last executing test programs: 2.291736525s ago: executing program 4 (id=7130): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="85100000010000009500000000000000850000007600000095"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0xa6, &(0x7f0000000340)=""/166}, 0x80) perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x4, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) sendmsg$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x1}, 0x50) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1_to_bond\x00'}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8946, &(0x7f0000000080)) 2.023749277s ago: executing program 0 (id=7135): r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, @perf_bp={0x0, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001280)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(r2, &(0x7f0000000300)=ANY=[], 0x32600) write$cgroup_pressure(r2, &(0x7f00000001c0)={'full', 0x20, 0x0, 0x20, 0x8000}, 0x2f) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40305829, &(0x7f0000000040)) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x10}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='memory.events\x00', 0x100002, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)=0x7) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305829, &(0x7f0000000040)) 1.98445066s ago: executing program 4 (id=7136): openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x3, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffffdd, 0xa}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x19, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) syz_open_procfs$namespace(0x0, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="48000000140081fb7059ae08060c04000aff0f11000000040011018701546fabca1b4e7d06a6bd7c493872f750375ed08a562af5745e17b8c119418f0f000000d6e74703c48f93b8", 0x48}], 0x1}, 0x0) 1.805653204s ago: executing program 0 (id=7137): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x40047459, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_config_ext, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x10, 0x0, 0x0) r1 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r1, 0x10d, 0xa, 0x0, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110e22fff6) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x40080d0) r2 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r3 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000029000b05d25a806f8c6394f90424fc60", 0x14}], 0x1}, 0x0) 1.805319074s ago: executing program 4 (id=7139): r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001240)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000aecd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad94ed406f21caf5adcf920569c00cc1199684fa75814709fea019af247c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c1faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6fab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b79db2e3d5986c82b5aa94e539b204d58f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c7160ec83070000020000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72b0000000000001cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2cc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78ac02ca3cdf6a662db1c9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad943e392955f4f979ea13201bafedcd2063d11dd665647223c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd89346cfbb5567e54d3504723177d356c4604b7a492ecec37e83efceefd7ca2533659edc8be05cc85451c6a14507434eb54b6f43caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffca9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a294351c5356c1d06c92cf8ce3c7c56cd31121624d74517fd3666277f670e812b28e2f30d035cee5d0e77a3c7220000000000000005a474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f034b8d3ebce68663ef5af469abe75b314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041e12282ce24463aaf28345bd168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f09000000000000004fc4bda3453602004535a976eacd3adaa4d2ee6fe0d072ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d401adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb40f7f02f750d6c977a191852c9ae031db044b2353199546609f9f69a6cfefdf879d447df53f3b9b70d10355b00300000000000000553d18a6cc50feeb7bfad9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f58fab987baab97a9bfbd8f185b5631820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe527340935aa3c0b4f3f45b418a18217747ae442e31560e5b741445ea2a1acee2a81425ff000000d2a0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51423b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f88735fce5115dc83ed73d8ee4a91322608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf5000000000000fa08ad0631c4b839688b22c4da2a6bc4cf45854d221a2d5f96bc64647f15daa2ba79cd0f4254ed55217912ef84bd2927df82fc061aef2920c49b2a90886da75561173fa186cb7ee86dd4285c4721eb428c953296bb2f5d825da54dbef07c1b349b4901e093d13e6b9a0000009b5b22e887bc061d40bcaf0aa18623fd9b7179ccc692ba74b531b65c4decf9d080a8ac7e82d4cde1267aa64b2a94fd87a009e6742c2ddc3a9d7eccbb1831b1fa218277c2814a91cab7cb59c697166d6f1bb1a360470000000000000000000000000000000000000000000000000000f9f9b4ce7e871f507084c8c88e0652decbe579b03ed84ea94597dd1059620a050f69ea03b99b4e19d35f4a3b54e96ae2172effecec80f6baa4bf69a6ebf5392882df78b0983e662dc0cb64b77f3f006b6b25443197ae93f0be6de5a703d003f00720943c0e4b33af00000000000000000021a688b2d7007fcc4b59f719afb0b3b7e0aee306ca70fe42bf4984a68f40e1fc043a03a17e4744359b87dc27c82d51cbeb64e52a28daeb6a78d6fe06181ecc840000"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x806, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000000)={'bridge_slave_1\x00', @random="010000201000"}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = socket$kcm(0xa, 0x2, 0x3a) sendmsg$kcm(r2, &(0x7f0000000440)={&(0x7f0000000800)=@in6={0xa, 0x4, 0x0, @mcast2, 0x1a}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000780)="a0005b020eaa4d56", 0x8}], 0x1, 0x0, 0x0, 0x900}, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000500)={0x5, 0x80, 0x54, 0x1, 0x0, 0x0, 0x0, 0x210e, 0x200c0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x2, @perf_bp={&(0x7f0000000280), 0x1}, 0x14105, 0x32, 0xfffffbff, 0x3, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000040)='\x00') bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r4 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r4, 0x10f, 0x87, &(0x7f00000008c0), 0x43) write$cgroup_subtree(r4, &(0x7f0000000040)=ANY=[], 0xfdef) 1.576559093s ago: executing program 1 (id=7141): perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x2) socketpair$tipc(0x1e, 0x2, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x4000041) socket$kcm(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, 0xfffffffffffffffc) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) close(0xffffffffffffffff) r0 = socket$kcm(0x29, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000100)) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) 1.576256013s ago: executing program 2 (id=7142): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00'}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xb, 0xc, 0x4, 0xc4f, 0x1, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000100), 0x6c7, r1}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x23, r1}, 0x38) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x18302, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, @perf_bp={0x0, 0x8}, 0x1c00, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xaffffff7ffffffff, 0xffffffffffffffff, 0xb) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x1f4, 0x14, 0x0, &(0x7f00000002c0)="ff412f66b083dcc1010b3efc8864229a5588dce5", 0x0, 0x300, 0x300, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x4}, 0x50) socket$kcm(0xf, 0x3, 0x2) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) close(r2) socket$kcm(0x10, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8b26, &(0x7f0000000080)={'wlan1\x00', @random="000000f900"}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.empty_time\x00', 0x26e1, 0x0) close(r3) socket$kcm(0xa, 0x6, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100"}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) close(r0) 1.418369766s ago: executing program 3 (id=7144): r0 = socket$kcm(0xa, 0x922000000003, 0x11) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r2 = socket$kcm(0x2, 0x2, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0xf, 0x0, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, &(0x7f0000000640)=r1, 0x4) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0x8}, 0x94) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90) socketpair$unix(0x1, 0x1, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)}], 0x1}, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, 0x0) r3 = socket$kcm(0xa, 0x2, 0x88) sendmsg$kcm(r3, &(0x7f0000000340)={&(0x7f00000002c0)=@in6={0xa, 0x4e22, 0x0, @dev}, 0x80, 0x0}, 0x200ce0c0) sendmsg$inet(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)='n', 0xffb8}], 0x1}, 0x20000081) 1.418230646s ago: executing program 4 (id=7145): perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) close(0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000000a00)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0x1e37cf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x401, 0x200, 0x0, 0x7, 0x0, 0x100}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r2, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xd68210}], 0x1, 0x0, 0x1f00000000000000, 0x200000}, 0x1f00) sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) 1.306085925s ago: executing program 1 (id=7146): r0 = socket$kcm(0x29, 0x0, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000040), 0x4) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r1 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000700)={0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r3) syz_clone(0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d2f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0x2, 0x300) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sendmsg$tipc(r4, &(0x7f0000003a00)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x9}}, 0x10, &(0x7f0000000b40)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001a00), 0x101d0}], 0x4}, 0x0) r5 = socket$kcm(0x2b, 0x1, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x10}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0xf}, 0x94) setsockopt$sock_attach_bpf(r5, 0x6, 0x1f, 0x0, 0x0) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000380)="5c00000013006bcd9e3fe3dc4e48aa31086b87030f0000001f03000000000000040014000d0028000d0003009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf70e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) 1.217594862s ago: executing program 3 (id=7147): bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)=@generic={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x18) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000080)={0x0, 0x0}) close(r0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r2) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\v'], 0x48) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, 0x0, 0x0) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000000)={0x0, 0x0}) close(r4) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x2, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r5, 0x10f, 0x87, &(0x7f0000000180), 0x127) r6 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r6, 0x10f, 0x87, &(0x7f00000008c0), 0x43) sendmsg$kcm(r6, &(0x7f0000000100)={&(0x7f0000001540)=@tipc=@name={0x1e, 0x2, 0x3, {{0x40, 0x1d}, 0x1}}, 0x80, 0x0}, 0x0) 1.174685096s ago: executing program 0 (id=7148): r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, @perf_bp={0x0, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001280)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(r2, &(0x7f0000000300)=ANY=[], 0x32600) write$cgroup_pressure(r2, &(0x7f00000001c0)={'full', 0x20, 0x0, 0x20, 0x8000}, 0x2f) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40305829, &(0x7f0000000040)) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x10}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='memory.events\x00', 0x100002, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)=0x7) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305829, &(0x7f0000000040)) 1.012075129s ago: executing program 1 (id=7149): r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, @perf_bp={0x0, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001280)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(r2, &(0x7f0000000300)=ANY=[], 0x32600) write$cgroup_pressure(r2, &(0x7f00000001c0)={'full', 0x20, 0x0, 0x20, 0x8000}, 0x2f) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40305829, &(0x7f0000000040)) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x10}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='memory.events\x00', 0x100002, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)=0x7) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305829, &(0x7f0000000040)) 1.011706029s ago: executing program 2 (id=7150): r0 = socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2}, {0x10000002, 0x0, 0x0, 0xc}]}, 0x94) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x400000000000}, 0x0, 0x0, 0x0, 0x0, 0xf60}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x10, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYRES32], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000580)={r4, 0x0, 0x0}, 0x20) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) write$cgroup_devices(0xffffffffffffffff, 0x0, 0x9) setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) close(0x3) 919.976636ms ago: executing program 3 (id=7151): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0) socket$kcm(0x10, 0x0, 0x0) r0 = socket$kcm(0xa, 0x3, 0x73) sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000240)=@nl=@unspec={0x0, 0x0, 0x0, 0xd8ff}, 0x80, 0x0}, 0x0) socket$kcm(0x1e, 0x4, 0x0) r1 = socket$kcm(0x1e, 0x1, 0x0) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000000)={0x0, 0x0}) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f0000000180), 0x127) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r3 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f00000008c0), 0x43) sendmsg$kcm(r3, &(0x7f0000000100)={&(0x7f0000001540)=@tipc, 0x80, 0x0}, 0x0) write$cgroup_subtree(r3, 0x0, 0xfdef) 890.879399ms ago: executing program 0 (id=7152): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000000f00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r1 = socket$kcm(0x10, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) r2 = perf_event_open(&(0x7f0000001080)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7602, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeb, 0x4, @perf_config_ext={0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x1ff) socket$kcm(0x10, 0x2, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x3b, &(0x7f0000000000)='/proc/sys/net/ipv4\x00\x00s/sync_\x00le\xf44.\xab%\xf8\xff\xff\xff\xff\xff\xff\xff=\x11\xc8\xdd\x15\xcc\xd2\xf1d\'%\x11c\x91l,'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) close(0xffffffffffffffff) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b34, 0x0) close(r2) sendmsg$inet(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc6e48aa31086b8700250000007ea60264160af36504001400040019008bc3a0e69ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x7, &(0x7f0000000040)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x6f}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x94) 758.535799ms ago: executing program 2 (id=7153): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x21, 0x2, 0x2) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) socket$kcm(0x11, 0x200000000000002, 0x300) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x1, 0x4}, 0x50) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1806000000000300000000000000c29c18120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r2}, &(0x7f0000000280), &(0x7f00000002c0)=r4}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b70400000000040085000000330000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xe, 0x0, &(0x7f0000000000)="43227504000000b32415f73227b2", 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 758.340329ms ago: executing program 1 (id=7154): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0xda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) 516.206559ms ago: executing program 3 (id=7155): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000380)={r0}, 0x8) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000600)={0xffffffffffffffff, 0x140, 0x8}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x22, &(0x7f0000000680)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7fff}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}, @jmp={0x5, 0x1, 0xb, 0x0, 0x4, 0x18, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffff00, 0x0, 0x0, 0x0, 0x3ff}, @exit, @map_val={0x18, 0xa, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x10}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x3, 0x0, 0x0, 0x83e00, 0x4, '\x00', 0x0, @sk_msg=0x7, r3, 0x8, &(0x7f0000000400)={0x7, 0x5}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000800)}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r4}, 0x18) r5 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000003c0)}, 0x20000880) r6 = openat$tun(0xffffffffffffff9c, 0x0, 0x8202, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) recvmsg$kcm(r5, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) 506.366789ms ago: executing program 2 (id=7165): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0) socket$kcm(0x10, 0x0, 0x0) r0 = socket$kcm(0xa, 0x3, 0x73) sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000240)=@nl=@unspec={0x0, 0x0, 0x0, 0xd8ff}, 0x80, 0x0}, 0x0) socket$kcm(0x1e, 0x4, 0x0) r1 = socket$kcm(0x1e, 0x1, 0x0) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000000)={0x0, 0x0}) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f0000000180), 0x127) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r3 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f00000008c0), 0x43) sendmsg$kcm(r3, &(0x7f0000000100)={&(0x7f0000001540)=@tipc, 0x80, 0x0}, 0x0) write$cgroup_subtree(r3, 0x0, 0xfdef) 282.481188ms ago: executing program 4 (id=7156): perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x2) socketpair$tipc(0x1e, 0x2, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x4000041) socket$kcm(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, 0xfffffffffffffffc) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) close(0xffffffffffffffff) r0 = socket$kcm(0x29, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000100)) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) 281.893488ms ago: executing program 0 (id=7167): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0) socket$kcm(0x10, 0x0, 0x0) r0 = socket$kcm(0xa, 0x3, 0x73) sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000240)=@nl=@unspec={0x0, 0x0, 0x0, 0xd8ff}, 0x80, 0x0}, 0x0) socket$kcm(0x1e, 0x4, 0x0) r1 = socket$kcm(0x1e, 0x1, 0x0) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000000)={0x0, 0x0}) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f0000000180), 0x127) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r3 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f00000008c0), 0x43) sendmsg$kcm(r3, &(0x7f0000000100)={&(0x7f0000001540)=@tipc, 0x80, 0x0}, 0x0) write$cgroup_subtree(r3, 0x0, 0xfdef) 281.409448ms ago: executing program 1 (id=7157): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8430, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18) r1 = socket$kcm(0x10, 0x2, 0x4) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10e, 0x2, &(0x7f0000000300)=r1, 0x4) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000080), 0x4) r2 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r3 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f00000008c0), 0x43) write$cgroup_subtree(r3, &(0x7f0000000040)=ANY=[], 0x101d0) recvmsg$kcm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000280)=""/148, 0x94}], 0x1}, 0x40) sendmsg$kcm(r3, &(0x7f00000001c0)={&(0x7f00000000c0)=@tipc=@name={0x1e, 0x2, 0x3, {{0x41}, 0x5}}, 0x80, 0x0, 0x0, &(0x7f0000000900)=ANY=[], 0x1458}, 0x48800) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="180200000800000000000000000000008500000087"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000500)={r0, &(0x7f0000000340)="2f8a5746c64a85d2cb153e24ba325878492a4aa8b3fa5220d9af2cbef37b6cc25f4714307a6e865b47d2d24dcc8e0b44a6a504b5d53ace0aa4dd6f12de15cadec24e5f66dfd170b567aa2e27f5e369f0a99ae226225807f895f36b8672ac869ca997b2bee09b0309dac9b65c9bac2380d7049886e823cd5b3bdaf9449bb0a0bc7f51f85243086e40b8f393cc3b", &(0x7f0000000680)=""/212}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x0, 0xe, 0x0, &(0x7f0000000040)="e0ad4228a619d3bb07f741ce55cb", 0x0, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 281.221348ms ago: executing program 2 (id=7158): r0 = socket$kcm(0xa, 0x922000000003, 0x11) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r2 = socket$kcm(0x2, 0x2, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0xf, 0x0, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, &(0x7f0000000640)=r1, 0x4) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0x8}, 0x94) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90) socketpair$unix(0x1, 0x1, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)}], 0x1}, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, 0x0) r3 = socket$kcm(0xa, 0x2, 0x88) sendmsg$kcm(r3, &(0x7f0000000340)={&(0x7f00000002c0)=@in6={0xa, 0x4e22, 0x0, @dev}, 0x80, 0x0}, 0x200ce0c0) sendmsg$inet(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)='n', 0xffb8}], 0x1}, 0x20000081) 281.020688ms ago: executing program 3 (id=7159): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="85100000010000009500000000000000850000007600000095"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0xa6, &(0x7f0000000340)=""/166}, 0x80) perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x4, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xe2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) sendmsg$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x1}, 0x50) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1_to_bond\x00'}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8946, &(0x7f0000000080)) 79.999424ms ago: executing program 0 (id=7160): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x21, 0x2, 0x2) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) socket$kcm(0x11, 0x200000000000002, 0x300) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x1, 0x4}, 0x50) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1806000000000300000000000000c29c18120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r2}, &(0x7f0000000280), &(0x7f00000002c0)=r4}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xe, 0x0, &(0x7f0000000000)="43227504000000b32415f73227b2", 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 67.938835ms ago: executing program 3 (id=7161): bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)=@generic={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x18) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000080)={0x0, 0x0}) close(r0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r2) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\v'], 0x48) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) socketpair(0x1e, 0x80005, 0x0, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x2, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000180), 0x127) r4 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r4, 0x10f, 0x87, &(0x7f00000008c0), 0x43) sendmsg$kcm(r4, &(0x7f0000000100)={&(0x7f0000001540)=@tipc=@name={0x1e, 0x2, 0x3, {{0x40, 0x1d}, 0x1}}, 0x80, 0x0}, 0x0) 47.533487ms ago: executing program 1 (id=7162): r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, @perf_bp={0x0, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000aecd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad94ed406f21caf5adcf920569c00cc1199684fa75814709fea019af247c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c1faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6fab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b79db2e3d5986c82b5aa94e539b204d58f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c7160ec83070000020000004015cf10453f6c0b973b4861ea30df81a484ebad04859d928365a7ea3fab8b4b380a00d72b0000000000001cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2cc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78ac02ca3cdf6a662db1c9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad943e392955f4f979ea13201bafedcd2063d11dd665647223c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd89346cfbb5567e54d3504723177d356c4604b7a492ecec37e83efceefd7ca25b3659edc8be05cc85451c6a14507434eb54b6f43caea5c4bf5f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffca9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730af36bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a294351c5356c1d06c92cf8ce3c7c56cd31121624d74517fd3666277f670e812b28e2f30d035cee5d0e77a3c7220000000000000005a474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f034b8d3ebce68663ef5af469abe75b314f"], &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001280)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(r2, &(0x7f0000000300)=ANY=[], 0x32600) write$cgroup_pressure(r2, &(0x7f00000001c0)={'full', 0x20, 0x0, 0x20, 0x8000}, 0x2f) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40305829, &(0x7f0000000040)) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x10}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='memory.events\x00', 0x100002, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x4030582a, &(0x7f0000000040)=0x7) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40305829, &(0x7f0000000040)) 35.450348ms ago: executing program 2 (id=7163): socket$kcm(0x10, 0x2, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x79757a16278d6515}, 0x12140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0xb) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r0) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r1) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x0, 0xb}, 0x48) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x9, 0x3, 0x9, 0x1, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x4, 0xc}, 0x48) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000000)={0x0, 0x0}) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) 0s ago: executing program 4 (id=7164): r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001240)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000aecd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad94ed406f21caf5adcf920569c00cc1199684fa75814709fea019af247c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c1faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6fab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b79db2e3d5986c82b5aa94e539b204d58f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c7160ec83070000020000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72b0000000000001cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2cc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78ac02ca3cdf6a662db1c9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad943e392955f4f979ea13201bafedcd2063d11dd665647223c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd89346cfbb5567e54d3504723177d356c4604b7a492ecec37e83efceefd7ca2533659edc8be05cc85451c6a14507434eb54b6f43caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffca9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a294351c5356c1d06c92cf8ce3c7c56cd31121624d74517fd3666277f670e812b28e2f30d035cee5d0e77a3c7220000000000000005a474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f034b8d3ebce68663ef5af469abe75b314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041e12282ce24463aaf28345bd168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f09000000000000004fc4bda3453602004535a976eacd3adaa4d2ee6fe0d072ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d401adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb40f7f02f750d6c977a191852c9ae031db044b2353199546609f9f69a6cfefdf879d447df53f3b9b70d10355b00300000000000000553d18a6cc50feeb7bfad9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f58fab987baab97a9bfbd8f185b5631820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe527340935aa3c0b4f3f45b418a18217747ae442e31560e5b741445ea2a1acee2a81425ff000000d2a0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51423b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f88735fce5115dc83ed73d8ee4a91322608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf5000000000000fa08ad0631c4b839688b22c4da2a6bc4cf45854d221a2d5f96bc64647f15daa2ba79cd0f4254ed55217912ef84bd2927df82fc061aef2920c49b2a90886da75561173fa186cb7ee86dd4285c4721eb428c953296bb2f5d825da54dbef07c1b349b4901e093d13e6b9a0000009b5b22e887bc061d40bcaf0aa18623fd9b7179ccc692ba74b531b65c4decf9d080a8ac7e82d4cde1267aa64b2a94fd87a009e6742c2ddc3a9d7eccbb1831b1fa218277c2814a91cab7cb59c697166d6f1bb1a360470000000000000000000000000000000000000000000000000000f9f9b4ce7e871f507084c8c88e0652decbe579b03ed84ea94597dd1059620a050f69ea03b99b4e19d35f4a3b54e96ae2172effecec80f6baa4bf69a6ebf5392882df78b0983e662dc0cb64b77f3f006b6b25443197ae93f0be6de5a703d003f00720943c0e4b33af00000000000000000021a688b2d7007fcc4b59f719afb0b3b7e0aee306ca70fe42bf4984a68f40e1fc043a03a17e4744359b87dc27c82d51cbeb64e52a28daeb6a78d6fe06181ecc840000"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) socket$kcm(0xa, 0x3, 0x3a) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x806, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a800000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0xb, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_open_procfs$namespace(0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfe33) socket$kcm(0x2, 0x3, 0x2) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001300)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000000002000000000000000000001304000000000000000100000500110000000000000300000000000000000000000000000901"], 0x0, 0x4a}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="5400020029000b05d25a806f8c6394f90424fc602f0011002f2f0100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) kernel console output (not intermixed with test programs): e: [ 879.342506][T16645] [ 879.345483][T16645] dump_stack_lvl+0x168/0x22e [ 879.350236][T16645] ? show_regs_print_info+0x12/0x12 [ 879.355501][T16645] ? load_image+0x3b0/0x3b0 [ 879.360100][T16645] sysfs_warn_dup+0x8a/0xa0 [ 879.364670][T16645] sysfs_do_create_link_sd+0xc0/0x110 [ 879.370110][T16645] device_add+0x7ed/0xfb0 [ 879.374516][T16645] wiphy_register+0x1e68/0x2bd0 [ 879.379435][T16645] ? cfg80211_event_work+0x40/0x40 [ 879.384576][T16645] ? minstrel_ht_alloc+0x894/0xa20 [ 879.389732][T16645] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 879.395839][T16645] ieee80211_register_hw+0x2c29/0x38c0 [ 879.401335][T16645] ? ieee80211_register_hw+0xeb1/0x38c0 [ 879.406911][T16645] ? ieee80211_register_hw+0xeb1/0x38c0 [ 879.412484][T16645] ? ieee80211_tasklet_handler+0x20/0x20 [ 879.418152][T16645] ? memset+0x1e/0x40 [ 879.422175][T16645] ? __hrtimer_init+0x186/0x270 [ 879.427045][T16645] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 879.432815][T16645] hwsim_new_radio_nl+0xafa/0xce0 [ 879.437892][T16645] genl_family_rcv_msg_doit+0x22e/0x320 [ 879.443472][T16645] ? end_current_label_crit_section+0x170/0x170 [ 879.449753][T16645] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 879.455678][T16645] ? bpf_lsm_capable+0x5/0x10 [ 879.460375][T16645] ? security_capable+0x85/0xb0 [ 879.465248][T16645] genl_rcv_msg+0x5f2/0x780 [ 879.469779][T16645] ? genl_bind+0x350/0x350 [ 879.474213][T16645] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 879.480577][T16645] netlink_rcv_skb+0x1de/0x420 [ 879.485371][T16645] ? genl_bind+0x350/0x350 [ 879.489809][T16645] ? netlink_ack+0x1100/0x1100 [ 879.494595][T16645] ? down_read+0x1a8/0x2d0 [ 879.499030][T16645] genl_rcv+0x24/0x40 [ 879.503035][T16645] netlink_unicast+0x74d/0x8d0 [ 879.507835][T16645] netlink_sendmsg+0x89e/0xbc0 [ 879.512621][T16645] ? netlink_getsockopt+0x540/0x540 [ 879.517838][T16645] ? aa_sock_msg_perm+0x94/0x150 [ 879.522811][T16645] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 879.528114][T16645] ? security_socket_sendmsg+0x7c/0xa0 [ 879.533601][T16645] ? netlink_getsockopt+0x540/0x540 [ 879.540040][T16645] ____sys_sendmsg+0x59b/0x970 [ 879.544850][T16645] ? __sys_sendmsg_sock+0x30/0x30 [ 879.549886][T16645] ? __import_iovec+0x315/0x500 [ 879.554764][T16645] ? import_iovec+0x6f/0xa0 [ 879.559290][T16645] ___sys_sendmsg+0x21c/0x290 [ 879.563986][T16645] ? __sys_sendmsg+0x270/0x270 [ 879.568786][T16645] ? ktime_get_real_ts64+0x420/0x420 [ 879.574154][T16645] ? __fdget+0x17c/0x200 [ 879.578421][T16645] __se_sys_sendmsg+0x19e/0x270 [ 879.583292][T16645] ? perf_trace_preemptirq_template+0x287/0x330 [ 879.589552][T16645] ? __x64_sys_sendmsg+0x80/0x80 [ 879.594523][T16645] ? lockdep_hardirqs_on+0x94/0x140 [ 879.599739][T16645] do_syscall_64+0x4c/0xa0 [ 879.604169][T16645] ? clear_bhb_loop+0x60/0xb0 [ 879.608858][T16645] ? clear_bhb_loop+0x60/0xb0 [ 879.613549][T16645] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 879.619473][T16645] RIP: 0033:0x7f332a18ebe9 [ 879.623900][T16645] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 879.643536][T16645] RSP: 002b:00007f332b0bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 879.652048][T16645] RAX: ffffffffffffffda RBX: 00007f332a3b5fa0 RCX: 00007f332a18ebe9 [ 879.660030][T16645] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 879.668008][T16645] RBP: 00007f332a211e19 R08: 0000000000000000 R09: 0000000000000000 [ 879.675996][T16645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 879.684067][T16645] R13: 00007f332a3b6038 R14: 00007f332a3b5fa0 R15: 00007ffcdbd14538 [ 879.692070][T16645] [ 881.407914][T16686] netlink: 'syz.2.4861': attribute type 10 has an invalid length. [ 881.443627][T16686] bond0: (slave team0): Releasing backup interface [ 881.458384][T16686] device team0 left promiscuous mode [ 881.472342][T16686] device team_slave_0 left promiscuous mode [ 881.486716][T16686] device team_slave_1 left promiscuous mode [ 881.493650][T16686] device macvlan0 left promiscuous mode [ 881.499726][T16686] device wlan1 left promiscuous mode [ 881.508025][T16686] batman_adv: batadv0: Adding interface: team0 [ 881.517100][T16686] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 881.560891][T16686] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 881.581775][T16687] netlink: 'syz.2.4861': attribute type 10 has an invalid length. [ 881.593118][T16687] netlink: 2 bytes leftover after parsing attributes in process `syz.2.4861'. [ 881.606346][T16687] device team0 entered promiscuous mode [ 881.611948][T16687] device team_slave_0 entered promiscuous mode [ 881.618925][T16687] device team_slave_1 entered promiscuous mode [ 881.632005][T16687] device macvlan0 entered promiscuous mode [ 881.649643][T16687] device wlan1 entered promiscuous mode [ 881.667692][T16687] 8021q: adding VLAN 0 to HW filter on device team0 [ 881.679313][T16687] batman_adv: batadv0: Interface activated: team0 [ 881.690018][T16687] batman_adv: batadv0: Interface deactivated: team0 [ 881.700245][T16687] batman_adv: batadv0: Removing interface: team0 [ 881.808065][T16696] netlink: 122896 bytes leftover after parsing attributes in process `syz.1.4866'. [ 881.856214][T16696] debugfs: Directory '.!' with parent 'ieee80211' already present! [ 882.802558][T16733] netlink: 11594 bytes leftover after parsing attributes in process `syz.0.4880'. [ 882.855509][T16737] netlink: 'syz.3.4881': attribute type 10 has an invalid length. [ 882.876114][T16737] bond0: (slave team0): Releasing backup interface [ 882.919838][T16737] batman_adv: batadv0: Adding interface: team0 [ 882.941462][T16737] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 882.975313][T16737] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 882.989978][T16740] netlink: 'syz.3.4881': attribute type 10 has an invalid length. [ 883.019069][T16740] netlink: 2 bytes leftover after parsing attributes in process `syz.3.4881'. [ 883.106751][T16740] device team0 entered promiscuous mode [ 883.112377][T16740] device team_slave_0 entered promiscuous mode [ 883.135720][T16740] device team_slave_1 entered promiscuous mode [ 883.142288][T16740] device wlan1 entered promiscuous mode [ 883.157999][T16740] device macvlan0 entered promiscuous mode [ 883.183198][T16740] device geneve1 entered promiscuous mode [ 883.193350][T16740] 8021q: adding VLAN 0 to HW filter on device team0 [ 883.200382][T16740] batman_adv: batadv0: Interface activated: team0 [ 883.218902][T16740] batman_adv: batadv0: Interface deactivated: team0 [ 883.226944][T16740] batman_adv: batadv0: Removing interface: team0 [ 883.680747][T16764] netlink: 122896 bytes leftover after parsing attributes in process `syz.4.4895'. [ 883.735578][T16764] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 883.753670][T16764] CPU: 0 PID: 16764 Comm: syz.4.4895 Not tainted 6.1.147-syzkaller #0 [ 883.761900][T16764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 883.771999][T16764] Call Trace: [ 883.775321][T16764] [ 883.778294][T16764] dump_stack_lvl+0x168/0x22e [ 883.783041][T16764] ? show_regs_print_info+0x12/0x12 [ 883.788295][T16764] ? load_image+0x3b0/0x3b0 [ 883.792868][T16764] sysfs_warn_dup+0x8a/0xa0 [ 883.797421][T16764] sysfs_do_create_link_sd+0xc0/0x110 [ 883.802848][T16764] device_add+0x7ed/0xfb0 [ 883.807233][T16764] wiphy_register+0x1e68/0x2bd0 [ 883.812161][T16764] ? cfg80211_event_work+0x40/0x40 [ 883.817315][T16764] ? minstrel_ht_alloc+0x894/0xa20 [ 883.822472][T16764] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 883.828585][T16764] ieee80211_register_hw+0x2c29/0x38c0 [ 883.834073][T16764] ? ieee80211_register_hw+0xeb1/0x38c0 [ 883.839631][T16764] ? ieee80211_register_hw+0xeb1/0x38c0 [ 883.845196][T16764] ? ieee80211_tasklet_handler+0x20/0x20 [ 883.850850][T16764] ? memset+0x1e/0x40 [ 883.854858][T16764] ? __hrtimer_init+0x186/0x270 [ 883.859723][T16764] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 883.865479][T16764] hwsim_new_radio_nl+0xafa/0xce0 [ 883.870537][T16764] genl_family_rcv_msg_doit+0x22e/0x320 [ 883.876102][T16764] ? end_current_label_crit_section+0x170/0x170 [ 883.882366][T16764] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 883.888284][T16764] ? bpf_lsm_capable+0x5/0x10 [ 883.892991][T16764] ? security_capable+0x85/0xb0 [ 883.897857][T16764] genl_rcv_msg+0x5f2/0x780 [ 883.902386][T16764] ? genl_bind+0x350/0x350 [ 883.906819][T16764] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 883.913208][T16764] netlink_rcv_skb+0x1de/0x420 [ 883.917986][T16764] ? genl_bind+0x350/0x350 [ 883.922466][T16764] ? netlink_ack+0x1100/0x1100 [ 883.927254][T16764] ? down_read+0x1a8/0x2d0 [ 883.931688][T16764] genl_rcv+0x24/0x40 [ 883.935689][T16764] netlink_unicast+0x74d/0x8d0 [ 883.940477][T16764] netlink_sendmsg+0x89e/0xbc0 [ 883.945264][T16764] ? netlink_getsockopt+0x540/0x540 [ 883.950499][T16764] ? aa_sock_msg_perm+0x94/0x150 [ 883.955471][T16764] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 883.960765][T16764] ? security_socket_sendmsg+0x7c/0xa0 [ 883.966242][T16764] ? netlink_getsockopt+0x540/0x540 [ 883.971451][T16764] ____sys_sendmsg+0x59b/0x970 [ 883.976325][T16764] ? __sys_sendmsg_sock+0x30/0x30 [ 883.981360][T16764] ? __import_iovec+0x315/0x500 [ 883.986258][T16764] ? import_iovec+0x6f/0xa0 [ 883.990805][T16764] ___sys_sendmsg+0x21c/0x290 [ 883.995523][T16764] ? __sys_sendmsg+0x270/0x270 [ 884.000365][T16764] ? ktime_get_real_ts64+0x420/0x420 [ 884.005713][T16764] ? __fdget+0x17c/0x200 [ 884.009999][T16764] __se_sys_sendmsg+0x19e/0x270 [ 884.014879][T16764] ? perf_trace_preemptirq_template+0x287/0x330 [ 884.021144][T16764] ? __x64_sys_sendmsg+0x80/0x80 [ 884.026117][T16764] ? lockdep_hardirqs_on+0x94/0x140 [ 884.031335][T16764] do_syscall_64+0x4c/0xa0 [ 884.035763][T16764] ? clear_bhb_loop+0x60/0xb0 [ 884.040455][T16764] ? clear_bhb_loop+0x60/0xb0 [ 884.045173][T16764] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 884.051088][T16764] RIP: 0033:0x7f014898ebe9 [ 884.055513][T16764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 884.075155][T16764] RSP: 002b:00007f014981a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 884.083598][T16764] RAX: ffffffffffffffda RBX: 00007f0148bb5fa0 RCX: 00007f014898ebe9 [ 884.091593][T16764] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 884.099610][T16764] RBP: 00007f0148a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 884.107600][T16764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 884.115587][T16764] R13: 00007f0148bb6038 R14: 00007f0148bb5fa0 R15: 00007ffce8ed1698 [ 884.123589][T16764] [ 884.347612][T16776] Dead loop on virtual device ip6_vti0, fix it urgently! [ 886.114036][T16813] netlink: 122896 bytes leftover after parsing attributes in process `syz.0.4918'. [ 886.173455][T16813] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 886.193303][T16813] CPU: 0 PID: 16813 Comm: syz.0.4918 Not tainted 6.1.147-syzkaller #0 [ 886.201536][T16813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 886.211613][T16813] Call Trace: [ 886.214917][T16813] [ 886.217881][T16813] dump_stack_lvl+0x168/0x22e [ 886.222619][T16813] ? show_regs_print_info+0x12/0x12 [ 886.227898][T16813] ? load_image+0x3b0/0x3b0 [ 886.232476][T16813] sysfs_warn_dup+0x8a/0xa0 [ 886.237038][T16813] sysfs_do_create_link_sd+0xc0/0x110 [ 886.242463][T16813] device_add+0x7ed/0xfb0 [ 886.246847][T16813] wiphy_register+0x1e68/0x2bd0 [ 886.251754][T16813] ? cfg80211_event_work+0x40/0x40 [ 886.256905][T16813] ? minstrel_ht_alloc+0x894/0xa20 [ 886.262069][T16813] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 886.268200][T16813] ieee80211_register_hw+0x2c29/0x38c0 [ 886.273707][T16813] ? ieee80211_register_hw+0xeb1/0x38c0 [ 886.279271][T16813] ? ieee80211_register_hw+0xeb1/0x38c0 [ 886.284841][T16813] ? ieee80211_tasklet_handler+0x20/0x20 [ 886.290498][T16813] ? memset+0x1e/0x40 [ 886.294504][T16813] ? __hrtimer_init+0x186/0x270 [ 886.299369][T16813] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 886.305129][T16813] hwsim_new_radio_nl+0xafa/0xce0 [ 886.310185][T16813] genl_family_rcv_msg_doit+0x22e/0x320 [ 886.315749][T16813] ? end_current_label_crit_section+0x170/0x170 [ 886.322018][T16813] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 886.327931][T16813] ? cap_capable+0x48/0x230 [ 886.332470][T16813] ? bpf_lsm_capable+0x5/0x10 [ 886.337165][T16813] ? security_capable+0x85/0xb0 [ 886.342031][T16813] genl_rcv_msg+0x5f2/0x780 [ 886.346562][T16813] ? genl_bind+0x350/0x350 [ 886.350992][T16813] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 886.357357][T16813] netlink_rcv_skb+0x1de/0x420 [ 886.362140][T16813] ? genl_bind+0x350/0x350 [ 886.366581][T16813] ? netlink_ack+0x1100/0x1100 [ 886.371368][T16813] ? down_read+0x1a8/0x2d0 [ 886.375803][T16813] genl_rcv+0x24/0x40 [ 886.379806][T16813] netlink_unicast+0x74d/0x8d0 [ 886.384593][T16813] netlink_sendmsg+0x89e/0xbc0 [ 886.389383][T16813] ? netlink_getsockopt+0x540/0x540 [ 886.394606][T16813] ? aa_sock_msg_perm+0x94/0x150 [ 886.399738][T16813] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 886.405041][T16813] ? security_socket_sendmsg+0x7c/0xa0 [ 886.410523][T16813] ? netlink_getsockopt+0x540/0x540 [ 886.415734][T16813] ____sys_sendmsg+0x59b/0x970 [ 886.420527][T16813] ? __sys_sendmsg_sock+0x30/0x30 [ 886.425570][T16813] ? __import_iovec+0x315/0x500 [ 886.430500][T16813] ? import_iovec+0x6f/0xa0 [ 886.435069][T16813] ___sys_sendmsg+0x21c/0x290 [ 886.439801][T16813] ? __sys_sendmsg+0x270/0x270 [ 886.444631][T16813] ? ktime_get_real_ts64+0x420/0x420 [ 886.449959][T16813] ? __fdget+0x17c/0x200 [ 886.454225][T16813] __se_sys_sendmsg+0x19e/0x270 [ 886.459095][T16813] ? perf_trace_preemptirq_template+0x287/0x330 [ 886.465384][T16813] ? __x64_sys_sendmsg+0x80/0x80 [ 886.470365][T16813] ? lockdep_hardirqs_on+0x94/0x140 [ 886.475588][T16813] do_syscall_64+0x4c/0xa0 [ 886.480035][T16813] ? clear_bhb_loop+0x60/0xb0 [ 886.484733][T16813] ? clear_bhb_loop+0x60/0xb0 [ 886.489429][T16813] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 886.495379][T16813] RIP: 0033:0x7fd4ab98ebe9 [ 886.499827][T16813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 886.519460][T16813] RSP: 002b:00007fd4ac846038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 886.527894][T16813] RAX: ffffffffffffffda RBX: 00007fd4abbb5fa0 RCX: 00007fd4ab98ebe9 [ 886.535899][T16813] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 886.543901][T16813] RBP: 00007fd4aba11e19 R08: 0000000000000000 R09: 0000000000000000 [ 886.551890][T16813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 886.559879][T16813] R13: 00007fd4abbb6038 R14: 00007fd4abbb5fa0 R15: 00007ffda85c84c8 [ 886.567886][T16813] [ 886.912221][T16820] Dead loop on virtual device ip6_vti0, fix it urgently! [ 887.308941][T16836] Dead loop on virtual device ip6_vti0, fix it urgently! [ 887.992599][T16847] netlink: 122896 bytes leftover after parsing attributes in process `syz.4.4934'. [ 888.024649][T16847] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 888.032766][T16847] CPU: 0 PID: 16847 Comm: syz.4.4934 Not tainted 6.1.147-syzkaller #0 [ 888.040966][T16847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 888.051062][T16847] Call Trace: [ 888.054370][T16847] [ 888.057347][T16847] dump_stack_lvl+0x168/0x22e [ 888.062082][T16847] ? show_regs_print_info+0x12/0x12 [ 888.067331][T16847] ? load_image+0x3b0/0x3b0 [ 888.071936][T16847] ? sysfs_warn_dup+0x61/0xa0 [ 888.076644][T16847] sysfs_warn_dup+0x8a/0xa0 [ 888.081177][T16847] sysfs_do_create_link_sd+0xc0/0x110 [ 888.086588][T16847] device_add+0x7ed/0xfb0 [ 888.090965][T16847] wiphy_register+0x1e68/0x2bd0 [ 888.095847][T16847] ? __rtnl_unlock+0x14/0xe0 [ 888.100470][T16847] ? cfg80211_event_work+0x40/0x40 [ 888.105596][T16847] ? minstrel_ht_alloc+0x894/0xa20 [ 888.110733][T16847] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 888.116848][T16847] ieee80211_register_hw+0x2c29/0x38c0 [ 888.122342][T16847] ? ieee80211_register_hw+0xeb1/0x38c0 [ 888.127902][T16847] ? ieee80211_register_hw+0xeb1/0x38c0 [ 888.133467][T16847] ? ieee80211_tasklet_handler+0x20/0x20 [ 888.139124][T16847] ? memset+0x1e/0x40 [ 888.143127][T16847] ? __hrtimer_init+0x186/0x270 [ 888.147988][T16847] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 888.153750][T16847] hwsim_new_radio_nl+0xafa/0xce0 [ 888.158813][T16847] genl_family_rcv_msg_doit+0x22e/0x320 [ 888.164387][T16847] ? end_current_label_crit_section+0x170/0x170 [ 888.170660][T16847] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 888.176575][T16847] ? bpf_lsm_capable+0x5/0x10 [ 888.181267][T16847] ? security_capable+0x85/0xb0 [ 888.186130][T16847] genl_rcv_msg+0x5f2/0x780 [ 888.190647][T16847] ? lockdep_hardirqs_on+0x94/0x140 [ 888.195870][T16847] ? genl_bind+0x350/0x350 [ 888.200295][T16847] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 888.206657][T16847] netlink_rcv_skb+0x1de/0x420 [ 888.211440][T16847] ? genl_bind+0x350/0x350 [ 888.215888][T16847] ? netlink_ack+0x1100/0x1100 [ 888.220703][T16847] ? down_read+0x1a8/0x2d0 [ 888.225153][T16847] genl_rcv+0x24/0x40 [ 888.229165][T16847] netlink_unicast+0x74d/0x8d0 [ 888.233957][T16847] netlink_sendmsg+0x89e/0xbc0 [ 888.238751][T16847] ? netlink_getsockopt+0x540/0x540 [ 888.243993][T16847] ? aa_sock_msg_perm+0x94/0x150 [ 888.248953][T16847] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 888.254245][T16847] ? security_socket_sendmsg+0x7c/0xa0 [ 888.259737][T16847] ? netlink_getsockopt+0x540/0x540 [ 888.264950][T16847] ____sys_sendmsg+0x59b/0x970 [ 888.269754][T16847] ? __sys_sendmsg_sock+0x30/0x30 [ 888.274792][T16847] ? __import_iovec+0x315/0x500 [ 888.279678][T16847] ? import_iovec+0x6f/0xa0 [ 888.284207][T16847] ___sys_sendmsg+0x21c/0x290 [ 888.288902][T16847] ? __sys_sendmsg+0x270/0x270 [ 888.293725][T16847] ? ktime_get_real_ts64+0x420/0x420 [ 888.299040][T16847] ? __fdget+0x17c/0x200 [ 888.303305][T16847] __se_sys_sendmsg+0x19e/0x270 [ 888.308186][T16847] ? perf_trace_preemptirq_template+0x287/0x330 [ 888.314448][T16847] ? __x64_sys_sendmsg+0x80/0x80 [ 888.319416][T16847] ? lockdep_hardirqs_on+0x94/0x140 [ 888.324634][T16847] do_syscall_64+0x4c/0xa0 [ 888.329070][T16847] ? clear_bhb_loop+0x60/0xb0 [ 888.333754][T16847] ? clear_bhb_loop+0x60/0xb0 [ 888.338439][T16847] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 888.344364][T16847] RIP: 0033:0x7f014898ebe9 [ 888.348814][T16847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 888.368437][T16847] RSP: 002b:00007f014981a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 888.376871][T16847] RAX: ffffffffffffffda RBX: 00007f0148bb5fa0 RCX: 00007f014898ebe9 [ 888.384857][T16847] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 888.392834][T16847] RBP: 00007f0148a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 888.400815][T16847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 888.408793][T16847] R13: 00007f0148bb6038 R14: 00007f0148bb5fa0 R15: 00007ffce8ed1698 [ 888.416815][T16847] [ 890.029238][T16877] Dead loop on virtual device ip6_vti0, fix it urgently! [ 890.442130][T16898] Dead loop on virtual device ip6_vti0, fix it urgently! [ 890.612382][T16901] netlink: 122896 bytes leftover after parsing attributes in process `syz.1.4955'. [ 890.670421][T16901] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 890.698489][T16901] CPU: 0 PID: 16901 Comm: syz.1.4955 Not tainted 6.1.147-syzkaller #0 [ 890.706718][T16901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 890.716815][T16901] Call Trace: [ 890.720122][T16901] [ 890.723084][T16901] dump_stack_lvl+0x168/0x22e [ 890.727804][T16901] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 890.734090][T16901] ? show_regs_print_info+0x12/0x12 [ 890.739327][T16901] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 890.745626][T16901] sysfs_warn_dup+0x8a/0xa0 [ 890.750185][T16901] sysfs_do_create_link_sd+0xc0/0x110 [ 890.755597][T16901] device_add+0x7ed/0xfb0 [ 890.759982][T16901] wiphy_register+0x1e68/0x2bd0 [ 890.764894][T16901] ? cfg80211_event_work+0x40/0x40 [ 890.770042][T16901] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 890.776328][T16901] ? ieee80211_register_hw+0x2a4c/0x38c0 [ 890.782004][T16901] ieee80211_register_hw+0x2c29/0x38c0 [ 890.787530][T16901] ? ieee80211_register_hw+0xeb1/0x38c0 [ 890.793114][T16901] ? ieee80211_register_hw+0xeb1/0x38c0 [ 890.798710][T16901] ? ieee80211_tasklet_handler+0x20/0x20 [ 890.804396][T16901] ? memset+0x1e/0x40 [ 890.808427][T16901] ? __hrtimer_init+0x186/0x270 [ 890.813314][T16901] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 890.819099][T16901] hwsim_new_radio_nl+0xafa/0xce0 [ 890.824202][T16901] genl_family_rcv_msg_doit+0x22e/0x320 [ 890.829791][T16901] ? end_current_label_crit_section+0x170/0x170 [ 890.836081][T16901] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 890.842046][T16901] ? bpf_lsm_capable+0x5/0x10 [ 890.846766][T16901] ? security_capable+0x85/0xb0 [ 890.851662][T16901] genl_rcv_msg+0x5f2/0x780 [ 890.856232][T16901] ? genl_bind+0x350/0x350 [ 890.860687][T16901] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 890.867083][T16901] netlink_rcv_skb+0x1de/0x420 [ 890.871887][T16901] ? genl_bind+0x350/0x350 [ 890.876348][T16901] ? netlink_ack+0x1100/0x1100 [ 890.881167][T16901] ? down_read+0x1a8/0x2d0 [ 890.885630][T16901] genl_rcv+0x24/0x40 [ 890.889646][T16901] netlink_unicast+0x74d/0x8d0 [ 890.894459][T16901] netlink_sendmsg+0x89e/0xbc0 [ 890.899279][T16901] ? netlink_getsockopt+0x540/0x540 [ 890.904525][T16901] ? aa_sock_msg_perm+0x94/0x150 [ 890.909508][T16901] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 890.914827][T16901] ? security_socket_sendmsg+0x7c/0xa0 [ 890.920331][T16901] ? netlink_getsockopt+0x540/0x540 [ 890.925566][T16901] ____sys_sendmsg+0x59b/0x970 [ 890.930382][T16901] ? __sys_sendmsg_sock+0x30/0x30 [ 890.935439][T16901] ? __import_iovec+0x315/0x500 [ 890.940347][T16901] ? import_iovec+0x6f/0xa0 [ 890.944897][T16901] ___sys_sendmsg+0x21c/0x290 [ 890.949617][T16901] ? __sys_sendmsg+0x270/0x270 [ 890.954444][T16901] ? perf_trace_run_bpf_submit+0xf3/0x1c0 [ 890.960240][T16901] ? __fdget+0x17c/0x200 [ 890.964527][T16901] __se_sys_sendmsg+0x19e/0x270 [ 890.969420][T16901] ? __x64_sys_sendmsg+0x80/0x80 [ 890.974422][T16901] ? syscall_enter_from_user_mode+0x2a/0x80 [ 890.980825][T16901] do_syscall_64+0x4c/0xa0 [ 890.985276][T16901] ? clear_bhb_loop+0x60/0xb0 [ 890.989984][T16901] ? clear_bhb_loop+0x60/0xb0 [ 890.994705][T16901] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 891.000643][T16901] RIP: 0033:0x7ff533d8ebe9 [ 891.005091][T16901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 891.024735][T16901] RSP: 002b:00007ff534b32038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 891.033186][T16901] RAX: ffffffffffffffda RBX: 00007ff533fb5fa0 RCX: 00007ff533d8ebe9 [ 891.041195][T16901] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 891.049202][T16901] RBP: 00007ff533e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 891.057208][T16901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 891.065221][T16901] R13: 00007ff533fb6038 R14: 00007ff533fb5fa0 R15: 00007ffefd1c9b88 [ 891.073248][T16901] [ 892.069884][T16929] netlink: 'syz.1.4968': attribute type 15 has an invalid length. [ 892.079651][T16929] netlink: 'syz.1.4968': attribute type 5 has an invalid length. [ 892.089360][T16929] netlink: 144 bytes leftover after parsing attributes in process `syz.1.4968'. [ 892.407142][T16938] netlink: 122896 bytes leftover after parsing attributes in process `syz.2.4973'. [ 892.518689][T16938] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 892.543318][T16938] CPU: 1 PID: 16938 Comm: syz.2.4973 Not tainted 6.1.147-syzkaller #0 [ 892.551546][T16938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 892.561643][T16938] Call Trace: [ 892.564968][T16938] [ 892.567943][T16938] dump_stack_lvl+0x168/0x22e [ 892.572671][T16938] ? show_regs_print_info+0x12/0x12 [ 892.577913][T16938] ? load_image+0x3b0/0x3b0 [ 892.582478][T16938] sysfs_warn_dup+0x8a/0xa0 [ 892.587047][T16938] sysfs_do_create_link_sd+0xc0/0x110 [ 892.592493][T16938] device_add+0x7ed/0xfb0 [ 892.596887][T16938] wiphy_register+0x1e68/0x2bd0 [ 892.601811][T16938] ? cfg80211_event_work+0x40/0x40 [ 892.606985][T16938] ? minstrel_ht_alloc+0x894/0xa20 [ 892.612151][T16938] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 892.618270][T16938] ieee80211_register_hw+0x2c29/0x38c0 [ 892.623780][T16938] ? ieee80211_register_hw+0xeb1/0x38c0 [ 892.629363][T16938] ? ieee80211_register_hw+0xeb1/0x38c0 [ 892.634957][T16938] ? ieee80211_tasklet_handler+0x20/0x20 [ 892.640644][T16938] ? memset+0x1e/0x40 [ 892.644685][T16938] ? __hrtimer_init+0x186/0x270 [ 892.649585][T16938] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 892.655396][T16938] hwsim_new_radio_nl+0xafa/0xce0 [ 892.660491][T16938] genl_family_rcv_msg_doit+0x22e/0x320 [ 892.666085][T16938] ? end_current_label_crit_section+0x170/0x170 [ 892.672378][T16938] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 892.678324][T16938] ? bpf_lsm_capable+0x5/0x10 [ 892.683038][T16938] ? security_capable+0x85/0xb0 [ 892.687936][T16938] genl_rcv_msg+0x5f2/0x780 [ 892.692493][T16938] ? genl_bind+0x350/0x350 [ 892.696965][T16938] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 892.703391][T16938] netlink_rcv_skb+0x1de/0x420 [ 892.708198][T16938] ? genl_bind+0x350/0x350 [ 892.712667][T16938] ? netlink_ack+0x1100/0x1100 [ 892.717484][T16938] ? down_read+0x1a8/0x2d0 [ 892.721946][T16938] genl_rcv+0x24/0x40 [ 892.725972][T16938] netlink_unicast+0x74d/0x8d0 [ 892.730790][T16938] netlink_sendmsg+0x89e/0xbc0 [ 892.735610][T16938] ? netlink_getsockopt+0x540/0x540 [ 892.740856][T16938] ? aa_sock_msg_perm+0x94/0x150 [ 892.745850][T16938] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 892.751176][T16938] ? security_socket_sendmsg+0x7c/0xa0 [ 892.756692][T16938] ? netlink_getsockopt+0x540/0x540 [ 892.761933][T16938] ____sys_sendmsg+0x59b/0x970 [ 892.766755][T16938] ? __sys_sendmsg_sock+0x30/0x30 [ 892.771815][T16938] ? __import_iovec+0x315/0x500 [ 892.776726][T16938] ? import_iovec+0x6f/0xa0 [ 892.781293][T16938] ___sys_sendmsg+0x21c/0x290 [ 892.786017][T16938] ? __sys_sendmsg+0x270/0x270 [ 892.790850][T16938] ? rcu_is_watching+0x11/0xa0 [ 892.795685][T16938] ? __fdget+0x17c/0x200 [ 892.799974][T16938] __se_sys_sendmsg+0x19e/0x270 [ 892.804870][T16938] ? perf_trace_preemptirq_template+0x287/0x330 [ 892.811161][T16938] ? __x64_sys_sendmsg+0x80/0x80 [ 892.816161][T16938] ? lockdep_hardirqs_on+0x94/0x140 [ 892.821408][T16938] do_syscall_64+0x4c/0xa0 [ 892.825869][T16938] ? clear_bhb_loop+0x60/0xb0 [ 892.830584][T16938] ? clear_bhb_loop+0x60/0xb0 [ 892.835298][T16938] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 892.841253][T16938] RIP: 0033:0x7fb1b9b8ebe9 [ 892.845696][T16938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 892.865352][T16938] RSP: 002b:00007fb1ba917038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 892.873816][T16938] RAX: ffffffffffffffda RBX: 00007fb1b9db5fa0 RCX: 00007fb1b9b8ebe9 [ 892.881830][T16938] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 892.889883][T16938] RBP: 00007fb1b9c11e19 R08: 0000000000000000 R09: 0000000000000000 [ 892.897905][T16938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 892.905918][T16938] R13: 00007fb1b9db6038 R14: 00007fb1b9db5fa0 R15: 00007fff46dcd248 [ 892.913960][T16938] [ 893.254419][T16942] netlink: 122896 bytes leftover after parsing attributes in process `syz.1.4987'. [ 893.308102][T16942] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 893.349459][T16942] CPU: 1 PID: 16942 Comm: syz.1.4987 Not tainted 6.1.147-syzkaller #0 [ 893.357694][T16942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 893.367783][T16942] Call Trace: [ 893.371098][T16942] [ 893.374058][T16942] dump_stack_lvl+0x168/0x22e [ 893.378803][T16942] ? show_regs_print_info+0x12/0x12 [ 893.384057][T16942] ? load_image+0x3b0/0x3b0 [ 893.388627][T16942] sysfs_warn_dup+0x8a/0xa0 [ 893.393181][T16942] sysfs_do_create_link_sd+0xc0/0x110 [ 893.398605][T16942] device_add+0x7ed/0xfb0 [ 893.402993][T16942] wiphy_register+0x1e68/0x2bd0 [ 893.407912][T16942] ? cfg80211_event_work+0x40/0x40 [ 893.413056][T16942] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 893.419243][T16942] ieee80211_register_hw+0x2c29/0x38c0 [ 893.424738][T16942] ? ieee80211_register_hw+0xeb1/0x38c0 [ 893.430300][T16942] ? ieee80211_register_hw+0xeb1/0x38c0 [ 893.435871][T16942] ? ieee80211_tasklet_handler+0x20/0x20 [ 893.441526][T16942] ? memset+0x1e/0x40 [ 893.445529][T16942] ? __hrtimer_init+0x186/0x270 [ 893.450397][T16942] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 893.456152][T16942] hwsim_new_radio_nl+0xafa/0xce0 [ 893.461207][T16942] genl_family_rcv_msg_doit+0x22e/0x320 [ 893.466780][T16942] ? end_current_label_crit_section+0x170/0x170 [ 893.473135][T16942] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 893.479064][T16942] ? bpf_lsm_capable+0x5/0x10 [ 893.483770][T16942] ? security_capable+0x85/0xb0 [ 893.488650][T16942] genl_rcv_msg+0x5f2/0x780 [ 893.493208][T16942] ? genl_bind+0x350/0x350 [ 893.497639][T16942] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 893.503990][T16942] ? lock_acquire+0x20f/0x490 [ 893.508692][T16942] netlink_rcv_skb+0x1de/0x420 [ 893.513470][T16942] ? genl_bind+0x350/0x350 [ 893.517909][T16942] ? netlink_ack+0x1100/0x1100 [ 893.522687][T16942] ? down_read+0x1a8/0x2d0 [ 893.527122][T16942] genl_rcv+0x24/0x40 [ 893.531127][T16942] netlink_unicast+0x74d/0x8d0 [ 893.535950][T16942] netlink_sendmsg+0x89e/0xbc0 [ 893.540749][T16942] ? netlink_getsockopt+0x540/0x540 [ 893.545973][T16942] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 893.552149][T16942] ? aa_sock_msg_perm+0x94/0x150 [ 893.557110][T16942] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 893.562405][T16942] ? security_socket_sendmsg+0x7c/0xa0 [ 893.567882][T16942] ? netlink_getsockopt+0x540/0x540 [ 893.573100][T16942] ____sys_sendmsg+0x59b/0x970 [ 893.577896][T16942] ? __sys_sendmsg_sock+0x30/0x30 [ 893.582944][T16942] ? __import_iovec+0x315/0x500 [ 893.587825][T16942] ? import_iovec+0x6f/0xa0 [ 893.592447][T16942] ___sys_sendmsg+0x21c/0x290 [ 893.597271][T16942] ? __sys_sendmsg+0x270/0x270 [ 893.602067][T16942] ? ktime_get_real_ts64+0x420/0x420 [ 893.607389][T16942] ? __fdget+0x17c/0x200 [ 893.611654][T16942] __se_sys_sendmsg+0x19e/0x270 [ 893.616517][T16942] ? perf_trace_preemptirq_template+0x287/0x330 [ 893.622772][T16942] ? __x64_sys_sendmsg+0x80/0x80 [ 893.627735][T16942] ? lockdep_hardirqs_on+0x94/0x140 [ 893.632953][T16942] do_syscall_64+0x4c/0xa0 [ 893.637403][T16942] ? clear_bhb_loop+0x60/0xb0 [ 893.642091][T16942] ? clear_bhb_loop+0x60/0xb0 [ 893.646819][T16942] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 893.652735][T16942] RIP: 0033:0x7ff533d8ebe9 [ 893.657173][T16942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 893.676831][T16942] RSP: 002b:00007ff534b32038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 893.685264][T16942] RAX: ffffffffffffffda RBX: 00007ff533fb5fa0 RCX: 00007ff533d8ebe9 [ 893.693250][T16942] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 893.701229][T16942] RBP: 00007ff533e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 893.709213][T16942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 893.717193][T16942] R13: 00007ff533fb6038 R14: 00007ff533fb5fa0 R15: 00007ffefd1c9b88 [ 893.725195][T16942] [ 895.021222][T16969] netlink: 'syz.2.4984': attribute type 21 has an invalid length. [ 895.054309][T16969] netlink: 'syz.2.4984': attribute type 6 has an invalid length. [ 895.085418][T16969] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4984'. [ 895.396372][T16979] netlink: 'syz.3.4985': attribute type 15 has an invalid length. [ 895.526376][T16979] netlink: 'syz.3.4985': attribute type 5 has an invalid length. [ 895.580363][T16979] netlink: 144 bytes leftover after parsing attributes in process `syz.3.4985'. [ 896.097415][T16992] netlink: 122896 bytes leftover after parsing attributes in process `syz.4.4993'. [ 896.179667][T16992] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 896.202353][T16992] CPU: 0 PID: 16992 Comm: syz.4.4993 Not tainted 6.1.147-syzkaller #0 [ 896.210580][T16992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 896.220677][T16992] Call Trace: [ 896.224076][T16992] [ 896.227074][T16992] dump_stack_lvl+0x168/0x22e [ 896.231824][T16992] ? show_regs_print_info+0x12/0x12 [ 896.237072][T16992] ? load_image+0x3b0/0x3b0 [ 896.241660][T16992] sysfs_warn_dup+0x8a/0xa0 [ 896.246318][T16992] sysfs_do_create_link_sd+0xc0/0x110 [ 896.251745][T16992] device_add+0x7ed/0xfb0 [ 896.256131][T16992] wiphy_register+0x1e68/0x2bd0 [ 896.261043][T16992] ? cfg80211_event_work+0x40/0x40 [ 896.266204][T16992] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 896.272321][T16992] ieee80211_register_hw+0x2c29/0x38c0 [ 896.277834][T16992] ? ieee80211_register_hw+0xeb1/0x38c0 [ 896.283425][T16992] ? ieee80211_register_hw+0xeb1/0x38c0 [ 896.289150][T16992] ? ieee80211_tasklet_handler+0x20/0x20 [ 896.294860][T16992] ? memset+0x1e/0x40 [ 896.298904][T16992] ? __hrtimer_init+0x186/0x270 [ 896.303803][T16992] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 896.309603][T16992] hwsim_new_radio_nl+0xafa/0xce0 [ 896.314712][T16992] genl_family_rcv_msg_doit+0x22e/0x320 [ 896.320327][T16992] ? end_current_label_crit_section+0x170/0x170 [ 896.326627][T16992] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 896.332558][T16992] ? bpf_lsm_capable+0x5/0x10 [ 896.337257][T16992] ? security_capable+0x85/0xb0 [ 896.342131][T16992] genl_rcv_msg+0x5f2/0x780 [ 896.346682][T16992] ? genl_bind+0x350/0x350 [ 896.351176][T16992] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 896.357553][T16992] ? lock_acquire+0x20f/0x490 [ 896.362261][T16992] netlink_rcv_skb+0x1de/0x420 [ 896.367044][T16992] ? genl_bind+0x350/0x350 [ 896.371480][T16992] ? netlink_ack+0x1100/0x1100 [ 896.376272][T16992] ? down_read+0x1a8/0x2d0 [ 896.380710][T16992] genl_rcv+0x24/0x40 [ 896.384731][T16992] netlink_unicast+0x74d/0x8d0 [ 896.389522][T16992] netlink_sendmsg+0x89e/0xbc0 [ 896.394311][T16992] ? netlink_getsockopt+0x540/0x540 [ 896.399549][T16992] ? lockdep_hardirqs_on+0x94/0x140 [ 896.404788][T16992] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 896.410981][T16992] ? aa_sock_msg_perm+0x94/0x150 [ 896.415988][T16992] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 896.421316][T16992] ? security_socket_sendmsg+0x7c/0xa0 [ 896.426812][T16992] ? netlink_getsockopt+0x540/0x540 [ 896.432035][T16992] ____sys_sendmsg+0x59b/0x970 [ 896.436819][T16992] ? iovec_from_user+0x29d/0x360 [ 896.441811][T16992] ? __sys_sendmsg_sock+0x30/0x30 [ 896.446852][T16992] ? __import_iovec+0x315/0x500 [ 896.451728][T16992] ? import_iovec+0x6f/0xa0 [ 896.456251][T16992] ___sys_sendmsg+0x21c/0x290 [ 896.460957][T16992] ? __sys_sendmsg+0x270/0x270 [ 896.465774][T16992] ? __fdget+0x17c/0x200 [ 896.470040][T16992] __se_sys_sendmsg+0x19e/0x270 [ 896.474920][T16992] ? perf_trace_preemptirq_template+0x287/0x330 [ 896.481207][T16992] ? __x64_sys_sendmsg+0x80/0x80 [ 896.486194][T16992] ? lockdep_hardirqs_on+0x94/0x140 [ 896.491431][T16992] do_syscall_64+0x4c/0xa0 [ 896.495933][T16992] ? clear_bhb_loop+0x60/0xb0 [ 896.500633][T16992] ? clear_bhb_loop+0x60/0xb0 [ 896.505326][T16992] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 896.511253][T16992] RIP: 0033:0x7f014898ebe9 [ 896.515682][T16992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 896.535309][T16992] RSP: 002b:00007f014981a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 896.543759][T16992] RAX: ffffffffffffffda RBX: 00007f0148bb5fa0 RCX: 00007f014898ebe9 [ 896.551746][T16992] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 896.559736][T16992] RBP: 00007f0148a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 896.567719][T16992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 896.575701][T16992] R13: 00007f0148bb6038 R14: 00007f0148bb5fa0 R15: 00007ffce8ed1698 [ 896.583697][T16992] [ 898.656602][T17036] netlink: 'syz.2.5009': attribute type 4 has an invalid length. [ 898.693932][T17038] Dead loop on virtual device ip6_vti0, fix it urgently! [ 898.813923][T17036] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.5009'. [ 898.881247][T17041] netlink: 122896 bytes leftover after parsing attributes in process `syz.4.5011'. [ 898.939507][T17041] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 898.973274][T17041] CPU: 1 PID: 17041 Comm: syz.4.5011 Not tainted 6.1.147-syzkaller #0 [ 898.981516][T17041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 898.991705][T17041] Call Trace: [ 898.995022][T17041] [ 898.998008][T17041] dump_stack_lvl+0x168/0x22e [ 899.002733][T17041] ? show_regs_print_info+0x12/0x12 [ 899.007978][T17041] ? load_image+0x3b0/0x3b0 [ 899.012543][T17041] ? kasan_save_alloc_info+0x7/0x30 [ 899.017808][T17041] sysfs_warn_dup+0x8a/0xa0 [ 899.022356][T17041] sysfs_do_create_link_sd+0xc0/0x110 [ 899.027782][T17041] device_add+0x7ed/0xfb0 [ 899.032176][T17041] wiphy_register+0x1e68/0x2bd0 [ 899.037093][T17041] ? cfg80211_event_work+0x40/0x40 [ 899.042241][T17041] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 899.048475][T17041] ieee80211_register_hw+0x2c29/0x38c0 [ 899.053991][T17041] ? ieee80211_register_hw+0xeb1/0x38c0 [ 899.059576][T17041] ? ieee80211_register_hw+0xeb1/0x38c0 [ 899.065171][T17041] ? ieee80211_tasklet_handler+0x20/0x20 [ 899.070862][T17041] ? memset+0x1e/0x40 [ 899.074902][T17041] ? __hrtimer_init+0x186/0x270 [ 899.079799][T17041] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 899.085593][T17041] hwsim_new_radio_nl+0xafa/0xce0 [ 899.090704][T17041] genl_family_rcv_msg_doit+0x22e/0x320 [ 899.096282][T17041] ? end_current_label_crit_section+0x170/0x170 [ 899.102568][T17041] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 899.108494][T17041] ? bpf_lsm_capable+0x5/0x10 [ 899.113188][T17041] ? security_capable+0x85/0xb0 [ 899.118057][T17041] genl_rcv_msg+0x5f2/0x780 [ 899.122588][T17041] ? genl_bind+0x350/0x350 [ 899.127023][T17041] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 899.133394][T17041] netlink_rcv_skb+0x1de/0x420 [ 899.138183][T17041] ? genl_bind+0x350/0x350 [ 899.142617][T17041] ? netlink_ack+0x1100/0x1100 [ 899.147406][T17041] ? down_read+0x1a8/0x2d0 [ 899.151850][T17041] genl_rcv+0x24/0x40 [ 899.155850][T17041] netlink_unicast+0x74d/0x8d0 [ 899.160641][T17041] netlink_sendmsg+0x89e/0xbc0 [ 899.165432][T17041] ? netlink_getsockopt+0x540/0x540 [ 899.170660][T17041] ? aa_sock_msg_perm+0x94/0x150 [ 899.175630][T17041] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 899.180932][T17041] ? security_socket_sendmsg+0x7c/0xa0 [ 899.186420][T17041] ? netlink_getsockopt+0x540/0x540 [ 899.191645][T17041] ____sys_sendmsg+0x59b/0x970 [ 899.196431][T17041] ? __sys_sendmsg_sock+0x30/0x30 [ 899.201471][T17041] ? __import_iovec+0x315/0x500 [ 899.206351][T17041] ? import_iovec+0x6f/0xa0 [ 899.210877][T17041] ___sys_sendmsg+0x21c/0x290 [ 899.215583][T17041] ? __sys_sendmsg+0x270/0x270 [ 899.220408][T17041] ? __fdget+0x17c/0x200 [ 899.224764][T17041] __se_sys_sendmsg+0x19e/0x270 [ 899.229655][T17041] ? __x64_sys_sendmsg+0x80/0x80 [ 899.234665][T17041] ? syscall_enter_from_user_mode+0x2a/0x80 [ 899.240614][T17041] do_syscall_64+0x4c/0xa0 [ 899.245059][T17041] ? clear_bhb_loop+0x60/0xb0 [ 899.249765][T17041] ? clear_bhb_loop+0x60/0xb0 [ 899.254482][T17041] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 899.260429][T17041] RIP: 0033:0x7f014898ebe9 [ 899.264875][T17041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 899.284520][T17041] RSP: 002b:00007f014981a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 899.292957][T17041] RAX: ffffffffffffffda RBX: 00007f0148bb5fa0 RCX: 00007f014898ebe9 [ 899.300939][T17041] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 899.308920][T17041] RBP: 00007f0148a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 899.316900][T17041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 899.324880][T17041] R13: 00007f0148bb6038 R14: 00007f0148bb5fa0 R15: 00007ffce8ed1698 [ 899.332893][T17041] [ 899.570817][T17048] delete_channel: no stack [ 900.144067][T17070] netlink: 122896 bytes leftover after parsing attributes in process `syz.2.5038'. [ 900.196014][T17070] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 900.223411][T17070] CPU: 1 PID: 17070 Comm: syz.2.5038 Not tainted 6.1.147-syzkaller #0 [ 900.231636][T17070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 900.241735][T17070] Call Trace: [ 900.245056][T17070] [ 900.248030][T17070] dump_stack_lvl+0x168/0x22e [ 900.252766][T17070] ? show_regs_print_info+0x12/0x12 [ 900.258013][T17070] ? load_image+0x3b0/0x3b0 [ 900.262574][T17070] sysfs_warn_dup+0x8a/0xa0 [ 900.267123][T17070] sysfs_do_create_link_sd+0xc0/0x110 [ 900.272559][T17070] device_add+0x7ed/0xfb0 [ 900.276946][T17070] wiphy_register+0x1e68/0x2bd0 [ 900.281866][T17070] ? cfg80211_event_work+0x40/0x40 [ 900.287020][T17070] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 900.293210][T17070] ieee80211_register_hw+0x2c29/0x38c0 [ 900.298702][T17070] ? ieee80211_register_hw+0xeb1/0x38c0 [ 900.304260][T17070] ? ieee80211_register_hw+0xeb1/0x38c0 [ 900.309825][T17070] ? ieee80211_tasklet_handler+0x20/0x20 [ 900.315485][T17070] ? memset+0x1e/0x40 [ 900.319486][T17070] ? __hrtimer_init+0x186/0x270 [ 900.324348][T17070] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 900.330115][T17070] hwsim_new_radio_nl+0xafa/0xce0 [ 900.335205][T17070] genl_family_rcv_msg_doit+0x22e/0x320 [ 900.340781][T17070] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 900.346706][T17070] ? ns_capable+0x99/0xe0 [ 900.351148][T17070] genl_rcv_msg+0x5f2/0x780 [ 900.355759][T17070] ? genl_bind+0x350/0x350 [ 900.360191][T17070] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 900.366579][T17070] ? lock_acquire+0x20f/0x490 [ 900.371286][T17070] netlink_rcv_skb+0x1de/0x420 [ 900.376072][T17070] ? genl_bind+0x350/0x350 [ 900.380532][T17070] ? netlink_ack+0x1100/0x1100 [ 900.385341][T17070] ? down_read+0x1a8/0x2d0 [ 900.389807][T17070] genl_rcv+0x24/0x40 [ 900.393813][T17070] netlink_unicast+0x74d/0x8d0 [ 900.398698][T17070] netlink_sendmsg+0x89e/0xbc0 [ 900.403494][T17070] ? netlink_getsockopt+0x540/0x540 [ 900.408727][T17070] ? aa_sock_msg_perm+0x94/0x150 [ 900.413693][T17070] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 900.418993][T17070] ? security_socket_sendmsg+0x7c/0xa0 [ 900.424473][T17070] ? netlink_getsockopt+0x540/0x540 [ 900.429689][T17070] ____sys_sendmsg+0x59b/0x970 [ 900.434480][T17070] ? __sys_sendmsg_sock+0x30/0x30 [ 900.439525][T17070] ? __import_iovec+0x315/0x500 [ 900.444410][T17070] ? import_iovec+0x6f/0xa0 [ 900.448948][T17070] ___sys_sendmsg+0x21c/0x290 [ 900.453651][T17070] ? __sys_sendmsg+0x270/0x270 [ 900.458477][T17070] ? __fdget+0x17c/0x200 [ 900.462736][T17070] __se_sys_sendmsg+0x19e/0x270 [ 900.467607][T17070] ? perf_trace_preemptirq_template+0x287/0x330 [ 900.473869][T17070] ? __x64_sys_sendmsg+0x80/0x80 [ 900.478838][T17070] ? lockdep_hardirqs_on+0x94/0x140 [ 900.484061][T17070] do_syscall_64+0x4c/0xa0 [ 900.488490][T17070] ? clear_bhb_loop+0x60/0xb0 [ 900.493179][T17070] ? clear_bhb_loop+0x60/0xb0 [ 900.497878][T17070] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 900.503880][T17070] RIP: 0033:0x7fb1b9b8ebe9 [ 900.508310][T17070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 900.528043][T17070] RSP: 002b:00007fb1ba917038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 900.536511][T17070] RAX: ffffffffffffffda RBX: 00007fb1b9db5fa0 RCX: 00007fb1b9b8ebe9 [ 900.544509][T17070] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 900.552524][T17070] RBP: 00007fb1b9c11e19 R08: 0000000000000000 R09: 0000000000000000 [ 900.560524][T17070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 900.568542][T17070] R13: 00007fb1b9db6038 R14: 00007fb1b9db5fa0 R15: 00007fff46dcd248 [ 900.576554][T17070] [ 900.752024][T17075] netlink: 122896 bytes leftover after parsing attributes in process `syz.3.5040'. [ 900.780353][T17075] debugfs: Directory '!!' with parent 'ieee80211' already present! [ 900.987526][T17081] netlink: 'syz.0.5029': attribute type 15 has an invalid length. [ 901.003116][T17081] netlink: 'syz.0.5029': attribute type 5 has an invalid length. [ 901.036760][T17081] netlink: 144 bytes leftover after parsing attributes in process `syz.0.5029'. [ 901.346788][T17084] Dead loop on virtual device ip6_vti0, fix it urgently! [ 901.722742][T17090] device syzkaller0 entered promiscuous mode [ 901.809844][T17093] delete_channel: no stack [ 901.873046][T17101] netlink: 'syz.3.5048': attribute type 15 has an invalid length. [ 901.888537][T17101] netlink: 'syz.3.5048': attribute type 5 has an invalid length. [ 901.907719][T17101] netlink: 144 bytes leftover after parsing attributes in process `syz.3.5048'. [ 904.630522][T17119] device syzkaller0 entered promiscuous mode [ 907.756458][T17130] netlink: 'syz.3.5042': attribute type 21 has an invalid length. [ 907.764524][T17130] netlink: 'syz.3.5042': attribute type 6 has an invalid length. [ 907.772453][T17130] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5042'. [ 908.066460][T17140] netlink: 122896 bytes leftover after parsing attributes in process `syz.1.5045'. [ 908.093208][T17141] netlink: 'syz.0.5061': attribute type 21 has an invalid length. [ 908.104569][T17141] netlink: 'syz.0.5061': attribute type 6 has an invalid length. [ 908.129704][T17141] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5061'. [ 908.228198][T17140] debugfs: Directory '!!' with parent 'ieee80211' already present! [ 908.831822][T17160] netlink: 122896 bytes leftover after parsing attributes in process `syz.1.5060'. [ 908.898441][T17160] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 908.933314][T17160] CPU: 1 PID: 17160 Comm: syz.1.5060 Not tainted 6.1.147-syzkaller #0 [ 908.941532][T17160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 908.951602][T17160] Call Trace: [ 908.954898][T17160] [ 908.957835][T17160] dump_stack_lvl+0x168/0x22e [ 908.962529][T17160] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 908.968700][T17160] ? show_regs_print_info+0x12/0x12 [ 908.973907][T17160] ? load_image+0x3b0/0x3b0 [ 908.978450][T17160] sysfs_warn_dup+0x8a/0xa0 [ 908.982971][T17160] sysfs_do_create_link_sd+0xc0/0x110 [ 908.988363][T17160] device_add+0x7ed/0xfb0 [ 908.992711][T17160] wiphy_register+0x1e68/0x2bd0 [ 908.997592][T17160] ? cfg80211_event_work+0x40/0x40 [ 909.002732][T17160] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 909.008820][T17160] ieee80211_register_hw+0x2c29/0x38c0 [ 909.014307][T17160] ? ieee80211_register_hw+0xeb1/0x38c0 [ 909.019863][T17160] ? ieee80211_register_hw+0xeb1/0x38c0 [ 909.025443][T17160] ? ieee80211_tasklet_handler+0x20/0x20 [ 909.031122][T17160] ? memset+0x1e/0x40 [ 909.035211][T17160] ? __hrtimer_init+0x186/0x270 [ 909.040077][T17160] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 909.045838][T17160] hwsim_new_radio_nl+0xafa/0xce0 [ 909.050905][T17160] genl_family_rcv_msg_doit+0x22e/0x320 [ 909.056468][T17160] ? end_current_label_crit_section+0x170/0x170 [ 909.062735][T17160] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 909.068652][T17160] ? bpf_lsm_capable+0x5/0x10 [ 909.073343][T17160] ? security_capable+0x85/0xb0 [ 909.078204][T17160] genl_rcv_msg+0x5f2/0x780 [ 909.082728][T17160] ? genl_bind+0x350/0x350 [ 909.087155][T17160] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 909.093515][T17160] netlink_rcv_skb+0x1de/0x420 [ 909.098295][T17160] ? genl_bind+0x350/0x350 [ 909.102744][T17160] ? netlink_ack+0x1100/0x1100 [ 909.107524][T17160] ? down_read+0x1a8/0x2d0 [ 909.111951][T17160] genl_rcv+0x24/0x40 [ 909.115944][T17160] netlink_unicast+0x74d/0x8d0 [ 909.120722][T17160] netlink_sendmsg+0x89e/0xbc0 [ 909.125510][T17160] ? netlink_getsockopt+0x540/0x540 [ 909.130725][T17160] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 909.136014][T17160] ? security_socket_sendmsg+0x7c/0xa0 [ 909.141489][T17160] ? netlink_getsockopt+0x540/0x540 [ 909.146700][T17160] ____sys_sendmsg+0x59b/0x970 [ 909.151484][T17160] ? __sys_sendmsg_sock+0x30/0x30 [ 909.156515][T17160] ? __import_iovec+0x315/0x500 [ 909.161382][T17160] ? import_iovec+0x6f/0xa0 [ 909.165915][T17160] ___sys_sendmsg+0x21c/0x290 [ 909.170628][T17160] ? __sys_sendmsg+0x270/0x270 [ 909.175428][T17160] ? rcu_is_watching+0x11/0xa0 [ 909.180247][T17160] ? __fdget+0x17c/0x200 [ 909.184506][T17160] __se_sys_sendmsg+0x19e/0x270 [ 909.189368][T17160] ? perf_trace_preemptirq_template+0x287/0x330 [ 909.195629][T17160] ? __x64_sys_sendmsg+0x80/0x80 [ 909.200591][T17160] ? lockdep_hardirqs_on+0x94/0x140 [ 909.205810][T17160] do_syscall_64+0x4c/0xa0 [ 909.210251][T17160] ? clear_bhb_loop+0x60/0xb0 [ 909.214943][T17160] ? clear_bhb_loop+0x60/0xb0 [ 909.219633][T17160] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 909.225550][T17160] RIP: 0033:0x7ff533d8ebe9 [ 909.229980][T17160] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 909.249605][T17160] RSP: 002b:00007ff534b32038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 909.258395][T17160] RAX: ffffffffffffffda RBX: 00007ff533fb5fa0 RCX: 00007ff533d8ebe9 [ 909.266376][T17160] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 909.274364][T17160] RBP: 00007ff533e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 909.282363][T17160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 909.290450][T17160] R13: 00007ff533fb6038 R14: 00007ff533fb5fa0 R15: 00007ffefd1c9b88 [ 909.298472][T17160] [ 911.096757][T17188] device syzkaller0 entered promiscuous mode [ 912.462750][T17209] netlink: 122896 bytes leftover after parsing attributes in process `syz.3.5072'. [ 914.080021][T17202] netlink: 'syz.4.5069': attribute type 21 has an invalid length. [ 914.088190][T17202] netlink: 'syz.4.5069': attribute type 6 has an invalid length. [ 914.097708][T17202] netlink: 132 bytes leftover after parsing attributes in process `syz.4.5069'. [ 914.112366][T17209] sysfs: cannot create duplicate filename '/class/ieee80211/!!' [ 914.127399][T17209] CPU: 0 PID: 17209 Comm: syz.3.5072 Not tainted 6.1.147-syzkaller #0 [ 914.135635][T17209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 914.145722][T17209] Call Trace: [ 914.149032][T17209] [ 914.151988][T17209] dump_stack_lvl+0x168/0x22e [ 914.156693][T17209] ? show_regs_print_info+0x12/0x12 [ 914.161919][T17209] ? load_image+0x3b0/0x3b0 [ 914.166483][T17209] sysfs_warn_dup+0x8a/0xa0 [ 914.171032][T17209] sysfs_do_create_link_sd+0xc0/0x110 [ 914.176528][T17209] device_add+0x7ed/0xfb0 [ 914.180919][T17209] wiphy_register+0x1e68/0x2bd0 [ 914.185823][T17209] ? cfg80211_event_work+0x40/0x40 [ 914.190965][T17209] ? minstrel_ht_alloc+0x894/0xa20 [ 914.196119][T17209] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 914.202259][T17209] ieee80211_register_hw+0x2c29/0x38c0 [ 914.207776][T17209] ? ieee80211_register_hw+0xeb1/0x38c0 [ 914.213356][T17209] ? ieee80211_register_hw+0xeb1/0x38c0 [ 914.218949][T17209] ? ieee80211_tasklet_handler+0x20/0x20 [ 914.224648][T17209] ? memset+0x1e/0x40 [ 914.228665][T17209] ? __hrtimer_init+0x186/0x270 [ 914.233548][T17209] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 914.239338][T17209] hwsim_new_radio_nl+0xafa/0xce0 [ 914.244413][T17209] genl_family_rcv_msg_doit+0x22e/0x320 [ 914.249989][T17209] ? end_current_label_crit_section+0x170/0x170 [ 914.256258][T17209] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 914.262181][T17209] ? bpf_lsm_capable+0x5/0x10 [ 914.266885][T17209] ? security_capable+0x85/0xb0 [ 914.271756][T17209] genl_rcv_msg+0x5f2/0x780 [ 914.276296][T17209] ? genl_bind+0x350/0x350 [ 914.280751][T17209] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 914.287128][T17209] netlink_rcv_skb+0x1de/0x420 [ 914.291920][T17209] ? genl_bind+0x350/0x350 [ 914.296396][T17209] ? netlink_ack+0x1100/0x1100 [ 914.301220][T17209] ? down_read+0x1a8/0x2d0 [ 914.305665][T17209] genl_rcv+0x24/0x40 [ 914.309680][T17209] netlink_unicast+0x74d/0x8d0 [ 914.314485][T17209] netlink_sendmsg+0x89e/0xbc0 [ 914.319306][T17209] ? lockdep_hardirqs_on+0x94/0x140 [ 914.324569][T17209] ? netlink_getsockopt+0x540/0x540 [ 914.329814][T17209] ? netlink_getsockopt+0x540/0x540 [ 914.335059][T17209] ? netlink_getsockopt+0x540/0x540 [ 914.340294][T17209] ____sys_sendmsg+0x59b/0x970 [ 914.345106][T17209] ? __sys_sendmsg_sock+0x30/0x30 [ 914.350173][T17209] ? __import_iovec+0x315/0x500 [ 914.355072][T17209] ? import_iovec+0x6f/0xa0 [ 914.359624][T17209] ___sys_sendmsg+0x21c/0x290 [ 914.364341][T17209] ? __sys_sendmsg+0x270/0x270 [ 914.369195][T17209] ? __fdget+0x17c/0x200 [ 914.373473][T17209] __se_sys_sendmsg+0x19e/0x270 [ 914.378355][T17209] ? __x64_sys_sendmsg+0x80/0x80 [ 914.383362][T17209] ? syscall_enter_from_user_mode+0x2a/0x80 [ 914.389490][T17209] do_syscall_64+0x4c/0xa0 [ 914.393947][T17209] ? clear_bhb_loop+0x60/0xb0 [ 914.398649][T17209] ? clear_bhb_loop+0x60/0xb0 [ 914.403363][T17209] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 914.409291][T17209] RIP: 0033:0x7f332a18ebe9 [ 914.413729][T17209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 914.433387][T17209] RSP: 002b:00007f332b0bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 914.441835][T17209] RAX: ffffffffffffffda RBX: 00007f332a3b5fa0 RCX: 00007f332a18ebe9 [ 914.449823][T17209] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008 [ 914.457835][T17209] RBP: 00007f332a211e19 R08: 0000000000000000 R09: 0000000000000000 [ 914.465831][T17209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 914.473821][T17209] R13: 00007f332a3b6038 R14: 00007f332a3b5fa0 R15: 00007ffcdbd14538 [ 914.481832][T17209] [ 914.487552][T17215] netlink: 122896 bytes leftover after parsing attributes in process `syz.2.5076'. [ 914.526266][T17215] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 914.542672][T17215] CPU: 1 PID: 17215 Comm: syz.2.5076 Not tainted 6.1.147-syzkaller #0 [ 914.550910][T17215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 914.561006][T17215] Call Trace: [ 914.564336][T17215] [ 914.567304][T17215] dump_stack_lvl+0x168/0x22e [ 914.572021][T17215] ? show_regs_print_info+0x12/0x12 [ 914.577256][T17215] ? load_image+0x3b0/0x3b0 [ 914.581813][T17215] sysfs_warn_dup+0x8a/0xa0 [ 914.586358][T17215] sysfs_do_create_link_sd+0xc0/0x110 [ 914.591801][T17215] device_add+0x7ed/0xfb0 [ 914.596189][T17215] wiphy_register+0x1e68/0x2bd0 [ 914.601101][T17215] ? cfg80211_event_work+0x40/0x40 [ 914.606259][T17215] ? minstrel_ht_alloc+0x894/0xa20 [ 914.611419][T17215] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 914.617558][T17215] ieee80211_register_hw+0x2c29/0x38c0 [ 914.623063][T17215] ? ieee80211_register_hw+0xeb1/0x38c0 [ 914.628629][T17215] ? ieee80211_register_hw+0xeb1/0x38c0 [ 914.634209][T17215] ? ieee80211_tasklet_handler+0x20/0x20 [ 914.639864][T17215] ? memset+0x1e/0x40 [ 914.643868][T17215] ? __hrtimer_init+0x186/0x270 [ 914.648739][T17215] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 914.654501][T17215] hwsim_new_radio_nl+0xafa/0xce0 [ 914.659566][T17215] genl_family_rcv_msg_doit+0x22e/0x320 [ 914.665167][T17215] ? end_current_label_crit_section+0x170/0x170 [ 914.671438][T17215] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 914.677356][T17215] ? bpf_lsm_capable+0x5/0x10 [ 914.682066][T17215] ? security_capable+0x85/0xb0 [ 914.686932][T17215] genl_rcv_msg+0x5f2/0x780 [ 914.691448][T17215] ? perf_trace_run_bpf_submit+0x124/0x1c0 [ 914.697279][T17215] ? genl_bind+0x350/0x350 [ 914.701711][T17215] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 914.708075][T17215] netlink_rcv_skb+0x1de/0x420 [ 914.712857][T17215] ? genl_bind+0x350/0x350 [ 914.717297][T17215] ? netlink_ack+0x1100/0x1100 [ 914.722082][T17215] ? down_read+0x1a8/0x2d0 [ 914.726527][T17215] genl_rcv+0x24/0x40 [ 914.730526][T17215] netlink_unicast+0x74d/0x8d0 [ 914.735322][T17215] netlink_sendmsg+0x89e/0xbc0 [ 914.740112][T17215] ? netlink_getsockopt+0x540/0x540 [ 914.745341][T17215] ? aa_sock_msg_perm+0x94/0x150 [ 914.750327][T17215] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 914.755619][T17215] ? security_socket_sendmsg+0x7c/0xa0 [ 914.761096][T17215] ? netlink_getsockopt+0x540/0x540 [ 914.766324][T17215] ____sys_sendmsg+0x59b/0x970 [ 914.771113][T17215] ? __sys_sendmsg_sock+0x30/0x30 [ 914.776165][T17215] ? __import_iovec+0x315/0x500 [ 914.781040][T17215] ? import_iovec+0x6f/0xa0 [ 914.785570][T17215] ___sys_sendmsg+0x21c/0x290 [ 914.790271][T17215] ? __sys_sendmsg+0x270/0x270 [ 914.795060][T17215] ? lockdep_hardirqs_on+0x94/0x140 [ 914.800297][T17215] ? __fdget+0x17c/0x200 [ 914.804560][T17215] __se_sys_sendmsg+0x19e/0x270 [ 914.809427][T17215] ? __x64_sys_sendmsg+0x80/0x80 [ 914.814387][T17215] ? syscall_enter_from_user_mode+0x2a/0x80 [ 914.820299][T17215] do_syscall_64+0x4c/0xa0 [ 914.824723][T17215] ? clear_bhb_loop+0x60/0xb0 [ 914.829410][T17215] ? clear_bhb_loop+0x60/0xb0 [ 914.834139][T17215] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 914.840057][T17215] RIP: 0033:0x7fb1b9b8ebe9 [ 914.844486][T17215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 914.864113][T17215] RSP: 002b:00007fb1ba917038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 914.872545][T17215] RAX: ffffffffffffffda RBX: 00007fb1b9db5fa0 RCX: 00007fb1b9b8ebe9 [ 914.880530][T17215] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 914.888517][T17215] RBP: 00007fb1b9c11e19 R08: 0000000000000000 R09: 0000000000000000 [ 914.896502][T17215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 914.904482][T17215] R13: 00007fb1b9db6038 R14: 00007fb1b9db5fa0 R15: 00007fff46dcd248 [ 914.912479][T17215] [ 915.667759][T17232] netlink: 122896 bytes leftover after parsing attributes in process `syz.3.5096'. [ 915.804852][T17232] sysfs: cannot create duplicate filename '/class/ieee80211/.!' [ 915.845039][T17232] CPU: 1 PID: 17232 Comm: syz.3.5096 Not tainted 6.1.147-syzkaller #0 [ 915.853258][T17232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 915.863364][T17232] Call Trace: [ 915.866650][T17232] [ 915.869585][T17232] dump_stack_lvl+0x168/0x22e [ 915.874272][T17232] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 915.880447][T17232] ? show_regs_print_info+0x12/0x12 [ 915.885657][T17232] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 915.891822][T17232] ? dump_stack+0x5/0x12 [ 915.896077][T17232] sysfs_warn_dup+0x8a/0xa0 [ 915.900616][T17232] sysfs_do_create_link_sd+0xc0/0x110 [ 915.906007][T17232] device_add+0x7ed/0xfb0 [ 915.910365][T17232] wiphy_register+0x1e68/0x2bd0 [ 915.915246][T17232] ? cfg80211_event_work+0x40/0x40 [ 915.920368][T17232] ? minstrel_ht_alloc+0x894/0xa20 [ 915.925502][T17232] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 915.931585][T17232] ieee80211_register_hw+0x2c29/0x38c0 [ 915.937063][T17232] ? ieee80211_register_hw+0xeb1/0x38c0 [ 915.942619][T17232] ? ieee80211_register_hw+0xeb1/0x38c0 [ 915.948179][T17232] ? ieee80211_tasklet_handler+0x20/0x20 [ 915.953838][T17232] ? memset+0x1e/0x40 [ 915.957839][T17232] ? __hrtimer_init+0x186/0x270 [ 915.962707][T17232] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 915.968466][T17232] hwsim_new_radio_nl+0xafa/0xce0 [ 915.973519][T17232] genl_family_rcv_msg_doit+0x22e/0x320 [ 915.979081][T17232] ? end_current_label_crit_section+0x170/0x170 [ 915.985355][T17232] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 915.991276][T17232] ? bpf_lsm_capable+0x5/0x10 [ 915.995961][T17232] ? security_capable+0x85/0xb0 [ 916.000825][T17232] genl_rcv_msg+0x5f2/0x780 [ 916.005375][T17232] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 916.011555][T17232] ? genl_bind+0x350/0x350 [ 916.015985][T17232] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 916.022333][T17232] ? netlink_rcv_skb+0x17b/0x420 [ 916.027293][T17232] netlink_rcv_skb+0x1de/0x420 [ 916.032076][T17232] ? genl_bind+0x350/0x350 [ 916.036508][T17232] ? netlink_ack+0x1100/0x1100 [ 916.041290][T17232] ? down_read+0x1a8/0x2d0 [ 916.045724][T17232] genl_rcv+0x24/0x40 [ 916.049716][T17232] netlink_unicast+0x74d/0x8d0 [ 916.054502][T17232] netlink_sendmsg+0x89e/0xbc0 [ 916.059284][T17232] ? netlink_getsockopt+0x540/0x540 [ 916.064502][T17232] ? aa_sock_msg_perm+0x94/0x150 [ 916.069460][T17232] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 916.074753][T17232] ? security_socket_sendmsg+0x7c/0xa0 [ 916.080227][T17232] ? netlink_getsockopt+0x540/0x540 [ 916.085435][T17232] ____sys_sendmsg+0x59b/0x970 [ 916.090220][T17232] ? __sys_sendmsg_sock+0x30/0x30 [ 916.095258][T17232] ? __import_iovec+0x315/0x500 [ 916.100131][T17232] ? import_iovec+0x6f/0xa0 [ 916.104655][T17232] ___sys_sendmsg+0x21c/0x290 [ 916.109350][T17232] ? __sys_sendmsg+0x270/0x270 [ 916.114138][T17232] ? ktime_get_real_ts64+0x420/0x420 [ 916.119461][T17232] ? __fdget+0x17c/0x200 [ 916.123722][T17232] __se_sys_sendmsg+0x19e/0x270 [ 916.128575][T17232] ? ct_nmi_exit+0x145/0x1c0 [ 916.133179][T17232] ? __x64_sys_sendmsg+0x80/0x80 [ 916.138137][T17232] ? lockdep_hardirqs_on+0x94/0x140 [ 916.143348][T17232] do_syscall_64+0x4c/0xa0 [ 916.147772][T17232] ? clear_bhb_loop+0x60/0xb0 [ 916.152445][T17232] ? clear_bhb_loop+0x60/0xb0 [ 916.157125][T17232] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 916.163030][T17232] RIP: 0033:0x7f332a18ebe9 [ 916.167452][T17232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 916.187063][T17232] RSP: 002b:00007f332b0bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 916.195492][T17232] RAX: ffffffffffffffda RBX: 00007f332a3b5fa0 RCX: 00007f332a18ebe9 [ 916.203472][T17232] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 916.211459][T17232] RBP: 00007f332a211e19 R08: 0000000000000000 R09: 0000000000000000 [ 916.219444][T17232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 916.227436][T17232] R13: 00007f332a3b6038 R14: 00007f332a3b5fa0 R15: 00007ffcdbd14538 [ 916.235427][T17232] [ 916.378028][T17234] netlink: 'syz.2.5086': attribute type 21 has an invalid length. [ 916.398389][T17234] netlink: 'syz.2.5086': attribute type 1 has an invalid length. [ 917.175625][T17255] netlink: 'syz.3.5093': attribute type 21 has an invalid length. [ 917.211928][T17255] netlink: 'syz.3.5093': attribute type 6 has an invalid length. [ 917.222434][T17255] netlink: 132 bytes leftover after parsing attributes in process `syz.3.5093'. [ 918.278580][T17272] netlink: 'syz.0.5101': attribute type 21 has an invalid length. [ 918.303754][T17270] netlink: 122896 bytes leftover after parsing attributes in process `syz.4.5111'. [ 918.314039][T17272] netlink: 'syz.0.5101': attribute type 1 has an invalid length. [ 918.393580][T17275] netlink: 'syz.3.5100': attribute type 29 has an invalid length. [ 918.423892][T17275] netlink: 'syz.3.5100': attribute type 29 has an invalid length. [ 918.501249][T17270] sysfs: cannot create duplicate filename '/class/ieee80211/!!' [ 918.554619][T17270] CPU: 1 PID: 17270 Comm: syz.4.5111 Not tainted 6.1.147-syzkaller #0 [ 918.562850][T17270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 918.572943][T17270] Call Trace: [ 918.576279][T17270] [ 918.579255][T17270] dump_stack_lvl+0x168/0x22e [ 918.583997][T17270] ? show_regs_print_info+0x12/0x12 [ 918.589245][T17270] ? load_image+0x3b0/0x3b0 [ 918.593864][T17270] sysfs_warn_dup+0x8a/0xa0 [ 918.598421][T17270] sysfs_do_create_link_sd+0xc0/0x110 [ 918.603850][T17270] device_add+0x7ed/0xfb0 [ 918.608230][T17270] wiphy_register+0x1e68/0x2bd0 [ 918.613145][T17270] ? lock_chain_count+0x20/0x20 [ 918.618061][T17270] ? cfg80211_event_work+0x40/0x40 [ 918.623226][T17270] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 918.629349][T17270] ieee80211_register_hw+0x2c29/0x38c0 [ 918.634861][T17270] ? ieee80211_register_hw+0xeb1/0x38c0 [ 918.640446][T17270] ? ieee80211_register_hw+0xeb1/0x38c0 [ 918.646032][T17270] ? ieee80211_tasklet_handler+0x20/0x20 [ 918.651716][T17270] ? memset+0x1e/0x40 [ 918.655752][T17270] ? __hrtimer_init+0x186/0x270 [ 918.660637][T17270] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 918.666426][T17270] hwsim_new_radio_nl+0xafa/0xce0 [ 918.671514][T17270] genl_family_rcv_msg_doit+0x22e/0x320 [ 918.677099][T17270] ? end_current_label_crit_section+0x170/0x170 [ 918.683394][T17270] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 918.689355][T17270] ? bpf_lsm_capable+0x5/0x10 [ 918.694079][T17270] ? security_capable+0x85/0xb0 [ 918.698968][T17270] genl_rcv_msg+0x5f2/0x780 [ 918.703515][T17270] ? perf_trace_run_bpf_submit+0x124/0x1c0 [ 918.709384][T17270] ? genl_bind+0x350/0x350 [ 918.713881][T17270] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 918.720276][T17270] netlink_rcv_skb+0x1de/0x420 [ 918.725092][T17270] ? genl_bind+0x350/0x350 [ 918.729553][T17270] ? netlink_ack+0x1100/0x1100 [ 918.734373][T17270] ? down_read+0x1a8/0x2d0 [ 918.739353][T17270] genl_rcv+0x24/0x40 [ 918.743372][T17270] netlink_unicast+0x74d/0x8d0 [ 918.748191][T17270] netlink_sendmsg+0x89e/0xbc0 [ 918.753010][T17270] ? netlink_getsockopt+0x540/0x540 [ 918.758251][T17270] ? aa_sock_msg_perm+0x94/0x150 [ 918.763237][T17270] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 918.768558][T17270] ? security_socket_sendmsg+0x7c/0xa0 [ 918.774061][T17270] ? netlink_getsockopt+0x540/0x540 [ 918.779307][T17270] ____sys_sendmsg+0x59b/0x970 [ 918.784126][T17270] ? __sys_sendmsg_sock+0x30/0x30 [ 918.789201][T17270] ? __import_iovec+0x315/0x500 [ 918.794116][T17270] ? import_iovec+0x6f/0xa0 [ 918.798677][T17270] ___sys_sendmsg+0x21c/0x290 [ 918.803394][T17270] ? __sys_sendmsg+0x270/0x270 [ 918.808254][T17270] ? __fdget+0x17c/0x200 [ 918.812547][T17270] __se_sys_sendmsg+0x19e/0x270 [ 918.817440][T17270] ? perf_trace_preemptirq_template+0x287/0x330 [ 918.823748][T17270] ? __x64_sys_sendmsg+0x80/0x80 [ 918.828751][T17270] ? lockdep_hardirqs_on+0x94/0x140 [ 918.834008][T17270] do_syscall_64+0x4c/0xa0 [ 918.838476][T17270] ? clear_bhb_loop+0x60/0xb0 [ 918.843278][T17270] ? clear_bhb_loop+0x60/0xb0 [ 918.848000][T17270] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 918.853942][T17270] RIP: 0033:0x7f014898ebe9 [ 918.858391][T17270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 918.878034][T17270] RSP: 002b:00007f014981a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 918.886495][T17270] RAX: ffffffffffffffda RBX: 00007f0148bb5fa0 RCX: 00007f014898ebe9 [ 918.894514][T17270] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008 [ 918.902523][T17270] RBP: 00007f0148a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 918.910529][T17270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 918.918531][T17270] R13: 00007f0148bb6038 R14: 00007f0148bb5fa0 R15: 00007ffce8ed1698 [ 918.926565][T17270] [ 919.302741][T17290] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5106'. [ 919.810517][T17299] netlink: 'syz.0.5112': attribute type 21 has an invalid length. [ 919.842219][T17299] netlink: 'syz.0.5112': attribute type 6 has an invalid length. [ 919.886722][T17299] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5112'. [ 920.507326][T10842] Bluetooth: hci0: unexpected event 0x05 length: 15 > 4 [ 921.356054][T17326] netlink: 122896 bytes leftover after parsing attributes in process `syz.3.5121'. [ 921.476101][T17326] sysfs: cannot create duplicate filename '/class/ieee80211/!!' [ 921.574564][T17326] CPU: 1 PID: 17326 Comm: syz.3.5121 Not tainted 6.1.147-syzkaller #0 [ 921.582796][T17326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 921.592891][T17326] Call Trace: [ 921.596206][T17326] [ 921.599178][T17326] dump_stack_lvl+0x168/0x22e [ 921.603907][T17326] ? show_regs_print_info+0x12/0x12 [ 921.609146][T17326] ? load_image+0x3b0/0x3b0 [ 921.613710][T17326] sysfs_warn_dup+0x8a/0xa0 [ 921.618257][T17326] sysfs_do_create_link_sd+0xc0/0x110 [ 921.623673][T17326] device_add+0x7ed/0xfb0 [ 921.628061][T17326] wiphy_register+0x1e68/0x2bd0 [ 921.632978][T17326] ? cfg80211_event_work+0x40/0x40 [ 921.638125][T17326] ? minstrel_ht_alloc+0x894/0xa20 [ 921.643284][T17326] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 921.649400][T17326] ieee80211_register_hw+0x2c29/0x38c0 [ 921.654912][T17326] ? ieee80211_register_hw+0xeb1/0x38c0 [ 921.660501][T17326] ? ieee80211_register_hw+0xeb1/0x38c0 [ 921.666099][T17326] ? ieee80211_tasklet_handler+0x20/0x20 [ 921.671783][T17326] ? memset+0x1e/0x40 [ 921.675822][T17326] ? __hrtimer_init+0x186/0x270 [ 921.680717][T17326] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 921.686511][T17326] hwsim_new_radio_nl+0xafa/0xce0 [ 921.691645][T17326] genl_family_rcv_msg_doit+0x22e/0x320 [ 921.697219][T17326] ? end_current_label_crit_section+0x170/0x170 [ 921.703486][T17326] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 921.709412][T17326] ? bpf_lsm_capable+0x5/0x10 [ 921.714104][T17326] ? security_capable+0x85/0xb0 [ 921.718972][T17326] genl_rcv_msg+0x5f2/0x780 [ 921.723498][T17326] ? genl_bind+0x350/0x350 [ 921.727952][T17326] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 921.734352][T17326] netlink_rcv_skb+0x1de/0x420 [ 921.739133][T17326] ? genl_bind+0x350/0x350 [ 921.743570][T17326] ? netlink_ack+0x1100/0x1100 [ 921.748356][T17326] ? down_read+0x1a8/0x2d0 [ 921.752792][T17326] genl_rcv+0x24/0x40 [ 921.756790][T17326] netlink_unicast+0x74d/0x8d0 [ 921.761577][T17326] netlink_sendmsg+0x89e/0xbc0 [ 921.766364][T17326] ? netlink_getsockopt+0x540/0x540 [ 921.771607][T17326] ? aa_sock_msg_perm+0x94/0x150 [ 921.776565][T17326] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 921.781854][T17326] ? security_socket_sendmsg+0x7c/0xa0 [ 921.787347][T17326] ? netlink_getsockopt+0x540/0x540 [ 921.792651][T17326] ____sys_sendmsg+0x59b/0x970 [ 921.797440][T17326] ? __sys_sendmsg_sock+0x30/0x30 [ 921.802477][T17326] ? __import_iovec+0x315/0x500 [ 921.807359][T17326] ? import_iovec+0x6f/0xa0 [ 921.811881][T17326] ___sys_sendmsg+0x21c/0x290 [ 921.816577][T17326] ? __sys_sendmsg+0x270/0x270 [ 921.821391][T17326] ? __fdget+0x17c/0x200 [ 921.825651][T17326] __se_sys_sendmsg+0x19e/0x270 [ 921.830518][T17326] ? perf_trace_preemptirq_template+0x287/0x330 [ 921.836776][T17326] ? __x64_sys_sendmsg+0x80/0x80 [ 921.841744][T17326] ? lockdep_hardirqs_on+0x94/0x140 [ 921.846973][T17326] do_syscall_64+0x4c/0xa0 [ 921.851407][T17326] ? clear_bhb_loop+0x60/0xb0 [ 921.856089][T17326] ? clear_bhb_loop+0x60/0xb0 [ 921.860772][T17326] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 921.866682][T17326] RIP: 0033:0x7f332a18ebe9 [ 921.871121][T17326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 921.890747][T17326] RSP: 002b:00007f332b0bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 921.899178][T17326] RAX: ffffffffffffffda RBX: 00007f332a3b5fa0 RCX: 00007f332a18ebe9 [ 921.907162][T17326] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008 [ 921.915142][T17326] RBP: 00007f332a211e19 R08: 0000000000000000 R09: 0000000000000000 [ 921.923130][T17326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 921.931112][T17326] R13: 00007f332a3b6038 R14: 00007f332a3b5fa0 R15: 00007ffcdbd14538 [ 921.939105][T17326] [ 922.417921][T17341] netlink: 'syz.3.5129': attribute type 21 has an invalid length. [ 922.436017][T17341] netlink: 'syz.3.5129': attribute type 1 has an invalid length. [ 924.029150][T17376] device wg2 entered promiscuous mode [ 924.636862][T17380] netlink: 'syz.1.5138': attribute type 29 has an invalid length. [ 924.671543][T17380] netlink: 'syz.1.5138': attribute type 29 has an invalid length. [ 925.174252][T17394] netlink: 'syz.4.5143': attribute type 21 has an invalid length. [ 925.225693][T17394] netlink: 'syz.4.5143': attribute type 1 has an invalid length. [ 926.502064][T17421] device wg2 entered promiscuous mode [ 927.745572][T17434] netlink: 'syz.4.5159': attribute type 21 has an invalid length. [ 927.788919][T17434] netlink: 'syz.4.5159': attribute type 1 has an invalid length. [ 931.455313][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.461756][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 931.524289][T10842] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18 [ 931.531788][T10842] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 939.100910][T17573] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 939.123641][T17573] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 939.148881][T17573] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 940.700971][T17315] Bluetooth: hci2: unexpected subevent 0x01 length: 150 > 18 [ 940.708525][T17315] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 942.761818][T17629] device syzkaller0 entered promiscuous mode [ 942.789888][T17633] netlink: 'syz.1.5229': attribute type 10 has an invalid length. [ 942.808928][T17633] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5229'. [ 942.905042][T17633] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 946.971055][T17659] device syzkaller0 entered promiscuous mode [ 951.169349][T17716] device syzkaller0 entered promiscuous mode [ 951.277190][T17720] device syzkaller0 entered promiscuous mode [ 957.081611][T17745] device ipvlan1 entered promiscuous mode [ 957.245116][T17754] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 957.628120][T17761] netlink: 'syz.1.5276': attribute type 29 has an invalid length. [ 957.659893][T17761] netlink: 'syz.1.5276': attribute type 29 has an invalid length. [ 957.678069][T17761] netlink: 'syz.1.5276': attribute type 29 has an invalid length. [ 960.384728][T17810] netlink: 'syz.3.5290': attribute type 29 has an invalid length. [ 960.410806][T17810] netlink: 'syz.3.5290': attribute type 29 has an invalid length. [ 960.436588][T17815] netlink: 'syz.3.5290': attribute type 29 has an invalid length. [ 961.781039][T17824] netlink: 'syz.2.5296': attribute type 3 has an invalid length. [ 961.826982][T17824] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.5296'. [ 962.311512][T17837] netlink: 'syz.1.5299': attribute type 4 has an invalid length. [ 962.374699][T17837] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.5299'. [ 962.755832][T17852] netlink: 'syz.2.5308': attribute type 39 has an invalid length. [ 963.014516][T17856] netlink: 'syz.0.5309': attribute type 9 has an invalid length. [ 963.042018][T17856] netlink: 126588 bytes leftover after parsing attributes in process `syz.0.5309'. [ 963.165285][T17859] netlink: 'syz.3.5321': attribute type 29 has an invalid length. [ 963.177364][T17859] netlink: 'syz.3.5321': attribute type 29 has an invalid length. [ 963.200519][T17859] netlink: 'syz.3.5321': attribute type 29 has an invalid length. [ 963.422198][T17868] netlink: 'syz.4.5326': attribute type 29 has an invalid length. [ 963.438090][T17865] netlink: 'syz.2.5324': attribute type 9 has an invalid length. [ 963.455571][T17868] netlink: 'syz.4.5326': attribute type 29 has an invalid length. [ 963.469798][T17865] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.5324'. [ 963.495240][T17868] netlink: 'syz.4.5326': attribute type 29 has an invalid length. [ 963.771225][T17882] netlink: 'syz.4.5315': attribute type 3 has an invalid length. [ 963.897857][T17882] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.5315'. [ 964.883655][T17895] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.5320'. [ 965.982549][T17927] netlink: 126588 bytes leftover after parsing attributes in process `syz.3.5332'. [ 966.411446][T17935] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.5336'. [ 966.709548][T17940] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.5340'. [ 967.153298][T17953] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.5355'. [ 968.067325][T17971] validate_nla: 14 callbacks suppressed [ 968.067342][T17971] netlink: 'syz.1.5350': attribute type 19 has an invalid length. [ 969.772408][T18005] netlink: 'syz.3.5360': attribute type 39 has an invalid length. [ 970.661434][T18034] netlink: 15231 bytes leftover after parsing attributes in process `syz.1.5371'. [ 970.671093][T18032] netlink: 'syz.0.5369': attribute type 19 has an invalid length. [ 970.725498][T18034] netlink: 'syz.1.5371': attribute type 21 has an invalid length. [ 970.735902][T18034] netlink: 156 bytes leftover after parsing attributes in process `syz.1.5371'. [ 970.980569][T18040] netlink: 'syz.4.5373': attribute type 1 has an invalid length. [ 971.020348][T18040] netlink: 105120 bytes leftover after parsing attributes in process `syz.4.5373'. [ 971.202435][T18051] netlink: 'syz.4.5380': attribute type 39 has an invalid length. [ 971.294475][T18055] netlink: 'syz.3.5392': attribute type 19 has an invalid length. [ 972.241353][T18076] netlink: 15231 bytes leftover after parsing attributes in process `syz.3.5393'. [ 972.289391][T18076] netlink: 'syz.3.5393': attribute type 21 has an invalid length. [ 972.311301][T18076] netlink: 156 bytes leftover after parsing attributes in process `syz.3.5393'. [ 972.671829][T18083] netlink: 15231 bytes leftover after parsing attributes in process `syz.2.5406'. [ 972.737668][T18083] netlink: 'syz.2.5406': attribute type 21 has an invalid length. [ 972.756367][T18085] netlink: 'syz.3.5394': attribute type 1 has an invalid length. [ 972.770792][T18085] netlink: 105120 bytes leftover after parsing attributes in process `syz.3.5394'. [ 972.813311][T18083] netlink: 156 bytes leftover after parsing attributes in process `syz.2.5406'. [ 972.946485][T18090] syzkaller0: tun_chr_ioctl cmd 2147767521 [ 972.971147][T18090] syzkaller0: tun_chr_ioctl cmd 1074025675 [ 972.989479][T18090] syzkaller0: persist disabled [ 973.043664][ T2182] syzkaller0: tun_net_xmit 76 [ 973.048704][ T2182] syzkaller0: tun_net_xmit 48 [ 973.068553][T18097] syzkaller0: create flow: hash 463070582 index 1 [ 973.081297][ T4311] syzkaller0: tun_net_xmit 76 [ 973.086699][T18096] netlink: 'syz.2.5397': attribute type 19 has an invalid length. [ 973.102606][T18094] netlink: 'syz.3.5409': attribute type 1 has an invalid length. [ 973.121372][T18094] netlink: 105120 bytes leftover after parsing attributes in process `syz.3.5409'. [ 973.275612][ T2182] syzkaller0: tun_net_xmit 76 [ 973.304823][T18089] syzkaller0: delete flow: hash 463070582 index 1 [ 973.940517][T18112] netlink: 'syz.2.5401': attribute type 29 has an invalid length. [ 975.497914][T18112] netlink: 'syz.2.5401': attribute type 29 has an invalid length. [ 976.107775][T18132] netlink: 15231 bytes leftover after parsing attributes in process `syz.4.5413'. [ 976.186411][T18132] netlink: 'syz.4.5413': attribute type 21 has an invalid length. [ 976.210654][T18132] netlink: 156 bytes leftover after parsing attributes in process `syz.4.5413'. [ 976.530166][T18147] netlink: 'syz.1.5415': attribute type 1 has an invalid length. [ 976.571106][T18147] netlink: 105120 bytes leftover after parsing attributes in process `syz.1.5415'. [ 976.778541][T18154] netlink: 15231 bytes leftover after parsing attributes in process `syz.0.5430'. [ 976.828435][T18159] syzkaller0: tun_chr_ioctl cmd 2147767521 [ 976.868158][T18160] netlink: 'syz.0.5430': attribute type 21 has an invalid length. [ 976.970763][T18159] syzkaller0: tun_chr_ioctl cmd 1074025675 [ 977.021685][T18159] syzkaller0: persist disabled [ 978.039438][ T4311] syzkaller0: tun_net_xmit 76 [ 978.046535][ T4311] syzkaller0: tun_net_xmit 48 [ 980.564975][T18196] netlink: 'syz.4.5435': attribute type 10 has an invalid length. [ 982.130605][T18196] team0: Port device macvlan0 added [ 987.193012][T10842] Bluetooth: hci2: unexpected event 0x0b length: 15 > 11 [ 992.037992][T18340] netlink: 'syz.2.5491': attribute type 28 has an invalid length. [ 992.914331][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 992.920746][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.737487][T18361] netlink: 'syz.3.5510': attribute type 28 has an invalid length. [ 995.378653][T18373] device syzkaller0 entered promiscuous mode [ 998.061852][T18407] netlink: 'syz.0.5514': attribute type 28 has an invalid length. [ 998.968217][T18430] netlink: 'syz.1.5524': attribute type 10 has an invalid length. [ 999.122493][T18430] device macvlan0 left promiscuous mode [ 999.232424][T18430] device macvlan0 entered promiscuous mode [ 999.280851][T18430] team0: Port device macvlan0 added [ 1001.180961][T18474] netlink: 'syz.0.5543': attribute type 10 has an invalid length. [ 1001.811177][T18488] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1001.818688][T18488] IPv6: NLM_F_CREATE should be set when creating new route [ 1001.826178][T18488] IPv6: NLM_F_CREATE should be set when creating new route [ 1001.833626][T18488] IPv6: NLM_F_CREATE should be set when creating new route [ 1002.471316][T18501] delete_channel: no stack [ 1002.484116][T18498] __nla_validate_parse: 1 callbacks suppressed [ 1002.484147][T18498] netlink: 71 bytes leftover after parsing attributes in process `syz.4.5551'. [ 1002.499545][T18501] delete_channel: no stack [ 1002.561095][T18499] netlink: 'syz.2.5552': attribute type 10 has an invalid length. [ 1002.583559][T18499] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1002.603116][T18499] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1002.623277][T18499] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1002.686637][T18499] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1002.720110][T18499] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1002.741660][T18499] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1002.779560][T18499] device geneve1 entered promiscuous mode [ 1002.791569][T18499] team0: Port device geneve1 added [ 1003.180957][T18509] netlink: 'syz.4.5568': attribute type 11 has an invalid length. [ 1003.233071][T18509] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.5568'. [ 1003.307250][T18508] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1004.279525][T18529] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1004.286992][T18529] IPv6: NLM_F_CREATE should be set when creating new route [ 1004.294787][T18529] IPv6: NLM_F_CREATE should be set when creating new route [ 1004.302227][T18529] IPv6: NLM_F_CREATE should be set when creating new route [ 1006.394339][T18560] netlink: 'syz.3.5590': attribute type 10 has an invalid length. [ 1006.854940][T18571] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1007.528698][T18585] netlink: 'syz.4.5589': attribute type 10 has an invalid length. [ 1007.597690][T18585] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1007.616610][T18585] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1007.629899][T18585] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1007.643421][T18585] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1007.721788][T18585] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1007.748244][T18585] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1007.762368][T18585] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1007.774967][T18585] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1007.809802][T18585] team0: Port device geneve1 added [ 1009.517849][T18615] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1011.726839][T18650] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1012.803081][T18677] netlink: 'syz.4.5631': attribute type 10 has an invalid length. [ 1012.828663][T18677] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1012.860579][T18677] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1012.891315][T18677] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1012.949057][T18677] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1016.290547][T18720] netlink: 'syz.3.5651': attribute type 15 has an invalid length. [ 1016.303662][T18720] netlink: 11594 bytes leftover after parsing attributes in process `syz.3.5651'. [ 1016.517839][T18722] netlink: 'syz.1.5653': attribute type 10 has an invalid length. [ 1016.538990][T18722] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1016.620683][T18722] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1016.865810][T18722] device batadv_slave_0 entered promiscuous mode [ 1016.903875][T18722] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 1017.517334][T18738] netlink: 'syz.3.5669': attribute type 10 has an invalid length. [ 1017.605596][T18738] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1017.663261][T18738] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1017.733463][T18738] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1017.793449][T18738] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1018.883020][T18754] netlink: 71 bytes leftover after parsing attributes in process `syz.2.5664'. [ 1019.138173][T18761] netlink: 'syz.4.5665': attribute type 19 has an invalid length. [ 1021.370411][T18790] netlink: 71 bytes leftover after parsing attributes in process `syz.3.5680'. [ 1022.737220][T18811] netlink: 'syz.1.5686': attribute type 10 has an invalid length. [ 1022.794713][T18811] netlink: 55 bytes leftover after parsing attributes in process `syz.1.5686'. [ 1025.026895][T18859] netlink: 10 bytes leftover after parsing attributes in process `syz.4.5704'. [ 1025.511737][T18866] netlink: 'syz.0.5717': attribute type 10 has an invalid length. [ 1025.897843][T18876] netlink: 'syz.0.5723': attribute type 10 has an invalid length. [ 1026.042801][T18880] netlink: 'syz.4.5725': attribute type 10 has an invalid length. [ 1026.123834][T18880] team0: Device ipvlan1 failed to register rx_handler [ 1026.219111][T18884] netlink: 'syz.0.5710': attribute type 10 has an invalid length. [ 1026.291096][T18884] device team0 left promiscuous mode [ 1026.307177][T18884] device team_slave_0 left promiscuous mode [ 1026.337002][T18884] device team_slave_1 left promiscuous mode [ 1026.364285][T18884] device macvlan0 left promiscuous mode [ 1026.373580][T18884] device geneve1 left promiscuous mode [ 1026.470622][T18884] 8021q: adding VLAN 0 to HW filter on device team0 [ 1026.521989][T18884] device team_slave_0 entered promiscuous mode [ 1026.528748][T18884] device team_slave_1 entered promiscuous mode [ 1026.594154][T18884] bond0: (slave team0): Enslaving as an active interface with an up link [ 1026.831274][T18891] device syzkaller0 entered promiscuous mode [ 1028.088729][T18911] device sit0 entered promiscuous mode [ 1028.870954][T18918] netlink: 'syz.2.5728': attribute type 10 has an invalid length. [ 1028.922511][T18918] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1028.973708][T18918] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1029.013168][T18918] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1029.163564][T18925] netlink: 'syz.3.5731': attribute type 10 has an invalid length. [ 1029.171767][T18925] device wlan1 left promiscuous mode [ 1029.222667][T18925] team0: Port device wlan1 removed [ 1029.252035][T18925] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1029.436361][T18931] netlink: 'syz.0.5732': attribute type 29 has an invalid length. [ 1029.497371][T18931] netlink: 'syz.0.5732': attribute type 29 has an invalid length. [ 1029.755516][T18937] netlink: 'syz.2.5735': attribute type 10 has an invalid length. [ 1029.813907][T18937] device team0 left promiscuous mode [ 1029.840133][T18937] device team_slave_0 left promiscuous mode [ 1029.873735][T18937] device team_slave_1 left promiscuous mode [ 1029.892671][T18937] device macvlan0 left promiscuous mode [ 1029.923430][T18937] device wlan1 left promiscuous mode [ 1029.933801][T18937] device geneve1 left promiscuous mode [ 1030.020440][T18937] 8021q: adding VLAN 0 to HW filter on device team0 [ 1030.050123][T18937] device team0 entered promiscuous mode [ 1030.059533][T18937] device team_slave_0 entered promiscuous mode [ 1030.068746][T18937] device team_slave_1 entered promiscuous mode [ 1030.079912][T18937] device macvlan0 entered promiscuous mode [ 1030.088292][T18937] device wlan1 entered promiscuous mode [ 1030.105008][T18937] device geneve1 entered promiscuous mode [ 1030.122142][T18937] bond0: (slave team0): Enslaving as an active interface with an up link [ 1030.774210][T18951] netlink: 152 bytes leftover after parsing attributes in process `syz.2.5739'. [ 1031.006024][T18959] netlink: 'syz.3.5742': attribute type 10 has an invalid length. [ 1031.043487][T18959] netlink: 55 bytes leftover after parsing attributes in process `syz.3.5742'. [ 1031.341971][T18960] netlink: 'syz.2.5741': attribute type 10 has an invalid length. [ 1031.387341][T18960] team0: Device ipvlan1 is up. Set it down before adding it as a team port [ 1031.975880][T18971] device sit0 entered promiscuous mode [ 1032.632759][T18978] netlink: 'syz.2.5749': attribute type 10 has an invalid length. [ 1032.663636][T18978] device wlan1 left promiscuous mode [ 1032.679036][T18978] team0: Port device wlan1 removed [ 1032.693160][T18978] device wlan1 entered promiscuous mode [ 1032.704384][T18978] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1033.265170][T18984] netlink: 'syz.1.5767': attribute type 10 has an invalid length. [ 1033.293447][T18984] device wlan1 left promiscuous mode [ 1033.308994][T18984] team0: Port device wlan1 removed [ 1033.361658][T18984] device wlan1 entered promiscuous mode [ 1033.369577][T18984] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1033.416161][T18989] netlink: 152 bytes leftover after parsing attributes in process `syz.0.5755'. [ 1035.831398][T18997] delete_channel: no stack [ 1035.840797][T19001] netlink: 'syz.1.5759': attribute type 10 has an invalid length. [ 1035.862990][T19001] team0: Device ipvlan1 failed to register rx_handler [ 1036.126424][T19005] netlink: 'syz.2.5760': attribute type 10 has an invalid length. [ 1036.155784][T19005] netlink: 55 bytes leftover after parsing attributes in process `syz.2.5760'. [ 1036.174941][T19005] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 1036.256655][T19005] batman_adv: batadv0: Removing interface: virt_wifi0 [ 1036.460871][T19017] netlink: 'syz.0.5777': attribute type 10 has an invalid length. [ 1036.514144][T19016] netlink: 'syz.2.5764': attribute type 29 has an invalid length. [ 1036.528588][T19017] team0: Device ipvlan1 is up. Set it down before adding it as a team port [ 1036.576299][T19016] netlink: 'syz.2.5764': attribute type 29 has an invalid length. [ 1036.724479][T19027] device sit0 left promiscuous mode [ 1036.878245][T19027] device sit0 entered promiscuous mode [ 1037.358318][T19045] netlink: 'syz.1.5775': attribute type 8 has an invalid length. [ 1037.379316][T19045] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.5775'. [ 1037.661530][T19049] netlink: 'syz.1.5779': attribute type 10 has an invalid length. [ 1037.677669][T19049] netlink: 55 bytes leftover after parsing attributes in process `syz.1.5779'. [ 1037.699325][T19048] netlink: 154788 bytes leftover after parsing attributes in process `syz.4.5778'. [ 1037.712302][T19048] openvswitch: netlink: Message has 48126 unknown bytes. [ 1037.720975][T19053] device sit0 left promiscuous mode [ 1037.817921][T19053] device sit0 entered promiscuous mode [ 1038.178588][T19063] netlink: 152 bytes leftover after parsing attributes in process `syz.4.5783'. [ 1038.523083][T19073] netlink: 'syz.1.5787': attribute type 10 has an invalid length. [ 1038.752631][T19072] netlink: 'syz.4.5786': attribute type 10 has an invalid length. [ 1038.792657][T19072] team0: Device ipvlan1 failed to register rx_handler [ 1039.237774][T19079] netlink: 'syz.4.5789': attribute type 29 has an invalid length. [ 1039.300451][T19079] netlink: 'syz.4.5789': attribute type 29 has an invalid length. [ 1040.255865][T19097] netlink: 55 bytes leftover after parsing attributes in process `syz.2.5793'. [ 1040.743133][T19112] netlink: 152 bytes leftover after parsing attributes in process `syz.4.5797'. [ 1040.953387][T19114] device team0 left promiscuous mode [ 1040.973298][T19114] device team_slave_0 left promiscuous mode [ 1041.010556][T19114] device team_slave_1 left promiscuous mode [ 1041.048148][T19114] device geneve1 left promiscuous mode [ 1041.071764][T19114] device macvlan0 left promiscuous mode [ 1041.300100][T19114] 8021q: adding VLAN 0 to HW filter on device team0 [ 1041.389506][T19114] device team_slave_0 entered promiscuous mode [ 1041.396209][T19114] device team_slave_1 entered promiscuous mode [ 1041.402859][T19114] device geneve1 entered promiscuous mode [ 1041.508050][T19114] bond0: (slave team0): Enslaving as an active interface with an up link [ 1041.576511][T19123] validate_nla: 6 callbacks suppressed [ 1041.576549][T19123] netlink: 'syz.4.5801': attribute type 10 has an invalid length. [ 1041.608810][T19123] team0: Device ipvlan1 failed to register rx_handler [ 1041.948053][T19133] netlink: 'syz.0.5817': attribute type 10 has an invalid length. [ 1041.988290][T19133] team0: Device ipvlan1 is up. Set it down before adding it as a team port [ 1042.050729][T19134] netlink: 'syz.3.5818': attribute type 10 has an invalid length. [ 1042.097841][T19134] device team0 left promiscuous mode [ 1042.130583][T19134] device team_slave_0 left promiscuous mode [ 1042.150999][T19134] device team_slave_1 left promiscuous mode [ 1042.175920][T19134] device macvlan0 left promiscuous mode [ 1042.199207][T19134] device geneve1 left promiscuous mode [ 1042.329378][T19134] 8021q: adding VLAN 0 to HW filter on device team0 [ 1042.394197][T19134] bond0: (slave team0): Enslaving as an active interface with an up link [ 1042.942595][T19158] netlink: 'syz.1.5811': attribute type 29 has an invalid length. [ 1042.998912][T19158] netlink: 'syz.1.5811': attribute type 29 has an invalid length. [ 1046.328687][T19185] IPv6: NLM_F_CREATE should be specified when creating new route [ 1046.354506][T19185] netlink: 1 bytes leftover after parsing attributes in process `syz.2.5823'. [ 1046.367812][T19187] netlink: 'syz.4.5835': attribute type 21 has an invalid length. [ 1046.534219][T19201] netlink: 'syz.2.5825': attribute type 10 has an invalid length. [ 1046.542802][T19201] team0: Device veth1_vlan is already a lower device of the team interface [ 1046.728200][T19205] netlink: 'syz.4.5826': attribute type 10 has an invalid length. [ 1046.994537][T19211] netlink: 463 bytes leftover after parsing attributes in process `syz.1.5830'. [ 1051.329234][T19253] netlink: 'syz.3.5851': attribute type 21 has an invalid length. [ 1051.357212][T19259] netlink: 463 bytes leftover after parsing attributes in process `syz.2.5849'. [ 1051.516834][T19264] netlink: 'syz.0.5863': attribute type 29 has an invalid length. [ 1051.527612][T19264] netlink: 'syz.0.5863': attribute type 29 has an invalid length. [ 1051.810006][T19267] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1051.875819][T19267] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1052.685162][T19306] netlink: 'syz.2.5866': attribute type 21 has an invalid length. [ 1054.025433][T19316] netlink: 'syz.1.5869': attribute type 29 has an invalid length. [ 1054.042793][T19316] netlink: 'syz.1.5869': attribute type 29 has an invalid length. [ 1054.325134][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.331528][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.546930][T19341] netlink: 'syz.4.5881': attribute type 10 has an invalid length. [ 1055.241795][T19354] netlink: 'syz.3.5886': attribute type 21 has an invalid length. [ 1056.365549][T19365] netlink: 'syz.2.5890': attribute type 29 has an invalid length. [ 1056.440646][T19365] netlink: 'syz.2.5890': attribute type 29 has an invalid length. [ 1056.543491][T19368] netlink: 'syz.1.5889': attribute type 21 has an invalid length. [ 1056.574684][T19368] netlink: 'syz.1.5889': attribute type 6 has an invalid length. [ 1056.603743][T19368] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5889'. [ 1057.634101][T19391] netlink: 'syz.4.5898': attribute type 10 has an invalid length. [ 1057.649777][T19391] team0: Device veth1_vlan is already a lower device of the team interface [ 1057.738721][T19404] netlink: 'syz.2.5900': attribute type 21 has an invalid length. [ 1057.935561][T19409] netlink: 'syz.4.5903': attribute type 29 has an invalid length. [ 1058.861249][T19409] netlink: 'syz.4.5903': attribute type 29 has an invalid length. [ 1059.960159][T19440] netlink: 'syz.0.5914': attribute type 10 has an invalid length. [ 1059.978856][T19440] team0: Device veth1_vlan is already a lower device of the team interface [ 1060.059184][T19444] device syzkaller0 entered promiscuous mode [ 1061.369456][T19454] netlink: 'syz.0.5920': attribute type 21 has an invalid length. [ 1061.911301][T19467] netlink: 'syz.0.5922': attribute type 3 has an invalid length. [ 1061.938150][T19467] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.5922'. [ 1061.985643][T19466] netlink: 67 bytes leftover after parsing attributes in process `syz.3.5924'. [ 1062.206661][T19477] netlink: 'syz.2.5926': attribute type 21 has an invalid length. [ 1062.221711][T19477] netlink: 'syz.2.5926': attribute type 6 has an invalid length. [ 1062.230059][T19477] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5926'. [ 1062.371374][T19483] netlink: 'syz.4.5929': attribute type 29 has an invalid length. [ 1062.415641][T19483] netlink: 'syz.4.5929': attribute type 29 has an invalid length. [ 1064.060860][T19521] netlink: 'syz.2.5939': attribute type 3 has an invalid length. [ 1064.082764][T19521] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.5939'. [ 1064.107970][T19516] netlink: 'syz.4.5941': attribute type 21 has an invalid length. [ 1064.132024][T19516] netlink: 'syz.4.5941': attribute type 6 has an invalid length. [ 1064.163662][T19516] netlink: 132 bytes leftover after parsing attributes in process `syz.4.5941'. [ 1064.609311][T19536] netlink: 'syz.2.5946': attribute type 29 has an invalid length. [ 1064.624294][T19536] netlink: 'syz.2.5946': attribute type 29 has an invalid length. [ 1065.158798][T10842] Bluetooth: hci2: unexpected event 0x2c length: 82 > 17 [ 1065.158839][T10842] Bluetooth: hci2: Ignoring connect complete event for invalid link type [ 1065.711900][T19554] delete_channel: no stack [ 1065.721629][T19554] delete_channel: no stack [ 1065.920874][T19565] netlink: 'syz.3.5958': attribute type 3 has an invalid length. [ 1065.962488][T19565] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.5958'. [ 1066.237493][T19569] netlink: 67 bytes leftover after parsing attributes in process `syz.4.5959'. [ 1066.467998][T19586] bond0: (slave team0): Error: Slave device does not support XDP [ 1066.741006][T19595] netlink: 'syz.0.5969': attribute type 29 has an invalid length. [ 1066.759040][T19595] netlink: 'syz.0.5969': attribute type 29 has an invalid length. [ 1066.802719][T19596] netlink: 'syz.0.5969': attribute type 29 has an invalid length. [ 1066.977512][T19605] netlink: 'syz.4.5971': attribute type 21 has an invalid length. [ 1067.005626][T19605] netlink: 132 bytes leftover after parsing attributes in process `syz.4.5971'. [ 1067.311439][T19614] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.5976'. [ 1069.421033][T19638] bond0: (slave wlan1): Error: Slave device does not support XDP [ 1069.486657][T19637] netlink: 67 bytes leftover after parsing attributes in process `syz.2.5983'. [ 1069.710856][T19644] bond0: (slave wlan1): Error: Slave device does not support XDP [ 1069.750210][T19648] validate_nla: 2 callbacks suppressed [ 1069.750250][T19648] netlink: 'syz.3.5987': attribute type 39 has an invalid length. [ 1069.961205][T19650] netlink: 'syz.0.5992': attribute type 9 has an invalid length. [ 1069.973235][T19650] netlink: 61951 bytes leftover after parsing attributes in process `syz.0.5992'. [ 1070.996407][T19687] netlink: 'syz.2.6006': attribute type 9 has an invalid length. [ 1071.009451][T19687] netlink: 61951 bytes leftover after parsing attributes in process `syz.2.6006'. [ 1071.043345][T19688] bond0: (slave wlan1): Error: Slave device does not support XDP [ 1071.066749][T19686] netlink: 'syz.4.6016': attribute type 3 has an invalid length. [ 1071.113771][T19686] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.6016'. [ 1071.351067][T19689] netlink: 67 bytes leftover after parsing attributes in process `syz.1.6005'. [ 1072.031011][T19703] device syzkaller0 entered promiscuous mode [ 1072.072361][T12037] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 1072.655718][T19723] netlink: 'syz.1.6022': attribute type 9 has an invalid length. [ 1072.686602][T19723] netlink: 61951 bytes leftover after parsing attributes in process `syz.1.6022'. [ 1072.715621][T19725] netlink: 'syz.4.6023': attribute type 3 has an invalid length. [ 1072.736195][T19725] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.6023'. [ 1072.814376][T19727] bond0: (slave team0): Error: Slave device does not support XDP [ 1073.204214][T19733] netlink: 67 bytes leftover after parsing attributes in process `syz.3.6026'. [ 1073.298916][T19747] device syzkaller0 entered promiscuous mode [ 1073.950547][T19762] netlink: 'syz.4.6039': attribute type 9 has an invalid length. [ 1073.977423][T19762] netlink: 61951 bytes leftover after parsing attributes in process `syz.4.6039'. [ 1074.413748][T19768] netlink: 'syz.3.6040': attribute type 3 has an invalid length. [ 1074.438975][T19768] netlink: 105116 bytes leftover after parsing attributes in process `syz.3.6040'. [ 1074.581322][T19774] bond0: (slave team0): Error: Slave device does not support XDP [ 1074.748615][T19779] device syzkaller0 entered promiscuous mode [ 1074.787306][T12033] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 1075.414932][T19797] netlink: 67 bytes leftover after parsing attributes in process `syz.2.6052'. [ 1075.598500][T19809] bond0: (slave team0): Error: Slave device does not support XDP [ 1077.549237][T19862] netlink: 67 bytes leftover after parsing attributes in process `syz.0.6082'. [ 1077.818162][T19876] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 1077.885365][T19876] device syzkaller0 entered promiscuous mode [ 1079.961704][T19898] netlink: 'syz.1.6098': attribute type 39 has an invalid length. [ 1082.505324][T19923] bond0: (slave team0): Error: Slave device does not support XDP [ 1082.532372][T19919] netlink: 67 bytes leftover after parsing attributes in process `syz.3.6106'. [ 1084.211270][T19973] netlink: 67 bytes leftover after parsing attributes in process `syz.0.6126'. [ 1084.996221][T20002] netlink: 'syz.3.6138': attribute type 3 has an invalid length. [ 1085.025324][T19993] netlink: 67 bytes leftover after parsing attributes in process `syz.0.6146'. [ 1085.060439][T20002] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.6138'. [ 1085.153086][T20007] netlink: 'syz.3.6138': attribute type 10 has an invalid length. [ 1085.173097][T20007] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6138'. [ 1085.240362][T20007] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 1086.775866][T20041] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 1086.850201][T20041] device syzkaller0 entered promiscuous mode [ 1090.263893][T20101] cgroup: fork rejected by pids controller in /syz1 [ 1096.411116][T21981] IPv6: NLM_F_CREATE should be specified when creating new route [ 1096.443220][T21981] netlink: 1 bytes leftover after parsing attributes in process `syz.3.6253'. [ 1097.960512][T22273] netlink: 'syz.4.6266': attribute type 10 has an invalid length. [ 1098.709968][T22289] netlink: 1 bytes leftover after parsing attributes in process `syz.2.6272'. [ 1098.936074][T22290] netlink: 'syz.4.6270': attribute type 29 has an invalid length. [ 1103.875190][T24009] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6334'. [ 1103.907067][T24009] device caif0 entered promiscuous mode [ 1104.578903][T24332] netlink: 'syz.4.6344': attribute type 3 has an invalid length. [ 1104.626507][T24332] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.6344'. [ 1105.451373][T24672] netlink: 60 bytes leftover after parsing attributes in process `syz.3.6363'. [ 1105.481730][T24672] device caif0 entered promiscuous mode [ 1107.721791][T25469] netlink: 'syz.4.6399': attribute type 2 has an invalid length. [ 1107.749314][T25469] netlink: 'syz.4.6399': attribute type 8 has an invalid length. [ 1107.789544][T25469] netlink: 132 bytes leftover after parsing attributes in process `syz.4.6399'. [ 1110.321864][T26256] netlink: 'syz.3.6429': attribute type 2 has an invalid length. [ 1110.391657][T26256] netlink: 'syz.3.6429': attribute type 8 has an invalid length. [ 1110.435991][T26256] netlink: 132 bytes leftover after parsing attributes in process `syz.3.6429'. [ 1112.256155][T26854] netlink: 10 bytes leftover after parsing attributes in process `syz.4.6452'. [ 1112.847898][T27023] netlink: 60 bytes leftover after parsing attributes in process `syz.2.6457'. [ 1114.948534][T27833] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6501'. [ 1115.408130][T27964] netlink: 10 bytes leftover after parsing attributes in process `syz.2.6497'. [ 1115.814323][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.820714][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 1117.849129][T29206] netlink: 10 bytes leftover after parsing attributes in process `syz.3.6529'. [ 1122.908236][T32194] netlink: 'syz.2.6584': attribute type 39 has an invalid length. [ 1124.684552][ T486] netlink: 'syz.0.6615': attribute type 39 has an invalid length. [ 1124.721723][ T494] netlink: 192156 bytes leftover after parsing attributes in process `syz.4.6612'. [ 1124.765921][ T494] netlink: zone id is out of range [ 1124.771747][ T494] netlink: zone id is out of range [ 1124.799335][ T494] netlink: zone id is out of range [ 1124.812871][ T494] netlink: zone id is out of range [ 1126.669761][ T1370] netlink: 'syz.0.6634': attribute type 10 has an invalid length. [ 1128.022407][ T1902] netlink: 164 bytes leftover after parsing attributes in process `syz.4.6652'. [ 1128.049173][ T1902] netlink: 164 bytes leftover after parsing attributes in process `syz.4.6652'. [ 1128.385916][ T2012] device syzkaller0 entered promiscuous mode [ 1131.932307][ T2949] netlink: 'syz.3.6678': attribute type 10 has an invalid length. [ 1132.865609][ T3289] netlink: 164 bytes leftover after parsing attributes in process `syz.2.6696'. [ 1132.918498][ T3289] netlink: 164 bytes leftover after parsing attributes in process `syz.2.6696'. [ 1133.172339][ T3409] netlink: 'syz.2.6700': attribute type 10 has an invalid length. [ 1134.025544][ T3450] À: port 1(vlan0) entered disabled state [ 1135.322666][ T4072] netlink: 'syz.4.6726': attribute type 10 has an invalid length. [ 1135.341539][ T4072] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 1136.266203][ T4190] device syzkaller0 entered promiscuous mode [ 1139.272560][ T6084] netlink: 132 bytes leftover after parsing attributes in process `syz.3.6759'. [ 1139.342436][ T6097] netlink: 'syz.0.6762': attribute type 10 has an invalid length. [ 1139.366850][ T6097] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 1140.101658][ T6430] delete_channel: no stack [ 1140.330154][ T6573] netdevsim netdevsim3: Direct firmware load for Ö failed with error -2 [ 1140.381209][ T6573] netdevsim netdevsim3: Falling back to sysfs fallback for: Ö [ 1141.483011][ T6969] netlink: 132 bytes leftover after parsing attributes in process `syz.0.6792'. [ 1142.231637][ T7311] netlink: 122896 bytes leftover after parsing attributes in process `syz.2.6805'. [ 1142.299840][ T7311] sysfs: cannot create duplicate filename '/class/ieee80211/!!' [ 1142.328537][ T7311] CPU: 0 PID: 7311 Comm: syz.2.6805 Not tainted 6.1.147-syzkaller #0 [ 1142.336655][ T7311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1142.346856][ T7311] Call Trace: [ 1142.350162][ T7311] [ 1142.353141][ T7311] dump_stack_lvl+0x168/0x22e [ 1142.357857][ T7311] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1142.364044][ T7311] ? show_regs_print_info+0x12/0x12 [ 1142.369269][ T7311] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 1142.375445][ T7311] sysfs_warn_dup+0x8a/0xa0 [ 1142.379978][ T7311] sysfs_do_create_link_sd+0xc0/0x110 [ 1142.385376][ T7311] device_add+0x7ed/0xfb0 [ 1142.389728][ T7311] wiphy_register+0x1e68/0x2bd0 [ 1142.394605][ T7311] ? cfg80211_event_work+0x40/0x40 [ 1142.399734][ T7311] ? minstrel_ht_alloc+0x894/0xa20 [ 1142.404873][ T7311] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 1142.410967][ T7311] ieee80211_register_hw+0x2c29/0x38c0 [ 1142.416457][ T7311] ? ieee80211_register_hw+0xeb1/0x38c0 [ 1142.422006][ T7311] ? ieee80211_register_hw+0xeb1/0x38c0 [ 1142.427563][ T7311] ? ieee80211_tasklet_handler+0x20/0x20 [ 1142.433217][ T7311] ? memset+0x1e/0x40 [ 1142.437226][ T7311] ? __hrtimer_init+0x186/0x270 [ 1142.442084][ T7311] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 1142.447832][ T7311] hwsim_new_radio_nl+0xafa/0xce0 [ 1142.452882][ T7311] genl_family_rcv_msg_doit+0x22e/0x320 [ 1142.458445][ T7311] ? end_current_label_crit_section+0x170/0x170 [ 1142.464722][ T7311] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 1142.470654][ T7311] ? bpf_lsm_capable+0x5/0x10 [ 1142.475352][ T7311] ? security_capable+0x85/0xb0 [ 1142.480221][ T7311] genl_rcv_msg+0x5f2/0x780 [ 1142.484755][ T7311] ? genl_bind+0x350/0x350 [ 1142.489186][ T7311] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 1142.495552][ T7311] ? lock_chain_count+0x20/0x20 [ 1142.500433][ T7311] netlink_rcv_skb+0x1de/0x420 [ 1142.505220][ T7311] ? genl_bind+0x350/0x350 [ 1142.509658][ T7311] ? netlink_ack+0x1100/0x1100 [ 1142.514452][ T7311] ? down_read+0x139/0x2d0 [ 1142.518892][ T7311] ? down_read+0x1a8/0x2d0 [ 1142.523331][ T7311] genl_rcv+0x24/0x40 [ 1142.527333][ T7311] netlink_unicast+0x74d/0x8d0 [ 1142.532123][ T7311] netlink_sendmsg+0x89e/0xbc0 [ 1142.536920][ T7311] ? lockdep_hardirqs_on+0x94/0x140 [ 1142.542177][ T7311] ? netlink_getsockopt+0x540/0x540 [ 1142.547389][ T7311] ? netlink_getsockopt+0x540/0x540 [ 1142.552616][ T7311] ? netlink_getsockopt+0x540/0x540 [ 1142.557913][ T7311] ____sys_sendmsg+0x59b/0x970 [ 1142.562739][ T7311] ? __sys_sendmsg_sock+0x30/0x30 [ 1142.567792][ T7311] ? __import_iovec+0x315/0x500 [ 1142.572679][ T7311] ? import_iovec+0x6f/0xa0 [ 1142.577211][ T7311] ___sys_sendmsg+0x21c/0x290 [ 1142.581930][ T7311] ? __sys_sendmsg+0x270/0x270 [ 1142.586748][ T7311] ? __fdget+0x17c/0x200 [ 1142.591003][ T7311] __se_sys_sendmsg+0x19e/0x270 [ 1142.595876][ T7311] ? __x64_sys_sendmsg+0x80/0x80 [ 1142.600845][ T7311] ? syscall_enter_from_user_mode+0x2a/0x80 [ 1142.606778][ T7311] do_syscall_64+0x4c/0xa0 [ 1142.611215][ T7311] ? clear_bhb_loop+0x60/0xb0 [ 1142.615899][ T7311] ? clear_bhb_loop+0x60/0xb0 [ 1142.620612][ T7311] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1142.626514][ T7311] RIP: 0033:0x7fb1b9b8ebe9 [ 1142.630931][ T7311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1142.650548][ T7311] RSP: 002b:00007fb1ba917038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1142.658979][ T7311] RAX: ffffffffffffffda RBX: 00007fb1b9db5fa0 RCX: 00007fb1b9b8ebe9 [ 1142.666962][ T7311] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000009 [ 1142.674957][ T7311] RBP: 00007fb1b9c11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1142.682969][ T7311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1142.690978][ T7311] R13: 00007fb1b9db6038 R14: 00007fb1b9db5fa0 R15: 00007fff46dcd248 [ 1142.698968][ T7311] [ 1142.811003][ T7405] netlink: 144 bytes leftover after parsing attributes in process `syz.3.6809'. [ 1142.849421][ T7431] netlink: 132 bytes leftover after parsing attributes in process `syz.4.6810'. [ 1143.280884][ T7518] delete_channel: no stack [ 1143.924012][ T7829] netdevsim netdevsim2: Direct firmware load for Ö failed with error -2 [ 1143.963501][ T7829] netdevsim netdevsim2: Falling back to sysfs fallback for: Ö [ 1144.527662][ T8165] netlink: 144 bytes leftover after parsing attributes in process `syz.0.6838'. [ 1145.349108][ T8597] netlink: 'syz.2.6865': attribute type 10 has an invalid length. [ 1145.379815][ T8596] netlink: 122896 bytes leftover after parsing attributes in process `syz.4.6855'. [ 1145.391769][ T8597] netlink: 164 bytes leftover after parsing attributes in process `syz.2.6865'. [ 1145.416032][ T8596] sysfs: cannot create duplicate filename '/class/ieee80211/!!' [ 1145.443055][ T8596] CPU: 0 PID: 8596 Comm: syz.4.6855 Not tainted 6.1.147-syzkaller #0 [ 1145.451162][ T8596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1145.461243][ T8596] Call Trace: [ 1145.464557][ T8596] [ 1145.467516][ T8596] dump_stack_lvl+0x168/0x22e [ 1145.472233][ T8596] ? show_regs_print_info+0x12/0x12 [ 1145.477466][ T8596] ? load_image+0x3b0/0x3b0 [ 1145.482031][ T8596] sysfs_warn_dup+0x8a/0xa0 [ 1145.486577][ T8596] sysfs_do_create_link_sd+0xc0/0x110 [ 1145.491984][ T8596] device_add+0x7ed/0xfb0 [ 1145.496350][ T8596] wiphy_register+0x1e68/0x2bd0 [ 1145.501248][ T8596] ? cfg80211_event_work+0x40/0x40 [ 1145.506385][ T8596] ? minstrel_ht_alloc+0x894/0xa20 [ 1145.511528][ T8596] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 1145.517616][ T8596] ieee80211_register_hw+0x2c29/0x38c0 [ 1145.523106][ T8596] ? ieee80211_register_hw+0xeb1/0x38c0 [ 1145.528671][ T8596] ? ieee80211_register_hw+0xeb1/0x38c0 [ 1145.534246][ T8596] ? ieee80211_tasklet_handler+0x20/0x20 [ 1145.539924][ T8596] ? memset+0x1e/0x40 [ 1145.543951][ T8596] ? __hrtimer_init+0x186/0x270 [ 1145.548841][ T8596] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 1145.554638][ T8596] hwsim_new_radio_nl+0xafa/0xce0 [ 1145.559726][ T8596] genl_family_rcv_msg_doit+0x22e/0x320 [ 1145.565311][ T8596] ? end_current_label_crit_section+0x170/0x170 [ 1145.571657][ T8596] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 1145.577615][ T8596] ? bpf_lsm_capable+0x5/0x10 [ 1145.582325][ T8596] ? security_capable+0x85/0xb0 [ 1145.587217][ T8596] genl_rcv_msg+0x5f2/0x780 [ 1145.591766][ T8596] ? lockdep_hardirqs_on+0x94/0x140 [ 1145.597011][ T8596] ? genl_bind+0x350/0x350 [ 1145.601478][ T8596] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 1145.607877][ T8596] netlink_rcv_skb+0x1de/0x420 [ 1145.612683][ T8596] ? genl_bind+0x350/0x350 [ 1145.617139][ T8596] ? netlink_ack+0x1100/0x1100 [ 1145.621961][ T8596] ? down_read+0x1a8/0x2d0 [ 1145.626421][ T8596] genl_rcv+0x24/0x40 [ 1145.630613][ T8596] netlink_unicast+0x74d/0x8d0 [ 1145.635430][ T8596] netlink_sendmsg+0x89e/0xbc0 [ 1145.640232][ T8596] ? netlink_getsockopt+0x540/0x540 [ 1145.645473][ T8596] ? aa_sock_msg_perm+0x94/0x150 [ 1145.650485][ T8596] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1145.655796][ T8596] ? security_socket_sendmsg+0x7c/0xa0 [ 1145.661296][ T8596] ? netlink_getsockopt+0x540/0x540 [ 1145.666518][ T8596] ____sys_sendmsg+0x59b/0x970 [ 1145.671306][ T8596] ? __sys_sendmsg_sock+0x30/0x30 [ 1145.676343][ T8596] ? __import_iovec+0x315/0x500 [ 1145.681231][ T8596] ? import_iovec+0x6f/0xa0 [ 1145.685772][ T8596] ___sys_sendmsg+0x21c/0x290 [ 1145.690566][ T8596] ? __sys_sendmsg+0x270/0x270 [ 1145.695406][ T8596] ? ktime_get_real_ts64+0x420/0x420 [ 1145.700765][ T8596] ? __fdget+0x17c/0x200 [ 1145.705054][ T8596] __se_sys_sendmsg+0x19e/0x270 [ 1145.709945][ T8596] ? perf_trace_preemptirq_template+0x287/0x330 [ 1145.716230][ T8596] ? __x64_sys_sendmsg+0x80/0x80 [ 1145.721229][ T8596] ? lockdep_hardirqs_on+0x94/0x140 [ 1145.726471][ T8596] do_syscall_64+0x4c/0xa0 [ 1145.730912][ T8596] ? clear_bhb_loop+0x60/0xb0 [ 1145.735627][ T8596] ? clear_bhb_loop+0x60/0xb0 [ 1145.740380][ T8596] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1145.746328][ T8596] RIP: 0033:0x7f014898ebe9 [ 1145.750775][ T8596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1145.770656][ T8596] RSP: 002b:00007f014981a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1145.779102][ T8596] RAX: ffffffffffffffda RBX: 00007f0148bb5fa0 RCX: 00007f014898ebe9 [ 1145.787115][ T8596] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000009 [ 1145.795120][ T8596] RBP: 00007f0148a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1145.803127][ T8596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1145.811143][ T8596] R13: 00007f0148bb6038 R14: 00007f0148bb5fa0 R15: 00007ffce8ed1698 [ 1145.819157][ T8596] [ 1146.838041][T10842] Bluetooth: hci0: unexpected event 0x10 length: 15 > 1 [ 1146.838279][T10842] Bluetooth: hci0: hardware error 0x00 [ 1147.027286][ T9242] netlink: 122896 bytes leftover after parsing attributes in process `syz.0.6880'. [ 1147.051129][ T9242] sysfs: cannot create duplicate filename '/class/ieee80211/!!' [ 1147.063102][ T9242] CPU: 0 PID: 9242 Comm: syz.0.6880 Not tainted 6.1.147-syzkaller #0 [ 1147.071210][ T9242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1147.081295][ T9242] Call Trace: [ 1147.084690][ T9242] [ 1147.087651][ T9242] dump_stack_lvl+0x168/0x22e [ 1147.092373][ T9242] ? show_regs_print_info+0x12/0x12 [ 1147.097612][ T9242] ? load_image+0x3b0/0x3b0 [ 1147.102165][ T9242] sysfs_warn_dup+0x8a/0xa0 [ 1147.106706][ T9242] sysfs_do_create_link_sd+0xc0/0x110 [ 1147.112117][ T9242] device_add+0x7ed/0xfb0 [ 1147.116492][ T9242] wiphy_register+0x1e68/0x2bd0 [ 1147.121417][ T9242] ? cfg80211_event_work+0x40/0x40 [ 1147.126572][ T9242] ? minstrel_ht_alloc+0x894/0xa20 [ 1147.131736][ T9242] ? ieee80211_init_rate_ctrl_alg+0x55e/0x5e0 [ 1147.137851][ T9242] ieee80211_register_hw+0x2c29/0x38c0 [ 1147.143357][ T9242] ? ieee80211_register_hw+0xeb1/0x38c0 [ 1147.148935][ T9242] ? ieee80211_register_hw+0xeb1/0x38c0 [ 1147.154531][ T9242] ? ieee80211_tasklet_handler+0x20/0x20 [ 1147.160259][ T9242] ? memset+0x1e/0x40 [ 1147.164297][ T9242] ? __hrtimer_init+0x186/0x270 [ 1147.169205][ T9242] mac80211_hwsim_new_radio+0x28c2/0x4c40 [ 1147.175002][ T9242] hwsim_new_radio_nl+0xafa/0xce0 [ 1147.180091][ T9242] genl_family_rcv_msg_doit+0x22e/0x320 [ 1147.185688][ T9242] ? end_current_label_crit_section+0x170/0x170 [ 1147.191989][ T9242] ? genl_family_rcv_msg_dumpit+0x340/0x340 [ 1147.197936][ T9242] ? bpf_lsm_capable+0x5/0x10 [ 1147.202654][ T9242] ? security_capable+0x85/0xb0 [ 1147.207551][ T9242] genl_rcv_msg+0x5f2/0x780 [ 1147.212108][ T9242] ? genl_bind+0x350/0x350 [ 1147.216571][ T9242] ? hwsim_tx_info_frame_received_nl+0xfb0/0xfb0 [ 1147.222952][ T9242] ? lock_acquire+0x20f/0x490 [ 1147.227674][ T9242] netlink_rcv_skb+0x1de/0x420 [ 1147.232479][ T9242] ? genl_bind+0x350/0x350 [ 1147.236942][ T9242] ? netlink_ack+0x1100/0x1100 [ 1147.241753][ T9242] ? down_read+0x1a8/0x2d0 [ 1147.246200][ T9242] genl_rcv+0x24/0x40 [ 1147.250213][ T9242] netlink_unicast+0x74d/0x8d0 [ 1147.255028][ T9242] netlink_sendmsg+0x89e/0xbc0 [ 1147.259844][ T9242] ? netlink_getsockopt+0x540/0x540 [ 1147.265101][ T9242] ? netlink_getsockopt+0x540/0x540 [ 1147.270349][ T9242] ____sys_sendmsg+0x59b/0x970 [ 1147.275171][ T9242] ? __sys_sendmsg_sock+0x30/0x30 [ 1147.280251][ T9242] ? __import_iovec+0x315/0x500 [ 1147.285164][ T9242] ? import_iovec+0x6f/0xa0 [ 1147.289717][ T9242] ___sys_sendmsg+0x21c/0x290 [ 1147.294443][ T9242] ? __sys_sendmsg+0x270/0x270 [ 1147.299289][ T9242] ? __fdget+0x17c/0x200 [ 1147.303573][ T9242] __se_sys_sendmsg+0x19e/0x270 [ 1147.308455][ T9242] ? perf_trace_preemptirq_template+0x287/0x330 [ 1147.314738][ T9242] ? __x64_sys_sendmsg+0x80/0x80 [ 1147.319739][ T9242] ? lockdep_hardirqs_on+0x94/0x140 [ 1147.324981][ T9242] do_syscall_64+0x4c/0xa0 [ 1147.329432][ T9242] ? clear_bhb_loop+0x60/0xb0 [ 1147.334139][ T9242] ? clear_bhb_loop+0x60/0xb0 [ 1147.338848][ T9242] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1147.344784][ T9242] RIP: 0033:0x7fd4ab98ebe9 [ 1147.349235][ T9242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1147.368877][ T9242] RSP: 002b:00007fd4ac846038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1147.377323][ T9242] RAX: ffffffffffffffda RBX: 00007fd4abbb5fa0 RCX: 00007fd4ab98ebe9 [ 1147.385326][ T9242] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000009 [ 1147.393331][ T9242] RBP: 00007fd4aba11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1147.401435][ T9242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1147.409430][ T9242] R13: 00007fd4abbb6038 R14: 00007fd4abbb5fa0 R15: 00007ffda85c84c8 [ 1147.417445][ T9242] [ 1148.215739][ T9483] netlink: 'syz.4.6895': attribute type 1 has an invalid length. [ 1148.249299][ T9483] netlink: 105120 bytes leftover after parsing attributes in process `syz.4.6895'. [ 1148.883215][T10842] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1149.266177][T10013] IPv6: Can't replace route, no match found [ 1149.294999][T10013] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1149.338061][T10013] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6915'. [ 1150.022737][T10339] netlink: 'syz.3.6929': attribute type 1 has an invalid length. [ 1150.064099][T10339] netlink: 105120 bytes leftover after parsing attributes in process `syz.3.6929'. [ 1150.592321][T10665] netlink: 'syz.4.6942': attribute type 28 has an invalid length. [ 1150.616395][T10670] device veth0_vlan left promiscuous mode [ 1150.629059][T10670] device veth0_vlan entered promiscuous mode [ 1150.896839][T10774] netlink: 'syz.0.6947': attribute type 1 has an invalid length. [ 1150.947953][T10774] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.6947'. [ 1152.133242][T11364] IPv6: Can't replace route, no match found [ 1152.140983][T11364] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1152.178807][T11364] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6971'. [ 1152.993519][T11651] device veth0_vlan left promiscuous mode [ 1153.031990][T11651] device veth0_vlan entered promiscuous mode [ 1153.200276][T11659] IPv6: Can't replace route, no match found [ 1153.223404][T11729] mac80211_hwsim hwsim8 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 1153.264470][T11759] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6987'. [ 1153.926047][T12094] netlink: 'syz.0.7004': attribute type 39 has an invalid length. [ 1155.012481][T12615] netlink: 'syz.4.7024': attribute type 1 has an invalid length. [ 1155.520464][T12745] netlink: 'syz.0.7031': attribute type 2 has an invalid length. [ 1155.589732][T12745] netlink: 'syz.0.7031': attribute type 8 has an invalid length. [ 1155.620342][T12745] netlink: 132 bytes leftover after parsing attributes in process `syz.0.7031'. [ 1156.977715][T13389] netlink: 'syz.0.7055': attribute type 1 has an invalid length. [ 1157.117708][T13394] delete_channel: no stack [ 1157.387411][T13604] device batadv0 entered promiscuous mode [ 1157.617013][T13714] netlink: 'syz.4.7068': attribute type 2 has an invalid length. [ 1157.627882][T13714] netlink: 'syz.4.7068': attribute type 8 has an invalid length. [ 1157.645206][T13714] netlink: 132 bytes leftover after parsing attributes in process `syz.4.7068'. [ 1158.745762][T14149] netlink: 'syz.3.7086': attribute type 2 has an invalid length. [ 1158.775884][T14149] netlink: 'syz.3.7086': attribute type 8 has an invalid length. [ 1158.804957][T14149] netlink: 132 bytes leftover after parsing attributes in process `syz.3.7086'. [ 1163.092175][T15881] netlink: 52 bytes leftover after parsing attributes in process `syz.0.7152'. [ 1163.134318][T15881] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 1163.793914][T16103] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 1163.801792][T16103] #PF: supervisor instruction fetch in kernel mode [ 1163.808313][T16103] #PF: error_code(0x0010) - not-present page [ 1163.814335][T16103] PGD 242b7067 P4D 242b7067 PUD 0 [ 1163.819495][T16103] Oops: 0010 [#1] PREEMPT SMP KASAN [ 1163.824722][T16103] CPU: 1 PID: 16103 Comm: syz.0.7160 Not tainted 6.1.147-syzkaller #0 [ 1163.832898][T16103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1163.842975][T16103] RIP: 0010:0x0 [ 1163.846462][T16103] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 1163.853833][T16103] RSP: 0018:ffffc9000579f218 EFLAGS: 00010246 [ 1163.859930][T16103] RAX: 1ffffffff162ae67 RBX: 000000000000000f RCX: 0000000000000000 [ 1163.867923][T16103] RDX: ffffc9000579f2c0 RSI: 0000000000000001 RDI: ffff888024920000 [ 1163.875918][T16103] RBP: ffffc9000579f330 R08: dffffc0000000000 R09: ffffed1004924008 [ 1163.883913][T16103] R10: ffffed1004924008 R11: 1ffff11004924007 R12: ffffe8ffffd4b9e0 [ 1163.891897][T16103] R13: ffffffff8b157338 R14: 0000000000000000 R15: ffff888024920000 [ 1163.899890][T16103] FS: 00007fd4ac8466c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 1163.908969][T16103] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1163.915578][T16103] CR2: ffffffffffffffd6 CR3: 00000000481d9000 CR4: 00000000003506e0 [ 1163.923591][T16103] DR0: 0000200000000280 DR1: 0000000000000000 DR2: 0000000000000000 [ 1163.931575][T16103] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 1163.939559][T16103] Call Trace: [ 1163.942846][T16103] [ 1163.945802][T16103] bond_xdp_xmit+0x309/0x520 [ 1163.950439][T16103] ? bond_xdp_xmit+0x93/0x520 [ 1163.955147][T16103] ? bond_xdp+0x840/0x840 [ 1163.959505][T16103] bq_xmit_all+0xc99/0x10d0 [ 1163.964032][T16103] ? perf_trace_run_bpf_submit+0x1c0/0x1c0 [ 1163.969858][T16103] ? page_ext_get+0x1de/0x2a0 [ 1163.974619][T16103] ? __dev_flush+0x1b0/0x1b0 [ 1163.979249][T16103] ? __next_zones_zonelist+0x42/0x120 [ 1163.984663][T16103] ? rcu_lockdep_current_cpu_online+0x33/0x120 [ 1163.990847][T16103] ? rcu_read_lock_bh_held+0x76/0xe0 [ 1163.996165][T16103] ? rcu_read_lock_held+0x40/0x40 [ 1164.001201][T16103] bq_enqueue+0x337/0x3d0 [ 1164.005551][T16103] dev_map_enqueue_multi+0xff9/0x1160 [ 1164.010966][T16103] ? dev_map_enqueue+0x340/0x340 [ 1164.015923][T16103] ? lockdep_hardirqs_on+0x94/0x140 [ 1164.021149][T16103] xdp_do_redirect_frame+0x477/0x650 [ 1164.026476][T16103] bpf_test_run_xdp_live+0x9dd/0x1970 [ 1164.031883][T16103] ? bpf_test_run_xdp_live+0x45c/0x1970 [ 1164.037460][T16103] ? xdp_convert_md_to_buff+0x330/0x330 [ 1164.043060][T16103] ? trace_raw_output_bpf_test_finish+0xd0/0xd0 [ 1164.049330][T16103] ? xdp_convert_md_to_buff+0x5b/0x330 [ 1164.054825][T16103] bpf_prog_test_run_xdp+0x6f1/0xe50 [ 1164.060153][T16103] ? dev_put+0x80/0x80 [ 1164.064259][T16103] ? dev_put+0x80/0x80 [ 1164.068355][T16103] bpf_prog_test_run+0x31e/0x390 [ 1164.073320][T16103] __sys_bpf+0x593/0x6d0 [ 1164.077589][T16103] ? bpf_link_show_fdinfo+0x340/0x340 [ 1164.082989][T16103] ? lock_chain_count+0x20/0x20 [ 1164.087860][T16103] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 1164.093871][T16103] __x64_sys_bpf+0x78/0x90 [ 1164.098310][T16103] do_syscall_64+0x4c/0xa0 [ 1164.102743][T16103] ? clear_bhb_loop+0x60/0xb0 [ 1164.107428][T16103] ? clear_bhb_loop+0x60/0xb0 [ 1164.112117][T16103] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1164.118053][T16103] RIP: 0033:0x7fd4ab98ebe9 [ 1164.122475][T16103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1164.142098][T16103] RSP: 002b:00007fd4ac846038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1164.150528][T16103] RAX: ffffffffffffffda RBX: 00007fd4abbb5fa0 RCX: 00007fd4ab98ebe9 [ 1164.158617][T16103] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a [ 1164.166594][T16103] RBP: 00007fd4aba11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1164.174576][T16103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1164.182559][T16103] R13: 00007fd4abbb6038 R14: 00007fd4abbb5fa0 R15: 00007ffda85c84c8 [ 1164.190547][T16103] [ 1164.193576][T16103] Modules linked in: [ 1164.197477][T16103] CR2: 0000000000000000 [ 1164.201638][T16103] ---[ end trace 0000000000000000 ]--- [ 1164.207093][T16103] RIP: 0010:0x0 [ 1164.210581][T16103] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 1164.217943][T16103] RSP: 0018:ffffc9000579f218 EFLAGS: 00010246 [ 1164.224013][T16103] RAX: 1ffffffff162ae67 RBX: 000000000000000f RCX: 0000000000000000 [ 1164.231998][T16103] RDX: ffffc9000579f2c0 RSI: 0000000000000001 RDI: ffff888024920000 [ 1164.240006][T16103] RBP: ffffc9000579f330 R08: dffffc0000000000 R09: ffffed1004924008 [ 1164.247994][T16103] R10: ffffed1004924008 R11: 1ffff11004924007 R12: ffffe8ffffd4b9e0 [ 1164.255970][T16103] R13: ffffffff8b157338 R14: 0000000000000000 R15: ffff888024920000 [ 1164.263950][T16103] FS: 00007fd4ac8466c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 1164.272895][T16103] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1164.279507][T16103] CR2: ffffffffffffffd6 CR3: 00000000481d9000 CR4: 00000000003506e0 [ 1164.287490][T16103] DR0: 0000200000000280 DR1: 0000000000000000 DR2: 0000000000000000 [ 1164.295481][T16103] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 1164.303487][T16103] Kernel panic - not syncing: Fatal exception in interrupt [ 1164.311122][T16103] Kernel Offset: disabled [ 1164.315461][T16103] Rebooting in 86400 seconds..