last executing test programs:

0s ago: executing program 2 (id=3):
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x3a, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0xfffffffc, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) (async)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000480)={0x0, 0x0})
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0) (async)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
close(0xffffffffffffffff) (async)
close(0xffffffffffffffff)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x4000080)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x30004081)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'macsec0\x00'}) (async)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'macsec0\x00'})
r2 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(0x3) (async)
close(0x3)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x9, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0x2, 0x200000000000001, 0x106)
setsockopt$sock_attach_bpf(r3, 0x29, 0x18, 0x0, 0x0) (async)
setsockopt$sock_attach_bpf(r3, 0x29, 0x18, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0xa5, 0xa, 0x0, 0x0, 0xffffff80, 0x61, 0x11, 0x6c}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x20040000) (async)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x20040000)
r4 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_REFRESH(r2, 0x2402, 0x7)
setsockopt$sock_attach_bpf(r4, 0x0, 0x4, 0x0, 0x0) (async)
setsockopt$sock_attach_bpf(r4, 0x0, 0x4, 0x0, 0x0)
sendmsg$inet(r4, &(0x7f00000024c0)={&(0x7f00000000c0)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10, 0x0}, 0x24000000)
socket$kcm(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000440)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00'}, 0x94)
socket$kcm(0x2, 0x922000000001, 0x106)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:47564' (ED25519) to the list of known hosts.
syzkaller login: [   49.718154][ T5837] cgroup: Unknown subsys name 'net'
[   49.805443][ T5837] cgroup: Unknown subsys name 'cpuset'
[   49.810535][ T5837] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   51.275068][ T5837] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   54.979210][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   54.983282][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   54.986896][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   54.990788][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   54.993884][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   55.058179][ T5237] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   55.061022][ T5237] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   55.063832][ T5237] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   55.066857][ T5237] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   55.069505][ T5237] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   55.085934][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   55.089080][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   55.091919][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   55.095180][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   55.097836][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   55.261023][ T5845] chnl_net:caif_netlink_parms(): no params data found
[   55.298328][ T5850] chnl_net:caif_netlink_parms(): no params data found
[   55.369116][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.372048][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.374768][ T5845] bridge_slave_0: entered allmulticast mode
[   55.378437][ T5845] bridge_slave_0: entered promiscuous mode
[   55.387426][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.389844][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.392656][ T5845] bridge_slave_1: entered allmulticast mode
[   55.395520][ T5845] bridge_slave_1: entered promiscuous mode
[   55.420080][ T5852] chnl_net:caif_netlink_parms(): no params data found
[   55.437784][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.454570][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.473761][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.476265][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.478892][ T5850] bridge_slave_0: entered allmulticast mode
[   55.482704][ T5850] bridge_slave_0: entered promiscuous mode
[   55.509933][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.513115][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.516226][ T5850] bridge_slave_1: entered allmulticast mode
[   55.520226][ T5850] bridge_slave_1: entered promiscuous mode
[   55.544260][ T5845] team0: Port device team_slave_0 added
[   55.547477][ T5845] team0: Port device team_slave_1 added
[   55.578781][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.603148][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.618947][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.622562][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.631687][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.650832][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.654854][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.665631][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.677949][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.681085][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.685252][ T5852] bridge_slave_0: entered allmulticast mode
[   55.688021][ T5852] bridge_slave_0: entered promiscuous mode
[   55.691236][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.694081][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.697538][ T5852] bridge_slave_1: entered allmulticast mode
[   55.700607][ T5852] bridge_slave_1: entered promiscuous mode
[   55.710671][ T5850] team0: Port device team_slave_0 added
[   55.726673][ T5850] team0: Port device team_slave_1 added
[   55.771923][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.788809][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.791112][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.800124][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.806351][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.815863][ T5845] hsr_slave_0: entered promiscuous mode
[   55.819057][ T5845] hsr_slave_1: entered promiscuous mode
[   55.822909][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.825219][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.834111][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.869522][ T5852] team0: Port device team_slave_0 added
[   55.893881][ T5852] team0: Port device team_slave_1 added
[   55.940755][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.944188][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.955762][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.979537][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.982857][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.993771][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.018320][ T5850] hsr_slave_0: entered promiscuous mode
[   56.021771][ T5850] hsr_slave_1: entered promiscuous mode
[   56.024674][ T5850] debugfs: 'hsr0' already exists in 'hsr'
[   56.027161][ T5850] Cannot create hsr debugfs directory
[   56.100909][ T5852] hsr_slave_0: entered promiscuous mode
[   56.103643][ T5852] hsr_slave_1: entered promiscuous mode
[   56.105859][ T5852] debugfs: 'hsr0' already exists in 'hsr'
[   56.107814][ T5852] Cannot create hsr debugfs directory
[   56.204804][ T5845] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   56.215102][ T5845] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   56.248553][ T5845] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   56.273037][ T5845] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   56.323574][ T5850] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   56.336977][ T5850] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   56.355131][ T5850] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   56.362627][ T5850] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   56.388698][ T5852] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   56.393763][ T5852] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   56.403078][ T5852] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   56.408629][ T5852] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   56.478937][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.484770][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.502669][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[   56.508433][ T5845] 8021q: adding VLAN 0 to HW filter on device team0
[   56.514927][  T112] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.517329][  T112] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.525829][  T112] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.528224][  T112] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.534041][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.536797][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.548640][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.551235][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.595979][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.634080][ T5852] 8021q: adding VLAN 0 to HW filter on device team0
[   56.644159][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.647181][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.676603][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.679644][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.703841][ T5852] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   56.748561][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.779468][ T5850] veth0_vlan: entered promiscuous mode
[   56.793590][ T5850] veth1_vlan: entered promiscuous mode
[   56.823650][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.826913][ T5850] veth0_macvtap: entered promiscuous mode
[   56.857925][ T5850] veth1_macvtap: entered promiscuous mode
[   56.880578][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.887483][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.909564][ T5872] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.914272][ T5872] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.917119][ T5845] veth0_vlan: entered promiscuous mode
[   56.926816][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.929930][ T5872] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.940109][ T5845] veth1_vlan: entered promiscuous mode
[   56.944428][ T5872] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.023087][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.028715][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.039765][ T5845] veth0_macvtap: entered promiscuous mode
[   57.053065][   T54] Bluetooth: hci0: command tx timeout
[   57.075237][ T5845] veth1_macvtap: entered promiscuous mode
[   57.078624][  T112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.085812][  T112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.089467][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.096879][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.100790][ T5852] veth0_vlan: entered promiscuous mode
[   57.108518][ T5852] veth1_vlan: entered promiscuous mode
[   57.114877][ T5742] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.122212][ T5742] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.131025][ T5742] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.131626][   T54] Bluetooth: hci2: command tx timeout
[   57.136874][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.139789][ T5237] Bluetooth: hci1: command tx timeout
[   57.160355][ T5852] veth0_macvtap: entered promiscuous mode
[   57.170276][ T5852] veth1_macvtap: entered promiscuous mode
[   57.180240][ T5850] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   57.184234][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.199433][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.267705][ T5742] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.284589][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.287206][ T5742] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.290274][ T5742] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.296879][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.298827][    C1] hrtimer: interrupt took 31747 ns
[   57.311998][ T5742] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.346356][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.349337][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.405783][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.408584][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  162.401389][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  162.403784][    C0] rcu: 	1-...!: (0 ticks this GP) idle=831c/1/0x4000000000000000 softirq=13479/13479 fqs=0
[  162.408971][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=6289, q=262 ncpus=2)
[  162.412244][    C0] Sending NMI from CPU 0 to CPUs 1:
[  162.412301][    C1] NMI backtrace for cpu 1
[  162.412312][    C1] CPU: 1 UID: 0 PID: 5909 Comm: syz.2.3 Not tainted syzkaller #0 PREEMPT(full) 
[  162.412320][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  162.412324][    C1] RIP: 0010:lock_release+0xaa/0x3e0
[  162.412337][    C1] Code: 92 41 83 bf ec 0a 00 00 00 0f 85 1e 02 00 00 49 81 3e 20 a3 64 93 0f 84 11 02 00 00 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 <48> 8b 5c 24 20 fa 48 c7 c7 53 e5 9c 8d e8 64 61 dd 09 65 ff 05 0d
[  162.412343][    C1] RSP: 0018:ffffc900001e0818 EFLAGS: 00000087
[  162.412350][    C1] RAX: 0000000000000000 RBX: 0000000000000802 RCX: e8433f5720520e00
[  162.412354][    C1] RDX: 0000000000010000 RSI: ffffffff8be34260 RDI: ffffffff8be34220
[  162.412358][    C1] RBP: ffffc900001e0918 R08: 0000000000000003 R09: 0000000000000004
[  162.412362][    C1] R10: dffffc0000000000 R11: fffff5200003c100 R12: dffffc0000000000
[  162.412366][    C1] R13: ffffffff81ada91e R14: ffff888136627a98 R15: ffff88801db11cc0
[  162.412371][    C1] FS:  00007f762afd56c0(0000) GS:ffff8881a3c12000(0000) knlGS:0000000000000000
[  162.412376][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  162.412380][    C1] CR2: 0000000100000001 CR3: 0000000028ea6000 CR4: 00000000000006f0
[  162.412405][    C1] Call Trace:
[  162.412410][    C1]  <IRQ>
[  162.412415][    C1]  _raw_spin_unlock_irqrestore+0x70/0x110
[  162.412425][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  162.412432][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  162.412437][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  162.412444][    C1]  hrtimer_try_to_cancel+0x3be/0x420
[  162.412452][    C1]  hrtimer_cancel+0x3b/0x50
[  162.412457][    C1]  cpu_clock_event_stop+0xd9/0x130
[  162.412466][    C1]  __perf_event_overflow+0x580/0xe40
[  162.412475][    C1]  ? __pfx___perf_event_overflow+0x10/0x10
[  162.412482][    C1]  ? __pfx_cpu_clock_event_update+0x10/0x10
[  162.412492][    C1]  perf_swevent_hrtimer+0x3c5/0x550
[  162.412501][    C1]  ? __pfx_perf_swevent_hrtimer+0x10/0x10
[  162.412509][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  162.412521][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  162.412526][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  162.412533][    C1]  ? __pfx_perf_swevent_hrtimer+0x10/0x10
[  162.412541][    C1]  ? __pfx_perf_swevent_hrtimer+0x10/0x10
[  162.412550][    C1]  __hrtimer_run_queues+0x4e0/0xc60
[  162.412559][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  162.412566][    C1]  hrtimer_interrupt+0x45b/0xaa0
[  162.412576][    C1]  __sysvec_apic_timer_interrupt+0x10b/0x410
[  162.412584][    C1]  sysvec_apic_timer_interrupt+0xa1/0xc0
[  162.412591][    C1]  </IRQ>
[  162.412593][    C1]  <TASK>
[  162.412596][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  162.412603][    C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110
[  162.412609][    C1] Code: 74 05 e8 2b 0c 4a f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> e3 b0 12 f6 65 8b 05 6c 81 23 07 85 c0 74 40 48 c7 04 24 0e 36
[  162.412614][    C1] RSP: 0018:ffffc900039afa40 EFLAGS: 00000206
[  162.412620][    C1] RAX: e8433f5720520e00 RBX: 0000000000000a06 RCX: e8433f5720520e00
[  162.412624][    C1] RDX: 0000000000000006 RSI: ffffffff8d9baa25 RDI: 0000000000000001
[  162.412628][    C1] RBP: ffffc900039afad0 R08: ffffffff8fa3b237 R09: 1ffffffff1f47646
[  162.412632][    C1] R10: dffffc0000000000 R11: fffffbfff1f47647 R12: dffffc0000000000
[  162.412636][    C1] R13: ffff88811d830ab8 R14: ffffffff99d90a70 R15: 1ffff92000735f48
[  162.412643][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  162.412650][    C1]  ? alloc_object+0xbf/0x310
[  162.412658][    C1]  debug_object_activate+0x2e2/0x420
[  162.412665][    C1]  kvfree_call_rcu+0x4f/0x410
[  162.412672][    C1]  do_ip_setsockopt+0x287a/0x2d00
[  162.412680][    C1]  ? __pfx_do_ip_setsockopt+0x10/0x10
[  162.412686][    C1]  ? smc_setsockopt+0x181/0xab0
[  162.412694][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  162.412703][    C1]  ip_setsockopt+0x66/0x110
[  162.412709][    C1]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  162.412716][    C1]  smc_setsockopt+0x232/0xab0
[  162.412723][    C1]  ? __pfx_smc_setsockopt+0x10/0x10
[  162.412729][    C1]  ? aa_sock_opt_perm+0xff/0x1b0
[  162.412736][    C1]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  162.412744][    C1]  ? __pfx_smc_setsockopt+0x10/0x10
[  162.412750][    C1]  do_sock_setsockopt+0x17c/0x1b0
[  162.412758][    C1]  __x64_sys_setsockopt+0x13f/0x1b0
[  162.412767][    C1]  do_syscall_64+0xfa/0x3b0
[  162.412774][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.412780][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  162.412786][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.412792][    C1] RIP: 0033:0x7f762cd8ec29
[  162.412798][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.412802][    C1] RSP: 002b:00007f762afd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  162.412808][    C1] RAX: ffffffffffffffda RBX: 00007f762cfd6090 RCX: 00007f762cd8ec29
[  162.412812][    C1] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 000000000000000b
[  162.412816][    C1] RBP: 00007f762ce11e41 R08: 0000000000000000 R09: 0000000000000000
[  162.412819][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  162.412823][    C1] R13: 00007f762cfd6128 R14: 00007f762cfd6090 R15: 00007ffe8dad3618
[  162.412829][    C1]  </TASK>
[  162.413281][    C0] rcu: rcu_preempt kthread starved for 10502 jiffies! g6289 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[  162.632796][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  162.637253][    C0] rcu: RCU grace-period kthread stack dump:
[  162.640003][    C0] task:rcu_preempt     state:R  running task     stack:27224 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  162.645717][    C0] Call Trace:
[  162.647172][    C0]  <TASK>
[  162.648409][    C0]  __schedule+0x1798/0x4cc0
[  162.650130][    C0]  ? __lock_acquire+0xab9/0xd20
[  162.652203][    C0]  ? __pfx___schedule+0x10/0x10
[  162.654297][    C0]  ? schedule+0x91/0x360
[  162.656068][    C0]  schedule+0x165/0x360
[  162.657816][    C0]  schedule_timeout+0x12b/0x270
[  162.659942][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  162.662218][    C0]  ? __pfx_process_timeout+0x10/0x10
[  162.664449][    C0]  ? prepare_to_swait_event+0x341/0x380
[  162.666750][    C0]  rcu_gp_fqs_loop+0x301/0x1540
[  162.668823][    C0]  ? __pfx_rcu_gp_init+0x10/0x10
[  162.671014][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  162.673292][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  162.675546][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[  162.677724][    C0]  ? finish_swait+0xcd/0x1f0
[  162.679706][    C0]  rcu_gp_kthread+0x99/0x390
[  162.681681][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  162.683836][    C0]  ? __kthread_parkme+0x7b/0x200
[  162.685957][    C0]  ? __kthread_parkme+0x1a1/0x200
[  162.688149][    C0]  kthread+0x711/0x8a0
[  162.689891][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  162.692100][    C0]  ? __pfx_kthread+0x10/0x10
[  162.694146][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  162.696309][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  162.698501][    C0]  ? __pfx_kthread+0x10/0x10
[  162.700524][    C0]  ret_from_fork+0x439/0x7d0
[  162.702519][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  162.704690][    C0]  ? __switch_to_asm+0x39/0x70
[  162.706766][    C0]  ? __switch_to_asm+0x33/0x70
[  162.708816][    C0]  ? __pfx_kthread+0x10/0x10
[  162.710766][    C0]  ret_from_fork_asm+0x1a/0x30
[  162.712576][    C0]  </TASK>
[  162.713704][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  162.716098][    C0] CPU: 0 UID: 0 PID: 5845 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  162.719411][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  162.722744][    C0] RIP: 0010:smp_call_function_many_cond+0xd38/0x12d0
[  162.724973][    C0] Code: 89 ee 83 e6 01 31 ff e8 b6 63 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 61 5f 0b 00 eb 38 f3 90 42 0f b6 04 2b <84> c0 75 11 41 f7 04 24 01 00 00 00 74 1e e8 45 5f 0b 00 eb e4 44
[  162.731281][    C0] RSP: 0000:ffffc9000323f720 EFLAGS: 00000293
[  162.733327][    C0] RAX: 0000000000000000 RBX: 1ffff11026cc7f61 RCX: ffff888105ca8000
[  162.735944][    C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  162.738594][    C0] RBP: ffffc9000323f8a0 R08: ffffffff8fa3b237 R09: 1ffffffff1f47646
[  162.741288][    C0] R10: dffffc0000000000 R11: fffffbfff1f47647 R12: ffff88813663fb08
[  162.743934][    C0] R13: dffffc0000000000 R14: ffff88804b03b1c0 R15: 0000000000000001
[  162.746587][    C0] FS:  0000555570c6d500(0000) GS:ffff8880b8612000(0000) knlGS:0000000000000000
[  162.749561][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  162.751759][    C0] CR2: 00007f1066da2608 CR3: 000000002453a000 CR4: 00000000000006f0
[  162.754434][    C0] Call Trace:
[  162.755548][    C0]  <TASK>
[  162.756573][    C0]  ? __pfx_should_flush_tlb+0x10/0x10
[  162.758630][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  162.760755][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  162.762998][    C0]  ? __mem_cgroup_threshold+0x1f/0x5e0
[  162.764959][    C0]  ? rcu_is_watching+0x15/0xb0
[  162.766802][    C0]  ? __pfx_should_flush_tlb+0x10/0x10
[  162.768824][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  162.770874][    C0]  on_each_cpu_cond_mask+0x3f/0x80
[  162.772986][    C0]  flush_tlb_mm_range+0x6b1/0x12d0
[  162.775147][    C0]  ? page_table_check_clear+0x187/0x700
[  162.777068][    C0]  ? __pfx_flush_tlb_mm_range+0x10/0x10
[  162.778949][    C0]  ? page_table_check_clear+0x187/0x700
[  162.780832][    C0]  ? page_table_check_clear+0x4f3/0x700
[  162.782723][    C0]  ? page_table_check_clear+0x187/0x700
[  162.784858][    C0]  ptep_clear_flush+0x120/0x170
[  162.786584][    C0]  do_wp_page+0x1bc2/0x5800
[  162.788263][    C0]  ? do_wp_page+0x161d/0x5800
[  162.790098][    C0]  ? __pfx_do_wp_page+0x10/0x10
[  162.791928][    C0]  ? do_raw_spin_lock+0x121/0x290
[  162.793959][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  162.795931][    C0]  __handle_mm_fault+0x1033/0x5440
[  162.797672][    C0]  ? __lock_acquire+0xab9/0xd20
[  162.799406][    C0]  ? __pfx___handle_mm_fault+0x10/0x10
[  162.801534][    C0]  ? lock_vma_under_rcu+0xdf/0x3d0
[  162.803419][    C0]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[  162.805514][    C0]  handle_mm_fault+0x40a/0x8e0
[  162.807024][    C0]  do_user_addr_fault+0xa81/0x1390
[  162.808722][    C0]  ? rcu_is_watching+0x15/0xb0
[  162.810426][    C0]  ? trace_page_fault_user+0x84/0x1e0
[  162.812611][    C0]  exc_page_fault+0x76/0xf0
[  162.814550][    C0]  asm_exc_page_fault+0x26/0x30
[  162.816618][    C0] RIP: 0033:0x7f1066b66e60
[  162.818473][    C0] Code: 08 48 8b 06 48 83 c6 08 49 89 c1 4d 01 c1 73 1a 49 31 c1 4d 09 c1 49 ff c1 75 0f 48 89 02 48 83 c2 08 e9 73 ff ff ff 0f 1f 00 <88> 02 84 c0 74 12 48 ff c2 88 22 84 e4 74 09 48 ff c2 48 c1 e8 10
[  162.826446][    C0] RSP: 002b:00007ffd6950cc78 EFLAGS: 00010296
[  162.828667][    C0] RAX: 66007265746c6966 RBX: 00007f1066da2608 RCX: 0000000000000000
[  162.831341][    C0] RDX: 00007f1066da2608 RSI: 00007f1066c13230 RDI: 00007f1066da2608
[  162.833839][    C0] RBP: 00007f1066c13228 R08: fefefefefefefeff R09: ff00000000000000
[  162.836850][    C0] R10: 00007f1066da1f88 R11: 0000000000000202 R12: 0000000000000003
[  162.839742][    C0] R13: 00007f1066da1280 R14: 0000000000000003 R15: 00007ffd6950d370
[  162.842731][    C0]  </TASK>

VM DIAGNOSIS:
20:12:56  Registers:
info registers vcpu 0

CPU#0
RAX=000000000000003a RBX=000000000000003a RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900000072b0
R8 =ffff888108870237 R9 =1ffff1102110e046 R10=dffffc0000000000 R11=ffffffff85501440
R12=dffffc0000000000 R13=ffffffff99b038e4 R14=ffffffff99df8420 R15=0000000000000000
RIP=ffffffff855014bc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555570c6d500 ffffffff 00c00000
GS =0000 ffff8880b8612000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f1066da2608 CR3=000000002453a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=ffffffffffffff00 000000000000ff00 XMM05=0000000000000000 00007f1066c12e7b
XMM06=0000000000000000 00007f1066c12e75 XMM07=0000000000000000 00007f1066c12e89
XMM08=0000000000000000 00007f1066c12f0f XMM09=0000000000000000 00007f1066c12fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000ffe572c4 RBX=0000000000000002 RCX=000000008d828e18 RDX=00000000001a71fd
RSI=00000000ffffe52c RDI=ffff88801db11cc0 RBP=0000000000000001 RSP=ffffc900001e0750
R8 =0000000000000000 R9 =ffffffff81ada78b R10=dffffc0000000000 R11=ffffed1026cc4f51
R12=0000000000000068 R13=ffff88801db127b0 R14=ffff88801db12800 R15=000000008d828e18
RIP=ffffffff819d7b7a RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f762afd56c0 ffffffff 00c00000
GS =0000 ffff8881a3c12000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000100000001 CR3=0000000028ea6000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f762cfa7498 00007f762cfa7470 XMM03=00007f762cfa74a8 00007f762cfa74a0
XMM04=00007f762db0d100 00007f762cfa7460 XMM05=00007f762cfa7478 00007f762cfa74c0
XMM06=00007f762cfa74b8 00007f762cfa74b0 XMM07=00007f762cfa74a8 00007f762cfa74a0
XMM08=0000000000000000 00007f762ce12f0f XMM09=0000000000000000 00007f762ce12fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
