last executing test programs:

3.132641589s ago: executing program 2 (id=2139):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000280)}, 0x20)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000800), 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2, <r3=>0xffffffffffffffff}, 0x4)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000400)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x22, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000400)={0x0, 0x0, 0xaef0}, 0x10}, 0x90)
r4 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r4, 0x84, 0x9, &(0x7f0000000380), 0x98)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r1, <r5=>0xffffffffffffffff}, 0x0, &(0x7f0000000380)}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0x19, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000008000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
close(r3)
ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000b80)='lo\x00\x96o\xd6Q\xb4Y\xa9\xc87,%\x81\xfe\x00\xd2\xd1|C\b\x00\x00\x00\x00\x00\x00\x00\xe3\xd8Yk\xdd\x85\xaac{\x8c\x8ffp`-\xcd\xf6jh\xbf\x9c\xd9\xd5\xf4\xe68\xe6O\xc2\xf1V0\x8b\xdd\xcc\xeeR\xf2/\xba\fE>k\a\xe7>t7\x8e(\xf0\x87d\xaf\x93\xfa`\xa6,o\x81.\x1cR\xa5\t\x00\x00\x00\x00\x00\x00\x00|pT\x15\xbc\f*d\x8b\xc2\xcd\x8f\x98\xdf\x00\x00\x1cM\x9c\xa5\xe0\xa8\x00\x00\x00\x80V\xf6\x80\x86\x1b\x05\xe6\"\x1d\f\xaey\x06\xd9$H!w\xa6m\xd8\x7f\xc6\x837\x83/\x9a\xdf\x01\xf2\x9e\xbb\xca^\xf9\x05\xeb\xb8{7[\xf9\xe9\x15\xdc0]\x89\x9b~\x04\xb4\xa5\xad\v.\xd0*%`\xb0\x96\x86\xdb\xa9\xd3\x01\xb2\xc7\xf8G\x069\x90,\xda\xf6\xc5\xcd\xec\xa3B\xc3\"4\xab\xf4\xa7\x83r\xa4\x80|\x03C\x9c\x00\xac\xba\xcb\xa4h\x86w_Eu\xbfy%,\xe5\n\xc1\xb3\xa4g\xa3P\x0f\x11\x93\xc7\x7f\xec\xb2\xc5E\x00\xdd\xf2e\xa8\xf1<\xb2\xc82\xbf=o\x00`\xc1A\'\xc6X\x92\x0e[\x19\xaa?\x06\xe5\x9d\xd1\x87\x92\xbb\xe3Y\x97\xc2')

3.033585907s ago: executing program 2 (id=2140):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0xfffffffffffffd74)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000900)={'bridge0\x00', @remote})
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r0, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000240)=[0x0, 0x0], ""/16, <r7=>0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000280)=[0x0, 0x0], 0x0, 0x0, 0x58, &(0x7f0000000400)=[{}, {}], 0x10, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x6b, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10)
r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000070000000700000000000007000000000030612e303000c668d837e3614de5b16cb15bd530edbdb546370f09f75b9d5eb8ac5452192b194389a295a56f33385549ca08ae3b9aa54dc6df41f77d5eb7f59f3b547bc38a7a20a14be600a32b6d8d48319a65b4859947e6eadfa8af045bcf94b05685fd25fcceeb00"/153], &(0x7f0000000700)=""/107, 0x2b, 0x6b, 0x1}, 0x28)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@bloom_filter={0x1e, 0x8, 0x3, 0x6, 0x1, r6, 0x9, '\x00', r7, r8, 0x4, 0x4, 0x0, 0x5}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
openat$cgroup(r2, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000640))
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa, 0x1880}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2008}, 0x94)
perf_event_open(&(0x7f0000004cc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x9, 0x400, 0x6, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0xaf1d, 0x1, @perf_bp={0x0, 0x1}, 0x100410, 0x200, 0x2, 0x1, 0x9, 0x9, 0xfffd, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={<r11=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r11, 0x1, 0x48, &(0x7f0000000000)=r10, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xc, &(0x7f0000000a40)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020692100000000002020207b1af8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r12=>0xffffffffffffffff})
r13 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000a00)={0x0, 0x100, 0x10}, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c80)={0x18, 0x15, &(0x7f0000000940)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x1}, @map_val={0x18, 0x0, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x10}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r9}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @jmp={0x5, 0x0, 0x9, 0xa, 0x8, 0x0, 0xffffffffffffffff}, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}}], &(0x7f0000000300)='syzkaller\x00', 0x101, 0x59, &(0x7f0000000a80)=""/89, 0x41100, 0x12, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f00000003c0)={0x6, 0x4}, 0x8, 0x10, &(0x7f00000008c0)={0x2, 0x10, 0x7fffffff, 0x2}, 0x10, 0x0, 0x0, 0x8, &(0x7f0000000bc0)=[r9, r13, r6, r9, r1], &(0x7f0000000c00)=[{0x1, 0x2, 0x1, 0x4}, {0x3, 0x1, 0xb, 0x2}, {0x0, 0x2, 0xb, 0x5}, {0x1, 0x3, 0xa, 0xa}, {0x5, 0x5, 0x6, 0xb}, {0x1, 0x1, 0x6, 0x1}, {0x3, 0x4, 0x10, 0x9}, {0x3, 0x5, 0xc}], 0x10, 0x8}, 0x94)
ioctl$SIOCSIFHWADDR(r12, 0x89a1, &(0x7f0000000900)={'bridge0\x00', @broadcast})

2.539557816s ago: executing program 0 (id=2143):
r0 = socket$kcm(0x11, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000e40)={0x15, 0x23, &(0x7f0000001080)=ANY=[@ANYBLOB="1800000016000000000000000100000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085000000a400000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b7080000ffffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200000018120000", @ANYRES32, @ANYBLOB="0000000000000000031003001a0b000018200000", @ANYRES32=0x1, @ANYBLOB="000000000300000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7020000000000008500000086000000cf7b0c0001000000bf91000000000000b7020000020000008500000084000000b70000000000000095a49e436f00000053d47016c06ebe8a86d84d7263449096b96d07239e611344113194c05aaa1bc7401a038677689aa490a266298bda37ac29ff6c475ce0cfdd6c90892906a1818d2db14e028819614c16f3d1b81269aff75a6570d54ea50ec552241fbe96804db28a0c66f3c8fb7c09790a84c909ece033068578c71eb7ddd2bd3aecc2dbdd41e0315ed722201493c992befa8734abb77d87f3d94394af9d9cb43df3a91f3d72962cb5529e366209d03dd2b51367f84f858dc61d6e25ffc3a029c5b48b37cbf3237e7bfd5ea877c63b63771472a9591efb9b1cc7594042f35efb3b727627f7"], &(0x7f0000000c80)='GPL\x00', 0x79, 0x7b, &(0x7f0000000cc0)=""/123, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000d40)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000d80)={0x5, 0xb8a, 0xa, 0x2}, 0x10, 0x0, 0xffffffffffffffff, 0x2, &(0x7f0000000dc0)=[0xffffffffffffffff], &(0x7f0000000e00)=[{0x1, 0x2, 0x7, 0x5}, {0x1, 0x2, 0x6}], 0x10, 0x81}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000fc0)={0x0, 0x2f, &(0x7f0000000640)=ANY=[@ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000550500000000000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018560000100000000000000000000000185100000e00000000000000000000001800000004000000000000000001000018120000", @ANYRESDEC=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000bf91000000000000b7020000010000008500000085000000b700000100000000950000000000"], &(0x7f0000000600)='syzkaller\x00', 0x9, 0xc4, &(0x7f0000000a40)=""/196, 0x0, 0x8, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x0, 0x3}, 0x8, 0x10, &(0x7f0000000980)={0x4, 0x8, 0x6, 0x7}, 0x10, 0xffffffffffffffff, r1, 0x6, &(0x7f0000000f00)=[0xffffffffffffffff], &(0x7f0000000f40)=[{0x0, 0x2, 0x5, 0x4}, {0x1, 0x5, 0x8, 0x1}, {0x0, 0x1, 0x2, 0xc}, {0x8, 0x2, 0xb, 0xb}, {0x3, 0x3, 0xb, 0x9}, {0x3, 0xfffffffe, 0x9, 0x8}], 0x10, 0x6}, 0x94)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x400000000004, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f00000008c0), 0xd}, 0xc001, 0x0, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x110282, 0xc8}, 0x0, 0x800000000000, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00060000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x14, 0x4, 0x4, 0x22}, 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r5, &(0x7f0000000480)="4fde"}, 0x20)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)={0x2, 0x4, 0x8, 0x1, 0x80, r3, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x3}, 0x50)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000580)={0x3, 0x4, 0x4, 0xa, 0x0, r7, 0x80000001, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x2}, 0x50)
perf_event_open$cgroup(&(0x7f0000000740)={0x1, 0x80, 0x80, 0x9, 0xc, 0xf, 0x0, 0x2, 0x80000, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, @perf_config_ext={0x200, 0xfffffffffffffffa}, 0x111006, 0x401, 0x9, 0x2, 0x4, 0xfffff800, 0x9, 0x0, 0x7fffffff, 0x0, 0x5}, r6, 0x5, 0xffffffffffffffff, 0x6)
r8 = openat$cgroup_int(r6, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0)
r9 = openat$cgroup_procs(r6, &(0x7f0000001a80)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r9, &(0x7f0000000380), 0x12)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d00)={&(0x7f0000001380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a}, 0x28)
r10 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r10, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r11, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000001200)=[{}], 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
write$cgroup_int(r8, &(0x7f0000000040), 0x1)
sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x47}, 0x80, &(0x7f0000006440)=[{&(0x7f0000000080)="513b5a9c0c0000004d4241fc0560", 0x36}], 0x1}, 0x0)

2.402242057s ago: executing program 1 (id=2144):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e0000000400000008000000080000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x20000000000001c0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0xfffffffffffffd7f)
r2 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = gettid()
syz_open_procfs$namespace(r3, &(0x7f0000000680)='ns/cgroup\x00')
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={r3, r2, 0x0, 0x0, 0x0}, 0x30)
socketpair$tipc(0x1e, 0x4, 0x0, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000040)="fb", 0x1}], 0x1}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d649379071c33390e418ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fcb4e0b6eab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afcc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab2e4b380a00d72bc0480f949c479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a662d8bc9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e558d17879570c8ad943e392955f4f979ea13201bafe4f0f6ea508000000a0c548552b571bed5647323c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151fcda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ecec37e83efceefd7ca2533659edc8bef9cb85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d350000000000000000e0c504814393cf96bef209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e5a61561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a2946501559335781092cf8ce987c56cd31121624d7455f2a3666276c3c0e812b28e2f30d035cee5d0e77a3c72208ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463aaf28345bde0c195bc9f022ca8ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262d0af3246eb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a0600adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa7000008000000000000117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cd50feeb7bfad9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5631820420b75b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff201000000000000002e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa66237e0dacc107f532348cc2116473381e961f3d9c8c21578fe3245097c280abe51427b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d174b0000000000000000000000fa08ad0731ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282b6caa2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae0533496b6d58da50ee80a6b9a7438978c5465113f668eb4484350048289d07dbef325d322781e3214c2a3dcf89d99844b762a9cf17548c54fccad2c7ae8072b82e0880815daf966bd5343c1635e123f868a7167cfcff33320253af570f4ef9c0254afdd89ac3943562b530dd88da8a94013bbaf204bebc38055adc39f07f7c22711f4d1f6dcc928d1578a093c072e0b92babc76f47ee367e745a024a2278319d9a4d1378482b74c516647652bfb6e93002494a5cd74e2a9a4734487062437da23e1efa6ef7674108aaa3ffac859c3577c2637bb3bdc69bc365b1f20dba96b8acca62f3f80045318de0facf2ed44b814e842c2a520159bb6c320cec0910c0b8bd3d547bdfba2e0bb24d117ed0388afd37affbad2f9c77c9c1314a16ffe64f5e3744a2fffd7039670f5706e589a4c3868db06fd892d68a547477f8ef686ff0dba7b8c18c94d5a89b0567a851750a35d9cc2000000000000000000"], &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000))
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0200000004000000080000000600000080000000", @ANYRES32, @ANYBLOB="8300"/19, @ANYRES32, @ANYRES32, @ANYBLOB], 0x50)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_int(r4, &(0x7f0000000000), 0xfffffd26)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000001080)=ANY=[@ANYBLOB="18000000", @ANYRES32, @ANYBLOB="0000000000000000b7080049fb6785007b8af8ff00000000bfa200000000000007ea2b3f64ca7a07a053d0e4f91f00020000f8ffffffb703000004000000000000000000000085000000030000009500000000080000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)

2.229023521s ago: executing program 2 (id=2145):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_queued\x00', 0x26e1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x14, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x3, &(0x7f0000000380)=@framed, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x51, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0xf, 0x4, 0x8, 0x1}, 0x37)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="18020000feffffff0000000003000000850000004100000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f805ffffb702000008000006b703000003000000850000001700000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext={0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000003c0)="1400000017000b63d25a80648c2594", 0xf}], 0x1}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x6, 0x4, 0x0, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x11}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x20000, 0x4, 0x3, 0x141, r2}, 0x50)

2.150090088s ago: executing program 0 (id=2147):
socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x10)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x210e, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x407fff, 0x1}, 0x14105, 0x32, 0xfffffbff, 0x3, 0x6, 0x0, 0xffda, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000240)='ns/user\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf, 0x5}, 0x100e64, 0xc78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x200000000000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)=[@cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0xd8}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1d, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x4}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'wlan0\x00', 0x200})
socketpair(0x1, 0x1, 0x1, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x5411, &(0x7f0000000080))

2.030280307s ago: executing program 2 (id=2149):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73f72cc9f", 0x10}], 0x1}, 0x4004850) (fail_nth: 4)

1.932909515s ago: executing program 0 (id=2150):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x7, &(0x7f00000002c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffc}, [@ringbuf_query]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe80, 0xfffffcc3, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000180), 0x2f01, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYRES32, @ANYBLOB], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f00000005c0)=r2, 0x12)
syz_open_procfs$namespace(r2, &(0x7f0000000000)='ns/time_for_children\x00')
socketpair$unix(0x1, 0x1, 0x0, 0x0)
perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0x28, 0x1, 0x0, 0xfd, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x100000000}, 0x110040, 0x7f, 0x80, 0x7, 0x9, 0x806, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x620401, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0xf, 0x3, 0x3, 0x7fffffff, 0x22c00, 0xffffffffffffffff, 0x0, '\x00', 0x0, r3, 0x5, 0x3}, 0x50)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x4, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_config_ext={0x3, 0x8001}, 0x0, 0x2e, 0xfffffbff, 0x9, 0xffffffffffffffff, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000080)={0x1, &(0x7f0000000840)=[{0xfdc0, 0x0, 0x3, 0xff7ff038}]})
ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8941, &(0x7f0000000080))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000240)='ns/user\x00')
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x200000000000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, 0x0, 0x0)
recvmsg$unix(r5, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000600), 0x3e}, 0x100)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8946, &(0x7f0000000080))
perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x1f}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r7 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000440)={&(0x7f0000000080)=@in6={0xa, 0x4e20, 0x0, @private0}, 0x80, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='(\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002'], 0x28}, 0x0)

1.432846075s ago: executing program 2 (id=2151):
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x80, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2d, 0xfffffc00, 0x3, 0x2, 0x200, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={0xffffffffffffffff}, 0x4)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x44, 0x7, 0x0, 0x0, 0x0, 0xc, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x97, 0x3}, 0x1490, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xaffffff7fffffffd, 0xffffffffffffffff, 0x9)
r1 = perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_bp={0x0, 0x2}, 0x5114, 0x80000001, 0x0, 0x0, 0x0, 0xc26, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0x2, 0x1000000000000005, 0x0)
perf_event_open(0x0, 0x0, 0x6, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={0x0, 0x0}, 0x28)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0x2a, 0x2, 0x0)
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8918, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
socket$kcm(0x10, 0x2, 0x0)
r4 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r4, 0x84, 0x85, &(0x7f0000000ac0), 0x90)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x6, 0x4, 0x4, 0x8}, 0x50)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r6}, 0x10)
sendmsg$inet(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f0000000040)=[{&(0x7f00000004c0)='.', 0x1}], 0x1}, 0x0)
socket$kcm(0x29, 0x2, 0x0)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x16, &(0x7f0000000b00)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0xb}, {{0x18, 0x1, 0x1, 0x0, r7}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffc}, {0x85, 0x0, 0x0, 0x86}}, {{0x5, 0x0, 0x5, 0x9, 0x0, 0x1, 0x200000}}, [@jmp={0x5, 0x1, 0xb, 0xa, 0x0, 0x6}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @map_fd={0x18, 0x9, 0x1, 0x0, r7}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0xb, 0x1000, &(0x7f0000000cc0)=""/4096, 0x41100, 0x2f}, 0x94)
sendmsg$inet(r2, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000480)=ANY=[], 0x20}, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f00000001c0)='cpu&-0\t\t\t')
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x1c, 0x23, &(0x7f0000000840)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@btf_id={0x18, 0x0, 0x3, 0x0, 0x5}, @ldst={0x1, 0x0, 0x4, 0x9, 0xa, 0xfffffffffffffff8, 0x1}, @map_fd={0x18, 0x8, 0x1, 0x0, 0x1}, @func, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x79d}}, @cb_func={0x18, 0x5, 0x4, 0x0, 0x3}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xffffffffffffffff}, @exit, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000002c0)='syzkaller\x00', 0x5, 0xa5, &(0x7f00000006c0)=""/165, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000600)={0x3, 0x6, 0x7, 0x1}, 0x10, 0x0, 0xffffffffffffffff, 0x1, &(0x7f0000000980)=[r7, 0x1, r5, r5, r7, 0xffffffffffffffff, r5, r5, r5, r7], &(0x7f00000009c0)=[{0x4, 0x5, 0x3, 0x8}], 0x10, 0x3}, 0x94)
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000040)={0x3, &(0x7f00000000c0)=[{0x6}, {0x40, 0x40, 0xfd}, {0x6, 0x0, 0x1}]})
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)

1.429503895s ago: executing program 3 (id=2152):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/32], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
openat$tun(0xffffffffffffff9c, 0x0, 0xc1842, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b02d25a806f8c6394f90924fc60040f030047000000053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

1.322284954s ago: executing program 1 (id=2153):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/32], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
openat$tun(0xffffffffffffff9c, 0x0, 0xc1842, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b02d25a806f8c6394f90924fc60040f030047000000053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

1.205586063s ago: executing program 3 (id=2154):
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2a, 0xfffffbff, 0x3, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0xa9e9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x5, 0x2, 0x0, 0x0, 0x0, 0x9, 0x4022, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x0, 0x0, 0xfffffffc, 0x5, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x2, 0x0, 0x80}, 0x0, 0xffffff7fffffffff, 0xffffffffffffffff, 0x8)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@cred={{0x1c}}, @rights={{0x10}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x90}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60}, 0x50)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1_to_bond\x00', 0x200})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8910, &(0x7f0000000080))

920.598886ms ago: executing program 3 (id=2155):
r0 = socket$kcm(0x11, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000e40)={0x15, 0x23, &(0x7f0000001080)=ANY=[@ANYBLOB="1800000016000000000000000100000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085000000a400000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b7080000ffffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200000018120000", @ANYRES32, @ANYBLOB="0000000000000000031003001a0b000018200000", @ANYRES32=0x1, @ANYBLOB="000000000300000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7020000000000008500000086000000cf7b0c0001000000bf91000000000000b7020000020000008500000084000000b70000000000000095a49e436f00000053d47016c06ebe8a86d84d7263449096b96d07239e611344113194c05aaa1bc7401a038677689aa490a266298bda37ac29ff6c475ce0cfdd6c90892906a1818d2db14e028819614c16f3d1b81269aff75a6570d54ea50ec552241fbe96804db28a0c66f3c8fb7c09790a84c909ece033068578c71eb7ddd2bd3aecc2dbdd41e0315ed722201493c992befa8734abb77d87f3d94394af9d9cb43df3a91f3d72962cb5529e366209d03dd2b51367f84f858dc61d6e25ffc3a029c5b48b37cbf3237e7bfd5ea877c63b63771472a9591efb9b1cc7594042f35efb3b727627f7"], &(0x7f0000000c80)='GPL\x00', 0x79, 0x7b, &(0x7f0000000cc0)=""/123, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000d40)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000d80)={0x5, 0xb8a, 0xa, 0x2}, 0x10, 0x0, 0xffffffffffffffff, 0x2, &(0x7f0000000dc0)=[0xffffffffffffffff], &(0x7f0000000e00)=[{0x1, 0x2, 0x7, 0x5}, {0x1, 0x2, 0x6}], 0x10, 0x81}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000fc0)={0x0, 0x2f, &(0x7f0000000640)=ANY=[@ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000550500000000000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018560000100000000000000000000000185100000e00000000000000000000001800000004000000000000000001000018120000", @ANYRESDEC=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000bf91000000000000b7020000010000008500000085000000b700000100000000950000000000"], &(0x7f0000000600)='syzkaller\x00', 0x9, 0xc4, &(0x7f0000000a40)=""/196, 0x0, 0x8, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x0, 0x3}, 0x8, 0x10, &(0x7f0000000980)={0x4, 0x8, 0x6, 0x7}, 0x10, 0xffffffffffffffff, r1, 0x6, &(0x7f0000000f00)=[0xffffffffffffffff], &(0x7f0000000f40)=[{0x0, 0x2, 0x5, 0x4}, {0x1, 0x5, 0x8, 0x1}, {0x0, 0x1, 0x2, 0xc}, {0x8, 0x2, 0xb, 0xb}, {0x3, 0x3, 0xb, 0x9}, {0x3, 0xfffffffe, 0x9, 0x8}], 0x10, 0x6}, 0x94)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x400000000004, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f00000008c0), 0xd}, 0xc001, 0x0, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x110282, 0xc8}, 0x0, 0x800000000000, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00060000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x14, 0x4, 0x4, 0x22}, 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r5, &(0x7f0000000480)="4fde"}, 0x20)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)={0x2, 0x4, 0x8, 0x1, 0x80, r3, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x3}, 0x50)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000580)={0x3, 0x4, 0x4, 0xa, 0x0, r7, 0x80000001, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x2}, 0x50)
perf_event_open$cgroup(&(0x7f0000000740)={0x1, 0x80, 0x80, 0x9, 0xc, 0xf, 0x0, 0x2, 0x80000, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, @perf_config_ext={0x200, 0xfffffffffffffffa}, 0x111006, 0x401, 0x9, 0x2, 0x4, 0xfffff800, 0x9, 0x0, 0x7fffffff, 0x0, 0x5}, r6, 0x5, 0xffffffffffffffff, 0x6)
r8 = openat$cgroup_int(r6, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0)
r9 = openat$cgroup_procs(r6, &(0x7f0000001a80)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r9, &(0x7f0000000380), 0x12)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d00)={&(0x7f0000001380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a}, 0x28)
r10 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r10, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r11, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000001200)=[{}], 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
write$cgroup_int(r8, &(0x7f0000000040), 0x1)
sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x47}, 0x80, &(0x7f0000006440)=[{&(0x7f0000000080)="513b5a9c0c0000004d4241fc0560", 0x36}], 0x1}, 0x0)

908.315607ms ago: executing program 1 (id=2156):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000280)}, 0x20)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000100000000000000000000000000000000000000000000000000005578c5df4895f15ac9d007ab72b39285643709b9d18d0465c62241a94af7eccb4eaf3abbab43f705ccd3017490848024aa9fecd4071ac94f526db40be2db6efacff67a034df6929a5ce85a218f353d3fd6dbf87443799e00952b0eec1f83a3e1011c4e21e770e466c2f33f920f1234653adf8f81e85b251d2d7a88fef0be6eb3dfc7f6d28e6d84338501dfc74fb89001191b57015e6606f19419603d2017872cc4259009c8ba7b8cbcaa9b243ac697bd14cee8de32de3c32a546761d14429844a52f5905381470f9589b18c47029b5361d42c8bf272f39afe154b33be7cfeb926d20a70f72f5598349b2851e"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2}, 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r1, <r3=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f0000000380)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0x19, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000800000000000000000000001811", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="180000000000000000000000000000009500160000000000e2bac15d3b6641a215f099e26603a050337b2ccc70a9f928ba3c529bb6e7365e7e246317380f5884d79663e7fcaa89795d7b10e88378c33265a7af06040e3d0bbc6a5864dfa023c6ac1da574242785bbb4ece12b11da52496875e1e384042aad63a3094bf3bc0e40a79960f9f1610940e67e30611d9873d1e6cb9c4cce44c999c49ff52a6400192fd021d7158438d7686a6f66778022c93c544189b684754e7e0f77a4f498609e53104c8aa70632fcc58c757bbc06f6472622dce2729d7296959ce003ec84acd015e352484c42fc29e5aea62fb7977813f7254fd6f62fec638abf292e6c33925b29"], &(0x7f0000000000)='syzkaller\x00'}, 0x80)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r4}, 0x10)
r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r5}, 0x8)
close(r6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
r7 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r7, 0x40042408, r8)
openat$tun(0xffffffffffffff9c, 0x0, 0xc1842, 0x0)
r9 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b02d25a806f8c6394f90924fc60040f030047000000053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

840.953013ms ago: executing program 3 (id=2157):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_queued\x00', 0x26e1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x14, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x3, &(0x7f0000000380)=@framed, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x51, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0xf, 0x4, 0x8, 0x1}, 0x37)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="18020000feffffff0000000003000000850000004100000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f805ffffb702000008000006b703000003000000850000001700000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext={0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000003c0)="1400000017000b63d25a80648c2594", 0xf}], 0x1}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x6, 0x4, 0x0, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x11}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x20000, 0x4, 0x3, 0x141, r2}, 0x50)

704.472063ms ago: executing program 0 (id=2158):
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e24, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x200008c0)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000140)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000100)=[{0x18, 0x110, 0x1, "dc"}], 0x18}, 0x0)

589.545113ms ago: executing program 3 (id=2159):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x27, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000140)={&(0x7f0000000040)="b2a06b6734e7c1ee635ed2d87eb608b6095224c4924420f5c45bbafef060bade41110cb90c18ba429ed9c007dc1a6accb27cf97b3c715fd86b2bed92b69a9b33dc8016c97752a2e8ac64249aded94f38829e3c896605c3319001d59186151ae32ea8b338c1d55b4ebf5d50348d8f8a13f5e0893b5bf3b8e783166c72aa59d2cfa78709f2ea8587d61f92eb6b8baf9fd8288dfefccff9b316bce7e52720e507712e81696efeeba71d72084af069b63fa827de5280a5071bff6605f90622f60c2b1b9c896d9106bf155f91d5a9253b85eb5e752a53a52bb0436be3467cccf6", &(0x7f0000000240)=""/254, &(0x7f0000000340)="bf03ce286aa91ac3dced22608f066373e3782f2553668ec6aae931f838f9e5071fedb5fac5f94b1af1e7cf4276cbda5b0c6b0d55ec583b178c496cd7c2147ea8cd442adf891fff64732bd7446e764bc1b065b7d44a8fbffc98af31a347120b939e1e4e27ce0da8bbf30c8ce8748d938a95b3d1a6ed1d03fb0bc967c736e5fac705a8a65833d9", &(0x7f0000000500)="67fd8f1f82fb7d9a73cc3c499d433ae230b27180bf491a94e1f40fa53e3e44498bd39dcb69c639f6ebfc6db3181f5ddf60ef88fc40a7d355ab281c9b29bf62a4e30649c45491679744277d5bc4576f2076137c40eeaf0ee461a8efd9000b2e34b12d15cf20cc085dec8f4ea3095db1cab40323c2a8ad577cb00a450b29124ce059729d3c2b9774c49296ba97d5ce03b2f63b6b522ff0535dd3d2e6a5f8ca44b53aab78ddab3bb61967b1ddd2cb5cf75f3c0a64dcfd793880635dae75bf4804f398dda37b7bb8d1d23a7cc9581f2272b7291bef6796514765", 0x1, r0}, 0x38)
r2 = socket$kcm(0x11, 0x200000000000002, 0x300)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f00000017c0)}], 0x2}, 0xe900)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002d40)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff48700000020000005c0000000000000095000000000000002ba728041598d6fbd307ce99e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f071326bd9174842fa9ea4318123341cf9d90a0e168c1884d005d94f204e345c652fbc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc84e974a22a550d6f97181980400003e05df3ceb9f1feae5737ecaa81d666963c474c2a19eed87b277be335c75e04ad6ee1cbf9b0a4def23d410f6296b32ae343881dcc7b1b85f3c3d44aeaced3641110bec4e90a634196508000000000000f0f4ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d4dcecb0c005d2a1bcf9436e101040000f73902ebcf0200822775985b231f000000ccb0ecf31b715f5888b2a858ab3f11afc9bd08c676d2b89432fb465b3dad9d2aa7f1521bc9901de2eb879a15943b6dc8ea15aab9dd6968698e3095c4c5c7a156cec33a7bb727667d81ff2757ca1e6bfdd4c968dacf81e65998b9091957d1d11a5730baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba165d876defd3541772f26e27c44cfd7bb5097379cf1756869cebc7b0b2d85d6d29983e830a9cdd1d0a017c100344c52a6f387a1340a1c8889464f90c284a4db539621fbb70f01a2c02dec4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae610afd01409d9a337ac5d58bcb5e5fc231514952c5255f22bd8b325d9b76e57f041b665ab0249886c0a65cc99d5893521372c8d8b7bacac24000020a4a24d8dbd75062e1daef9dead619cc6e7baa72706287793c3d2a2661edcd3545236c204682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b993508000000e480cd9d4850a049ee19b67d17ef0477aeb12b1d2502000000d9051f22614d1f62734d678039a97d2b74f9e8e97f4e8e7025123e783df8b8a17e3aa9fe9c502f9acee4f1b56e1f23128d743792cead3c058a5b700d64d160abe33df726608510136ce8bf239414a1d98ea93e3d35dbb6c23b90cf36e83b8a4309b402d264b09f2779a0bcd7cd6dfc06b02e69d384146056d125cf4aadd80800000000000000e88d10acd06864eac44c42fbe334bdc3e9768fc360b130dc6111fe3293e8e02f819a2aa34dba1c25be27945507a3477b437525b81aef2f0b4c4f63483026b5e34d44705b76ef29f7f6e0a2be625eae975e02069f6f24e1e1bc976d965ddabb01085f16bff63a06578d6d184f5de7bfb6aaa75f16996d8d60bd0111a8a237a1536256c02284cb1d3a6fb8eae87691fae365a70c3f15871565bba8dd8a8ca049f798bbe646f738bebdfc9d8a5edd7a19ca6a42bc3f1db37c17f22a287c6d31a13db5dfef409eb1d3c91c6e6f80d215c9e16e0c4736c81936315418f26770cca4e2f89800d18c89d7f46f679df6c9e2005f209dda94302a30003b952ae1ebfd0ca88368ee6ce139e8b5822422cf4c9dde943d34c432e1001171792c65986146666a549092398af45ba38c41df7e0fffeac41824ca1fd0eb68aa243c9035c788d5480e5aee9cde5f2e5a3628995b1531bd20360d33d8f9ffffff5f4bf6ea8a1850c4f83306dbca02ee3686da707b6d85db491ba0cc33f6be92c55969a2b52a25419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9bc31f09834b4788be2a442aa81b259e9eb1bf5314844051f3a642aca9ff98c9036471ccff0522903e7bcf62e18f7796bbc280b95e8e0d6fd5644b0ebde330289d6348d183ed9d3dae3cccf109f7c78e8479a345e805e47dfa82cafc6b64b1f4659834aecbeded44b11a443c5ba92a326dd10921aa79c62800844c7a59f55ee205a11ab50fb402e7da6ada561ec1117cc186b01fd5c2061d22156b1b7d5f80c580dc31b0963ff953ce09148e8dfea9d03a61bbd2bb173518507a3cd0e37c4da0a71eee31071d5d642498181c69cee3b2e414ddd6a12ff4bdf6e96c247b6025d4376067e25357d3b521a5b927d3392a7503718aea24179528f6a0c6de4e61b49cad1e4d6b000000000000005b2d16877299acefc0655bc1422c3d425d988eedebcf242b780a687c9acae2a5a71c2a16a32ceb377f5d54f9b2fa90b2905925e611be56e9ebe20cab20c290a1f6c09272dbc3b2c0ab2b5baa1b07b16e81f278e54a479f1a06bc06e3656cfa196d6c050000000000000000814955c62a7d72b317399e572a7f6a4d57b741eb66c9179ffd097d61fcfd0fa1d46cfb110e3e8cff5579e83f2820f95eaa0c609f666950c24311740e36de8f65708cfffce788c99ef8f62fd2398e999b220125da8eb07947512365abbc5b84ef524bdf184727c67910051f204662264607d548dbdffe14b41dd0843cf3d85bb820656a88a9e52a4cd7b3eeadfe00007267f226019ef0a25bc15da71e893856a2182c3167d8ba73f709294b159a426ce44cd73f000000a66fc501eae0c3504c1400697ba69fd9b7eaf49aff6a6aea529610db8dfef86c3cc698e9fddf1b132876159972281a90c3a4cf415df25fbcdd35cf8368f068c4481844bdd0dda553e1cb0966d5686013d382956d50055dce0d1bc225c1d77612b1ec52e743dbc51f25cc07a202b704577316913cf067fa65e476f688de2d6c54ea192a569eed05d0d7536b3205c68d4ee0fe318ed3112c76dcf128a1d5595b773ef4c8a7ba4e10381de8808ff02dd0a7b996ecf1c65e6d9db90c87123d9cb3945330f7a270ee0cca35b1331ca8fec0b2f39f505140751b60f29a83e4bc0ef2ffea443e4aa221cc38a503add16a2c98cb589e1dac1912b4142a3be30f50b2d9479c5bde0beb38030d0c0ce0598700130000000000000000000000554361e1628ee0017ad19ca787f2c078aa260701ce0800000080623902000000000000000000003d118a04fa6a80c4928c01ccab57b5f4eb265ad15004f967543fe6e6ddc2a12165fe3a08bf9475ee0eee3539369b0e566fedbd215a6ddd4fe03dcc7a922e16410d820747b7e806c0f3b6f14c884d150a0ff07f2e0000bfb083c56d3bed0a61fab880f8885c612ebff8523d14cfb12aca274c000000005e5155611969f6e67dd83b20206207cb8b2cd2fab6fa6d7fdaed6a27a2e4db1d5adc80014ff11d9dbceba41d8dfce410333a054e82b1d050331ce0aeacb843b94d67f69f49eb4dd3b1b85b018359c32df01db8ebce0dbc36cade09c6b44f6bb956fac1ae4db5624d8a02f7be91bec65e4b3373059587dd6528bbc48e3379d477d482faff738c39c61cac1195043bd5b70cea5fc1083a169a8263e9aec56b9f7795fa27634a7f06359e3058d2dd69c4e5cc11b36d9ed9c4b2867f583de6fc582f789722bd1500e64c495abdb72de2c739d38c72f6f4fb1946081dcc825d5b5b747e9fa1b5226cd31e131263f1fcd7d45a630b46d04af906f0be464d829dd2dfcf7400002b7827f6d957e51bb1f1b44a50200c9dfadfaff2e32baa9c0edaac7144e174dba582a951d2b03c27219cec4fbc7b6e99c3f00188941e3fbf008cbace177ae250fd757a22e21ec05aa45c91e1345ca936184c3fc28153283e13654123cfaf4e661f4b6d430adad1e2116bc385f888405d48f0d386da0cc6747b33395772a68f2ea3fb7e7207000000b24088014c8e64f03d053c4e02ddd08b262e422eff1c9f124b892b0a9462b07d4f88c0693bd9c54ad2ab5227aa59ef2b53ac528c0800000000000000ebfde0c4a37c2d55c176680c4207000000e4aa467f995c9bc99e60441d4dbebead3b436427762618810bac7308c6d3298ea932b66572825e62d18462d3b2342ba48c145ff4674a94fa078cc552d064da2bb69a0d269076f8955076578f44ffb8895f11bd5e06840f8848df72230a28e0304569bfa0350b6dde9e96273de1758505aa1ba89dfb12be7a7c6dd18f6148354df7e60a489dc543ccdee1fff9d8f8d78844de27a77ef1181d5055c2a193a5763ed7749a17296c76818b60426082c86619dacc8a884c4de8572a044faf0c8e4377776c8703ecf2e3f1c3d64100cc000000008369f062639e3ddcf725be54f626448fb7bfc74c183b26e31b71a390ccea4be07278dd12fa16848797397b76908fa03613cd961b98b26a0879ccba4a78c82958764bce07a7f70df1cef6d4db1ddbda1db18e4f41c390fd3cb862216ece39a9ec60bd3be5f9329dcaf33bf2c87cc510557460d14421e1d26322ab64388f2ceae70922989f66827fe9acd2ec3ece39f3b4ffdc4dfea3da6ddb002512e2313253801044e751168e32d7bd6800000000a21008b8d26dabe977c503c30ef7c489e5ea1fff041e54de54cfeb258f2387dad096b72a78d91134927492cfc773c731cca9b13b3f6e7760ab0929c46f51ea5643f3df4f4044f3ad0a6ba739e72d8b8b2935d81534bea8372bc590c111d573e04280659a096eaa495a4154daae7d1800c130d920964845c50c8ba4763b19b6008f6d7a5091895c7a4b7816ab706503be879b18b778b0f61ecfde2f8bbb32cfeb766ec4430ee0ad45a0a263ddc4b2f47680c8d53439f8d388dab87112c83997c83e178be287eb6e8c95badaf8ed85cd5b03a7352a0fb83398566d1bc133582ce2d9f601cd23eba4432180b2d5c3019879cd949a5be1b241b3d0d0d52a3529cc9e704a9d8d54f4f7b776a969a4505e18fe5284985ca7d112c397d776e3baba918b7df456bd970e761e00f3b0efa5ce4246d9f08ba60da3be556c518a1f19504c7cea1491a9eadd27d747ca9cc5f92e30b2ca3cf0b142a8554c87e8026d4e586cf5f7c9d412e6eb4f66a076c8bca6b294305969dabb6c932b57a5dd4234bf1ed3bd095229ee3cbb86883d574c5af4bb78370561de3fbf55bfcd2db3979eb1be120b5795443324023353c959fd965702f1cd5bcb3c16d4b8bdd9fc87c862c247e140379ef098c7b3fa79a6638a245b6a74f14dde9bd4ee48e62cdc70f486ce38641e4e4309aa9f4bd097fa1530db966d9919544ab4890301e51f9525436f5d9591460340f5093161a78a249783945407f2576d6f35a99e3521d7991e3fdfde5ee7f6a8ff8181a68ef15a2ebfe9e22d7c745949ab5cc15b9f5659799b5e00debbf9f623f75bfd4d83c4859ca9b652cea33daeeef07b60c78a21965bcf91919071c7ded19317dc0b7587d9322f8cec9e32675a187465bdfa101bcd9ac680839b375af12c160247dd960e70eb7ee60c52a900440aa9bd9a6b15a4a34dc73c3c4936d8986300fdc264b28537df387e6442c3355fa2a31d24c1ed888a57fcc50400a084a38a3630ffc465f36a4b770fab0946148161184be39134542e934f3a538b011cb3928b430630b8ccc800000000881d4361e7fbd1fc2331b4e34733480bc497662a8234a7eeab3e65d6b0f5d92edff04416eedcd15b9ddbcb3cf9228afda6b17d44a276b205eabd0069f7e26aea50f537dc77b683ed83d2f9110e00a705f48e9d13378cf09bca22e8f45c4f360d5fff8ba35f21c4513bcc0800000000000000dc5cc7ad7290c60bc609bff9be7cd922f474c3faa78fd42cba7c78d6d912656b6313497625e2f9afaba05b17ca242b7ca8d6556175aee38142a8aac5f677c2f8a6967f2cb5e97aae97a5e5579a706243688ac4d38a4601b4aadb2d319fe7d6bf1272fa3fa701338d7bce390e8bf959081ed39e63a431901d615a26ff95e1620a6c26eda4f92d83499a173e7217001f58ed5406bdb59acbc997e8fd3d53b4c2c2a1b314bfe611e5958458af7b3c5319fdb4c40b8d01365fdee93af6fad7c7a8da86460f45c9e99d43264c921b090000000000000000000000000000000000007cf90000008f8a9da7a8a167815c6ffcd1b6863cde9ab45ecd8f06423198bb00cdf76877f407be46b000000000afbb4cb3a8de259a8beb2223f28b855e2bdf4b31b91e5062a42a55bd95e93f77f2499391cf0000000000000000000000000000195007ad27d1d61dc4d5512f117f0ed554c2c88c1713000000000000bb1ff447d6e12da22ee9f0422a84f361684861169f498909c4841f4d5a0f5807a3b7d833075fdcd9c1d169b03d7df7f4150fad8b9e92eaf86992adbda360dd91de51c6df335445492608162fb0804dabdeac6fb71042f906eefd37f1d190a1c8a0d9de7f34dcc8cbd7b565fc675f3bf7aac559411808ee703ec3ad461c6ddc571994cb504c46eabbc2ff4b97df394bc75b5e7f45b4450753b5d2b8b8414a7fe6a17661bdb5b1d080cfd974811e1d60763d8d9509c75aa729a334b55ee76b0c2d5027e81ceec1a6d7441d0b538d7a4d048d156ebcff102e45c15d2a73b40d74807f5182a319d50edbf430f00b1c29a9e4bd92111caacbb1d4541545c2d262646070da42f76e3f3c6d139eed89cc9300000000000000000000000000000000000072d7e605eb8e978d76796d9d3a728c51a3145da8e1ca4973aa8fed855328e9d2509335c5386cac74e862eac50e9ba95b6a2a29e8ef08a9ae29792e77fb9952b1ac5c816db5c23a656d9a28f81f6a9465aec94d701ee8646b30650c84b9510a337e82702baf368d29281d3d54b39014756ca5a1be184d4ebb942f99581a6fbac0b9c9f97c920dfac7e2379ef6bb076118aa9bbb4ee12e64aa530f852bf4f970a08a55531934e39fbae483129949a918115571d76740ca6a1cea59df290f2e63675ca30a289775825fe3e5d6f206f3f395346c0738035dc74368bb035fc65a40f8124369b8950ded31af64855cb18b23517ca935a0fa1b630d70c4ca9acbaf0f08910f327fba506d834029a90d47701102045fff90675adb3c83983d125ae730b9497c681a912a6bb70300a2d7fba051f82b9d6f710426b5bd0d0bc0b08a0f801276789613da406905011bd6ebbac91ff17a21d1ed0882e73394025772f31dc8a3048789c703f920c55746f6fc955046f9332d72150be23c26cbb08d1b438e84b83fefc6a16958fd46dc7b8cbea1da2d541324e373e9157696d698a0b4bc84d7cc2fdb069db8a5a491a9d2bbc0a61b73f75d81d07d778a1577db3b06d20a21b19ea17ecd996d7dea947ee8ce55fa2dea5a000000000000000000000000006f0143d8d4038ef9f57d9e9336f3559558710d1febe7394cf8b02f59dab24d07db3d3c1ebff58f973ba3fc0c3e2fb2c2a674a188614520ecb1d22b49e3550263bf9d669fba198b65ee3512db0e710d2070b5847face7ada12c83f0aea3a8c9e84e6c7406732c952c5695d43bca33d481ef9d442697875e114f4c759af306b3fc8224fdec89bf199234bff488b81438cbe89e4cabdc007139352b5cb69d7987cdf37ab549b7639eeadafd5315d9c9f0e8c9223102e6deaca4ae9cb943a3ad188bcad95e8f97d7fee7c47ea50d222fe67085b4fb3fecfb67dec23b6ab5ee19a5ca5367bff058149acf90a6c4014dea2b763389f77301ea8574d112625300906f480c36f41f82f84991800c37863de349f7"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000dc0)={{}, &(0x7f0000000080), 0x0, 0x8}, 0x20)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xb, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x21, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
socket$kcm(0xa, 0x2, 0x88)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x2405, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0xd)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002c00)={r3, 0x18000000000002a0, 0x42, 0x0, &(0x7f0000000500)="b9ff0300600d698cb89e14f008001f000c0cae0e4000632177fbac14140ee934a0a662079f4b4d2f87e5feca6aab845013f2325f1a39010108038da1924425181aa5", 0x0, 0x100, 0x60000000, 0x5c, 0xc0, &(0x7f0000000000), &(0x7f0000002c80)="8dc92a8ff39080a675b6565efa3ed46f2a2756e43abbfd8c44686c04d6a0c42f2599fc2b73f432c834dac249597b646035045af99decf86f5b32dc0404e599f56091e15e581ff6805ee283c0313298a5b8ba1c84f1850c217b5a2c2bc547eaf4585e5ba878d1660fa871a275fb61d1fec75942919083919f8d8fdad79615bc5d2d3fa40e054d38d49dfbebc2f137fc7110"}, 0x48)
setsockopt$sock_attach_bpf(r2, 0x107, 0x9, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

587.759993ms ago: executing program 1 (id=2167):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_queued\x00', 0x26e1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x14, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x3, &(0x7f0000000380)=@framed, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x51, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0xf, 0x4, 0x8, 0x1}, 0x37)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="18020000feffffff0000000003000000850000004100000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f805ffffb702000008000006b703000003000000850000001700000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x402, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3efd7ab4c41335d9, @perf_config_ext={0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000003c0)="1400000017000b63d25a80648c2594f934a3", 0x12}], 0x1}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x6, 0x4, 0x0, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x11}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x20000, 0x4, 0x3, 0x141, r2}, 0x50)

573.078044ms ago: executing program 0 (id=2160):
r0 = socket$kcm(0x23, 0x5, 0x0)
sendmsg$kcm(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f0000000a40)=[{0x0}, {&(0x7f0000001000)="5df44b", 0x3}], 0x2}, 0x80)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000008f08000000000000000000008500000061000000850000002a00000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x0, 0x28, 0x0, &(0x7f00000000c0)="e30080670000ec67838717bd86dd", 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$kcm(0x23, 0x5, 0x0) (async)
sendmsg$kcm(r0, &(0x7f0000001100)={0x0, 0x0, &(0x7f0000000a40)=[{0x0}, {&(0x7f0000001000)="5df44b", 0x3}], 0x2}, 0x80) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000008f08000000000000000000008500000061000000850000002a00000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x0, 0x28, 0x0, &(0x7f00000000c0)="e30080670000ec67838717bd86dd", 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)

349.003972ms ago: executing program 0 (id=2161):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e0000000400000008000000080000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x20000000000001c0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0xfffffffffffffd7f)
r2 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = gettid()
syz_open_procfs$namespace(r3, &(0x7f0000000680)='ns/cgroup\x00')
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={r3, r2, 0x0, 0x0, 0x0}, 0x30)
socketpair$tipc(0x1e, 0x4, 0x0, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000040)="fb", 0x1}], 0x1}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d649379071c33390e418ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fcb4e0b6eab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afcc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab2e4b380a00d72bc0480f949c479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a662d8bc9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e558d17879570c8ad943e392955f4f979ea13201bafe4f0f6ea508000000a0c548552b571bed5647323c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151fcda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ecec37e83efceefd7ca2533659edc8bef9cb85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d350000000000000000e0c504814393cf96bef209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e5a61561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a2946501559335781092cf8ce987c56cd31121624d7455f2a3666276c3c0e812b28e2f30d035cee5d0e77a3c72208ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463aaf28345bde0c195bc9f022ca8ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262d0af3246eb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a0600adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa7000008000000000000117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cd50feeb7bfad9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5631820420b75b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff201000000000000002e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa66237e0dacc107f532348cc2116473381e961f3d9c8c21578fe3245097c280abe51427b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d174b0000000000000000000000fa08ad0731ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282b6caa2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae0533496b6d58da50ee80a6b9a7438978c5465113f668eb4484350048289d07dbef325d322781e3214c2a3dcf89d99844b762a9cf17548c54fccad2c7ae8072b82e0880815daf966bd5343c1635e123f868a7167cfcff33320253af570f4ef9c0254afdd89ac3943562b530dd88da8a94013bbaf204bebc38055adc39f07f7c22711f4d1f6dcc928d1578a093c072e0b92babc76f47ee367e745a024a2278319d9a4d1378482b74c516647652bfb6e93002494a5cd74e2a9a4734487062437da23e1efa6ef7674108aaa3ffac859c3577c2637bb3bdc69bc365b1f20dba96b8acca62f3f80045318de0facf2ed44b814e842c2a520159bb6c320cec0910c0b8bd3d547bdfba2e0bb24d117ed0388afd37affbad2f9c77c9c1314a16ffe64f5e3744a2fffd7039670f5706e589a4c3868db06fd892d68a547477f8ef686ff0dba7b8c18c94d5a89b0567a851750a35d9cc2000000000000000000"], &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000))
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0200000004000000080000000600000080000000", @ANYRES32, @ANYBLOB="8300"/19, @ANYRES32, @ANYRES32, @ANYBLOB], 0x50)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_int(r4, &(0x7f0000000000), 0xfffffd26)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000001080)=ANY=[@ANYBLOB="18000000", @ANYRES32, @ANYBLOB="0000000000000000b7080049fb6785007b8af8ff00000000bfa200000000000007ea2b3f64ca7a07a053d0e4f91f00020000f8ffffffb703000004000000000000000000000085000000030000009500000000080000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)

336.750483ms ago: executing program 1 (id=2162):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000280)}, 0x20)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000800), 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2, <r3=>0xffffffffffffffff}, 0x4)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000400)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x22, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000400)={0x0, 0x0, 0xaef0}, 0x10}, 0x90)
r4 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r4, 0x84, 0x9, &(0x7f0000000380), 0x98)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r1, <r5=>0xffffffffffffffff}, &(0x7f0000000580), 0x0}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0x19, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000008000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
close(r3)
ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8914, &(0x7f0000000b80)='lo\x00\x96o\xd6Q\xb4Y\xa9\xc87,%\x81\xfe\x00\xd2\xd1|C\b\x00\x00\x00\x00\x00\x00\x00\xe3\xd8Yk\xdd\x85\xaac{\x8c\x8ffp`-\xcd\xf6jh\xbf\x9c\xd9\xd5\xf4\xe68\xe6O\xc2\xf1V0\x8b\xdd\xcc\xeeR\xf2/\xba\fE>k\a\xe7>t7\x8e(\xf0\x87d\xaf\x93\xfa`\xa6,o\x81.\x1cR\xa5\t\x00\x00\x00\x00\x00\x00\x00|pT\x15\xbc\f*d\x8b\xc2\xcd\x8f\x98\xdf\x00\x00\x1cM\x9c\xa5\xe0\xa8\x00\x00\x00\x80V\xf6\x80\x86\x1b\x05\xe6\"\x1d\f\xaey\x06\xd9$H!w\xa6m\xd8\x7f\xc6\x837\x83/\x9a\xdf\x01\xf2\x9e\xbb\xca^\xf9\x05\xeb\xb8{7[\xf9\xe9\x15\xdc0]\x89\x9b~\x04\xb4\xa5\xad\v.\xd0*%`\xb0\x96\x86\xdb\xa9\xd3\x01\xb2\xc7\xf8G\x069\x90,\xda\xf6\xc5\xcd\xec\xa3B\xc3\"4\xab\xf4\xa7\x83r\xa4\x80|\x03C\x9c\x00\xac\xba\xcb\xa4h\x86w_Eu\xbfy%,\xe5\n\xc1\xb3\xa4g\xa3P\x0f\x11\x93\xc7\x7f\xec\xb2\xc5E\x00\xdd\xf2e\xa8\xf1<\xb2\xc82\xbf=o\x00`\xc1A\'\xc6X\x92\x0e[\x19\xaa?\x06\xe5\x9d\xd1\x87\x92\xbb\xe3Y\x97\xc2')

313.048405ms ago: executing program 3 (id=2163):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
openat$tun(0xffffffffffffff9c, 0x0, 0xc1842, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b02d25a806f8c6394f90924fc60040f030047000000053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

262.214519ms ago: executing program 2 (id=2164):
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2a, 0xfffffbff, 0x3, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0xa9e9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x5, 0x2, 0x0, 0x0, 0x0, 0x9, 0x4022, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x0, 0x0, 0xfffffffc, 0x5, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000, 0x0, 0x2, 0x0, 0x80}, 0x0, 0xffffff7fffffffff, 0xffffffffffffffff, 0x8)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@cred={{0x1c}}, @rights={{0x10}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x90}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60}, 0x50)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1_to_bond\x00', 0x200})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8946, &(0x7f0000000080)) (fail_nth: 4)

0s ago: executing program 1 (id=2165):
r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='memory.swap.current\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r2 = bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r1}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x3, 0x20000202, &(0x7f0000000300)=ANY=[@ANYRES16=r2, @ANYRESOCT=r1, @ANYRES16=r1], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xffffff26, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)

kernel console output (not intermixed with test programs):


[  220.845328][ T8087] netlink: 14568 bytes leftover after parsing attributes in process `syz.1.818'.
[  221.117796][ T8101] sctp: [Deprecated]: syz.1.822 (pid 8101) Use of int in max_burst socket option deprecated.
[  221.117796][ T8101] Use struct sctp_assoc_value instead
[  221.487673][ T8105] netlink: 'syz.1.823': attribute type 3 has an invalid length.
[  221.532211][ T8105] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.823'.
[  221.890506][ T8112] lo: entered allmulticast mode
[  221.935384][ T8110] bridge0: port 3(hsr_slave_1) entered blocking state
[  221.954789][ T8110] bridge0: port 3(hsr_slave_1) entered disabled state
[  221.981354][ T8110] hsr_slave_1: entered allmulticast mode
[  222.005828][ T8110] hsr_slave_1: left allmulticast mode
[  222.069589][ T8114] bridge0: port 3(hsr_slave_1) entered blocking state
[  222.107451][ T8114] bridge0: port 3(hsr_slave_1) entered disabled state
[  222.136287][ T8114] hsr_slave_1: entered allmulticast mode
[  222.188996][ T8114] hsr_slave_1: left allmulticast mode
[  222.257614][ T8116] bridge0: port 3(hsr_slave_1) entered blocking state
[  222.279626][ T8116] bridge0: port 3(hsr_slave_1) entered disabled state
[  222.298088][ T8116] hsr_slave_1: entered allmulticast mode
[  222.399336][ T8116] hsr_slave_1: left allmulticast mode
[  222.424611][ T8118] netlink: 14568 bytes leftover after parsing attributes in process `syz.0.832'.
[  223.110084][ T5792] Bluetooth: hci1: unexpected event 0x0f length: 15 > 4
[  223.325435][ T8143] bridge0: port 3(hsr_slave_1) entered blocking state
[  223.386310][ T8143] bridge0: port 3(hsr_slave_1) entered disabled state
[  223.408457][ T8143] hsr_slave_1: entered allmulticast mode
[  223.544306][ T8143] hsr_slave_1: left allmulticast mode
[  223.610300][ T8145] bridge0: port 3(hsr_slave_1) entered blocking state
[  223.631894][ T8145] bridge0: port 3(hsr_slave_1) entered disabled state
[  223.638935][ T8145] hsr_slave_1: entered allmulticast mode
[  223.667017][ T8145] hsr_slave_1: left allmulticast mode
[  223.678057][ T8147] lo: entered allmulticast mode
[  223.943763][ T8153] netlink: 'syz.1.844': attribute type 10 has an invalid length.
[  223.988214][ T8153] netlink: 'syz.1.844': attribute type 19 has an invalid length.
[  224.013616][ T8153] netlink: 14536 bytes leftover after parsing attributes in process `syz.1.844'.
[  224.332057][ T8161] netlink: 132 bytes leftover after parsing attributes in process `syz.3.848'.
[  224.390149][ T8165] netlink: 132 bytes leftover after parsing attributes in process `syz.3.848'.
[  224.438706][ T8161] netlink: 830 bytes leftover after parsing attributes in process `syz.3.848'.
[  224.631766][ T8170] bridge0: port 3(hsr_slave_1) entered blocking state
[  224.655251][ T8170] bridge0: port 3(hsr_slave_1) entered disabled state
[  224.666241][ T8170] hsr_slave_1: entered allmulticast mode
[  224.760275][ T8170] hsr_slave_1: left allmulticast mode
[  225.028702][ T8184] FAULT_INJECTION: forcing a failure.
[  225.028702][ T8184] name failslab, interval 1, probability 0, space 0, times 0
[  225.047485][ T8184] CPU: 0 PID: 8184 Comm: syz.1.855 Not tainted 6.6.102-syzkaller #0
[  225.055526][ T8184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  225.065612][ T8184] Call Trace:
[  225.069088][ T8184]  <TASK>
[  225.072050][ T8184]  dump_stack_lvl+0x16c/0x230
[  225.076787][ T8184]  ? show_regs_print_info+0x20/0x20
[  225.082032][ T8184]  ? load_image+0x3b0/0x3b0
[  225.086588][ T8184]  ? __might_sleep+0xe0/0xe0
[  225.091216][ T8184]  ? __lock_acquire+0x7c80/0x7c80
[  225.096285][ T8184]  should_fail_ex+0x39d/0x4d0
[  225.101003][ T8184]  should_failslab+0x9/0x20
[  225.105540][ T8184]  slab_pre_alloc_hook+0x59/0x310
[  225.110599][ T8184]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  225.116369][ T8184]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  225.122158][ T8184]  __kmem_cache_alloc_node+0x53/0x260
[  225.127576][ T8184]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  225.133342][ T8184]  __kmalloc+0xa4/0x240
[  225.137566][ T8184]  tomoyo_realpath_from_path+0xe3/0x5d0
[  225.143171][ T8184]  tomoyo_path_number_perm+0x1ea/0x590
[  225.148666][ T8184]  ? tomoyo_path_number_perm+0x1ba/0x590
[  225.154371][ T8184]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  225.159876][ T8184]  ? ksys_write+0x1c1/0x250
[  225.164450][ T8184]  ? __fget_files+0x28/0x4d0
[  225.169087][ T8184]  security_file_ioctl+0x70/0xa0
[  225.174066][ T8184]  __se_sys_ioctl+0x48/0x170
[  225.178689][ T8184]  do_syscall_64+0x55/0xb0
[  225.183132][ T8184]  ? clear_bhb_loop+0x40/0x90
[  225.187837][ T8184]  ? clear_bhb_loop+0x40/0x90
[  225.192559][ T8184]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  225.198490][ T8184] RIP: 0033:0x7fa10798ebe9
[  225.202933][ T8184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  225.222585][ T8184] RSP: 002b:00007fa108894038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  225.231048][ T8184] RAX: ffffffffffffffda RBX: 00007fa107bb5fa0 RCX: 00007fa10798ebe9
[  225.239056][ T8184] RDX: ffffffffffff3787 RSI: 0000000000002400 RDI: 0000000000000003
[  225.247063][ T8184] RBP: 00007fa108894090 R08: 0000000000000000 R09: 0000000000000000
[  225.255073][ T8184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  225.263080][ T8184] R13: 00007fa107bb6038 R14: 00007fa107bb5fa0 R15: 00007ffc6a32d3f8
[  225.271104][ T8184]  </TASK>
[  225.280460][ T8184] ERROR: Out of memory at tomoyo_realpath_from_path.
[  225.489836][ T8193] netlink: 'syz.1.859': attribute type 10 has an invalid length.
[  225.516581][ T8193] netlink: 'syz.1.859': attribute type 19 has an invalid length.
[  225.531657][ T8193] netlink: 14536 bytes leftover after parsing attributes in process `syz.1.859'.
[  225.567302][ T5792] Bluetooth: hci1: unexpected event 0x0f length: 15 > 4
[  225.795256][ T8198] netlink: 132 bytes leftover after parsing attributes in process `syz.1.862'.
[  225.825315][ T8203] netlink: 132 bytes leftover after parsing attributes in process `syz.1.862'.
[  225.878502][ T5792] Bluetooth: hci1: unexpected event 0x0f length: 15 > 4
[  225.879160][ T8198] netlink: 830 bytes leftover after parsing attributes in process `syz.1.862'.
[  226.085394][ T8205] bridge0: port 3(hsr_slave_1) entered blocking state
[  226.111407][ T8205] bridge0: port 3(hsr_slave_1) entered disabled state
[  226.133038][ T8207] sctp: [Deprecated]: syz.0.864 (pid 8207) Use of int in max_burst socket option deprecated.
[  226.133038][ T8207] Use struct sctp_assoc_value instead
[  226.195696][ T8205] hsr_slave_1: entered allmulticast mode
[  226.260528][ T8205] hsr_slave_1: left allmulticast mode
[  226.272938][ T8209] netlink: 'syz.3.865': attribute type 3 has an invalid length.
[  226.280684][ T8209] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.865'.
[  226.816871][ T8228] netlink: 'syz.3.871': attribute type 10 has an invalid length.
[  226.841577][ T8228] netlink: 'syz.3.871': attribute type 19 has an invalid length.
[  226.849399][ T8228] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.871'.
[  227.110836][ T8237] sctp: [Deprecated]: syz.0.876 (pid 8237) Use of int in max_burst socket option deprecated.
[  227.110836][ T8237] Use struct sctp_assoc_value instead
[  227.249298][ T8242] bridge0: port 3(hsr_slave_1) entered blocking state
[  227.261515][ T8242] bridge0: port 3(hsr_slave_1) entered disabled state
[  227.313907][ T8242] hsr_slave_1: entered allmulticast mode
[  227.433566][ T8242] hsr_slave_1: left allmulticast mode
[  228.082516][ T8261] sctp: [Deprecated]: syz.0.886 (pid 8261) Use of int in max_burst socket option deprecated.
[  228.082516][ T8261] Use struct sctp_assoc_value instead
[  228.195965][ T8268] FAULT_INJECTION: forcing a failure.
[  228.195965][ T8268] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  228.241637][ T8268] CPU: 1 PID: 8268 Comm: syz.1.887 Not tainted 6.6.102-syzkaller #0
[  228.249719][ T8268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  228.259828][ T8268] Call Trace:
[  228.263158][ T8268]  <TASK>
[  228.266224][ T8268]  dump_stack_lvl+0x16c/0x230
[  228.270946][ T8268]  ? show_regs_print_info+0x20/0x20
[  228.276176][ T8268]  ? load_image+0x3b0/0x3b0
[  228.280735][ T8268]  ? __might_fault+0xaa/0x120
[  228.285454][ T8268]  ? __lock_acquire+0x7c80/0x7c80
[  228.290526][ T8268]  should_fail_ex+0x39d/0x4d0
[  228.295259][ T8268]  _copy_from_user+0x2f/0xe0
[  228.299891][ T8268]  ___sys_sendmsg+0x159/0x290
[  228.304616][ T8268]  ? __sys_sendmsg+0x270/0x270
[  228.309462][ T8268]  ? __lock_acquire+0x7c80/0x7c80
[  228.314547][ T8268]  __se_sys_sendmsg+0x1a5/0x270
[  228.319470][ T8268]  ? __x64_sys_sendmsg+0x80/0x80
[  228.324481][ T8268]  ? lockdep_hardirqs_on+0x98/0x150
[  228.329754][ T8268]  do_syscall_64+0x55/0xb0
[  228.334225][ T8268]  ? clear_bhb_loop+0x40/0x90
[  228.338951][ T8268]  ? clear_bhb_loop+0x40/0x90
[  228.343663][ T8268]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  228.349584][ T8268] RIP: 0033:0x7fa10798ebe9
[  228.354017][ T8268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  228.373735][ T8268] RSP: 002b:00007fa108873038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  228.382166][ T8268] RAX: ffffffffffffffda RBX: 00007fa107bb6090 RCX: 00007fa10798ebe9
[  228.390156][ T8268] RDX: 0000000000000000 RSI: 0000200000007940 RDI: 0000000000000003
[  228.398148][ T8268] RBP: 00007fa108873090 R08: 0000000000000000 R09: 0000000000000000
[  228.406138][ T8268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  228.414121][ T8268] R13: 00007fa107bb6128 R14: 00007fa107bb6090 R15: 00007ffc6a32d3f8
[  228.422121][ T8268]  </TASK>
[  228.499866][ T8274] bridge0: port 3(hsr_slave_1) entered blocking state
[  228.558643][ T8274] bridge0: port 3(hsr_slave_1) entered disabled state
[  228.585429][ T8274] hsr_slave_1: entered allmulticast mode
[  228.691831][ T8274] hsr_slave_1: left allmulticast mode
[  229.223665][ T8293] sctp: [Deprecated]: syz.1.898 (pid 8293) Use of int in max_burst socket option deprecated.
[  229.223665][ T8293] Use struct sctp_assoc_value instead
[  229.343961][ T8291] bridge0: port 3(hsr_slave_1) entered blocking state
[  229.372919][ T8291] bridge0: port 3(hsr_slave_1) entered disabled state
[  229.502244][ T8291] hsr_slave_1: entered allmulticast mode
[  229.600069][ T8291] hsr_slave_1: left allmulticast mode
[  229.807837][ T8308] bridge0: port 3(hsr_slave_1) entered blocking state
[  229.830439][ T8308] bridge0: port 3(hsr_slave_1) entered disabled state
[  229.858995][ T8308] hsr_slave_1: entered allmulticast mode
[  230.115567][ T8308] hsr_slave_1: left allmulticast mode
[  230.469069][ T8324] sctp: [Deprecated]: syz.0.910 (pid 8324) Use of int in max_burst socket option deprecated.
[  230.469069][ T8324] Use struct sctp_assoc_value instead
[  230.697985][ T8330] bridge0: port 3(hsr_slave_1) entered blocking state
[  230.712710][ T8328] netlink: 'syz.2.911': attribute type 3 has an invalid length.
[  230.730044][ T8328] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.911'.
[  230.750927][ T8330] bridge0: port 3(hsr_slave_1) entered disabled state
[  230.769673][ T8330] hsr_slave_1: entered allmulticast mode
[  230.791210][ T8330] hsr_slave_1: left allmulticast mode
[  231.147656][ T8339] netlink: 'syz.2.916': attribute type 10 has an invalid length.
[  231.172337][ T8339] netlink: 'syz.2.916': attribute type 19 has an invalid length.
[  231.180150][ T8339] netlink: 14536 bytes leftover after parsing attributes in process `syz.2.916'.
[  231.247344][ T8343] ªªªªª»: renamed from bond_slave_0 (while UP)
[  231.521735][ T8352] sctp: [Deprecated]: syz.2.921 (pid 8352) Use of int in max_burst socket option deprecated.
[  231.521735][ T8352] Use struct sctp_assoc_value instead
[  232.276468][ T8366] netlink: 'syz.0.927': attribute type 3 has an invalid length.
[  232.301229][ T8369] netlink: 'syz.3.928': attribute type 3 has an invalid length.
[  232.313469][ T8366] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.927'.
[  232.331616][ T8369] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.928'.
[  232.763747][ T8376] FAULT_INJECTION: forcing a failure.
[  232.763747][ T8376] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  232.844097][ T8376] CPU: 1 PID: 8376 Comm: syz.1.931 Not tainted 6.6.102-syzkaller #0
[  232.852197][ T8376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  232.862331][ T8376] Call Trace:
[  232.865765][ T8376]  <TASK>
[  232.868757][ T8376]  dump_stack_lvl+0x16c/0x230
[  232.873539][ T8376]  ? show_regs_print_info+0x20/0x20
[  232.879076][ T8376]  ? load_image+0x3b0/0x3b0
[  232.883664][ T8376]  ? __might_fault+0xaa/0x120
[  232.888414][ T8376]  ? __lock_acquire+0x7c80/0x7c80
[  232.894273][ T8376]  should_fail_ex+0x39d/0x4d0
[  232.900314][ T8376]  _copy_from_user+0x2f/0xe0
[  232.905058][ T8376]  ___sys_sendmsg+0x159/0x290
[  232.909795][ T8376]  ? __sys_sendmsg+0x270/0x270
[  232.914659][ T8376]  ? __lock_acquire+0x7c80/0x7c80
[  232.919790][ T8376]  __se_sys_sendmsg+0x1a5/0x270
[  232.924696][ T8376]  ? __x64_sys_sendmsg+0x80/0x80
[  232.929715][ T8376]  ? lockdep_hardirqs_on+0x98/0x150
[  232.935047][ T8376]  do_syscall_64+0x55/0xb0
[  232.939519][ T8376]  ? clear_bhb_loop+0x40/0x90
[  232.944250][ T8376]  ? clear_bhb_loop+0x40/0x90
[  232.948966][ T8376]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  232.954992][ T8376] RIP: 0033:0x7fa10798ebe9
[  232.959446][ T8376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  232.979174][ T8376] RSP: 002b:00007fa108894038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  232.987664][ T8376] RAX: ffffffffffffffda RBX: 00007fa107bb5fa0 RCX: 00007fa10798ebe9
[  232.995693][ T8376] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000009
[  233.003708][ T8376] RBP: 00007fa108894090 R08: 0000000000000000 R09: 0000000000000000
[  233.011744][ T8376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  233.019768][ T8376] R13: 00007fa107bb6038 R14: 00007fa107bb5fa0 R15: 00007ffc6a32d3f8
[  233.027853][ T8376]  </TASK>
[  233.242990][ T8386] sctp: [Deprecated]: syz.3.934 (pid 8386) Use of int in max_burst socket option deprecated.
[  233.242990][ T8386] Use struct sctp_assoc_value instead
[  233.764822][ T8399] netlink: 'syz.3.941': attribute type 3 has an invalid length.
[  233.781954][ T8399] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.941'.
[  234.102042][ T8411] sctp: [Deprecated]: syz.0.945 (pid 8411) Use of int in max_burst socket option deprecated.
[  234.102042][ T8411] Use struct sctp_assoc_value instead
[  234.402393][ T8424] sctp: [Deprecated]: syz.2.956 (pid 8424) Use of int in max_burst socket option deprecated.
[  234.402393][ T8424] Use struct sctp_assoc_value instead
[  234.520210][ T8426] bridge0: port 3(hsr_slave_1) entered blocking state
[  234.586456][ T8426] bridge0: port 3(hsr_slave_1) entered disabled state
[  234.600860][ T8426] hsr_slave_1: entered allmulticast mode
[  234.821531][ T8426] hsr_slave_1: left allmulticast mode
[  235.313281][ T8444] FAULT_INJECTION: forcing a failure.
[  235.313281][ T8444] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  235.351674][ T8444] CPU: 1 PID: 8444 Comm: syz.3.958 Not tainted 6.6.102-syzkaller #0
[  235.359751][ T8444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  235.369853][ T8444] Call Trace:
[  235.373166][ T8444]  <TASK>
[  235.376128][ T8444]  dump_stack_lvl+0x16c/0x230
[  235.380939][ T8444]  ? show_regs_print_info+0x20/0x20
[  235.386188][ T8444]  ? load_image+0x3b0/0x3b0
[  235.390741][ T8444]  ? __might_fault+0xaa/0x120
[  235.395469][ T8444]  ? __lock_acquire+0x7c80/0x7c80
[  235.400541][ T8444]  should_fail_ex+0x39d/0x4d0
[  235.405281][ T8444]  _copy_from_user+0x2f/0xe0
[  235.409916][ T8444]  __sys_bpf+0x1e9/0x800
[  235.414302][ T8444]  ? bpf_link_show_fdinfo+0x350/0x350
[  235.419747][ T8444]  __x64_sys_bpf+0x7c/0x90
[  235.424202][ T8444]  do_syscall_64+0x55/0xb0
[  235.428681][ T8444]  ? clear_bhb_loop+0x40/0x90
[  235.433397][ T8444]  ? clear_bhb_loop+0x40/0x90
[  235.438113][ T8444]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  235.444052][ T8444] RIP: 0033:0x7f808058ebe9
[  235.448503][ T8444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  235.468153][ T8444] RSP: 002b:00007f80813a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  235.476620][ T8444] RAX: ffffffffffffffda RBX: 00007f80807b5fa0 RCX: 00007f808058ebe9
[  235.484654][ T8444] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005
[  235.492652][ T8444] RBP: 00007f80813a2090 R08: 0000000000000000 R09: 0000000000000000
[  235.500642][ T8444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  235.508636][ T8444] R13: 00007f80807b6038 R14: 00007f80807b5fa0 R15: 00007ffc467e1538
[  235.516648][ T8444]  </TASK>
[  235.720460][ T8453] netlink: 'syz.3.960': attribute type 10 has an invalid length.
[  235.752031][ T8453] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.960'.
[  235.772290][ T8453] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  235.949141][ T8457] netlink: 'syz.3.960': attribute type 1 has an invalid length.
[  236.058203][ T8459] netlink: 'syz.1.962': attribute type 3 has an invalid length.
[  236.131316][ T8459] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.962'.
[  236.546620][ T8465] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.965'.
[  236.830182][ T8472] FAULT_INJECTION: forcing a failure.
[  236.830182][ T8472] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  236.882640][ T8472] CPU: 0 PID: 8472 Comm: syz.1.970 Not tainted 6.6.102-syzkaller #0
[  236.890724][ T8472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  236.901017][ T8472] Call Trace:
[  236.904349][ T8472]  <TASK>
[  236.907343][ T8472]  dump_stack_lvl+0x16c/0x230
[  236.912092][ T8472]  ? show_regs_print_info+0x20/0x20
[  236.917345][ T8472]  ? load_image+0x3b0/0x3b0
[  236.921928][ T8472]  ? __might_fault+0xaa/0x120
[  236.926747][ T8472]  ? __lock_acquire+0x7c80/0x7c80
[  236.931840][ T8472]  should_fail_ex+0x39d/0x4d0
[  236.936598][ T8472]  _copy_from_user+0x2f/0xe0
[  236.941259][ T8472]  ___sys_sendmsg+0x159/0x290
[  236.946020][ T8472]  ? __sys_sendmsg+0x270/0x270
[  236.950905][ T8472]  ? __lock_acquire+0x7c80/0x7c80
[  236.956050][ T8472]  __se_sys_sendmsg+0x1a5/0x270
[  236.960973][ T8472]  ? __x64_sys_sendmsg+0x80/0x80
[  236.966000][ T8472]  ? lockdep_hardirqs_on+0x98/0x150
[  236.971345][ T8472]  do_syscall_64+0x55/0xb0
[  236.975812][ T8472]  ? clear_bhb_loop+0x40/0x90
[  236.980539][ T8472]  ? clear_bhb_loop+0x40/0x90
[  236.985247][ T8472]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  236.991172][ T8472] RIP: 0033:0x7fa10798ebe9
[  236.995609][ T8472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.015252][ T8472] RSP: 002b:00007fa108894038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  237.023713][ T8472] RAX: ffffffffffffffda RBX: 00007fa107bb5fa0 RCX: 00007fa10798ebe9
[  237.031795][ T8472] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[  237.039791][ T8472] RBP: 00007fa108894090 R08: 0000000000000000 R09: 0000000000000000
[  237.047795][ T8472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  237.055805][ T8472] R13: 00007fa107bb6038 R14: 00007fa107bb5fa0 R15: 00007ffc6a32d3f8
[  237.063825][ T8472]  </TASK>
[  237.253150][ T8482] sctp: [Deprecated]: syz.1.974 (pid 8482) Use of int in max_burst socket option deprecated.
[  237.253150][ T8482] Use struct sctp_assoc_value instead
[  237.342834][ T8478] bridge0: port 3(hsr_slave_1) entered blocking state
[  237.366266][ T8478] bridge0: port 3(hsr_slave_1) entered disabled state
[  237.391238][ T8478] hsr_slave_1: entered allmulticast mode
[  237.460793][ T8478] hsr_slave_1: left allmulticast mode
[  237.803042][ T8494] netlink: 'syz.3.979': attribute type 10 has an invalid length.
[  237.811088][ T8494] netlink: 'syz.3.979': attribute type 19 has an invalid length.
[  237.819756][ T8494] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.979'.
[  238.461530][ T8513] bridge0: port 3(hsr_slave_1) entered blocking state
[  238.508572][ T8513] bridge0: port 3(hsr_slave_1) entered disabled state
[  238.522942][ T8513] hsr_slave_1: entered allmulticast mode
[  238.624799][ T8513] hsr_slave_1: left allmulticast mode
[  238.866269][ T8523] netlink: 'syz.0.991': attribute type 10 has an invalid length.
[  238.878258][ T8523] netlink: 'syz.0.991': attribute type 19 has an invalid length.
[  238.887872][ T8523] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.991'.
[  239.706577][ T8549] bridge0: port 3(hsr_slave_1) entered blocking state
[  239.723472][ T8549] bridge0: port 3(hsr_slave_1) entered disabled state
[  239.773388][ T8549] hsr_slave_1: entered allmulticast mode
[  239.819601][ T8549] hsr_slave_1: left allmulticast mode
[  239.839587][ T8552] netlink: 'syz.0.1003': attribute type 10 has an invalid length.
[  239.847778][ T8552] netlink: 'syz.0.1003': attribute type 19 has an invalid length.
[  239.856094][ T8552] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1003'.
[  240.885928][ T8581] netlink: 'syz.3.1014': attribute type 3 has an invalid length.
[  240.920537][ T8581] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1014'.
[  241.792993][ T8601] netlink: 'syz.0.1028': attribute type 10 has an invalid length.
[  241.800895][ T8601] netlink: 'syz.0.1028': attribute type 19 has an invalid length.
[  241.825411][ T8601] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1028'.
[  242.055024][ T8611] netlink: 'syz.0.1023': attribute type 10 has an invalid length.
[  242.065197][ T8611] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1023'.
[  242.075332][ T8611] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  242.176379][ T8614] netlink: 'syz.0.1023': attribute type 1 has an invalid length.
[  243.136072][ T8634] netlink: 'syz.1.1032': attribute type 10 has an invalid length.
[  243.148908][ T8634] netlink: 'syz.1.1032': attribute type 19 has an invalid length.
[  243.158375][ T8634] netlink: 14536 bytes leftover after parsing attributes in process `syz.1.1032'.
[  243.492898][ T8637] bridge0: port 3(hsr_slave_1) entered blocking state
[  243.522605][ T8637] bridge0: port 3(hsr_slave_1) entered disabled state
[  243.586441][ T8637] hsr_slave_1: entered allmulticast mode
[  243.616489][ T8643] sctp: [Deprecated]: syz.3.1033 (pid 8643) Use of int in max_burst socket option deprecated.
[  243.616489][ T8643] Use struct sctp_assoc_value instead
[  243.808792][ T8637] hsr_slave_1: left allmulticast mode
[  243.927344][ T8651] C: renamed from team_slave_0 (while UP)
[  243.975164][ T8651] netlink: 'syz.2.1040': attribute type 3 has an invalid length.
[  244.001855][ T8651] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1040'.
[  244.037052][ T8651] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  244.246790][ T8662] netlink: 'syz.0.1043': attribute type 3 has an invalid length.
[  244.283993][ T8662] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1043'.
[  244.687607][ T8669] sctp: [Deprecated]: syz.0.1047 (pid 8669) Use of int in max_burst socket option deprecated.
[  244.687607][ T8669] Use struct sctp_assoc_value instead
[  244.730277][ T8670] netlink: 'syz.2.1046': attribute type 3 has an invalid length.
[  244.748944][ T8670] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1046'.
[  244.952813][ T8672] C: renamed from team_slave_0 (while UP)
[  244.975451][ T8672] netlink: 'syz.0.1049': attribute type 2 has an invalid length.
[  244.999403][ T8672] netlink: 116 bytes leftover after parsing attributes in process `syz.0.1049'.
[  245.015274][ T8672] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  245.074489][ T8678] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1051'.
[  245.113983][ T8678] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  245.387244][ T8691] netlink: 14536 bytes leftover after parsing attributes in process `syz.1.1056'.
[  246.161262][ T8712] sctp: [Deprecated]: syz.2.1061 (pid 8712) Use of int in max_burst socket option deprecated.
[  246.161262][ T8712] Use struct sctp_assoc_value instead
[  246.307526][ T8714] __nla_validate_parse: 2 callbacks suppressed
[  246.307546][ T8714] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.1062'.
[  247.656205][ T5792] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  247.918834][ T8759] validate_nla: 5 callbacks suppressed
[  247.918851][ T8759] netlink: 'syz.0.1078': attribute type 10 has an invalid length.
[  247.934026][ T8759] netlink: 'syz.0.1078': attribute type 19 has an invalid length.
[  247.942561][ T8759] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1078'.
[  248.804051][ T5792] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  249.043487][ T8794] netlink: 'syz.0.1090': attribute type 10 has an invalid length.
[  249.069023][ T8794] netlink: 'syz.0.1090': attribute type 19 has an invalid length.
[  249.097772][ T8794] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1090'.
[  249.173678][ T8798] sctp: [Deprecated]: syz.3.1092 (pid 8798) Use of int in max_burst socket option deprecated.
[  249.173678][ T8798] Use struct sctp_assoc_value instead
[  249.437318][ T8805] netlink: 'syz.0.1103': attribute type 10 has an invalid length.
[  249.445425][ T8805] netlink: 'syz.0.1103': attribute type 19 has an invalid length.
[  249.455085][ T8805] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1103'.
[  250.074301][ T8827] FAULT_INJECTION: forcing a failure.
[  250.074301][ T8827] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  250.087496][ T8827] CPU: 1 PID: 8827 Comm: syz.1.1102 Not tainted 6.6.102-syzkaller #0
[  250.095632][ T8827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  250.105740][ T8827] Call Trace:
[  250.109040][ T8827]  <TASK>
[  250.111998][ T8827]  dump_stack_lvl+0x16c/0x230
[  250.116728][ T8827]  ? show_regs_print_info+0x20/0x20
[  250.121960][ T8827]  ? load_image+0x3b0/0x3b0
[  250.126492][ T8827]  ? verify_lock_unused+0x140/0x140
[  250.131709][ T8827]  should_fail_ex+0x39d/0x4d0
[  250.136424][ T8827]  strncpy_from_user+0x36/0x2e0
[  250.141300][ T8827]  strncpy_from_user_nofault+0x71/0x140
[  250.146951][ T8827]  bpf_probe_read_compat_str+0xe1/0x170
[  250.152516][ T8827]  bpf_prog_fb1b192b0171ff39+0x42/0x6a
[  250.157984][ T8827]  __bpf_prog_test_run_raw_tp+0x1f0/0x410
[  250.163719][ T8827]  ? __bpf_prog_test_run_raw_tp+0xcb/0x410
[  250.169554][ T8827]  ? bpf_prog_test_run_raw_tp+0x640/0x640
[  250.175291][ T8827]  ? __lock_acquire+0x7c80/0x7c80
[  250.180330][ T8827]  bpf_prog_test_run_raw_tp+0x3eb/0x640
[  250.185895][ T8827]  ? trace_bpf_test_finish+0x1a0/0x1a0
[  250.191368][ T8827]  ? trace_bpf_test_finish+0x1a0/0x1a0
[  250.196851][ T8827]  bpf_prog_test_run+0x321/0x390
[  250.201892][ T8827]  __sys_bpf+0x440/0x800
[  250.206157][ T8827]  ? bpf_link_show_fdinfo+0x350/0x350
[  250.211560][ T8827]  ? lock_chain_count+0x20/0x20
[  250.216442][ T8827]  __x64_sys_bpf+0x7c/0x90
[  250.220955][ T8827]  do_syscall_64+0x55/0xb0
[  250.225382][ T8827]  ? clear_bhb_loop+0x40/0x90
[  250.230072][ T8827]  ? clear_bhb_loop+0x40/0x90
[  250.234780][ T8827]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  250.240681][ T8827] RIP: 0033:0x7fa10798ebe9
[  250.245102][ T8827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  250.264724][ T8827] RSP: 002b:00007fa108894038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  250.273150][ T8827] RAX: ffffffffffffffda RBX: 00007fa107bb5fa0 RCX: 00007fa10798ebe9
[  250.281579][ T8827] RDX: 0000000000000050 RSI: 0000200000000040 RDI: 000000000000000a
[  250.289570][ T8827] RBP: 00007fa108894090 R08: 0000000000000000 R09: 0000000000000000
[  250.297545][ T8827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  250.306561][ T8827] R13: 00007fa107bb6038 R14: 00007fa107bb5fa0 R15: 00007ffc6a32d3f8
[  250.314554][ T8827]  </TASK>
[  250.594615][ T8835] netlink: 'syz.1.1106': attribute type 3 has an invalid length.
[  250.607712][ T8837] netlink: 'syz.2.1107': attribute type 10 has an invalid length.
[  250.612437][ T8835] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1106'.
[  250.629714][ T8837] netlink: 'syz.2.1107': attribute type 19 has an invalid length.
[  250.649635][ T8837] netlink: 14536 bytes leftover after parsing attributes in process `syz.2.1107'.
[  251.002588][ T8847] netlink: 'syz.2.1111': attribute type 3 has an invalid length.
[  251.028600][ T8847] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1111'.
[  251.615875][ T8868] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.1118'.
[  251.848238][ T8872] netlink: 14536 bytes leftover after parsing attributes in process `syz.1.1120'.
[  251.874972][ T8871] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1119'.
[  252.150379][ T8879] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1123'.
[  252.819094][ T8897] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.1129'.
[  253.140863][ T8901] bridge0: port 3(hsr_slave_1) entered blocking state
[  253.159178][ T8901] bridge0: port 3(hsr_slave_1) entered disabled state
[  253.191142][ T8901] hsr_slave_1: entered allmulticast mode
[  253.286476][ T8901] hsr_slave_1: left allmulticast mode
[  253.295275][ T8903] bridge0: port 3(hsr_slave_1) entered blocking state
[  253.316345][ T8903] bridge0: port 3(hsr_slave_1) entered disabled state
[  253.352390][ T8903] hsr_slave_1: entered allmulticast mode
[  253.441359][ T8903] hsr_slave_1: left allmulticast mode
[  253.743673][ T8914] validate_nla: 6 callbacks suppressed
[  253.743694][ T8914] netlink: 'syz.3.1138': attribute type 3 has an invalid length.
[  253.776947][ T8914] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1138'.
[  254.074245][ T8922] FAULT_INJECTION: forcing a failure.
[  254.074245][ T8922] name failslab, interval 1, probability 0, space 0, times 0
[  254.100398][ T8924] netlink: 'syz.3.1140': attribute type 10 has an invalid length.
[  254.101653][ T8922] CPU: 0 PID: 8922 Comm: syz.0.1139 Not tainted 6.6.102-syzkaller #0
[  254.114772][ T8924] netlink: 'syz.3.1140': attribute type 19 has an invalid length.
[  254.116312][ T8922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  254.125955][ T8924] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.1140'.
[  254.134178][ T8922] Call Trace:
[  254.134192][ T8922]  <TASK>
[  254.134203][ T8922]  dump_stack_lvl+0x16c/0x230
[  254.134238][ T8922]  ? show_regs_print_info+0x20/0x20
[  254.134264][ T8922]  ? load_image+0x3b0/0x3b0
[  254.134301][ T8922]  ? __might_sleep+0xe0/0xe0
[  254.134329][ T8922]  ? __lock_acquire+0x7c80/0x7c80
[  254.134362][ T8922]  should_fail_ex+0x39d/0x4d0
[  254.134398][ T8922]  should_failslab+0x9/0x20
[  254.134427][ T8922]  slab_pre_alloc_hook+0x59/0x310
[  254.188125][ T8922]  ? tomoyo_encode+0x28b/0x540
[  254.192918][ T8922]  ? tomoyo_encode+0x28b/0x540
[  254.197702][ T8922]  __kmem_cache_alloc_node+0x53/0x260
[  254.203102][ T8922]  ? tomoyo_encode+0x28b/0x540
[  254.207888][ T8922]  __kmalloc+0xa4/0x240
[  254.212065][ T8922]  tomoyo_encode+0x28b/0x540
[  254.216706][ T8922]  tomoyo_realpath_from_path+0x592/0x5d0
[  254.222467][ T8922]  tomoyo_path_number_perm+0x1ea/0x590
[  254.227936][ T8922]  ? tomoyo_path_number_perm+0x1ba/0x590
[  254.233592][ T8922]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  254.239078][ T8922]  ? ksys_write+0x1c1/0x250
[  254.243644][ T8922]  ? __fget_files+0x28/0x4d0
[  254.248270][ T8922]  security_file_ioctl+0x70/0xa0
[  254.253248][ T8922]  __se_sys_ioctl+0x48/0x170
[  254.257941][ T8922]  do_syscall_64+0x55/0xb0
[  254.262369][ T8922]  ? clear_bhb_loop+0x40/0x90
[  254.267049][ T8922]  ? clear_bhb_loop+0x40/0x90
[  254.271752][ T8922]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  254.277667][ T8922] RIP: 0033:0x7fe8b8f8ebe9
[  254.282093][ T8922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  254.301718][ T8922] RSP: 002b:00007fe8b9de3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  254.310148][ T8922] RAX: ffffffffffffffda RBX: 00007fe8b91b5fa0 RCX: 00007fe8b8f8ebe9
[  254.318134][ T8922] RDX: 0000200000000640 RSI: 000000000000541b RDI: 0000000000000003
[  254.326124][ T8922] RBP: 00007fe8b9de3090 R08: 0000000000000000 R09: 0000000000000000
[  254.334110][ T8922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  254.342092][ T8922] R13: 00007fe8b91b6038 R14: 00007fe8b91b5fa0 R15: 00007ffda53390c8
[  254.350112][ T8922]  </TASK>
[  254.359519][ T8922] ERROR: Out of memory at tomoyo_realpath_from_path.
[  254.849934][ T8941] netlink: 'syz.2.1149': attribute type 3 has an invalid length.
[  254.870076][ T8941] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1149'.
[  255.347947][ T8958] netlink: 'syz.0.1153': attribute type 10 has an invalid length.
[  255.356450][ T8958] netlink: 'syz.0.1153': attribute type 19 has an invalid length.
[  255.365097][ T8958] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1153'.
[  255.793797][ T8974] netlink: 'syz.1.1161': attribute type 3 has an invalid length.
[  255.802008][ T8974] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1161'.
[  255.898166][ T1284] ieee802154 phy0 wpan0: encryption failed: -22
[  255.906754][ T1284] ieee802154 phy1 wpan1: encryption failed: -22
[  256.324579][ T8988] bridge0: port 3(hsr_slave_1) entered blocking state
[  256.333399][ T8988] bridge0: port 3(hsr_slave_1) entered disabled state
[  256.351541][ T8988] hsr_slave_1: entered allmulticast mode
[  256.420902][ T8988] hsr_slave_1: left allmulticast mode
[  256.783671][ T8999] netlink: 'syz.1.1171': attribute type 10 has an invalid length.
[  256.793659][ T8999] netlink: 'syz.1.1171': attribute type 19 has an invalid length.
[  256.802708][ T8999] netlink: 14536 bytes leftover after parsing attributes in process `syz.1.1171'.
[  257.364996][ T9016] netlink: 'syz.2.1177': attribute type 3 has an invalid length.
[  257.382167][ T9016] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1177'.
[  258.380866][ T9032] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1182'.
[  258.415881][ T9033] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1184'.
[  258.429921][ T9035] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.1185'.
[  258.758223][ T9042] validate_nla: 5 callbacks suppressed
[  258.758244][ T9042] netlink: 'syz.1.1196': attribute type 3 has an invalid length.
[  258.816701][ T9042] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1196'.
[  259.252557][ T9054] netlink: 'syz.1.1191': attribute type 3 has an invalid length.
[  259.260369][ T9054] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1191'.
[  259.438136][ T9057] bridge0: port 3(hsr_slave_1) entered blocking state
[  259.483398][ T9057] bridge0: port 3(hsr_slave_1) entered disabled state
[  259.535654][ T9057] hsr_slave_1: entered allmulticast mode
[  259.581412][ T9057] hsr_slave_1: left allmulticast mode
[  259.604564][ T9060] netlink: 'syz.0.1197': attribute type 10 has an invalid length.
[  259.614925][ T9060] netlink: 'syz.0.1197': attribute type 19 has an invalid length.
[  259.623955][ T9060] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1197'.
[  259.641227][ T9062] bridge0: port 3(hsr_slave_1) entered blocking state
[  259.676862][ T9062] bridge0: port 3(hsr_slave_1) entered disabled state
[  259.708903][ T9062] hsr_slave_1: entered allmulticast mode
[  259.871366][ T9062] hsr_slave_1: left allmulticast mode
[  260.434682][ T9084] netlink: 'syz.3.1208': attribute type 10 has an invalid length.
[  260.454116][ T9084] netlink: 'syz.3.1208': attribute type 19 has an invalid length.
[  260.475273][ T9084] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.1208'.
[  260.740267][ T9095] bridge0: port 3(hsr_slave_1) entered blocking state
[  260.768071][ T9095] bridge0: port 3(hsr_slave_1) entered disabled state
[  260.794690][ T9095] hsr_slave_1: entered allmulticast mode
[  260.888813][ T9095] hsr_slave_1: left allmulticast mode
[  261.510239][ T9116] netlink: 'syz.0.1221': attribute type 3 has an invalid length.
[  261.531981][ T9116] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1221'.
[  262.321557][ T9142] bridge0: port 3(hsr_slave_1) entered blocking state
[  262.337144][ T9142] bridge0: port 3(hsr_slave_1) entered disabled state
[  262.347089][ T9142] hsr_slave_1: entered allmulticast mode
[  262.519415][ T9142] hsr_slave_1: left allmulticast mode
[  262.768303][ T9150] netlink: 'syz.1.1238': attribute type 3 has an invalid length.
[  262.805619][ T9150] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1238'.
[  263.604742][ T9178] bridge0: port 3(hsr_slave_1) entered blocking state
[  263.625256][ T9178] bridge0: port 3(hsr_slave_1) entered disabled state
[  263.638135][ T9178] hsr_slave_1: entered allmulticast mode
[  263.740188][ T9178] hsr_slave_1: left allmulticast mode
[  263.944381][ T9186] netlink: 'syz.0.1251': attribute type 3 has an invalid length.
[  263.982031][ T9186] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1251'.
[  264.427007][ T9194] bridge0: port 3(hsr_slave_1) entered blocking state
[  264.439465][ T9194] bridge0: port 3(hsr_slave_1) entered disabled state
[  264.472200][ T9194] hsr_slave_1: entered allmulticast mode
[  264.608847][ T9194] hsr_slave_1: left allmulticast mode
[  264.899492][ T9200] netlink: 'syz.0.1258': attribute type 10 has an invalid length.
[  264.922689][ T9200] netlink: 'syz.0.1258': attribute type 19 has an invalid length.
[  264.941606][ T9200] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1258'.
[  265.007723][ T9204] bridge0: port 3(hsr_slave_1) entered blocking state
[  265.080830][ T9204] bridge0: port 3(hsr_slave_1) entered disabled state
[  265.127700][ T9204] hsr_slave_1: entered allmulticast mode
[  265.231856][ T9204] hsr_slave_1: left allmulticast mode
[  265.255712][ T9210] netlink: 'syz.3.1261': attribute type 10 has an invalid length.
[  265.269422][ T9210] netlink: 'syz.3.1261': attribute type 19 has an invalid length.
[  265.287221][ T9210] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.1261'.
[  265.302957][ T9208] bridge0: port 3(hsr_slave_1) entered blocking state
[  265.332494][ T9208] bridge0: port 3(hsr_slave_1) entered disabled state
[  265.357349][ T9208] hsr_slave_1: entered allmulticast mode
[  265.471833][ T9208] hsr_slave_1: left allmulticast mode
[  265.663880][ T9220] bridge0: port 3(hsr_slave_1) entered blocking state
[  265.700074][ T9220] bridge0: port 3(hsr_slave_1) entered disabled state
[  265.739821][ T9220] hsr_slave_1: entered allmulticast mode
[  265.824405][ T9220] hsr_slave_1: left allmulticast mode
[  267.068510][ T9244] netlink: 'syz.1.1274': attribute type 3 has an invalid length.
[  267.106787][ T9244] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1274'.
[  267.169000][ T9248] netlink: 'syz.3.1276': attribute type 10 has an invalid length.
[  267.193506][ T9248] netlink: 'syz.3.1276': attribute type 19 has an invalid length.
[  267.232855][ T9248] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.1276'.
[  268.178697][ T9269] bridge0: port 3(hsr_slave_1) entered blocking state
[  268.208155][ T9269] bridge0: port 3(hsr_slave_1) entered disabled state
[  268.221884][ T9269] hsr_slave_1: entered allmulticast mode
[  268.389982][ T9269] hsr_slave_1: left allmulticast mode
[  269.054722][ T9288] bridge0: port 3(hsr_slave_1) entered blocking state
[  269.095412][ T9288] bridge0: port 3(hsr_slave_1) entered disabled state
[  269.134845][ T9288] hsr_slave_1: entered allmulticast mode
[  269.219180][ T9288] hsr_slave_1: left allmulticast mode
[  269.645746][ T9305] netlink: 'syz.0.1305': attribute type 3 has an invalid length.
[  269.658422][ T9305] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1305'.
[  270.422472][ T9325] bridge0: port 3(hsr_slave_1) entered blocking state
[  270.460705][ T9325] bridge0: port 3(hsr_slave_1) entered disabled state
[  270.480128][ T9325] hsr_slave_1: entered allmulticast mode
[  270.652058][ T9325] hsr_slave_1: left allmulticast mode
[  271.329387][ T9351] netlink: 'syz.2.1315': attribute type 10 has an invalid length.
[  271.339272][ T9351] netlink: 'syz.2.1315': attribute type 19 has an invalid length.
[  271.357297][ T9351] netlink: 14536 bytes leftover after parsing attributes in process `syz.2.1315'.
[  271.745646][ T9359] bridge0: port 3(hsr_slave_1) entered blocking state
[  271.757602][ T9359] bridge0: port 3(hsr_slave_1) entered disabled state
[  271.771990][ T9359] hsr_slave_1: entered allmulticast mode
[  271.823649][ T9359] hsr_slave_1: left allmulticast mode
[  272.270959][ T9372] netlink: 'syz.2.1324': attribute type 3 has an invalid length.
[  272.279837][ T9372] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1324'.
[  273.228316][ T9390] bridge0: port 3(hsr_slave_1) entered blocking state
[  273.271299][ T9390] bridge0: port 3(hsr_slave_1) entered disabled state
[  273.288986][ T9390] hsr_slave_1: entered allmulticast mode
[  273.334749][ T9390] hsr_slave_1: left allmulticast mode
[  273.553019][ T9396] bridge0: port 3(hsr_slave_1) entered blocking state
[  273.592959][ T9396] bridge0: port 3(hsr_slave_1) entered disabled state
[  273.606026][ T9396] hsr_slave_1: entered allmulticast mode
[  273.753525][ T9396] hsr_slave_1: left allmulticast mode
[  273.869077][ T9402] netlink: 'syz.2.1334': attribute type 3 has an invalid length.
[  273.910246][ T9402] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1334'.
[  274.597635][ T9416] netlink: 'syz.1.1339': attribute type 3 has an invalid length.
[  274.621621][ T9416] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1339'.
[  274.706127][ T9420] netlink: 'syz.2.1343': attribute type 10 has an invalid length.
[  274.714280][ T9420] netlink: 'syz.2.1343': attribute type 19 has an invalid length.
[  274.724842][ T9420] netlink: 14536 bytes leftover after parsing attributes in process `syz.2.1343'.
[  274.972852][ T9428] bridge0: port 3(hsr_slave_1) entered blocking state
[  275.027105][ T9428] bridge0: port 3(hsr_slave_1) entered disabled state
[  275.071697][ T9428] hsr_slave_1: entered allmulticast mode
[  275.179671][ T9428] hsr_slave_1: left allmulticast mode
[  275.378170][ T9439] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1351'.
[  275.390945][ T9439] netlink: 'syz.3.1351': attribute type 33 has an invalid length.
[  275.409911][ T9439] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1351'.
[  275.429840][ T9439] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check.
[  275.935707][ T9449] netlink: 'syz.0.1356': attribute type 10 has an invalid length.
[  275.945699][ T9449] netlink: 'syz.0.1356': attribute type 19 has an invalid length.
[  275.960516][ T9449] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1356'.
[  276.160328][ T9456] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
[  276.195941][ T9456] syz.1.1355[9456] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  276.196088][ T9456] syz.1.1355[9456] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  276.226400][ T9456] syz.1.1355[9456] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  276.245123][ T9456] syz.1.1355[9456] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  276.391151][ T9454] delete_channel: no stack
[  277.106844][ T9481] netlink: 'syz.2.1367': attribute type 10 has an invalid length.
[  277.118794][ T9481] netlink: 'syz.2.1367': attribute type 19 has an invalid length.
[  277.128788][ T9481] netlink: 14536 bytes leftover after parsing attributes in process `syz.2.1367'.
[  277.313089][ T9487] netlink: 'syz.2.1369': attribute type 3 has an invalid length.
[  277.329989][ T9487] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1369'.
[  277.579267][ T9491] bridge0: port 3(hsr_slave_1) entered blocking state
[  277.611632][ T9491] bridge0: port 3(hsr_slave_1) entered disabled state
[  277.647913][ T9491] hsr_slave_1: entered allmulticast mode
[  277.663172][ T9493] netlink: zone id is out of range
[  277.668887][ T9493] netlink: set zone limit has 8 unknown bytes
[  277.709117][ T9491] hsr_slave_1: left allmulticast mode
[  277.817576][ T9498] netlink: 'syz.3.1374': attribute type 3 has an invalid length.
[  277.841622][ T9498] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1374'.
[  278.306094][ T9509] netlink: 'syz.3.1378': attribute type 10 has an invalid length.
[  278.314335][ T9509] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.1378'.
[  278.507041][ T9514] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1381'.
[  278.895953][ T9524] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1384'.
[  278.912527][ T9524] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check.
[  279.782997][ T9535] FAULT_INJECTION: forcing a failure.
[  279.782997][ T9535] name failslab, interval 1, probability 0, space 0, times 0
[  279.837627][ T9535] CPU: 0 PID: 9535 Comm: syz.1.1389 Not tainted 6.6.102-syzkaller #0
[  279.845779][ T9535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  279.855876][ T9535] Call Trace:
[  279.859200][ T9535]  <TASK>
[  279.862188][ T9535]  dump_stack_lvl+0x16c/0x230
[  279.866931][ T9535]  ? show_regs_print_info+0x20/0x20
[  279.872186][ T9535]  ? load_image+0x3b0/0x3b0
[  279.876762][ T9535]  ? __might_sleep+0xe0/0xe0
[  279.881408][ T9535]  ? __lock_acquire+0x7c80/0x7c80
[  279.886505][ T9535]  should_fail_ex+0x39d/0x4d0
[  279.891248][ T9535]  should_failslab+0x9/0x20
[  279.895803][ T9535]  slab_pre_alloc_hook+0x59/0x310
[  279.900875][ T9535]  ? apparmor_sk_alloc_security+0x77/0x100
[  279.906731][ T9535]  __kmem_cache_alloc_node+0x53/0x260
[  279.912169][ T9535]  ? apparmor_sk_alloc_security+0x77/0x100
[  279.918030][ T9535]  kmalloc_trace+0x2a/0xe0
[  279.922423][ T9537] validate_nla: 4 callbacks suppressed
[  279.922441][ T9537] netlink: 'syz.2.1390': attribute type 10 has an invalid length.
[  279.922501][ T9535]  apparmor_sk_alloc_security+0x77/0x100
[  279.938259][ T9537] netlink: 'syz.2.1390': attribute type 19 has an invalid length.
[  279.941409][ T9535]  security_sk_alloc+0x6e/0xa0
[  279.941445][ T9535]  sk_prot_alloc+0x101/0x210
[  279.941484][ T9535]  sk_alloc+0x3a/0x360
[  279.959583][ T9537] __nla_validate_parse: 2 callbacks suppressed
[  279.959603][ T9537] netlink: 14536 bytes leftover after parsing attributes in process `syz.2.1390'.
[  279.962848][ T9535]  qrtr_create+0x73/0x1c0
[  279.962888][ T9535]  __sock_create+0x4a6/0x940
[  279.962934][ T9535]  __sys_socket+0xd7/0x1a0
[  279.991753][ T9535]  __x64_sys_socket+0x7a/0x90
[  279.996487][ T9535]  do_syscall_64+0x55/0xb0
[  280.000940][ T9535]  ? clear_bhb_loop+0x40/0x90
[  280.005665][ T9535]  ? clear_bhb_loop+0x40/0x90
[  280.010390][ T9535]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  280.016344][ T9535] RIP: 0033:0x7fa10798ebe9
[  280.020790][ T9535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  280.040443][ T9535] RSP: 002b:00007fa108894038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  280.048916][ T9535] RAX: ffffffffffffffda RBX: 00007fa107bb5fa0 RCX: 00007fa10798ebe9
[  280.056927][ T9535] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000000000002a
[  280.065025][ T9535] RBP: 00007fa108894090 R08: 0000000000000000 R09: 0000000000000000
[  280.073041][ T9535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  280.081140][ T9535] R13: 00007fa107bb6038 R14: 00007fa107bb5fa0 R15: 00007ffc6a32d3f8
[  280.089170][ T9535]  </TASK>
[  280.206593][ T9544] netlink: 'syz.0.1392': attribute type 3 has an invalid length.
[  280.238027][ T9544] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1392'.
[  281.694238][ T9579] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1406'.
[  281.757907][ T9579] netlink: 'syz.2.1406': attribute type 33 has an invalid length.
[  281.785681][ T9579] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1406'.
[  281.848546][ T9579] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check.
[  283.242286][ T9611] bridge0: port 3(hsr_slave_1) entered blocking state
[  283.258166][ T9611] bridge0: port 3(hsr_slave_1) entered disabled state
[  283.277138][ T9611] hsr_slave_1: entered allmulticast mode
[  283.368753][ T9611] hsr_slave_1: left allmulticast mode
[  283.922887][ T9616] bridge0: port 3(hsr_slave_1) entered blocking state
[  283.959103][ T9616] bridge0: port 3(hsr_slave_1) entered disabled state
[  283.997033][ T9616] hsr_slave_1: entered allmulticast mode
[  284.061309][ T9616] hsr_slave_1: left allmulticast mode
[  284.295534][ T9627] netlink: 'syz.3.1422': attribute type 10 has an invalid length.
[  284.314134][ T9627] netlink: 'syz.3.1422': attribute type 19 has an invalid length.
[  284.326482][ T9627] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.1422'.
[  284.879705][ T9643] netlink: 'syz.0.1430': attribute type 3 has an invalid length.
[  284.917358][ T9643] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1430'.
[  285.847746][ T9668] bridge0: port 3(hsr_slave_1) entered blocking state
[  285.900758][ T9668] bridge0: port 3(hsr_slave_1) entered disabled state
[  285.911034][ T9668] hsr_slave_1: entered allmulticast mode
[  285.997600][ T9668] hsr_slave_1: left allmulticast mode
[  286.041179][ T9670] bridge0: port 3(hsr_slave_1) entered blocking state
[  286.062544][ T9670] bridge0: port 3(hsr_slave_1) entered disabled state
[  286.073826][ T9670] hsr_slave_1: entered allmulticast mode
[  286.135955][ T9670] hsr_slave_1: left allmulticast mode
[  286.907914][ T9691] netlink: 'syz.2.1449': attribute type 10 has an invalid length.
[  286.924850][ T9691] netlink: 'syz.2.1449': attribute type 19 has an invalid length.
[  286.986986][ T9691] netlink: 14536 bytes leftover after parsing attributes in process `syz.2.1449'.
[  287.272225][ T9700] bridge0: port 3(hsr_slave_1) entered blocking state
[  287.318464][ T9700] bridge0: port 3(hsr_slave_1) entered disabled state
[  287.378361][ T9700] hsr_slave_1: entered allmulticast mode
[  287.470275][ T9700] hsr_slave_1: left allmulticast mode
[  287.923818][ T9715] netlink: 'syz.0.1457': attribute type 3 has an invalid length.
[  287.936156][ T9715] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1457'.
[  288.272311][ T9722] netlink: 'syz.0.1460': attribute type 10 has an invalid length.
[  288.287048][ T9722] netlink: 'syz.0.1460': attribute type 19 has an invalid length.
[  288.297299][ T9722] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1460'.
[  288.585508][ T9735] netlink: 'syz.0.1471': attribute type 10 has an invalid length.
[  288.594155][ T9735] netlink: 'syz.0.1471': attribute type 19 has an invalid length.
[  288.603523][ T9735] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1471'.
[  288.752598][ T9737] bridge0: port 3(hsr_slave_1) entered blocking state
[  288.781233][ T9737] bridge0: port 3(hsr_slave_1) entered disabled state
[  288.823204][ T9737] hsr_slave_1: entered allmulticast mode
[  288.864364][ T9737] hsr_slave_1: left allmulticast mode
[  290.060307][ T9760] netlink: 'syz.0.1473': attribute type 3 has an invalid length.
[  290.068849][ T9760] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1473'.
[  290.235944][ T9765] netlink: 'syz.2.1476': attribute type 10 has an invalid length.
[  290.244389][ T9765] netlink: 'syz.2.1476': attribute type 19 has an invalid length.
[  290.252785][ T9765] netlink: 14536 bytes leftover after parsing attributes in process `syz.2.1476'.
[  290.883947][ T9775] bridge0: port 3(hsr_slave_1) entered blocking state
[  290.900154][ T9775] bridge0: port 3(hsr_slave_1) entered disabled state
[  290.921749][ T9775] hsr_slave_1: entered allmulticast mode
[  290.968216][ T9775] hsr_slave_1: left allmulticast mode
[  291.125988][ T9782] bridge0: port 3(hsr_slave_1) entered blocking state
[  291.143153][ T9782] bridge0: port 3(hsr_slave_1) entered disabled state
[  291.165823][ T9782] hsr_slave_1: entered allmulticast mode
[  291.220785][ T9782] hsr_slave_1: left allmulticast mode
[  291.872019][ T9799] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1486'.
[  292.161066][ T9803] bridge0: port 3(hsr_slave_1) entered blocking state
[  292.207433][ T9803] bridge0: port 3(hsr_slave_1) entered disabled state
[  292.244332][ T9803] hsr_slave_1: entered allmulticast mode
[  292.359736][ T9803] hsr_slave_1: left allmulticast mode
[  293.680121][ T9830] validate_nla: 1 callbacks suppressed
[  293.680147][ T9830] netlink: 'syz.0.1499': attribute type 3 has an invalid length.
[  293.711852][ T9830] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1499'.
[  295.098820][ T9861] netlink: 'syz.1.1511': attribute type 3 has an invalid length.
[  295.131636][ T9861] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1511'.
[  295.253174][ T9863] bridge0: port 3(hsr_slave_1) entered blocking state
[  295.277464][ T9863] bridge0: port 3(hsr_slave_1) entered disabled state
[  295.337179][ T9863] hsr_slave_1: entered allmulticast mode
[  295.461448][ T9863] hsr_slave_1: left allmulticast mode
[  295.477881][ T9872] netlink: 'syz.1.1516': attribute type 3 has an invalid length.
[  295.477922][ T9872] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1516'.
[  296.568699][ T9889] netlink: 'syz.3.1521': attribute type 10 has an invalid length.
[  296.576849][ T9889] netlink: 'syz.3.1521': attribute type 19 has an invalid length.
[  296.601533][ T9889] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.1521'.
[  297.445555][ T9905] netlink: 'syz.0.1528': attribute type 10 has an invalid length.
[  297.455131][ T9905] netlink: 'syz.0.1528': attribute type 19 has an invalid length.
[  297.463292][ T9905] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1528'.
[  297.657774][ T9915] netlink: 'syz.0.1532': attribute type 10 has an invalid length.
[  297.664619][ T9913] FAULT_INJECTION: forcing a failure.
[  297.664619][ T9913] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  297.666523][ T9915] netlink: 'syz.0.1532': attribute type 19 has an invalid length.
[  297.686970][ T9915] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1532'.
[  297.707383][ T9913] CPU: 1 PID: 9913 Comm: syz.3.1531 Not tainted 6.6.102-syzkaller #0
[  297.715510][ T9913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  297.725589][ T9913] Call Trace:
[  297.728894][ T9913]  <TASK>
[  297.731857][ T9913]  dump_stack_lvl+0x16c/0x230
[  297.736571][ T9913]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  297.742792][ T9913]  ? show_regs_print_info+0x20/0x20
[  297.748030][ T9913]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  297.754250][ T9913]  should_fail_ex+0x39d/0x4d0
[  297.758975][ T9913]  _copy_to_user+0x2f/0xa0
[  297.763425][ T9913]  bpf_test_finish+0x19a/0x620
[  297.768220][ T9913]  ? convert___skb_to_skb+0x590/0x590
[  297.773610][ T9913]  ? convert_skb_to___skb+0x420/0x420
[  297.779004][ T9913]  ? bpf_test_init+0x134/0x150
[  297.783786][ T9913]  bpf_prog_test_run_xdp+0x7fa/0xfa0
[  297.789153][ T9913]  ? dev_put+0x80/0x80
[  297.793290][ T9913]  ? dev_put+0x80/0x80
[  297.797381][ T9913]  bpf_prog_test_run+0x321/0x390
[  297.802335][ T9913]  __sys_bpf+0x440/0x800
[  297.806591][ T9913]  ? bpf_link_show_fdinfo+0x350/0x350
[  297.811995][ T9913]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  297.818216][ T9913]  __x64_sys_bpf+0x7c/0x90
[  297.822651][ T9913]  do_syscall_64+0x55/0xb0
[  297.827085][ T9913]  ? clear_bhb_loop+0x40/0x90
[  297.831776][ T9913]  ? clear_bhb_loop+0x40/0x90
[  297.836469][ T9913]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  297.842382][ T9913] RIP: 0033:0x7f808058ebe9
[  297.846807][ T9913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  297.866430][ T9913] RSP: 002b:00007f80813a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  297.874857][ T9913] RAX: ffffffffffffffda RBX: 00007f80807b5fa0 RCX: 00007f808058ebe9
[  297.882834][ T9913] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[  297.890813][ T9913] RBP: 00007f80813a2090 R08: 0000000000000000 R09: 0000000000000000
[  297.898811][ T9913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  297.906790][ T9913] R13: 00007f80807b6038 R14: 00007f80807b5fa0 R15: 00007ffc467e1538
[  297.914794][ T9913]  </TASK>
[  298.754496][ T9938] bridge0: port 3(hsr_slave_1) entered blocking state
[  298.769369][ T9938] bridge0: port 3(hsr_slave_1) entered disabled state
[  298.800002][ T9938] hsr_slave_1: entered allmulticast mode
[  298.899603][ T9938] hsr_slave_1: left allmulticast mode
[  299.768291][ T9963] netlink: 'syz.3.1551': attribute type 10 has an invalid length.
[  299.777548][ T9963] netlink: 'syz.3.1551': attribute type 19 has an invalid length.
[  299.787662][ T9963] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.1551'.
[  300.532196][ T9983] netlink: 'syz.0.1558': attribute type 3 has an invalid length.
[  300.543806][ T9983] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1558'.
[  300.788278][ T9989] netlink: 'syz.0.1561': attribute type 10 has an invalid length.
[  300.799988][ T9989] netlink: 'syz.0.1561': attribute type 19 has an invalid length.
[  300.814394][ T9989] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1561'.
[  301.572524][T10009] netlink: 'syz.2.1569': attribute type 3 has an invalid length.
[  301.587658][T10009] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1569'.
[  301.794886][T10014] netlink: 'syz.2.1572': attribute type 10 has an invalid length.
[  301.841608][T10014] netlink: 'syz.2.1572': attribute type 19 has an invalid length.
[  301.862799][T10014] netlink: 14536 bytes leftover after parsing attributes in process `syz.2.1572'.
[  302.097679][T10022] netlink: 'syz.1.1575': attribute type 3 has an invalid length.
[  302.126311][T10022] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1575'.
[  302.378528][T10030] bridge0: port 3(hsr_slave_1) entered blocking state
[  302.399359][T10030] bridge0: port 3(hsr_slave_1) entered disabled state
[  302.414683][T10030] hsr_slave_1: entered allmulticast mode
[  302.499235][T10030] hsr_slave_1: left allmulticast mode
[  302.976897][T10041] netlink: 'syz.3.1581': attribute type 3 has an invalid length.
[  303.000566][T10041] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1581'.
[  303.215706][T10047] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1592'.
[  303.363887][T10051] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1586'.
[  304.790536][T10088] validate_nla: 2 callbacks suppressed
[  304.790555][T10088] netlink: 'syz.3.1597': attribute type 21 has an invalid length.
[  304.833773][T10088] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1597'.
[  304.940264][T10091] netlink: 'syz.0.1599': attribute type 3 has an invalid length.
[  304.961639][T10091] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1599'.
[  305.386817][T10100] netlink: 'syz.0.1601': attribute type 10 has an invalid length.
[  305.405607][T10100] netlink: 'syz.0.1601': attribute type 19 has an invalid length.
[  305.422831][T10100] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1601'.
[  305.671099][T10107] bridge0: port 3(hsr_slave_1) entered blocking state
[  305.697713][T10107] bridge0: port 3(hsr_slave_1) entered disabled state
[  305.729389][T10107] hsr_slave_1: entered allmulticast mode
[  305.835145][T10107] hsr_slave_1: left allmulticast mode
[  306.428545][T10129] netlink: 'syz.0.1613': attribute type 10 has an invalid length.
[  306.465908][T10129] netlink: 'syz.0.1613': attribute type 19 has an invalid length.
[  306.522920][T10129] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1613'.
[  306.915510][T10140] bridge0: port 3(hsr_slave_1) entered blocking state
[  306.956035][T10140] bridge0: port 3(hsr_slave_1) entered disabled state
[  307.000105][T10140] hsr_slave_1: entered allmulticast mode
[  307.186600][T10140] hsr_slave_1: left allmulticast mode
[  307.235753][T10144] bridge0: port 3(hsr_slave_1) entered blocking state
[  307.271621][T10144] bridge0: port 3(hsr_slave_1) entered disabled state
[  307.291606][T10144] hsr_slave_1: entered allmulticast mode
[  307.353155][T10144] hsr_slave_1: left allmulticast mode
[  308.219584][T10167] netlink: 'syz.1.1627': attribute type 3 has an invalid length.
[  308.234795][T10167] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1627'.
[  308.564640][T10177] bridge0: port 3(hsr_slave_1) entered blocking state
[  308.610448][T10177] bridge0: port 3(hsr_slave_1) entered disabled state
[  308.626069][T10177] hsr_slave_1: entered allmulticast mode
[  308.718612][T10177] hsr_slave_1: left allmulticast mode
[  309.320719][T10196] netlink: 'syz.1.1636': attribute type 10 has an invalid length.
[  309.330757][T10196] netlink: 'syz.1.1636': attribute type 19 has an invalid length.
[  309.348005][T10196] netlink: 14536 bytes leftover after parsing attributes in process `syz.1.1636'.
[  310.327628][T10230] netlink: 'syz.1.1649': attribute type 21 has an invalid length.
[  310.343404][T10230] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1649'.
[  310.656122][T10237] netlink: 'syz.3.1653': attribute type 3 has an invalid length.
[  310.675617][T10237] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1653'.
[  311.015365][T10249] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1658'.
[  311.270054][T10257] netlink: 'syz.1.1662': attribute type 10 has an invalid length.
[  311.303987][T10257] netlink: 'syz.1.1662': attribute type 19 has an invalid length.
[  311.323135][T10257] netlink: 14536 bytes leftover after parsing attributes in process `syz.1.1662'.
[  311.388284][T10262] netlink: 'syz.0.1664': attribute type 3 has an invalid length.
[  311.401003][T10262] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1664'.
[  312.046218][T10286] netlink: 'syz.1.1674': attribute type 10 has an invalid length.
[  312.054336][T10286] netlink: 'syz.1.1674': attribute type 19 has an invalid length.
[  312.063405][T10286] netlink: 14536 bytes leftover after parsing attributes in process `syz.1.1674'.
[  312.228530][T10288] netlink: 'syz.1.1675': attribute type 3 has an invalid length.
[  312.240934][T10288] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1675'.
[  312.896834][T10305] netlink: 'syz.0.1683': attribute type 10 has an invalid length.
[  312.910314][T10305] netlink: 'syz.0.1683': attribute type 19 has an invalid length.
[  312.919642][T10305] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1683'.
[  312.945394][T10307] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1684'.
[  313.290310][T10319] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1688'.
[  313.534379][T10327] bridge0: port 3(hsr_slave_1) entered blocking state
[  313.551731][T10327] bridge0: port 3(hsr_slave_1) entered disabled state
[  313.560037][T10327] hsr_slave_1: entered allmulticast mode
[  313.574406][T10327] hsr_slave_1: left allmulticast mode
[  314.276977][T10349] bridge0: port 3(hsr_slave_1) entered blocking state
[  314.319615][T10349] bridge0: port 3(hsr_slave_1) entered disabled state
[  314.335068][T10349] hsr_slave_1: entered allmulticast mode
[  314.419665][T10349] hsr_slave_1: left allmulticast mode
[  315.411139][T10379] bridge0: port 3(hsr_slave_1) entered blocking state
[  315.457079][T10379] bridge0: port 3(hsr_slave_1) entered disabled state
[  315.481246][T10379] hsr_slave_1: entered allmulticast mode
[  315.573674][T10379] hsr_slave_1: left allmulticast mode
[  315.805017][T10390] validate_nla: 9 callbacks suppressed
[  315.805043][T10390] netlink: 'syz.1.1716': attribute type 3 has an invalid length.
[  315.839928][T10390] __nla_validate_parse: 6 callbacks suppressed
[  315.839954][T10390] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1716'.
[  315.998310][T10394] netlink: 'syz.0.1718': attribute type 10 has an invalid length.
[  316.006735][T10394] netlink: 'syz.0.1718': attribute type 19 has an invalid length.
[  316.020364][T10394] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1718'.
[  316.366820][T10402] netlink: 'syz.1.1720': attribute type 3 has an invalid length.
[  316.375228][T10402] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1720'.
[  316.407455][T10403] netlink: 'syz.0.1727': attribute type 10 has an invalid length.
[  316.422860][T10403] netlink: 'syz.0.1727': attribute type 19 has an invalid length.
[  316.436606][T10403] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1727'.
[  317.292367][T10423] bridge0: port 3(hsr_slave_1) entered blocking state
[  317.315235][T10423] bridge0: port 3(hsr_slave_1) entered disabled state
[  317.441898][ T1284] ieee802154 phy0 wpan0: encryption failed: -22
[  317.441956][ T1284] ieee802154 phy1 wpan1: encryption failed: -22
[  317.532614][T10423] hsr_slave_1: entered allmulticast mode
[  317.641402][T10423] hsr_slave_1: left allmulticast mode
[  317.694301][T10430] netlink: 'syz.0.1729': attribute type 3 has an invalid length.
[  317.702410][T10430] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1729'.
[  317.989315][T10436] netlink: 201392 bytes leftover after parsing attributes in process `syz.0.1733'.
[  318.003680][T10436] netlink: zone id is out of range
[  318.008871][T10436] netlink: zone id is out of range
[  318.031234][T10436] netlink: zone id is out of range
[  318.044665][T10436] netlink: del zone limit has 8 unknown bytes
[  318.548491][T10450] bridge0: port 3(hsr_slave_1) entered blocking state
[  318.567520][T10450] bridge0: port 3(hsr_slave_1) entered disabled state
[  318.584812][T10450] hsr_slave_1: entered allmulticast mode
[  318.703498][T10450] hsr_slave_1: left allmulticast mode
[  318.802703][T10457] netlink: 'syz.0.1741': attribute type 10 has an invalid length.
[  318.821706][T10457] netlink: 'syz.0.1741': attribute type 19 has an invalid length.
[  318.829571][T10457] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1741'.
[  318.988676][T10461] netlink: 'syz.0.1743': attribute type 3 has an invalid length.
[  318.997333][T10461] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1743'.
[  319.630282][T10477] bridge0: port 3(hsr_slave_1) entered blocking state
[  319.663768][T10477] bridge0: port 3(hsr_slave_1) entered disabled state
[  319.683363][T10477] hsr_slave_1: entered allmulticast mode
[  319.810219][T10477] hsr_slave_1: left allmulticast mode
[  320.113194][T10494] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1755'.
[  320.326970][T10497] FAULT_INJECTION: forcing a failure.
[  320.326970][T10497] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  320.347032][T10497] CPU: 0 PID: 10497 Comm: syz.2.1756 Not tainted 6.6.102-syzkaller #0
[  320.355255][T10497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  320.365344][T10497] Call Trace:
[  320.368673][T10497]  <TASK>
[  320.371620][T10497]  dump_stack_lvl+0x16c/0x230
[  320.376328][T10497]  ? show_regs_print_info+0x20/0x20
[  320.381581][T10497]  ? load_image+0x3b0/0x3b0
[  320.386114][T10497]  ? __lock_acquire+0x7c80/0x7c80
[  320.391157][T10497]  ? snprintf+0xdb/0x120
[  320.395436][T10497]  should_fail_ex+0x39d/0x4d0
[  320.400153][T10497]  _copy_to_user+0x2f/0xa0
[  320.404601][T10497]  simple_read_from_buffer+0xe7/0x150
[  320.410053][T10497]  proc_fail_nth_read+0x1e3/0x250
[  320.415101][T10497]  ? proc_fault_inject_write+0x340/0x340
[  320.420758][T10497]  ? fsnotify_perm+0x271/0x5e0
[  320.425629][T10497]  ? proc_fault_inject_write+0x340/0x340
[  320.431279][T10497]  vfs_read+0x27e/0x920
[  320.435483][T10497]  ? kernel_read+0x1e0/0x1e0
[  320.440096][T10497]  ? __fget_files+0x28/0x4d0
[  320.444732][T10497]  ? __fget_files+0x44a/0x4d0
[  320.449447][T10497]  ? __fdget_pos+0x2a3/0x330
[  320.454076][T10497]  ? ksys_read+0x75/0x250
[  320.458438][T10497]  ksys_read+0x147/0x250
[  320.462704][T10497]  ? vfs_write+0x940/0x940
[  320.467142][T10497]  ? lockdep_hardirqs_on+0x98/0x150
[  320.472372][T10497]  do_syscall_64+0x55/0xb0
[  320.476822][T10497]  ? clear_bhb_loop+0x40/0x90
[  320.481510][T10497]  ? clear_bhb_loop+0x40/0x90
[  320.486210][T10497]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  320.492127][T10497] RIP: 0033:0x7fd42bf8d5fc
[  320.496559][T10497] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  320.516189][T10497] RSP: 002b:00007fd42a1f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  320.524658][T10497] RAX: ffffffffffffffda RBX: 00007fd42c1b5fa0 RCX: 00007fd42bf8d5fc
[  320.532665][T10497] RDX: 000000000000000f RSI: 00007fd42a1f60a0 RDI: 0000000000000007
[  320.540657][T10497] RBP: 00007fd42a1f6090 R08: 0000000000000000 R09: 0000000000000000
[  320.548643][T10497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  320.556631][T10497] R13: 00007fd42c1b6038 R14: 00007fd42c1b5fa0 R15: 00007ffffaf11108
[  320.564650][T10497]  </TASK>
[  321.105452][T10511] bridge0: port 3(hsr_slave_1) entered blocking state
[  321.133800][T10511] bridge0: port 3(hsr_slave_1) entered disabled state
[  321.173675][T10511] hsr_slave_1: entered allmulticast mode
[  321.225206][T10511] hsr_slave_1: left allmulticast mode
[  322.038048][T10542] validate_nla: 2 callbacks suppressed
[  322.038070][T10542] netlink: 'syz.3.1771': attribute type 3 has an invalid length.
[  322.080509][T10542] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1771'.
[  322.223591][T10546] bridge0: port 3(hsr_slave_1) entered blocking state
[  322.254847][T10546] bridge0: port 3(hsr_slave_1) entered disabled state
[  322.270164][T10546] hsr_slave_1: entered allmulticast mode
[  322.324674][T10546] hsr_slave_1: left allmulticast mode
[  322.345460][T10548] netlink: 'syz.0.1775': attribute type 10 has an invalid length.
[  322.361197][T10548] netlink: 'syz.0.1775': attribute type 19 has an invalid length.
[  322.370519][T10548] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1775'.
[  322.608006][T10555] netlink: 'syz.1.1777': attribute type 3 has an invalid length.
[  322.630157][T10555] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1777'.
[  323.016746][T10572] netlink: 'syz.2.1785': attribute type 19 has an invalid length.
[  323.025332][T10572] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1785'.
[  323.038701][T10572] netlink: 'syz.2.1785': attribute type 3 has an invalid length.
[  323.047101][T10572] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.1785'.
[  323.150765][T10574] bridge0: port 3(hsr_slave_1) entered blocking state
[  323.187764][T10574] bridge0: port 3(hsr_slave_1) entered disabled state
[  323.243119][T10574] hsr_slave_1: entered allmulticast mode
[  323.290251][T10574] hsr_slave_1: left allmulticast mode
[  323.307415][T10576] netlink: 'syz.0.1787': attribute type 10 has an invalid length.
[  323.315647][T10576] netlink: 'syz.0.1787': attribute type 19 has an invalid length.
[  323.330474][T10576] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1787'.
[  323.570470][T10583] netlink: 'syz.3.1790': attribute type 3 has an invalid length.
[  323.621806][T10583] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1790'.
[  324.443387][T10604] bridge0: port 3(hsr_slave_1) entered blocking state
[  324.470720][T10604] bridge0: port 3(hsr_slave_1) entered disabled state
[  324.512577][T10604] hsr_slave_1: entered allmulticast mode
[  324.608783][T10604] hsr_slave_1: left allmulticast mode
[  324.770771][T10610] netlink: 'syz.0.1800': attribute type 10 has an invalid length.
[  324.778992][T10610] netlink: 14536 bytes leftover after parsing attributes in process `syz.0.1800'.
[  325.066789][T10616] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1803'.
[  326.473349][T10652] bridge0: port 3(hsr_slave_1) entered blocking state
[  326.515721][T10652] bridge0: port 3(hsr_slave_1) entered disabled state
[  326.565378][T10652] hsr_slave_1: entered allmulticast mode
[  326.627324][T10652] hsr_slave_1: left allmulticast mode
[  326.940711][T10666] netlink: 55 bytes leftover after parsing attributes in process `syz.1.1825'.
[  327.162313][T10673] validate_nla: 5 callbacks suppressed
[  327.162335][T10673] netlink: 'syz.1.1827': attribute type 10 has an invalid length.
[  327.225193][T10673] netlink: 'syz.1.1827': attribute type 19 has an invalid length.
[  327.250363][T10673] __nla_validate_parse: 1 callbacks suppressed
[  327.250380][T10673] netlink: 14536 bytes leftover after parsing attributes in process `syz.1.1827'.
[  327.636716][T10682] netlink: 'syz.1.1831': attribute type 3 has an invalid length.
[  327.647840][T10682] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1831'.
[  328.554802][T10702] netlink: 'syz.3.1838': attribute type 10 has an invalid length.
[  328.566634][T10702] netlink: 'syz.3.1838': attribute type 19 has an invalid length.
[  328.586300][T10702] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.1838'.
[  329.507295][T10720] netlink: 'syz.2.1844': attribute type 3 has an invalid length.
[  329.519894][T10720] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1844'.
[  329.683025][T10722] bridge0: port 3(hsr_slave_1) entered blocking state
[  329.703061][T10722] bridge0: port 3(hsr_slave_1) entered disabled state
[  329.789952][T10722] hsr_slave_1: entered allmulticast mode
[  329.857588][T10722] hsr_slave_1: left allmulticast mode
[  330.040594][T10728] netlink: 'syz.1.1848': attribute type 3 has an invalid length.
[  330.072911][T10728] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1848'.
[  330.191071][T10732] bridge0: port 3(hsr_slave_1) entered blocking state
[  330.311892][T10732] bridge0: port 3(hsr_slave_1) entered disabled state
[  330.363089][T10732] hsr_slave_1: entered allmulticast mode
[  330.501210][T10732] hsr_slave_1: left allmulticast mode
[  330.519572][T10734] bridge0: port 3(hsr_slave_1) entered blocking state
[  330.538109][T10734] bridge0: port 3(hsr_slave_1) entered disabled state
[  330.587500][T10734] hsr_slave_1: entered allmulticast mode
[  330.684782][T10734] hsr_slave_1: left allmulticast mode
[  331.413207][T10752] netlink: 'syz.0.1865': attribute type 3 has an invalid length.
[  331.432569][T10752] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1865'.
[  332.025587][T10770] bridge0: port 3(hsr_slave_1) entered blocking state
[  332.059262][T10770] bridge0: port 3(hsr_slave_1) entered disabled state
[  332.091037][T10770] hsr_slave_1: entered allmulticast mode
[  332.167470][T10770] hsr_slave_1: left allmulticast mode
[  332.349560][T10774] bridge0: port 3(hsr_slave_1) entered blocking state
[  332.396925][T10774] bridge0: port 3(hsr_slave_1) entered disabled state
[  332.415287][T10774] hsr_slave_1: entered allmulticast mode
[  332.503775][T10774] hsr_slave_1: left allmulticast mode
[  332.735064][T10783] netlink: 'syz.2.1869': attribute type 3 has an invalid length.
[  332.751786][T10783] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1869'.
[  332.876860][T10787] FAULT_INJECTION: forcing a failure.
[  332.876860][T10787] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  332.891229][T10787] CPU: 1 PID: 10787 Comm: syz.1.1871 Not tainted 6.6.102-syzkaller #0
[  332.899425][T10787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  332.909487][T10787] Call Trace:
[  332.912772][T10787]  <TASK>
[  332.915706][T10787]  dump_stack_lvl+0x16c/0x230
[  332.920416][T10787]  ? show_regs_print_info+0x20/0x20
[  332.925621][T10787]  ? load_image+0x3b0/0x3b0
[  332.930144][T10787]  ? __lock_acquire+0x7c80/0x7c80
[  332.935181][T10787]  ? mark_lock+0x94/0x320
[  332.939519][T10787]  should_fail_ex+0x39d/0x4d0
[  332.944241][T10787]  prepare_alloc_pages+0x1e2/0x5f0
[  332.949410][T10787]  __alloc_pages+0x127/0x460
[  332.954051][T10787]  ? zone_statistics+0x170/0x170
[  332.959032][T10787]  ? do_wp_page+0x826/0x3630
[  332.963638][T10787]  ? do_wp_page+0x1024/0x3630
[  332.968336][T10787]  __folio_alloc+0x10/0x20
[  332.972775][T10787]  vma_alloc_folio+0x47a/0x8f0
[  332.977577][T10787]  do_wp_page+0x128e/0x3630
[  332.982121][T10787]  ? folio_put+0xd0/0xd0
[  332.986414][T10787]  ? do_raw_spin_lock+0x121/0x2c0
[  332.991477][T10787]  ? __rwlock_init+0x150/0x150
[  332.996255][T10787]  ? handle_mm_fault+0xd1/0x4920
[  333.001234][T10787]  handle_mm_fault+0x12d4/0x4920
[  333.006193][T10787]  ? handle_mm_fault+0xd1/0x4920
[  333.011179][T10787]  ? numa_migrate_prep+0x350/0x350
[  333.016319][T10787]  ? lock_mm_and_find_vma+0x9c/0x300
[  333.021631][T10787]  do_user_addr_fault+0x738/0x12e0
[  333.026763][T10787]  exc_page_fault+0x67/0x110
[  333.031375][T10787]  asm_exc_page_fault+0x26/0x30
[  333.036256][T10787] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  333.042066][T10787] Code: 75 f1 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 29 f8 48 01
[  333.061687][T10787] RSP: 0018:ffffc9000ccaf630 EFLAGS: 00050202
[  333.067764][T10787] RAX: ffffffff841c0901 RBX: 0000000000000e5c RCX: 000000000000055c
[  333.075751][T10787] RDX: 0000000000000000 RSI: ffff88807a99a900 RDI: 0000200000005000
[  333.083818][T10787] RBP: ffffc9000ccaf7c0 R08: ffff88807a99ae5b R09: 1ffff1100f5335cb
[  333.091803][T10787] R10: dffffc0000000000 R11: ffffed100f5335cc R12: 000020000000555c
[  333.099782][T10787] R13: ffffc9000ccafe40 R14: 0000200000004700 R15: ffff88807a99a000
[  333.107763][T10787]  ? _copy_to_iter+0x1061/0x10d0
[  333.112720][T10787]  copyout+0x70/0x90
[  333.116634][T10787]  _copy_to_iter+0x432/0x10d0
[  333.121350][T10787]  ? iov_iter_init+0x1e0/0x1e0
[  333.126146][T10787]  ? __virt_addr_valid+0x18c/0x540
[  333.131282][T10787]  ? __virt_addr_valid+0x469/0x540
[  333.136408][T10787]  ? __phys_addr_symbol+0x2f/0x70
[  333.141450][T10787]  __skb_datagram_iter+0xdb/0x780
[  333.146507][T10787]  ? skb_copy_datagram_iter+0x200/0x200
[  333.152241][T10787]  skb_copy_datagram_iter+0xb1/0x200
[  333.157582][T10787]  netlink_recvmsg+0x2c5/0xdf0
[  333.162419][T10787]  ? netlink_sendmsg+0xbe0/0xbe0
[  333.167371][T10787]  ? aa_sk_perm+0x7fc/0x930
[  333.171892][T10787]  ? aa_af_perm+0x2b0/0x2b0
[  333.176410][T10787]  ? __lock_acquire+0x1260/0x7c80
[  333.181455][T10787]  ? verify_lock_unused+0x140/0x140
[  333.186682][T10787]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  333.192001][T10787]  ? security_socket_recvmsg+0x89/0xb0
[  333.197466][T10787]  ? netlink_sendmsg+0xbe0/0xbe0
[  333.202433][T10787]  ____sys_recvmsg+0x29e/0x5b0
[  333.207238][T10787]  ? __sys_recvmsg_sock+0x50/0x50
[  333.212403][T10787]  ? import_iovec+0x73/0xa0
[  333.216944][T10787]  ___sys_recvmsg+0x1b6/0x510
[  333.221712][T10787]  ? __sys_recvmsg+0x270/0x270
[  333.226490][T10787]  ? ksys_write+0x1c1/0x250
[  333.231011][T10787]  ? __fget_files+0x44a/0x4d0
[  333.235716][T10787]  __x64_sys_recvmsg+0x1f2/0x2c0
[  333.240683][T10787]  ? ___sys_recvmsg+0x510/0x510
[  333.245568][T10787]  ? lockdep_hardirqs_on+0x98/0x150
[  333.250784][T10787]  do_syscall_64+0x55/0xb0
[  333.255227][T10787]  ? clear_bhb_loop+0x40/0x90
[  333.259934][T10787]  ? clear_bhb_loop+0x40/0x90
[  333.264634][T10787]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  333.270566][T10787] RIP: 0033:0x7fa10798ebe9
[  333.275057][T10787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  333.294677][T10787] RSP: 002b:00007fa108894038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  333.303145][T10787] RAX: ffffffffffffffda RBX: 00007fa107bb5fa0 RCX: 00007fa10798ebe9
[  333.311132][T10787] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  333.319111][T10787] RBP: 00007fa108894090 R08: 0000000000000000 R09: 0000000000000000
[  333.327087][T10787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  333.335070][T10787] R13: 00007fa107bb6038 R14: 00007fa107bb5fa0 R15: 00007ffc6a32d3f8
[  333.343064][T10787]  </TASK>
[  333.546856][T10792] netlink: 'syz.1.1873': attribute type 3 has an invalid length.
[  333.570088][T10792] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1873'.
[  333.738130][T10798] netlink: 'syz.3.1876': attribute type 10 has an invalid length.
[  333.747755][T10798] netlink: 'syz.3.1876': attribute type 19 has an invalid length.
[  333.758176][T10798] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.1876'.
[  333.971203][T10802] bridge0: port 3(hsr_slave_1) entered blocking state
[  334.006881][T10802] bridge0: port 3(hsr_slave_1) entered disabled state
[  334.025004][T10802] hsr_slave_1: entered allmulticast mode
[  334.078585][T10802] hsr_slave_1: left allmulticast mode
[  334.398139][T10817] netlink: 'syz.0.1882': attribute type 3 has an invalid length.
[  334.407512][T10817] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1882'.
[  334.965983][T10828] netlink: 'syz.0.1887': attribute type 3 has an invalid length.
[  334.996393][T10828] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1887'.
[  335.091174][T10830] netlink: 'syz.1.1888': attribute type 10 has an invalid length.
[  335.108345][T10830] netlink: 'syz.1.1888': attribute type 19 has an invalid length.
[  335.120071][T10830] netlink: 14536 bytes leftover after parsing attributes in process `syz.1.1888'.
[  335.447410][T10837] netlink: 'syz.1.1892': attribute type 3 has an invalid length.
[  335.466256][T10837] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1892'.
[  336.159678][T10860] netlink: 'syz.0.1899': attribute type 3 has an invalid length.
[  336.167895][T10860] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1899'.
[  336.553153][T10866] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.1901'.
[  336.731190][T10869] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1903'.
[  337.130522][T10882] bridge0: port 3(hsr_slave_1) entered blocking state
[  337.172607][T10882] bridge0: port 3(hsr_slave_1) entered disabled state
[  337.233478][T10882] hsr_slave_1: entered allmulticast mode
[  337.270257][T10882] hsr_slave_1: left allmulticast mode
[  338.649663][T10914] bridge0: port 3(hsr_slave_1) entered blocking state
[  338.701863][T10914] bridge0: port 3(hsr_slave_1) entered disabled state
[  338.732298][T10914] hsr_slave_1: entered allmulticast mode
[  338.843968][T10914] hsr_slave_1: left allmulticast mode
[  338.899433][T10916] validate_nla: 6 callbacks suppressed
[  338.899452][T10916] netlink: 'syz.1.1923': attribute type 10 has an invalid length.
[  338.916298][T10916] netlink: 'syz.1.1923': attribute type 19 has an invalid length.
[  338.928057][T10916] __nla_validate_parse: 2 callbacks suppressed
[  338.928073][T10916] netlink: 14536 bytes leftover after parsing attributes in process `syz.1.1923'.
[  339.100320][T10926] netlink: 'syz.2.1926': attribute type 3 has an invalid length.
[  339.118163][T10926] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1926'.
[  339.130702][T10928] bridge0: port 3(hsr_slave_1) entered blocking state
[  339.157592][T10928] bridge0: port 3(hsr_slave_1) entered disabled state
[  339.204574][T10928] hsr_slave_1: entered allmulticast mode
[  339.254346][T10928] hsr_slave_1: left allmulticast mode
[  340.225368][T10950] netlink: 'syz.3.1933': attribute type 41 has an invalid length.
[  340.233981][T10950] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1933'.
[  340.356297][T10952] FAULT_INJECTION: forcing a failure.
[  340.356297][T10952] name failslab, interval 1, probability 0, space 0, times 0
[  340.370354][T10952] CPU: 1 PID: 10952 Comm: syz.1.1934 Not tainted 6.6.102-syzkaller #0
[  340.378563][T10952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  340.389275][T10952] Call Trace:
[  340.392593][T10952]  <TASK>
[  340.395555][T10952]  dump_stack_lvl+0x16c/0x230
[  340.400277][T10952]  ? show_regs_print_info+0x20/0x20
[  340.405525][T10952]  ? load_image+0x3b0/0x3b0
[  340.410076][T10952]  ? __might_sleep+0xe0/0xe0
[  340.414728][T10952]  ? __lock_acquire+0x7c80/0x7c80
[  340.419792][T10952]  should_fail_ex+0x39d/0x4d0
[  340.424522][T10952]  should_failslab+0x9/0x20
[  340.429066][T10952]  slab_pre_alloc_hook+0x59/0x310
[  340.434138][T10952]  ? trace_raw_output_contention_end+0xd0/0xd0
[  340.440334][T10952]  ? fib6_info_alloc+0x32/0xe0
[  340.445135][T10952]  ? fib6_info_alloc+0x32/0xe0
[  340.449925][T10952]  __kmem_cache_alloc_node+0x53/0x260
[  340.455343][T10952]  ? fib6_info_alloc+0x32/0xe0
[  340.460143][T10952]  __kmalloc+0xa4/0x240
[  340.464342][T10952]  fib6_info_alloc+0x32/0xe0
[  340.468980][T10952]  ip6_route_info_create+0x44f/0x1200
[  340.474402][T10952]  ? mutex_lock_nested+0x20/0x20
[  340.479390][T10952]  ip6_route_add+0x28/0x130
[  340.483944][T10952]  ipv6_route_ioctl+0x37e/0x4a0
[  340.488845][T10952]  ? rt6_purge_dflt_routers+0xaf0/0xaf0
[  340.494454][T10952]  ? __might_fault+0xaa/0x120
[  340.499164][T10952]  ? __might_fault+0xc6/0x120
[  340.503870][T10952]  ? __might_fault+0xaa/0x120
[  340.508582][T10952]  inet6_ioctl+0x21a/0x280
[  340.513054][T10952]  ? inet6_getname+0x650/0x650
[  340.517863][T10952]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  340.523356][T10952]  sock_do_ioctl+0xd7/0x2f0
[  340.527922][T10952]  ? sock_show_fdinfo+0xb0/0xb0
[  340.532830][T10952]  sock_ioctl+0x623/0x7a0
[  340.537180][T10952]  ? sock_poll+0x3d0/0x3d0
[  340.541634][T10952]  ? bpf_lsm_file_ioctl+0x9/0x10
[  340.546601][T10952]  ? security_file_ioctl+0x80/0xa0
[  340.551762][T10952]  ? sock_poll+0x3d0/0x3d0
[  340.556217][T10952]  __se_sys_ioctl+0xfd/0x170
[  340.560843][T10952]  do_syscall_64+0x55/0xb0
[  340.565296][T10952]  ? clear_bhb_loop+0x40/0x90
[  340.570000][T10952]  ? clear_bhb_loop+0x40/0x90
[  340.574704][T10952]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  340.580643][T10952] RIP: 0033:0x7fa10798ebe9
[  340.585060][T10952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  340.604686][T10952] RSP: 002b:00007fa108894038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  340.613113][T10952] RAX: ffffffffffffffda RBX: 00007fa107bb5fa0 RCX: 00007fa10798ebe9
[  340.621110][T10952] RDX: 0000200000000000 RSI: 000000000000890b RDI: 0000000000000003
[  340.629108][T10952] RBP: 00007fa108894090 R08: 0000000000000000 R09: 0000000000000000
[  340.637099][T10952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  340.645094][T10952] R13: 00007fa107bb6038 R14: 00007fa107bb5fa0 R15: 00007ffc6a32d3f8
[  340.653131][T10952]  </TASK>
[  340.854192][T10963] netlink: 'syz.1.1938': attribute type 3 has an invalid length.
[  340.862340][T10963] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.1938'.
[  341.399385][T10980] netlink: 'syz.2.1944': attribute type 10 has an invalid length.
[  341.413974][T10980] netlink: 'syz.2.1944': attribute type 19 has an invalid length.
[  341.425403][T10980] netlink: 14536 bytes leftover after parsing attributes in process `syz.2.1944'.
[  341.608616][T10988] netlink: 'syz.2.1946': attribute type 10 has an invalid length.
[  341.616929][T10988] netlink: 'syz.2.1946': attribute type 19 has an invalid length.
[  341.625216][T10988] netlink: 14536 bytes leftover after parsing attributes in process `syz.2.1946'.
[  341.849973][T10994] netlink: 'syz.2.1949': attribute type 3 has an invalid length.
[  341.860502][T10994] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1949'.
[  342.468087][T11005] syzkaller0: entered promiscuous mode
[  342.474123][T11005] syzkaller0: entered allmulticast mode
[  342.483134][T11010] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.1956'.
[  342.717955][T11013] syzkaller0: left promiscuous mode
[  342.730979][T11013] syzkaller0: left allmulticast mode
[  342.740312][T11012] bridge0: port 3(hsr_slave_1) entered blocking state
[  342.751103][T11012] bridge0: port 3(hsr_slave_1) entered disabled state
[  342.759819][T11012] hsr_slave_1: entered allmulticast mode
[  342.772619][T11012] hsr_slave_1: left allmulticast mode
[  343.016411][T11021] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1960'.
[  345.148847][T11050] bridge0: port 3(hsr_slave_1) entered blocking state
[  345.156691][T11050] bridge0: port 3(hsr_slave_1) entered disabled state
[  345.164302][T11050] hsr_slave_1: entered allmulticast mode
[  345.173499][T11050] hsr_slave_1: left allmulticast mode
[  345.510154][T11062] validate_nla: 3 callbacks suppressed
[  345.510171][T11062] netlink: 'syz.3.1975': attribute type 10 has an invalid length.
[  345.551622][T11062] netlink: 'syz.3.1975': attribute type 19 has an invalid length.
[  345.569797][T11062] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.1975'.
[  345.660247][T11070] netlink: 'syz.0.1978': attribute type 3 has an invalid length.
[  345.670331][T11070] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.1978'.
[  345.678146][T11066] netlink: 'syz.2.1977': attribute type 3 has an invalid length.
[  345.703327][T11066] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1977'.
[  346.010214][T11079] bridge0: port 3(hsr_slave_1) entered blocking state
[  346.043067][T11079] bridge0: port 3(hsr_slave_1) entered disabled state
[  346.091766][T11079] hsr_slave_1: entered allmulticast mode
[  346.122004][T11079] hsr_slave_1: left allmulticast mode
[  346.459531][T11092] netlink: 'syz.3.1987': attribute type 10 has an invalid length.
[  346.476625][T11092] netlink: 'syz.3.1987': attribute type 19 has an invalid length.
[  346.485842][T11092] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.1987'.
[  346.631063][T11097] netlink: 'syz.2.1989': attribute type 3 has an invalid length.
[  346.654303][T11097] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1989'.
[  346.714595][T11098] netlink: 'syz.3.1990': attribute type 3 has an invalid length.
[  346.742666][T11098] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1990'.
[  347.435848][T11123] netlink: 'syz.2.1999': attribute type 10 has an invalid length.
[  347.451805][T11123] netlink: 'syz.2.1999': attribute type 19 has an invalid length.
[  347.486414][T11123] netlink: 14536 bytes leftover after parsing attributes in process `syz.2.1999'.
[  347.738159][T11137] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2003'.
[  347.753917][T11137] netlink: 61211 bytes leftover after parsing attributes in process `syz.1.2003'.
[  347.787118][T11135] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.2002'.
[  348.083586][T11148] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  348.490051][T11159] team0: entered allmulticast mode
[  348.495907][T11159] team_slave_0: entered allmulticast mode
[  348.502320][T11159] team_slave_1: entered allmulticast mode
[  349.685373][T11189] team0: entered allmulticast mode
[  349.690566][T11189] team_slave_0: entered allmulticast mode
[  349.717535][T11189] team_slave_1: entered allmulticast mode
[  350.524558][T11215] validate_nla: 10 callbacks suppressed
[  350.524582][T11215] netlink: 'syz.2.2034': attribute type 3 has an invalid length.
[  350.645274][T11217] netlink: 'syz.3.2035': attribute type 10 has an invalid length.
[  350.659375][T11217] netlink: 'syz.3.2035': attribute type 19 has an invalid length.
[  350.669220][T11217] __nla_validate_parse: 6 callbacks suppressed
[  350.669236][T11217] netlink: 14536 bytes leftover after parsing attributes in process `syz.3.2035'.
[  351.019519][T11227] netlink: 'syz.2.2039': attribute type 3 has an invalid length.
[  351.036101][T11227] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2039'.
[  351.123329][T11227] netlink: 'syz.2.2039': attribute type 10 has an invalid length.
[  351.179648][T11227] team0: Port device netdevsim0 added
[  351.214200][T11231] FAULT_INJECTION: forcing a failure.
[  351.214200][T11231] name failslab, interval 1, probability 0, space 0, times 0
[  351.229554][T11231] CPU: 0 PID: 11231 Comm: syz.0.2041 Not tainted 6.6.102-syzkaller #0
[  351.237764][T11231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  351.247850][T11231] Call Trace:
[  351.251155][T11231]  <TASK>
[  351.254143][T11231]  dump_stack_lvl+0x16c/0x230
[  351.258867][T11231]  ? show_regs_print_info+0x20/0x20
[  351.264107][T11231]  ? load_image+0x3b0/0x3b0
[  351.268659][T11231]  ? perf_trace_lock+0xf7/0x380
[  351.273571][T11231]  should_fail_ex+0x39d/0x4d0
[  351.278291][T11231]  should_failslab+0x9/0x20
[  351.282822][T11231]  slab_pre_alloc_hook+0x59/0x310
[  351.287875][T11231]  kmem_cache_alloc+0x5a/0x2e0
[  351.292665][T11231]  ? skb_clone+0x1eb/0x370
[  351.297111][T11231]  skb_clone+0x1eb/0x370
[  351.301377][T11231]  __netlink_deliver_tap+0x41c/0x830
[  351.306709][T11231]  ? netlink_deliver_tap+0x2e/0x1b0
[  351.311934][T11231]  netlink_deliver_tap+0x19c/0x1b0
[  351.317065][T11231]  netlink_dump+0x8df/0xde0
[  351.321593][T11231]  ? netlink_lookup+0x200/0x200
[  351.326468][T11231]  ? slab_free_freelist_hook+0x130/0x1b0
[  351.332130][T11231]  ? netlink_recvmsg+0x5cf/0xdf0
[  351.337077][T11231]  ? kmem_cache_free+0xf8/0x280
[  351.341957][T11231]  netlink_recvmsg+0x677/0xdf0
[  351.346747][T11231]  ? netlink_sendmsg+0xbe0/0xbe0
[  351.351700][T11231]  ? aa_sk_perm+0x7fc/0x930
[  351.356227][T11231]  ? aa_af_perm+0x2b0/0x2b0
[  351.360770][T11231]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  351.366071][T11231]  ? security_socket_recvmsg+0x89/0xb0
[  351.371546][T11231]  ? netlink_sendmsg+0xbe0/0xbe0
[  351.376507][T11231]  ____sys_recvmsg+0x29e/0x5b0
[  351.381306][T11231]  ? __sys_recvmsg_sock+0x50/0x50
[  351.386370][T11231]  ? import_iovec+0x73/0xa0
[  351.390900][T11231]  ___sys_recvmsg+0x1b6/0x510
[  351.395603][T11231]  ? __sys_recvmsg+0x270/0x270
[  351.400387][T11231]  ? ksys_write+0x1c1/0x250
[  351.404921][T11231]  ? __fget_files+0x44a/0x4d0
[  351.409636][T11231]  __x64_sys_recvmsg+0x1f2/0x2c0
[  351.414603][T11231]  ? ___sys_recvmsg+0x510/0x510
[  351.419486][T11231]  ? lockdep_hardirqs_on+0x98/0x150
[  351.424704][T11231]  do_syscall_64+0x55/0xb0
[  351.429144][T11231]  ? clear_bhb_loop+0x40/0x90
[  351.433831][T11231]  ? clear_bhb_loop+0x40/0x90
[  351.438522][T11231]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  351.444436][T11231] RIP: 0033:0x7fe8b8f8ebe9
[  351.448860][T11231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  351.468469][T11231] RSP: 002b:00007fe8b9de3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  351.476893][T11231] RAX: ffffffffffffffda RBX: 00007fe8b91b5fa0 RCX: 00007fe8b8f8ebe9
[  351.484883][T11231] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[  351.492871][T11231] RBP: 00007fe8b9de3090 R08: 0000000000000000 R09: 0000000000000000
[  351.500857][T11231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  351.508835][T11231] R13: 00007fe8b91b6038 R14: 00007fe8b91b5fa0 R15: 00007ffda53390c8
[  351.516829][T11231]  </TASK>
[  351.619150][T11227] netlink: 'syz.2.2039': attribute type 27 has an invalid length.
[  351.645987][T11227] netlink: 'syz.2.2039': attribute type 4 has an invalid length.
[  351.654788][T11227] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2039'.
[  352.153703][T11253] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2048'.
[  352.208689][T11253] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2048'.
[  352.260790][T11249] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2048'.
[  352.271957][T11256] netlink: 'syz.0.2050': attribute type 3 has an invalid length.
[  352.279778][T11256] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.2050'.
[  352.297155][T11254] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2048'.
[  352.318515][T11254] FAULT_INJECTION: forcing a failure.
[  352.318515][T11254] name failslab, interval 1, probability 0, space 0, times 0
[  352.326761][T11258] netlink: 14568 bytes leftover after parsing attributes in process `syz.1.2051'.
[  352.351414][T11254] CPU: 0 PID: 11254 Comm: syz.3.2048 Not tainted 6.6.102-syzkaller #0
[  352.360143][T11254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  352.370248][T11254] Call Trace:
[  352.373571][T11254]  <TASK>
[  352.375955][T11260] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2052'.
[  352.376516][T11254]  dump_stack_lvl+0x16c/0x230
[  352.390138][T11254]  ? show_regs_print_info+0x20/0x20
[  352.395377][T11254]  ? load_image+0x3b0/0x3b0
[  352.400012][T11254]  ? preempt_schedule_common+0x82/0xc0
[  352.405516][T11254]  ? perf_trace_lock+0xf7/0x380
[  352.410440][T11254]  should_fail_ex+0x39d/0x4d0
[  352.415164][T11254]  should_failslab+0x9/0x20
[  352.419716][T11254]  slab_pre_alloc_hook+0x59/0x310
[  352.424794][T11254]  kmem_cache_alloc+0x5a/0x2e0
[  352.429619][T11254]  ? skb_clone+0x1eb/0x370
[  352.434085][T11254]  skb_clone+0x1eb/0x370
[  352.438375][T11254]  __netlink_deliver_tap+0x41c/0x830
[  352.443719][T11254]  ? netlink_deliver_tap+0x2e/0x1b0
[  352.448973][T11254]  netlink_deliver_tap+0x19c/0x1b0
[  352.454125][T11254]  netlink_dump+0x8df/0xde0
[  352.458684][T11254]  ? netlink_lookup+0x200/0x200
[  352.463548][T11254]  ? __skb_try_recv_datagram+0x3da/0x4d0
[  352.469215][T11254]  ? skb_copy_datagram_iter+0x200/0x200
[  352.474777][T11254]  ? refcount_dec_and_test+0x4f/0x70
[  352.480085][T11254]  netlink_recvmsg+0x677/0xdf0
[  352.484875][T11254]  ? netlink_sendmsg+0xbe0/0xbe0
[  352.489827][T11254]  ? aa_sk_perm+0x7fc/0x930
[  352.494355][T11254]  ? aa_af_perm+0x2b0/0x2b0
[  352.498874][T11254]  ? __lock_acquire+0x1260/0x7c80
[  352.503921][T11254]  ? verify_lock_unused+0x140/0x140
[  352.509140][T11254]  ? bpf_lsm_socket_recvmsg+0x9/0x10
[  352.514443][T11254]  ? security_socket_recvmsg+0x89/0xb0
[  352.519928][T11254]  ? netlink_sendmsg+0xbe0/0xbe0
[  352.524900][T11254]  ____sys_recvmsg+0x29e/0x5b0
[  352.529697][T11254]  ? __sys_recvmsg_sock+0x50/0x50
[  352.534750][T11254]  ? import_iovec+0x73/0xa0
[  352.539273][T11254]  ___sys_recvmsg+0x1b6/0x510
[  352.543975][T11254]  ? __sys_recvmsg+0x270/0x270
[  352.548764][T11254]  ? ksys_write+0x1c1/0x250
[  352.553297][T11254]  ? __fget_files+0x44a/0x4d0
[  352.558002][T11254]  __x64_sys_recvmsg+0x1f2/0x2c0
[  352.562959][T11254]  ? ___sys_recvmsg+0x510/0x510
[  352.567857][T11254]  ? lockdep_hardirqs_on+0x98/0x150
[  352.573085][T11254]  do_syscall_64+0x55/0xb0
[  352.577521][T11254]  ? clear_bhb_loop+0x40/0x90
[  352.582211][T11254]  ? clear_bhb_loop+0x40/0x90
[  352.586901][T11254]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  352.592820][T11254] RIP: 0033:0x7f808058ebe9
[  352.597252][T11254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  352.616875][T11254] RSP: 002b:00007f8081360038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  352.625317][T11254] RAX: ffffffffffffffda RBX: 00007f80807b6180 RCX: 00007f808058ebe9
[  352.633305][T11254] RDX: 0000000040000002 RSI: 0000200000000e80 RDI: 0000000000000003
[  352.641289][T11254] RBP: 00007f8081360090 R08: 0000000000000000 R09: 0000000000000000
[  352.649270][T11254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  352.657251][T11254] R13: 00007f80807b6218 R14: 00007f80807b6180 R15: 00007ffc467e1538
[  352.665279][T11254]  </TASK>
[  352.740406][T11262] FAULT_INJECTION: forcing a failure.
[  352.740406][T11262] name failslab, interval 1, probability 0, space 0, times 0
[  352.818263][T11262] CPU: 1 PID: 11262 Comm: syz.2.2053 Not tainted 6.6.102-syzkaller #0
[  352.826506][T11262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  352.836616][T11262] Call Trace:
[  352.839941][T11262]  <TASK>
[  352.842920][T11262]  dump_stack_lvl+0x16c/0x230
[  352.847653][T11262]  ? show_regs_print_info+0x20/0x20
[  352.852903][T11262]  ? load_image+0x3b0/0x3b0
[  352.857464][T11262]  ? mark_lock+0x94/0x320
[  352.861857][T11262]  should_fail_ex+0x39d/0x4d0
[  352.866596][T11262]  should_failslab+0x9/0x20
[  352.871152][T11262]  slab_pre_alloc_hook+0x59/0x310
[  352.876237][T11262]  kmem_cache_alloc+0x5a/0x2e0
[  352.881045][T11262]  ? dst_alloc+0x105/0x170
[  352.885535][T11262]  dst_alloc+0x105/0x170
[  352.889823][T11262]  ip_route_output_key_hash_rcu+0x1413/0x2320
[  352.895924][T11262]  ? ip_route_input_rcu+0x1745/0x3010
[  352.901341][T11262]  ? ip_route_output_key_hash+0x12f/0x340
[  352.907093][T11262]  ip_route_output_key_hash+0x20b/0x340
[  352.912668][T11262]  ? ip_route_input_rcu+0x3010/0x3010
[  352.918164][T11262]  tcp_v4_connect+0x6e6/0x18d0
[  352.922965][T11262]  ? tcp_twsk_unique+0x990/0x990
[  352.927919][T11262]  ? unwind_get_return_address+0x91/0xc0
[  352.933582][T11262]  ? stack_trace_save+0xe0/0xe0
[  352.938452][T11262]  ? tcp_v6_connect+0x667/0x17c0
[  352.943414][T11262]  tcp_v6_connect+0xa95/0x17c0
[  352.948218][T11262]  ? tcp_v6_pre_connect+0xf0/0xf0
[  352.953258][T11262]  ? __se_sys_sendmsg+0x1a5/0x270
[  352.958294][T11262]  ? do_syscall_64+0x55/0xb0
[  352.962897][T11262]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  352.968989][T11262]  __inet_stream_connect+0x2a8/0xe60
[  352.975960][T11262]  ? inet_dgram_connect+0x360/0x360
[  352.981204][T11262]  tcp_sendmsg_fastopen+0x3a7/0x5d0
[  352.986440][T11262]  tcp_sendmsg_locked+0x4555/0x4af0
[  352.991661][T11262]  ? verify_lock_unused+0x140/0x140
[  352.996876][T11262]  ? verify_lock_unused+0x140/0x140
[  353.002107][T11262]  ? mark_lock+0x94/0x320
[  353.006456][T11262]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  353.012454][T11262]  ? lock_chain_count+0x20/0x20
[  353.017320][T11262]  ? tcp_set_state+0x650/0x650
[  353.022113][T11262]  tcp_sendmsg+0x2f/0x50
[  353.026372][T11262]  ? inet6_compat_ioctl+0x380/0x380
[  353.031598][T11262]  ____sys_sendmsg+0x5bf/0x950
[  353.036384][T11262]  ? __asan_memset+0x22/0x40
[  353.040987][T11262]  ? __sys_sendmsg_sock+0x30/0x30
[  353.046026][T11262]  ? __import_iovec+0x3fa/0x860
[  353.050921][T11262]  ? import_iovec+0x73/0xa0
[  353.055479][T11262]  ___sys_sendmsg+0x220/0x290
[  353.060200][T11262]  ? __sys_sendmsg+0x270/0x270
[  353.065007][T11262]  ? __lock_acquire+0x7c80/0x7c80
[  353.070072][T11262]  __se_sys_sendmsg+0x1a5/0x270
[  353.074944][T11262]  ? __x64_sys_sendmsg+0x80/0x80
[  353.079921][T11262]  ? lockdep_hardirqs_on+0x98/0x150
[  353.085146][T11262]  do_syscall_64+0x55/0xb0
[  353.089577][T11262]  ? clear_bhb_loop+0x40/0x90
[  353.094262][T11262]  ? clear_bhb_loop+0x40/0x90
[  353.098985][T11262]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  353.104944][T11262] RIP: 0033:0x7fd42bf8ebe9
[  353.109381][T11262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  353.129044][T11262] RSP: 002b:00007fd42a1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  353.137483][T11262] RAX: ffffffffffffffda RBX: 00007fd42c1b5fa0 RCX: 00007fd42bf8ebe9
[  353.145468][T11262] RDX: 0000000020000000 RSI: 0000200000000240 RDI: 0000000000000003
[  353.153471][T11262] RBP: 00007fd42a1f6090 R08: 0000000000000000 R09: 0000000000000000
[  353.161452][T11262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  353.169428][T11262] R13: 00007fd42c1b6038 R14: 00007fd42c1b5fa0 R15: 00007ffffaf11108
[  353.177448][T11262]  </TASK>
[  353.343841][T11269] netlink: 'syz.3.2054': attribute type 3 has an invalid length.
[  353.394953][T11269] netlink: 'syz.3.2054': attribute type 10 has an invalid length.
[  353.481019][T11269] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  353.494792][T11269] team0: Port device netdevsim0 added
[  354.170834][T11293] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[  354.992790][T11310] team0: Port device netdevsim0 added
[  356.220695][T11354] FAULT_INJECTION: forcing a failure.
[  356.220695][T11354] name failslab, interval 1, probability 0, space 0, times 0
[  356.233966][T11354] CPU: 1 PID: 11354 Comm: syz.3.2089 Not tainted 6.6.102-syzkaller #0
[  356.242171][T11354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  356.252267][T11354] Call Trace:
[  356.255580][T11354]  <TASK>
[  356.258540][T11354]  dump_stack_lvl+0x16c/0x230
[  356.263266][T11354]  ? show_regs_print_info+0x20/0x20
[  356.268600][T11354]  ? load_image+0x3b0/0x3b0
[  356.273175][T11354]  ? perf_trace_lock_acquire+0x32a/0x3e0
[  356.278869][T11354]  should_fail_ex+0x39d/0x4d0
[  356.283631][T11354]  should_failslab+0x9/0x20
[  356.288168][T11354]  slab_pre_alloc_hook+0x59/0x310
[  356.293237][T11354]  ? __hw_addr_add_ex+0x1f4/0x760
[  356.298312][T11354]  __kmem_cache_alloc_node+0x53/0x260
[  356.303743][T11354]  ? __hw_addr_add_ex+0x1f4/0x760
[  356.308811][T11354]  kmalloc_trace+0x2a/0xe0
[  356.313271][T11354]  __hw_addr_add_ex+0x1f4/0x760
[  356.318268][T11354]  __hw_addr_sync+0x126/0x270
[  356.323014][T11354]  ieee80211_set_multicast_list+0x14b/0x1f0
[  356.328952][T11354]  ? ieee80211_stop+0x4a0/0x4a0
[  356.333838][T11354]  dev_set_rx_mode+0x21c/0x2d0
[  356.338630][T11354]  ? __dev_change_flags+0x1ad/0x6a0
[  356.343874][T11354]  __dev_change_flags+0x1c4/0x6a0
[  356.348935][T11354]  ? trace_raw_output_contention_end+0xd0/0xd0
[  356.355140][T11354]  ? dev_get_flags+0x1c0/0x1c0
[  356.360019][T11354]  ? rcu_is_watching+0x15/0xb0
[  356.364836][T11354]  ? trace_contention_end+0x39/0xe0
[  356.370080][T11354]  ? __mutex_lock+0x304/0xcc0
[  356.374809][T11354]  dev_change_flags+0x88/0x1a0
[  356.379613][T11354]  dev_ifsioc+0x6a7/0xe20
[  356.383980][T11354]  ? dev_ioctl+0x1170/0x1170
[  356.388615][T11354]  ? dev_load+0x21/0x1f0
[  356.392890][T11354]  ? dev_load+0x21/0x1f0
[  356.397172][T11354]  dev_ioctl+0x7e2/0x1170
[  356.401559][T11354]  sock_do_ioctl+0x226/0x2f0
[  356.406211][T11354]  ? sock_show_fdinfo+0xb0/0xb0
[  356.411151][T11354]  sock_ioctl+0x623/0x7a0
[  356.415540][T11354]  ? sock_poll+0x3d0/0x3d0
[  356.420043][T11354]  ? bpf_lsm_file_ioctl+0x9/0x10
[  356.425048][T11354]  ? security_file_ioctl+0x80/0xa0
[  356.430200][T11354]  ? sock_poll+0x3d0/0x3d0
[  356.434659][T11354]  __se_sys_ioctl+0xfd/0x170
[  356.439302][T11354]  do_syscall_64+0x55/0xb0
[  356.443753][T11354]  ? clear_bhb_loop+0x40/0x90
[  356.448457][T11354]  ? clear_bhb_loop+0x40/0x90
[  356.453168][T11354]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  356.459107][T11354] RIP: 0033:0x7f808058ebe9
[  356.463555][T11354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  356.483193][T11354] RSP: 002b:00007f80813a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  356.491645][T11354] RAX: ffffffffffffffda RBX: 00007f80807b5fa0 RCX: 00007f808058ebe9
[  356.499661][T11354] RDX: 0000200000000080 RSI: 0000000000008914 RDI: 0000000000000006
[  356.507657][T11354] RBP: 00007f80813a2090 R08: 0000000000000000 R09: 0000000000000000
[  356.515657][T11354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  356.523659][T11354] R13: 00007f80807b6038 R14: 00007f80807b5fa0 R15: 00007ffc467e1538
[  356.531698][T11354]  </TASK>
[  356.546433][T11354] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode
[  356.766371][T11359] validate_nla: 10 callbacks suppressed
[  356.766398][T11359] netlink: 'syz.1.2092': attribute type 3 has an invalid length.
[  356.799033][T11359] __nla_validate_parse: 10 callbacks suppressed
[  356.799054][T11359] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.2092'.
[  357.135804][T11367] netlink: 'syz.1.2094': attribute type 3 has an invalid length.
[  357.150892][T11367] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2094'.
[  357.246549][T11367] netlink: 'syz.1.2094': attribute type 10 has an invalid length.
[  357.316779][T11367] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[  357.337723][T11367] team0: Port device netdevsim0 added
[  357.410156][T11367] netlink: 'syz.1.2094': attribute type 27 has an invalid length.
[  357.418400][T11367] netlink: 'syz.1.2094': attribute type 4 has an invalid length.
[  357.433841][T11367] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2094'.
[  358.122085][T11390] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.2101'.
[  358.519768][T11397] syzkaller0: entered promiscuous mode
[  358.544014][T11397] syzkaller0: entered allmulticast mode
[  358.661281][T11403] netlink: 'syz.3.2103': attribute type 3 has an invalid length.
[  358.679017][T11403] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.2103'.
[  359.479822][T11409] FAULT_INJECTION: forcing a failure.
[  359.479822][T11409] name failslab, interval 1, probability 0, space 0, times 0
[  359.493060][T11409] CPU: 1 PID: 11409 Comm: syz.0.2108 Not tainted 6.6.102-syzkaller #0
[  359.501258][T11409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  359.511331][T11409] Call Trace:
[  359.514642][T11409]  <TASK>
[  359.517599][T11409]  dump_stack_lvl+0x16c/0x230
[  359.522305][T11409]  ? show_regs_print_info+0x20/0x20
[  359.527522][T11409]  ? load_image+0x3b0/0x3b0
[  359.532054][T11409]  ? mark_lock+0x94/0x320
[  359.536404][T11409]  ? __lock_acquire+0x1334/0x7c80
[  359.541447][T11409]  should_fail_ex+0x39d/0x4d0
[  359.546158][T11409]  should_failslab+0x9/0x20
[  359.550679][T11409]  slab_pre_alloc_hook+0x59/0x310
[  359.555734][T11409]  kmem_cache_alloc+0x5a/0x2e0
[  359.560514][T11409]  ? radix_tree_node_alloc+0x7e/0x3a0
[  359.565931][T11409]  radix_tree_node_alloc+0x7e/0x3a0
[  359.571162][T11409]  idr_get_free+0x2b3/0xa60
[  359.575701][T11409]  idr_alloc_cyclic+0x1a2/0x530
[  359.580584][T11409]  ? idr_alloc+0x2c0/0x2c0
[  359.585026][T11409]  ? do_raw_spin_lock+0x121/0x2c0
[  359.590086][T11409]  ? __radix_tree_preload+0x82/0x880
[  359.595390][T11409]  ? bpf_link_prime+0x4c/0x1d0
[  359.600167][T11409]  bpf_link_prime+0x6b/0x1d0
[  359.604792][T11409]  bpf_raw_tp_link_attach+0x33c/0x560
[  359.610189][T11409]  ? bpf_insn_prepare_dump+0x840/0x840
[  359.615690][T11409]  bpf_raw_tracepoint_open+0x197/0x210
[  359.621171][T11409]  __sys_bpf+0x364/0x800
[  359.625436][T11409]  ? bpf_link_show_fdinfo+0x350/0x350
[  359.630839][T11409]  ? lock_chain_count+0x20/0x20
[  359.635719][T11409]  __x64_sys_bpf+0x7c/0x90
[  359.640150][T11409]  do_syscall_64+0x55/0xb0
[  359.644586][T11409]  ? clear_bhb_loop+0x40/0x90
[  359.649277][T11409]  ? clear_bhb_loop+0x40/0x90
[  359.653978][T11409]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  359.659905][T11409] RIP: 0033:0x7fe8b8f8ebe9
[  359.664337][T11409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  359.683961][T11409] RSP: 002b:00007fe8b9de3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  359.692391][T11409] RAX: ffffffffffffffda RBX: 00007fe8b91b5fa0 RCX: 00007fe8b8f8ebe9
[  359.700383][T11409] RDX: 0000000000000010 RSI: 0000200000000080 RDI: 0000000000000011
[  359.708370][T11409] RBP: 00007fe8b9de3090 R08: 0000000000000000 R09: 0000000000000000
[  359.716351][T11409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  359.724334][T11409] R13: 00007fe8b91b6038 R14: 00007fe8b91b5fa0 R15: 00007ffda53390c8
[  359.732336][T11409]  </TASK>
[  361.150619][T11423] netlink: 9286 bytes leftover after parsing attributes in process `syz.2.2111'.
[  362.039762][T11443] netlink: 'syz.1.2120': attribute type 3 has an invalid length.
[  362.052693][T11443] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.2120'.
[  362.437131][T11455] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.2124'.
[  362.490804][T11453] netlink: 14568 bytes leftover after parsing attributes in process `syz.3.2125'.
[  363.799263][T11497] bridge0: port 2(bridge_slave_1) entered disabled state
[  363.808088][T11497] bridge0: port 1(bridge_slave_0) entered disabled state
[  363.835662][T11497] bridge0: entered allmulticast mode
[  363.939622][T11501] netlink: 'syz.3.2142': attribute type 3 has an invalid length.
[  363.948604][T11497] bridge_slave_1: left allmulticast mode
[  363.955539][T11497] bridge_slave_1: left promiscuous mode
[  363.965282][T11497] bridge0: port 2(bridge_slave_1) entered disabled state
[  363.981972][T11501] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.2142'.
[  364.031493][T11497] bridge_slave_0: left allmulticast mode
[  364.052331][T11497] bridge_slave_0: left promiscuous mode
[  364.058818][T11497] bridge0: port 1(bridge_slave_0) entered disabled state
[  364.810087][T11517] FAULT_INJECTION: forcing a failure.
[  364.810087][T11517] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  364.834413][T11517] CPU: 1 PID: 11517 Comm: syz.2.2149 Not tainted 6.6.102-syzkaller #0
[  364.842639][T11517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  364.852724][T11517] Call Trace:
[  364.856014][T11517]  <TASK>
[  364.858974][T11517]  dump_stack_lvl+0x16c/0x230
[  364.863675][T11517]  ? show_regs_print_info+0x20/0x20
[  364.868892][T11517]  ? load_image+0x3b0/0x3b0
[  364.873419][T11517]  ? __might_fault+0xaa/0x120
[  364.878105][T11517]  ? __lock_acquire+0x7c80/0x7c80
[  364.883145][T11517]  should_fail_ex+0x39d/0x4d0
[  364.887843][T11517]  _copy_from_iter+0x1d3/0x1290
[  364.892711][T11517]  ? slab_post_alloc_hook+0x8a/0x4d0
[  364.898020][T11517]  ? __virt_addr_valid+0x18c/0x540
[  364.903146][T11517]  ? __lock_acquire+0x7c80/0x7c80
[  364.908198][T11517]  ? rcu_is_watching+0x15/0xb0
[  364.912980][T11517]  ? copyout_mc+0x70/0x70
[  364.917322][T11517]  ? __virt_addr_valid+0x18c/0x540
[  364.922451][T11517]  ? __virt_addr_valid+0x18c/0x540
[  364.927587][T11517]  ? __virt_addr_valid+0x469/0x540
[  364.932704][T11517]  ? __check_object_size+0x506/0xa30
[  364.938007][T11517]  netlink_sendmsg+0x75c/0xbe0
[  364.942791][T11517]  ? netlink_getsockopt+0x580/0x580
[  364.948005][T11517]  ? aa_sock_msg_perm+0x94/0x150
[  364.952951][T11517]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  364.958283][T11517]  ? security_socket_sendmsg+0x80/0xa0
[  364.963749][T11517]  ? netlink_getsockopt+0x580/0x580
[  364.968957][T11517]  ____sys_sendmsg+0x5bf/0x950
[  364.973740][T11517]  ? __asan_memset+0x22/0x40
[  364.978347][T11517]  ? __sys_sendmsg_sock+0x30/0x30
[  364.983379][T11517]  ? __import_iovec+0x5f2/0x860
[  364.988244][T11517]  ? import_iovec+0x73/0xa0
[  364.992766][T11517]  ___sys_sendmsg+0x220/0x290
[  364.997459][T11517]  ? __sys_sendmsg+0x270/0x270
[  365.002259][T11517]  ? __lock_acquire+0x7c80/0x7c80
[  365.007752][T11517]  __se_sys_sendmsg+0x1a5/0x270
[  365.012626][T11517]  ? __x64_sys_sendmsg+0x80/0x80
[  365.017590][T11517]  ? lockdep_hardirqs_on+0x98/0x150
[  365.022803][T11517]  do_syscall_64+0x55/0xb0
[  365.027225][T11517]  ? clear_bhb_loop+0x40/0x90
[  365.031907][T11517]  ? clear_bhb_loop+0x40/0x90
[  365.036602][T11517]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  365.042515][T11517] RIP: 0033:0x7fd42bf8ebe9
[  365.046936][T11517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  365.066550][T11517] RSP: 002b:00007fd42a1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  365.074999][T11517] RAX: ffffffffffffffda RBX: 00007fd42c1b5fa0 RCX: 00007fd42bf8ebe9
[  365.082995][T11517] RDX: 0000000004004850 RSI: 0000200000000340 RDI: 0000000000000003
[  365.090985][T11517] RBP: 00007fd42a1f6090 R08: 0000000000000000 R09: 0000000000000000
[  365.098967][T11517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  365.106949][T11517] R13: 00007fd42c1b6038 R14: 00007fd42c1b5fa0 R15: 00007ffffaf11108
[  365.114941][T11517]  </TASK>
[  365.425188][T11528] netlink: 'syz.3.2152': attribute type 3 has an invalid length.
[  365.433383][T11528] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.2152'.
[  365.684228][T11532] netlink: 'syz.1.2153': attribute type 3 has an invalid length.
[  365.703408][T11532] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.2153'.
[  365.915618][T11539] netlink: 'syz.1.2156': attribute type 3 has an invalid length.
[  365.944585][T11539] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.2156'.
[  366.529722][T11556] netlink: 'syz.3.2163': attribute type 3 has an invalid length.
[  367.175697][T11570] FAULT_INJECTION: forcing a failure.
[  367.175697][T11570] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  367.175744][T11570] CPU: 1 PID: 11570 Comm: syz.2.2164 Not tainted 6.6.102-syzkaller #0
[  367.175765][T11570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  367.175777][T11570] Call Trace:
[  367.175785][T11570]  <TASK>
[  367.175793][T11570]  dump_stack_lvl+0x16c/0x230
[  367.175823][T11570]  ? show_regs_print_info+0x20/0x20
[  367.175846][T11570]  ? load_image+0x3b0/0x3b0
[  367.175878][T11570]  ? __might_fault+0xaa/0x120
[  367.175898][T11570]  ? __lock_acquire+0x7c80/0x7c80
[  367.175924][T11570]  should_fail_ex+0x39d/0x4d0
[  367.175955][T11570]  _copy_from_user+0x2f/0xe0
[  367.175978][T11570]  dev_ethtool+0xc5/0x1720
[  367.175997][T11570]  ? lock_chain_count+0x20/0x20
[  367.176021][T11570]  ? ethtool_get_module_eeprom_call+0x170/0x170
[  367.176040][T11570]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  367.176071][T11570]  ? lockdep_hardirqs_on+0x98/0x150
[  367.176105][T11570]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  367.176142][T11570]  ? dev_load+0x162/0x1f0
[  367.176167][T11570]  dev_ioctl+0x4ca/0x1170
[  367.176191][T11570]  sock_do_ioctl+0x226/0x2f0
[  367.176217][T11570]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  367.176250][T11570]  ? sock_show_fdinfo+0xb0/0xb0
[  367.176285][T11570]  ? sock_ioctl+0x11f/0x7a0
[  367.176318][T11570]  sock_ioctl+0x623/0x7a0
[  367.176348][T11570]  ? sock_poll+0x3d0/0x3d0
[  367.176385][T11570]  ? bpf_lsm_file_ioctl+0x9/0x10
[  367.176403][T11570]  ? security_file_ioctl+0x80/0xa0
[  367.176430][T11570]  ? sock_poll+0x3d0/0x3d0
[  367.176457][T11570]  __se_sys_ioctl+0xfd/0x170
[  367.176484][T11570]  do_syscall_64+0x55/0xb0
[  367.176503][T11570]  ? clear_bhb_loop+0x40/0x90
[  367.176520][T11570]  ? clear_bhb_loop+0x40/0x90
[  367.176540][T11570]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  367.176567][T11570] RIP: 0033:0x7fd42bf8ebe9
[  367.176584][T11570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  367.176599][T11570] RSP: 002b:00007fd42a1b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  367.176621][T11570] RAX: ffffffffffffffda RBX: 00007fd42c1b6180 RCX: 00007fd42bf8ebe9
[  367.176635][T11570] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 000000000000002d
[  367.176647][T11570] RBP: 00007fd42a1b4090 R08: 0000000000000000 R09: 0000000000000000
[  367.176659][T11570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  367.176671][T11570] R13: 00007fd42c1b6218 R14: 00007fd42c1b6180 R15: 00007ffffaf11108
[  367.176701][T11570]  </TASK>
[  382.923555][ T5102] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  382.924896][ T5102] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  382.925535][ T5102] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  382.926999][ T5102] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  382.927799][ T5102] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  382.928192][ T5102] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  383.248091][ T5102] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  383.250059][ T5102] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  383.250803][ T5102] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  383.252851][ T5102] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  383.253748][ T5102] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  383.254180][ T5102] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  383.737107][ T5102] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  383.738998][ T5102] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  383.739692][ T5102] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  383.740872][ T5102] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  383.748815][ T5102] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  383.749155][ T5102] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  384.478110][T11578] chnl_net:caif_netlink_parms(): no params data found
[  384.607356][ T5102] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  384.609050][ T5102] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  384.609700][ T5102] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  384.610989][ T5102] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  384.612266][ T5102] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  384.612646][ T5102] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  384.941818][ T5102] Bluetooth: hci4: command tx timeout
[  385.341864][ T5102] Bluetooth: hci5: command tx timeout
[  385.841781][ T5102] Bluetooth: hci6: command tx timeout
[  386.641745][ T5102] Bluetooth: hci7: command tx timeout
[  387.049076][ T5102] Bluetooth: hci4: command tx timeout
[  387.441856][ T5102] Bluetooth: hci5: command tx timeout
[  387.891670][ T5102] Bluetooth: hci6: command tx timeout
[  388.691761][ T5102] Bluetooth: hci7: command tx timeout
[  389.091687][ T5102] Bluetooth: hci4: command tx timeout
[  389.491620][ T5102] Bluetooth: hci5: command tx timeout
[  389.991737][ T5102] Bluetooth: hci6: command tx timeout
[  390.791821][ T5102] Bluetooth: hci7: command tx timeout
[  391.191799][ T5102] Bluetooth: hci4: command tx timeout
[  391.591669][ T5102] Bluetooth: hci5: command tx timeout
[  392.041705][ T5102] Bluetooth: hci6: command tx timeout
[  392.841778][ T5102] Bluetooth: hci7: command tx timeout
[  444.012605][ T5792] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  444.014202][ T5792] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  444.014862][ T5792] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  444.016278][ T5792] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  444.017049][ T5792] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3
[  444.017394][ T5792] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  444.053439][ T5792] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  444.054989][ T5792] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  444.055930][ T5792] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  444.057178][ T5792] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  444.057883][ T5792] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3
[  444.058253][ T5792] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  445.488241][ T5102] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  445.489623][ T5102] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  445.490287][ T5102] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  445.500693][ T5102] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  445.503193][ T5102] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3
[  445.503611][ T5102] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  445.527593][ T5102] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  445.528953][ T5102] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  445.529914][ T5102] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  445.531385][ T5102] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  445.532735][ T5102] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3
[  445.533139][ T5102] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  446.041755][ T5102] Bluetooth: hci8: command tx timeout
[  446.141873][ T5102] Bluetooth: hci9: command tx timeout
[  447.591848][ T5102] Bluetooth: hci11: command tx timeout
[  447.592297][ T5102] Bluetooth: hci10: command tx timeout
[  448.141644][ T5797] Bluetooth: hci8: command tx timeout
[  448.241856][ T5797] Bluetooth: hci9: command tx timeout
[  449.641691][ T5797] Bluetooth: hci10: command tx timeout
[  449.641739][ T5797] Bluetooth: hci11: command tx timeout
[  450.241744][ T5102] Bluetooth: hci8: command tx timeout
[  450.291734][ T5102] Bluetooth: hci9: command tx timeout
[  451.741773][ T5102] Bluetooth: hci11: command tx timeout
[  451.741817][ T5102] Bluetooth: hci10: command tx timeout
[  452.291695][ T5797] Bluetooth: hci8: command tx timeout
[  452.391848][ T5797] Bluetooth: hci9: command tx timeout
[  453.841754][ T5102] Bluetooth: hci11: command tx timeout
[  453.841815][ T5797] Bluetooth: hci10: command tx timeout
[  471.641353][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  471.641376][    C1] rcu: 	0-....: (1 GPs behind) idle=f3d4/1/0x4000000000000000 softirq=44397/44398 fqs=2100
[  471.641891][    C1] rcu: 	         hardirqs   softirqs   csw/system
[  471.641919][    C1] rcu: 	 number: 11079869          0            0
[  471.641934][    C1] rcu: 	cputime:     5903      46596            0   ==> 52500(ms)
[  471.641951][    C1] rcu: 	(detected by 1, t=10505 jiffies, g=57013, q=2218 ncpus=2)
[  471.641988][    C1] Sending NMI from CPU 1 to CPUs 0:
[  471.642021][    C0] NMI backtrace for cpu 0
[  471.642036][    C0] CPU: 0 PID: 11556 Comm: syz.3.2163 Not tainted 6.6.102-syzkaller #0
[  471.642053][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  471.642063][    C0] RIP: 0010:check_preemption_disabled+0x47/0x110
[  471.642097][    C0] Code: 96 75 65 8b 0d 82 5c 96 75 f7 c1 ff ff ff 7f 74 1f 65 48 8b 0c 25 28 00 00 00 48 3b 4c 24 08 0f 85 c4 00 00 00 48 83 c4 10 5b <41> 5e 41 5f 5d c3 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24 00
[  471.642111][    C0] RSP: 0018:ffffc90000007940 EFLAGS: 00000082
[  471.642125][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: b6834d9bb854e900
[  471.642137][    C0] RDX: 0000000000010100 RSI: ffffffff8afc66a0 RDI: ffffffff8afc6660
[  471.642148][    C0] RBP: ffffc90000007a18 R08: ffff8880b8e3d37b R09: 1ffff110171c7a6f
[  471.642160][    C0] R10: dffffc0000000000 R11: ffffed10171c7a70 R12: 1ffff92000000f2c
[  471.642173][    C0] R13: 0000000000000000 R14: ffff8880b8e3d370 R15: dffffc0000000000
[  471.642184][    C0] FS:  00007f80813a26c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  471.642199][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  471.642210][    C0] CR2: 0000200000034000 CR3: 000000002c076000 CR4: 00000000003506f0
[  471.642226][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  471.642235][    C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  471.642245][    C0] Call Trace:
[  471.642251][    C0]  <IRQ>
[  471.642260][    C0]  irq_work_run+0x16c/0x2e0
[  471.642280][    C0]  ? irq_work_single+0x230/0x230
[  471.642296][    C0]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  471.642318][    C0]  ? lock_chain_count+0x20/0x20
[  471.642340][    C0]  __sysvec_irq_work+0x98/0x380
[  471.642366][    C0]  sysvec_irq_work+0x4e/0xc0
[  471.642387][    C0]  asm_sysvec_irq_work+0x1a/0x20
[  471.642402][    C0] RIP: 0010:rcu_read_unlock_special+0x88/0x4c0
[  471.642429][    C0] Code: f1 f1 f1 00 f2 f2 f2 4a 89 04 2b 66 42 c7 44 2b 09 f3 f3 42 c6 44 2b 0b f3 65 44 8b 35 39 58 93 7e 41 f7 c6 00 00 f0 00 74 45 <48> c7 44 24 40 0e 36 e0 45 4a c7 04 2b 00 00 00 00 66 42 c7 44 2b
[  471.642442][    C0] RSP: 0018:ffffc90000007b00 EFLAGS: 00000206
[  471.642454][    C0] RAX: b6834d9bb854e900 RBX: 1ffff92000000f68 RCX: b6834d9bb854e900
[  471.642467][    C0] RDX: dffffc0000000000 RSI: ffffffff8aaab9c0 RDI: ffffffff8afc66c0
[  471.642479][    C0] RBP: ffffc90000007bf0 R08: ffffffff90da3507 R09: 1ffffffff21b46a0
[  471.642490][    C0] R10: dffffc0000000000 R11: fffffbfff21b46a1 R12: ffffffff8cd35400
[  471.642503][    C0] R13: dffffc0000000000 R14: 0000000000000246 R15: 0000000000000001
[  471.642526][    C0]  ? mac80211_hwsim_beacon_tx+0x3e9/0x780
[  471.642550][    C0]  ? __rcu_read_unlock+0xd0/0xd0
[  471.642583][    C0]  __rcu_read_unlock+0x7c/0xd0
[  471.642606][    C0]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[  471.642628][    C0]  ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0
[  471.642649][    C0]  ieee80211_iterate_active_interfaces_atomic+0x15a/0x180
[  471.642672][    C0]  mac80211_hwsim_beacon+0xbb/0x1b0
[  471.642693][    C0]  __hrtimer_run_queues+0x51e/0xc40
[  471.642715][    C0]  ? hw_scan_work+0xf40/0xf40
[  471.642739][    C0]  ? hrtimer_interrupt+0x9c0/0x9c0
[  471.642756][    C0]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[  471.642782][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  471.642804][    C0]  handle_softirqs+0x280/0x820
[  471.642822][    C0]  ? __irq_exit_rcu+0xc7/0x190
[  471.642842][    C0]  ? do_softirq+0x180/0x180
[  471.642860][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  471.642884][    C0]  __irq_exit_rcu+0xc7/0x190
[  471.642900][    C0]  ? irq_exit_rcu+0x20/0x20
[  471.642921][    C0]  irq_exit_rcu+0x9/0x20
[  471.642935][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  471.642964][    C0]  </IRQ>
[  471.642969][    C0]  <TASK>
[  471.642975][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  471.643001][    C0] RIP: 0010:console_flush_all+0x889/0xd00
[  471.643022][    C0] Code: ed 01 00 00 e8 88 27 1b 00 4d 85 ff 48 8b 5c 24 38 75 07 e8 79 27 1b 00 eb 06 e8 72 27 1b 00 fb 49 bf 00 00 00 00 00 fc ff df <48> 8b 44 24 50 42 0f b6 04 38 84 c0 0f 85 2f 02 00 00 80 3b 01 0f
[  471.643035][    C0] RSP: 0018:ffffc900193b6da0 EFLAGS: 00000283
[  471.643048][    C0] RAX: ffffffff816a63ae RBX: ffffc900193b6f3f RCX: 0000000000080000
[  471.643060][    C0] RDX: ffffc9000d50b000 RSI: 000000000000eec7 RDI: 000000000000eec8
[  471.643070][    C0] RBP: ffffc900193b6f10 R08: ffffffff90da3507 R09: 1ffffffff21b46a0
[  471.643082][    C0] R10: dffffc0000000000 R11: fffffbfff21b46a1 R12: ffffffff8d4b5c60
[  471.643094][    C0] R13: 1ffffffff19792b0 R14: ffffffff8d4b5cb8 R15: dffffc0000000000
[  471.643112][    C0]  ? console_flush_all+0x87e/0xd00
[  471.643139][    C0]  ? console_flush_all+0x10f/0xd00
[  471.643168][    C0]  ? is_console_locked+0x20/0x20
[  471.643188][    C0]  ? lock_chain_count+0x20/0x20
[  471.643209][    C0]  ? __down_trylock_console_sem+0xef/0x1e0
[  471.643233][    C0]  console_unlock+0xae/0x340
[  471.643254][    C0]  ? other_cpu_in_panic+0xf0/0xf0
[  471.643272][    C0]  ? mark_lock+0x94/0x320
[  471.643293][    C0]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  471.643316][    C0]  vprintk_emit+0x477/0x600
[  471.643337][    C0]  ? printk_sprint+0x460/0x460
[  471.643357][    C0]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  471.643383][    C0]  ? _raw_spin_unlock+0x40/0x40
[  471.643415][    C0]  _printk+0xd0/0x110
[  471.643446][    C0]  ? load_image+0x3b0/0x3b0
[  471.643476][    C0]  ? kasan_set_track+0x5f/0x70
[  471.643492][    C0]  ? __kasan_kmalloc+0x8f/0xa0
[  471.643509][    C0]  ? __kmalloc+0xb4/0x240
[  471.643530][    C0]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  471.643559][    C0]  __nla_validate_parse+0x1a27/0x2cd0
[  471.643600][    C0]  ? __nla_validate+0x50/0x50
[  471.643636][    C0]  __nla_parse+0x40/0x50
[  471.643662][    C0]  genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[  471.643692][    C0]  genl_family_rcv_msg_doit+0xb9/0x2f0
[  471.643720][    C0]  ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0
[  471.643746][    C0]  ? apparmor_capable+0x137/0x1a0
[  471.643764][    C0]  ? bpf_lsm_capable+0x9/0x10
[  471.643787][    C0]  ? security_capable+0x89/0xb0
[  471.643812][    C0]  genl_rcv_msg+0x60b/0x790
[  471.643838][    C0]  ? genl_bind+0x360/0x360
[  471.643858][    C0]  ? nl80211_exit+0x30/0x30
[  471.643881][    C0]  ? nl80211_del_interface+0x130/0x130
[  471.643904][    C0]  ? nl80211_pre_doit+0x930/0x930
[  471.643929][    C0]  ? perf_trace_lock+0xf7/0x380
[  471.643964][    C0]  netlink_rcv_skb+0x216/0x480
[  471.643985][    C0]  ? genl_bind+0x360/0x360
[  471.644008][    C0]  ? netlink_ack+0x1110/0x1110
[  471.644035][    C0]  ? __lock_acquire+0x7c80/0x7c80
[  471.644059][    C0]  ? down_read+0x1ac/0x2e0
[  471.644082][    C0]  genl_rcv+0x28/0x40
[  471.644103][    C0]  netlink_unicast+0x751/0x8d0
[  471.644129][    C0]  netlink_sendmsg+0x8c1/0xbe0
[  471.644156][    C0]  ? netlink_getsockopt+0x580/0x580
[  471.644177][    C0]  ? aa_sock_msg_perm+0x94/0x150
[  471.644197][    C0]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  471.644218][    C0]  ? security_socket_sendmsg+0x80/0xa0
[  471.644235][    C0]  ? netlink_getsockopt+0x580/0x580
[  471.644256][    C0]  ____sys_sendmsg+0x5bf/0x950
[  471.644285][    C0]  ? __asan_memset+0x22/0x40
[  471.644306][    C0]  ? __sys_sendmsg_sock+0x30/0x30
[  471.644327][    C0]  ? __import_iovec+0x5f2/0x860
[  471.644358][    C0]  ? import_iovec+0x73/0xa0
[  471.644384][    C0]  ___sys_sendmsg+0x220/0x290
[  471.644409][    C0]  ? __sys_sendmsg+0x270/0x270
[  471.644447][    C0]  ? debug_mutex_init+0x38/0x70
[  471.644480][    C0]  __se_sys_sendmsg+0x1a5/0x270
[  471.644503][    C0]  ? perf_trace_preemptirq_template+0x281/0x340
[  471.644529][    C0]  ? __x64_sys_sendmsg+0x80/0x80
[  471.644563][    C0]  ? lockdep_hardirqs_on+0x98/0x150
[  471.644589][    C0]  do_syscall_64+0x55/0xb0
[  471.644607][    C0]  ? clear_bhb_loop+0x40/0x90
[  471.644621][    C0]  ? clear_bhb_loop+0x40/0x90
[  471.644638][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  471.644664][    C0] RIP: 0033:0x7f808058ebe9
[  471.644678][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  471.644692][    C0] RSP: 002b:00007f80813a2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  471.644707][    C0] RAX: ffffffffffffffda RBX: 00007f80807b5fa0 RCX: 00007f808058ebe9
[  471.644720][    C0] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005
[  471.644730][    C0] RBP: 00007f8080611e19 R08: 0000000000000000 R09: 0000000000000000
[  471.644740][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  471.644750][    C0] R13: 00007f80807b6038 R14: 00007f80807b5fa0 R15: 00007ffc467e1538
[  471.644772][    C0]  </TASK>
[  501.641710][ T5173] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 13511 jiffies s: 41337 root: 0x1/.
[  501.641846][ T5173] rcu: blocking rcu_node structures (internal RCU debug):
[  501.641864][ T5173] Sending NMI from CPU 1 to CPUs 0:
[  501.641892][    C0] NMI backtrace for cpu 0
[  501.641901][    C0] CPU: 0 PID: 11556 Comm: syz.3.2163 Not tainted 6.6.102-syzkaller #0
[  501.641918][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  501.641928][    C0] RIP: 0010:asm_sysvec_irq_work+0x0/0x20
[  501.641964][    C0] Code: 06 25 ed ff e9 a1 03 00 00 90 f3 0f 1e fa 0f 01 ca fc 6a ff e8 a1 02 00 00 48 89 c4 48 89 e7 e8 f6 06 ed ff e9 81 03 00 00 90 <f3> 0f 1e fa 0f 01 ca fc 6a ff e8 81 02 00 00 48 89 c4 48 89 e7 e8
[  501.641978][    C0] RSP: 0018:ffffc90000007ad8 EFLAGS: 00000006
[  501.641992][    C0] RAX: b6834d9bb854e900 RBX: 1ffff92000000f68 RCX: b6834d9bb854e900
[  501.642004][    C0] RDX: dffffc0000000000 RSI: ffffffff8aaab9c0 RDI: ffffffff8afc66c0
[  501.642017][    C0] RBP: ffffc90000007bf0 R08: ffffffff90da3507 R09: 1ffffffff21b46a0
[  501.642029][    C0] R10: dffffc0000000000 R11: fffffbfff21b46a1 R12: ffffffff8cd35400
[  501.642042][    C0] R13: dffffc0000000000 R14: 0000000000000246 R15: 0000000000000001
[  501.642052][    C0] FS:  00007f80813a26c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  501.642067][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  501.642078][    C0] CR2: 0000200000034000 CR3: 000000002c076000 CR4: 00000000003506f0
[  501.642093][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  501.642103][    C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  501.642113][    C0] Call Trace:
[  501.642119][    C0]  <IRQ>
[  501.642124][    C0] RIP: 0010:rcu_read_unlock_special+0x88/0x4c0
[  501.642150][    C0] Code: f1 f1 f1 00 f2 f2 f2 4a 89 04 2b 66 42 c7 44 2b 09 f3 f3 42 c6 44 2b 0b f3 65 44 8b 35 39 58 93 7e 41 f7 c6 00 00 f0 00 74 45 <48> c7 44 24 40 0e 36 e0 45 4a c7 04 2b 00 00 00 00 66 42 c7 44 2b
[  501.642164][    C0] RSP: 0018:ffffc90000007b00 EFLAGS: 00000206
[  501.642181][    C0]  ? mac80211_hwsim_beacon_tx+0x3e9/0x780
[  501.642205][    C0]  ? __rcu_read_unlock+0xd0/0xd0
[  501.642238][    C0]  __rcu_read_unlock+0x7c/0xd0
[  501.642260][    C0]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[  501.642282][    C0]  ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0
[  501.642302][    C0]  ieee80211_iterate_active_interfaces_atomic+0x15a/0x180
[  501.642326][    C0]  mac80211_hwsim_beacon+0xbb/0x1b0
[  501.642347][    C0]  __hrtimer_run_queues+0x51e/0xc40
[  501.642369][    C0]  ? hw_scan_work+0xf40/0xf40
[  501.642392][    C0]  ? hrtimer_interrupt+0x9c0/0x9c0
[  501.642408][    C0]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[  501.642434][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  501.642455][    C0]  handle_softirqs+0x280/0x820
[  501.642474][    C0]  ? __irq_exit_rcu+0xc7/0x190
[  501.642493][    C0]  ? do_softirq+0x180/0x180
[  501.642511][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  501.642534][    C0]  __irq_exit_rcu+0xc7/0x190
[  501.642549][    C0]  ? irq_exit_rcu+0x20/0x20
[  501.642570][    C0]  irq_exit_rcu+0x9/0x20
[  501.642583][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  501.642608][    C0]  </IRQ>
[  501.642612][    C0]  <TASK>
[  501.642618][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  501.642644][    C0] RIP: 0010:console_flush_all+0x889/0xd00
[  501.642665][    C0] Code: ed 01 00 00 e8 88 27 1b 00 4d 85 ff 48 8b 5c 24 38 75 07 e8 79 27 1b 00 eb 06 e8 72 27 1b 00 fb 49 bf 00 00 00 00 00 fc ff df <48> 8b 44 24 50 42 0f b6 04 38 84 c0 0f 85 2f 02 00 00 80 3b 01 0f
[  501.642679][    C0] RSP: 0018:ffffc900193b6da0 EFLAGS: 00000283
[  501.642691][    C0] RAX: ffffffff816a63ae RBX: ffffc900193b6f3f RCX: 0000000000080000
[  501.642703][    C0] RDX: ffffc9000d50b000 RSI: 000000000000eec7 RDI: 000000000000eec8
[  501.642713][    C0] RBP: ffffc900193b6f10 R08: ffffffff90da3507 R09: 1ffffffff21b46a0
[  501.642726][    C0] R10: dffffc0000000000 R11: fffffbfff21b46a1 R12: ffffffff8d4b5c60
[  501.642737][    C0] R13: 1ffffffff19792b0 R14: ffffffff8d4b5cb8 R15: dffffc0000000000
[  501.642755][    C0]  ? console_flush_all+0x87e/0xd00
[  501.642788][    C0]  ? console_flush_all+0x10f/0xd00
[  501.642816][    C0]  ? is_console_locked+0x20/0x20
[  501.642835][    C0]  ? lock_chain_count+0x20/0x20
[  501.642855][    C0]  ? __down_trylock_console_sem+0xef/0x1e0
[  501.642878][    C0]  console_unlock+0xae/0x340
[  501.642898][    C0]  ? other_cpu_in_panic+0xf0/0xf0
[  501.642915][    C0]  ? mark_lock+0x94/0x320
[  501.642935][    C0]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  501.642957][    C0]  vprintk_emit+0x477/0x600
[  501.642978][    C0]  ? printk_sprint+0x460/0x460
[  501.642996][    C0]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  501.643023][    C0]  ? _raw_spin_unlock+0x40/0x40
[  501.643054][    C0]  _printk+0xd0/0x110
[  501.643082][    C0]  ? load_image+0x3b0/0x3b0
[  501.643107][    C0]  ? kasan_set_track+0x5f/0x70
[  501.643124][    C0]  ? __kasan_kmalloc+0x8f/0xa0
[  501.643140][    C0]  ? __kmalloc+0xb4/0x240
[  501.643161][    C0]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  501.643190][    C0]  __nla_validate_parse+0x1a27/0x2cd0
[  501.643230][    C0]  ? __nla_validate+0x50/0x50
[  501.643265][    C0]  __nla_parse+0x40/0x50
[  501.643291][    C0]  genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[  501.643320][    C0]  genl_family_rcv_msg_doit+0xb9/0x2f0
[  501.643347][    C0]  ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0
[  501.643372][    C0]  ? apparmor_capable+0x137/0x1a0
[  501.643390][    C0]  ? bpf_lsm_capable+0x9/0x10
[  501.643412][    C0]  ? security_capable+0x89/0xb0
[  501.643436][    C0]  genl_rcv_msg+0x60b/0x790
[  501.643462][    C0]  ? genl_bind+0x360/0x360
[  501.643483][    C0]  ? nl80211_exit+0x30/0x30
[  501.643504][    C0]  ? nl80211_del_interface+0x130/0x130
[  501.643557][    C0]  ? nl80211_pre_doit+0x930/0x930
[  501.643582][    C0]  ? perf_trace_lock+0xf7/0x380
[  501.643613][    C0]  netlink_rcv_skb+0x216/0x480
[  501.643634][    C0]  ? genl_bind+0x360/0x360
[  501.643656][    C0]  ? netlink_ack+0x1110/0x1110
[  501.643684][    C0]  ? __lock_acquire+0x7c80/0x7c80
[  501.643707][    C0]  ? down_read+0x1ac/0x2e0
[  501.643731][    C0]  genl_rcv+0x28/0x40
[  501.643752][    C0]  netlink_unicast+0x751/0x8d0
[  501.643786][    C0]  netlink_sendmsg+0x8c1/0xbe0
[  501.643813][    C0]  ? netlink_getsockopt+0x580/0x580
[  501.643836][    C0]  ? aa_sock_msg_perm+0x94/0x150
[  501.643856][    C0]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  501.643876][    C0]  ? security_socket_sendmsg+0x80/0xa0
[  501.643893][    C0]  ? netlink_getsockopt+0x580/0x580
[  501.643913][    C0]  ____sys_sendmsg+0x5bf/0x950
[  501.643941][    C0]  ? __asan_memset+0x22/0x40
[  501.643962][    C0]  ? __sys_sendmsg_sock+0x30/0x30
[  501.643982][    C0]  ? __import_iovec+0x5f2/0x860
[  501.644012][    C0]  ? import_iovec+0x73/0xa0
[  501.644039][    C0]  ___sys_sendmsg+0x220/0x290
[  501.644064][    C0]  ? __sys_sendmsg+0x270/0x270
[  501.644101][    C0]  ? debug_mutex_init+0x38/0x70
[  501.644135][    C0]  __se_sys_sendmsg+0x1a5/0x270
[  501.644158][    C0]  ? perf_trace_preemptirq_template+0x281/0x340
[  501.644184][    C0]  ? __x64_sys_sendmsg+0x80/0x80
[  501.644218][    C0]  ? lockdep_hardirqs_on+0x98/0x150
[  501.644244][    C0]  do_syscall_64+0x55/0xb0
[  501.644262][    C0]  ? clear_bhb_loop+0x40/0x90
[  501.644277][    C0]  ? clear_bhb_loop+0x40/0x90
[  501.644293][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  501.644319][    C0] RIP: 0033:0x7f808058ebe9
[  501.644333][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  501.644347][    C0] RSP: 002b:00007f80813a2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  501.644363][    C0] RAX: ffffffffffffffda RBX: 00007f80807b5fa0 RCX: 00007f808058ebe9
[  501.644375][    C0] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005
[  501.644385][    C0] RBP: 00007f8080611e19 R08: 0000000000000000 R09: 0000000000000000
[  501.644396][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  501.644406][    C0] R13: 00007f80807b6038 R14: 00007f80807b5fa0 R15: 00007ffc467e1538
[  501.644428][    C0]  </TASK>
[  503.604891][ T5102] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[  503.606447][ T5102] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[  503.607068][ T5102] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[  503.608181][ T5102] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[  503.608960][ T5102] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3
[  503.609354][ T5102] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[  504.628673][ T5797] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1
[  504.630090][ T5797] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9
[  504.630758][ T5797] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9
[  504.632420][ T5797] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4
[  504.633516][ T5797] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3
[  504.633947][ T5797] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2
[  505.641851][ T5102] Bluetooth: hci12: command tx timeout
[  506.088627][ T5792] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1
[  506.090034][ T5792] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9
[  506.090718][ T5792] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9
[  506.102383][ T5792] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4
[  506.103135][ T5792] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3
[  506.103874][ T5792] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2
[  506.126493][ T5792] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1
[  506.127971][ T5792] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9
[  506.128931][ T5792] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9
[  506.130075][ T5792] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4
[  506.131006][ T5792] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3
[  506.132244][ T5792] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2
[  506.691738][ T5792] Bluetooth: hci13: command tx timeout
[  507.741740][ T5793] Bluetooth: hci12: command tx timeout
[  508.141718][ T5793] Bluetooth: hci15: command tx timeout
[  508.142116][ T5793] Bluetooth: hci14: command tx timeout
[  508.791673][ T5800] Bluetooth: hci13: command tx timeout
[  508.841895][ T5800] Bluetooth: hci7: command 0x0406 tx timeout
[  508.842043][ T5800] Bluetooth: hci4: command 0x0406 tx timeout
[  508.842120][ T5800] Bluetooth: hci5: command 0x0406 tx timeout
[  508.842196][ T5800] Bluetooth: hci6: command 0x0406 tx timeout
[  509.841735][ T5793] Bluetooth: hci12: command tx timeout
[  510.241728][ T5793] Bluetooth: hci14: command tx timeout
[  510.241775][ T5793] Bluetooth: hci15: command tx timeout
[  510.841680][ T5800] Bluetooth: hci13: command tx timeout
[  511.891715][ T5800] Bluetooth: hci12: command tx timeout
[  512.291662][ T5800] Bluetooth: hci15: command tx timeout
[  512.291703][ T5800] Bluetooth: hci14: command tx timeout
[  512.941650][ T5793] Bluetooth: hci13: command tx timeout
[  514.391839][ T5793] Bluetooth: hci14: command tx timeout
[  514.391886][ T5793] Bluetooth: hci15: command tx timeout
[  523.441714][   T29] INFO: task rcu_tasks_trace:15 blocked for more than 143 seconds.
[  523.441742][   T29]       Not tainted 6.6.102-syzkaller #0
[  523.441756][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  523.441778][   T29] task:rcu_tasks_trace state:D stack:26832 pid:15    ppid:2      flags:0x00004000
[  523.441820][   T29] Call Trace:
[  523.441828][   T29]  <TASK>
[  523.441846][   T29]  __schedule+0x14d2/0x44d0
[  523.441896][   T29]  ? lock_chain_count+0x20/0x20
[  523.441928][   T29]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  523.441963][   T29]  ? asan.module_dtor+0x20/0x20
[  523.441993][   T29]  ? _raw_spin_unlock+0x40/0x40
[  523.442023][   T29]  ? queue_work_on+0x17d/0x1e0
[  523.442052][   T29]  ? prepare_to_wait_event+0x3db/0x470
[  523.442081][   T29]  ? prepare_to_wait_event+0x434/0x470
[  523.442111][   T29]  schedule+0xbd/0x170
[  523.442138][   T29]  synchronize_rcu_expedited+0x678/0x830
[  523.442175][   T29]  ? schedule_delayed_monitor_work+0x40/0x40
[  523.442203][   T29]  ? perf_trace_lock+0xf7/0x380
[  523.442245][   T29]  ? rcu_tasks_trace_pregp_step+0xe48/0xe90
[  523.442272][   T29]  ? perf_trace_lock+0xf7/0x380
[  523.442307][   T29]  ? sync_rcu_exp_done_unlocked+0x140/0x140
[  523.442354][   T29]  ? __might_sleep+0xe0/0xe0
[  523.442383][   T29]  ? wake_bit_function+0x200/0x200
[  523.442422][   T29]  synchronize_rcu+0x136/0x380
[  523.442451][   T29]  ? __schedule_delayed_monitor_work+0x200/0x200
[  523.442487][   T29]  ? cpus_read_unlock+0xa6/0x130
[  523.442513][   T29]  ? rcu_tasks_trace_pregp_step+0xe48/0xe90
[  523.442562][   T29]  ? call_rcu_tasks_generic_timer+0x200/0x200
[  523.442595][   T29]  ? rcu_is_watching+0x15/0xb0
[  523.442628][   T29]  rcu_tasks_wait_gp+0x47d/0xa90
[  523.442655][   T29]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  523.442687][   T29]  ? rcu_tasks_one_gp+0xadb/0xdb0
[  523.442715][   T29]  ? mutex_lock_nested+0x20/0x20
[  523.442741][   T29]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  523.442775][   T29]  ? trace_raw_output_rcu_stall_warning+0xc0/0xc0
[  523.442804][   T29]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  523.442838][   T29]  ? _raw_spin_unlock+0x40/0x40
[  523.442882][   T29]  rcu_tasks_one_gp+0xbf4/0xdb0
[  523.442923][   T29]  ? rcu_tasks_one_gp+0xe8/0xdb0
[  523.442955][   T29]  ? rcu_tasks_one_gp+0x1/0xdb0
[  523.442983][   T29]  rcu_tasks_kthread+0x196/0x1c0
[  523.443016][   T29]  kthread+0x2fa/0x390
[  523.443036][   T29]  ? tasks_rcu_exit_srcu_stall+0x100/0x100
[  523.443065][   T29]  ? kthread_blkcg+0xd0/0xd0
[  523.443087][   T29]  ret_from_fork+0x48/0x80
[  523.443112][   T29]  ? kthread_blkcg+0xd0/0xd0
[  523.443135][   T29]  ret_from_fork_asm+0x11/0x20
[  523.443183][   T29]  </TASK>
[  523.443200][   T29] INFO: task kworker/u4:2:35 blocked for more than 143 seconds.
[  523.443215][   T29]       Not tainted 6.6.102-syzkaller #0
[  523.443227][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  523.443237][   T29] task:kworker/u4:2    state:D stack:22072 pid:35    ppid:2      flags:0x00004000
[  523.443274][   T29] Workqueue: events_unbound fsnotify_connector_destroy_workfn
[  523.443305][   T29] Call Trace:
[  523.443313][   T29]  <TASK>
[  523.443327][   T29]  __schedule+0x14d2/0x44d0
[  523.443359][   T29]  ? perf_trace_lock+0xf7/0x380
[  523.443399][   T29]  ? trace_event_raw_event_lock+0x230/0x230
[  523.443435][   T29]  ? wait_for_completion+0x2b5/0x590
[  523.443463][   T29]  ? perf_trace_lock+0xf7/0x380
[  523.443499][   T29]  ? asan.module_dtor+0x20/0x20
[  523.443540][   T29]  ? trace_event_raw_event_lock+0x230/0x230
[  523.443582][   T29]  ? kthread_data+0x4f/0xc0
[  523.443616][   T29]  ? wq_worker_sleeping+0x63/0x240
[  523.443643][   T29]  schedule+0xbd/0x170
[  523.443670][   T29]  schedule_timeout+0x9b/0x280
[  523.443702][   T29]  ? console_conditional_schedule+0x40/0x40
[  523.443733][   T29]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  523.443762][   T29]  ? lock_chain_count+0x20/0x20
[  523.443784][   T29]  ? _raw_spin_lock_irq+0xaf/0xe0
[  523.443817][   T29]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  523.443854][   T29]  ? _raw_spin_unlock_irq+0x23/0x50
[  523.443887][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[  523.443919][   T29]  ? wait_for_completion+0x26c/0x590
[  523.443947][   T29]  wait_for_completion+0x2bd/0x590
[  523.443991][   T29]  ? io_schedule+0xd0/0xd0
[  523.444015][   T29]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  523.444054][   T29]  ? debug_object_active_state+0x6f/0x340
[  523.444093][   T29]  __synchronize_srcu+0x313/0x3a0
[  523.444122][   T29]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  523.444156][   T29]  ? synchronize_srcu_expedited+0x20/0x20
[  523.444185][   T29]  ? rcu_read_lock_any_held+0x120/0x120
[  523.444218][   T29]  ? __rwlock_init+0x150/0x150
[  523.444243][   T29]  ? read_tsc+0x9/0x20
[  523.444265][   T29]  ? ktime_get_mono_fast_ns+0x19d/0x1c0
[  523.444296][   T29]  ? synchronize_srcu+0x27d/0x2a0
[  523.444325][   T29]  ? process_scheduled_works+0x957/0x15b0
[  523.444352][   T29]  fsnotify_connector_destroy_workfn+0x44/0xa0
[  523.444378][   T29]  ? process_scheduled_works+0x957/0x15b0
[  523.444404][   T29]  process_scheduled_works+0xa45/0x15b0
[  523.444465][   T29]  ? assign_work+0x400/0x400
[  523.444500][   T29]  ? assign_work+0x39e/0x400
[  523.444539][   T29]  worker_thread+0xa55/0xfc0
[  523.444598][   T29]  kthread+0x2fa/0x390
[  523.444618][   T29]  ? pr_cont_work+0x560/0x560
[  523.444645][   T29]  ? kthread_blkcg+0xd0/0xd0
[  523.444667][   T29]  ret_from_fork+0x48/0x80
[  523.444691][   T29]  ? kthread_blkcg+0xd0/0xd0
[  523.444713][   T29]  ret_from_fork_asm+0x11/0x20
[  523.444760][   T29]  </TASK>
[  523.444775][   T29] INFO: task kworker/u4:3:48 blocked for more than 143 seconds.
[  523.444790][   T29]       Not tainted 6.6.102-syzkaller #0
[  523.444802][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  523.444812][   T29] task:kworker/u4:3    state:D stack:21512 pid:48    ppid:2      flags:0x00004000
[  523.444847][   T29] Workqueue: events_unbound fsnotify_mark_destroy_workfn
[  523.444875][   T29] Call Trace:
[  523.444883][   T29]  <TASK>
[  523.444897][   T29]  __schedule+0x14d2/0x44d0
[  523.444929][   T29]  ? perf_trace_lock+0xf7/0x380
[  523.444968][   T29]  ? trace_event_raw_event_lock+0x230/0x230
[  523.445003][   T29]  ? wait_for_completion+0x2b5/0x590
[  523.445030][   T29]  ? perf_trace_lock+0xf7/0x380
[  523.445061][   T29]  ? asan.module_dtor+0x20/0x20
[  523.445091][   T29]  ? trace_event_raw_event_lock+0x230/0x230
[  523.445133][   T29]  ? kthread_data+0x4f/0xc0
[  523.445167][   T29]  ? wq_worker_sleeping+0x63/0x240
[  523.445193][   T29]  schedule+0xbd/0x170
[  523.445221][   T29]  schedule_timeout+0x9b/0x280
[  523.445252][   T29]  ? console_conditional_schedule+0x40/0x40
[  523.445282][   T29]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  523.445311][   T29]  ? lock_chain_count+0x20/0x20
[  523.445332][   T29]  ? _raw_spin_lock_irq+0xaf/0xe0
[  523.445365][   T29]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  523.445402][   T29]  ? _raw_spin_unlock_irq+0x23/0x50
[  523.445434][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[  523.445465][   T29]  ? wait_for_completion+0x26c/0x590
[  523.445493][   T29]  wait_for_completion+0x2bd/0x590
[  523.445541][   T29]  ? io_schedule+0xd0/0xd0
[  523.445566][   T29]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  523.445604][   T29]  ? debug_object_active_state+0x6f/0x340
[  523.445643][   T29]  __synchronize_srcu+0x313/0x3a0
[  523.445672][   T29]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  523.445705][   T29]  ? synchronize_srcu_expedited+0x20/0x20
[  523.445733][   T29]  ? rcu_read_lock_any_held+0x120/0x120
[  523.445767][   T29]  ? __rwlock_init+0x150/0x150
[  523.445792][   T29]  ? read_tsc+0x9/0x20
[  523.445814][   T29]  ? ktime_get_mono_fast_ns+0x19d/0x1c0
[  523.445844][   T29]  ? synchronize_srcu+0x27d/0x2a0
[  523.445875][   T29]  fsnotify_mark_destroy_workfn+0x102/0x2e0
[  523.445906][   T29]  ? fsnotify_connector_destroy_workfn+0xa0/0xa0
[  523.445937][   T29]  ? _raw_spin_unlock_irq+0x23/0x50
[  523.445969][   T29]  ? process_scheduled_works+0x957/0x15b0
[  523.445998][   T29]  ? process_scheduled_works+0x957/0x15b0
[  523.446025][   T29]  process_scheduled_works+0xa45/0x15b0
[  523.446087][   T29]  ? assign_work+0x400/0x400
[  523.446122][   T29]  ? assign_work+0x39e/0x400
[  523.446156][   T29]  worker_thread+0xa55/0xfc0
[  523.446184][   T29]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  523.446218][   T29]  ? _raw_spin_unlock+0x40/0x40
[  523.446247][   T29]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  523.446306][   T29]  kthread+0x2fa/0x390
[  523.446325][   T29]  ? pr_cont_work+0x560/0x560
[  523.446353][   T29]  ? kthread_blkcg+0xd0/0xd0
[  523.446375][   T29]  ret_from_fork+0x48/0x80
[  523.446398][   T29]  ? kthread_blkcg+0xd0/0xd0
[  523.446421][   T29]  ret_from_fork_asm+0x11/0x20
[  523.446469][   T29]  </TASK>
[  523.446502][   T29] INFO: task kworker/u4:6:1133 blocked for more than 143 seconds.
[  523.446517][   T29]       Not tainted 6.6.102-syzkaller #0
[  523.446535][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  523.446546][   T29] task:kworker/u4:6    state:D stack:22376 pid:1133  ppid:2      flags:0x00004000
[  523.446582][   T29] Workqueue: netns cleanup_net
[  523.446611][   T29] Call Trace:
[  523.446619][   T29]  <TASK>
[  523.446633][   T29]  __schedule+0x14d2/0x44d0
[  523.446687][   T29]  ? asan.module_dtor+0x20/0x20
[  523.446717][   T29]  ? __mutex_lock+0x6b2/0xcc0
[  523.446747][   T29]  ? __mutex_trylock_common+0x84/0x250
[  523.446784][   T29]  ? kthread_data+0x4f/0xc0
[  523.446818][   T29]  ? wq_worker_sleeping+0x63/0x240
[  523.446845][   T29]  schedule+0xbd/0x170
[  523.446872][   T29]  schedule_preempt_disabled+0x13/0x20
[  523.446899][   T29]  __mutex_lock+0x6b7/0xcc0
[  523.446928][   T29]  ? __mutex_lock+0x4e8/0xcc0
[  523.446962][   T29]  ? synchronize_rcu_expedited+0x360/0x830
[  523.446995][   T29]  ? mutex_lock_nested+0x20/0x20
[  523.447022][   T29]  ? do_raw_spin_lock+0x121/0x2c0
[  523.447053][   T29]  ? __rwlock_init+0x150/0x150
[  523.447085][   T29]  ? do_raw_spin_unlock+0x121/0x230
[  523.447119][   T29]  synchronize_rcu_expedited+0x360/0x830
[  523.447153][   T29]  ? schedule_delayed_monitor_work+0x40/0x40
[  523.447190][   T29]  ? stack_trace_save+0x9c/0xe0
[  523.447216][   T29]  ? stack_trace_snprint+0xf0/0xf0
[  523.447267][   T29]  ? ret_from_fork+0x48/0x80
[  523.447291][   T29]  ? ret_from_fork_asm+0x11/0x20
[  523.447342][   T29]  ? __might_sleep+0xe0/0xe0
[  523.447389][   T29]  synchronize_rcu+0x136/0x380
[  523.447419][   T29]  ? __schedule_delayed_monitor_work+0x200/0x200
[  523.447462][   T29]  ? __might_sleep+0xe0/0xe0
[  523.447489][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[  523.447533][   T29]  ? slab_free_freelist_hook+0x130/0x1b0
[  523.447579][   T29]  nf_conntrack_cleanup_net_list+0x48/0x290
[  523.447616][   T29]  ? nf_conntrack_pernet_init+0x9b0/0x9b0
[  523.447651][   T29]  cleanup_net+0x77f/0xb90
[  523.447683][   T29]  ? ops_free_list+0x3b0/0x3b0
[  523.447718][   T29]  ? _raw_spin_unlock_irq+0x23/0x50
[  523.447750][   T29]  ? process_scheduled_works+0x957/0x15b0
[  523.447778][   T29]  ? process_scheduled_works+0x957/0x15b0
[  523.447806][   T29]  process_scheduled_works+0xa45/0x15b0
[  523.447867][   T29]  ? assign_work+0x400/0x400
[  523.447902][   T29]  ? assign_work+0x39e/0x400
[  523.447935][   T29]  worker_thread+0xa55/0xfc0
[  523.447994][   T29]  kthread+0x2fa/0x390
[  523.448013][   T29]  ? pr_cont_work+0x560/0x560
[  523.448041][   T29]  ? kthread_blkcg+0xd0/0xd0
[  523.448063][   T29]  ret_from_fork+0x48/0x80
[  523.448087][   T29]  ? kthread_blkcg+0xd0/0xd0
[  523.448109][   T29]  ret_from_fork_asm+0x11/0x20
[  523.448156][   T29]  </TASK>
[  523.448207][   T29] INFO: task kworker/u4:7:2963 blocked for more than 143 seconds.
[  523.448222][   T29]       Not tainted 6.6.102-syzkaller #0
[  523.448234][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  523.448244][   T29] task:kworker/u4:7    state:D stack:22072 pid:2963  ppid:2      flags:0x00004000
[  523.448279][   T29] Workqueue: events_unbound bpf_map_free_deferred
[  523.448304][   T29] Call Trace:
[  523.448312][   T29]  <TASK>
[  523.448326][   T29]  __schedule+0x14d2/0x44d0
[  523.448368][   T29]  ? lock_chain_count+0x20/0x20
[  523.448397][   T29]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  523.448431][   T29]  ? asan.module_dtor+0x20/0x20
[  523.448461][   T29]  ? _raw_spin_unlock+0x40/0x40
[  523.448495][   T29]  ? do_raw_spin_lock+0x121/0x2c0
[  523.448532][   T29]  ? prepare_to_wait_event+0x3db/0x470
[  523.448555][   T29]  ? kthread_data+0x4f/0xc0
[  523.448589][   T29]  ? wq_worker_sleeping+0x63/0x240
[  523.448616][   T29]  schedule+0xbd/0x170
[  523.448643][   T29]  synchronize_rcu_expedited+0x720/0x830
[  523.448678][   T29]  ? schedule_delayed_monitor_work+0x40/0x40
[  523.448710][   T29]  ? wake_bit_function+0x200/0x200
[  523.448742][   T29]  ? trace_event_raw_event_lock+0x230/0x230
[  523.448807][   T29]  ? __might_sleep+0xe0/0xe0
[  523.448831][   T29]  ? mark_lock+0x94/0x320
[  523.448874][   T29]  synchronize_rcu+0x136/0x380
[  523.448904][   T29]  ? __schedule_delayed_monitor_work+0x200/0x200
[  523.448955][   T29]  ? rcu_force_quiescent_state+0x230/0x230
[  523.448987][   T29]  ? lockdep_unlock+0x137/0x2d0
[  523.449010][   T29]  ? lockdep_lock+0x220/0x220
[  523.449042][   T29]  lockdep_unregister_key+0x4d0/0x580
[  523.449072][   T29]  ? lockdep_reset_lock+0x320/0x320
[  523.449103][   T29]  ? bpf_mem_alloc_destroy+0x50d/0x5b0
[  523.449136][   T29]  ? __kmem_cache_free+0xba/0x1f0
[  523.449173][   T29]  htab_map_free+0x9a3/0xa50
[  523.449200][   T29]  ? percpu_ref_put+0x1e/0x230
[  523.449224][   T29]  ? percpu_ref_put+0x17e/0x230
[  523.449249][   T29]  bpf_map_free_deferred+0xda/0x100
[  523.449274][   T29]  ? process_scheduled_works+0x957/0x15b0
[  523.449301][   T29]  process_scheduled_works+0xa45/0x15b0
[  523.449362][   T29]  ? assign_work+0x400/0x400
[  523.449398][   T29]  ? assign_work+0x39e/0x400
[  523.449431][   T29]  worker_thread+0xa55/0xfc0
[  523.449460][   T29]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  523.449494][   T29]  ? _raw_spin_unlock+0x40/0x40
[  523.449530][   T29]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  523.449589][   T29]  kthread+0x2fa/0x390
[  523.449608][   T29]  ? pr_cont_work+0x560/0x560
[  523.449636][   T29]  ? kthread_blkcg+0xd0/0xd0
[  523.449658][   T29]  ret_from_fork+0x48/0x80
[  523.449682][   T29]  ? kthread_blkcg+0xd0/0xd0
[  523.449705][   T29]  ret_from_fork_asm+0x11/0x20
[  523.449752][   T29]  </TASK>
[  523.449792][   T29] INFO: task kworker/1:5:5838 blocked for more than 143 seconds.
[  523.449807][   T29]       Not tainted 6.6.102-syzkaller #0
[  523.449819][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  523.449830][   T29] task:kworker/1:5     state:D stack:24304 pid:5838  ppid:2      flags:0x00004000
[  523.449867][   T29] Workqueue: events fqdir_free_fn
[  523.449890][   T29] Call Trace:
[  523.449898][   T29]  <TASK>
[  523.449912][   T29]  __schedule+0x14d2/0x44d0
[  523.449962][   T29]  ? mark_lock+0x94/0x320
[  523.449987][   T29]  ? asan.module_dtor+0x20/0x20
[  523.450024][   T29]  ? kick_pool+0x112/0x420
[  523.450049][   T29]  ? _raw_spin_unlock_irq+0x23/0x50
[  523.450081][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[  523.450114][   T29]  schedule+0xbd/0x170
[  523.450140][   T29]  schedule_timeout+0x9b/0x280
[  523.450172][   T29]  ? console_conditional_schedule+0x40/0x40
[  523.450202][   T29]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  523.450231][   T29]  ? lock_chain_count+0x20/0x20
[  523.450252][   T29]  ? _raw_spin_lock_irq+0xaf/0xe0
[  523.450284][   T29]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  523.450315][   T29]  ? rcu_barrier_entrain+0x1f0/0x1f0
[  523.450348][   T29]  ? _raw_spin_unlock_irq+0x23/0x50
[  523.450381][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[  523.450413][   T29]  ? wait_for_completion+0x26c/0x590
[  523.450440][   T29]  wait_for_completion+0x2bd/0x590
[  523.450483][   T29]  ? io_schedule+0xd0/0xd0
[  523.450531][   T29]  rcu_barrier+0x466/0x580
[  523.450575][   T29]  fqdir_free_fn+0x33/0x130
[  523.450598][   T29]  ? process_scheduled_works+0x957/0x15b0
[  523.450625][   T29]  process_scheduled_works+0xa45/0x15b0
[  523.450686][   T29]  ? assign_work+0x400/0x400
[  523.450722][   T29]  ? assign_work+0x39e/0x400
[  523.450755][   T29]  worker_thread+0xa55/0xfc0
[  523.450784][   T29]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  523.450818][   T29]  ? _raw_spin_unlock+0x40/0x40
[  523.450848][   T29]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  523.450906][   T29]  kthread+0x2fa/0x390
[  523.450926][   T29]  ? pr_cont_work+0x560/0x560
[  523.450953][   T29]  ? kthread_blkcg+0xd0/0xd0
[  523.450975][   T29]  ret_from_fork+0x48/0x80
[  523.450999][   T29]  ? kthread_blkcg+0xd0/0xd0
[  523.451022][   T29]  ret_from_fork_asm+0x11/0x20
[  523.451069][   T29]  </TASK>
[  523.451083][   T29] INFO: task syz.0.2161:11552 blocked for more than 143 seconds.
[  523.451097][   T29]       Not tainted 6.6.102-syzkaller #0
[  523.451109][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  523.451119][   T29] task:syz.0.2161      state:D stack:25320 pid:11552 ppid:5786   flags:0x00004004
[  523.451154][   T29] Call Trace:
[  523.451163][   T29]  <TASK>
[  523.451176][   T29]  __schedule+0x14d2/0x44d0
[  523.451209][   T29]  ? perf_trace_lock+0xf7/0x380
[  523.451248][   T29]  ? trace_event_raw_event_lock+0x230/0x230
[  523.463398][   T29]  ? wait_for_completion+0x2b5/0x590
[  523.463439][   T29]  ? perf_trace_lock+0xf7/0x380
[  523.463472][   T29]  ? asan.module_dtor+0x20/0x20
[  523.463508][   T29]  ? trace_event_raw_event_lock+0x230/0x230
[  523.463574][   T29]  schedule+0xbd/0x170
[  523.463602][   T29]  schedule_timeout+0x9b/0x280
[  523.463633][   T29]  ? console_conditional_schedule+0x40/0x40
[  523.463664][   T29]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  523.463693][   T29]  ? lock_chain_count+0x20/0x20
[  523.463715][   T29]  ? _raw_spin_lock_irq+0xaf/0xe0
[  523.463748][   T29]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  523.463784][   T29]  ? _raw_spin_unlock_irq+0x23/0x50
[  523.463816][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[  523.463849][   T29]  ? wait_for_completion+0x26c/0x590
[  523.463876][   T29]  wait_for_completion+0x2bd/0x590
[  523.463920][   T29]  ? io_schedule+0xd0/0xd0
[  523.463944][   T29]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  523.463982][   T29]  ? debug_object_active_state+0x6f/0x340
[  523.464021][   T29]  __synchronize_srcu+0x313/0x3a0
[  523.464050][   T29]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  523.464084][   T29]  ? synchronize_srcu_expedited+0x20/0x20
[  523.464113][   T29]  ? rcu_read_lock_any_held+0x120/0x120
[  523.464147][   T29]  ? read_tsc+0x9/0x20
[  523.464169][   T29]  ? ktime_get_mono_fast_ns+0x19d/0x1c0
[  523.464199][   T29]  ? synchronize_srcu+0x27d/0x2a0
[  523.464231][   T29]  perf_trace_event_unreg+0xbf/0x1b0
[  523.464261][   T29]  perf_trace_destroy+0x9e/0x140
[  523.464285][   T29]  ? perf_swevent_read+0x10/0x10
[  523.464318][   T29]  _free_event+0xb73/0xf30
[  523.464354][   T29]  perf_event_release_kernel+0x836/0x8c0
[  523.464381][   T29]  ? __might_sleep+0xe0/0xe0
[  523.464408][   T29]  ? calc_timer_values+0x400/0x400
[  523.464434][   T29]  ? __fput+0x61c/0x970
[  523.464469][   T29]  ? perf_mmap+0x1630/0x1630
[  523.464501][   T29]  perf_release+0x3b/0x40
[  523.464537][   T29]  __fput+0x234/0x970
[  523.464584][   T29]  task_work_run+0x1ce/0x250
[  523.464618][   T29]  ? task_work_cancel+0x240/0x240
[  523.464654][   T29]  ? exit_to_user_mode_loop+0x3b/0x110
[  523.464689][   T29]  exit_to_user_mode_loop+0xe6/0x110
[  523.464721][   T29]  exit_to_user_mode_prepare+0xb1/0x140
[  523.464752][   T29]  syscall_exit_to_user_mode+0x1a/0x50
[  523.464784][   T29]  do_syscall_64+0x61/0xb0
[  523.464808][   T29]  ? clear_bhb_loop+0x40/0x90
[  523.464829][   T29]  ? clear_bhb_loop+0x40/0x90
[  523.464852][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  523.464884][   T29] RIP: 0033:0x7fe8b8f8ebe9
[  523.464905][   T29] RSP: 002b:00007ffda5339228 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  523.464931][   T29] RAX: 0000000000000000 RBX: 00007fe8b91b7da0 RCX: 00007fe8b8f8ebe9
[  523.464947][   T29] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  523.464961][   T29] RBP: 00007fe8b91b7da0 R08: 0000000000001ecc R09: 0000001aa533951f
[  523.464976][   T29] R10: 00000000003fdf10 R11: 0000000000000246 R12: 0000000000059a61
[  523.464991][   T29] R13: 00007fe8b91b6180 R14: ffffffffffffffff R15: 00007ffda5339340
[  523.465027][   T29]  </TASK>
[  523.465038][   T29] INFO: task syz.2.2164:11565 blocked for more than 143 seconds.
[  523.465054][   T29]       Not tainted 6.6.102-syzkaller #0
[  523.465066][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  523.465077][   T29] task:syz.2.2164      state:D stack:27848 pid:11565 ppid:5788   flags:0x00004004
[  523.465115][   T29] Call Trace:
[  523.465123][   T29]  <TASK>
[  523.465137][   T29]  __schedule+0x14d2/0x44d0
[  523.465169][   T29]  ? mark_lock+0x94/0x320
[  523.465212][   T29]  ? asan.module_dtor+0x20/0x20
[  523.465241][   T29]  ? __mutex_lock+0x6b2/0xcc0
[  523.465272][   T29]  ? __mutex_trylock_common+0x84/0x250
[  523.465310][   T29]  ? trace_raw_output_contention_end+0xd0/0xd0
[  523.465353][   T29]  schedule+0xbd/0x170
[  523.465379][   T29]  schedule_preempt_disabled+0x13/0x20
[  523.465405][   T29]  __mutex_lock+0x6b7/0xcc0
[  523.465435][   T29]  ? __mutex_lock+0x4e8/0xcc0
[  523.465469][   T29]  ? perf_trace_init+0x50/0x2d0
[  523.465496][   T29]  ? mutex_lock_nested+0x20/0x20
[  523.465550][   T29]  perf_trace_init+0x50/0x2d0
[  523.465574][   T29]  ? perf_tp_event_init+0x7c/0x110
[  523.465607][   T29]  perf_tp_event_init+0x8d/0x110
[  523.465638][   T29]  perf_try_init_event+0x12b/0x3c0
[  523.465675][   T29]  perf_event_alloc+0xfa4/0x21b0
[  523.465698][   T29]  ? perf_event_alloc+0xc06/0x21b0
[  523.465735][   T29]  ? find_lively_task_by_vpid+0x19/0x290
[  523.465772][   T29]  __se_sys_perf_event_open+0x70e/0x1c20
[  523.465808][   T29]  ? vma_end_read+0x18/0x170
[  523.465838][   T29]  ? __x64_sys_perf_event_open+0xc0/0xc0
[  523.465879][   T29]  ? lock_chain_count+0x20/0x20
[  523.465903][   T29]  ? lock_chain_count+0x20/0x20
[  523.465932][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[  523.465961][   T29]  ? __x64_sys_perf_event_open+0x20/0xc0
[  523.465990][   T29]  do_syscall_64+0x55/0xb0
[  523.466013][   T29]  ? clear_bhb_loop+0x40/0x90
[  523.466033][   T29]  ? clear_bhb_loop+0x40/0x90
[  523.466057][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  523.466089][   T29] RIP: 0033:0x7fd42bf8ebe9
[  523.466106][   T29] RSP: 002b:00007fd42a1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  523.466129][   T29] RAX: ffffffffffffffda RBX: 00007fd42c1b5fa0 RCX: 00007fd42bf8ebe9
[  523.466146][   T29] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000200000000100
[  523.466162][   T29] RBP: 00007fd42c011e19 R08: 0000000000000009 R09: 0000000000000000
[  523.466176][   T29] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[  523.466191][   T29] R13: 00007fd42c1b6038 R14: 00007fd42c1b5fa0 R15: 00007ffffaf11108
[  523.466227][   T29]  </TASK>
[  523.466237][   T29] INFO: task syz.2.2164:11566 blocked for more than 143 seconds.
[  523.466251][   T29]       Not tainted 6.6.102-syzkaller #0
[  523.466263][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  523.466273][   T29] task:syz.2.2164      state:D stack:27848 pid:11566 ppid:5788   flags:0x00004004
[  523.466308][   T29] Call Trace:
[  523.466316][   T29]  <TASK>
[  523.466329][   T29]  __schedule+0x14d2/0x44d0
[  523.466361][   T29]  ? mark_lock+0x94/0x320
[  523.466404][   T29]  ? asan.module_dtor+0x20/0x20
[  523.466433][   T29]  ? __mutex_lock+0x6b2/0xcc0
[  523.466464][   T29]  ? __mutex_trylock_common+0x84/0x250
[  523.466502][   T29]  ? trace_raw_output_contention_end+0xd0/0xd0
[  523.466551][   T29]  schedule+0xbd/0x170
[  523.466578][   T29]  schedule_preempt_disabled+0x13/0x20
[  523.466604][   T29]  __mutex_lock+0x6b7/0xcc0
[  523.466633][   T29]  ? __mutex_lock+0x4e8/0xcc0
[  523.466667][   T29]  ? perf_trace_init+0x50/0x2d0
[  523.466694][   T29]  ? mutex_lock_nested+0x20/0x20
[  523.466742][   T29]  perf_trace_init+0x50/0x2d0
[  523.466766][   T29]  ? perf_tp_event_init+0x7c/0x110
[  523.466799][   T29]  perf_tp_event_init+0x8d/0x110
[  523.466830][   T29]  perf_try_init_event+0x12b/0x3c0
[  523.466867][   T29]  perf_event_alloc+0xfa4/0x21b0
[  523.466890][   T29]  ? perf_event_alloc+0xc06/0x21b0
[  523.466934][   T29]  __se_sys_perf_event_open+0x5ed/0x1c20
[  523.466971][   T29]  ? __ia32_sys_get_robust_list+0x90/0x90
[  523.466998][   T29]  ? __x64_sys_perf_event_open+0xc0/0xc0
[  523.467039][   T29]  ? lock_chain_count+0x20/0x20
[  523.467072][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[  523.467100][   T29]  ? __x64_sys_perf_event_open+0x20/0xc0
[  523.467130][   T29]  do_syscall_64+0x55/0xb0
[  523.467153][   T29]  ? clear_bhb_loop+0x40/0x90
[  523.467172][   T29]  ? clear_bhb_loop+0x40/0x90
[  523.467196][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  523.467227][   T29] RIP: 0033:0x7fd42bf8ebe9
[  523.467245][   T29] RSP: 002b:00007fd42a1d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  523.467268][   T29] RAX: ffffffffffffffda RBX: 00007fd42c1b6090 RCX: 00007fd42bf8ebe9
[  523.467285][   T29] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000200000000180
[  523.467301][   T29] RBP: 00007fd42c011e19 R08: 0000000000000000 R09: 0000000000000000
[  523.467315][   T29] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[  523.467352][   T29] R13: 00007fd42c1b6128 R14: 00007fd42c1b6090 R15: 00007ffffaf11108
[  523.467388][   T29]  </TASK>
[  523.467397][   T29] INFO: task syz.1.2166:11568 blocked for more than 143 seconds.
[  523.467412][   T29]       Not tainted 6.6.102-syzkaller #0
[  523.467424][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  523.467434][   T29] task:syz.1.2166      state:D stack:26504 pid:11568 ppid:5787   flags:0x00004004
[  523.467470][   T29] Call Trace:
[  523.467478][   T29]  <TASK>
[  523.467492][   T29]  __schedule+0x14d2/0x44d0
[  523.467529][   T29]  ? mark_lock+0x94/0x320
[  523.467572][   T29]  ? asan.module_dtor+0x20/0x20
[  523.467601][   T29]  ? __mutex_lock+0x6b2/0xcc0
[  523.467632][   T29]  ? __mutex_trylock_common+0x84/0x250
[  523.467670][   T29]  ? trace_raw_output_contention_end+0xd0/0xd0
[  523.467713][   T29]  schedule+0xbd/0x170
[  523.467739][   T29]  schedule_preempt_disabled+0x13/0x20
[  523.467765][   T29]  __mutex_lock+0x6b7/0xcc0
[  523.467794][   T29]  ? __mutex_lock+0x4e8/0xcc0
[  523.467829][   T29]  ? perf_trace_init+0x50/0x2d0
[  523.467856][   T29]  ? mutex_lock_nested+0x20/0x20
[  523.467905][   T29]  perf_trace_init+0x50/0x2d0
[  523.467929][   T29]  ? perf_tp_event_init+0x7c/0x110
[  523.467961][   T29]  perf_tp_event_init+0x8d/0x110
[  523.467993][   T29]  perf_try_init_event+0x12b/0x3c0
[  523.468029][   T29]  perf_event_alloc+0xfa4/0x21b0
[  523.468053][   T29]  ? perf_event_alloc+0xc06/0x21b0
[  523.468089][   T29]  ? find_lively_task_by_vpid+0x19/0x290
[  523.468126][   T29]  __se_sys_perf_event_open+0x70e/0x1c20
[  523.468162][   T29]  ? __ia32_sys_get_robust_list+0x90/0x90
[  523.468184][   T29]  ? __sys_socketpair+0x113/0x550
[  523.468213][   T29]  ? __x64_sys_perf_event_open+0xc0/0xc0
[  523.468255][   T29]  ? lock_chain_count+0x20/0x20
[  523.468287][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[  523.468316][   T29]  ? __x64_sys_perf_event_open+0x20/0xc0
[  523.468345][   T29]  do_syscall_64+0x55/0xb0
[  523.468368][   T29]  ? clear_bhb_loop+0x40/0x90
[  523.468388][   T29]  ? clear_bhb_loop+0x40/0x90
[  523.468411][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  523.468443][   T29] RIP: 0033:0x7fa10798ebe9
[  523.468460][   T29] RSP: 002b:00007fa108894038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  523.468483][   T29] RAX: ffffffffffffffda RBX: 00007fa107bb5fa0 RCX: 00007fa10798ebe9
[  523.468500][   T29] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000300
[  523.468515][   T29] RBP: 00007fa107a11e19 R08: 0000000000000000 R09: 0000000000000000
[  523.468536][   T29] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[  523.468551][   T29] R13: 00007fa107bb6038 R14: 00007fa107bb5fa0 R15: 00007ffc6a32d3f8
[  523.468586][   T29]  </TASK>
[  523.468595][   T29] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[  523.468636][   T29] 
[  523.468636][   T29] Showing all locks held in the system:
[  523.468649][   T29] 3 locks held by kworker/u4:0/11:
[  523.468662][   T29]  #0: ffff88802cbeed38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.468732][   T29]  #1: ffffc90000107d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.468799][   T29]  #2: ffffffff8dfbba48 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30
[  523.468866][   T29] 2 locks held by kworker/u4:1/12:
[  523.468880][   T29] 2 locks held by rcu_tasks_trace/15:
[  523.468893][   T29]  #0: ffffffff8cd30d90 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0xadb/0xdb0
[  523.468957][   T29]  #1: ffffffff8cd35bb8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x448/0x830
[  523.469028][   T29] 1 lock held by khungtaskd/29:
[  523.469041][   T29]  #0: ffffffff8cd2fbe0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290
[  523.469112][   T29] 2 locks held by kworker/u4:2/35:
[  523.469125][   T29]  #0: ffff888017871538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.469191][   T29]  #1: ffffc90000abfd00 (connector_reaper_work){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.469258][   T29] 2 locks held by kworker/u4:3/48:
[  523.469271][   T29]  #0: ffff888017871538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.469336][   T29]  #1: ffffc90000b8fd00 ((reaper_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.469402][   T29] 3 locks held by kworker/u4:4/59:
[  523.469415][   T29]  #0: ffff888017871538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.469480][   T29]  #1: ffffc900015a7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.469551][   T29]  #2: ffffffff8dfbba48 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[  523.469630][   T29] 4 locks held by kworker/u4:6/1133:
[  523.469643][   T29]  #0: ffff888017873938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.469708][   T29]  #1: ffffc9000486fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.469772][   T29]  #2: ffffffff8dfaec50 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x136/0xb90
[  523.469837][   T29]  #3: ffffffff8cd35bb8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x360/0x830
[  523.469925][   T29] 2 locks held by kworker/u4:7/2963:
[  523.469938][   T29]  #0: ffff888017871538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.470003][   T29]  #1: ffffc9000bf77d00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.470072][   T29] 5 locks held by kworker/u5:1/5102:
[  523.470085][   T29]  #0: ffff88805eb94138 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.470150][   T29]  #1: ffffc9000fe07d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.470216][   T29]  #2: ffff88802fb78e70 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1d4/0x390
[  523.470286][   T29]  #3: ffff88802fb780b8 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1f7/0xdc0
[  523.470346][   T29]  #4: ffffffff8e129188 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x165/0x300
[  523.470413][   T29] 1 lock held by klogd/5146:
[  523.470426][   T29] 2 locks held by kworker/1:3/5173:
[  523.470439][   T29]  #0: ffff888017872538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.470504][   T29]  #1: ffffc900032c7d00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.470578][   T29] 2 locks held by getty/5554:
[  523.470590][   T29]  #0: ffff88814e2100a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  523.470661][   T29]  #1: ffffc9000327b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x425/0x1380
[  523.470732][   T29] 5 locks held by kworker/u5:2/5792:
[  523.470745][   T29]  #0: ffff88805df3c538 ((wq_completion)hci4){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.470810][   T29]  #1: ffffc900046afd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.470876][   T29]  #2: ffff88805a920e70 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1d4/0x390
[  523.470945][   T29]  #3: ffff88805a9200b8 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1f7/0xdc0
[  523.471005][   T29]  #4: ffffffff8e129188 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x165/0x300
[  523.471072][   T29] 6 locks held by kworker/u5:4/5797:
[  523.471084][   T29]  #0: ffff888021ff5938 ((wq_completion)hci6){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.471149][   T29]  #1: ffffc9000471fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.471215][   T29]  #2: ffff88807caf4e70 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1d4/0x390
[  523.483247][   T29]  #3: ffff88807caf40b8 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1f7/0xdc0
[  523.483323][   T29]  #4: ffffffff8e129188 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x165/0x300
[  523.483391][   T29]  #5: ffff88807ef08b38 (&conn->lock#2){+.+.}-{3:3}, at: l2cap_conn_del+0x70/0x660
[  523.483461][   T29] 5 locks held by kworker/u5:7/5801:
[  523.483475][   T29]  #0: ffff888025c00d38 ((wq_completion)hci7){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.483550][   T29]  #1: ffffc9000475fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.483615][   T29]  #2: ffff888078008e70 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1d4/0x390
[  523.483684][   T29]  #3: ffff8880780080b8 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1f7/0xdc0
[  523.483743][   T29]  #4: ffffffff8e129188 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x165/0x300
[  523.483814][   T29] 3 locks held by kworker/1:5/5838:
[  523.483828][   T29]  #0: ffff888017870938 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.483892][   T29]  #1: ffffc9000496fd00 (fqdir_free_work){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  523.483957][   T29]  #2: ffffffff8cd35a80 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x4c/0x580
[  523.484027][   T29] 1 lock held by syz.0.2161/11552:
[  523.484040][   T29]  #0: ffffffff8cd85f68 (event_mutex){+.+.}-{3:3}, at: perf_trace_destroy+0x2e/0x140
[  523.484105][   T29] 4 locks held by syz.3.2163/11556:
[  523.484118][   T29] 2 locks held by syz.2.2164/11565:
[  523.484131][   T29]  #0: ffffffff96ef9bb0 (&pmus_srcu){.+.+}-{0:0}, at: perf_event_alloc+0xc06/0x21b0
[  523.484194][   T29]  #1: ffffffff8cd85f68 (event_mutex){+.+.}-{3:3}, at: perf_trace_init+0x50/0x2d0
[  523.484256][   T29] 2 locks held by syz.2.2164/11566:
[  523.484269][   T29]  #0: ffffffff96ef9bb0 (&pmus_srcu){.+.+}-{0:0}, at: perf_event_alloc+0xc06/0x21b0
[  523.484331][   T29]  #1: ffffffff8cd85f68 (event_mutex){+.+.}-{3:3}, at: perf_trace_init+0x50/0x2d0
[  523.484394][   T29] 2 locks held by syz.1.2166/11568:
[  523.484407][   T29]  #0: ffffffff96ef9bb0 (&pmus_srcu){.+.+}-{0:0}, at: perf_event_alloc+0xc06/0x21b0
[  523.484469][   T29]  #1: ffffffff8cd85f68 (event_mutex){+.+.}-{3:3}, at: perf_trace_init+0x50/0x2d0
[  523.484541][   T29] 2 locks held by syz.1.2166/11572:
[  523.484553][   T29]  #0: ffffffff96ef9bb0 (&pmus_srcu){.+.+}-{0:0}, at: perf_event_alloc+0xc06/0x21b0
[  523.484616][   T29]  #1: ffffffff8cd85f68 (event_mutex){+.+.}-{3:3}, at: perf_trace_init+0x50/0x2d0
[  523.484679][   T29] 2 locks held by syz.1.2166/11574:
[  523.484692][   T29]  #0: ffffffff96ef9bb0 (&pmus_srcu){.+.+}-{0:0}, at: perf_event_alloc+0xc06/0x21b0
[  523.484754][   T29]  #1: ffffffff8cd85f68 (event_mutex){+.+.}-{3:3}, at: perf_trace_init+0x50/0x2d0
[  523.484818][   T29] 1 lock held by syz-executor/11578:
[  523.484831][   T29]  #0: ffffffff8dfbba48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x76f/0xf10
[  523.484901][   T29] 1 lock held by syz-executor/11579:
[  523.484914][   T29]  #0: ffffffff8dfbba48 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_newlink+0xa75/0x2020
[  523.484982][   T29] 1 lock held by dhcpcd/11587:
[  523.484994][   T29]  #0: ffff8880479a6130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0
[  523.485060][   T29] 1 lock held by dhcpcd/11588:
[  523.485072][   T29]  #0: ffff8880479ac130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0
[  523.485136][   T29] 1 lock held by dhcpcd/11589:
[  523.485148][   T29]  #0: ffff8880479aa130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0
[  523.485212][   T29] 1 lock held by dhcpcd/11590:
[  523.485224][   T29]  #0: ffff8880781f2130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0
[  523.485288][   T29] 1 lock held by dhcpcd/11591:
[  523.485301][   T29]  #0: ffff88805a93e130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0
[  523.485365][   T29] 1 lock held by dhcpcd/11592:
[  523.485378][   T29]  #0: ffff888027fdc130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0
[  523.485442][   T29] 1 lock held by syz-executor/11595:
[  523.485455][   T29]  #0: ffffffff8dfbba48 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x3b9/0x1fd0
[  523.485527][   T29] 1 lock held by syz-executor/11600:
[  523.485540][   T29]  #0: ffffffff8dfbba48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x76f/0xf10
[  523.485610][   T29] 1 lock held by syz-executor/11605:
[  523.485622][   T29]  #0: ffffffff8dfbba48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x76f/0xf10
[  523.485692][   T29] 1 lock held by syz-executor/11606:
[  523.485705][   T29]  #0: ffffffff8dfbba48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x76f/0xf10
[  523.485774][   T29] 1 lock held by syz-executor/11614:
[  523.485787][   T29]  #0: ffffffff8dfbba48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x76f/0xf10
[  523.485856][   T29] 1 lock held by syz-executor/11615:
[  523.485869][   T29]  #0: ffffffff8dfbba48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x76f/0xf10
[  523.485938][   T29] 1 lock held by syz-executor/11620:
[  523.485950][   T29]  #0: ffffffff8dfbba48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x76f/0xf10
[  523.486020][   T29] 1 lock held by syz-executor/11627:
[  523.486033][   T29]  #0: ffffffff8dfbba48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x76f/0xf10
[  523.486102][   T29] 1 lock held by syz-executor/11631:
[  523.486115][   T29]  #0: ffffffff8dfbba48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x76f/0xf10
[  523.486184][   T29] 1 lock held by syz-executor/11632:
[  523.486196][   T29]  #0: ffffffff8dfbba48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x76f/0xf10
[  523.486268][   T29] 
[  523.486274][   T29] =============================================
[  523.486274][   T29] 
[  523.486286][   T29] NMI backtrace for cpu 1
[  523.486296][   T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted 6.6.102-syzkaller #0
[  523.486315][   T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  523.486328][   T29] Call Trace:
[  523.486337][   T29]  <TASK>
[  523.486346][   T29]  dump_stack_lvl+0x16c/0x230
[  523.486370][   T29]  ? preempt_count_add+0x91/0x1a0
[  523.486402][   T29]  ? show_regs_print_info+0x20/0x20
[  523.486426][   T29]  ? load_image+0x3b0/0x3b0
[  523.486473][   T29]  nmi_cpu_backtrace+0x39b/0x3d0
[  523.486503][   T29]  ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0
[  523.486535][   T29]  ? _printk+0xd0/0x110
[  523.486565][   T29]  ? load_image+0x3b0/0x3b0
[  523.486600][   T29]  ? load_image+0x3b0/0x3b0
[  523.486635][   T29]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[  523.486669][   T29]  nmi_trigger_cpumask_backtrace+0x17a/0x2f0
[  523.486698][   T29]  watchdog+0xf41/0xf80
[  523.486725][   T29]  ? watchdog+0x1e1/0xf80
[  523.486760][   T29]  kthread+0x2fa/0x390
[  523.486778][   T29]  ? hungtask_pm_notify+0x90/0x90
[  523.486806][   T29]  ? kthread_blkcg+0xd0/0xd0
[  523.486825][   T29]  ret_from_fork+0x48/0x80
[  523.486849][   T29]  ? kthread_blkcg+0xd0/0xd0
[  523.486870][   T29]  ret_from_fork_asm+0x11/0x20
[  523.486915][   T29]  </TASK>
[  523.486923][   T29] Sending NMI from CPU 1 to CPUs 0:
[  523.486950][    C0] NMI backtrace for cpu 0
[  523.486959][    C0] CPU: 0 PID: 11556 Comm: syz.3.2163 Not tainted 6.6.102-syzkaller #0
[  523.486977][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  523.486986][    C0] RIP: 0010:lockdep_hardirqs_on_prepare+0xf3/0x760
[  523.487009][    C0] Code: 84 c0 0f 85 0b 05 00 00 83 3d 58 dc 83 15 00 75 6c 48 c7 44 24 40 00 00 00 00 9c 8f 44 24 40 f6 44 24 41 02 0f 85 87 03 00 00 <48> c7 c0 60 a4 ea 96 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 78 05 00
[  523.487024][    C0] RSP: 0018:ffffc90000007980 EFLAGS: 00000046
[  523.487038][    C0] RAX: 0000000000000004 RBX: 1ffff92000000f34 RCX: ffffffff96eaa403
[  523.487051][    C0] RDX: dffffc0000000000 RSI: ffffffff8afc66a0 RDI: ffffffff8afc6660
[  523.487063][    C0] RBP: ffffc90000007a40 R08: ffffffff8e4a882f R09: 1ffffffff1c95105
[  523.487076][    C0] R10: dffffc0000000000 R11: fffffbfff1c95106 R12: 0000000000000000
[  523.487088][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  523.487098][    C0] FS:  00007f80813a26c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  523.487113][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  523.487124][    C0] CR2: 0000200000034000 CR3: 000000002c076000 CR4: 00000000003506f0
[  523.487140][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  523.487149][    C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  523.487160][    C0] Call Trace:
[  523.487166][    C0]  <IRQ>
[  523.487172][    C0]  ? trace_event_raw_event_preemptirq_template+0x1e0/0x1e0
[  523.487198][    C0]  ? __irq_exit_rcu+0xd3/0x190
[  523.487213][    C0]  ? lock_chain_count+0x20/0x20
[  523.487235][    C0]  ? rcu_is_watching+0x15/0xb0
[  523.487259][    C0]  trace_hardirqs_on+0x28/0x40
[  523.487281][    C0]  asm_sysvec_irq_work+0x1a/0x20
[  523.487297][    C0] RIP: 0010:rcu_read_unlock_special+0x88/0x4c0
[  523.487345][    C0] Code: f1 f1 f1 00 f2 f2 f2 4a 89 04 2b 66 42 c7 44 2b 09 f3 f3 42 c6 44 2b 0b f3 65 44 8b 35 39 58 93 7e 41 f7 c6 00 00 f0 00 74 45 <48> c7 44 24 40 0e 36 e0 45 4a c7 04 2b 00 00 00 00 66 42 c7 44 2b
[  523.487359][    C0] RSP: 0018:ffffc90000007b00 EFLAGS: 00000206
[  523.487372][    C0] RAX: b6834d9bb854e900 RBX: 1ffff92000000f68 RCX: b6834d9bb854e900
[  523.487385][    C0] RDX: dffffc0000000000 RSI: ffffffff8aaab9c0 RDI: ffffffff8afc66c0
[  523.487397][    C0] RBP: ffffc90000007bf0 R08: ffffffff90da3507 R09: 1ffffffff21b46a0
[  523.487409][    C0] R10: dffffc0000000000 R11: fffffbfff21b46a1 R12: ffffffff8cd35400
[  523.487422][    C0] R13: dffffc0000000000 R14: 0000000000000246 R15: 0000000000000001
[  523.487445][    C0]  ? mac80211_hwsim_beacon_tx+0x3e9/0x780
[  523.487471][    C0]  ? __rcu_read_unlock+0xd0/0xd0
[  523.487504][    C0]  __rcu_read_unlock+0x7c/0xd0
[  523.487528][    C0]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[  523.487552][    C0]  ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0
[  523.487573][    C0]  ieee80211_iterate_active_interfaces_atomic+0x15a/0x180
[  523.487597][    C0]  mac80211_hwsim_beacon+0xbb/0x1b0
[  523.487619][    C0]  __hrtimer_run_queues+0x51e/0xc40
[  523.487642][    C0]  ? hw_scan_work+0xf40/0xf40
[  523.487666][    C0]  ? hrtimer_interrupt+0x9c0/0x9c0
[  523.487683][    C0]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[  523.487710][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  523.487731][    C0]  handle_softirqs+0x280/0x820
[  523.487750][    C0]  ? __irq_exit_rcu+0xc7/0x190
[  523.487769][    C0]  ? do_softirq+0x180/0x180
[  523.487793][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  523.487817][    C0]  __irq_exit_rcu+0xc7/0x190
[  523.487834][    C0]  ? irq_exit_rcu+0x20/0x20
[  523.487854][    C0]  irq_exit_rcu+0x9/0x20
[  523.487868][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  523.487892][    C0]  </IRQ>
[  523.487897][    C0]  <TASK>
[  523.487903][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  523.487930][    C0] RIP: 0010:console_flush_all+0x889/0xd00
[  523.487951][    C0] Code: ed 01 00 00 e8 88 27 1b 00 4d 85 ff 48 8b 5c 24 38 75 07 e8 79 27 1b 00 eb 06 e8 72 27 1b 00 fb 49 bf 00 00 00 00 00 fc ff df <48> 8b 44 24 50 42 0f b6 04 38 84 c0 0f 85 2f 02 00 00 80 3b 01 0f
[  523.487965][    C0] RSP: 0018:ffffc900193b6da0 EFLAGS: 00000283
[  523.487978][    C0] RAX: ffffffff816a63ae RBX: ffffc900193b6f3f RCX: 0000000000080000
[  523.487989][    C0] RDX: ffffc9000d50b000 RSI: 000000000000eec7 RDI: 000000000000eec8
[  523.488000][    C0] RBP: ffffc900193b6f10 R08: ffffffff90da3507 R09: 1ffffffff21b46a0
[  523.488012][    C0] R10: dffffc0000000000 R11: fffffbfff21b46a1 R12: ffffffff8d4b5c60
[  523.488024][    C0] R13: 1ffffffff19792b0 R14: ffffffff8d4b5cb8 R15: dffffc0000000000
[  523.488042][    C0]  ? console_flush_all+0x87e/0xd00
[  523.488069][    C0]  ? console_flush_all+0x10f/0xd00
[  523.488098][    C0]  ? is_console_locked+0x20/0x20
[  523.488118][    C0]  ? lock_chain_count+0x20/0x20
[  523.488138][    C0]  ? __down_trylock_console_sem+0xef/0x1e0
[  523.488162][    C0]  console_unlock+0xae/0x340
[  523.488183][    C0]  ? other_cpu_in_panic+0xf0/0xf0
[  523.488201][    C0]  ? mark_lock+0x94/0x320
[  523.488221][    C0]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  523.488245][    C0]  vprintk_emit+0x477/0x600
[  523.488266][    C0]  ? printk_sprint+0x460/0x460
[  523.488286][    C0]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  523.488313][    C0]  ? _raw_spin_unlock+0x40/0x40
[  523.488344][    C0]  _printk+0xd0/0x110
[  523.488374][    C0]  ? load_image+0x3b0/0x3b0
[  523.488399][    C0]  ? kasan_set_track+0x5f/0x70
[  523.488416][    C0]  ? __kasan_kmalloc+0x8f/0xa0
[  523.488433][    C0]  ? __kmalloc+0xb4/0x240
[  523.488454][    C0]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  523.488483][    C0]  __nla_validate_parse+0x1a27/0x2cd0
[  523.488525][    C0]  ? __nla_validate+0x50/0x50
[  523.488562][    C0]  __nla_parse+0x40/0x50
[  523.488588][    C0]  genl_family_rcv_msg_attrs_parse+0x1c6/0x290
[  523.488618][    C0]  genl_family_rcv_msg_doit+0xb9/0x2f0
[  523.488647][    C0]  ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0
[  523.488673][    C0]  ? apparmor_capable+0x137/0x1a0
[  523.488691][    C0]  ? bpf_lsm_capable+0x9/0x10
[  523.488714][    C0]  ? security_capable+0x89/0xb0
[  523.488739][    C0]  genl_rcv_msg+0x60b/0x790
[  523.488766][    C0]  ? genl_bind+0x360/0x360
[  523.488791][    C0]  ? nl80211_exit+0x30/0x30
[  523.488814][    C0]  ? nl80211_del_interface+0x130/0x130
[  523.488837][    C0]  ? nl80211_pre_doit+0x930/0x930
[  523.488862][    C0]  ? perf_trace_lock+0xf7/0x380
[  523.488893][    C0]  netlink_rcv_skb+0x216/0x480
[  523.488915][    C0]  ? genl_bind+0x360/0x360
[  523.488938][    C0]  ? netlink_ack+0x1110/0x1110
[  523.488965][    C0]  ? __lock_acquire+0x7c80/0x7c80
[  523.488989][    C0]  ? down_read+0x1ac/0x2e0
[  523.489013][    C0]  genl_rcv+0x28/0x40
[  523.489033][    C0]  netlink_unicast+0x751/0x8d0
[  523.489059][    C0]  netlink_sendmsg+0x8c1/0xbe0
[  523.489086][    C0]  ? netlink_getsockopt+0x580/0x580
[  523.489109][    C0]  ? aa_sock_msg_perm+0x94/0x150
[  523.489129][    C0]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  523.489149][    C0]  ? security_socket_sendmsg+0x80/0xa0
[  523.489167][    C0]  ? netlink_getsockopt+0x580/0x580
[  523.489187][    C0]  ____sys_sendmsg+0x5bf/0x950
[  523.489215][    C0]  ? __asan_memset+0x22/0x40
[  523.489237][    C0]  ? __sys_sendmsg_sock+0x30/0x30
[  523.489258][    C0]  ? __import_iovec+0x5f2/0x860
[  523.489289][    C0]  ? import_iovec+0x73/0xa0
[  523.489315][    C0]  ___sys_sendmsg+0x220/0x290
[  523.489339][    C0]  ? __sys_sendmsg+0x270/0x270
[  523.489377][    C0]  ? debug_mutex_init+0x38/0x70
[  523.489410][    C0]  __se_sys_sendmsg+0x1a5/0x270
[  523.489433][    C0]  ? perf_trace_preemptirq_template+0x281/0x340
[  523.489458][    C0]  ? __x64_sys_sendmsg+0x80/0x80
[  523.489492][    C0]  ? lockdep_hardirqs_on+0x98/0x150
[  523.489518][    C0]  do_syscall_64+0x55/0xb0
[  523.489537][    C0]  ? clear_bhb_loop+0x40/0x90
[  523.489552][    C0]  ? clear_bhb_loop+0x40/0x90
[  523.489568][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  523.489594][    C0] RIP: 0033:0x7f808058ebe9
[  523.489608][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  523.489622][    C0] RSP: 002b:00007f80813a2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  523.489637][    C0] RAX: ffffffffffffffda RBX: 00007f80807b5fa0 RCX: 00007f808058ebe9
[  523.489649][    C0] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005
[  523.489659][    C0] RBP: 00007f8080611e19 R08: 0000000000000000 R09: 0000000000000000
[  523.489669][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  523.489679][    C0] R13: 00007f80807b6038 R14: 00007f80807b5fa0 R15: 00007ffc467e1538
[  523.489701][    C0]  </TASK>
[  523.489947][   T29] Kernel panic - not syncing: hung_task: blocked tasks
[  523.489958][   T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted 6.6.102-syzkaller #0
[  523.489977][   T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  523.489988][   T29] Call Trace:
[  523.489995][   T29]  <TASK>
[  523.490003][   T29]  dump_stack_lvl+0x16c/0x230
[  523.490031][   T29]  ? show_regs_print_info+0x20/0x20
[  523.490054][   T29]  ? load_image+0x3b0/0x3b0
[  523.490099][   T29]  panic+0x2c0/0x710
[  523.490134][   T29]  ? bpf_jit_dump+0xd0/0xd0
[  523.490162][   T29]  ? __irq_work_queue_local+0x13a/0x3b0
[  523.490187][   T29]  ? irq_work_queue+0xbc/0x140
[  523.490218][   T29]  watchdog+0xf80/0xf80
[  523.490245][   T29]  ? watchdog+0x1e1/0xf80
[  523.490277][   T29]  kthread+0x2fa/0x390
[  523.490294][   T29]  ? hungtask_pm_notify+0x90/0x90
[  523.490321][   T29]  ? kthread_blkcg+0xd0/0xd0
[  523.490340][   T29]  ret_from_fork+0x48/0x80
[  523.490363][   T29]  ? kthread_blkcg+0xd0/0xd0
[  523.490383][   T29]  ret_from_fork_asm+0x11/0x20
[  523.490426][   T29]  </TASK>
[  523.490731][   T29] Kernel Offset: disabled