid length.
[  174.180131][ T7250] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.495'.
[  174.784001][ T7272] netlink: 158556 bytes leftover after parsing attributes in process `syz.0.502'.
[  174.829872][ T7272] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô'
[  174.875096][ T7272] CPU: 1 PID: 7272 Comm: syz.0.502 Not tainted 6.6.102-syzkaller #0
[  174.883176][ T7272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  174.893279][ T7272] Call Trace:
[  174.896606][ T7272]  <TASK>
[  174.899587][ T7272]  dump_stack_lvl+0x16c/0x230
[  174.904326][ T7272]  ? show_regs_print_info+0x20/0x20
[  174.909571][ T7272]  ? load_image+0x3b0/0x3b0
[  174.914147][ T7272]  sysfs_warn_dup+0x8e/0xa0
[  174.918803][ T7272]  sysfs_do_create_link_sd+0xc0/0x110
[  174.924245][ T7272]  device_add_class_symlinks+0x1cf/0x240
[  174.929959][ T7272]  device_add+0x507/0xc20
[  174.934354][ T7272]  wiphy_register+0x1e74/0x2c00
[  174.939253][ T7272]  ? cfg80211_event_work+0x40/0x40
[  174.944387][ T7272]  ? minstrel_ht_alloc+0x88a/0x990
[  174.949530][ T7272]  ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0
[  174.955639][ T7272]  ieee80211_register_hw+0x2dc2/0x3ac0
[  174.961152][ T7272]  ? ieee80211_tasklet_handler+0x20/0x20
[  174.966814][ T7272]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  174.972746][ T7272]  ? __debug_object_init+0xe8/0x430
[  174.977970][ T7272]  ? __asan_memset+0x22/0x40
[  174.982586][ T7272]  ? __hrtimer_init+0x186/0x270
[  174.987458][ T7272]  mac80211_hwsim_new_radio+0x2a00/0x4cf0
[  174.993218][ T7272]  ? mac80211_hwsim_free+0x220/0x220
[  174.998549][ T7272]  ? rcu_is_watching+0x15/0xb0
[  175.003437][ T7272]  ? kstrndup+0xbd/0x140
[  175.007732][ T7272]  hwsim_new_radio_nl+0xd78/0x19d0
[  175.012895][ T7272]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  175.019316][ T7272]  ? __nla_parse+0x40/0x50
[  175.023793][ T7272]  ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[  175.030166][ T7272]  genl_family_rcv_msg_doit+0x209/0x2f0
[  175.035753][ T7272]  ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0
[  175.041693][ T7272]  ? bpf_lsm_capable+0x9/0x10
[  175.046398][ T7272]  ? security_capable+0x89/0xb0
[  175.051274][ T7272]  genl_rcv_msg+0x60b/0x790
[  175.055823][ T7272]  ? genl_bind+0x360/0x360
[  175.060292][ T7272]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  175.066682][ T7272]  ? kasan_check_range+0x1bd/0x290
[  175.071841][ T7272]  netlink_rcv_skb+0x216/0x480
[  175.076638][ T7272]  ? genl_bind+0x360/0x360
[  175.081114][ T7272]  ? netlink_ack+0x1110/0x1110
[  175.086040][ T7272]  ? __lock_acquire+0x7c80/0x7c80
[  175.091118][ T7272]  ? down_read+0x1ac/0x2e0
[  175.095574][ T7272]  genl_rcv+0x28/0x40
[  175.099582][ T7272]  netlink_unicast+0x751/0x8d0
[  175.104379][ T7272]  netlink_sendmsg+0x8c1/0xbe0
[  175.109172][ T7272]  ? netlink_getsockopt+0x580/0x580
[  175.114418][ T7272]  ? aa_sock_msg_perm+0x94/0x150
[  175.119381][ T7272]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  175.124682][ T7272]  ? security_socket_sendmsg+0x80/0xa0
[  175.130156][ T7272]  ? netlink_getsockopt+0x580/0x580
[  175.135399][ T7272]  ____sys_sendmsg+0x5bf/0x950
[  175.140201][ T7272]  ? __asan_memset+0x22/0x40
[  175.144817][ T7272]  ? __sys_sendmsg_sock+0x30/0x30
[  175.149871][ T7272]  ? __import_iovec+0x5f2/0x860
[  175.154759][ T7272]  ? import_iovec+0x73/0xa0
[  175.159292][ T7272]  ___sys_sendmsg+0x220/0x290
[  175.164014][ T7272]  ? __sys_sendmsg+0x270/0x270
[  175.168824][ T7272]  ? seqcount_lockdep_reader_access+0x160/0x1c0
[  175.175110][ T7272]  __se_sys_sendmsg+0x1a5/0x270
[  175.180007][ T7272]  ? hrtimer_interrupt+0x7bb/0x9c0
[  175.185138][ T7272]  ? __x64_sys_sendmsg+0x80/0x80
[  175.190110][ T7272]  ? lockdep_hardirqs_on+0x98/0x150
[  175.195337][ T7272]  do_syscall_64+0x55/0xb0
[  175.199773][ T7272]  ? clear_bhb_loop+0x40/0x90
[  175.204463][ T7272]  ? clear_bhb_loop+0x40/0x90
[  175.209158][ T7272]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  175.215165][ T7272] RIP: 0033:0x7f900818ebe9
[  175.219605][ T7272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  175.239351][ T7272] RSP: 002b:00007f9008f83038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  175.247798][ T7272] RAX: ffffffffffffffda RBX: 00007f90083b5fa0 RCX: 00007f900818ebe9
[  175.255784][ T7272] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000009
[  175.263812][ T7272] RBP: 00007f9008211e19 R08: 0000000000000000 R09: 0000000000000000
[  175.271818][ T7272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  175.279954][ T7272] R13: 00007f90083b6038 R14: 00007f90083b5fa0 R15: 00007ffe8cc48fd8
[  175.287976][ T7272]  </TASK>
[  175.454051][ T7285] FAULT_INJECTION: forcing a failure.
[  175.454051][ T7285] name failslab, interval 1, probability 0, space 0, times 0
[  175.481084][ T7285] CPU: 1 PID: 7285 Comm: syz.3.507 Not tainted 6.6.102-syzkaller #0
[  175.489206][ T7285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  175.499347][ T7285] Call Trace:
[  175.502664][ T7285]  <TASK>
[  175.505633][ T7285]  dump_stack_lvl+0x16c/0x230
[  175.510356][ T7285]  ? sctp_sendmsg+0x155c/0x27e0
[  175.515265][ T7285]  ? ___sys_sendmsg+0x220/0x290
[  175.520170][ T7285]  ? show_regs_print_info+0x20/0x20
[  175.525424][ T7285]  ? load_image+0x3b0/0x3b0
[  175.530006][ T7285]  should_fail_ex+0x39d/0x4d0
[  175.534744][ T7285]  should_failslab+0x9/0x20
[  175.539277][ T7285]  slab_pre_alloc_hook+0x59/0x310
[  175.544329][ T7285]  ? sctp_add_bind_addr+0x8c/0x360
[  175.549466][ T7285]  __kmem_cache_alloc_node+0x53/0x260
[  175.554895][ T7285]  ? sctp_add_bind_addr+0x8c/0x360
[  175.560059][ T7285]  kmalloc_trace+0x2a/0xe0
[  175.564512][ T7285]  sctp_add_bind_addr+0x8c/0x360
[  175.569488][ T7285]  sctp_copy_local_addr_list+0x30c/0x4e0
[  175.575152][ T7285]  ? sctp_copy_local_addr_list+0x9c/0x4e0
[  175.580899][ T7285]  ? sctp_do_8_2_transport_strike+0x8b0/0x8b0
[  175.586997][ T7285]  ? sctp_v6_is_any+0x64/0x70
[  175.591704][ T7285]  ? sctp_copy_one_addr+0x8c/0x350
[  175.596847][ T7285]  sctp_bind_addr_copy+0xb3/0x3c0
[  175.601901][ T7285]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  175.608279][ T7285]  sctp_connect_new_asoc+0x2da/0x690
[  175.613612][ T7285]  ? __sctp_connect+0xd20/0xd20
[  175.618494][ T7285]  ? __local_bh_enable_ip+0x12e/0x1c0
[  175.623895][ T7285]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  175.629461][ T7285]  ? security_sctp_bind_connect+0x89/0xb0
[  175.635208][ T7285]  sctp_sendmsg+0x155c/0x27e0
[  175.639921][ T7285]  ? sctp_getsockopt+0xb60/0xb60
[  175.644882][ T7285]  ? perf_trace_lock+0xf7/0x380
[  175.649759][ T7285]  ? aa_sk_perm+0x7fc/0x930
[  175.654302][ T7285]  ? aa_af_perm+0x2b0/0x2b0
[  175.658863][ T7285]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0
[  175.665315][ T7285]  ? sock_rps_record_flow+0x19/0x400
[  175.670620][ T7285]  ? inet_send_prepare+0x260/0x260
[  175.675751][ T7285]  ? inet_sendmsg+0xe9/0x2f0
[  175.680358][ T7285]  ? inet_send_prepare+0x260/0x260
[  175.685517][ T7285]  ____sys_sendmsg+0x5bf/0x950
[  175.690315][ T7285]  ? __asan_memset+0x22/0x40
[  175.694925][ T7285]  ? __sys_sendmsg_sock+0x30/0x30
[  175.699973][ T7285]  ? __import_iovec+0x5f2/0x860
[  175.704873][ T7285]  ? import_iovec+0x73/0xa0
[  175.709403][ T7285]  ___sys_sendmsg+0x220/0x290
[  175.714112][ T7285]  ? __sys_sendmsg+0x270/0x270
[  175.718922][ T7285]  ? __lock_acquire+0x7c80/0x7c80
[  175.723996][ T7285]  __se_sys_sendmsg+0x1a5/0x270
[  175.728879][ T7285]  ? __x64_sys_sendmsg+0x80/0x80
[  175.733862][ T7285]  ? lockdep_hardirqs_on+0x98/0x150
[  175.739117][ T7285]  do_syscall_64+0x55/0xb0
[  175.743552][ T7285]  ? clear_bhb_loop+0x40/0x90
[  175.748248][ T7285]  ? clear_bhb_loop+0x40/0x90
[  175.752945][ T7285]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  175.758894][ T7285] RIP: 0033:0x7fac9578ebe9
[  175.763346][ T7285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  175.782993][ T7285] RSP: 002b:00007fac965f3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  175.791430][ T7285] RAX: ffffffffffffffda RBX: 00007fac959b5fa0 RCX: 00007fac9578ebe9
[  175.799418][ T7285] RDX: 000000002600c055 RSI: 00002000000000c0 RDI: 0000000000000003
[  175.807403][ T7285] RBP: 00007fac965f3090 R08: 0000000000000000 R09: 0000000000000000
[  175.815393][ T7285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  175.823398][ T7285] R13: 00007fac959b6038 R14: 00007fac959b5fa0 R15: 00007ffcd3477e88
[  175.831418][ T7285]  </TASK>
[  176.522441][ T7294] netlink: 14 bytes leftover after parsing attributes in process `syz.1.508'.
[  177.910678][ T7320] netlink: 158556 bytes leftover after parsing attributes in process `syz.0.519'.
[  177.982053][ T7325] netlink: 'syz.3.520': attribute type 4 has an invalid length.
[  178.041137][ T7325] FAULT_INJECTION: forcing a failure.
[  178.041137][ T7325] name failslab, interval 1, probability 0, space 0, times 0
[  178.055327][ T7325] CPU: 1 PID: 7325 Comm: syz.3.520 Not tainted 6.6.102-syzkaller #0
[  178.063380][ T7325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  178.073517][ T7325] Call Trace:
[  178.076844][ T7325]  <TASK>
[  178.079814][ T7325]  dump_stack_lvl+0x16c/0x230
[  178.084558][ T7325]  ? show_regs_print_info+0x20/0x20
[  178.089850][ T7325]  ? load_image+0x3b0/0x3b0
[  178.094438][ T7325]  ? __might_sleep+0xe0/0xe0
[  178.099097][ T7325]  ? __lock_acquire+0x7c80/0x7c80
[  178.104198][ T7325]  should_fail_ex+0x39d/0x4d0
[  178.108954][ T7325]  should_failslab+0x9/0x20
[  178.113531][ T7325]  slab_pre_alloc_hook+0x59/0x310
[  178.118636][ T7325]  kmem_cache_alloc_node+0x60/0x330
[  178.123910][ T7325]  ? __alloc_skb+0x108/0x2c0
[  178.128576][ T7325]  __alloc_skb+0x108/0x2c0
[  178.133072][ T7325]  rtmsg_fib+0xeb/0x4c0
[  178.137307][ T7325]  fib_table_insert+0xd61/0x1b50
[  178.142337][ T7325]  ? fib_trie_table+0x138/0x1c0
[  178.147268][ T7325]  inet_rtm_newroute+0x127/0x200
[  178.152273][ T7325]  ? rcu_read_unlock+0xa0/0xa0
[  178.157222][ T7325]  ? rcu_read_unlock+0xa0/0xa0
[  178.162054][ T7325]  rtnetlink_rcv_msg+0x7c7/0xf10
[  178.167055][ T7325]  ? rtnetlink_rcv_msg+0x1eb/0xf10
[  178.172232][ T7325]  ? rtnetlink_bind+0x80/0x80
[  178.176962][ T7325]  ? perf_tp_event+0x12d7/0x13a0
[  178.181963][ T7325]  ? perf_trace_run_bpf_submit+0x1c0/0x1c0
[  178.187822][ T7325]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  178.193874][ T7325]  ? __dev_queue_xmit+0x245/0x35a0
[  178.199110][ T7325]  ? __dev_queue_xmit+0x245/0x35a0
[  178.204329][ T7325]  ? __dev_queue_xmit+0x1449/0x35a0
[  178.209619][ T7325]  ? perf_trace_run_bpf_submit+0xf4/0x1c0
[  178.215419][ T7325]  ? perf_trace_lock+0x2ed/0x380
[  178.220424][ T7325]  ? __copy_skb_header+0xa7/0x550
[  178.225527][ T7325]  netlink_rcv_skb+0x216/0x480
[  178.230351][ T7325]  ? rtnetlink_bind+0x80/0x80
[  178.235095][ T7325]  ? netlink_ack+0x1110/0x1110
[  178.239944][ T7325]  ? __lock_acquire+0x7c80/0x7c80
[  178.245048][ T7325]  ? netlink_deliver_tap+0x2e/0x1b0
[  178.250321][ T7325]  netlink_unicast+0x751/0x8d0
[  178.255171][ T7325]  netlink_sendmsg+0x8c1/0xbe0
[  178.260015][ T7325]  ? netlink_getsockopt+0x580/0x580
[  178.265291][ T7325]  ? aa_sock_msg_perm+0x94/0x150
[  178.270285][ T7325]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  178.275626][ T7325]  ? security_socket_sendmsg+0x80/0xa0
[  178.281163][ T7325]  ? netlink_getsockopt+0x580/0x580
[  178.286432][ T7325]  ____sys_sendmsg+0x5bf/0x950
[  178.291272][ T7325]  ? __asan_memset+0x22/0x40
[  178.296023][ T7325]  ? __sys_sendmsg_sock+0x30/0x30
[  178.301110][ T7325]  ? __import_iovec+0x5f2/0x860
[  178.306059][ T7325]  ? import_iovec+0x73/0xa0
[  178.310648][ T7325]  ___sys_sendmsg+0x220/0x290
[  178.315401][ T7325]  ? __sys_sendmsg+0x270/0x270
[  178.320371][ T7325]  ? __lock_acquire+0x7c80/0x7c80
[  178.325508][ T7325]  __se_sys_sendmsg+0x1a5/0x270
[  178.330447][ T7325]  ? __x64_sys_sendmsg+0x80/0x80
[  178.335502][ T7325]  ? lockdep_hardirqs_on+0x98/0x150
[  178.340793][ T7325]  do_syscall_64+0x55/0xb0
[  178.345281][ T7325]  ? clear_bhb_loop+0x40/0x90
[  178.350014][ T7325]  ? clear_bhb_loop+0x40/0x90
[  178.354764][ T7325]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  178.360775][ T7325] RIP: 0033:0x7fac9578ebe9
[  178.365284][ T7325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  178.384957][ T7325] RSP: 002b:00007fac965f3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  178.393531][ T7325] RAX: ffffffffffffffda RBX: 00007fac959b5fa0 RCX: 00007fac9578ebe9
[  178.401565][ T7325] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[  178.409607][ T7325] RBP: 00007fac965f3090 R08: 0000000000000000 R09: 0000000000000000
[  178.417647][ T7325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  178.425676][ T7325] R13: 00007fac959b6038 R14: 00007fac959b5fa0 R15: 00007ffcd3477e88
[  178.433747][ T7325]  </TASK>
[  178.544343][ T7320] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô'
[  178.572063][ T7320] CPU: 1 PID: 7320 Comm: syz.0.519 Not tainted 6.6.102-syzkaller #0
[  178.580149][ T7320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  178.590344][ T7320] Call Trace:
[  178.593667][ T7320]  <TASK>
[  178.596631][ T7320]  dump_stack_lvl+0x16c/0x230
[  178.601363][ T7320]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  178.607712][ T7320]  ? show_regs_print_info+0x20/0x20
[  178.612971][ T7320]  ? load_image+0x3b0/0x3b0
[  178.617548][ T7320]  ? sysfs_warn_dup+0x65/0xa0
[  178.622292][ T7320]  sysfs_warn_dup+0x8e/0xa0
[  178.626861][ T7320]  sysfs_do_create_link_sd+0xc0/0x110
[  178.632394][ T7320]  device_add_class_symlinks+0x1cf/0x240
[  178.638076][ T7320]  device_add+0x507/0xc20
[  178.642455][ T7320]  wiphy_register+0x1e74/0x2c00
[  178.647362][ T7320]  ? cfg80211_event_work+0x40/0x40
[  178.652503][ T7320]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  178.658700][ T7320]  ieee80211_register_hw+0x2dc2/0x3ac0
[  178.664227][ T7320]  ? ieee80211_tasklet_handler+0x20/0x20
[  178.669901][ T7320]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  178.675849][ T7320]  ? __debug_object_init+0xe8/0x430
[  178.681095][ T7320]  ? __asan_memset+0x22/0x40
[  178.685733][ T7320]  ? __hrtimer_init+0x186/0x270
[  178.690608][ T7320]  mac80211_hwsim_new_radio+0x2a00/0x4cf0
[  178.696377][ T7320]  ? mac80211_hwsim_free+0x220/0x220
[  178.701772][ T7320]  ? rcu_is_watching+0x15/0xb0
[  178.706594][ T7320]  ? kstrndup+0xbd/0x140
[  178.710871][ T7320]  hwsim_new_radio_nl+0xd78/0x19d0
[  178.716009][ T7320]  ? mark_lock+0x94/0x320
[  178.720374][ T7320]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  178.726727][ T7320]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  178.732912][ T7320]  ? lockdep_hardirqs_on+0x98/0x150
[  178.738142][ T7320]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  178.744354][ T7320]  genl_family_rcv_msg_doit+0x209/0x2f0
[  178.749950][ T7320]  ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0
[  178.755882][ T7320]  ? bpf_lsm_capable+0x9/0x10
[  178.760587][ T7320]  ? security_capable+0x89/0xb0
[  178.765500][ T7320]  genl_rcv_msg+0x60b/0x790
[  178.770040][ T7320]  ? genl_bind+0x360/0x360
[  178.774477][ T7320]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  178.780914][ T7320]  ? perf_trace_lock+0xf7/0x380
[  178.785816][ T7320]  netlink_rcv_skb+0x216/0x480
[  178.790637][ T7320]  ? genl_bind+0x360/0x360
[  178.795077][ T7320]  ? netlink_ack+0x1110/0x1110
[  178.799902][ T7320]  ? __lock_acquire+0x7c80/0x7c80
[  178.804958][ T7320]  ? down_read+0x1ac/0x2e0
[  178.809406][ T7320]  genl_rcv+0x28/0x40
[  178.813411][ T7320]  netlink_unicast+0x751/0x8d0
[  178.818206][ T7320]  netlink_sendmsg+0x8c1/0xbe0
[  178.822990][ T7320]  ? lockdep_hardirqs_on+0x98/0x150
[  178.828220][ T7320]  ? netlink_getsockopt+0x580/0x580
[  178.833447][ T7320]  ? bpf_lsm_socket_accept+0x10/0x10
[  178.838760][ T7320]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  178.844072][ T7320]  ? security_socket_sendmsg+0x80/0xa0
[  178.849559][ T7320]  ? netlink_getsockopt+0x580/0x580
[  178.854787][ T7320]  ____sys_sendmsg+0x5bf/0x950
[  178.859593][ T7320]  ? __asan_memset+0x22/0x40
[  178.864206][ T7320]  ? __sys_sendmsg_sock+0x30/0x30
[  178.869254][ T7320]  ? __import_iovec+0x5f2/0x860
[  178.874143][ T7320]  ? import_iovec+0x73/0xa0
[  178.878674][ T7320]  ___sys_sendmsg+0x220/0x290
[  178.883408][ T7320]  ? __sys_sendmsg+0x270/0x270
[  178.888247][ T7320]  __se_sys_sendmsg+0x1a5/0x270
[  178.893124][ T7320]  ? __x64_sys_sendmsg+0x80/0x80
[  178.898112][ T7320]  do_syscall_64+0x55/0xb0
[  178.902558][ T7320]  ? clear_bhb_loop+0x40/0x90
[  178.907250][ T7320]  ? clear_bhb_loop+0x40/0x90
[  178.911943][ T7320]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  178.917858][ T7320] RIP: 0033:0x7f900818ebe9
[  178.922294][ T7320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  178.941921][ T7320] RSP: 002b:00007f9008f83038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  178.950358][ T7320] RAX: ffffffffffffffda RBX: 00007f90083b5fa0 RCX: 00007f900818ebe9
[  178.958349][ T7320] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000009
[  178.966342][ T7320] RBP: 00007f9008211e19 R08: 0000000000000000 R09: 0000000000000000
[  178.974327][ T7320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  178.982317][ T7320] R13: 00007f90083b6038 R14: 00007f90083b5fa0 R15: 00007ffe8cc48fd8
[  178.990499][ T7320]  </TASK>
[  179.535385][ T7342] netlink: 'syz.1.525': attribute type 2 has an invalid length.
[  179.564652][ T7342] netlink: 17267 bytes leftover after parsing attributes in process `syz.1.525'.
[  180.183936][ T7351] netlink: 'syz.3.529': attribute type 4 has an invalid length.
[  181.333424][ T7367] netlink: 158556 bytes leftover after parsing attributes in process `syz.0.534'.
[  181.394749][ T7367] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô'
[  181.424897][ T7367] CPU: 1 PID: 7367 Comm: syz.0.534 Not tainted 6.6.102-syzkaller #0
[  181.432974][ T7367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  181.443077][ T7367] Call Trace:
[  181.446379][ T7367]  <TASK>
[  181.449333][ T7367]  dump_stack_lvl+0x16c/0x230
[  181.454051][ T7367]  ? show_regs_print_info+0x20/0x20
[  181.459291][ T7367]  ? load_image+0x3b0/0x3b0
[  181.463852][ T7367]  sysfs_warn_dup+0x8e/0xa0
[  181.468396][ T7367]  sysfs_do_create_link_sd+0xc0/0x110
[  181.473810][ T7367]  device_add_class_symlinks+0x1cf/0x240
[  181.479480][ T7367]  device_add+0x507/0xc20
[  181.483853][ T7367]  wiphy_register+0x1e74/0x2c00
[  181.488762][ T7367]  ? cfg80211_event_work+0x40/0x40
[  181.493907][ T7367]  ? minstrel_ht_alloc+0x88a/0x990
[  181.499046][ T7367]  ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0
[  181.505166][ T7367]  ieee80211_register_hw+0x2dc2/0x3ac0
[  181.510671][ T7367]  ? ieee80211_tasklet_handler+0x20/0x20
[  181.516330][ T7367]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  181.522254][ T7367]  ? __debug_object_init+0xe8/0x430
[  181.527485][ T7367]  ? __asan_memset+0x22/0x40
[  181.532101][ T7367]  ? __hrtimer_init+0x186/0x270
[  181.536973][ T7367]  mac80211_hwsim_new_radio+0x2a00/0x4cf0
[  181.542735][ T7367]  ? mac80211_hwsim_free+0x220/0x220
[  181.548037][ T7367]  ? rcu_is_watching+0x15/0xb0
[  181.552829][ T7367]  ? kstrndup+0xbd/0x140
[  181.557104][ T7367]  hwsim_new_radio_nl+0xd78/0x19d0
[  181.562255][ T7367]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  181.568617][ T7367]  ? __nla_parse+0x40/0x50
[  181.573100][ T7367]  ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[  181.579481][ T7367]  genl_family_rcv_msg_doit+0x209/0x2f0
[  181.585152][ T7367]  ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0
[  181.591084][ T7367]  ? bpf_lsm_capable+0x9/0x10
[  181.595782][ T7367]  ? security_capable+0x89/0xb0
[  181.600665][ T7367]  genl_rcv_msg+0x60b/0x790
[  181.605212][ T7367]  ? genl_bind+0x360/0x360
[  181.609658][ T7367]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  181.616015][ T7367]  ? perf_trace_lock+0xf7/0x380
[  181.620908][ T7367]  netlink_rcv_skb+0x216/0x480
[  181.625705][ T7367]  ? genl_bind+0x360/0x360
[  181.630232][ T7367]  ? netlink_ack+0x1110/0x1110
[  181.635036][ T7367]  ? __lock_acquire+0x7c80/0x7c80
[  181.640091][ T7367]  ? down_read+0x1ac/0x2e0
[  181.644568][ T7367]  genl_rcv+0x28/0x40
[  181.648583][ T7367]  netlink_unicast+0x751/0x8d0
[  181.653383][ T7367]  netlink_sendmsg+0x8c1/0xbe0
[  181.658270][ T7367]  ? netlink_getsockopt+0x580/0x580
[  181.663509][ T7367]  ? aa_sock_msg_perm+0x94/0x150
[  181.668560][ T7367]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  181.673867][ T7367]  ? security_socket_sendmsg+0x80/0xa0
[  181.679347][ T7367]  ? netlink_getsockopt+0x580/0x580
[  181.684576][ T7367]  ____sys_sendmsg+0x5bf/0x950
[  181.689376][ T7367]  ? __asan_memset+0x22/0x40
[  181.693989][ T7367]  ? __sys_sendmsg_sock+0x30/0x30
[  181.699035][ T7367]  ? __import_iovec+0x5f2/0x860
[  181.703920][ T7367]  ? import_iovec+0x73/0xa0
[  181.708456][ T7367]  ___sys_sendmsg+0x220/0x290
[  181.713166][ T7367]  ? __sys_sendmsg+0x270/0x270
[  181.718012][ T7367]  __se_sys_sendmsg+0x1a5/0x270
[  181.722888][ T7367]  ? __x64_sys_sendmsg+0x80/0x80
[  181.727879][ T7367]  ? lockdep_hardirqs_on+0x98/0x150
[  181.733114][ T7367]  do_syscall_64+0x55/0xb0
[  181.737554][ T7367]  ? clear_bhb_loop+0x40/0x90
[  181.742260][ T7367]  ? clear_bhb_loop+0x40/0x90
[  181.746963][ T7367]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  181.752892][ T7367] RIP: 0033:0x7f900818ebe9
[  181.757326][ T7367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  181.776953][ T7367] RSP: 002b:00007f9008f62038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  181.785394][ T7367] RAX: ffffffffffffffda RBX: 00007f90083b6090 RCX: 00007f900818ebe9
[  181.793384][ T7367] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007
[  181.801484][ T7367] RBP: 00007f9008211e19 R08: 0000000000000000 R09: 0000000000000000
[  181.809471][ T7367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  181.817467][ T7367] R13: 00007f90083b6128 R14: 00007f90083b6090 R15: 00007ffe8cc48fd8
[  181.825485][ T7367]  </TASK>
[  182.890194][ T7396] netlink: 'syz.3.543': attribute type 4 has an invalid length.
[  182.939609][ T7396] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.543'.
[  182.953919][ T7398] FAULT_INJECTION: forcing a failure.
[  182.953919][ T7398] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  183.018034][ T7398] CPU: 1 PID: 7398 Comm: syz.2.546 Not tainted 6.6.102-syzkaller #0
[  183.026107][ T7398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  183.036209][ T7398] Call Trace:
[  183.039533][ T7398]  <TASK>
[  183.042553][ T7398]  dump_stack_lvl+0x16c/0x230
[  183.047322][ T7398]  ? show_regs_print_info+0x20/0x20
[  183.052588][ T7398]  ? load_image+0x3b0/0x3b0
[  183.057152][ T7398]  ? __lock_acquire+0x7c80/0x7c80
[  183.062227][ T7398]  should_fail_ex+0x39d/0x4d0
[  183.066948][ T7398]  strncpy_from_user+0x36/0x2e0
[  183.071825][ T7398]  bpf_raw_tp_link_attach+0x1cf/0x560
[  183.077221][ T7398]  ? bpf_insn_prepare_dump+0x840/0x840
[  183.082732][ T7398]  bpf_raw_tracepoint_open+0x197/0x210
[  183.088232][ T7398]  __sys_bpf+0x364/0x800
[  183.092508][ T7398]  ? bpf_link_show_fdinfo+0x350/0x350
[  183.097918][ T7398]  ? lock_chain_count+0x20/0x20
[  183.102796][ T7398]  __x64_sys_bpf+0x7c/0x90
[  183.107232][ T7398]  do_syscall_64+0x55/0xb0
[  183.111682][ T7398]  ? clear_bhb_loop+0x40/0x90
[  183.116375][ T7398]  ? clear_bhb_loop+0x40/0x90
[  183.121108][ T7398]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  183.127032][ T7398] RIP: 0033:0x7f35b838ebe9
[  183.131463][ T7398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  183.151096][ T7398] RSP: 002b:00007f35b65f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  183.159549][ T7398] RAX: ffffffffffffffda RBX: 00007f35b85b5fa0 RCX: 00007f35b838ebe9
[  183.167539][ T7398] RDX: 0000000000000018 RSI: 0000200000000300 RDI: 0000000000000011
[  183.175547][ T7398] RBP: 00007f35b65f6090 R08: 0000000000000000 R09: 0000000000000000
[  183.183532][ T7398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  183.191516][ T7398] R13: 00007f35b85b6038 R14: 00007f35b85b5fa0 R15: 00007ffd49fba6d8
[  183.199560][ T7398]  </TASK>
[  183.433219][ T7407] netlink: 'syz.0.548': attribute type 3 has an invalid length.
[  183.452121][ T7407] netlink: 'syz.0.548': attribute type 1 has an invalid length.
[  183.471262][ T7407] netlink: 60387 bytes leftover after parsing attributes in process `syz.0.548'.
[  183.647286][ T7412] netlink: 184 bytes leftover after parsing attributes in process `syz.2.550'.
[  183.781281][ T7410] netlink: 158556 bytes leftover after parsing attributes in process `syz.3.549'.
[  183.927917][ T7410] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô'
[  183.956543][ T7410] CPU: 0 PID: 7410 Comm: syz.3.549 Not tainted 6.6.102-syzkaller #0
[  183.964626][ T7410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  183.974737][ T7410] Call Trace:
[  183.978070][ T7410]  <TASK>
[  183.981050][ T7410]  dump_stack_lvl+0x16c/0x230
[  183.985842][ T7410]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  183.992102][ T7410]  ? show_regs_print_info+0x20/0x20
[  183.997368][ T7410]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  184.003611][ T7410]  sysfs_warn_dup+0x8e/0xa0
[  184.008182][ T7410]  sysfs_do_create_link_sd+0xc0/0x110
[  184.013625][ T7410]  device_add_class_symlinks+0x1cf/0x240
[  184.019339][ T7410]  device_add+0x507/0xc20
[  184.023741][ T7410]  wiphy_register+0x1e74/0x2c00
[  184.028683][ T7410]  ? cfg80211_event_work+0x40/0x40
[  184.033944][ T7410]  ? minstrel_ht_alloc+0x88a/0x990
[  184.039132][ T7410]  ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0
[  184.045280][ T7410]  ieee80211_register_hw+0x2dc2/0x3ac0
[  184.050846][ T7410]  ? ieee80211_tasklet_handler+0x20/0x20
[  184.056566][ T7410]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  184.062524][ T7410]  ? __debug_object_init+0xe8/0x430
[  184.067770][ T7410]  ? __asan_memset+0x22/0x40
[  184.072395][ T7410]  ? __hrtimer_init+0x186/0x270
[  184.077287][ T7410]  mac80211_hwsim_new_radio+0x2a00/0x4cf0
[  184.083075][ T7410]  ? mac80211_hwsim_free+0x220/0x220
[  184.088401][ T7410]  hwsim_new_radio_nl+0xd78/0x19d0
[  184.093561][ T7410]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  184.099961][ T7410]  ? __nla_parse+0x40/0x50
[  184.104429][ T7410]  ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[  184.110851][ T7410]  genl_family_rcv_msg_doit+0x209/0x2f0
[  184.116451][ T7410]  ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0
[  184.122387][ T7410]  ? bpf_lsm_capable+0x9/0x10
[  184.127096][ T7410]  ? security_capable+0x89/0xb0
[  184.131979][ T7410]  genl_rcv_msg+0x60b/0x790
[  184.136605][ T7410]  ? genl_bind+0x360/0x360
[  184.141047][ T7410]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  184.147094][ T7410]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  184.153470][ T7410]  ? ref_tracker_free+0x634/0x7d0
[  184.158615][ T7410]  netlink_rcv_skb+0x216/0x480
[  184.163408][ T7410]  ? genl_bind+0x360/0x360
[  184.167878][ T7410]  ? netlink_ack+0x1110/0x1110
[  184.172694][ T7410]  ? __lock_acquire+0x7c80/0x7c80
[  184.177752][ T7410]  ? down_read+0x1ac/0x2e0
[  184.182195][ T7410]  genl_rcv+0x28/0x40
[  184.186212][ T7410]  netlink_unicast+0x751/0x8d0
[  184.191088][ T7410]  netlink_sendmsg+0x8c1/0xbe0
[  184.195890][ T7410]  ? netlink_getsockopt+0x580/0x580
[  184.201122][ T7410]  ? audit_tree_destroy_watch+0x20/0x20
[  184.206726][ T7410]  ? aa_sock_msg_perm+0x94/0x150
[  184.211714][ T7410]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  184.217044][ T7410]  ? security_socket_sendmsg+0x80/0xa0
[  184.222537][ T7410]  ? netlink_getsockopt+0x580/0x580
[  184.227764][ T7410]  ____sys_sendmsg+0x5bf/0x950
[  184.232566][ T7410]  ? __asan_memset+0x22/0x40
[  184.237186][ T7410]  ? __sys_sendmsg_sock+0x30/0x30
[  184.242254][ T7410]  ? __import_iovec+0x5f2/0x860
[  184.247165][ T7410]  ? import_iovec+0x73/0xa0
[  184.251706][ T7410]  ___sys_sendmsg+0x220/0x290
[  184.256417][ T7410]  ? __sys_sendmsg+0x270/0x270
[  184.261407][ T7410]  ? seqcount_lockdep_reader_access+0x160/0x1c0
[  184.267718][ T7410]  __se_sys_sendmsg+0x1a5/0x270
[  184.272612][ T7410]  ? hrtimer_interrupt+0x7bb/0x9c0
[  184.277754][ T7410]  ? __x64_sys_sendmsg+0x80/0x80
[  184.282734][ T7410]  ? lockdep_hardirqs_on+0x98/0x150
[  184.287966][ T7410]  do_syscall_64+0x55/0xb0
[  184.292407][ T7410]  ? clear_bhb_loop+0x40/0x90
[  184.297110][ T7410]  ? clear_bhb_loop+0x40/0x90
[  184.301809][ T7410]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  184.307734][ T7410] RIP: 0033:0x7fac9578ebe9
[  184.312171][ T7410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  184.331796][ T7410] RSP: 002b:00007fac965f3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  184.340229][ T7410] RAX: ffffffffffffffda RBX: 00007fac959b5fa0 RCX: 00007fac9578ebe9
[  184.348222][ T7410] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[  184.356244][ T7410] RBP: 00007fac95811e19 R08: 0000000000000000 R09: 0000000000000000
[  184.364269][ T7410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  184.372276][ T7410] R13: 00007fac959b6038 R14: 00007fac959b5fa0 R15: 00007ffcd3477e88
[  184.380297][ T7410]  </TASK>
[  185.539340][ T7454] netlink: 158556 bytes leftover after parsing attributes in process `syz.2.566'.
[  185.588101][ T7454] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô'
[  185.596810][ T7454] CPU: 1 PID: 7454 Comm: syz.2.566 Not tainted 6.6.102-syzkaller #0
[  185.604860][ T7454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  185.615062][ T7454] Call Trace:
[  185.618481][ T7454]  <TASK>
[  185.621456][ T7454]  dump_stack_lvl+0x16c/0x230
[  185.626197][ T7454]  ? show_regs_print_info+0x20/0x20
[  185.631453][ T7454]  ? load_image+0x3b0/0x3b0
[  185.636045][ T7454]  sysfs_warn_dup+0x8e/0xa0
[  185.640612][ T7454]  sysfs_do_create_link_sd+0xc0/0x110
[  185.646054][ T7454]  device_add_class_symlinks+0x1cf/0x240
[  185.651768][ T7454]  device_add+0x507/0xc20
[  185.656175][ T7454]  wiphy_register+0x1e74/0x2c00
[  185.661119][ T7454]  ? cfg80211_event_work+0x40/0x40
[  185.666292][ T7454]  ? minstrel_ht_alloc+0x88a/0x990
[  185.671467][ T7454]  ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0
[  185.677612][ T7454]  ieee80211_register_hw+0x2dc2/0x3ac0
[  185.683179][ T7454]  ? ieee80211_tasklet_handler+0x20/0x20
[  185.688920][ T7454]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  185.694888][ T7454]  ? __debug_object_init+0xe8/0x430
[  185.700163][ T7454]  ? __asan_memset+0x22/0x40
[  185.704823][ T7454]  ? __hrtimer_init+0x186/0x270
[  185.709722][ T7454]  mac80211_hwsim_new_radio+0x2a00/0x4cf0
[  185.715513][ T7454]  ? mac80211_hwsim_free+0x220/0x220
[  185.720848][ T7454]  ? rcu_is_watching+0x15/0xb0
[  185.725649][ T7454]  ? kstrndup+0xbd/0x140
[  185.729928][ T7454]  hwsim_new_radio_nl+0xd78/0x19d0
[  185.735066][ T7454]  ? mark_lock+0x94/0x320
[  185.739423][ T7454]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  185.745773][ T7454]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  185.751958][ T7454]  ? lockdep_hardirqs_on+0x98/0x150
[  185.757185][ T7454]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  185.763553][ T7454]  genl_family_rcv_msg_doit+0x209/0x2f0
[  185.769141][ T7454]  ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0
[  185.775078][ T7454]  ? bpf_lsm_capable+0x9/0x10
[  185.779785][ T7454]  ? security_capable+0x89/0xb0
[  185.784663][ T7454]  genl_rcv_msg+0x60b/0x790
[  185.789201][ T7454]  ? genl_bind+0x360/0x360
[  185.793643][ T7454]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  185.799991][ T7454]  ? lockdep_hardirqs_on+0x98/0x150
[  185.805306][ T7454]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  185.811501][ T7454]  netlink_rcv_skb+0x216/0x480
[  185.816299][ T7454]  ? genl_bind+0x360/0x360
[  185.820762][ T7454]  ? netlink_ack+0x1110/0x1110
[  185.825557][ T7454]  ? __lock_acquire+0x7c80/0x7c80
[  185.830612][ T7454]  ? down_read+0x1ac/0x2e0
[  185.835054][ T7454]  genl_rcv+0x28/0x40
[  185.839058][ T7454]  netlink_unicast+0x751/0x8d0
[  185.843870][ T7454]  netlink_sendmsg+0x8c1/0xbe0
[  185.848666][ T7454]  ? netlink_getsockopt+0x580/0x580
[  185.853907][ T7454]  ? aa_sock_msg_perm+0x94/0x150
[  185.858894][ T7454]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  185.864218][ T7454]  ? security_socket_sendmsg+0x80/0xa0
[  185.869706][ T7454]  ? netlink_getsockopt+0x580/0x580
[  185.874928][ T7454]  ____sys_sendmsg+0x5bf/0x950
[  185.879725][ T7454]  ? __asan_memset+0x22/0x40
[  185.884342][ T7454]  ? __sys_sendmsg_sock+0x30/0x30
[  185.889391][ T7454]  ? __import_iovec+0x5f2/0x860
[  185.894276][ T7454]  ? import_iovec+0x73/0xa0
[  185.898808][ T7454]  ___sys_sendmsg+0x220/0x290
[  185.903527][ T7454]  ? __sys_sendmsg+0x270/0x270
[  185.908346][ T7454]  ? seqcount_lockdep_reader_access+0x160/0x1c0
[  185.914637][ T7454]  __se_sys_sendmsg+0x1a5/0x270
[  185.919511][ T7454]  ? hrtimer_interrupt+0x7bb/0x9c0
[  185.924645][ T7454]  ? __x64_sys_sendmsg+0x80/0x80
[  185.929622][ T7454]  ? lockdep_hardirqs_on+0x98/0x150
[  185.934862][ T7454]  do_syscall_64+0x55/0xb0
[  185.939305][ T7454]  ? clear_bhb_loop+0x40/0x90
[  185.944104][ T7454]  ? clear_bhb_loop+0x40/0x90
[  185.948804][ T7454]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  185.954737][ T7454] RIP: 0033:0x7f35b838ebe9
[  185.959177][ T7454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  185.978804][ T7454] RSP: 002b:00007f35b65f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  185.987251][ T7454] RAX: ffffffffffffffda RBX: 00007f35b85b5fa0 RCX: 00007f35b838ebe9
[  185.995237][ T7454] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[  186.003223][ T7454] RBP: 00007f35b8411e19 R08: 0000000000000000 R09: 0000000000000000
[  186.011217][ T7454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  186.019208][ T7454] R13: 00007f35b85b6038 R14: 00007f35b85b5fa0 R15: 00007ffd49fba6d8
[  186.027213][ T7454]  </TASK>
[  186.527383][ T7472] 
€Â0: renamed from pim6reg1
[  187.442064][ T7492] netlink: 158556 bytes leftover after parsing attributes in process `syz.3.581'.
[  187.524833][ T7492] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô'
[  187.541601][ T7492] CPU: 0 PID: 7492 Comm: syz.3.581 Not tainted 6.6.102-syzkaller #0
[  187.549684][ T7492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  187.559892][ T7492] Call Trace:
[  187.563214][ T7492]  <TASK>
[  187.566183][ T7492]  dump_stack_lvl+0x16c/0x230
[  187.570921][ T7492]  ? show_regs_print_info+0x20/0x20
[  187.576175][ T7492]  ? load_image+0x3b0/0x3b0
[  187.580751][ T7492]  sysfs_warn_dup+0x8e/0xa0
[  187.585311][ T7492]  sysfs_do_create_link_sd+0xc0/0x110
[  187.591322][ T7492]  device_add_class_symlinks+0x1cf/0x240
[  187.597031][ T7492]  device_add+0x507/0xc20
[  187.601431][ T7492]  wiphy_register+0x1e74/0x2c00
[  187.606364][ T7492]  ? cfg80211_event_work+0x40/0x40
[  187.611536][ T7492]  ? minstrel_ht_alloc+0x88a/0x990
[  187.616717][ T7492]  ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0
[  187.622863][ T7492]  ieee80211_register_hw+0x2dc2/0x3ac0
[  187.628414][ T7492]  ? ieee80211_tasklet_handler+0x20/0x20
[  187.634114][ T7492]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  187.640076][ T7492]  ? __debug_object_init+0xe8/0x430
[  187.645346][ T7492]  ? __asan_memset+0x22/0x40
[  187.650005][ T7492]  ? __hrtimer_init+0x186/0x270
[  187.655003][ T7492]  mac80211_hwsim_new_radio+0x2a00/0x4cf0
[  187.660807][ T7492]  ? mac80211_hwsim_free+0x220/0x220
[  187.666147][ T7492]  ? rcu_is_watching+0x15/0xb0
[  187.670974][ T7492]  ? kstrndup+0xbd/0x140
[  187.675284][ T7492]  hwsim_new_radio_nl+0xd78/0x19d0
[  187.680475][ T7492]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  187.686882][ T7492]  ? __nla_parse+0x40/0x50
[  187.691363][ T7492]  ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[  187.697763][ T7492]  genl_family_rcv_msg_doit+0x209/0x2f0
[  187.703380][ T7492]  ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0
[  187.709340][ T7492]  ? bpf_lsm_capable+0x9/0x10
[  187.714081][ T7492]  ? security_capable+0x89/0xb0
[  187.719006][ T7492]  genl_rcv_msg+0x60b/0x790
[  187.723583][ T7492]  ? genl_bind+0x360/0x360
[  187.728099][ T7492]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  187.734485][ T7492]  ? perf_trace_lock+0xf7/0x380
[  187.739422][ T7492]  netlink_rcv_skb+0x216/0x480
[  187.744332][ T7492]  ? genl_bind+0x360/0x360
[  187.748814][ T7492]  ? netlink_ack+0x1110/0x1110
[  187.753659][ T7492]  ? __lock_acquire+0x7c80/0x7c80
[  187.758748][ T7492]  ? down_read+0x1ac/0x2e0
[  187.763230][ T7492]  genl_rcv+0x28/0x40
[  187.767273][ T7492]  netlink_unicast+0x751/0x8d0
[  187.772106][ T7492]  netlink_sendmsg+0x8c1/0xbe0
[  187.776930][ T7492]  ? netlink_getsockopt+0x580/0x580
[  187.782192][ T7492]  ? aa_sock_msg_perm+0x94/0x150
[  187.787190][ T7492]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  187.792537][ T7492]  ? security_socket_sendmsg+0x80/0xa0
[  187.798051][ T7492]  ? netlink_getsockopt+0x580/0x580
[  187.803308][ T7492]  ____sys_sendmsg+0x5bf/0x950
[  187.808155][ T7492]  ? __asan_memset+0x22/0x40
[  187.812811][ T7492]  ? __sys_sendmsg_sock+0x30/0x30
[  187.817917][ T7492]  ? __import_iovec+0x5f2/0x860
[  187.822844][ T7492]  ? import_iovec+0x73/0xa0
[  187.827422][ T7492]  ___sys_sendmsg+0x220/0x290
[  187.832142][ T7492]  ? __sys_sendmsg+0x270/0x270
[  187.837030][ T7492]  __se_sys_sendmsg+0x1a5/0x270
[  187.841926][ T7492]  ? __x64_sys_sendmsg+0x80/0x80
[  187.846949][ T7492]  ? lockdep_hardirqs_on+0x98/0x150
[  187.852217][ T7492]  do_syscall_64+0x55/0xb0
[  187.856685][ T7492]  ? clear_bhb_loop+0x40/0x90
[  187.861392][ T7492]  ? clear_bhb_loop+0x40/0x90
[  187.866107][ T7492]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  187.872130][ T7492] RIP: 0033:0x7fac9578ebe9
[  187.876595][ T7492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  187.896249][ T7492] RSP: 002b:00007fac965d2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  187.904785][ T7492] RAX: ffffffffffffffda RBX: 00007fac959b6090 RCX: 00007fac9578ebe9
[  187.912800][ T7492] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[  187.920809][ T7492] RBP: 00007fac95811e19 R08: 0000000000000000 R09: 0000000000000000
[  187.928796][ T7492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  187.936788][ T7492] R13: 00007fac959b6128 R14: 00007fac959b6090 R15: 00007ffcd3477e88
[  187.944811][ T7492]  </TASK>
[  188.267266][ T7505] netlink: 'syz.1.586': attribute type 13 has an invalid length.
[  188.292212][ T7505] netlink: 24859 bytes leftover after parsing attributes in process `syz.1.586'.
[  188.691135][ T7515] netlink: 'syz.2.590': attribute type 2 has an invalid length.
[  188.698890][ T7515] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.590'.
[  188.727228][ T7519] FAULT_INJECTION: forcing a failure.
[  188.727228][ T7519] name failslab, interval 1, probability 0, space 0, times 0
[  188.745862][ T7520] netlink: 'syz.2.590': attribute type 25 has an invalid length.
[  188.766466][ T7519] CPU: 0 PID: 7519 Comm: syz.3.591 Not tainted 6.6.102-syzkaller #0
[  188.774543][ T7519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  188.784659][ T7519] Call Trace:
[  188.787978][ T7519]  <TASK>
[  188.790944][ T7519]  dump_stack_lvl+0x16c/0x230
[  188.795676][ T7519]  ? show_regs_print_info+0x20/0x20
[  188.800924][ T7519]  ? load_image+0x3b0/0x3b0
[  188.805486][ T7519]  ? __lock_acquire+0x7c80/0x7c80
[  188.810568][ T7519]  should_fail_ex+0x39d/0x4d0
[  188.815314][ T7519]  should_failslab+0x9/0x20
[  188.819864][ T7519]  slab_pre_alloc_hook+0x59/0x310
[  188.824936][ T7519]  ? __lock_acquire+0x7c80/0x7c80
[  188.830019][ T7519]  kmem_cache_alloc+0x5a/0x2e0
[  188.834834][ T7519]  ? security_file_alloc+0x34/0x120
[  188.840091][ T7519]  security_file_alloc+0x34/0x120
[  188.845181][ T7519]  init_file+0x94/0x1f0
[  188.849392][ T7519]  alloc_empty_file+0xb7/0x1d0
[  188.854210][ T7519]  alloc_file+0x5c/0x600
[  188.858524][ T7519]  alloc_file_pseudo+0x17e/0x200
[  188.863541][ T7519]  ? alloc_empty_backing_file+0xe0/0xe0
[  188.869149][ T7519]  ? _raw_spin_unlock+0x28/0x40
[  188.874070][ T7519]  anon_inode_getfd+0xca/0x1c0
[  188.878902][ T7519]  map_create+0xdb1/0x1110
[  188.883362][ T7519]  ? security_bpf+0x7e/0xa0
[  188.887911][ T7519]  __sys_bpf+0x5f0/0x800
[  188.892198][ T7519]  ? bpf_link_show_fdinfo+0x350/0x350
[  188.897626][ T7519]  ? lock_chain_count+0x20/0x20
[  188.902550][ T7519]  __x64_sys_bpf+0x7c/0x90
[  188.907003][ T7519]  do_syscall_64+0x55/0xb0
[  188.911461][ T7519]  ? clear_bhb_loop+0x40/0x90
[  188.916171][ T7519]  ? clear_bhb_loop+0x40/0x90
[  188.920887][ T7519]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  188.926842][ T7519] RIP: 0033:0x7fac9578ebe9
[  188.931312][ T7519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  188.950968][ T7519] RSP: 002b:00007fac965f3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  188.959427][ T7519] RAX: ffffffffffffffda RBX: 00007fac959b5fa0 RCX: 00007fac9578ebe9
[  188.967438][ T7519] RDX: 0000000000000048 RSI: 0000200000000180 RDI: 0000000000000000
[  188.975451][ T7519] RBP: 00007fac965f3090 R08: 0000000000000000 R09: 0000000000000000
[  188.983461][ T7519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  188.991478][ T7519] R13: 00007fac959b6038 R14: 00007fac959b5fa0 R15: 00007ffcd3477e88
[  188.999510][ T7519]  </TASK>
[  189.009480][ T7515] netlink: 209588 bytes leftover after parsing attributes in process `syz.2.590'.
[  189.021387][ T7520] netlink: 2418 bytes leftover after parsing attributes in process `syz.2.590'.
[  189.031000][ T7515] netlink: get zone limit has 4 unknown bytes
[  189.773871][ T7532] netlink: 158556 bytes leftover after parsing attributes in process `syz.3.596'.
[  189.809132][ T7532] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô'
[  189.843100][ T7532] CPU: 1 PID: 7532 Comm: syz.3.596 Not tainted 6.6.102-syzkaller #0
[  189.851172][ T7532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  189.861285][ T7532] Call Trace:
[  189.864635][ T7532]  <TASK>
[  189.867597][ T7532]  dump_stack_lvl+0x16c/0x230
[  189.872399][ T7532]  ? show_regs_print_info+0x20/0x20
[  189.877662][ T7532]  ? load_image+0x3b0/0x3b0
[  189.882260][ T7532]  sysfs_warn_dup+0x8e/0xa0
[  189.886831][ T7532]  sysfs_do_create_link_sd+0xc0/0x110
[  189.892253][ T7532]  device_add_class_symlinks+0x1cf/0x240
[  189.897935][ T7532]  device_add+0x507/0xc20
[  189.902310][ T7532]  wiphy_register+0x1e74/0x2c00
[  189.907213][ T7532]  ? cfg80211_event_work+0x40/0x40
[  189.912384][ T7532]  ? minstrel_ht_alloc+0x88a/0x990
[  189.917620][ T7532]  ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0
[  189.923770][ T7532]  ieee80211_register_hw+0x2dc2/0x3ac0
[  189.929289][ T7532]  ? ieee80211_tasklet_handler+0x20/0x20
[  189.935034][ T7532]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  189.940968][ T7532]  ? __debug_object_init+0xe8/0x430
[  189.946199][ T7532]  ? __asan_memset+0x22/0x40
[  189.950812][ T7532]  ? __hrtimer_init+0x186/0x270
[  189.955693][ T7532]  mac80211_hwsim_new_radio+0x2a00/0x4cf0
[  189.961437][ T7532]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  189.967637][ T7532]  ? mac80211_hwsim_free+0x220/0x220
[  189.972941][ T7532]  ? rcu_is_watching+0x15/0xb0
[  189.977724][ T7532]  ? kstrndup+0xbd/0x140
[  189.981998][ T7532]  hwsim_new_radio_nl+0xd78/0x19d0
[  189.987140][ T7532]  ? mark_lock+0x94/0x320
[  189.991522][ T7532]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  189.997963][ T7532]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  190.004147][ T7532]  ? lockdep_hardirqs_on+0x98/0x150
[  190.009464][ T7532]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  190.015662][ T7532]  genl_family_rcv_msg_doit+0x209/0x2f0
[  190.021266][ T7532]  ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0
[  190.027191][ T7532]  ? bpf_lsm_capable+0x9/0x10
[  190.031905][ T7532]  ? security_capable+0x89/0xb0
[  190.036784][ T7532]  genl_rcv_msg+0x60b/0x790
[  190.041316][ T7532]  ? genl_bind+0x360/0x360
[  190.045749][ T7532]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  190.051748][ T7532]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  190.058187][ T7532]  ? ref_tracker_free+0x634/0x7d0
[  190.063249][ T7532]  netlink_rcv_skb+0x216/0x480
[  190.068126][ T7532]  ? genl_bind+0x360/0x360
[  190.075342][ T7532]  ? netlink_ack+0x1110/0x1110
[  190.080165][ T7532]  ? __lock_acquire+0x7c80/0x7c80
[  190.087491][ T7532]  ? down_read+0x1ac/0x2e0
[  190.091946][ T7532]  genl_rcv+0x28/0x40
[  190.095959][ T7532]  netlink_unicast+0x751/0x8d0
[  190.100751][ T7532]  netlink_sendmsg+0x8c1/0xbe0
[  190.105551][ T7532]  ? netlink_getsockopt+0x580/0x580
[  190.110780][ T7532]  ? aa_sock_msg_perm+0x94/0x150
[  190.115743][ T7532]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  190.121055][ T7532]  ? security_socket_sendmsg+0x80/0xa0
[  190.126531][ T7532]  ? netlink_getsockopt+0x580/0x580
[  190.131753][ T7532]  ____sys_sendmsg+0x5bf/0x950
[  190.136558][ T7532]  ? __asan_memset+0x22/0x40
[  190.141165][ T7532]  ? __sys_sendmsg_sock+0x30/0x30
[  190.146206][ T7532]  ? __import_iovec+0x5f2/0x860
[  190.151289][ T7532]  ? import_iovec+0x73/0xa0
[  190.155827][ T7532]  ___sys_sendmsg+0x220/0x290
[  190.160534][ T7532]  ? __sys_sendmsg+0x270/0x270
[  190.165367][ T7532]  __se_sys_sendmsg+0x1a5/0x270
[  190.170269][ T7532]  ? __x64_sys_sendmsg+0x80/0x80
[  190.175293][ T7532]  ? lockdep_hardirqs_on+0x98/0x150
[  190.180531][ T7532]  do_syscall_64+0x55/0xb0
[  190.184970][ T7532]  ? clear_bhb_loop+0x40/0x90
[  190.189694][ T7532]  ? clear_bhb_loop+0x40/0x90
[  190.194390][ T7532]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  190.200344][ T7532] RIP: 0033:0x7fac9578ebe9
[  190.204833][ T7532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  190.224477][ T7532] RSP: 002b:00007fac965f3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  190.232916][ T7532] RAX: ffffffffffffffda RBX: 00007fac959b5fa0 RCX: 00007fac9578ebe9
[  190.240913][ T7532] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[  190.248916][ T7532] RBP: 00007fac95811e19 R08: 0000000000000000 R09: 0000000000000000
[  190.256920][ T7532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  190.264913][ T7532] R13: 00007fac959b6038 R14: 00007fac959b5fa0 R15: 00007ffcd3477e88
[  190.272915][ T7532]  </TASK>
[  190.744476][ T7557] netlink: 'syz.1.604': attribute type 29 has an invalid length.
[  190.760539][ T7548] syzkaller0: entered promiscuous mode
[  190.773440][ T7557] netlink: 44 bytes leftover after parsing attributes in process `syz.1.604'.
[  190.791230][ T7548] syzkaller0: entered allmulticast mode
[  190.847862][ T7557] netlink: 'syz.1.604': attribute type 29 has an invalid length.
[  190.857959][ T7557] netlink: 44 bytes leftover after parsing attributes in process `syz.1.604'.
[  190.872345][ T7557] FAULT_INJECTION: forcing a failure.
[  190.872345][ T7557] name failslab, interval 1, probability 0, space 0, times 0
[  190.887586][ T7557] CPU: 1 PID: 7557 Comm: syz.1.604 Not tainted 6.6.102-syzkaller #0
[  190.895639][ T7557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  190.905737][ T7557] Call Trace:
[  190.909036][ T7557]  <TASK>
[  190.912000][ T7557]  dump_stack_lvl+0x16c/0x230
[  190.916697][ T7557]  ? show_regs_print_info+0x20/0x20
[  190.921933][ T7557]  ? load_image+0x3b0/0x3b0
[  190.926475][ T7557]  should_fail_ex+0x39d/0x4d0
[  190.931279][ T7557]  should_failslab+0x9/0x20
[  190.935805][ T7557]  slab_pre_alloc_hook+0x59/0x310
[  190.941040][ T7557]  kmem_cache_alloc+0x5a/0x2e0
[  190.945846][ T7557]  ? skb_clone+0x1eb/0x370
[  190.950313][ T7557]  skb_clone+0x1eb/0x370
[  190.954588][ T7557]  __netlink_deliver_tap+0x41c/0x830
[  190.959906][ T7557]  ? netlink_deliver_tap+0x2e/0x1b0
[  190.965473][ T7557]  netlink_deliver_tap+0x19c/0x1b0
[  190.970622][ T7557]  netlink_dump+0x8df/0xde0
[  190.975153][ T7557]  ? netlink_lookup+0x200/0x200
[  190.980034][ T7557]  ? netlink_autobind+0x300/0x300
[  190.985087][ T7557]  ? netlink_lookup+0x30/0x200
[  190.989874][ T7557]  ? netlink_lookup+0x30/0x200
[  190.994662][ T7557]  __netlink_dump_start+0x5f1/0x810
[  190.999889][ T7557]  rtnetlink_rcv_msg+0xba1/0xf10
[  191.004877][ T7557]  ? rtnl_fdb_dump+0xf40/0xf40
[  191.009775][ T7557]  ? rtnetlink_rcv_msg+0x1eb/0xf10
[  191.014921][ T7557]  ? rtnetlink_bind+0x80/0x80
[  191.019672][ T7557]  ? __dev_queue_xmit+0x245/0x35a0
[  191.024800][ T7557]  ? rtnl_fdb_dump+0xf40/0xf40
[  191.029591][ T7557]  ? ref_tracker_free+0x634/0x7d0
[  191.034630][ T7557]  ? __copy_skb_header+0xa7/0x550
[  191.039683][ T7557]  netlink_rcv_skb+0x216/0x480
[  191.044477][ T7557]  ? rtnetlink_bind+0x80/0x80
[  191.049178][ T7557]  ? netlink_ack+0x1110/0x1110
[  191.053969][ T7557]  ? __lock_acquire+0x7c80/0x7c80
[  191.059102][ T7557]  ? netlink_deliver_tap+0x2e/0x1b0
[  191.064319][ T7557]  netlink_unicast+0x751/0x8d0
[  191.069127][ T7557]  netlink_sendmsg+0x8c1/0xbe0
[  191.073918][ T7557]  ? netlink_getsockopt+0x580/0x580
[  191.079140][ T7557]  ? aa_sock_msg_perm+0x94/0x150
[  191.084121][ T7557]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  191.089443][ T7557]  ? security_socket_sendmsg+0x80/0xa0
[  191.094929][ T7557]  ? netlink_getsockopt+0x580/0x580
[  191.100154][ T7557]  ____sys_sendmsg+0x5bf/0x950
[  191.104949][ T7557]  ? __asan_memset+0x22/0x40
[  191.109565][ T7557]  ? __sys_sendmsg_sock+0x30/0x30
[  191.114613][ T7557]  ? __import_iovec+0x5f2/0x860
[  191.119493][ T7557]  ? import_iovec+0x73/0xa0
[  191.124018][ T7557]  ___sys_sendmsg+0x220/0x290
[  191.128714][ T7557]  ? __sys_sendmsg+0x270/0x270
[  191.133535][ T7557]  ? __lock_acquire+0x7c80/0x7c80
[  191.138603][ T7557]  __se_sys_sendmsg+0x1a5/0x270
[  191.143491][ T7557]  ? __x64_sys_sendmsg+0x80/0x80
[  191.148465][ T7557]  ? lockdep_hardirqs_on+0x98/0x150
[  191.153778][ T7557]  do_syscall_64+0x55/0xb0
[  191.158209][ T7557]  ? clear_bhb_loop+0x40/0x90
[  191.162897][ T7557]  ? clear_bhb_loop+0x40/0x90
[  191.167594][ T7557]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  191.173510][ T7557] RIP: 0033:0x7f503418ebe9
[  191.177938][ T7557] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  191.197559][ T7557] RSP: 002b:00007f5034f8c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  191.206004][ T7557] RAX: ffffffffffffffda RBX: 00007f50343b5fa0 RCX: 00007f503418ebe9
[  191.214006][ T7557] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  191.221989][ T7557] RBP: 00007f5034f8c090 R08: 0000000000000000 R09: 0000000000000000
[  191.229972][ T7557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  191.237955][ T7557] R13: 00007f50343b6038 R14: 00007f50343b5fa0 R15: 00007ffe01a99138
[  191.245958][ T7557]  </TASK>
[  193.117844][ T7566] netlink: 15478 bytes leftover after parsing attributes in process `syz.0.607'.
[  193.266435][ T7576] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
[  193.596792][ T7585] netlink: 158556 bytes leftover after parsing attributes in process `syz.1.612'.
[  193.645169][ T7585] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô'
[  193.664100][ T7585] CPU: 1 PID: 7585 Comm: syz.1.612 Not tainted 6.6.102-syzkaller #0
[  193.672178][ T7585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  193.682326][ T7585] Call Trace:
[  193.685657][ T7585]  <TASK>
[  193.688631][ T7585]  dump_stack_lvl+0x16c/0x230
[  193.693390][ T7585]  ? show_regs_print_info+0x20/0x20
[  193.698700][ T7585]  ? load_image+0x3b0/0x3b0
[  193.703414][ T7585]  sysfs_warn_dup+0x8e/0xa0
[  193.708001][ T7585]  sysfs_do_create_link_sd+0xc0/0x110
[  193.713455][ T7585]  device_add_class_symlinks+0x1cf/0x240
[  193.719171][ T7585]  device_add+0x507/0xc20
[  193.723578][ T7585]  wiphy_register+0x1e74/0x2c00
[  193.728523][ T7585]  ? cfg80211_event_work+0x40/0x40
[  193.733717][ T7585]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  193.739954][ T7585]  ? ieee80211_register_hw+0x2be9/0x3ac0
[  193.745676][ T7585]  ieee80211_register_hw+0x2dc2/0x3ac0
[  193.751237][ T7585]  ? ieee80211_tasklet_handler+0x20/0x20
[  193.756932][ T7585]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  193.763001][ T7585]  ? __debug_object_init+0xe8/0x430
[  193.768420][ T7585]  ? __asan_memset+0x22/0x40
[  193.773054][ T7585]  ? __hrtimer_init+0x186/0x270
[  193.777941][ T7585]  mac80211_hwsim_new_radio+0x2a00/0x4cf0
[  193.783710][ T7585]  ? mac80211_hwsim_free+0x220/0x220
[  193.789011][ T7585]  ? rcu_is_watching+0x15/0xb0
[  193.793807][ T7585]  ? kstrndup+0xbd/0x140
[  193.798103][ T7585]  hwsim_new_radio_nl+0xd78/0x19d0
[  193.803257][ T7585]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  193.809619][ T7585]  ? __nla_parse+0x40/0x50
[  193.814073][ T7585]  ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[  193.820446][ T7585]  genl_family_rcv_msg_doit+0x209/0x2f0
[  193.826023][ T7585]  ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0
[  193.832137][ T7585]  ? lockdep_hardirqs_on+0x98/0x150
[  193.837393][ T7585]  ? bpf_lsm_capable+0x9/0x10
[  193.842108][ T7585]  ? security_capable+0x89/0xb0
[  193.847027][ T7585]  genl_rcv_msg+0x60b/0x790
[  193.851579][ T7585]  ? genl_bind+0x360/0x360
[  193.856021][ T7585]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  193.862024][ T7585]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  193.868382][ T7585]  ? ref_tracker_free+0x634/0x7d0
[  193.873438][ T7585]  netlink_rcv_skb+0x216/0x480
[  193.878258][ T7585]  ? genl_bind+0x360/0x360
[  193.882702][ T7585]  ? netlink_ack+0x1110/0x1110
[  193.887507][ T7585]  ? down_read+0x1ac/0x2e0
[  193.891951][ T7585]  genl_rcv+0x28/0x40
[  193.895956][ T7585]  netlink_unicast+0x751/0x8d0
[  193.900752][ T7585]  netlink_sendmsg+0x8c1/0xbe0
[  193.905545][ T7585]  ? lockdep_hardirqs_on+0x98/0x150
[  193.910778][ T7585]  ? netlink_getsockopt+0x580/0x580
[  193.916001][ T7585]  ? __sanitizer_cov_trace_pc+0x8/0x60
[  193.921484][ T7585]  ? security_socket_sendmsg+0x80/0xa0
[  193.926960][ T7585]  ? netlink_getsockopt+0x580/0x580
[  193.932187][ T7585]  ____sys_sendmsg+0x5bf/0x950
[  193.936982][ T7585]  ? __asan_memset+0x22/0x40
[  193.941609][ T7585]  ? __sys_sendmsg_sock+0x30/0x30
[  193.946656][ T7585]  ? __import_iovec+0x5f2/0x860
[  193.951544][ T7585]  ? import_iovec+0x73/0xa0
[  193.956079][ T7585]  ___sys_sendmsg+0x220/0x290
[  193.960784][ T7585]  ? __sys_sendmsg+0x270/0x270
[  193.965634][ T7585]  __se_sys_sendmsg+0x1a5/0x270
[  193.970516][ T7585]  ? __x64_sys_sendmsg+0x80/0x80
[  193.975496][ T7585]  ? lockdep_hardirqs_on+0x98/0x150
[  193.980724][ T7585]  do_syscall_64+0x55/0xb0
[  193.985159][ T7585]  ? clear_bhb_loop+0x40/0x90
[  193.989854][ T7585]  ? clear_bhb_loop+0x40/0x90
[  193.994655][ T7585]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  194.000574][ T7585] RIP: 0033:0x7f503418ebe9
[  194.005013][ T7585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  194.024760][ T7585] RSP: 002b:00007f5034f8c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  194.033201][ T7585] RAX: ffffffffffffffda RBX: 00007f50343b5fa0 RCX: 00007f503418ebe9
[  194.041191][ T7585] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007
[  194.049199][ T7585] RBP: 00007f5034211e19 R08: 0000000000000000 R09: 0000000000000000
[  194.057204][ T7585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  194.065191][ T7585] R13: 00007f50343b6038 R14: 00007f50343b5fa0 R15: 00007ffe01a99138
[  194.073251][ T7585]  </TASK>
[  194.426835][ T7600] FAULT_INJECTION: forcing a failure.
[  194.426835][ T7600] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  194.528836][ T7600] CPU: 0 PID: 7600 Comm: syz.1.617 Not tainted 6.6.102-syzkaller #0
[  194.536906][ T7600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  194.547019][ T7600] Call Trace:
[  194.550342][ T7600]  <TASK>
[  194.553311][ T7600]  dump_stack_lvl+0x16c/0x230
[  194.558043][ T7600]  ? show_regs_print_info+0x20/0x20
[  194.563293][ T7600]  ? load_image+0x3b0/0x3b0
[  194.567854][ T7600]  ? __might_fault+0xaa/0x120
[  194.572575][ T7600]  ? __lock_acquire+0x7c80/0x7c80
[  194.577646][ T7600]  ? unix_ioctl+0x254/0x660
[  194.582206][ T7600]  should_fail_ex+0x39d/0x4d0
[  194.586947][ T7600]  _copy_from_user+0x2f/0xe0
[  194.591598][ T7600]  sock_do_ioctl+0x17c/0x2f0
[  194.596253][ T7600]  ? sock_show_fdinfo+0xb0/0xb0
[  194.601178][ T7600]  sock_ioctl+0x623/0x7a0
[  194.605567][ T7600]  ? sock_poll+0x3d0/0x3d0
[  194.610049][ T7600]  ? bpf_lsm_file_ioctl+0x9/0x10
[  194.615023][ T7600]  ? security_file_ioctl+0x80/0xa0
[  194.620188][ T7600]  ? sock_poll+0x3d0/0x3d0
[  194.624663][ T7600]  __se_sys_ioctl+0xfd/0x170
[  194.629304][ T7600]  do_syscall_64+0x55/0xb0
[  194.633764][ T7600]  ? clear_bhb_loop+0x40/0x90
[  194.638480][ T7600]  ? clear_bhb_loop+0x40/0x90
[  194.643203][ T7600]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  194.649187][ T7600] RIP: 0033:0x7f503418ebe9
[  194.653638][ T7600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  194.673290][ T7600] RSP: 002b:00007f5034f8c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  194.681763][ T7600] RAX: ffffffffffffffda RBX: 00007f50343b5fa0 RCX: 00007f503418ebe9
[  194.689766][ T7600] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000004
[  194.697770][ T7600] RBP: 00007f5034f8c090 R08: 0000000000000000 R09: 0000000000000000
[  194.705766][ T7600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  194.713759][ T7600] R13: 00007f50343b6038 R14: 00007f50343b5fa0 R15: 00007ffe01a99138
[  194.721773][ T7600]  </TASK>
[  194.730720][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  194.769022][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  195.448781][ T7623] netlink: 158556 bytes leftover after parsing attributes in process `syz.2.627'.
[  195.527038][ T7623] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô'
[  195.541275][ T7623] CPU: 0 PID: 7623 Comm: syz.2.627 Not tainted 6.6.102-syzkaller #0
[  195.549327][ T7623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  195.559442][ T7623] Call Trace:
[  195.562741][ T7623]  <TASK>
[  195.565690][ T7623]  dump_stack_lvl+0x16c/0x230
[  195.570398][ T7623]  ? show_regs_print_info+0x20/0x20
[  195.575616][ T7623]  ? load_image+0x3b0/0x3b0
[  195.580244][ T7623]  sysfs_warn_dup+0x8e/0xa0
[  195.584781][ T7623]  sysfs_do_create_link_sd+0xc0/0x110
[  195.590274][ T7623]  device_add_class_symlinks+0x1cf/0x240
[  195.595944][ T7623]  device_add+0x507/0xc20
[  195.600307][ T7623]  wiphy_register+0x1e74/0x2c00
[  195.605200][ T7623]  ? cfg80211_event_work+0x40/0x40
[  195.610336][ T7623]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  195.616530][ T7623]  ? ieee80211_register_hw+0x29ce/0x3ac0
[  195.622244][ T7623]  ieee80211_register_hw+0x2dc2/0x3ac0
[  195.627746][ T7623]  ? ieee80211_tasklet_handler+0x20/0x20
[  195.633399][ T7623]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  195.639327][ T7623]  ? __debug_object_init+0xe8/0x430
[  195.644585][ T7623]  ? __asan_memset+0x22/0x40
[  195.649199][ T7623]  ? __hrtimer_init+0x186/0x270
[  195.654075][ T7623]  mac80211_hwsim_new_radio+0x2a00/0x4cf0
[  195.659864][ T7623]  ? mac80211_hwsim_free+0x220/0x220
[  195.665195][ T7623]  ? rcu_is_watching+0x15/0xb0
[  195.670013][ T7623]  ? kstrndup+0xbd/0x140
[  195.674316][ T7623]  hwsim_new_radio_nl+0xd78/0x19d0
[  195.679474][ T7623]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  195.685836][ T7623]  ? __nla_parse+0x40/0x50
[  195.690281][ T7623]  ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[  195.696668][ T7623]  genl_family_rcv_msg_doit+0x209/0x2f0
[  195.702251][ T7623]  ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0
[  195.708175][ T7623]  ? bpf_lsm_capable+0x9/0x10
[  195.712891][ T7623]  ? security_capable+0x89/0xb0
[  195.717782][ T7623]  genl_rcv_msg+0x60b/0x790
[  195.722320][ T7623]  ? genl_bind+0x360/0x360
[  195.726760][ T7623]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  195.733118][ T7623]  netlink_rcv_skb+0x216/0x480
[  195.737911][ T7623]  ? genl_bind+0x360/0x360
[  195.742373][ T7623]  ? netlink_ack+0x1110/0x1110
[  195.747186][ T7623]  ? __lock_acquire+0x7c80/0x7c80
[  195.752240][ T7623]  ? down_read+0x1ac/0x2e0
[  195.756688][ T7623]  genl_rcv+0x28/0x40
[  195.760733][ T7623]  netlink_unicast+0x751/0x8d0
[  195.765530][ T7623]  netlink_sendmsg+0x8c1/0xbe0
[  195.770322][ T7623]  ? netlink_getsockopt+0x580/0x580
[  195.775544][ T7623]  ? aa_sock_msg_perm+0x94/0x150
[  195.780516][ T7623]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  195.785816][ T7623]  ? security_socket_sendmsg+0x80/0xa0
[  195.791297][ T7623]  ? netlink_getsockopt+0x580/0x580
[  195.796515][ T7623]  ____sys_sendmsg+0x5bf/0x950
[  195.801313][ T7623]  ? __asan_memset+0x22/0x40
[  195.805934][ T7623]  ? __sys_sendmsg_sock+0x30/0x30
[  195.810977][ T7623]  ? __import_iovec+0x5f2/0x860
[  195.815857][ T7623]  ? import_iovec+0x73/0xa0
[  195.820390][ T7623]  ___sys_sendmsg+0x220/0x290
[  195.825099][ T7623]  ? __sys_sendmsg+0x270/0x270
[  195.829973][ T7623]  __se_sys_sendmsg+0x1a5/0x270
[  195.834848][ T7623]  ? hrtimer_interrupt+0x7bb/0x9c0
[  195.839980][ T7623]  ? __x64_sys_sendmsg+0x80/0x80
[  195.844959][ T7623]  ? lockdep_hardirqs_on+0x98/0x150
[  195.850188][ T7623]  do_syscall_64+0x55/0xb0
[  195.854800][ T7623]  ? clear_bhb_loop+0x40/0x90
[  195.859578][ T7623]  ? clear_bhb_loop+0x40/0x90
[  195.864274][ T7623]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  195.870193][ T7623] RIP: 0033:0x7f35b838ebe9
[  195.874624][ T7623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  195.894261][ T7623] RSP: 002b:00007f35b65f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  195.902709][ T7623] RAX: ffffffffffffffda RBX: 00007f35b85b5fa0 RCX: 00007f35b838ebe9
[  195.910709][ T7623] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[  195.918702][ T7623] RBP: 00007f35b8411e19 R08: 0000000000000000 R09: 0000000000000000
[  195.926695][ T7623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  195.934683][ T7623] R13: 00007f35b85b6038 R14: 00007f35b85b5fa0 R15: 00007ffd49fba6d8
[  195.942744][ T7623]  </TASK>
[  195.976335][ T7632] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.630'.
[  196.001336][ T7632] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16)
[  196.009891][ T7632] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  196.412109][ T7636] FAULT_INJECTION: forcing a failure.
[  196.412109][ T7636] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  196.444641][ T7636] CPU: 0 PID: 7636 Comm: syz.0.631 Not tainted 6.6.102-syzkaller #0
[  196.452710][ T7636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  196.462834][ T7636] Call Trace:
[  196.466146][ T7636]  <TASK>
[  196.469107][ T7636]  dump_stack_lvl+0x16c/0x230
[  196.473831][ T7636]  ? show_regs_print_info+0x20/0x20
[  196.479066][ T7636]  ? load_image+0x3b0/0x3b0
[  196.483603][ T7636]  ? __might_fault+0xaa/0x120
[  196.488292][ T7636]  ? __lock_acquire+0x7c80/0x7c80
[  196.493350][ T7636]  should_fail_ex+0x39d/0x4d0
[  196.498078][ T7636]  _copy_from_user+0x2f/0xe0
[  196.502696][ T7636]  ___sys_sendmsg+0x159/0x290
[  196.507427][ T7636]  ? __sys_sendmsg+0x270/0x270
[  196.512231][ T7636]  ? __lock_acquire+0x7c80/0x7c80
[  196.517297][ T7636]  __se_sys_sendmsg+0x1a5/0x270
[  196.522171][ T7636]  ? perf_trace_preemptirq_template+0x281/0x340
[  196.528433][ T7636]  ? __x64_sys_sendmsg+0x80/0x80
[  196.533417][ T7636]  ? lockdep_hardirqs_on+0x98/0x150
[  196.538640][ T7636]  do_syscall_64+0x55/0xb0
[  196.543081][ T7636]  ? clear_bhb_loop+0x40/0x90
[  196.547773][ T7636]  ? clear_bhb_loop+0x40/0x90
[  196.552467][ T7636]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  196.558386][ T7636] RIP: 0033:0x7f900818ebe9
[  196.562818][ T7636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  196.582443][ T7636] RSP: 002b:00007f9008f62038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  196.590879][ T7636] RAX: ffffffffffffffda RBX: 00007f90083b6090 RCX: 00007f900818ebe9
[  196.598867][ T7636] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  196.606861][ T7636] RBP: 00007f9008f62090 R08: 0000000000000000 R09: 0000000000000000
[  196.614845][ T7636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  196.622827][ T7636] R13: 00007f90083b6128 R14: 00007f90083b6090 R15: 00007ffe8cc48fd8
[  196.630833][ T7636]  </TASK>
[  196.819972][ T7638] pim6reg1: tun_chr_ioctl cmd 1074025676
[  196.846174][ T7638] pim6reg1: owner set to 0
[  196.890438][ T7639] pim6reg1: tun_chr_ioctl cmd 2148553947
[  197.316560][ T7659] netlink: 'syz.2.639': attribute type 4 has an invalid length.
[  197.466703][ T7664] netlink: 'syz.1.641': attribute type 39 has an invalid length.
[  197.477869][ T7663] netlink: 158556 bytes leftover after parsing attributes in process `syz.0.642'.
[  197.556795][ T7667] FAULT_INJECTION: forcing a failure.
[  197.556795][ T7667] name failslab, interval 1, probability 0, space 0, times 0
[  197.574653][ T7663] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô'
[  197.590379][ T7667] CPU: 0 PID: 7667 Comm: syz.2.643 Not tainted 6.6.102-syzkaller #0
[  197.598445][ T7667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  197.608545][ T7667] Call Trace:
[  197.611870][ T7667]  <TASK>
[  197.614849][ T7667]  dump_stack_lvl+0x16c/0x230
[  197.619584][ T7667]  ? show_regs_print_info+0x20/0x20
[  197.624821][ T7667]  ? load_image+0x3b0/0x3b0
[  197.629382][ T7667]  ? __lock_acquire+0x7c80/0x7c80
[  197.634458][ T7667]  should_fail_ex+0x39d/0x4d0
[  197.639157][ T7667]  should_failslab+0x9/0x20
[  197.643700][ T7667]  slab_pre_alloc_hook+0x59/0x310
[  197.648766][ T7667]  ? bpf_prog_alloc+0x3d/0x1b0
[  197.653548][ T7667]  ? bpf_prog_load+0x6b8/0x16d0
[  197.658440][ T7667]  ? __sys_bpf+0x55a/0x800
[  197.662899][ T7667]  kmem_cache_alloc_node+0x60/0x330
[  197.668137][ T7667]  ? alloc_vmap_area+0x1c4/0x1c70
[  197.673191][ T7667]  alloc_vmap_area+0x1c4/0x1c70
[  197.678180][ T7667]  ? vm_map_ram+0xcb0/0xcb0
[  197.682747][ T7667]  ? rcu_is_watching+0x15/0xb0
[  197.687560][ T7667]  __get_vm_area_node+0x162/0x370
[  197.692635][ T7667]  __vmalloc_node_range+0x36e/0x1320
[  197.697982][ T7667]  ? bpf_prog_alloc_no_stats+0x47/0x440
[  197.703555][ T7667]  ? mark_lock+0x94/0x320
[  197.707952][ T7667]  ? __lock_acquire+0x1334/0x7c80
[  197.713082][ T7667]  ? verify_lock_unused+0x140/0x140
[  197.718311][ T7667]  ? free_vm_area+0x50/0x50
[  197.722838][ T7667]  ? end_current_label_crit_section+0x170/0x170
[  197.729101][ T7667]  ? bpf_prog_alloc_no_stats+0x47/0x440
[  197.734678][ T7667]  __vmalloc+0x7a/0x90
[  197.738775][ T7667]  ? bpf_prog_alloc_no_stats+0x47/0x440
[  197.744341][ T7667]  bpf_prog_alloc_no_stats+0x47/0x440
[  197.749733][ T7667]  ? bpf_prog_alloc+0x2b/0x1b0
[  197.754521][ T7667]  bpf_prog_alloc+0x3d/0x1b0
[  197.759140][ T7667]  bpf_prog_load+0x6b8/0x16d0
[  197.764043][ T7667]  ? map_freeze+0x420/0x420
[  197.768588][ T7667]  ? __might_fault+0xaa/0x120
[  197.773286][ T7667]  ? __lock_acquire+0x7c80/0x7c80
[  197.778332][ T7667]  ? file_end_write+0x159/0x250
[  197.783206][ T7667]  ? __might_fault+0xaa/0x120
[  197.787904][ T7667]  ? __might_fault+0xc6/0x120
[  197.792603][ T7667]  ? __might_fault+0xaa/0x120
[  197.797297][ T7667]  ? bpf_lsm_bpf+0x9/0x10
[  197.801646][ T7667]  ? security_bpf+0x7e/0xa0
[  197.806186][ T7667]  __sys_bpf+0x55a/0x800
[  197.810444][ T7667]  ? bpf_link_show_fdinfo+0x350/0x350
[  197.815861][ T7667]  ? lock_chain_count+0x20/0x20
[  197.820737][ T7667]  __x64_sys_bpf+0x7c/0x90
[  197.825168][ T7667]  do_syscall_64+0x55/0xb0
[  197.829601][ T7667]  ? clear_bhb_loop+0x40/0x90
[  197.834300][ T7667]  ? clear_bhb_loop+0x40/0x90
[  197.838991][ T7667]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  197.844912][ T7667] RIP: 0033:0x7f35b838ebe9
[  197.849380][ T7667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  197.869032][ T7667] RSP: 002b:00007f35b65f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  197.877469][ T7667] RAX: ffffffffffffffda RBX: 00007f35b85b5fa0 RCX: 00007f35b838ebe9
[  197.885456][ T7667] RDX: 0000000000000094 RSI: 0000200000000700 RDI: 0000000000000005
[  197.893447][ T7667] RBP: 00007f35b65f6090 R08: 0000000000000000 R09: 0000000000000000
[  197.901521][ T7667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  197.909508][ T7667] R13: 00007f35b85b6038 R14: 00007f35b85b5fa0 R15: 00007ffd49fba6d8
[  197.917513][ T7667]  </TASK>
[  197.920903][ T7663] CPU: 1 PID: 7663 Comm: syz.0.642 Not tainted 6.6.102-syzkaller #0
[  197.928970][ T7663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  197.939081][ T7663] Call Trace:
[  197.942396][ T7663]  <TASK>
[  197.945350][ T7663]  dump_stack_lvl+0x16c/0x230
[  197.950059][ T7663]  ? show_regs_print_info+0x20/0x20
[  197.955280][ T7663]  ? load_image+0x3b0/0x3b0
[  197.959823][ T7663]  sysfs_warn_dup+0x8e/0xa0
[  197.964357][ T7663]  sysfs_do_create_link_sd+0xc0/0x110
[  197.969761][ T7663]  device_add_class_symlinks+0x1cf/0x240
[  197.975444][ T7663]  device_add+0x507/0xc20
[  197.979811][ T7663]  wiphy_register+0x1e74/0x2c00
[  197.984738][ T7663]  ? cfg80211_event_work+0x40/0x40
[  197.989969][ T7663]  ? minstrel_ht_alloc+0x88a/0x990
[  197.995136][ T7663]  ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0
[  198.001249][ T7663]  ieee80211_register_hw+0x2dc2/0x3ac0
[  198.006764][ T7663]  ? ieee80211_tasklet_handler+0x20/0x20
[  198.012444][ T7663]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  198.018369][ T7663]  ? __debug_object_init+0xe8/0x430
[  198.023594][ T7663]  ? __asan_memset+0x22/0x40
[  198.028205][ T7663]  ? __hrtimer_init+0x186/0x270
[  198.033080][ T7663]  mac80211_hwsim_new_radio+0x2a00/0x4cf0
[  198.038839][ T7663]  ? mac80211_hwsim_free+0x220/0x220
[  198.044152][ T7663]  ? rcu_is_watching+0x15/0xb0
[  198.048944][ T7663]  ? kstrndup+0xbd/0x140
[  198.053218][ T7663]  hwsim_new_radio_nl+0xd78/0x19d0
[  198.058385][ T7663]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  198.064743][ T7663]  ? __nla_parse+0x40/0x50
[  198.069195][ T7663]  ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[  198.075564][ T7663]  genl_family_rcv_msg_doit+0x209/0x2f0
[  198.081143][ T7663]  ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0
[  198.087069][ T7663]  ? bpf_lsm_capable+0x9/0x10
[  198.091768][ T7663]  ? security_capable+0x89/0xb0
[  198.096659][ T7663]  genl_rcv_msg+0x60b/0x790
[  198.101371][ T7663]  ? genl_bind+0x360/0x360
[  198.105810][ T7663]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  198.112213][ T7663]  ? ref_tracker_free+0x634/0x7d0
[  198.117269][ T7663]  netlink_rcv_skb+0x216/0x480
[  198.122062][ T7663]  ? genl_bind+0x360/0x360
[  198.126502][ T7663]  ? netlink_ack+0x1110/0x1110
[  198.131294][ T7663]  ? __lock_acquire+0x7c80/0x7c80
[  198.136341][ T7663]  ? down_read+0x1ac/0x2e0
[  198.140784][ T7663]  genl_rcv+0x28/0x40
[  198.144789][ T7663]  netlink_unicast+0x751/0x8d0
[  198.149585][ T7663]  netlink_sendmsg+0x8c1/0xbe0
[  198.154376][ T7663]  ? netlink_getsockopt+0x580/0x580
[  198.159598][ T7663]  ? aa_sock_msg_perm+0x94/0x150
[  198.164556][ T7663]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  198.169859][ T7663]  ? security_socket_sendmsg+0x80/0xa0
[  198.175337][ T7663]  ? netlink_getsockopt+0x580/0x580
[  198.180558][ T7663]  ____sys_sendmsg+0x5bf/0x950
[  198.185352][ T7663]  ? __asan_memset+0x22/0x40
[  198.189964][ T7663]  ? __sys_sendmsg_sock+0x30/0x30
[  198.195011][ T7663]  ? __import_iovec+0x5f2/0x860
[  198.199901][ T7663]  ? import_iovec+0x73/0xa0
[  198.204452][ T7663]  ___sys_sendmsg+0x220/0x290
[  198.209168][ T7663]  ? __sys_sendmsg+0x270/0x270
[  198.214002][ T7663]  __se_sys_sendmsg+0x1a5/0x270
[  198.218901][ T7663]  ? __x64_sys_sendmsg+0x80/0x80
[  198.223883][ T7663]  ? lockdep_hardirqs_on+0x98/0x150
[  198.229115][ T7663]  do_syscall_64+0x55/0xb0
[  198.233573][ T7663]  ? clear_bhb_loop+0x40/0x90
[  198.238305][ T7663]  ? clear_bhb_loop+0x40/0x90
[  198.243000][ T7663]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  198.248944][ T7663] RIP: 0033:0x7f900818ebe9
[  198.253391][ T7663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  198.273033][ T7663] RSP: 002b:00007f9008f83038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  198.281475][ T7663] RAX: ffffffffffffffda RBX: 00007f90083b5fa0 RCX: 00007f900818ebe9
[  198.289467][ T7663] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[  198.297551][ T7663] RBP: 00007f9008211e19 R08: 0000000000000000 R09: 0000000000000000
[  198.305547][ T7663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  198.313558][ T7663] R13: 00007f90083b6038 R14: 00007f90083b5fa0 R15: 00007ffe8cc48fd8
[  198.321586][ T7663]  </TASK>
[  198.339928][ T7667] syz.2.643: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz2,mems_allowed=0-1
[  198.356834][ T7667] CPU: 1 PID: 7667 Comm: syz.2.643 Not tainted 6.6.102-syzkaller #0
[  198.364871][ T7667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  198.374977][ T7667] Call Trace:
[  198.378287][ T7667]  <TASK>
[  198.381246][ T7667]  dump_stack_lvl+0x16c/0x230
[  198.385972][ T7667]  ? show_regs_print_info+0x20/0x20
[  198.391219][ T7667]  ? load_image+0x3b0/0x3b0
[  198.395809][ T7667]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  198.402271][ T7667]  ? cpuset_print_current_mems_allowed+0x2e3/0x360
[  198.408884][ T7667]  warn_alloc+0x210/0x300
[  198.413268][ T7667]  ? slab_free_freelist_hook+0x130/0x1b0
[  198.418965][ T7667]  ? zone_watermark_ok_safe+0x230/0x230
[  198.424564][ T7667]  ? __get_vm_area_node+0x17b/0x370
[  198.429829][ T7667]  ? __get_vm_area_node+0x17b/0x370
[  198.435084][ T7667]  __vmalloc_node_range+0x393/0x1320
[  198.440420][ T7667]  ? mark_lock+0x94/0x320
[  198.444781][ T7667]  ? __lock_acquire+0x1334/0x7c80
[  198.449837][ T7667]  ? verify_lock_unused+0x140/0x140
[  198.455084][ T7667]  ? free_vm_area+0x50/0x50
[  198.459610][ T7667]  ? end_current_label_crit_section+0x170/0x170
[  198.465876][ T7667]  ? bpf_prog_alloc_no_stats+0x47/0x440
[  198.471440][ T7667]  __vmalloc+0x7a/0x90
[  198.475615][ T7667]  ? bpf_prog_alloc_no_stats+0x47/0x440
[  198.481179][ T7667]  bpf_prog_alloc_no_stats+0x47/0x440
[  198.486564][ T7667]  ? bpf_prog_alloc+0x2b/0x1b0
[  198.491438][ T7667]  bpf_prog_alloc+0x3d/0x1b0
[  198.496046][ T7667]  bpf_prog_load+0x6b8/0x16d0
[  198.500746][ T7667]  ? map_freeze+0x420/0x420
[  198.505269][ T7667]  ? __might_fault+0xaa/0x120
[  198.509963][ T7667]  ? __lock_acquire+0x7c80/0x7c80
[  198.515008][ T7667]  ? file_end_write+0x159/0x250
[  198.519881][ T7667]  ? __might_fault+0xaa/0x120
[  198.524569][ T7667]  ? __might_fault+0xc6/0x120
[  198.529284][ T7667]  ? __might_fault+0xaa/0x120
[  198.533973][ T7667]  ? bpf_lsm_bpf+0x9/0x10
[  198.538317][ T7667]  ? security_bpf+0x7e/0xa0
[  198.542842][ T7667]  __sys_bpf+0x55a/0x800
[  198.547099][ T7667]  ? bpf_link_show_fdinfo+0x350/0x350
[  198.552495][ T7667]  ? lock_chain_count+0x20/0x20
[  198.557367][ T7667]  __x64_sys_bpf+0x7c/0x90
[  198.561796][ T7667]  do_syscall_64+0x55/0xb0
[  198.566227][ T7667]  ? clear_bhb_loop+0x40/0x90
[  198.570915][ T7667]  ? clear_bhb_loop+0x40/0x90
[  198.575611][ T7667]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  198.581526][ T7667] RIP: 0033:0x7f35b838ebe9
[  198.585958][ T7667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  198.605593][ T7667] RSP: 002b:00007f35b65f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  198.614034][ T7667] RAX: ffffffffffffffda RBX: 00007f35b85b5fa0 RCX: 00007f35b838ebe9
[  198.622019][ T7667] RDX: 0000000000000094 RSI: 0000200000000700 RDI: 0000000000000005
[  198.630035][ T7667] RBP: 00007f35b65f6090 R08: 0000000000000000 R09: 0000000000000000
[  198.638105][ T7667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  198.646088][ T7667] R13: 00007f35b85b6038 R14: 00007f35b85b5fa0 R15: 00007ffd49fba6d8
[  198.654096][ T7667]  </TASK>
[  198.681818][ T7667] Mem-Info:
[  198.685024][ T7667] active_anon:4958 inactive_anon:0 isolated_anon:0
[  198.685024][ T7667]  active_file:13132 inactive_file:39868 isolated_file:0
[  198.685024][ T7667]  unevictable:768 dirty:213 writeback:0
[  198.685024][ T7667]  slab_reclaimable:10183 slab_unreclaimable:95685
[  198.685024][ T7667]  mapped:24387 shmem:1361 pagetables:516
[  198.685024][ T7667]  sec_pagetables:0 bounce:0
[  198.685024][ T7667]  kernel_misc_reclaimable:0
[  198.685024][ T7667]  free:1348744 free_pcp:11817 free_cma:0
[  198.748976][ T7667] Node 0 active_anon:19832kB inactive_anon:0kB active_file:52528kB inactive_file:159268kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:97548kB dirty:848kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11200kB pagetables:2064kB sec_pagetables:0kB all_unreclaimable? no
[  198.835993][ T7667] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  198.923438][ T7667] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  198.986847][ T7667] lowmem_reserve[]: 0 2525 2526 2526 2526
[  198.998490][ T7667] Node 0 DMA32 free:1490500kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:19684kB inactive_anon:0kB active_file:52528kB inactive_file:157940kB unevictable:1536kB writepending:848kB present:3129332kB managed:2589596kB mlocked:0kB bounce:0kB free_pcp:25068kB local_pcp:7096kB free_cma:0kB
[  199.030566][ T7667] lowmem_reserve[]: 0 0 1 1 1
[  199.111621][ T7667] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1328kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  199.160774][ T7685] FAULT_INJECTION: forcing a failure.
[  199.160774][ T7685] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  199.166981][ T7667] lowmem_reserve[]: 0 0 0 0 0
[  199.179170][ T7667] Node 1 
[  199.181668][ T7685] CPU: 1 PID: 7685 Comm: syz.1.648 Not tainted 6.6.102-syzkaller #0
[  199.184661][ T7685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  199.193152][ T7667] Normal free:3888868kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:22976kB local_pcp:14816kB free_cma:0kB
[  199.202700][ T7685] Call Trace:
[  199.202711][ T7685]  <TASK>
[  199.202720][ T7685]  dump_stack_lvl+0x16c/0x230
[  199.202753][ T7685]  ? show_regs_print_info+0x20/0x20
[  199.202784][ T7685]  ? load_image+0x3b0/0x3b0
[  199.202817][ T7685]  ? __might_fault+0xaa/0x120
[  199.202839][ T7685]  ? __lock_acquire+0x7c80/0x7c80
[  199.202861][ T7685]  ? mark_lock+0x94/0x320
[  199.202888][ T7685]  should_fail_ex+0x39d/0x4d0
[  199.232669][ T7667] lowmem_reserve[]:
[  199.235096][ T7685]  _copy_from_user+0x2f/0xe0
[  199.238032][ T7667]  0 0
[  199.242710][ T7685]  get_user_ifreq+0x6b/0x180
[  199.242744][ T7685]  inet_ioctl+0x38d/0x4c0
[  199.242764][ T7685]  ? tomoyo_path_number_perm+0x1ba/0x590
[  199.242796][ T7685]  ? inet_shutdown+0x370/0x370
[  199.242815][ T7685]  ? slab_free_freelist_hook+0x130/0x1b0
[  199.242856][ T7685]  ? tomoyo_path_number_perm+0x477/0x590
[  199.242884][ T7685]  ? __kmem_cache_free+0xba/0x1f0
[  199.248225][ T7667]  0
[  199.252607][ T7685]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  199.252650][ T7685]  sock_do_ioctl+0xd7/0x2f0
[  199.252685][ T7685]  ? sock_show_fdinfo+0xb0/0xb0
[  199.257424][ T7667]  0
[  199.262542][ T7685]  sock_ioctl+0x623/0x7a0
[  199.262578][ T7685]  ? sock_poll+0x3d0/0x3d0
[  199.262617][ T7685]  ? bpf_lsm_file_ioctl+0x9/0x10
[  199.267119][ T7667]  0
[  199.271727][ T7685]  ? security_file_ioctl+0x80/0xa0
[  199.271758][ T7685]  ? sock_poll+0x3d0/0x3d0
[  199.271787][ T7685]  __se_sys_ioctl+0xfd/0x170
[  199.275661][ T7667] 
[  199.280205][ T7685]  do_syscall_64+0x55/0xb0
[  199.280233][ T7685]  ? clear_bhb_loop+0x40/0x90
[  199.282963][ T7667] Node 0 
[  199.287496][ T7685]  ? clear_bhb_loop+0x40/0x90
[  199.292035][ T7667] DMA: 
[  199.297485][ T7685]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  199.302417][ T7667] 0*4kB 
[  199.307876][ T7685] RIP: 0033:0x7f503418ebe9
[  199.313719][ T7667] 0*8kB 
[  199.318532][ T7685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  199.323327][ T7667] 0*16kB 
[  199.326506][ T7685] RSP: 002b:00007f5034f8c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  199.326531][ T7685] RAX: ffffffffffffffda RBX: 00007f50343b5fa0 RCX: 00007f503418ebe9
[  199.326547][ T7685] RDX: 0000200000000040 RSI: 0000000000008916 RDI: 0000000000000003
[  199.331224][ T7667] 0*32kB 
[  199.335892][ T7685] RBP: 00007f5034f8c090 R08: 0000000000000000 R09: 0000000000000000
[  199.338397][ T7667] 0*64kB 
[  199.342724][ T7685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  199.342738][ T7685] R13: 00007f50343b6038 R14: 00007f50343b5fa0 R15: 00007ffe01a99138
[  199.342769][ T7685]  </TASK>
[  199.502157][ T7667] 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  199.511191][ T7667] Node 0 DMA32: 879*4kB (UME) 1629*8kB (UM) 1086*16kB (UME) 610*32kB (UM) 186*64kB (UM) 62*128kB (UM) 34*256kB (M) 21*512kB (ME) 11*1024kB (UME) 5*2048kB (ME) 336*4096kB (M) = 1490500kB
[  199.530619][ T7667] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  199.542780][ T7667] Node 1 Normal: 239*4kB (UME) 57*8kB (UME) 32*16kB (UME) 61*32kB (UME) 19*64kB (UE) 10*128kB (UME) 2*256kB (UE) 2*512kB (UM) 0*1024kB 1*2048kB (E) 947*4096kB (M) = 3888868kB
[  199.562139][ T7667] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  199.601110][ T7667] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  199.610478][ T7667] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  199.627825][ T7667] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  199.640220][ T7667] 54363 total pagecache pages
[  199.645049][ T7667] 0 pages in swap cache
[  199.649238][ T7667] Free swap  = 124996kB
[  199.659051][ T7667] Total swap = 124996kB
[  199.663557][ T7667] 2097051 pages RAM
[  199.667593][ T7667] 0 pages HighMem/MovableOnly
[  199.721678][ T7667] 416138 pages reserved
[  199.725906][ T7667] 0 pages cma reserved
[  204.118361][ T7697] netlink: 158556 bytes leftover after parsing attributes in process `syz.0.655'.
[  204.138707][ T7698] netlink: 76 bytes leftover after parsing attributes in process `syz.3.654'.
[  204.172479][ T7697] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô'
[  204.191780][ T7697] CPU: 1 PID: 7697 Comm: syz.0.655 Not tainted 6.6.102-syzkaller #0
[  204.199848][ T7697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  204.209944][ T7697] Call Trace:
[  204.213250][ T7697]  <TASK>
[  204.216257][ T7697]  dump_stack_lvl+0x16c/0x230
[  204.220977][ T7697]  ? show_regs_print_info+0x20/0x20
[  204.226210][ T7697]  ? load_image+0x3b0/0x3b0
[  204.230757][ T7697]  sysfs_warn_dup+0x8e/0xa0
[  204.235304][ T7697]  sysfs_do_create_link_sd+0xc0/0x110
[  204.240806][ T7697]  device_add_class_symlinks+0x1cf/0x240
[  204.246513][ T7697]  device_add+0x507/0xc20
[  204.250900][ T7697]  wiphy_register+0x1e74/0x2c00
[  204.255828][ T7697]  ? cfg80211_event_work+0x40/0x40
[  204.261006][ T7697]  ? minstrel_ht_alloc+0x88a/0x990
[  204.266185][ T7697]  ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0
[  204.272308][ T7697]  ieee80211_register_hw+0x2dc2/0x3ac0
[  204.277822][ T7697]  ? ieee80211_tasklet_handler+0x20/0x20
[  204.283483][ T7697]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  204.289411][ T7697]  ? __debug_object_init+0xe8/0x430
[  204.294641][ T7697]  ? __asan_memset+0x22/0x40
[  204.299271][ T7697]  ? __hrtimer_init+0x186/0x270
[  204.304148][ T7697]  mac80211_hwsim_new_radio+0x2a00/0x4cf0
[  204.309918][ T7697]  ? mac80211_hwsim_free+0x220/0x220
[  204.315237][ T7697]  ? rcu_is_watching+0x15/0xb0
[  204.320037][ T7697]  ? kstrndup+0xbd/0x140
[  204.324322][ T7697]  hwsim_new_radio_nl+0xd78/0x19d0
[  204.329512][ T7697]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  204.335903][ T7697]  ? __nla_parse+0x40/0x50
[  204.340351][ T7697]  ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[  204.346725][ T7697]  genl_family_rcv_msg_doit+0x209/0x2f0
[  204.352317][ T7697]  ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0
[  204.358272][ T7697]  ? bpf_lsm_capable+0x9/0x10
[  204.363095][ T7697]  ? security_capable+0x89/0xb0
[  204.367981][ T7697]  genl_rcv_msg+0x60b/0x790
[  204.372521][ T7697]  ? genl_bind+0x360/0x360
[  204.376970][ T7697]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  204.383325][ T7697]  ? ref_tracker_free+0x634/0x7d0
[  204.388383][ T7697]  netlink_rcv_skb+0x216/0x480
[  204.393199][ T7697]  ? genl_bind+0x360/0x360
[  204.397671][ T7697]  ? netlink_ack+0x1110/0x1110
[  204.402499][ T7697]  ? __lock_acquire+0x7c80/0x7c80
[  204.407557][ T7697]  ? down_read+0x1ac/0x2e0
[  204.412009][ T7697]  genl_rcv+0x28/0x40
[  204.416037][ T7697]  netlink_unicast+0x751/0x8d0
[  204.420833][ T7697]  netlink_sendmsg+0x8c1/0xbe0
[  204.425632][ T7697]  ? netlink_getsockopt+0x580/0x580
[  204.430951][ T7697]  ? aa_sock_msg_perm+0x94/0x150
[  204.435926][ T7697]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  204.441325][ T7697]  ? security_socket_sendmsg+0x80/0xa0
[  204.446835][ T7697]  ? netlink_getsockopt+0x580/0x580
[  204.452080][ T7697]  ____sys_sendmsg+0x5bf/0x950
[  204.456906][ T7697]  ? __asan_memset+0x22/0x40
[  204.461526][ T7697]  ? __sys_sendmsg_sock+0x30/0x30
[  204.466752][ T7697]  ? __import_iovec+0x5f2/0x860
[  204.471641][ T7697]  ? import_iovec+0x73/0xa0
[  204.476195][ T7697]  ___sys_sendmsg+0x220/0x290
[  204.481020][ T7697]  ? __sys_sendmsg+0x270/0x270
[  204.485966][ T7697]  __se_sys_sendmsg+0x1a5/0x270
[  204.490847][ T7697]  ? __x64_sys_sendmsg+0x80/0x80
[  204.495848][ T7697]  ? lockdep_hardirqs_on+0x98/0x150
[  204.501170][ T7697]  do_syscall_64+0x55/0xb0
[  204.505608][ T7697]  ? clear_bhb_loop+0x40/0x90
[  204.510316][ T7697]  ? clear_bhb_loop+0x40/0x90
[  204.515200][ T7697]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  204.521124][ T7697] RIP: 0033:0x7f900818ebe9
[  204.525581][ T7697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  204.545216][ T7697] RSP: 002b:00007f9008f83038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  204.553669][ T7697] RAX: ffffffffffffffda RBX: 00007f90083b5fa0 RCX: 00007f900818ebe9
[  204.561662][ T7697] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[  204.569762][ T7697] RBP: 00007f9008211e19 R08: 0000000000000000 R09: 0000000000000000
[  204.577754][ T7697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  204.585767][ T7697] R13: 00007f90083b6038 R14: 00007f90083b5fa0 R15: 00007ffe8cc48fd8
[  204.593773][ T7697]  </TASK>
[  204.989268][ T7713] FAULT_INJECTION: forcing a failure.
[  204.989268][ T7713] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  205.018488][ T7713] CPU: 0 PID: 7713 Comm: syz.2.659 Not tainted 6.6.102-syzkaller #0
[  205.026574][ T7713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  205.036673][ T7713] Call Trace:
[  205.040000][ T7713]  <TASK>
[  205.042968][ T7713]  dump_stack_lvl+0x16c/0x230
[  205.047699][ T7713]  ? show_regs_print_info+0x20/0x20
[  205.052943][ T7713]  ? load_image+0x3b0/0x3b0
[  205.057514][ T7713]  ? __might_fault+0xaa/0x120
[  205.062246][ T7713]  ? __lock_acquire+0x7c80/0x7c80
[  205.067326][ T7713]  should_fail_ex+0x39d/0x4d0
[  205.072069][ T7713]  _copy_from_user+0x2f/0xe0
[  205.076708][ T7713]  ____sys_sendmsg+0x30d/0x950
[  205.081514][ T7713]  ? __sys_sendmsg_sock+0x30/0x30
[  205.086563][ T7713]  ? __import_iovec+0x5f2/0x860
[  205.091441][ T7713]  ? import_iovec+0x73/0xa0
[  205.095991][ T7713]  ___sys_sendmsg+0x220/0x290
[  205.100713][ T7713]  ? __sys_sendmsg+0x270/0x270
[  205.105527][ T7713]  ? __lock_acquire+0x7c80/0x7c80
[  205.110611][ T7713]  __se_sys_sendmsg+0x1a5/0x270
[  205.115510][ T7713]  ? __x64_sys_sendmsg+0x80/0x80
[  205.120496][ T7713]  ? lockdep_hardirqs_on+0x98/0x150
[  205.125747][ T7713]  do_syscall_64+0x55/0xb0
[  205.130187][ T7713]  ? clear_bhb_loop+0x40/0x90
[  205.134881][ T7713]  ? clear_bhb_loop+0x40/0x90
[  205.139579][ T7713]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  205.145504][ T7713] RIP: 0033:0x7f35b838ebe9
[  205.149956][ T7713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  205.169762][ T7713] RSP: 002b:00007f35b65f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  205.178250][ T7713] RAX: ffffffffffffffda RBX: 00007f35b85b5fa0 RCX: 00007f35b838ebe9
[  205.186239][ T7713] RDX: 0000000000000000 RSI: 0000200000001640 RDI: 0000000000000003
[  205.194256][ T7713] RBP: 00007f35b65f6090 R08: 0000000000000000 R09: 0000000000000000
[  205.202421][ T7713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  205.210495][ T7713] R13: 00007f35b85b6038 R14: 00007f35b85b5fa0 R15: 00007ffd49fba6d8
[  205.218516][ T7713]  </TASK>
[  205.311708][ T7717] netlink: 64859 bytes leftover after parsing attributes in process `syz.1.662'.
[  205.469736][ T7719] netlink: 'syz.2.663': attribute type 6 has an invalid length.
[  205.508031][ T5796] Bluetooth: hci2: ISO packet for unknown connection handle 54
[  205.858098][ T7731] netlink: 158556 bytes leftover after parsing attributes in process `syz.2.669'.
[  205.882607][ T7731] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô'
[  205.890921][ T7731] CPU: 0 PID: 7731 Comm: syz.2.669 Not tainted 6.6.102-syzkaller #0
[  205.898961][ T7731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  205.909066][ T7731] Call Trace:
[  205.912382][ T7731]  <TASK>
[  205.915346][ T7731]  dump_stack_lvl+0x16c/0x230
[  205.920079][ T7731]  ? show_regs_print_info+0x20/0x20
[  205.925323][ T7731]  ? load_image+0x3b0/0x3b0
[  205.929905][ T7731]  sysfs_warn_dup+0x8e/0xa0
[  205.934469][ T7731]  sysfs_do_create_link_sd+0xc0/0x110
[  205.939901][ T7731]  device_add_class_symlinks+0x1cf/0x240
[  205.945684][ T7731]  device_add+0x507/0xc20
[  205.950072][ T7731]  wiphy_register+0x1e74/0x2c00
[  205.954999][ T7731]  ? cfg80211_event_work+0x40/0x40
[  205.960171][ T7731]  ? minstrel_ht_alloc+0x88a/0x990
[  205.965361][ T7731]  ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0
[  205.971578][ T7731]  ieee80211_register_hw+0x2dc2/0x3ac0
[  205.977112][ T7731]  ? ieee80211_tasklet_handler+0x20/0x20
[  205.982778][ T7731]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  205.988712][ T7731]  ? __debug_object_init+0xe8/0x430
[  205.993941][ T7731]  ? __asan_memset+0x22/0x40
[  205.998560][ T7731]  ? __hrtimer_init+0x186/0x270
[  206.003527][ T7731]  mac80211_hwsim_new_radio+0x2a00/0x4cf0
[  206.009467][ T7731]  ? mac80211_hwsim_free+0x220/0x220
[  206.014809][ T7731]  ? rcu_is_watching+0x15/0xb0
[  206.019605][ T7731]  ? kstrndup+0xbd/0x140
[  206.023892][ T7731]  hwsim_new_radio_nl+0xd78/0x19d0
[  206.029087][ T7731]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  206.035455][ T7731]  ? __nla_parse+0x40/0x50
[  206.039904][ T7731]  ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[  206.046272][ T7731]  genl_family_rcv_msg_doit+0x209/0x2f0
[  206.051868][ T7731]  ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0
[  206.057798][ T7731]  ? bpf_lsm_capable+0x9/0x10
[  206.062505][ T7731]  ? security_capable+0x89/0xb0
[  206.067384][ T7731]  genl_rcv_msg+0x60b/0x790
[  206.071925][ T7731]  ? genl_bind+0x360/0x360
[  206.076366][ T7731]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  206.082723][ T7731]  ? perf_trace_lock+0xf7/0x380
[  206.087618][ T7731]  netlink_rcv_skb+0x216/0x480
[  206.092413][ T7731]  ? genl_bind+0x360/0x360
[  206.096865][ T7731]  ? netlink_ack+0x1110/0x1110
[  206.101676][ T7731]  ? __lock_acquire+0x7c80/0x7c80
[  206.106729][ T7731]  ? down_read+0x1ac/0x2e0
[  206.111186][ T7731]  genl_rcv+0x28/0x40
[  206.115227][ T7731]  netlink_unicast+0x751/0x8d0
[  206.120074][ T7731]  netlink_sendmsg+0x8c1/0xbe0
[  206.124901][ T7731]  ? netlink_getsockopt+0x580/0x580
[  206.130165][ T7731]  ? aa_sock_msg_perm+0x94/0x150
[  206.135133][ T7731]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  206.140441][ T7731]  ? security_socket_sendmsg+0x80/0xa0
[  206.146539][ T7731]  ? netlink_getsockopt+0x580/0x580
[  206.151772][ T7731]  ____sys_sendmsg+0x5bf/0x950
[  206.156594][ T7731]  ? __asan_memset+0x22/0x40
[  206.161412][ T7731]  ? __sys_sendmsg_sock+0x30/0x30
[  206.166492][ T7731]  ? __import_iovec+0x5f2/0x860
[  206.171397][ T7731]  ? import_iovec+0x73/0xa0
[  206.175953][ T7731]  ___sys_sendmsg+0x220/0x290
[  206.180672][ T7731]  ? __sys_sendmsg+0x270/0x270
[  206.185524][ T7731]  __se_sys_sendmsg+0x1a5/0x270
[  206.190513][ T7731]  ? __x64_sys_sendmsg+0x80/0x80
[  206.195501][ T7731]  ? lockdep_hardirqs_on+0x98/0x150
[  206.200977][ T7731]  do_syscall_64+0x55/0xb0
[  206.205531][ T7731]  ? clear_bhb_loop+0x40/0x90
[  206.210253][ T7731]  ? clear_bhb_loop+0x40/0x90
[  206.214958][ T7731]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  206.220881][ T7731] RIP: 0033:0x7f35b838ebe9
[  206.225332][ T7731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.245039][ T7731] RSP: 002b:00007f35b65f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  206.253502][ T7731] RAX: ffffffffffffffda RBX: 00007f35b85b5fa0 RCX: 00007f35b838ebe9
[  206.261495][ T7731] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[  206.269487][ T7731] RBP: 00007f35b8411e19 R08: 0000000000000000 R09: 0000000000000000
[  206.277475][ T7731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  206.285469][ T7731] R13: 00007f35b85b6038 R14: 00007f35b85b5fa0 R15: 00007ffd49fba6d8
[  206.293571][ T7731]  </TASK>
[  206.833953][ T7748] FAULT_INJECTION: forcing a failure.
[  206.833953][ T7748] name failslab, interval 1, probability 0, space 0, times 0
[  206.891064][ T7748] CPU: 0 PID: 7748 Comm: syz.3.677 Not tainted 6.6.102-syzkaller #0
[  206.899135][ T7748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  206.909238][ T7748] Call Trace:
[  206.912560][ T7748]  <TASK>
[  206.915525][ T7748]  dump_stack_lvl+0x16c/0x230
[  206.920255][ T7748]  ? show_regs_print_info+0x20/0x20
[  206.925527][ T7748]  ? load_image+0x3b0/0x3b0
[  206.930101][ T7748]  ? __lock_acquire+0x7c80/0x7c80
[  206.935184][ T7748]  should_fail_ex+0x39d/0x4d0
[  206.940005][ T7748]  should_failslab+0x9/0x20
[  206.944561][ T7748]  slab_pre_alloc_hook+0x59/0x310
[  206.949651][ T7748]  ? bpf_prog_alloc+0x3d/0x1b0
[  206.954463][ T7748]  ? bpf_prog_load+0x6b8/0x16d0
[  206.959354][ T7748]  ? __sys_bpf+0x55a/0x800
[  206.963831][ T7748]  kmem_cache_alloc_node+0x60/0x330
[  206.969451][ T7748]  ? alloc_vmap_area+0x1c4/0x1c70
[  206.974558][ T7748]  alloc_vmap_area+0x1c4/0x1c70
[  206.979501][ T7748]  ? vm_map_ram+0xcb0/0xcb0
[  206.984065][ T7748]  ? rcu_is_watching+0x15/0xb0
[  206.988946][ T7748]  __get_vm_area_node+0x162/0x370
[  206.994042][ T7748]  __vmalloc_node_range+0x36e/0x1320
[  206.999377][ T7748]  ? bpf_prog_alloc_no_stats+0x47/0x440
[  207.004975][ T7748]  ? mark_lock+0x94/0x320
[  207.009376][ T7748]  ? __lock_acquire+0x1334/0x7c80
[  207.014461][ T7748]  ? verify_lock_unused+0x140/0x140
[  207.019718][ T7748]  ? free_vm_area+0x50/0x50
[  207.024270][ T7748]  ? end_current_label_crit_section+0x170/0x170
[  207.030574][ T7748]  ? bpf_prog_alloc_no_stats+0x47/0x440
[  207.036170][ T7748]  __vmalloc+0x7a/0x90
[  207.040289][ T7748]  ? bpf_prog_alloc_no_stats+0x47/0x440
[  207.045889][ T7748]  bpf_prog_alloc_no_stats+0x47/0x440
[  207.051311][ T7748]  ? bpf_prog_alloc+0x2b/0x1b0
[  207.056213][ T7748]  bpf_prog_alloc+0x3d/0x1b0
[  207.060834][ T7748]  bpf_prog_load+0x6b8/0x16d0
[  207.065562][ T7748]  ? map_freeze+0x420/0x420
[  207.070125][ T7748]  ? __might_fault+0xaa/0x120
[  207.075056][ T7748]  ? __lock_acquire+0x7c80/0x7c80
[  207.080136][ T7748]  ? file_end_write+0x159/0x250
[  207.085041][ T7748]  ? __might_fault+0xaa/0x120
[  207.089750][ T7748]  ? __might_fault+0xc6/0x120
[  207.094449][ T7748]  ? __might_fault+0xaa/0x120
[  207.099145][ T7748]  ? bpf_lsm_bpf+0x9/0x10
[  207.103503][ T7748]  ? security_bpf+0x7e/0xa0
[  207.108032][ T7748]  __sys_bpf+0x55a/0x800
[  207.112305][ T7748]  ? bpf_link_show_fdinfo+0x350/0x350
[  207.117742][ T7748]  ? lock_chain_count+0x20/0x20
[  207.122623][ T7748]  __x64_sys_bpf+0x7c/0x90
[  207.127052][ T7748]  do_syscall_64+0x55/0xb0
[  207.131486][ T7748]  ? clear_bhb_loop+0x40/0x90
[  207.136194][ T7748]  ? clear_bhb_loop+0x40/0x90
[  207.140925][ T7748]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  207.146872][ T7748] RIP: 0033:0x7fac9578ebe9
[  207.151314][ T7748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  207.170966][ T7748] RSP: 002b:00007fac965f3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  207.179406][ T7748] RAX: ffffffffffffffda RBX: 00007fac959b5fa0 RCX: 00007fac9578ebe9
[  207.187485][ T7748] RDX: 0000000000000021 RSI: 0000200000000440 RDI: 0000000000000005
[  207.195468][ T7748] RBP: 00007fac965f3090 R08: 0000000000000000 R09: 0000000000000000
[  207.203451][ T7748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  207.211452][ T7748] R13: 00007fac959b6038 R14: 00007fac959b5fa0 R15: 00007ffcd3477e88
[  207.219450][ T7748]  </TASK>
[  207.628533][ T7765] netlink: 158556 bytes leftover after parsing attributes in process `syz.3.683'.
[  207.659765][ T7765] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô'
[  207.668423][ T7765] CPU: 1 PID: 7765 Comm: syz.3.683 Not tainted 6.6.102-syzkaller #0
[  207.676467][ T7765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  207.686560][ T7765] Call Trace:
[  207.689873][ T7765]  <TASK>
[  207.692836][ T7765]  dump_stack_lvl+0x16c/0x230
[  207.697540][ T7765]  ? show_regs_print_info+0x20/0x20
[  207.702757][ T7765]  ? load_image+0x3b0/0x3b0
[  207.707296][ T7765]  sysfs_warn_dup+0x8e/0xa0
[  207.711823][ T7765]  sysfs_do_create_link_sd+0xc0/0x110
[  207.717216][ T7765]  device_add_class_symlinks+0x1cf/0x240
[  207.722879][ T7765]  device_add+0x507/0xc20
[  207.727270][ T7765]  wiphy_register+0x1e74/0x2c00
[  207.732166][ T7765]  ? cfg80211_event_work+0x40/0x40
[  207.737296][ T7765]  ? minstrel_ht_alloc+0x88a/0x990
[  207.742431][ T7765]  ? ieee80211_init_rate_ctrl_alg+0x562/0x5e0
[  207.748525][ T7765]  ieee80211_register_hw+0x2dc2/0x3ac0
[  207.754023][ T7765]  ? ieee80211_tasklet_handler+0x20/0x20
[  207.759673][ T7765]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  207.765596][ T7765]  ? __debug_object_init+0xe8/0x430
[  207.770834][ T7765]  ? __asan_memset+0x22/0x40
[  207.775448][ T7765]  ? __hrtimer_init+0x186/0x270
[  207.780355][ T7765]  mac80211_hwsim_new_radio+0x2a00/0x4cf0
[  207.786203][ T7765]  ? mac80211_hwsim_free+0x220/0x220
[  207.791502][ T7765]  ? rcu_is_watching+0x15/0xb0
[  207.796287][ T7765]  ? kstrndup+0xbd/0x140
[  207.800553][ T7765]  hwsim_new_radio_nl+0xd78/0x19d0
[  207.805696][ T7765]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  207.812053][ T7765]  ? __nla_parse+0x40/0x50
[  207.816496][ T7765]  ? genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[  207.822856][ T7765]  genl_family_rcv_msg_doit+0x209/0x2f0
[  207.828460][ T7765]  ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0
[  207.834387][ T7765]  ? bpf_lsm_capable+0x9/0x10
[  207.839092][ T7765]  ? security_capable+0x89/0xb0
[  207.843968][ T7765]  genl_rcv_msg+0x60b/0x790
[  207.848509][ T7765]  ? genl_bind+0x360/0x360
[  207.852942][ T7765]  ? hwsim_tx_info_frame_received_nl+0xd60/0xd60
[  207.859286][ T7765]  ? ref_tracker_free+0x634/0x7d0
[  207.864332][ T7765]  netlink_rcv_skb+0x216/0x480
[  207.869115][ T7765]  ? genl_bind+0x360/0x360
[  207.873554][ T7765]  ? netlink_ack+0x1110/0x1110
[  207.878357][ T7765]  ? __lock_acquire+0x7c80/0x7c80
[  207.883413][ T7765]  ? down_read+0x1ac/0x2e0
[  207.887854][ T7765]  genl_rcv+0x28/0x40
[  207.891865][ T7765]  netlink_unicast+0x751/0x8d0
[  207.896665][ T7765]  netlink_sendmsg+0x8c1/0xbe0
[  207.901459][ T7765]  ? netlink_getsockopt+0x580/0x580
[  207.906765][ T7765]  ? aa_sock_msg_perm+0x94/0x150
[  207.911736][ T7765]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  207.917037][ T7765]  ? security_socket_sendmsg+0x80/0xa0
[  207.922510][ T7765]  ? netlink_getsockopt+0x580/0x580
[  207.927731][ T7765]  ____sys_sendmsg+0x5bf/0x950
[  207.932530][ T7765]  ? __asan_memset+0x22/0x40
[  207.937142][ T7765]  ? __sys_sendmsg_sock+0x30/0x30
[  207.942210][ T7765]  ? __import_iovec+0x5f2/0x860
[  207.947096][ T7765]  ? import_iovec+0x73/0xa0
[  207.951624][ T7765]  ___sys_sendmsg+0x220/0x290
[  207.956332][ T7765]  ? __sys_sendmsg+0x270/0x270
[  207.961165][ T7765]  __se_sys_sendmsg+0x1a5/0x270
[  207.966043][ T7765]  ? __x64_sys_sendmsg+0x80/0x80
[  207.971014][ T7765]  ? lockdep_hardirqs_on+0x98/0x150
[  207.976239][ T7765]  do_syscall_64+0x55/0xb0
[  207.980672][ T7765]  ? clear_bhb_loop+0x40/0x90
[  207.985362][ T7765]  ? clear_bhb_loop+0x40/0x90
[  207.990055][ T7765]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  207.995985][ T7765] RIP: 0033:0x7fac9578ebe9
[  208.000426][ T7765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  208.020061][ T7765] RSP: 002b:00007fac965f3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  208.028503][ T7765] RAX: ffffffffffffffda RBX: 00007fac959b5fa0 RCX: 00007fac9578ebe9
[  208.036496][ T7765] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[  208.044493][ T7765] RBP: 00007fac95811e19 R08: 0000000000000000 R09: 0000000000000000
[  208.052497][ T7765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  208.060496][ T7765] R13: 00007fac959b6038 R14: 00007fac959b5fa0 R15: 00007ffcd3477e88
[  208.068516][ T7765]  </TASK>
[  208.918393][ T7793] FAULT_INJECTION: forcing a failure.
[  208.918393][ T7793] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  208.959933][ T7793] CPU: 0 PID: 7793 Comm: syz.2.692 Not tainted 6.6.102-syzkaller #0
[  208.968000][ T7793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  208.978105][ T7793] Call Trace:
[  208.981430][ T7793]  <TASK>
[  208.984405][ T7793]  dump_stack_lvl+0x16c/0x230
[  208.989139][ T7793]  ? show_regs_print_info+0x20/0x20
[  208.994389][ T7793]  ? load_image+0x3b0/0x3b0
[  208.998952][ T7793]  ? __might_fault+0xaa/0x120
[  209.003685][ T7793]  ? __lock_acquire+0x7c80/0x7c80
[  209.008756][ T7793]  ? unix_ioctl+0x254/0x660
[  209.013320][ T7793]  should_fail_ex+0x39d/0x4d0
[  209.018054][ T7793]  _copy_from_user+0x2f/0xe0
[  209.022694][ T7793]  sock_do_ioctl+0x17c/0x2f0
[  209.027346][ T7793]  ? sock_show_fdinfo+0xb0/0xb0
[  209.032289][ T7793]  sock_ioctl+0x623/0x7a0
[  209.036687][ T7793]  ? sock_poll+0x3d0/0x3d0
[  209.041171][ T7793]  ? bpf_lsm_file_ioctl+0x9/0x10
[  209.046159][ T7793]  ? security_file_ioctl+0x80/0xa0
[  209.051343][ T7793]  ? sock_poll+0x3d0/0x3d0
[  209.055833][ T7793]  __se_sys_ioctl+0xfd/0x170
[  209.060493][ T7793]  do_syscall_64+0x55/0xb0
[  209.064961][ T7793]  ? clear_bhb_loop+0x40/0x90
[  209.069684][ T7793]  ? clear_bhb_loop+0x40/0x90
[  209.074406][ T7793]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  209.080358][ T7793] RIP: 0033:0x7f35b838ebe9
[  209.084824][ T7793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  209.104487][ T7793] RSP: 002b:00007f35b65f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  209.112979][ T7793] RAX: ffffffffffffffda RBX: 00007f35b85b5fa0 RCX: 00007f35b838ebe9
[  209.121016][ T7793] RDX: 0000200000000040 RSI: 0000000000008924 RDI: 0000000000000003
[  209.129042][ T7793] RBP: 00007f35b65f6090 R08: 0000000000000000 R09: 0000000000000000
[  209.137072][ T7793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  209.145068][ T7793] R13: 00007f35b85b6038 R14: 00007f35b85b5fa0 R15: 00007ffd49fba6d8
[  209.153095][ T7793]  </TASK>
[  209.987164][ T1134] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  210.295479][ T1134] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  210.463658][ T1134] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  210.714100][ T1134] batman_adv: batadv0: Removing interface: netdevsim0
[  210.782560][ T1134] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  210.864765][ T5790] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  210.875024][ T5790] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  210.883491][ T5790] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  210.892556][ T5790] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  210.901926][ T5790] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  210.909347][ T5790] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  211.306248][ T1134] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.606723][ T1134] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.873443][ T1134] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  212.041080][ T5101] Bluetooth: hci0: command 0x0406 tx timeout
[  212.141655][ T1134] bond0: (slave netdevsim0): Releasing backup interface
[  212.240026][ T1134] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.001114][ T5796] Bluetooth: hci1: command tx timeout
[  215.087911][ T5796] Bluetooth: hci1: command tx timeout
[  217.161126][ T5796] Bluetooth: hci1: command tx timeout
[  219.250998][ T5796] Bluetooth: hci1: command tx timeout
[  224.071036][ T1134] hsr_slave_0: left promiscuous mode
[  224.221214][ T1134] hsr_slave_1: left promiscuous mode
[  224.301216][ T1134] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  224.411079][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_0
[  224.492340][ T1134] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  224.499810][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_1
[  224.711763][ T1134] team0: left allmulticast mode
[  224.716697][ T1134] team_slave_0: left allmulticast mode
[  224.836172][ T1134] team_slave_1: left allmulticast mode
[  224.931771][ T1134] bridge0: port 3(team0) entered disabled state
[  225.092045][ T1134] bridge_slave_1: left allmulticast mode
[  225.097772][ T1134] bridge_slave_1: left promiscuous mode
[  225.242320][ T1134] bridge0: port 2(bridge_slave_1) entered disabled state
[  225.408993][ T1134] bridge_slave_0: left allmulticast mode
[  225.491876][ T1134] bridge_slave_0: left promiscuous mode
[  225.497721][ T1134] bridge0: port 1(bridge_slave_0) entered disabled state
[  225.811058][ T1134] hsr_slave_0: left promiscuous mode
[  225.881040][ T1134] hsr_slave_1: left promiscuous mode
[  225.981150][ T1134] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  225.988630][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_0
[  226.172042][ T1134] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  226.179510][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_1
[  226.357652][ T1134] bridge_slave_1: left allmulticast mode
[  226.431001][ T1134] bridge_slave_1: left promiscuous mode
[  226.436896][ T1134] bridge0: port 2(bridge_slave_1) entered disabled state
[  226.671990][ T1134] bridge_slave_0: left allmulticast mode
[  226.677753][ T1134] bridge_slave_0: left promiscuous mode
[  226.825922][ T1134] bridge0: port 1(bridge_slave_0) entered disabled state
[  227.522616][ T1134] veth1_macvtap: left promiscuous mode
[  227.528663][ T1134] veth0_macvtap: left promiscuous mode
[  227.671168][ T1134] veth1_vlan: left promiscuous mode
[  227.676976][ T1134] veth0_vlan: left promiscuous mode
[  227.951831][ T1134] veth0_macvtap: left promiscuous mode
[  227.957657][ T1134] veth1_vlan: left promiscuous mode
[  231.889353][ T5101] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  231.900412][ T5101] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  231.908806][ T5101] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  231.936350][ T5101] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  231.944659][ T5101] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  231.961508][ T5101] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  232.231075][ T5796] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  232.239081][ T5796] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  232.261522][ T5796] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  232.309033][ T5796] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  232.322604][ T5796] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  232.330787][ T5796] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  232.748704][ T5796] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  232.769051][ T5796] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  232.778332][ T5796] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  232.822939][ T5796] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  232.838797][ T5796] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  232.847376][ T5796] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  233.036369][ T1134] team_slave_1 (unregistering): left promiscuous mode
[  233.047050][ T1134] team0 (unregistering): Port device team_slave_1 removed
[  233.086151][ T1134] team_slave_0 (unregistering): left promiscuous mode
[  233.095020][ T1134] team0 (unregistering): Port device team_slave_0 removed
[  233.139030][ T1134] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  233.185002][ T1134] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  233.605031][ T1134] bond0 (unregistering): Released all slaves
[  234.044343][ T1134] team0 (unregistering): Port device team_slave_1 removed
[  234.053047][ T5796] Bluetooth: hci2: command tx timeout
[  234.097564][ T1134] team0 (unregistering): Port device team_slave_0 removed
[  234.136793][ T1134] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  234.179288][ T1134] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  234.446484][ T5796] Bluetooth: hci3: command tx timeout
[  234.600780][ T1134] bond0 (unregistering): Released all slaves
[  235.003080][ T5796] Bluetooth: hci4: command tx timeout
[  235.067501][ T7804] chnl_net:caif_netlink_parms(): no params data found
[  235.556303][ T7822] chnl_net:caif_netlink_parms(): no params data found
[  235.588739][ T7804] bridge0: port 1(bridge_slave_0) entered blocking state
[  235.611663][ T7804] bridge0: port 1(bridge_slave_0) entered disabled state
[  235.618987][ T7804] bridge_slave_0: entered allmulticast mode
[  235.629211][ T7804] bridge_slave_0: entered promiscuous mode
[  235.642426][ T7804] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.649629][ T7804] bridge0: port 2(bridge_slave_1) entered disabled state
[  235.657137][ T7804] bridge_slave_1: entered allmulticast mode
[  235.664824][ T7804] bridge_slave_1: entered promiscuous mode
[  235.738445][ T7831] chnl_net:caif_netlink_parms(): no params data found
[  235.832711][ T7804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  235.895632][ T7804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  235.917599][ T7816] chnl_net:caif_netlink_parms(): no params data found
[  235.993896][ T7804] team0: Port device team_slave_0 added
[  236.003350][ T7804] team0: Port device team_slave_1 added
[  236.093963][ T7804] batman_adv: batadv0: Adding interface: batadv_slave_0
[  236.101148][ T7804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  236.127377][ T7804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  236.131072][ T5796] Bluetooth: hci2: command tx timeout
[  236.180484][ T7804] batman_adv: batadv0: Adding interface: batadv_slave_1
[  236.188186][ T7804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  236.220037][ T7804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  236.258949][ T7822] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.266377][ T7822] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.273755][ T7822] bridge_slave_0: entered allmulticast mode
[  236.280817][ T7822] bridge_slave_0: entered promiscuous mode
[  236.345851][ T7822] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.353180][ T7822] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.360428][ T7822] bridge_slave_1: entered allmulticast mode
[  236.370049][ T7822] bridge_slave_1: entered promiscuous mode
[  236.377370][ T7831] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.385016][ T7831] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.392372][ T7831] bridge_slave_0: entered allmulticast mode
[  236.399485][ T7831] bridge_slave_0: entered promiscuous mode
[  236.416527][ T7831] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.424281][ T7831] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.431882][ T7831] bridge_slave_1: entered allmulticast mode
[  236.439166][ T7831] bridge_slave_1: entered promiscuous mode
[  236.446868][ T7816] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.456225][ T7816] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.464088][ T7816] bridge_slave_0: entered allmulticast mode
[  236.471463][ T7816] bridge_slave_0: entered promiscuous mode
[  236.480280][ T7816] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.487709][ T7816] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.495554][ T7816] bridge_slave_1: entered allmulticast mode
[  236.503157][ T7816] bridge_slave_1: entered promiscuous mode
[  236.514117][ T7804] hsr_slave_0: entered promiscuous mode
[  236.521729][ T5796] Bluetooth: hci3: command tx timeout
[  236.530152][ T7804] hsr_slave_1: entered promiscuous mode
[  236.536623][ T7804] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  236.544693][ T7804] Cannot create hsr debugfs directory
[  236.600228][ T7831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  236.661396][ T7831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  236.702976][ T7816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  236.723589][ T7822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  236.738127][ T7822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  236.808590][ T1134] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.830766][ T7816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  236.890251][ T7831] team0: Port device team_slave_0 added
[  237.003850][ T1134] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.024565][ T7822] team0: Port device team_slave_0 added
[  237.036195][ T7831] team0: Port device team_slave_1 added
[  237.086275][ T5796] Bluetooth: hci4: command tx timeout
[  237.098713][ T7822] team0: Port device team_slave_1 added
[  237.129279][ T1134] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.217983][ T7816] team0: Port device team_slave_0 added
[  237.234315][ T7831] batman_adv: batadv0: Adding interface: batadv_slave_0
[  237.249935][ T7831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  237.284892][ T7831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  237.328466][ T1134] bond0: (slave netdevsim0): Releasing backup interface
[  237.348321][ T1134] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.398231][ T7816] team0: Port device team_slave_1 added
[  237.444503][ T7831] batman_adv: batadv0: Adding interface: batadv_slave_1
[  237.453399][ T7831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  237.480694][ T7831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  237.532071][ T7822] batman_adv: batadv0: Adding interface: batadv_slave_0
[  237.539067][ T7822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  237.565564][ T7822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  237.599516][ T7816] batman_adv: batadv0: Adding interface: batadv_slave_0
[  237.615098][ T7816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  237.645044][ T7816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  237.658899][ T7816] batman_adv: batadv0: Adding interface: batadv_slave_1
[  237.666039][ T7816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  237.692376][ T7816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  237.727647][ T7822] batman_adv: batadv0: Adding interface: batadv_slave_1
[  237.734823][ T7822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  237.761257][ T7822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  237.862465][ T7831] hsr_slave_0: entered promiscuous mode
[  237.869206][ T7831] hsr_slave_1: entered promiscuous mode
[  237.876827][ T7831] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  237.885993][ T7831] Cannot create hsr debugfs directory
[  237.978501][ T7816] hsr_slave_0: entered promiscuous mode
[  237.989895][ T7816] hsr_slave_1: entered promiscuous mode
[  237.996678][ T7816] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  238.004463][ T7816] Cannot create hsr debugfs directory
[  238.016400][ T7822] hsr_slave_0: entered promiscuous mode
[  238.023362][ T7822] hsr_slave_1: entered promiscuous mode
[  238.029965][ T7822] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  238.037852][ T7822] Cannot create hsr debugfs directory
[  238.137059][ T1134] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.201475][ T5796] Bluetooth: hci2: command tx timeout
[  238.267271][ T1134] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.373576][ T1134] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.428452][ T1134] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.515907][ T7804] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  238.568672][ T7804] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  238.588165][ T7804] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  238.601588][ T5796] Bluetooth: hci3: command tx timeout
[  238.642208][ T7804] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  238.785808][ T7816] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  238.815646][ T7816] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  238.871122][ T7816] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  238.889978][ T7816] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  239.162090][ T5796] Bluetooth: hci4: command tx timeout
[  239.455338][ T7831] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  239.470607][ T7831] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  239.563044][ T7831] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  239.576852][ T7831] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  239.775084][ T7822] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  239.789862][ T7822] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  239.851491][ T7822] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  239.928920][ T7804] 8021q: adding VLAN 0 to HW filter on device bond0
[  239.943499][ T7822] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  240.035581][ T7804] 8021q: adding VLAN 0 to HW filter on device team0
[  240.153744][   T48] bridge0: port 1(bridge_slave_0) entered blocking state
[  240.160988][   T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[  240.207996][ T7816] 8021q: adding VLAN 0 to HW filter on device bond0
[  240.276815][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  240.284085][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  240.294593][ T5796] Bluetooth: hci2: command tx timeout
[  240.429474][ T7816] 8021q: adding VLAN 0 to HW filter on device team0
[  240.529619][   T48] bridge0: port 1(bridge_slave_0) entered blocking state
[  240.536894][   T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[  240.574164][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  240.581392][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  240.637795][ T7831] 8021q: adding VLAN 0 to HW filter on device bond0
[  240.683442][ T5796] Bluetooth: hci3: command tx timeout
[  240.773560][ T7831] 8021q: adding VLAN 0 to HW filter on device team0
[  240.814952][ T1134] 
[  240.817345][ T1134] ======================================================
[  240.824394][ T1134] WARNING: possible circular locking dependency detected
[  240.831517][ T1134] 6.6.102-syzkaller #0 Not tainted
[  240.836662][ T1134] ------------------------------------------------------
[  240.843713][ T1134] kworker/u4:5/1134 is trying to acquire lock:
[  240.849939][ T1134] ffff88807796cd00 (team->team_lock_key#4){+.+.}-{3:3}, at: team_del_slave+0x32/0x1c0
[  240.859572][ T1134] 
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  240.859572][ T1134] but task is already holding lock:
[  240.866965][ T1134] ffff88807b770768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x292/0x680
[  240.877484][ T1134] 
[  240.877484][ T1134] which lock already depends on the new lock.
[  240.877484][ T1134] 
[  240.887918][ T1134] 
[  240.887918][ T1134] the existing dependency chain (in reverse order) is:
[  240.896960][ T1134] 
[  240.896960][ T1134] -> #1 (&rdev->wiphy.mtx){+.+.}-{3:3}:
[  240.904754][ T1134]        __mutex_lock+0x129/0xcc0
[  240.909822][ T1134]        ieee80211_open+0x144/0x200
[  240.915059][ T1134]        __dev_open+0x2bc/0x430
[  240.919949][ T1134]        dev_open+0xab/0x170
[  240.924592][ T1134]        team_add_slave+0xae7/0x2660
[  240.929931][ T1134]        do_setlink+0xe14/0x3fb0
[  240.934917][ T1134]        rtnl_newlink+0x175b/0x2020
[  240.940164][ T1134]        rtnetlink_rcv_msg+0x7c7/0xf10
[  240.945677][ T1134]        netlink_rcv_skb+0x216/0x480
[  240.951057][ T1134]        netlink_unicast+0x751/0x8d0
[  240.956382][ T1134]        netlink_sendmsg+0x8c1/0xbe0
[  240.961726][ T1134]        ____sys_sendmsg+0x5bf/0x950
[  240.967139][ T1134]        ___sys_sendmsg+0x220/0x290
[  240.972373][ T1134]        __se_sys_sendmsg+0x1a5/0x270
[  240.977783][ T1134]        do_syscall_64+0x55/0xb0
[  240.982757][ T1134]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  240.989255][ T1134] 
[  240.989255][ T1134] -> #0 (team->team_lock_key#4){+.+.}-{3:3}:
[  240.997511][ T1134]        __lock_acquire+0x2ddb/0x7c80
[  241.002923][ T1134]        lock_acquire+0x197/0x410
[  241.007999][ T1134]        __mutex_lock+0x129/0xcc0
[  241.013064][ T1134]        team_del_slave+0x32/0x1c0
[  241.018209][ T1134]        team_device_event+0x28d/0xa20
[  241.023711][ T1134]        notifier_call_chain+0x197/0x390
[  241.029385][ T1134]        unregister_netdevice_many_notify+0xf36/0x1810
[  241.036281][ T1134]        unregister_netdevice_queue+0x324/0x360
[  241.042562][ T1134]        _cfg80211_unregister_wdev+0x16b/0x580
[  241.048759][ T1134]        ieee80211_remove_interfaces+0x496/0x680
[  241.055107][ T1134]        ieee80211_unregister_hw+0x5d/0x2a0
[  241.061071][ T1134]        mac80211_hwsim_del_radio+0x274/0x450
[  241.067157][ T1134]        hwsim_exit_net+0x585/0x640
[  241.072380][ T1134]        cleanup_net+0x6f4/0xb90
[  241.077343][ T1134]        process_scheduled_works+0xa45/0x15b0
[  241.083439][ T1134]        worker_thread+0xa55/0xfc0
[  241.088603][ T1134]        kthread+0x2fa/0x390
[  241.093200][ T1134]        ret_from_fork+0x48/0x80
[  241.098145][ T1134]        ret_from_fork_asm+0x11/0x20
[  241.103441][ T1134] 
[  241.103441][ T1134] other info that might help us debug this:
[  241.103441][ T1134] 
[  241.113670][ T1134]  Possible unsafe locking scenario:
[  241.113670][ T1134] 
[  241.121122][ T1134]        CPU0                    CPU1
[  241.126498][ T1134]        ----                    ----
[  241.131902][ T1134]   lock(&rdev->wiphy.mtx);
[  241.136418][ T1134]                                lock(team->team_lock_key#4);
[  241.143902][ T1134]                                lock(&rdev->wiphy.mtx);
[  241.150935][ T1134]   lock(team->team_lock_key#4);
[  241.155931][ T1134] 
[  241.155931][ T1134]  *** DEADLOCK ***
[  241.155931][ T1134] 
[  241.164088][ T1134] 5 locks held by kworker/u4:5/1134:
[  241.169372][ T1134]  #0: ffff888017873938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  241.180270][ T1134]  #1: ffffc9000477fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  241.190810][ T1134]  #2: ffffffff8dfaec50 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x136/0xb90
[  241.200305][ T1134]  #3: ffffffff8dfbba48 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_unregister_hw+0x55/0x2a0
[  241.210156][ T1134]  #4: ffff88807b770768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x292/0x680
[  241.220982][ T1134] 
[  241.220982][ T1134] stack backtrace:
[  241.226887][ T1134] CPU: 0 PID: 1134 Comm: kworker/u4:5 Not tainted 6.6.102-syzkaller #0
[  241.235152][ T1134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  241.241154][ T5796] Bluetooth: hci4: command tx timeout
[  241.245202][ T1134] Workqueue: netns cleanup_net
[  241.255460][ T1134] Call Trace:
[  241.258774][ T1134]  <TASK>
[  241.261730][ T1134]  dump_stack_lvl+0x16c/0x230
[  241.266419][ T1134]  ? load_image+0x3b0/0x3b0
[  241.270947][ T1134]  ? show_regs_print_info+0x20/0x20
[  241.276197][ T1134]  ? print_circular_bug+0x12b/0x1a0
[  241.281495][ T1134]  check_noncircular+0x2bd/0x3c0
[  241.286440][ T1134]  ? print_deadlock_bug+0x5d0/0x5d0
[  241.291644][ T1134]  ? lockdep_lock+0xe0/0x220
[  241.296262][ T1134]  ? __lock_acquire+0x1334/0x7c80
[  241.301289][ T1134]  ? _find_first_zero_bit+0xd3/0x100
[  241.306587][ T1134]  __lock_acquire+0x2ddb/0x7c80
[  241.311463][ T1134]  ? verify_lock_unused+0x140/0x140
[  241.316672][ T1134]  ? verify_lock_unused+0x140/0x140
[  241.321919][ T1134]  lock_acquire+0x197/0x410
[  241.326444][ T1134]  ? team_del_slave+0x32/0x1c0
[  241.331227][ T1134]  ? __might_sleep+0xe0/0xe0
[  241.335842][ T1134]  ? read_lock_is_recursive+0x20/0x20
[  241.341224][ T1134]  __mutex_lock+0x129/0xcc0
[  241.345737][ T1134]  ? team_del_slave+0x32/0x1c0
[  241.350515][ T1134]  ? __lock_acquire+0x7c80/0x7c80
[  241.355564][ T1134]  ? rcu_is_watching+0x15/0xb0
[  241.360380][ T1134]  ? trace_contention_end+0x39/0xe0
[  241.365599][ T1134]  ? __mutex_lock+0x304/0xcc0
[  241.370376][ T1134]  ? team_del_slave+0x32/0x1c0
[  241.375235][ T1134]  ? mutex_lock_nested+0x20/0x20
[  241.380187][ T1134]  ? bond_netdev_event+0xe1/0xef0
[  241.385244][ T1134]  ? __mutex_unlock_slowpath+0x1a2/0x6a0
[  241.390888][ T1134]  ? bond_ipsec_offload_ok+0x410/0x410
[  241.396407][ T1134]  team_del_slave+0x32/0x1c0
[  241.401021][ T1134]  team_device_event+0x28d/0xa20
[  241.405989][ T1134]  notifier_call_chain+0x197/0x390
[  241.411120][ T1134]  unregister_netdevice_many_notify+0xf36/0x1810
[  241.417580][ T1134]  ? lock_chain_count+0x20/0x20
[  241.422450][ T1134]  ? unregister_netdevice_many+0x20/0x20
[  241.428109][ T1134]  ? kernfs_remove_by_name_ns+0x117/0x150
[  241.433886][ T1134]  ? __lock_acquire+0x7c80/0x7c80
[  241.438937][ T1134]  unregister_netdevice_queue+0x324/0x360
[  241.444691][ T1134]  ? list_netdevice+0x730/0x730
[  241.449554][ T1134]  ? kernfs_remove_by_name_ns+0x117/0x150
[  241.455292][ T1134]  _cfg80211_unregister_wdev+0x16b/0x580
[  241.460961][ T1134]  ieee80211_remove_interfaces+0x496/0x680
[  241.466809][ T1134]  ? ieee80211_do_stop+0x1db0/0x1db0
[  241.472107][ T1134]  ? rcu_is_watching+0x15/0xb0
[  241.476880][ T1134]  ieee80211_unregister_hw+0x5d/0x2a0
[  241.482264][ T1134]  mac80211_hwsim_del_radio+0x274/0x450
[  241.487821][ T1134]  ? rhashtable_remove_fast+0xbf0/0xbf0
[  241.493377][ T1134]  hwsim_exit_net+0x585/0x640
[  241.498069][ T1134]  ? hwsim_init_net+0x90/0x90
[  241.502749][ T1134]  ? __ip_vs_dev_cleanup_batch+0x238/0x250
[  241.508564][ T1134]  cleanup_net+0x6f4/0xb90
[  241.512995][ T1134]  ? ops_free_list+0x3b0/0x3b0
[  241.517768][ T1134]  ? _raw_spin_unlock_irq+0x23/0x50
[  241.522980][ T1134]  ? process_scheduled_works+0x957/0x15b0
[  241.528707][ T1134]  ? process_scheduled_works+0x957/0x15b0
[  241.534433][ T1134]  process_scheduled_works+0xa45/0x15b0
[  241.540014][ T1134]  ? assign_work+0x400/0x400
[  241.544611][ T1134]  ? assign_work+0x39e/0x400
[  241.549306][ T1134]  worker_thread+0xa55/0xfc0
[  241.553928][ T1134]  kthread+0x2fa/0x390
[  241.558007][ T1134]  ? pr_cont_work+0x560/0x560
[  241.562730][ T1134]  ? kthread_blkcg+0xd0/0xd0
[  241.567344][ T1134]  ret_from_fork+0x48/0x80
[  241.571767][ T1134]  ? kthread_blkcg+0xd0/0xd0
[  241.576357][ T1134]  ret_from_fork_asm+0x11/0x20
[  241.581144][ T1134]  </TASK>
[  241.594648][ T1134] team0: Port device wlan1 removed
[  242.275565][ T1134] hsr_slave_0: left promiscuous mode
[  242.313761][ T1134] hsr_slave_1: left promiscuous mode
[  242.328465][ T1134] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  242.353937][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_0
[  242.396779][ T1134] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  242.410018][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_1
[  242.418442][ T1134] bridge_slave_1: left allmulticast mode
[  242.424900][ T1134] bridge_slave_1: left promiscuous mode
[  242.430742][ T1134] bridge0: port 2(bridge_slave_1) entered disabled state
[  242.440275][ T1134] bridge_slave_0: left allmulticast mode
[  242.446949][ T1134] bridge_slave_0: left promiscuous mode
[  242.453148][ T1134] bridge0: port 1(bridge_slave_0) entered disabled state
[  242.466941][ T1134] hsr_slave_0: left promiscuous mode
[  242.473644][ T1134] hsr_slave_1: left promiscuous mode
[  242.479635][ T1134] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  242.487799][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_0
[  242.497829][ T1134] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  242.505827][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_1
[  242.514025][ T1134] bridge_slave_1: left allmulticast mode
[  242.519709][ T1134] bridge_slave_1: left promiscuous mode
[  242.526246][ T1134] bridge0: port 2(bridge_slave_1) entered disabled state
[  242.537393][ T1134] bridge_slave_0: left allmulticast mode
[  242.543276][ T1134] bridge_slave_0: left promiscuous mode
[  242.549021][ T1134] bridge0: port 1(bridge_slave_0) entered disabled state
[  242.566136][ T1134] veth1_macvtap: left promiscuous mode
[  242.574197][ T1134] veth0_macvtap: left promiscuous mode
[  242.579813][ T1134] veth1_vlan: left promiscuous mode
[  242.586273][ T1134] veth0_vlan: left promiscuous mode
[  242.599513][ T1134] veth1_macvtap: left promiscuous mode
[  242.606455][ T1134] veth0_macvtap: left promiscuous mode
[  242.612325][ T1134] veth1_vlan: left promiscuous mode
[  242.617678][ T1134] veth0_vlan: left promiscuous mode
[  242.966640][ T1134] team0 (unregistering): Port device team_slave_1 removed
[  242.993075][ T1134] team0 (unregistering): Port device team_slave_0 removed
[  243.019349][ T1134] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  243.047450][ T1134] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  243.170368][ T1134] bond0 (unregistering): Released all slaves
[  243.386145][ T1134] team0 (unregistering): Port device team_slave_1 removed
[  243.420730][ T1134] team0 (unregistering): Port device team_slave_0 removed
[  243.448661][ T1134]  (unregistering): (slave bond_slave_1): Releasing backup interface
[  243.484662][ T1134]  (unregistering): (slave bond_slave_0): Releasing backup interface
[  243.666207][ T1134]  (unregistering): Released all slaves
[  246.502729][ T1134] hsr_slave_0: left promiscuous mode
[  246.508930][ T1134] hsr_slave_1: left promiscuous mode
[  246.516282][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_0
[  246.525669][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_1
[  246.534767][ T1134] bridge_slave_1: left allmulticast mode
[  246.540461][ T1134] bridge_slave_1: left promiscuous mode
[  246.546803][ T1134] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.561129][ T1134] bridge_slave_0: left allmulticast mode
[  246.566836][ T1134] bridge_slave_0: left promiscuous mode
[  246.574779][ T1134] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.588729][ T1134] hsr_slave_0: left promiscuous mode
[  246.596155][ T1134] hsr_slave_1: left promiscuous mode
[  246.602543][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_0
[  246.610247][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_1
[  246.618594][ T1134] bridge_slave_1: left allmulticast mode
[  246.624600][ T1134] bridge_slave_1: left promiscuous mode
[  246.630337][ T1134] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.645832][ T1134] bridge_slave_0: left allmulticast mode
[  246.651678][ T1134] bridge_slave_0: left promiscuous mode
[  246.657428][ T1134] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.672413][ T1134] hsr_slave_0: left promiscuous mode
[  246.678452][ T1134] hsr_slave_1: left promiscuous mode
[  246.684801][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_0
[  246.694373][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_1
[  246.702176][ T1134] bridge_slave_1: left allmulticast mode
[  246.707869][ T1134] bridge_slave_1: left promiscuous mode
[  246.714383][ T1134] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.723298][ T1134] bridge_slave_0: left allmulticast mode
[  246.728946][ T1134] bridge_slave_0: left promiscuous mode
[  246.735175][ T1134] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.747407][ T1134] hsr_slave_0: left promiscuous mode
[  246.753648][ T1134] hsr_slave_1: left promiscuous mode
[  246.759477][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_0
[  246.767207][ T1134] batman_adv: batadv0: Removing interface: batadv_slave_1
[  246.775503][ T1134] bridge_slave_1: left allmulticast mode
[  246.781331][ T1134] bridge_slave_1: left promiscuous mode
[  246.787059][ T1134] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.796930][ T1134] bridge_slave_0: left allmulticast mode
[  246.802720][ T1134] bridge_slave_0: left promiscuous mode
[  246.808443][ T1134] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.985709][ T1134] team0 (unregistering): Port device team_slave_1 removed
[  247.014206][ T1134] team0 (unregistering): Port device team_slave_0 removed
[  247.039626][ T1134] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  247.068084][ T1134] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  247.142994][ T1134] bond0 (unregistering): Released all slaves
[  247.282233][ T1134] team0 (unregistering): Port device team_slave_1 removed
[  247.295966][ T1134] team0 (unregistering): Port device team_slave_0 removed
[  247.325644][ T1134] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  247.353238][ T1134] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  247.410597][ T1134] bond0 (unregistering): Released all slaves
[  247.576057][ T1134] team0 (unregistering): Port device team_slave_1 removed
[  247.600630][ T1134] team0 (unregistering): Port device team_slave_0 removed
[  247.633964][ T1134] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  247.649008][ T1134] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  247.722609][ T1134] bond0 (unregistering): Released all slaves
[  247.896169][ T1134] team0 (unregistering): Port device team_slave_1 removed
[  247.909433][ T1134] team0 (unregistering): Port device team_slave_0 removed
[  247.936337][ T1134] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  247.963587][ T1134] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  248.036782][ T1134] bond0 (unregistering): Released all slaves