last executing test programs:

18.81631001s ago: executing program 0 (id=442):
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r0=>0x0, <r1=>0x0})
close(r0)
setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd)
close(0xffffffffffffffff)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$kcm(0x2a, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x890b, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r4)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x2000, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='pids.events\x00', 0x26e1, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x401c5820, &(0x7f0000000040)=0x8000000000000000)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140), 0x4d)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000080)={<r7=>0x0, 0x0})
close(r7)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a, 0x0, 0x1}, 0x28)
sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e0009fffe0000000008000003"], 0x34}}, 0x84)

17.920204904s ago: executing program 0 (id=452):
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r0 = socket$kcm(0xa, 0x3, 0x73)
sendmsg$inet(r0, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001080)=[{0x0}], 0x1, &(0x7f0000001940)=[@ip_tos_int={{0x14, 0x29, 0x32}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @loopback}}}], 0x38}, 0x0)
socket$kcm(0x10, 0x3, 0x10)
recvmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, 0x0}, 0x20000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000044c0)={0x0}}, 0x80)
r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff})
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
socket$kcm(0x2, 0x2, 0x73)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r4)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a300000000084000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff00080003400000000838001180090001006c61737400000000280002800c00024000000000000000090800014000000ba308000140000010000800014000003f5e980000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000006c0003806800008008000340000000025c0002800c00028008000340000000024c000280080003400000000408000180fffffffd0800f1d7fffffffd0800034000000003090002"], 0x164}, 0x1, 0x0, 0x0, 0x4000819}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xd2}, 0x28)
bpf$MAP_CREATE(0x0, 0x0, 0x0)

17.518588997s ago: executing program 2 (id=463):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="180200000100000000000000000000008500000053000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b706000000000000850000000700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r0, 0x0, 0xe, 0x0, &(0x7f00000000c0)="c1b9545dd30a1d31677b2d0bfa91", 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

16.630613234s ago: executing program 2 (id=467):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000040000000000000000000000850000002c000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00', 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002300)={r0, 0x18000000000002a0, 0x12, 0x0, &(0x7f00000000c0)="b9ff0300600d698cff9e14f086dd347dc959", 0x0, 0xe00, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

16.630226431s ago: executing program 2 (id=469):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x18, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=ANY=[], 0x104}}, 0x0)

16.558538668s ago: executing program 0 (id=470):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
fstat(r0, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x401c5820, &(0x7f0000001000)=0x8)

16.558327744s ago: executing program 0 (id=471):
r0 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$inet(r0, &(0x7f0000000600)={&(0x7f00000002c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f0000000740)=[{0x0, 0x11}, {&(0x7f00000006c0)='-', 0x1}], 0x2}, 0xfd)

16.558199986s ago: executing program 2 (id=472):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x2}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)={0x20, 0x22, 0x107, 0x0, 0x25dfdbfb, {0x1, 0x7c}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x2006, 0x0, 0x0, @str='\x80\n'}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4c094}, 0x4040)

16.508375611s ago: executing program 0 (id=473):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x29, 0x33, &(0x7f0000000100), 0x120)

16.436874415s ago: executing program 2 (id=476):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x70, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x34, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x101}, @NFTA_LIMIT_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}]}}}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xf4}}, 0x0)

16.436688145s ago: executing program 0 (id=477):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2505, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x940, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x9)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x143b80, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'rose0\x00', 0x112})

16.317427786s ago: executing program 2 (id=479):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000280), 0x8)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x58, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r0=>0x0}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x3, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0xa4706, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x320, 0x0, 0x0, 0x2}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181003f000000000100000010001f0e0027000f00000000800200121f", 0x2e}], 0x1}, 0x0)
syz_clone(0x25200000, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = socket$kcm(0x2a, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x541b, 0x0)
perf_event_open(0x0, 0x0, 0x3, 0xffffffffffffffff, 0xb)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfdef)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000210081044e81f782db44b904", 0x10}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x0, 0x0, &(0x7f00000005c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x5}, 0x94)
r3 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x200000}, 0x10}, 0x94)
ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000000)=0x4d)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syz_tun\x00'})

16.085340496s ago: executing program 1 (id=481):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0xfffffffc}, [@call={0x85, 0x0, 0x0, 0x2e}, @printk={@d, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x17}}]}, &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

15.998707945s ago: executing program 1 (id=482):
r0 = socket$kcm(0x10, 0x2, 0x0)
recvmsg$kcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000480)=""/295, 0x127}, {&(0x7f0000000940)=""/245, 0xf5}, {&(0x7f0000000740)=""/180, 0xb4}, {&(0x7f00000005c0)=""/171, 0xab}, {&(0x7f00000012c0)=""/4144, 0x1030}, {&(0x7f0000000a40)=""/251, 0xfb}], 0x6}, 0x40002022)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000000c0)="14000000350094fb0100fc6022f388a500000000", 0x14}], 0x1}, 0x24000040)
r1 = socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r1, 0x0, 0x400c000)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000340)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001d0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bbfbffa8499c69ac76dd752d00", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

15.998347279s ago: executing program 1 (id=483):
r0 = socket$kcm(0xa, 0x1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x29, 0x12, 0x0, 0x0)

15.602137904s ago: executing program 1 (id=484):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x1, 0x4, 0x6, 0xb}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b70300000000ff80850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000380)={r1}, 0xc)

15.601481837s ago: executing program 1 (id=485):
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x415, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0xfff}, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, 0x0, 0x44010)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000840)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000002000000"], &(0x7f0000000300)=""/187, 0x32, 0xbb, 0x1}, 0x28)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r2, &(0x7f0000000d00)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c80)={0x1c, 0x17, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0x7}, [@NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x20008050)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, 0x0, 0x0)
r4 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0x5)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r4, 0x4008240b, &(0x7f0000000100)={0x5, 0xfffffdfa, 0x99, 0x2, 0x7f, 0x3, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x40000000, 0x4, @perf_bp={&(0x7f0000000d40), 0x1}, 0x14a00, 0x876, 0x9b, 0x0, 0x2, 0x9, 0x1, 0x0, 0xf81, 0x0, 0x899})
r5 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg(r5, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0xc000)
r6 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x891c, &(0x7f0000000040)={'geneve1\x00', @random="02001800"})
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0a00000016000000b300", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
write$cgroup_pid(r7, &(0x7f0000000480), 0xfdef)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000540))
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r8 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r8, 0x29, 0x2b, 0x0, 0x2000000)

15.586732149s ago: executing program 1 (id=486):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xe, 0x66c}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001580)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000bf000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
socket$kcm(0x2, 0x1000000000000002, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="800000000001010400000000141a000002fff500240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c000280050001000000000008000740000000011c00108008000140000000000800024000000000080003"], 0x80}, 0x1, 0x0, 0x0, 0x4000810}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x38, 0x3, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)

846.576851ms ago: executing program 32 (id=477):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2505, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x940, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x9)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x143b80, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'rose0\x00', 0x112})

775.650226ms ago: executing program 33 (id=479):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000280), 0x8)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x58, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r0=>0x0}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x3, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0xa4706, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x320, 0x0, 0x0, 0x2}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181003f000000000100000010001f0e0027000f00000000800200121f", 0x2e}], 0x1}, 0x0)
syz_clone(0x25200000, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = socket$kcm(0x2a, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x541b, 0x0)
perf_event_open(0x0, 0x0, 0x3, 0xffffffffffffffff, 0xb)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfdef)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000210081044e81f782db44b904", 0x10}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x0, 0x0, &(0x7f00000005c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x5}, 0x94)
r3 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x200000}, 0x10}, 0x94)
ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000000)=0x4d)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syz_tun\x00'})

0s ago: executing program 34 (id=486):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xe, 0x66c}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001580)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000bf000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
socket$kcm(0x2, 0x1000000000000002, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="800000000001010400000000141a000002fff500240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c000280050001000000000008000740000000011c00108008000140000000000800024000000000080003"], 0x80}, 0x1, 0x0, 0x0, 0x4000810}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x38, 0x3, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:12851' (ED25519) to the list of known hosts.
syzkaller login: [   57.941764][ T5831] cgroup: Unknown subsys name 'net'
[   58.064788][ T5831] cgroup: Unknown subsys name 'cpuset'
[   58.070937][ T5831] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   60.501011][ T5831] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   65.858556][ T5848] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   65.868828][ T5851] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   65.873752][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   65.873809][ T5851] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   65.880495][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   65.880932][ T5851] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   65.888107][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   65.888220][ T5851] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   65.895069][ T5851] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   65.898329][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   65.963927][ T5851] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   65.968096][ T5851] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   65.972607][ T5851] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   65.977045][ T5851] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   65.982157][ T5851] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   66.276526][ T5849] chnl_net:caif_netlink_parms(): no params data found
[   66.305290][ T5845] chnl_net:caif_netlink_parms(): no params data found
[   66.341368][ T5855] chnl_net:caif_netlink_parms(): no params data found
[   66.463438][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.466771][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.470653][ T5845] bridge_slave_0: entered allmulticast mode
[   66.474275][ T5845] bridge_slave_0: entered promiscuous mode
[   66.478572][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.482063][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.484952][ T5849] bridge_slave_0: entered allmulticast mode
[   66.488265][ T5849] bridge_slave_0: entered promiscuous mode
[   66.514157][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.517033][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.520205][ T5845] bridge_slave_1: entered allmulticast mode
[   66.523445][ T5845] bridge_slave_1: entered promiscuous mode
[   66.526394][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.528801][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.531583][ T5849] bridge_slave_1: entered allmulticast mode
[   66.535251][ T5849] bridge_slave_1: entered promiscuous mode
[   66.557480][ T5855] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.560188][ T5855] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.562902][ T5855] bridge_slave_0: entered allmulticast mode
[   66.565762][ T5855] bridge_slave_0: entered promiscuous mode
[   66.588051][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.591328][ T5855] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.593880][ T5855] bridge_slave_1: entered allmulticast mode
[   66.597186][ T5855] bridge_slave_1: entered promiscuous mode
[   66.616211][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.624186][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.649180][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.668134][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.675798][ T5855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.724490][ T5855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.731003][ T5845] team0: Port device team_slave_0 added
[   66.736510][ T5849] team0: Port device team_slave_0 added
[   66.754957][ T5845] team0: Port device team_slave_1 added
[   66.759469][ T5849] team0: Port device team_slave_1 added
[   66.813701][ T5855] team0: Port device team_slave_0 added
[   66.817335][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.820582][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   66.831391][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.853791][ T5855] team0: Port device team_slave_1 added
[   66.857206][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.860942][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   66.871912][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.877624][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.881741][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   66.891828][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.917951][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.920724][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   66.929937][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.943775][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.946316][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   66.956197][ T5855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.962377][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.965146][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   66.975284][ T5855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   67.037394][ T5849] hsr_slave_0: entered promiscuous mode
[   67.041999][ T5849] hsr_slave_1: entered promiscuous mode
[   67.078322][ T5845] hsr_slave_0: entered promiscuous mode
[   67.081358][ T5845] hsr_slave_1: entered promiscuous mode
[   67.083661][ T5845] debugfs: 'hsr0' already exists in 'hsr'
[   67.085765][ T5845] Cannot create hsr debugfs directory
[   67.104850][ T5855] hsr_slave_0: entered promiscuous mode
[   67.108194][ T5855] hsr_slave_1: entered promiscuous mode
[   67.111668][ T5855] debugfs: 'hsr0' already exists in 'hsr'
[   67.113944][ T5855] Cannot create hsr debugfs directory
[   67.416386][ T5855] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   67.426755][ T5855] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   67.432793][ T5855] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   67.444887][ T5855] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   67.492371][ T5845] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   67.498305][ T5845] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   67.513997][ T5845] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   67.518964][ T5845] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   67.575453][ T5849] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   67.596985][ T5849] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   67.605236][ T5849] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   67.622238][ T5849] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   67.694674][ T5855] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.729511][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.744203][ T5855] 8021q: adding VLAN 0 to HW filter on device team0
[   67.762361][ T5845] 8021q: adding VLAN 0 to HW filter on device team0
[   67.768292][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.771023][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.784772][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.787697][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.803996][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.806270][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.814514][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.817377][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.861052][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.907030][ T5849] 8021q: adding VLAN 0 to HW filter on device team0
[   67.921808][ T5851] Bluetooth: hci1: command tx timeout
[   67.921983][ T5235] Bluetooth: hci0: command tx timeout
[   67.939151][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.942147][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.961492][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.964388][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.000663][ T5235] Bluetooth: hci2: command tx timeout
[   68.120501][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.196528][ T5855] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.211366][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.216925][ T5845] veth0_vlan: entered promiscuous mode
[   68.233139][ T5845] veth1_vlan: entered promiscuous mode
[   68.300472][ T5855] veth0_vlan: entered promiscuous mode
[   68.303165][ T5849] veth0_vlan: entered promiscuous mode
[   68.316427][ T5845] veth0_macvtap: entered promiscuous mode
[   68.319665][ T5855] veth1_vlan: entered promiscuous mode
[   68.325317][ T5845] veth1_macvtap: entered promiscuous mode
[   68.332451][ T5849] veth1_vlan: entered promiscuous mode
[   68.365407][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.386323][ T5855] veth0_macvtap: entered promiscuous mode
[   68.394145][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.414631][ T5849] veth0_macvtap: entered promiscuous mode
[   68.427056][ T5859] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.433275][ T5859] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.443372][ T5855] veth1_macvtap: entered promiscuous mode
[   68.448698][ T5849] veth1_macvtap: entered promiscuous mode
[   68.455176][ T5859] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.461505][ T5859] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.493768][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.504559][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.520205][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.527514][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.568360][ T5859] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.572388][ T5859] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.589528][ T5859] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.594464][ T5859] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.607608][ T5859] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.611288][ T5859] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.621809][ T5859] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.627108][ T5859] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.631686][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.636481][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.709187][ T4485] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.714789][ T4485] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.765861][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.769020][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.802524][ T5845] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   68.822831][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.841643][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.860088][  T963] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.870892][  T963] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.942367][   T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.946090][   T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.966492][ T5916] syz.1.4 uses obsolete (PF_INET,SOCK_PACKET)
[   69.052113][ T5921] netlink: 'syz.1.5': attribute type 2 has an invalid length.
[   69.055566][ T5921] netlink: 'syz.1.5': attribute type 3 has an invalid length.
[   69.065163][ T5921] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5'.
[   69.109767][    C0] hrtimer: interrupt took 33660 ns
[   69.252264][ T5934] netlink: 52 bytes leftover after parsing attributes in process `syz.2.10'.
[   69.328886][ T5939] netlink: 'syz.0.12': attribute type 3 has an invalid length.
[   69.333688][ T5939] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12'.
[   69.353418][ T5941] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13'.
[   69.356353][ T5941] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13'.
[   69.359154][ T5941] netlink: 40 bytes leftover after parsing attributes in process `syz.1.13'.
[   69.433634][ T5949] netlink: 156 bytes leftover after parsing attributes in process `syz.0.18'.
[   69.566766][ T5958] sctp: [Deprecated]: syz.2.17 (pid 5958) Use of int in maxseg socket option.
[   69.566766][ T5958] Use struct sctp_assoc_value instead
[   69.702955][ T5962] netlink: 'syz.2.22': attribute type 2 has an invalid length.
[   70.001078][ T5235] Bluetooth: hci0: command tx timeout
[   70.003890][ T5235] Bluetooth: hci1: command tx timeout
[   70.084903][ T5235] Bluetooth: hci2: command tx timeout
[   70.372952][ T5986] Illegal XDP return value 4294967274 on prog  (id 10) dev N/A, expect packet loss!
[   70.478685][ T5990] Zero length message leads to an empty skb
[   70.487540][ T5990] netlink: 14556 bytes leftover after parsing attributes in process `syz.0.34'.
[   71.119149][ T6002] netlink: 136 bytes leftover after parsing attributes in process `syz.1.39'.
[   71.157964][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[   71.161143][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[   72.080055][ T5235] Bluetooth: hci0: command tx timeout
[   72.082478][ T5851] Bluetooth: hci1: command tx timeout
[   72.162601][ T5235] Bluetooth: hci2: command tx timeout
[   72.899021][ T6010] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   72.904214][ T6034] netlink: 1042 bytes leftover after parsing attributes in process `syz.2.51'.
[   73.165281][ T6052] netlink: 'syz.2.59': attribute type 21 has an invalid length.
[   73.895583][ T6070] netlink: 'syz.0.66': attribute type 274 has an invalid length.
[   74.160377][ T5851] Bluetooth: hci1: command tx timeout
[   74.162543][ T5235] Bluetooth: hci0: command tx timeout
[   74.240175][ T5235] Bluetooth: hci2: command tx timeout
[   76.458840][ T6149] __nla_validate_parse: 1 callbacks suppressed
[   76.458851][ T6149] netlink: 16255 bytes leftover after parsing attributes in process `syz.1.97'.
[   76.799085][ T6172] ksmbd: Unknown IPC event: 3, ignore.
[   76.881246][ T6174] netlink: 'syz.2.108': attribute type 29 has an invalid length.
[   76.887384][ T6174] netlink: 'syz.2.108': attribute type 29 has an invalid length.
[   76.891850][ T6174] netlink: 'syz.2.108': attribute type 29 has an invalid length.
[   77.012988][ T6172] syz.0.107 (6172) used greatest stack depth: 19896 bytes left
[   77.086746][ T6183] netlink: 348 bytes leftover after parsing attributes in process `syz.0.112'.
[   77.758682][ T6175] delete_channel: no stack
[   78.375967][ T6193] warning: `syz.1.117' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   78.652594][ T6225] netlink: 'syz.1.132': attribute type 1 has an invalid length.
[   78.655826][ T6225] netlink: 8 bytes leftover after parsing attributes in process `syz.1.132'.
[   80.590408][ T6310] netlink: 'syz.1.172': attribute type 10 has an invalid length.
[   80.644105][ T6314] netlink: 'syz.1.172': attribute type 11 has an invalid length.
[   80.648035][ T6314] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.172'.
[   81.415657][ T6309] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   83.852124][ T6310] team0: Port device wlan1 added
[   84.856318][ T6380] netlink: 'syz.2.203': attribute type 1 has an invalid length.
[   84.996259][ T6390] netlink: 64 bytes leftover after parsing attributes in process `syz.2.208'.
[   85.291122][ T6399] netlink: 'syz.2.211': attribute type 39 has an invalid length.
[   86.496194][  T794] cfg80211: failed to load regulatory.db
[   86.578533][ T6480] netlink: 20 bytes leftover after parsing attributes in process `syz.0.247'.
[   86.626760][ T6480] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[   87.794361][ T6549] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.273'.
[   88.340288][ T6582] netlink: 'syz.1.287': attribute type 10 has an invalid length.
[   88.350326][ T6582] veth1_vlan: entered allmulticast mode
[   88.361046][ T6582] team0: Device veth1_vlan failed to register rx_handler
[   89.707161][ T6600] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.296'.
[   89.754452][ T6604] netlink: 'syz.1.298': attribute type 5 has an invalid length.
[   89.785925][ T6604] netlink: 'syz.1.298': attribute type 9 has an invalid length.
[   89.788402][ T6604] netlink: 'syz.1.298': attribute type 1 has an invalid length.
[   89.802999][ T6604] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.298'.
[   89.940741][ T6612] netlink: 'syz.1.302': attribute type 3 has an invalid length.
[   92.856198][ T6623] veth0_vlan: entered allmulticast mode
[   93.163061][ T6623] veth0_vlan: left promiscuous mode
[   93.176682][ T6623] veth0_vlan: entered promiscuous mode
[   93.368452][ T6641] netlink: 12 bytes leftover after parsing attributes in process `syz.1.313'.
[   93.873247][ T6659] netlink: 'syz.1.322': attribute type 10 has an invalid length.
[   93.876284][ T6659] netlink: 40 bytes leftover after parsing attributes in process `syz.1.322'.
[   94.500046][ T6661] Dead loop on virtual device ip6_vti0, fix it urgently!
[   94.548576][ T6659] vcan0: entered promiscuous mode
[   94.555221][ T6659] A link change request failed with some changes committed already. Interface vcan0 may have been left with an inconsistent configuration, please check.
[   94.794694][ T6677] netlink: del zone limit has 4 unknown bytes
[   94.936879][ T6690] =======================================================
[   94.936879][ T6690] WARNING: The mand mount option has been deprecated and
[   94.936879][ T6690]          and is ignored by this kernel. Remove the mand
[   94.936879][ T6690]          option from the mount to silence this warning.
[   94.936879][ T6690] =======================================================
[   95.101634][ T6703] netlink: 12 bytes leftover after parsing attributes in process `syz.2.343'.
[   95.135177][ T6706] netlink: 12 bytes leftover after parsing attributes in process `syz.0.344'.
[   95.379931][ T6729] netlink: 'syz.0.356': attribute type 13 has an invalid length.
[   95.397049][ T6729] gretap0: refused to change device tx_queue_len
[   95.399582][ T6729] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   95.497153][ T6740] netlink: 156 bytes leftover after parsing attributes in process `syz.1.359'.
[   95.689175][ T6751] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   95.795272][ T6763] netlink: 'syz.0.370': attribute type 32 has an invalid length.
[   95.797693][ T6763] netlink: 36 bytes leftover after parsing attributes in process `syz.0.370'.
[   96.061318][ T6781] syzkaller0: entered promiscuous mode
[   96.063447][ T6781] syzkaller0: entered allmulticast mode
[   97.021502][ T6799] netlink: 104 bytes leftover after parsing attributes in process `syz.0.387'.
[   97.315524][ T6813] xt_l2tp: missing protocol rule (udp|l2tpip)
[   97.389638][ T6815] netlink: 'syz.2.395': attribute type 1 has an invalid length.
[   97.392677][ T6815] netlink: 'syz.2.395': attribute type 4 has an invalid length.
[   97.395474][ T6815] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.395'.
[   97.566975][ T6827] netlink: 'syz.2.400': attribute type 4 has an invalid length.
[  100.892845][ T6853] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  100.896861][ T6853] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  101.164851][ T6872] netlink: 144 bytes leftover after parsing attributes in process `syz.1.419'.
[  101.403082][ T6886] netlink: 'syz.2.426': attribute type 8 has an invalid length.
[  101.406036][ T6886] netlink: 'syz.2.426': attribute type 1 has an invalid length.
[  101.936612][ T6909] netlink: 'syz.0.435': attribute type 10 has an invalid length.
[  101.964201][ T6909] veth1_macvtap: left promiscuous mode
[  102.219339][ T6921] netlink: 'syz.2.440': attribute type 3 has an invalid length.
[  102.224566][ T6921] netlink: 'syz.2.440': attribute type 1 has an invalid length.
[  102.227523][ T6921] netlink: 60387 bytes leftover after parsing attributes in process `syz.2.440'.
[  103.316475][ T6962] netlink: 28 bytes leftover after parsing attributes in process `syz.0.452'.
[  103.356274][ T6964] netlink: 'syz.1.456': attribute type 5 has an invalid length.
[  103.365645][ T6964] netlink: 'syz.1.456': attribute type 6 has an invalid length.
[  103.369910][ T6964] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.456'.
[  103.519354][ T6976] netlink: 28 bytes leftover after parsing attributes in process `syz.2.461'.
[  103.526229][ T6976] netlink: 28 bytes leftover after parsing attributes in process `syz.2.461'.
[  104.564244][ T6998] netlink: 'syz.2.472': attribute type 1 has an invalid length.
[  104.802988][ T7014] netlink: 'syz.2.479': attribute type 39 has an invalid length.
[  105.091224][ T7022] netlink: 'syz.1.482': attribute type 29 has an invalid length.
[  120.650830][ T5851] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  120.651617][ T5851] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  120.652014][ T5851] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  120.652555][ T5851] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  120.652942][ T5851] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  120.695107][ T5235] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  120.695922][ T5235] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  120.696304][ T5235] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  120.696847][ T5235] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  120.697189][ T5235] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  121.334394][ T5851] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  121.335427][ T5851] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  121.335983][ T5851] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  121.336823][ T5851] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  121.337407][ T5851] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  122.720216][ T5851] Bluetooth: hci3: command tx timeout
[  122.721675][ T5235] Bluetooth: hci4: command tx timeout
[  123.360046][ T5235] Bluetooth: hci5: command tx timeout
[  124.800176][ T5851] Bluetooth: hci3: command tx timeout
[  124.800625][ T5235] Bluetooth: hci4: command tx timeout
[  125.440177][ T5235] Bluetooth: hci5: command tx timeout
[  126.880243][ T5851] Bluetooth: hci3: command tx timeout
[  126.880973][ T5235] Bluetooth: hci4: command tx timeout
[  127.520039][ T5235] Bluetooth: hci5: command tx timeout
[  128.960244][ T5851] Bluetooth: hci3: command tx timeout
[  128.960296][ T5235] Bluetooth: hci4: command tx timeout
[  129.600035][ T5235] Bluetooth: hci5: command tx timeout
[  132.563505][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[  132.563557][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  138.230797][    C1] clocksource: Long readout interval, skipping watchdog check: cs_nsec: 12677973097 wd_nsec: 12677973008
[  181.883834][ T5851] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  181.884739][ T5851] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  181.885298][ T5851] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  181.886201][ T5851] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  181.886763][ T5851] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  181.943271][ T5235] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  181.944182][ T5235] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  181.944518][ T5235] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  181.945717][ T5235] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  181.946289][ T5235] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  181.984583][ T5235] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  181.985559][ T5235] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  181.986125][ T5235] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  181.987265][ T5235] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  181.987751][ T5235] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  184.002818][ T5851] Bluetooth: hci8: command tx timeout
[  184.003260][ T5851] Bluetooth: hci7: command tx timeout
[  184.003429][ T5851] Bluetooth: hci6: command tx timeout
[  186.080044][ T5851] Bluetooth: hci7: command tx timeout
[  186.080087][ T5851] Bluetooth: hci8: command tx timeout
[  186.081745][ T5235] Bluetooth: hci6: command tx timeout
[  188.160115][   T56] Bluetooth: hci8: command tx timeout
[  188.160157][   T56] Bluetooth: hci7: command tx timeout
[  188.161803][ T5235] Bluetooth: hci6: command tx timeout
[  190.243406][ T5853] Bluetooth: hci7: command tx timeout
[  190.243436][ T5853] Bluetooth: hci8: command tx timeout
[  190.243470][ T5848] Bluetooth: hci6: command tx timeout
[  190.962683][ T7058] Bluetooth: hci0: command 0x0406 tx timeout
[  190.962718][ T7058] Bluetooth: hci1: command 0x0406 tx timeout
[  190.962766][ T5848] Bluetooth: hci2: command 0x0406 tx timeout
[  194.007008][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[  194.007094][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  209.809761][    C1] rcu: INFO: rcu_preempt self-detected stall on CPU
[  209.809775][    C1] rcu: 	1-....: (10467 ticks this GP) idle=ae2c/1/0x4000000000000000 softirq=16991/17436 fqs=5033
[  209.810075][    C1] rcu: 	         hardirqs   softirqs   csw/system
[  209.810081][    C1] rcu: 	 number:  1187562       1126            0
[  209.810088][    C1] rcu: 	cputime:    34487      17982           58   ==> 52490(ms)
[  209.810095][    C1] rcu: 	(t=10501 jiffies g=12793 q=3110 ncpus=2)
[  209.810117][    C1] CPU: 1 UID: 0 PID: 7014 Comm: syz.2.479 Not tainted syzkaller #0 PREEMPT(full) 
[  209.810126][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  209.810132][    C1] RIP: 0010:unwind_next_frame+0x214/0x2390
[  209.810159][    C1] Code: ef 08 8b 15 be 24 68 0c 8d 42 ff 44 39 f8 0f 86 65 18 00 00 44 89 f8 4c 8d 2c 85 f8 3a 00 91 4c 89 e8 48 c1 e8 03 0f b6 04 28 <84> c0 48 89 eb 0f 85 1c 1c 00 00 45 8b 6d 00 44 89 f8 ff c0 48 8d
[  209.810172][    C1] RSP: 0018:ffffc900001e04b8 EFLAGS: 00000a07
[  209.810180][    C1] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 7e4b16f3d0b1bc00
[  209.810185][    C1] RDX: 00000000000a8218 RSI: ffffffff8c03d4c0 RDI: ffffffff8c03d480
[  209.810190][    C1] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff81742d25
[  209.810195][    C1] R10: ffffc900001e05d8 R11: ffffffff81acd5a0 R12: ffffffff81acd54b
[  209.810200][    C1] R13: ffffffff9102ee4c R14: ffffc900001e0588 R15: 000000000000acd5
[  209.810205][    C1] FS:  00007fa0a74e16c0(0000) GS:ffff8881a3a03000(0000) knlGS:0000000000000000
[  209.810211][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  209.810216][    C1] CR2: 0000200000000940 CR3: 000000003b4ca000 CR4: 00000000000006f0
[  209.810240][    C1] DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000
[  209.810246][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  209.810250][    C1] Call Trace:
[  209.810254][    C1]  <IRQ>
[  209.810263][    C1]  ? arch_stack_walk+0xe4/0x150
[  209.810275][    C1]  ? unwind_next_frame+0xa5/0x2390
[  209.810282][    C1]  ? stack_trace_save+0x9c/0xe0
[  209.810293][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  209.810302][    C1]  arch_stack_walk+0x11c/0x150
[  209.810312][    C1]  ? stack_trace_save+0x9c/0xe0
[  209.810322][    C1]  stack_trace_save+0x9c/0xe0
[  209.810330][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  209.810343][    C1]  ref_tracker_alloc+0x17d/0x460
[  209.810355][    C1]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  209.810362][    C1]  ? irqentry_exit+0x74/0x90
[  209.810378][    C1]  ? dst_init+0xb4/0x460
[  209.810391][    C1]  dst_init+0xe6/0x460
[  209.810402][    C1]  dst_alloc+0x12a/0x170
[  209.810413][    C1]  icmp6_dst_alloc+0x75/0x420
[  209.810425][    C1]  ? icmpv6_flow_init+0x62/0x120
[  209.810436][    C1]  ndisc_send_skb+0x3f1/0x1510
[  209.810446][    C1]  ? ndisc_send_skb+0x1e4/0x1510
[  209.810458][    C1]  ? __pfx_ndisc_send_skb+0x10/0x10
[  209.810467][    C1]  ? kasan_check_range+0x9f/0x2c0
[  209.810494][    C1]  addrconf_rs_timer+0x369/0x670
[  209.810506][    C1]  ? __pfx_addrconf_rs_timer+0x10/0x10
[  209.810514][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  209.810529][    C1]  call_timer_fn+0x17e/0x5f0
[  209.810539][    C1]  ? __pfx_addrconf_rs_timer+0x10/0x10
[  209.810545][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  209.810552][    C1]  ? call_timer_fn+0xbe/0x5f0
[  209.810561][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  209.810577][    C1]  ? __pfx_addrconf_rs_timer+0x10/0x10
[  209.810585][    C1]  __run_timer_base+0x61a/0x860
[  209.810593][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  209.810609][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  209.810627][    C1]  run_timer_softirq+0xb7/0x180
[  209.810636][    C1]  handle_softirqs+0x286/0x870
[  209.810648][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  209.810662][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  209.810675][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  209.810684][    C1]  __irq_exit_rcu+0xca/0x1f0
[  209.810694][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  209.810709][    C1]  irq_exit_rcu+0x9/0x30
[  209.810718][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  209.810726][    C1]  </IRQ>
[  209.810728][    C1]  <TASK>
[  209.810731][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  209.810739][    C1] RIP: 0010:console_flush_all+0x105/0xb10
[  209.810748][    C1] Code: 04 20 84 c0 0f 85 09 0a 00 00 4c 89 74 24 48 48 89 5c 24 10 c6 03 00 8b 44 24 2c 34 01 88 44 24 03 48 c7 44 24 08 00 00 00 00 <48> 8d bc 24 e0 00 00 00 e8 4e c0 ff ff 48 c7 c7 40 8c 21 8e be 02
[  209.810754][    C1] RSP: 0018:ffffc900068e6980 EFLAGS: 00000283
[  209.810761][    C1] RAX: ffffffff81a0fef3 RBX: 0000000000000000 RCX: 0000000000080000
[  209.810765][    C1] RDX: ffffc900202c1000 RSI: 0000000000001d9a RDI: 0000000000001d9b
[  209.810770][    C1] RBP: ffffc900068e6ad0 R08: 0000000000000003 R09: 0000000000000004
[  209.810774][    C1] R10: dffffc0000000000 R11: fffffbfff1c3a65c R12: dffffc0000000000
[  209.810779][    C1] R13: 0000000000000001 R14: 0000000081a0fd01 R15: 0000000000000000
[  209.810788][    C1]  ? console_flush_all+0xa13/0xb10
[  209.810799][    C1]  ? console_flush_all+0x821/0xb10
[  209.810808][    C1]  ? console_flush_all+0x13a/0xb10
[  209.810819][    C1]  ? __pfx_console_flush_all+0x10/0x10
[  209.810833][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  209.810844][    C1]  console_unlock+0xbb/0x190
[  209.810851][    C1]  ? __pfx___down_trylock_console_sem+0x10/0x10
[  209.810859][    C1]  ? __pfx_console_unlock+0x10/0x10
[  209.810872][    C1]  vprintk_emit+0x4c5/0x590
[  209.810881][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  209.810887][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  209.810895][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  209.810911][    C1]  _printk+0xcf/0x120
[  209.810920][    C1]  ? __pfx____ratelimit+0x10/0x10
[  209.810930][    C1]  ? __pfx__printk+0x10/0x10
[  209.810946][    C1]  __nla_validate_parse+0x1719/0x2d40
[  209.810955][    C1]  ? ___sys_sendmsg+0x21f/0x2a0
[  209.810963][    C1]  ? __x64_sys_sendmsg+0x19b/0x260
[  209.810980][    C1]  ? __pfx___nla_validate_parse+0x10/0x10
[  209.810997][    C1]  ? irqentry_exit+0x74/0x90
[  209.811004][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  209.811047][    C1]  __nla_parse+0x40/0x60
[  209.811061][    C1]  rtnl_newlink+0x1eb/0x1c80
[  209.811070][    C1]  ? irqentry_exit+0x74/0x90
[  209.811078][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  209.811088][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  209.811099][    C1]  ? rcu_is_watching+0x15/0xb0
[  209.811106][    C1]  ? trace_sched_exit_tp+0x36/0x110
[  209.811116][    C1]  ? __schedule+0x17ae/0x4cc0
[  209.811128][    C1]  ? trace_pelt_se_tp+0x39/0x130
[  209.811144][    C1]  ? __pfx___schedule+0x10/0x10
[  209.811153][    C1]  ? __pfx_perf_trace_lock+0x10/0x10
[  209.811167][    C1]  ? perf_trace_lock+0xec/0x3b0
[  209.811183][    C1]  ? perf_trace_lock+0xec/0x3b0
[  209.811192][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  209.811205][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  209.811214][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  209.811222][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  209.811228][    C1]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  209.811235][    C1]  ? rtnetlink_rcv_msg+0x7b9/0xb70
[  209.811244][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  209.811250][    C1]  rtnetlink_rcv_msg+0x7cf/0xb70
[  209.811257][    C1]  ? trace_irq_disable+0x37/0x110
[  209.811268][    C1]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  209.811274][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  209.811285][    C1]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[  209.811299][    C1]  netlink_rcv_skb+0x208/0x470
[  209.811307][    C1]  ? rcu_is_watching+0x15/0xb0
[  209.811314][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  209.811322][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  209.811335][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  209.811346][    C1]  netlink_unicast+0x82f/0x9e0
[  209.811361][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[  209.811373][    C1]  ? netlink_sendmsg+0x642/0xb30
[  209.811379][    C1]  ? skb_put+0x11b/0x210
[  209.811389][    C1]  netlink_sendmsg+0x805/0xb30
[  209.811401][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  209.811410][    C1]  ? perf_trace_run_bpf_submit+0x100/0x170
[  209.811419][    C1]  ? aa_sock_msg_perm+0xf1/0x1d0
[  209.811428][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  209.811437][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  209.811445][    C1]  __sock_sendmsg+0x21c/0x270
[  209.811458][    C1]  ____sys_sendmsg+0x505/0x830
[  209.811469][    C1]  ? __pfx_____sys_sendmsg+0x10/0x10
[  209.811485][    C1]  ? import_iovec+0x74/0xa0
[  209.811499][    C1]  ___sys_sendmsg+0x21f/0x2a0
[  209.811508][    C1]  ? __pfx____sys_sendmsg+0x10/0x10
[  209.811528][    C1]  ? __fget_files+0x2a/0x420
[  209.811543][    C1]  ? __fget_files+0x2a/0x420
[  209.811551][    C1]  ? __fget_files+0x3a0/0x420
[  209.811565][    C1]  __x64_sys_sendmsg+0x19b/0x260
[  209.811575][    C1]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  209.811592][    C1]  ? do_syscall_64+0xbe/0xfa0
[  209.811602][    C1]  do_syscall_64+0xfa/0xfa0
[  209.811610][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.811617][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  209.811627][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.811634][    C1] RIP: 0033:0x7fa0a658ec29
[  209.811642][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  209.811648][    C1] RSP: 002b:00007fa0a74e1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  209.811656][    C1] RAX: ffffffffffffffda RBX: 00007fa0a67d5fa0 RCX: 00007fa0a658ec29
[  209.811661][    C1] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000004
[  209.811666][    C1] RBP: 00007fa0a6611e41 R08: 0000000000000000 R09: 0000000000000000
[  209.811670][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  209.811674][    C1] R13: 00007fa0a67d6038 R14: 00007fa0a67d5fa0 R15: 00007fff42320e28
[  209.811688][    C1]  </TASK>
[  240.081178][   T18] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 1-.... } 13461 jiffies s: 7101 root: 0x2/.
[  240.081219][   T18] rcu: blocking rcu_node structures (internal RCU debug):
[  240.081245][   T18] Sending NMI from CPU 0 to CPUs 1:
[  240.081320][    C1] NMI backtrace for cpu 1
[  240.081337][    C1] CPU: 1 UID: 0 PID: 7014 Comm: syz.2.479 Not tainted syzkaller #0 PREEMPT(full) 
[  240.081350][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  240.081358][    C1] RIP: 0010:asm_sysvec_apic_timer_interrupt+0x0/0x20
[  240.081380][    C1] Code: 36 36 7e 0a e9 61 06 00 00 90 f3 0f 1e fa 0f 1f 00 fc 6a ff e8 11 05 00 00 48 89 c4 48 89 e7 e8 46 35 7e 0a e9 41 06 00 00 90 <f3> 0f 1e fa 0f 1f 00 fc 6a ff e8 f1 04 00 00 48 89 c4 48 89 e7 e8
[  240.081389][    C1] RSP: 0018:ffffc900001e0308 EFLAGS: 00000806
[  240.081400][    C1] RAX: 0000000000000000 RBX: ffffffff8fd15b0c RCX: dffffc0000000000
[  240.081409][    C1] RDX: ffffffff8fd15a88 RSI: ffffffff904a8126 RDI: ffffffff8c03d480
[  240.081417][    C1] RBP: ffffffff8fd15a88 R08: 0000000000000022 R09: ffffffff81742d25
[  240.081426][    C1] R10: dffffc0000000000 R11: ffffffff81acd5a0 R12: ffffffff8100012f
[  240.081435][    C1] R13: ffffffff8fd15a88 R14: ffffc900001e0408 R15: ffffffff8fd15ac8
[  240.081444][    C1] FS:  00007fa0a74e16c0(0000) GS:ffff8881a3a03000(0000) knlGS:0000000000000000
[  240.081453][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  240.081462][    C1] CR2: 0000200000000940 CR3: 000000003b4ca000 CR4: 00000000000006f0
[  240.081494][    C1] DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000
[  240.081503][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  240.081512][    C1] Call Trace:
[  240.081518][    C1]  <IRQ>
[  240.081522][    C1] RIP: 0010:unwind_next_frame+0x130e/0x2390
[  240.081537][    C1] Code: c1 e8 3f 48 01 c8 48 83 e0 fe 4c 8d 3c 45 00 00 00 00 49 01 ef 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 <84> c0 75 27 49 63 07 4c 01 f8 49 8d 4f 04 4c 39 e0 48 0f 46 e9 49
[  240.081547][    C1] RSP: 0018:ffffc900001e0338 EFLAGS: 00000a06
[  240.081560][    C1]  ? unwind_next_frame+0xd4/0x2390
[  240.081576][    C1]  ? unwind_next_frame+0xa5/0x2390
[  240.081588][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  240.081602][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  240.081616][    C1]  arch_stack_walk+0x11c/0x150
[  240.081631][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  240.081646][    C1]  stack_trace_save+0x9c/0xe0
[  240.081660][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  240.081672][    C1]  ? __pfx_e1000_clean_rx_irq+0x10/0x10
[  240.081689][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  240.081703][    C1]  kasan_save_track+0x3e/0x80
[  240.081717][    C1]  ? kasan_save_track+0x3e/0x80
[  240.081728][    C1]  ? __kasan_mempool_unpoison_object+0xa0/0x170
[  240.081743][    C1]  ? napi_skb_cache_get+0x37b/0x6d0
[  240.081756][    C1]  ? __alloc_skb+0x11e/0x2d0
[  240.081766][    C1]  ? napi_alloc_skb+0x84/0x7d0
[  240.081777][    C1]  ? e1000_clean_rx_irq+0x448/0x1170
[  240.081789][    C1]  ? e1000_clean+0xca4/0x2b00
[  240.081803][    C1]  ? __napi_poll+0xc7/0x360
[  240.081817][    C1]  ? net_rx_action+0x707/0xe30
[  240.081825][    C1]  ? handle_softirqs+0x286/0x870
[  240.081841][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  240.081857][    C1]  ? irq_exit_rcu+0x9/0x30
[  240.081872][    C1]  ? sysvec_apic_timer_interrupt+0xa6/0xc0
[  240.081884][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  240.081894][    C1]  ? put_dec+0x17/0xe0
[  240.081908][    C1]  ? number+0x2f8/0xf60
[  240.081922][    C1]  ? vsnprintf+0x91b/0xf00
[  240.081935][    C1]  ? snprintf+0xda/0x120
[  240.081948][    C1]  ? info_print_prefix+0x1e1/0x310
[  240.081962][    C1]  ? record_print_text+0x154/0x420
[  240.081972][    C1]  ? printk_get_next_message+0x26d/0x7b0
[  240.081984][    C1]  ? console_flush_all+0x4ca/0xb10
[  240.081997][    C1]  ? console_unlock+0xbb/0x190
[  240.082007][    C1]  ? vprintk_emit+0x4c5/0x590
[  240.082018][    C1]  ? _printk+0xcf/0x120
[  240.082032][    C1]  ? __nla_validate_parse+0x1719/0x2d40
[  240.082047][    C1]  ? __nla_parse+0x40/0x60
[  240.082061][    C1]  ? rtnl_newlink+0x1eb/0x1c80
[  240.082072][    C1]  ? rtnetlink_rcv_msg+0x7cf/0xb70
[  240.082083][    C1]  ? netlink_rcv_skb+0x208/0x470
[  240.082094][    C1]  ? netlink_unicast+0x82f/0x9e0
[  240.082153][    C1]  ? netlink_sendmsg+0x805/0xb30
[  240.082164][    C1]  ? __sock_sendmsg+0x21c/0x270
[  240.082180][    C1]  ? ____sys_sendmsg+0x505/0x830
[  240.082193][    C1]  ? ___sys_sendmsg+0x21f/0x2a0
[  240.082206][    C1]  ? __x64_sys_sendmsg+0x19b/0x260
[  240.082219][    C1]  ? do_syscall_64+0xfa/0xfa0
[  240.082230][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  240.082254][    C1]  __kasan_mempool_unpoison_object+0xa0/0x170
[  240.082270][    C1]  ? napi_skb_cache_get+0x146/0x6d0
[  240.082282][    C1]  napi_skb_cache_get+0x37b/0x6d0
[  240.082294][    C1]  ? napi_skb_cache_get+0x146/0x6d0
[  240.082307][    C1]  __alloc_skb+0x11e/0x2d0
[  240.082330][    C1]  napi_alloc_skb+0x84/0x7d0
[  240.082346][    C1]  e1000_clean_rx_irq+0x448/0x1170
[  240.082371][    C1]  ? __pfx_e1000_clean_rx_irq+0x10/0x10
[  240.082381][    C1]  e1000_clean+0xca4/0x2b00
[  240.082412][    C1]  ? __pfx_e1000_clean+0x10/0x10
[  240.082433][    C1]  __napi_poll+0xc7/0x360
[  240.082452][    C1]  net_rx_action+0x707/0xe30
[  240.082473][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  240.082503][    C1]  handle_softirqs+0x286/0x870
[  240.082521][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  240.082539][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  240.082559][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  240.082575][    C1]  __irq_exit_rcu+0xca/0x1f0
[  240.082591][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  240.082614][    C1]  irq_exit_rcu+0x9/0x30
[  240.082631][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  240.082644][    C1]  </IRQ>
[  240.082649][    C1]  <TASK>
[  240.082653][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  240.082666][    C1] RIP: 0010:put_dec+0x17/0xe0
[  240.082682][    C1] Code: 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 57 41 56 41 54 53 48 89 f3 49 89 fe e8 3e 0d 46 f6 bf ff e0 f5 05 <48> 89 de e8 11 12 46 f6 48 81 fb ff e0 f5 05 0f 86 8e 00 00 00 48
[  240.082692][    C1] RSP: 0018:ffffc900068e62b8 EFLAGS: 00000283
[  240.082705][    C1] RAX: ffffffff8b7a48f2 RBX: 00000000000016db RCX: 0000000000080000
[  240.082714][    C1] RDX: ffffc900202c1000 RSI: 00000000000024be RDI: 0000000005f5e0ff
[  240.082723][    C1] RBP: ffffc900068e6400 R08: ffffc900068e6377 R09: 0000000000000000
[  240.082731][    C1] R10: ffffc900068e6360 R11: fffff52000d1cc6f R12: 00000000000016db
[  240.082740][    C1] R13: 00000000000016db R14: ffffc900068e6360 R15: 00ffffffffffff0a
[  240.082754][    C1]  ? put_dec+0x12/0xe0
[  240.082774][    C1]  ? put_dec+0x12/0xe0
[  240.082788][    C1]  number+0x2f8/0xf60
[  240.082805][    C1]  ? number+0x61/0xf60
[  240.082818][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  240.082831][    C1]  ? __pfx_number+0x10/0x10
[  240.082855][    C1]  vsnprintf+0x91b/0xf00
[  240.082877][    C1]  snprintf+0xda/0x120
[  240.082895][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  240.082909][    C1]  ? __pfx_snprintf+0x10/0x10
[  240.082933][    C1]  info_print_prefix+0x1e1/0x310
[  240.082950][    C1]  ? __pfx_info_print_prefix+0x10/0x10
[  240.082962][    C1]  ? _prb_read_valid+0xa7b/0xa90
[  240.082981][    C1]  record_print_text+0x154/0x420
[  240.082995][    C1]  ? __pfx__prb_read_valid+0x10/0x10
[  240.083013][    C1]  ? __pfx_record_print_text+0x10/0x10
[  240.083029][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  240.083041][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  240.083056][    C1]  printk_get_next_message+0x26d/0x7b0
[  240.083074][    C1]  ? __pfx_printk_get_next_message+0x10/0x10
[  240.083088][    C1]  ? irqentry_exit+0x74/0x90
[  240.083131][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  240.083148][    C1]  ? console_flush_all+0x13a/0xb10
[  240.083163][    C1]  ? console_flush_all+0x476/0xb10
[  240.083179][    C1]  console_flush_all+0x4ca/0xb10
[  240.083192][    C1]  ? console_flush_all+0x821/0xb10
[  240.083206][    C1]  ? console_flush_all+0x13a/0xb10
[  240.083222][    C1]  ? __pfx_console_flush_all+0x10/0x10
[  240.083239][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  240.083255][    C1]  console_unlock+0xbb/0x190
[  240.083266][    C1]  ? __pfx___down_trylock_console_sem+0x10/0x10
[  240.083279][    C1]  ? __pfx_console_unlock+0x10/0x10
[  240.083296][    C1]  vprintk_emit+0x4c5/0x590
[  240.083309][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  240.083328][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  240.083340][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  240.083361][    C1]  _printk+0xcf/0x120
[  240.083375][    C1]  ? __pfx____ratelimit+0x10/0x10
[  240.083387][    C1]  ? __pfx__printk+0x10/0x10
[  240.083407][    C1]  __nla_validate_parse+0x1719/0x2d40
[  240.083423][    C1]  ? ___sys_sendmsg+0x21f/0x2a0
[  240.083435][    C1]  ? __x64_sys_sendmsg+0x19b/0x260
[  240.083454][    C1]  ? __pfx___nla_validate_parse+0x10/0x10
[  240.083478][    C1]  ? irqentry_exit+0x74/0x90
[  240.083489][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  240.083508][    C1]  __nla_parse+0x40/0x60
[  240.083523][    C1]  rtnl_newlink+0x1eb/0x1c80
[  240.083537][    C1]  ? irqentry_exit+0x74/0x90
[  240.083549][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  240.083564][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  240.083578][    C1]  ? rcu_is_watching+0x15/0xb0
[  240.083589][    C1]  ? trace_sched_exit_tp+0x36/0x110
[  240.083604][    C1]  ? __schedule+0x17ae/0x4cc0
[  240.083620][    C1]  ? trace_pelt_se_tp+0x39/0x130
[  240.083641][    C1]  ? __pfx___schedule+0x10/0x10
[  240.083655][    C1]  ? __pfx_perf_trace_lock+0x10/0x10
[  240.083678][    C1]  ? perf_trace_lock+0xec/0x3b0
[  240.083698][    C1]  ? perf_trace_lock+0xec/0x3b0
[  240.083713][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  240.083731][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  240.083744][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  240.083755][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  240.083765][    C1]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  240.083776][    C1]  ? rtnetlink_rcv_msg+0x7b9/0xb70
[  240.083791][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  240.083802][    C1]  rtnetlink_rcv_msg+0x7cf/0xb70
[  240.083814][    C1]  ? trace_irq_disable+0x37/0x110
[  240.083832][    C1]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  240.083844][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  240.083860][    C1]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[  240.083881][    C1]  netlink_rcv_skb+0x208/0x470
[  240.083893][    C1]  ? rcu_is_watching+0x15/0xb0
[  240.083904][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  240.083917][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  240.083934][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  240.083952][    C1]  netlink_unicast+0x82f/0x9e0
[  240.083975][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[  240.083994][    C1]  ? netlink_sendmsg+0x642/0xb30
[  240.084004][    C1]  ? skb_put+0x11b/0x210
[  240.084017][    C1]  netlink_sendmsg+0x805/0xb30
[  240.084034][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  240.084047][    C1]  ? perf_trace_run_bpf_submit+0x100/0x170
[  240.084063][    C1]  ? aa_sock_msg_perm+0xf1/0x1d0
[  240.084079][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  240.084095][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  240.084147][    C1]  __sock_sendmsg+0x21c/0x270
[  240.084167][    C1]  ____sys_sendmsg+0x505/0x830
[  240.084185][    C1]  ? __pfx_____sys_sendmsg+0x10/0x10
[  240.084205][    C1]  ? import_iovec+0x74/0xa0
[  240.084226][    C1]  ___sys_sendmsg+0x21f/0x2a0
[  240.084242][    C1]  ? __pfx____sys_sendmsg+0x10/0x10
[  240.084269][    C1]  ? __fget_files+0x2a/0x420
[  240.084293][    C1]  ? __fget_files+0x2a/0x420
[  240.084307][    C1]  ? __fget_files+0x3a0/0x420
[  240.084335][    C1]  __x64_sys_sendmsg+0x19b/0x260
[  240.084351][    C1]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  240.084375][    C1]  ? do_syscall_64+0xbe/0xfa0
[  240.084391][    C1]  do_syscall_64+0xfa/0xfa0
[  240.084405][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  240.084417][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  240.084434][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  240.084446][    C1] RIP: 0033:0x7fa0a658ec29
[  240.084460][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  240.084471][    C1] RSP: 002b:00007fa0a74e1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  240.084486][    C1] RAX: ffffffffffffffda RBX: 00007fa0a67d5fa0 RCX: 00007fa0a658ec29
[  240.084496][    C1] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000004
[  240.084504][    C1] RBP: 00007fa0a6611e41 R08: 0000000000000000 R09: 0000000000000000
[  240.084512][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  240.084520][    C1] R13: 00007fa0a67d6038 R14: 00007fa0a67d5fa0 R15: 00007fff42320e28
[  240.084536][    C1]  </TASK>
[  241.540313][ T5853] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  241.541612][ T5853] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  241.542163][ T5853] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  241.543073][ T5853] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  241.543684][ T5853] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  242.773004][ T7074] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  242.773841][ T7074] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  242.774268][ T7074] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  242.774780][ T7074] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  242.775152][ T7074] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  242.825264][ T7077] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  242.826900][ T7077] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  242.827342][ T7077] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  242.827856][ T7077] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  242.828315][ T7077] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  247.280143][ T7058] Bluetooth: hci3: command 0x0406 tx timeout
[  247.280242][ T7058] Bluetooth: hci4: command 0x0406 tx timeout
[  247.280279][ T7058] Bluetooth: hci5: command 0x0406 tx timeout
[  247.899799][    C1] sched: DL replenish lagged too much
[  255.444119][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[  255.444204][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  262.479938][   T34] INFO: task kworker/0:0:9 blocked for more than 143 seconds.
[  262.479964][   T34]       Not tainted syzkaller #0
[  262.479973][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  262.479982][   T34] task:kworker/0:0     state:D stack:24904 pid:9     tgid:9     ppid:2      task_flags:0x4208060 flags:0x00080000
[  262.480024][   T34] Workqueue: events_power_efficient crda_timeout_work
[  262.480051][   T34] Call Trace:
[  262.480059][   T34]  <TASK>
[  262.480072][   T34]  __schedule+0x1798/0x4cc0
[  262.480110][   T34]  ? __pfx___schedule+0x10/0x10
[  262.480128][   T34]  ? schedule+0x91/0x360
[  262.480139][   T34]  schedule+0x165/0x360
[  262.480149][   T34]  schedule_preempt_disabled+0x13/0x30
[  262.480157][   T34]  __mutex_lock+0x7e6/0x1350
[  262.480166][   T34]  ? look_up_lock_class+0x74/0x170
[  262.480177][   T34]  ? __mutex_lock+0x5bb/0x1350
[  262.480189][   T34]  ? crda_timeout_work+0x15/0x50
[  262.480201][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  262.480217][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  262.480225][   T34]  ? process_scheduled_works+0x9ef/0x17b0
[  262.480237][   T34]  ? process_scheduled_works+0x9ef/0x17b0
[  262.480250][   T34]  crda_timeout_work+0x15/0x50
[  262.480259][   T34]  process_scheduled_works+0xae1/0x17b0
[  262.480287][   T34]  ? __pfx_process_scheduled_works+0x10/0x10
[  262.480308][   T34]  worker_thread+0x8a0/0xda0
[  262.480335][   T34]  kthread+0x711/0x8a0
[  262.480347][   T34]  ? __pfx_worker_thread+0x10/0x10
[  262.480358][   T34]  ? __pfx_kthread+0x10/0x10
[  262.480369][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  262.480377][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.480384][   T34]  ? __pfx_kthread+0x10/0x10
[  262.480395][   T34]  ret_from_fork+0x4bc/0x870
[  262.480409][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  262.480424][   T34]  ? __switch_to_asm+0x39/0x70
[  262.480434][   T34]  ? __switch_to_asm+0x33/0x70
[  262.480443][   T34]  ? __pfx_kthread+0x10/0x10
[  262.480453][   T34]  ret_from_fork_asm+0x1a/0x30
[  262.480473][   T34]  </TASK>
[  262.480502][   T34] INFO: task kworker/u9:3:963 blocked for more than 143 seconds.
[  262.480509][   T34]       Not tainted syzkaller #0
[  262.480513][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  262.480518][   T34] task:kworker/u9:3    state:D stack:24552 pid:963   tgid:963   ppid:2      task_flags:0x4208060 flags:0x00080000
[  262.480542][   T34] Workqueue: events_unbound cfg80211_wiphy_work
[  262.480553][   T34] Call Trace:
[  262.480556][   T34]  <TASK>
[  262.480562][   T34]  __schedule+0x1798/0x4cc0
[  262.480585][   T34]  ? __pfx___schedule+0x10/0x10
[  262.480602][   T34]  ? schedule+0x91/0x360
[  262.480612][   T34]  schedule+0x165/0x360
[  262.480622][   T34]  schedule_preempt_disabled+0x13/0x30
[  262.480630][   T34]  __mutex_lock+0x7e6/0x1350
[  262.480641][   T34]  ? __mutex_lock+0x5bb/0x1350
[  262.480653][   T34]  ? synchronize_rcu_expedited+0x3b9/0x730
[  262.480665][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  262.480681][   T34]  ? do_raw_spin_unlock+0x4d/0x240
[  262.480727][   T34]  synchronize_rcu_expedited+0x3b9/0x730
[  262.480741][   T34]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  262.480761][   T34]  ? __pfx___might_resched+0x10/0x10
[  262.480774][   T34]  ? __lock_acquire+0xab9/0xd20
[  262.480792][   T34]  synchronize_rcu+0x11a/0x310
[  262.480801][   T34]  ? __pfx_synchronize_rcu+0x10/0x10
[  262.480808][   T34]  ? __ieee80211_scan_completed+0x3fa/0xb40
[  262.480835][   T34]  __ieee80211_scan_completed+0x4f8/0xb40
[  262.480853][   T34]  cfg80211_wiphy_work+0x2bb/0x470
[  262.480863][   T34]  ? process_scheduled_works+0x9ef/0x17b0
[  262.480877][   T34]  process_scheduled_works+0xae1/0x17b0
[  262.480904][   T34]  ? __pfx_process_scheduled_works+0x10/0x10
[  262.480926][   T34]  worker_thread+0x8a0/0xda0
[  262.480939][   T34]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  262.480952][   T34]  ? __kthread_parkme+0x7b/0x200
[  262.480966][   T34]  kthread+0x711/0x8a0
[  262.480977][   T34]  ? __pfx_worker_thread+0x10/0x10
[  262.480989][   T34]  ? __pfx_kthread+0x10/0x10
[  262.480999][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  262.481007][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.481015][   T34]  ? __pfx_kthread+0x10/0x10
[  262.481029][   T34]  ret_from_fork+0x4bc/0x870
[  262.481050][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  262.481077][   T34]  ? __switch_to_asm+0x39/0x70
[  262.481094][   T34]  ? __switch_to_asm+0x33/0x70
[  262.481111][   T34]  ? __pfx_kthread+0x10/0x10
[  262.481129][   T34]  ret_from_fork_asm+0x1a/0x30
[  262.481162][   T34]  </TASK>
[  262.481222][   T34] INFO: task kworker/0:6:5912 blocked for more than 143 seconds.
[  262.481228][   T34]       Not tainted syzkaller #0
[  262.481233][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  262.481237][   T34] task:kworker/0:6     state:D stack:24360 pid:5912  tgid:5912  ppid:2      task_flags:0x4208060 flags:0x00080000
[  262.481261][   T34] Workqueue: events reg_todo
[  262.481273][   T34] Call Trace:
[  262.481276][   T34]  <TASK>
[  262.481282][   T34]  __schedule+0x1798/0x4cc0
[  262.481305][   T34]  ? __pfx___schedule+0x10/0x10
[  262.481322][   T34]  ? schedule+0x91/0x360
[  262.481332][   T34]  schedule+0x165/0x360
[  262.481342][   T34]  schedule_preempt_disabled+0x13/0x30
[  262.481350][   T34]  __mutex_lock+0x7e6/0x1350
[  262.481362][   T34]  ? __mutex_lock+0x5bb/0x1350
[  262.481374][   T34]  ? reg_process_self_managed_hints+0xaf/0x1c0
[  262.481386][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  262.481396][   T34]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  262.481409][   T34]  ? __local_bh_enable_ip+0x12d/0x1c0
[  262.481422][   T34]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  262.481436][   T34]  reg_process_self_managed_hints+0xaf/0x1c0
[  262.481448][   T34]  reg_todo+0x78d/0x890
[  262.481458][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  262.481466][   T34]  ? process_scheduled_works+0x9ef/0x17b0
[  262.481477][   T34]  ? process_scheduled_works+0x9ef/0x17b0
[  262.481490][   T34]  process_scheduled_works+0xae1/0x17b0
[  262.481517][   T34]  ? __pfx_process_scheduled_works+0x10/0x10
[  262.481538][   T34]  worker_thread+0x8a0/0xda0
[  262.481551][   T34]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  262.481564][   T34]  ? __kthread_parkme+0x7b/0x200
[  262.481577][   T34]  kthread+0x711/0x8a0
[  262.481588][   T34]  ? __pfx_worker_thread+0x10/0x10
[  262.481600][   T34]  ? __pfx_kthread+0x10/0x10
[  262.481610][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  262.481618][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.481626][   T34]  ? __pfx_kthread+0x10/0x10
[  262.481635][   T34]  ret_from_fork+0x4bc/0x870
[  262.481649][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  262.481664][   T34]  ? __switch_to_asm+0x39/0x70
[  262.481673][   T34]  ? __switch_to_asm+0x33/0x70
[  262.481682][   T34]  ? __pfx_kthread+0x10/0x10
[  262.481725][   T34]  ret_from_fork_asm+0x1a/0x30
[  262.481746][   T34]  </TASK>
[  262.481751][   T34] INFO: task syz.0.477:7008 blocked for more than 143 seconds.
[  262.481757][   T34]       Not tainted syzkaller #0
[  262.481761][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  262.481765][   T34] task:syz.0.477       state:D stack:27144 pid:7008  tgid:7008  ppid:5849   task_flags:0x400040 flags:0x00080002
[  262.481789][   T34] Call Trace:
[  262.481793][   T34]  <TASK>
[  262.481799][   T34]  __schedule+0x1798/0x4cc0
[  262.481816][   T34]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  262.481833][   T34]  ? __lock_acquire+0xab9/0xd20
[  262.481844][   T34]  ? __pfx___schedule+0x10/0x10
[  262.481862][   T34]  ? schedule+0x91/0x360
[  262.481872][   T34]  schedule+0x165/0x360
[  262.481882][   T34]  schedule_timeout+0x9a/0x270
[  262.481894][   T34]  ? __pfx_schedule_timeout+0x10/0x10
[  262.481912][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  262.481920][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.481927][   T34]  ? wait_for_completion+0x267/0x5d0
[  262.481937][   T34]  wait_for_completion+0x2bf/0x5d0
[  262.481953][   T34]  ? __pfx_wait_for_completion+0x10/0x10
[  262.481965][   T34]  ? __init_swait_queue_head+0xa9/0x150
[  262.481977][   T34]  rcu_barrier+0x463/0x570
[  262.481992][   T34]  netdev_run_todo+0x2d1/0x1020
[  262.482004][   T34]  ? mutex_is_locked+0x17/0x50
[  262.482011][   T34]  ? rtnl_is_locked+0x15/0x20
[  262.482020][   T34]  ? netif_state_change+0x256/0x3a0
[  262.482036][   T34]  ? __pfx_netdev_run_todo+0x10/0x10
[  262.482045][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.482059][   T34]  ? netdev_state_change+0x1ca/0x220
[  262.482069][   T34]  ? __pfx_tun_chr_close+0x10/0x10
[  262.482081][   T34]  tun_chr_close+0x13c/0x1c0
[  262.482092][   T34]  __fput+0x44c/0xa70
[  262.482111][   T34]  task_work_run+0x1d4/0x260
[  262.482123][   T34]  ? __pfx_task_work_run+0x10/0x10
[  262.482135][   T34]  ? exit_to_user_mode_loop+0x40/0x130
[  262.482149][   T34]  exit_to_user_mode_loop+0xe9/0x130
[  262.482161][   T34]  do_syscall_64+0x2bd/0xfa0
[  262.482175][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.482189][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.482203][   T34]  ? exc_page_fault+0xab/0x100
[  262.482222][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.482236][   T34] RIP: 0033:0x7fada118ec29
[  262.482250][   T34] RSP: 002b:00007ffd1f6080f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  262.482294][   T34] RAX: 0000000000000000 RBX: 0000000000019867 RCX: 00007fada118ec29
[  262.482305][   T34] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  262.482311][   T34] RBP: 00007fada13d7da0 R08: 0000000000000001 R09: 000000061f6083ef
[  262.482316][   T34] R10: 0000001b31220000 R11: 0000000000000246 R12: 00007fada13d5fac
[  262.482322][   T34] R13: 00007fada13d5fa0 R14: ffffffffffffffff R15: 00007ffd1f608210
[  262.482339][   T34]  </TASK>
[  262.482344][   T34] INFO: task syz.2.479:7012 blocked for more than 143 seconds.
[  262.482350][   T34]       Not tainted syzkaller #0
[  262.482354][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  262.482358][   T34] task:syz.2.479       state:D stack:25104 pid:7012  tgid:7012  ppid:5855   task_flags:0x400040 flags:0x00080002
[  262.482382][   T34] Call Trace:
[  262.482386][   T34]  <TASK>
[  262.482392][   T34]  __schedule+0x1798/0x4cc0
[  262.482415][   T34]  ? __pfx___schedule+0x10/0x10
[  262.482432][   T34]  ? schedule+0x91/0x360
[  262.482442][   T34]  schedule+0x165/0x360
[  262.482452][   T34]  schedule_preempt_disabled+0x13/0x30
[  262.482460][   T34]  __mutex_lock+0x7e6/0x1350
[  262.482472][   T34]  ? __mutex_lock+0x5bb/0x1350
[  262.482484][   T34]  ? perf_trace_destroy+0x2e/0x150
[  262.482499][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  262.482512][   T34]  ? rcu_is_watching+0x15/0xb0
[  262.482520][   T34]  ? __free_event+0xc6/0x7e0
[  262.482528][   T34]  ? rcu_is_watching+0x15/0xb0
[  262.482535][   T34]  ? __free_event+0xc6/0x7e0
[  262.482544][   T34]  ? __pfx_tp_perf_event_destroy+0x10/0x10
[  262.482553][   T34]  perf_trace_destroy+0x2e/0x150
[  262.482566][   T34]  ? __pfx_tp_perf_event_destroy+0x10/0x10
[  262.482575][   T34]  __free_event+0x346/0x7e0
[  262.482585][   T34]  ? __pfx_perf_release+0x10/0x10
[  262.482596][   T34]  perf_event_release_kernel+0x45b/0x510
[  262.482609][   T34]  ? __pfx_perf_release+0x10/0x10
[  262.482620][   T34]  perf_release+0x38/0x50
[  262.482630][   T34]  __fput+0x44c/0xa70
[  262.482648][   T34]  task_work_run+0x1d4/0x260
[  262.482660][   T34]  ? __pfx_task_work_run+0x10/0x10
[  262.482672][   T34]  ? exit_to_user_mode_loop+0x40/0x130
[  262.482686][   T34]  exit_to_user_mode_loop+0xe9/0x130
[  262.482724][   T34]  do_syscall_64+0x2bd/0xfa0
[  262.482733][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.482743][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.482751][   T34]  ? exc_page_fault+0xab/0x100
[  262.482761][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.482769][   T34] RIP: 0033:0x7fa0a658ec29
[  262.482777][   T34] RSP: 002b:00007fff42320f88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  262.482786][   T34] RAX: 0000000000000000 RBX: 00007fa0a67d7da0 RCX: 00007fa0a658ec29
[  262.482792][   T34] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  262.482797][   T34] RBP: 00007fa0a67d7da0 R08: 00000000000001d0 R09: 000000184232127f
[  262.482803][   T34] R10: 00007fa0a67d7cb0 R11: 0000000000000246 R12: 0000000000019bd8
[  262.482809][   T34] R13: 00007fa0a67d6090 R14: ffffffffffffffff R15: 00007fff423210a0
[  262.482831][   T34]  </TASK>
[  262.482838][   T34] INFO: task syz.1.486:7031 blocked for more than 143 seconds.
[  262.482847][   T34]       Not tainted syzkaller #0
[  262.482854][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  262.482859][   T34] task:syz.1.486       state:D stack:27224 pid:7031  tgid:7030  ppid:5845   task_flags:0x400140 flags:0x00080002
[  262.482896][   T34] Call Trace:
[  262.482899][   T34]  <TASK>
[  262.482906][   T34]  __schedule+0x1798/0x4cc0
[  262.482918][   T34]  ? __pfx_perf_trace_lock+0x10/0x10
[  262.482939][   T34]  ? __pfx___schedule+0x10/0x10
[  262.482952][   T34]  ? schedule+0x91/0x360
[  262.482963][   T34]  ? schedule+0x91/0x360
[  262.482973][   T34]  schedule+0x165/0x360
[  262.482982][   T34]  synchronize_rcu_expedited+0x583/0x730
[  262.482991][   T34]  ? tracepoint_probe_register+0x5d/0x90
[  262.483001][   T34]  ? perf_trace_event_init+0x4e1/0x9d0
[  262.483014][   T34]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  262.483031][   T34]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  262.483048][   T34]  ? __pfx___might_resched+0x10/0x10
[  262.483067][   T34]  ? __pfx_autoremove_wake_function+0x10/0x10
[  262.483098][   T34]  synchronize_rcu+0x11a/0x310
[  262.483107][   T34]  ? __pfx_synchronize_rcu+0x10/0x10
[  262.483116][   T34]  ? rcu_is_watching+0x15/0xb0
[  262.483124][   T34]  ? trace_kmalloc+0x1f/0xd0
[  262.483133][   T34]  ? tracepoint_add_func+0x515/0xa10
[  262.483147][   T34]  tracepoint_add_func+0x632/0xa10
[  262.483168][   T34]  ? __pfx_perf_trace_lock_acquire+0x10/0x10
[  262.483190][   T34]  tracepoint_probe_register+0x5d/0x90
[  262.483208][   T34]  ? __pfx_perf_trace_lock_acquire+0x10/0x10
[  262.483227][   T34]  perf_trace_event_init+0x4e1/0x9d0
[  262.483243][   T34]  perf_trace_init+0x23d/0x2d0
[  262.483258][   T34]  perf_tp_event_init+0x8d/0x120
[  262.483268][   T34]  perf_try_init_event+0x17f/0x870
[  262.483279][   T34]  ? perf_event_alloc+0xf61/0x2be0
[  262.483293][   T34]  perf_event_alloc+0x133e/0x2be0
[  262.483306][   T34]  ? perf_event_alloc+0xf61/0x2be0
[  262.483338][   T34]  ? __pfx_perf_event_alloc+0x10/0x10
[  262.483361][   T34]  ? find_lively_task_by_vpid+0x19/0x290
[  262.483379][   T34]  ? find_lively_task_by_vpid+0x19/0x290
[  262.483396][   T34]  ? find_lively_task_by_vpid+0x19/0x290
[  262.483416][   T34]  __se_sys_perf_event_open+0x772/0x1d70
[  262.483442][   T34]  ? trace_event_raw_event_lock+0x241/0x250
[  262.483470][   T34]  ? __pfx___se_sys_perf_event_open+0x10/0x10
[  262.483506][   T34]  ? rcu_is_watching+0x15/0xb0
[  262.483521][   T34]  ? do_syscall_64+0xbe/0xfa0
[  262.483530][   T34]  ? __x64_sys_perf_event_open+0x20/0xc0
[  262.483542][   T34]  do_syscall_64+0xfa/0xfa0
[  262.483550][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.483559][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.483567][   T34]  ? exc_page_fault+0xab/0x100
[  262.483577][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.483585][   T34] RIP: 0033:0x7f8e95b8ec29
[  262.483593][   T34] RSP: 002b:00007f8e96a26038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  262.483602][   T34] RAX: ffffffffffffffda RBX: 00007f8e95dd5fa0 RCX: 00007f8e95b8ec29
[  262.483609][   T34] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000200000000040
[  262.483614][   T34] RBP: 00007f8e95c11e41 R08: 0000000000000000 R09: 0000000000000000
[  262.483620][   T34] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[  262.483626][   T34] R13: 00007f8e95dd6038 R14: 00007f8e95dd5fa0 R15: 00007ffd66e4ddb8
[  262.483642][   T34]  </TASK>
[  262.483655][   T34] 
[  262.483655][   T34] Showing all locks held in the system:
[  262.483664][   T34] 3 locks held by kworker/0:0/9:
[  262.483673][   T34]  #0: ffff88801ac76948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  262.483740][   T34]  #1: ffffc900000c7ba0 ((crda_timeout).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  262.483766][   T34]  #2: ffffffff8f73e108 (rtnl_mutex){+.+.}-{4:4}, at: crda_timeout_work+0x15/0x50
[  262.483791][   T34] 3 locks held by kworker/u8:0/12:
[  262.483796][   T34]  #0: ffff88810f6f3948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  262.483826][   T34]  #1: ffffc900000f7ba0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  262.483852][   T34]  #2: ffffffff8f73e108 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30
[  262.483880][   T34] 3 locks held by kworker/u9:0/26:
[  262.483885][   T34]  #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  262.483909][   T34]  #1: ffffc900001efba0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  262.483943][   T34]  #2: ffff888039e18788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470
[  262.483978][   T34] 1 lock held by khungtaskd/34:
[  262.483987][   T34]  #0: ffffffff8e33d360 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  262.484016][   T34] 6 locks held by kworker/u11:0/56:
[  262.484022][   T34]  #0: ffff8880205ab948 ((wq_completion)hci0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  262.484047][   T34]  #1: ffffc90000e1fba0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  262.484090][   T34]  #2: ffff888106c98dc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  262.484117][   T34]  #3: ffff888106c980b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
[  262.484139][   T34]  #4: ffffffff8f8a3188 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  262.484162][   T34]  #5: ffff888023a6d338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[  262.484193][   T34] 4 locks held by kworker/u9:3/963:
[  262.484198][   T34]  #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  262.484223][   T34]  #1: ffffc900068f7ba0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  262.484247][   T34]  #2: ffff888039bd0788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470
[  262.484269][   T34]  #3: ffffffff8e342df8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  262.484295][   T34] 3 locks held by kworker/u9:4/1154:
[  262.484300][   T34]  #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  262.484325][   T34]  #1: ffffc9000700fba0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  262.484349][   T34]  #2: ffff888039920788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470
[  262.484383][   T34] 5 locks held by kworker/u11:1/5235:
[  262.484388][   T34]  #0: ffff888111ee7148 ((wq_completion)hci2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  262.484413][   T34]  #1: ffffc9000817fba0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  262.484437][   T34]  #2: ffff88811062cdc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  262.484471][   T34]  #3: ffff88811062c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
[  262.484507][   T34]  #4: ffffffff8f8a3188 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  262.484547][   T34] 3 locks held by kworker/0:3/5313:
[  262.484556][   T34]  #0: ffff88801ac76948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  262.484601][   T34]  #1: ffffc900026b7ba0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  262.484634][   T34]  #2: ffffffff8f73e108 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0xa1/0xf40
[  262.484658][   T34] 2 locks held by getty/5672:
[  262.484663][   T34]  #0: ffff8881106780a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  262.484689][   T34]  #1: ffffc9000290e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  262.484755][   T34] 4 locks held by kworker/u11:2/5848:
[  262.484763][   T34]  #0: ffff88804596d948 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  262.484811][   T34]  #1: ffffc90003497ba0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  262.484846][   T34]  #2: ffff88811d4c80b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
[  262.484882][   T34]  #3: ffffffff8f8a3188 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
[  262.484920][   T34] 5 locks held by kworker/u11:3/5851:
[  262.484928][   T34]  #0: ffff888111ee2148 ((wq_completion)hci1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  262.484971][   T34]  #1: ffffc900034b7ba0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  262.485006][   T34]  #2: ffff888110628dc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  262.485031][   T34]  #3: ffff8881106280b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
[  262.485053][   T34]  #4: ffffffff8f8a3188 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  262.485078][   T34] 4 locks held by kworker/u11:4/5853:
[  262.485083][   T34]  #0: ffff88803a0df948 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  262.485110][   T34]  #1: ffffc900034d7ba0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  262.485135][   T34]  #2: ffff888122e680b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
[  262.485159][   T34]  #3: ffffffff8f8a3188 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
[  262.485189][   T34] 4 locks held by kworker/0:6/5912:
[  262.485194][   T34]  #0: ffff88801ac75948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  262.485218][   T34]  #1: ffffc900039e7ba0 (reg_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  262.485243][   T34]  #2: ffffffff8f73e108 (rtnl_mutex){+.+.}-{4:4}, at: reg_todo+0x1c/0x890
[  262.485266][   T34]  #3: ffff888039bd0788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_process_self_managed_hints+0xaf/0x1c0
[  262.485290][   T34] 1 lock held by syz.0.477/7008:
[  262.485295][   T34]  #0: ffffffff8e342cc0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  262.485318][   T34] 1 lock held by syz.2.479/7012:
[  262.485323][   T34]  #0: ffffffff8e3a1228 (event_mutex){+.+.}-{4:4}, at: perf_trace_destroy+0x2e/0x150
[  262.485349][   T34] 5 locks held by syz.2.479/7014:
[  262.485355][   T34] 5 locks held by syz.1.486/7031:
[  262.485360][   T34]  #0: ffffffff99d248b0 (&pmus_srcu){.+.+}-{0:0}, at: class_srcu_constructor+0x2c/0x60
[  262.485384][   T34]  #1: ffffffff99d248b0 (&pmus_srcu){.+.+}-{0:0}, at: perf_event_alloc+0xf61/0x2be0
[  262.485407][   T34]  #2: ffffffff8e3a1228 (event_mutex){+.+.}-{4:4}, at: perf_trace_init+0x50/0x2d0
[  262.485431][   T34]  #3: ffffffff8e392228 (tracepoints_mutex){+.+.}-{4:4}, at: tracepoint_probe_register+0x3f/0x90
[  262.485457][   T34]  #4: ffffffff8e342df8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730
[  262.485479][   T34] 1 lock held by syz-executor/7036:
[  262.485483][   T34]  #0: ffffffff8f73e108 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  262.485510][   T34] 1 lock held by syz-executor/7040:
[  262.485515][   T34]  #0: ffffffff8f73e108 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  262.485539][   T34] 1 lock held by syz-executor/7043:
[  262.485544][   T34]  #0: ffffffff8f73e108 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  262.485568][   T34] 2 locks held by kworker/u9:7/7046:
[  262.485573][   T34]  #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  262.485598][   T34]  #1: ffffc90006abfba0 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  262.485631][   T34] 1 lock held by syz-executor/7050:
[  262.485639][   T34]  #0: ffffffff8f73e108 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  262.485680][   T34] 1 lock held by syz-executor/7053:
[  262.485688][   T34]  #0: ffffffff8f73e108 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  262.485761][   T34] 1 lock held by syz-executor/7056:
[  262.485770][   T34]  #0: ffffffff8f73e108 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  262.485797][   T34] 1 lock held by dhcpcd/7060:
[  262.485802][   T34]  #0: ffff888107b0c258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd30
[  262.485830][   T34] 1 lock held by dhcpcd/7061:
[  262.485835][   T34]  #0: ffff888045ede258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd30
[  262.485857][   T34] 1 lock held by dhcpcd/7062:
[  262.485862][   T34]  #0: ffff8880296e0258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd30
[  262.485883][   T34] 1 lock held by dhcpcd/7063:
[  262.485888][   T34]  #0: ffff8880296e2258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd30
[  262.485909][   T34] 1 lock held by dhcpcd/7064:
[  262.485914][   T34]  #0: ffff88803b58e258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd30
[  262.485935][   T34] 1 lock held by dhcpcd/7065:
[  262.485940][   T34]  #0: ffff88811b816258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x33/0xd30
[  262.485962][   T34] 1 lock held by syz-executor/7067:
[  262.485967][   T34]  #0: ffffffff8f73e108 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  262.485991][   T34] 1 lock held by syz-executor/7073:
[  262.485996][   T34]  #0: ffffffff8f73e108 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  262.486021][   T34] 4 locks held by kworker/u11:6/7074:
[  262.486026][   T34]  #0: ffff888039407148 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  262.486053][   T34]  #1: ffffc90006c6fba0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  262.486079][   T34]  #2: ffff888124a700b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
[  262.486105][   T34]  #3: ffffffff8f8a3188 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
[  262.486130][   T34] 1 lock held by syz-executor/7076:
[  262.486135][   T34]  #0: ffffffff8f73e108 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  262.486159][   T34] 5 locks held by kworker/u11:7/7077:
[  262.486164][   T34]  #0: ffff88801bb28148 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  262.486189][   T34]  #1: ffffc90006cbfba0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  262.486214][   T34]  #2: ffff888038a68dc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  262.486238][   T34]  #3: ffff888038a680b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
[  262.486260][   T34]  #4: ffffffff8f8a3188 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  262.486283][   T34] 5 locks held by kworker/u11:8/7079:
[  262.486288][   T34]  #0: ffff888039bbb948 ((wq_completion)hci4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  262.486313][   T34]  #1: ffffc90006ccfba0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  262.486338][   T34]  #2: ffff888028c84dc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  262.486362][   T34]  #3: ffff888028c840b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
[  262.486384][   T34]  #4: ffffffff8f8a3188 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  262.486407][   T34] 5 locks held by kworker/u11:9/7080:
[  262.486412][   T34]  #0: ffff88803aa1e948 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  262.486437][   T34]  #1: ffffc90006cefba0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  262.486462][   T34]  #2: ffff88811b354dc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  262.486486][   T34]  #3: ffff88811b3540b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
[  262.486508][   T34]  #4: ffffffff8f8a3188 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  262.486531][   T34] 
[  262.486534][   T34] =============================================
[  262.486534][   T34] 
[  262.486540][   T34] NMI backtrace for cpu 0
[  262.486547][   T34] CPU: 0 UID: 0 PID: 34 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  262.486564][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  262.486572][   T34] Call Trace:
[  262.486580][   T34]  <TASK>
[  262.486587][   T34]  dump_stack_lvl+0x189/0x250
[  262.486609][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  262.486620][   T34]  ? __pfx__printk+0x10/0x10
[  262.486637][   T34]  nmi_cpu_backtrace+0x39e/0x3d0
[  262.486650][   T34]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  262.486666][   T34]  ? __pfx__printk+0x10/0x10
[  262.486686][   T34]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  262.486729][   T34]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  262.486751][   T34]  watchdog+0xf60/0xfa0
[  262.486770][   T34]  ? watchdog+0x1e2/0xfa0
[  262.486793][   T34]  kthread+0x711/0x8a0
[  262.486833][   T34]  ? __pfx_watchdog+0x10/0x10
[  262.486852][   T34]  ? __pfx_kthread+0x10/0x10
[  262.486867][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  262.486881][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.486894][   T34]  ? __pfx_kthread+0x10/0x10
[  262.486910][   T34]  ret_from_fork+0x4bc/0x870
[  262.486927][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  262.486941][   T34]  ? __switch_to_asm+0x39/0x70
[  262.486949][   T34]  ? __switch_to_asm+0x33/0x70
[  262.486957][   T34]  ? __pfx_kthread+0x10/0x10
[  262.486966][   T34]  ret_from_fork_asm+0x1a/0x30
[  262.486984][   T34]  </TASK>
[  262.486987][   T34] Sending NMI from CPU 0 to CPUs 1:
[  262.487028][    C1] NMI backtrace for cpu 1
[  262.487039][    C1] CPU: 1 UID: 0 PID: 7014 Comm: syz.2.479 Not tainted syzkaller #0 PREEMPT(full) 
[  262.487056][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  262.487065][    C1] RIP: 0010:clockevents_program_event+0x262/0x360
[  262.487082][    C1] Code: 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 28 01 00 00 e8 e3 d5 0e 00 eb 0b e8 dc d5 0e 00 41 be c2 ff ff ff 44 89 f0 48 83 c4 08 5b <41> 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 ba d5 0e 00 90 0f
[  262.487088][    C1] RSP: 0018:ffffc900001e0798 EFLAGS: 00000096
[  262.487095][    C1] RAX: 0000000000000000 RBX: ffff888136627ac0 RCX: ffff888031eb5700
[  262.487101][    C1] RDX: 0000000000010100 RSI: 0000000000000000 RDI: 0000000000000000
[  262.487105][    C1] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff81ae9ebe
[  262.487110][    C1] R10: 0000000000000003 R11: ffffffff817174c0 R12: 000000001000431b
[  262.487114][    C1] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000020
[  262.487119][    C1] FS:  00007fa0a74e16c0(0000) GS:ffff8881a3a03000(0000) knlGS:0000000000000000
[  262.487125][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  262.487130][    C1] CR2: 0000200000000940 CR3: 000000003b4ca000 CR4: 00000000000006f0
[  262.487153][    C1] DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000
[  262.487159][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  262.487163][    C1] Call Trace:
[  262.487167][    C1]  <IRQ>
[  262.487173][    C1]  hrtimer_interrupt+0x620/0xaa0
[  262.487194][    C1]  __sysvec_apic_timer_interrupt+0x10b/0x410
[  262.487206][    C1]  sysvec_apic_timer_interrupt+0x52/0xc0
[  262.487215][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  262.487223][    C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110
[  262.487230][    C1] Code: 74 05 e8 3b 1a 47 f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 23 b5 0f f6 65 8b 05 dc e8 40 07 85 c0 74 40 48 c7 04 24 0e 36
[  262.487237][    C1] RSP: 0018:ffffc900001e09e0 EFLAGS: 00000206
[  262.487243][    C1] RAX: 7e4b16f3d0b1bc00 RBX: 0000000000000a06 RCX: 7e4b16f3d0b1bc00
[  262.487248][    C1] RDX: 0000000000000002 RSI: ffffffff8db9e917 RDI: 0000000000000001
[  262.487252][    C1] RBP: ffffc900001e0a70 R08: ffffffff8fc34377 R09: 1ffffffff1f8686e
[  262.487257][    C1] R10: dffffc0000000000 R11: fffffbfff1f8686f R12: dffffc0000000000
[  262.487262][    C1] R13: ffff88801f0b4188 R14: ffffffff99efff38 R15: 1ffff9200003c13c
[  262.487274][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  262.487281][    C1]  ? __local_bh_enable_ip+0x12d/0x1c0
[  262.487294][    C1]  debug_object_assert_init+0x20e/0x380
[  262.487307][    C1]  __mod_timer+0x4a/0xf30
[  262.487318][    C1]  call_timer_fn+0x17e/0x5f0
[  262.487328][    C1]  ? __pfx_bitmap_ipmac_gc+0x10/0x10
[  262.487334][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.487341][    C1]  ? call_timer_fn+0xbe/0x5f0
[  262.487350][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  262.487363][    C1]  ? __pfx_bitmap_ipmac_gc+0x10/0x10
[  262.487370][    C1]  __run_timer_base+0x61a/0x860
[  262.487378][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  262.487391][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  262.487405][    C1]  run_timer_softirq+0xb7/0x180
[  262.487414][    C1]  handle_softirqs+0x286/0x870
[  262.487425][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  262.487437][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  262.487449][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  262.487457][    C1]  __irq_exit_rcu+0xca/0x1f0
[  262.487467][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  262.487480][    C1]  irq_exit_rcu+0x9/0x30
[  262.487488][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  262.487496][    C1]  </IRQ>
[  262.487498][    C1]  <TASK>
[  262.487501][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  262.487508][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x43/0x70
[  262.487517][    C1] Code: e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 7c 16 00 00 00 74 2c 8b 91 58 16 00 00 83 fa 02 75 21 48 8b 91 60 16 00 00 <48> 8b 32 48 8d 7e 01 8b 89 5c 16 00 00 48 39 cf 73 08 48 89 3a 48
[  262.487522][    C1] RSP: 0018:ffffc900068e62d8 EFLAGS: 00000246
[  262.487528][    C1] RAX: ffffffff8b7a6ca1 RBX: 0000000000000000 RCX: ffff888031eb5700
[  262.487533][    C1] RDX: ffffc900202c1000 RSI: 0000000000000002 RDI: 0000000000000000
[  262.487537][    C1] RBP: ffffc900068e6400 R08: ffffc900068e6377 R09: 0000000000000000
[  262.487542][    C1] R10: ffffc900068e6360 R11: fffff52000d1cc6f R12: ffffc900068e66e1
[  262.487547][    C1] R13: 0000000000000003 R14: ffffc900068e66e1 R15: 0000000000000001
[  262.487554][    C1]  ? number+0x501/0xf60
[  262.487566][    C1]  number+0x501/0xf60
[  262.487576][    C1]  ? number+0x61/0xf60
[  262.487585][    C1]  ? __pfx_number+0x10/0x10
[  262.487593][    C1]  ? vsnprintf+0x2b1/0xf00
[  262.487603][    C1]  ? format_decode+0x5a3/0xe30
[  262.487614][    C1]  vsnprintf+0x91b/0xf00
[  262.487627][    C1]  sprintf+0xd9/0x120
[  262.487636][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.487644][    C1]  ? __pfx_sprintf+0x10/0x10
[  262.487653][    C1]  ? desc_read+0x208/0x3f0
[  262.487667][    C1]  info_print_prefix+0x155/0x310
[  262.487677][    C1]  ? __pfx_info_print_prefix+0x10/0x10
[  262.487685][    C1]  ? _prb_read_valid+0xa7b/0xa90
[  262.487726][    C1]  record_print_text+0x154/0x420
[  262.487736][    C1]  ? __pfx__prb_read_valid+0x10/0x10
[  262.487746][    C1]  ? __pfx_record_print_text+0x10/0x10
[  262.487755][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  262.487761][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  262.487770][    C1]  printk_get_next_message+0x26d/0x7b0
[  262.487781][    C1]  ? __pfx_printk_get_next_message+0x10/0x10
[  262.487790][    C1]  ? __lock_acquire+0xab9/0xd20
[  262.487803][    C1]  ? console_flush_all+0x13a/0xb10
[  262.487813][    C1]  ? console_flush_all+0x476/0xb10
[  262.487822][    C1]  console_flush_all+0x4ca/0xb10
[  262.487829][    C1]  ? console_flush_all+0x821/0xb10
[  262.487837][    C1]  ? console_flush_all+0x13a/0xb10
[  262.487847][    C1]  ? __pfx_console_flush_all+0x10/0x10
[  262.487858][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  262.487867][    C1]  console_unlock+0xbb/0x190
[  262.487875][    C1]  ? __pfx___down_trylock_console_sem+0x10/0x10
[  262.487883][    C1]  ? __pfx_console_unlock+0x10/0x10
[  262.487892][    C1]  vprintk_emit+0x4c5/0x590
[  262.487905][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  262.487911][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  262.487918][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  262.487930][    C1]  _printk+0xcf/0x120
[  262.487939][    C1]  ? __pfx____ratelimit+0x10/0x10
[  262.487946][    C1]  ? __pfx__printk+0x10/0x10
[  262.487959][    C1]  __nla_validate_parse+0x1719/0x2d40
[  262.487970][    C1]  ? ___sys_sendmsg+0x21f/0x2a0
[  262.487978][    C1]  ? __x64_sys_sendmsg+0x19b/0x260
[  262.487991][    C1]  ? __pfx___nla_validate_parse+0x10/0x10
[  262.488004][    C1]  ? irqentry_exit+0x74/0x90
[  262.488011][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.488022][    C1]  __nla_parse+0x40/0x60
[  262.488032][    C1]  rtnl_newlink+0x1eb/0x1c80
[  262.488042][    C1]  ? irqentry_exit+0x74/0x90
[  262.488049][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.488057][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  262.488067][    C1]  ? rcu_is_watching+0x15/0xb0
[  262.488074][    C1]  ? trace_sched_exit_tp+0x36/0x110
[  262.488083][    C1]  ? __schedule+0x17ae/0x4cc0
[  262.488092][    C1]  ? trace_pelt_se_tp+0x39/0x130
[  262.488104][    C1]  ? __pfx___schedule+0x10/0x10
[  262.488111][    C1]  ? __pfx_perf_trace_lock+0x10/0x10
[  262.488124][    C1]  ? perf_trace_lock+0xec/0x3b0
[  262.488137][    C1]  ? perf_trace_lock+0xec/0x3b0
[  262.488146][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.488156][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.488165][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  262.488171][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  262.488178][    C1]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  262.488184][    C1]  ? rtnetlink_rcv_msg+0x7b9/0xb70
[  262.488192][    C1]  ? __pfx_rtnl_newlink+0x10/0x10
[  262.488198][    C1]  rtnetlink_rcv_msg+0x7cf/0xb70
[  262.488205][    C1]  ? trace_irq_disable+0x37/0x110
[  262.488215][    C1]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  262.488221][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  262.488230][    C1]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[  262.488242][    C1]  netlink_rcv_skb+0x208/0x470
[  262.488249][    C1]  ? rcu_is_watching+0x15/0xb0
[  262.488256][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  262.488263][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  262.488273][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  262.488283][    C1]  netlink_unicast+0x82f/0x9e0
[  262.488296][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[  262.488306][    C1]  ? netlink_sendmsg+0x642/0xb30
[  262.488313][    C1]  ? skb_put+0x11b/0x210
[  262.488322][    C1]  netlink_sendmsg+0x805/0xb30
[  262.488332][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  262.488340][    C1]  ? perf_trace_run_bpf_submit+0x100/0x170
[  262.488348][    C1]  ? aa_sock_msg_perm+0xf1/0x1d0
[  262.488358][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  262.488367][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  262.488374][    C1]  __sock_sendmsg+0x21c/0x270
[  262.488386][    C1]  ____sys_sendmsg+0x505/0x830
[  262.488396][    C1]  ? __pfx_____sys_sendmsg+0x10/0x10
[  262.488407][    C1]  ? import_iovec+0x74/0xa0
[  262.488419][    C1]  ___sys_sendmsg+0x21f/0x2a0
[  262.488428][    C1]  ? __pfx____sys_sendmsg+0x10/0x10
[  262.488443][    C1]  ? __fget_files+0x2a/0x420
[  262.488456][    C1]  ? __fget_files+0x2a/0x420
[  262.488464][    C1]  ? __fget_files+0x3a0/0x420
[  262.488475][    C1]  __x64_sys_sendmsg+0x19b/0x260
[  262.488484][    C1]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  262.488498][    C1]  ? do_syscall_64+0xbe/0xfa0
[  262.488507][    C1]  do_syscall_64+0xfa/0xfa0
[  262.488514][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.488521][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  262.488530][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.488537][    C1] RIP: 0033:0x7fa0a658ec29
[  262.488544][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  262.488550][    C1] RSP: 002b:00007fa0a74e1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  262.488557][    C1] RAX: ffffffffffffffda RBX: 00007fa0a67d5fa0 RCX: 00007fa0a658ec29
[  262.488562][    C1] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000004
[  262.488567][    C1] RBP: 00007fa0a6611e41 R08: 0000000000000000 R09: 0000000000000000
[  262.488571][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  262.488575][    C1] R13: 00007fa0a67d6038 R14: 00007fa0a67d5fa0 R15: 00007fff42320e28
[  262.488585][    C1]  </TASK>
[  262.489018][   T34] Kernel panic - not syncing: hung_task: blocked tasks
[  262.489028][   T34] CPU: 0 UID: 0 PID: 34 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  262.489037][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  262.489042][   T34] Call Trace:
[  262.489047][   T34]  <TASK>
[  262.489051][   T34]  dump_stack_lvl+0x99/0x250
[  262.489065][   T34]  ? __asan_memcpy+0x40/0x70
[  262.489079][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  262.489094][   T34]  ? __pfx__printk+0x10/0x10
[  262.489122][   T34]  vpanic+0x237/0x6d0
[  262.489137][   T34]  ? __pfx_vpanic+0x10/0x10
[  262.489161][   T34]  panic+0xb9/0xc0
[  262.489176][   T34]  ? __pfx_panic+0x10/0x10
[  262.489188][   T34]  ? irq_work_queue+0xc3/0x140
[  262.489201][   T34]  ? nmi_trigger_cpumask_backtrace+0x234/0x300
[  262.489213][   T34]  watchdog+0xf9f/0xfa0
[  262.489226][   T34]  ? watchdog+0x1e2/0xfa0
[  262.489239][   T34]  kthread+0x711/0x8a0
[  262.489250][   T34]  ? __pfx_watchdog+0x10/0x10
[  262.489259][   T34]  ? __pfx_kthread+0x10/0x10
[  262.489269][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  262.489277][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.489284][   T34]  ? __pfx_kthread+0x10/0x10
[  262.489294][   T34]  ret_from_fork+0x4bc/0x870
[  262.489306][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  262.489320][   T34]  ? __switch_to_asm+0x39/0x70
[  262.489329][   T34]  ? __switch_to_asm+0x33/0x70
[  262.489338][   T34]  ? __pfx_kthread+0x10/0x10
[  262.489347][   T34]  ret_from_fork_asm+0x1a/0x30
[  262.489365][   T34]  </TASK>
[  262.489985][   T34] Kernel Offset: disabled

VM DIAGNOSIS:
10:34:18  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000064 RBX=0000000000000064 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000068f750
R8 =ffff8880203d8237 R9 =1ffff1100407b046 R10=dffffc0000000000 R11=ffffffff8555d320
R12=dffffc0000000000 R13=ffffffff99d1291d R14=ffffffff9a008500 R15=0000000000000000
RIP=ffffffff8555d39c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8403000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fac59454ca2 CR3=000000000e138000 CR4=000006f0
DR0=0000200000000300 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 00000000000001a4 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffff8169577a RBX=0000000000000000 RCX=ffff888031eb5700 RDX=0000000000010100
RSI=0000000000000008 RDI=ffffffff92c6f3e0 RBP=ffffc900001e0a28 RSP=ffffc900001e09a0
R8 =ffffffff92c6f3e7 R9 =1ffffffff258de7c R10=dffffc0000000000 R11=fffffbfff258de7d
R12=0000000000000000 R13=0000000000000000 R14=0000000000000001 R15=dffffc0000000000
RIP=ffffffff8169577b RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fa0a74e16c0 ffffffff 00c00000
GS =0000 ffff8881a3a03000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000940 CR3=000000003b4ca000 CR4=000006f0
DR0=0000200000000300 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007fa0a6612e7b
XMM06=0000000000000000 00007fa0a6612e75 XMM07=0000000000000000 00007fa0a6612e89
XMM08=0000000000000000 00007fa0a6612f0f XMM09=0000000000000000 00007fa0a6612fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
