last executing test programs:

18.794528259s ago: executing program 0 (id=20):
socket$kcm(0x2b, 0x1, 0x0)
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x1c1842, 0x0)
r1 = perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xfffffffffffffffc}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r2=>0xffffffffffffffff})
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xcfa4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r3)
r4 = socket$kcm(0x29, 0x5, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x4020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r5, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x34004c01)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000180)={r0}, 0x10)
ioctl$sock_kcm_SIOCKCMUNATTACH(r5, 0x541b, 0x0)
write$cgroup_pressure(r4, &(0x7f0000000140)={'full'}, 0xfffffdef)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001)
sendmsg(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x84)
r6 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x4, @perf_config_ext={0x407fff, 0xaed}, 0x14105, 0x2e, 0xfffffbff, 0x2, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000700))
ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, 0xffffffffffffffff)
r7 = openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x5)
socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140))

18.534815897s ago: executing program 0 (id=22):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
getpid()
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x40034, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0, 0x6}, 0x1b, 0x0, 0x3, 0x8, 0x8, 0xfffffffc, 0x2}, 0x0, 0xffffffdfffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x2, 0x200000000000001, 0x106)
r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x4, 0x84082, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_config_ext={0x3, 0x8001}, 0x9, 0x2e, 0x7, 0x9, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x40280, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x4, @perf_config_ext={0xb, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x6, 0x2, 0x0, 0x5, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socket$kcm(0x10, 0x2, 0x0)
r3 = socket$kcm(0x11, 0x200000000000002, 0x300)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000003840)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000380)="fbe6bd8dfcdda5a210b8cfefbd66f459c7261b927d25d3cf74d2f7c97735eba47f606a290d184925922333211d168ab0f6e1081fdbd921ed4db0e67c9d5ab1452445a1e0da5ac68b13f4afe2712eeaad35ef06", 0x53}], 0x1, 0x0, 0xfffffedf}, 0x10)
close(r5)
recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r6=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r3, 0x107, 0x12, &(0x7f00000008c0)=r6, 0x4)
close(r3)
close(r2)
ioctl$SIOCSIFHWADDR(r2, 0x8b0b, 0x0)

18.452977927s ago: executing program 0 (id=25):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x202, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x5, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_bp={0x0, 0x6}, 0x14105, 0x2e, 0xffffebff, 0x3, 0x2, 0x9, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_int(r0, &(0x7f0000000040)='cpu.max\x00', 0x2, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000001000)='ns/pid_for_children\x00')
syz_open_procfs$namespace(0x0, &(0x7f0000000240)='ns/pid\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.current\x00', 0x26e1, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x2, 0x2, 0x73)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket$kcm(0x21, 0x2, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x7, 0x8, 0x22}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="18020000000000000000000000001000850000009b0000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000080)='syzkaller\x00'}, 0x94)
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xf8}, 0x40000002)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x25}, 0x94)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000000)=0x4b)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'veth1_virt_wifi\x00'})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8946, &(0x7f0000000080))

18.244771029s ago: executing program 0 (id=29):
bpf$MAP_CREATE(0x0, &(0x7f0000005c00)=@bloom_filter={0x1e, 0x7, 0x8, 0xffff, 0x20004, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x7}, 0x50)

18.1663579s ago: executing program 0 (id=30):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$tipc(r0, &(0x7f0000000240)={0x0, 0xfffffffffffffd8e, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x80)
r1 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000001c0)="39000000140081ae0000dc676f97daf01e2357f9ffffffffffffff0521018701546fabca1b4e8a06a6580e88370200c54c1960b89c40ebb373", 0x39}], 0x1}, 0x0)

17.736803701s ago: executing program 2 (id=43):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003d000b08d25a80648c7494f90224fc60580002400c000400030082c137153e3719ac018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

17.697969246s ago: executing program 2 (id=44):
perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000300), 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r0, &(0x7f0000001700)={0x0, 0x0, 0x0}, 0x20000010)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="000000000000000002"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000040000000000000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x890b, &(0x7f0000000100))
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x890c, &(0x7f0000000100))

17.636317864s ago: executing program 2 (id=46):
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb4, 0x7f, 0x4c}, 0x50)

17.636214445s ago: executing program 2 (id=47):
syz_clone(0xab009500, 0x0, 0x0, 0x0, 0x0, 0x0)

17.535728143s ago: executing program 2 (id=48):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0xec, 0x7, 0x3d, 0x7, 0x0, 0x0, 0xd299, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, @perf_bp={0x0, 0x4}, 0x100882, 0x7ff, 0x6, 0x0, 0xb, 0x2, 0x3ff, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], 0x0, 0x6, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, @perf_bp={0x0, 0xf}, 0x1000, 0x4, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x6, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
mkdirat$cgroup(r0, &(0x7f0000000780)='syz1\x00', 0x1ff)

17.466726353s ago: executing program 1 (id=50):
socketpair(0x22, 0x5, 0x26, &(0x7f0000002040))

17.466553958s ago: executing program 1 (id=51):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030021000b12d25a80648c2594f90124fc60100c0d4002", 0x19}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000720000001801"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="33fe0000180091c8b14a0778a8123d181d"], 0xfe33)

17.466340449s ago: executing program 1 (id=52):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000680), &(0x7f0000000280), 0x6, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

17.429628265s ago: executing program 1 (id=53):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001100000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000005000000850000000600000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x14, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

17.424500738s ago: executing program 2 (id=54):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x6, 0x17, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x14, 0x4, 0x4, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000000)={r1, &(0x7f0000000140), &(0x7f0000000200)=""/221}, 0x20)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x4, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_config_ext={0x3, 0x8001}, 0x0, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x4, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xef, 0x10, 0x0, 0x0, 0x0, 0x5, 0x2505, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x1510, 0x4, 0x0, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x0, 0x401}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000100)='br_fdb_external_learn_add\x00', r2}, 0x18)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x3, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000100)='br_fdb_external_learn_add\x00', r3}, 0x18)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000200)="2e0400001c008102e00f80ecdb4cb9f207c804a00d00000088081afb0a0002000a0ada1b40d80800c500c50083b8", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0)
syz_clone(0x25200000, 0x0, 0x0, 0x0, 0x0, 0x0)
gettid()
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x94)

17.366650319s ago: executing program 1 (id=55):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xc, 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="850000002200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r0, 0x0, 0xe, 0x0, &(0x7f00000001c0)="34060000a61fb74fcc389fb288ca", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

17.36638022s ago: executing program 1 (id=56):
r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x804, 0x14c9, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x803, 0x0, @perf_config_ext={0x1}, 0xa0, 0x58, 0x0, 0x4, 0x2, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0xff, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

17.256895144s ago: executing program 0 (id=57):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="1b0000001a007f029e", 0x9}, {&(0x7f0000000200)="68cabf2dfb58fc0a01008888ffff0200258f", 0x12}], 0x2}, 0x4000000)
close(r0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x1a, &(0x7f0000000140), 0x4)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000680)=ANY=[@ANYBLOB="9feb01001800000000000000bc000000bc00000003000000060000000000000700000000070000000000000e01000000010000f40b00000000000008030000000a00000001cc0400"], 0x0, 0xd7, 0x0, 0x0, 0x7, 0x10000}, 0x28)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
r1 = socket$kcm(0x11, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f00000000c0)={&(0x7f0000001340)=@hci={0x1f, 0xc00, 0xe}, 0x80, &(0x7f0000002540)=[{&(0x7f00000006c0)='b', 0x10}], 0x1}, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_subtree(r2, &(0x7f0000000200), 0x2, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000040)={[{0x2b, 'rdma'}, {0x2d, 'pids'}, {0x2d, 'cpu'}, {0x2b, 'cpuset'}, {0x2b, 'pids'}]}, 0x62)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0xa, 0x5, 0x0)
setsockopt$sock_attach_bpf(r4, 0x29, 0x42, &(0x7f0000000040), 0xcf)

1.359960039s ago: executing program 32 (id=57):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="1b0000001a007f029e", 0x9}, {&(0x7f0000000200)="68cabf2dfb58fc0a01008888ffff0200258f", 0x12}], 0x2}, 0x4000000)
close(r0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x1a, &(0x7f0000000140), 0x4)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000680)=ANY=[@ANYBLOB="9feb01001800000000000000bc000000bc00000003000000060000000000000700000000070000000000000e01000000010000f40b00000000000008030000000a00000001cc0400"], 0x0, 0xd7, 0x0, 0x0, 0x7, 0x10000}, 0x28)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
r1 = socket$kcm(0x11, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f00000000c0)={&(0x7f0000001340)=@hci={0x1f, 0xc00, 0xe}, 0x80, &(0x7f0000002540)=[{&(0x7f00000006c0)='b', 0x10}], 0x1}, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_subtree(r2, &(0x7f0000000200), 0x2, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000040)={[{0x2b, 'rdma'}, {0x2d, 'pids'}, {0x2d, 'cpu'}, {0x2b, 'cpuset'}, {0x2b, 'pids'}]}, 0x62)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0xa, 0x5, 0x0)
setsockopt$sock_attach_bpf(r4, 0x29, 0x42, &(0x7f0000000040), 0xcf)

1.121129133s ago: executing program 33 (id=56):
r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x804, 0x14c9, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x803, 0x0, @perf_config_ext={0x1}, 0xa0, 0x58, 0x0, 0x4, 0x2, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0xff, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

0s ago: executing program 34 (id=54):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x6, 0x17, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x14, 0x4, 0x4, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000000)={r1, &(0x7f0000000140), &(0x7f0000000200)=""/221}, 0x20)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x4, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_config_ext={0x3, 0x8001}, 0x0, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x4, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xef, 0x10, 0x0, 0x0, 0x0, 0x5, 0x2505, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x1510, 0x4, 0x0, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x0, 0x401}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000100)='br_fdb_external_learn_add\x00', r2}, 0x18)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x3, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000100)='br_fdb_external_learn_add\x00', r3}, 0x18)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000200)="2e0400001c008102e00f80ecdb4cb9f207c804a00d00000088081afb0a0002000a0ada1b40d80800c500c50083b8", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0)
syz_clone(0x25200000, 0x0, 0x0, 0x0, 0x0, 0x0)
gettid()
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x94)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:30099' (ED25519) to the list of known hosts.
syzkaller login: [   41.912104][ T5786] cgroup: Unknown subsys name 'net'
[   42.057649][ T5786] cgroup: Unknown subsys name 'cpuset'
[   42.061425][ T5786] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   43.266919][ T5786] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   46.434738][ T5830] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   46.448619][ T5221] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   46.451265][ T5221] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   46.455523][ T5221] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   46.463910][ T5834] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   46.466547][ T5834] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   46.469603][ T5834] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   46.485638][ T5834] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   46.489642][ T5833] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   46.493605][ T5834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   46.494251][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   46.498469][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   46.501463][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   46.503981][ T5834] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   46.506632][ T5833] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   46.718773][ T5827] chnl_net:caif_netlink_parms(): no params data found
[   46.778432][ T5831] chnl_net:caif_netlink_parms(): no params data found
[   46.789737][ T5835] chnl_net:caif_netlink_parms(): no params data found
[   46.794388][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.797989][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.800472][ T5827] bridge_slave_0: entered allmulticast mode
[   46.803209][ T5827] bridge_slave_0: entered promiscuous mode
[   46.826796][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.829200][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.832257][ T5827] bridge_slave_1: entered allmulticast mode
[   46.835044][ T5827] bridge_slave_1: entered promiscuous mode
[   46.873298][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   46.899143][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   46.906116][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.908508][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.911110][ T5831] bridge_slave_0: entered allmulticast mode
[   46.913885][ T5831] bridge_slave_0: entered promiscuous mode
[   46.947589][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.950133][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.952595][ T5831] bridge_slave_1: entered allmulticast mode
[   46.955914][ T5831] bridge_slave_1: entered promiscuous mode
[   46.967129][ T5827] team0: Port device team_slave_0 added
[   46.976324][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.978686][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.981181][ T5835] bridge_slave_0: entered allmulticast mode
[   46.983771][ T5835] bridge_slave_0: entered promiscuous mode
[   46.988081][ T5827] team0: Port device team_slave_1 added
[   46.999236][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   47.002665][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.004866][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.007652][ T5835] bridge_slave_1: entered allmulticast mode
[   47.010346][ T5835] bridge_slave_1: entered promiscuous mode
[   47.028527][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0
[   47.031179][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.040622][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.045863][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   47.063031][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.065647][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.073962][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.079870][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   47.099964][ T5831] team0: Port device team_slave_0 added
[   47.103330][ T5831] team0: Port device team_slave_1 added
[   47.106603][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   47.147082][ T5835] team0: Port device team_slave_0 added
[   47.170544][ T5827] hsr_slave_0: entered promiscuous mode
[   47.172815][ T5827] hsr_slave_1: entered promiscuous mode
[   47.177370][ T5835] team0: Port device team_slave_1 added
[   47.179663][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[   47.181885][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.190829][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.210878][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.213860][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.225375][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.254488][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0
[   47.257468][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.265755][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.273840][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.276112][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.284279][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.310743][ T5831] hsr_slave_0: entered promiscuous mode
[   47.312967][ T5831] hsr_slave_1: entered promiscuous mode
[   47.315014][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   47.318101][ T5831] Cannot create hsr debugfs directory
[   47.366351][ T5835] hsr_slave_0: entered promiscuous mode
[   47.368582][ T5835] hsr_slave_1: entered promiscuous mode
[   47.370656][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   47.373033][ T5835] Cannot create hsr debugfs directory
[   47.476447][ T5827] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   47.484180][ T5827] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   47.494855][ T5827] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   47.504781][ T5827] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   47.569973][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.572445][ T5827] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.575278][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.577882][ T5827] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.583992][ T5831] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   47.589808][ T5831] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   47.598064][ T5831] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   47.607828][ T5831] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   47.641296][ T5835] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   47.648336][ T5835] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   47.656608][ T5835] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   47.662115][ T5835] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   47.667145][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.670092][ T5831] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.673169][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.676298][ T5831] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.694632][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.700473][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.703467][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.709572][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.712275][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.748783][ T5827] 8021q: adding VLAN 0 to HW filter on device team0
[   47.759915][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.762306][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.776689][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.786937][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.789312][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.820657][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[   47.827144][ T5827] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   47.833707][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.851024][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.853436][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.858831][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.861174][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.874327][ T5835] 8021q: adding VLAN 0 to HW filter on device team0
[   47.889063][ T4489] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.891456][ T4489] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.902307][ T4489] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.904599][ T4489] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.963235][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.017474][ T5827] veth0_vlan: entered promiscuous mode
[   48.022117][ T5827] veth1_vlan: entered promiscuous mode
[   48.038120][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.053119][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.065079][ T5827] veth0_macvtap: entered promiscuous mode
[   48.082620][ T5827] veth1_macvtap: entered promiscuous mode
[   48.090811][ T5831] veth0_vlan: entered promiscuous mode
[   48.102664][ T5831] veth1_vlan: entered promiscuous mode
[   48.110181][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.115109][ T5835] veth0_vlan: entered promiscuous mode
[   48.122696][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.131023][ T5835] veth1_vlan: entered promiscuous mode
[   48.133650][ T5827] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.137389][ T5827] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.140090][ T5827] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.142756][ T5827] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   48.162955][ T5831] veth0_macvtap: entered promiscuous mode
[   48.172644][ T5831] veth1_macvtap: entered promiscuous mode
[   48.188859][ T5835] veth0_macvtap: entered promiscuous mode
[   48.196829][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.203622][ T5835] veth1_macvtap: entered promiscuous mode
[   48.213648][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.219158][ T5831] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.221883][ T5831] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.224657][ T5831] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.228061][ T5831] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   48.239486][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.241989][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.246331][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.253419][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.279155][ T5835] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.281951][ T5835] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.284690][ T5835] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.288755][ T5835] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   48.295137][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.304049][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.333887][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.337301][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.359595][ T5827] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   48.379807][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.385731][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.393800][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.403663][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.427898][ T4489] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.430808][ T4489] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.438561][ T5897] netlink: 'syz.2.3': attribute type 29 has an invalid length.
[   48.457268][ T5897] netlink: 'syz.2.3': attribute type 29 has an invalid length.
[   48.460622][ T5897] netlink: 'syz.2.3': attribute type 29 has an invalid length.
[   48.474269][ T5899] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.1'.
[   48.488470][ T5897] netlink: 'syz.2.3': attribute type 29 has an invalid length.
[   48.521452][ T5901] Driver unsupported XDP return value 0 on prog  (id 2) dev N/A, expect packet loss!
[   48.576165][ T5833] Bluetooth: hci0: command tx timeout
[   48.585643][ T5833] Bluetooth: hci1: command tx timeout
[   48.585842][ T5834] Bluetooth: hci2: command tx timeout
[   48.795624][ T5920] netlink: 201660 bytes leftover after parsing attributes in process `syz.2.12'.
[   48.935218][    C0] hrtimer: interrupt took 39940 ns
[   50.657902][ T5834] Bluetooth: hci2: command tx timeout
[   50.659701][ T5834] Bluetooth: hci1: command tx timeout
[   50.661441][ T5834] Bluetooth: hci0: command tx timeout
[   51.006520][ T5963] netlink: 'syz.2.31': attribute type 21 has an invalid length.
[   51.094832][ T5972] netlink: 'syz.1.34': attribute type 49 has an invalid length.
[   51.149589][ T5978] lo: entered allmulticast mode
[   51.158141][ T5978] lo: entered promiscuous mode
[   51.159839][ T5978] lo: left allmulticast mode
[   51.448305][ T5990] netlink: 'syz.2.43': attribute type 1 has an invalid length.
[   51.451036][ T5990] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.43'.
[   51.694383][ T6008] netlink: 'syz.1.51': attribute type 13 has an invalid length.
[   51.699272][ T6008] netlink: 61967 bytes leftover after parsing attributes in process `syz.1.51'.
[   51.932229][ T6016] netlink: 830 bytes leftover after parsing attributes in process `syz.2.54'.
[   52.746404][ T5833] Bluetooth: hci0: command tx timeout
[   52.746466][ T5833] Bluetooth: hci1: command tx timeout
[   52.746497][ T5833] Bluetooth: hci2: command tx timeout
[   54.820140][ T5834] Bluetooth: hci2: command tx timeout
[   54.820204][ T5834] Bluetooth: hci1: command tx timeout
[   54.820254][ T5834] Bluetooth: hci0: command tx timeout
[   68.964936][ T5834] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   68.967081][ T5834] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   68.967667][ T5834] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   68.969006][ T5834] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   68.969973][ T5834] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   69.067701][ T5833] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   69.070205][ T5833] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   69.070782][ T5833] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   69.071933][ T5833] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   69.076801][ T5833] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   69.133540][ T5833] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   69.134292][ T5833] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   69.134746][ T5833] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   69.136532][ T5833] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   69.137468][ T5833] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   70.926265][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[   70.926373][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[   71.065142][ T5833] Bluetooth: hci3: command tx timeout
[   71.145716][ T5833] Bluetooth: hci4: command tx timeout
[   71.215767][ T5833] Bluetooth: hci5: command tx timeout
[   73.142949][ T5833] Bluetooth: hci3: command tx timeout
[   73.215563][ T5833] Bluetooth: hci4: command tx timeout
[   73.295548][ T5833] Bluetooth: hci5: command tx timeout
[   75.215572][ T5833] Bluetooth: hci3: command tx timeout
[   75.298268][ T5833] Bluetooth: hci4: command tx timeout
[   75.375626][ T5833] Bluetooth: hci5: command tx timeout
[   77.303406][ T5833] Bluetooth: hci3: command tx timeout
[   77.375474][ T5833] Bluetooth: hci4: command tx timeout
[   77.455777][ T5833] Bluetooth: hci5: command tx timeout
[   81.065549][   T10] cfg80211: failed to load regulatory.db
[  129.955690][ T5834] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  129.956452][ T5834] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  129.956904][ T5834] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  129.958262][ T5834] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  129.965016][ T5834] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  130.042436][ T5833] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  130.043364][ T5833] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  130.043848][ T5833] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  130.045174][ T5833] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  130.046930][ T5833] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  130.104674][ T5834] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  130.105744][ T5834] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  130.106346][ T5834] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  130.107470][ T5834] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  130.108424][ T5834] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  132.015618][ T5834] Bluetooth: hci6: command tx timeout
[  132.106466][ T5834] Bluetooth: hci7: command tx timeout
[  132.175769][ T5834] Bluetooth: hci8: command tx timeout
[  132.375586][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[  132.375680][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  134.100068][ T5834] Bluetooth: hci6: command tx timeout
[  134.175978][ T5834] Bluetooth: hci7: command tx timeout
[  134.256866][ T5834] Bluetooth: hci8: command tx timeout
[  136.175492][ T5834] Bluetooth: hci6: command tx timeout
[  136.265534][ T5834] Bluetooth: hci7: command tx timeout
[  136.349021][ T5834] Bluetooth: hci8: command tx timeout
[  138.255580][ T5834] Bluetooth: hci6: command tx timeout
[  138.336037][ T5834] Bluetooth: hci7: command tx timeout
[  138.416024][ T5834] Bluetooth: hci8: command tx timeout
[  156.945196][    C1] rcu: INFO: rcu_preempt self-detected stall on CPU
[  156.945280][    C1] rcu: 	1-....: (10496 ticks this GP) idle=0fcc/1/0x4000000000000000 softirq=13017/507216 fqs=4753
[  156.945538][    C1] rcu: 	         hardirqs   softirqs   csw/system
[  156.945544][    C1] rcu: 	 number:  1044182     258906            0
[  156.945551][    C1] rcu: 	cputime:    23929      24467         4114   ==> 52490(ms)
[  156.945558][    C1] rcu: 	(t=10500 jiffies g=5917 q=3069 ncpus=2)
[  156.945569][    C1] CPU: 1 UID: 0 PID: 6016 Comm: syz.2.54 Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0 PREEMPT(full) 
[  156.945577][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  156.945581][    C1] RIP: 0010:handle_softirqs+0x1b0/0x870
[  156.945593][    C1] Code: 89 64 24 30 0f b7 db 48 c7 c7 00 ad 89 8b e8 a7 fe e8 09 65 66 c7 05 85 5b 1a 11 00 00 e8 58 00 42 00 fb 49 c7 c7 c0 c0 e0 8d <b8> ff ff ff ff 0f bc c3 41 89 c5 41 ff c5 0f 84 c2 03 00 00 89 5c
[  156.945599][    C1] RSP: 0018:ffffc900001e0e40 EFLAGS: 00000286
[  156.945606][    C1] RAX: 790d570c812bb200 RBX: 0000000000000200 RCX: 790d570c812bb200
[  156.945611][    C1] RDX: 0000000000000002 RSI: ffffffff8d998940 RDI: ffffffff8be29f40
[  156.945615][    C1] RBP: ffffc900001e0f50 R08: ffffffff8fa1e9f7 R09: 1ffffffff1f43d3e
[  156.945620][    C1] R10: dffffc0000000000 R11: fffffbfff1f43d3f R12: 000000000000000a
[  156.945624][    C1] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff8de0c0c0
[  156.945628][    C1] FS:  00007f6dc41e96c0(0000) GS:ffff8881a3c1f000(0000) knlGS:0000000000000000
[  156.945633][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  156.945638][    C1] CR2: 0000200000010000 CR3: 000000010bd4a000 CR4: 00000000000006f0
[  156.945667][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  156.945673][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  156.945677][    C1] Call Trace:
[  156.945681][    C1]  <IRQ>
[  156.945695][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  156.945718][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  156.945726][    C1]  ? irq_work_single+0x1ac/0x240
[  156.945742][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  156.945760][    C1]  __irq_exit_rcu+0xca/0x1f0
[  156.945770][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  156.945788][    C1]  ? rcu_is_watching+0x15/0xb0
[  156.945803][    C1]  irq_exit_rcu+0x9/0x30
[  156.945810][    C1]  sysvec_irq_work+0xa3/0xc0
[  156.945820][    C1]  </IRQ>
[  156.945822][    C1]  <TASK>
[  156.945828][    C1]  asm_sysvec_irq_work+0x1a/0x20
[  156.945835][    C1] RIP: 0010:console_flush_all+0x7f7/0xc40
[  156.945844][    C1] Code: 48 21 c3 0f 85 e9 01 00 00 e8 75 e7 1e 00 48 8b 5c 24 20 4d 85 f6 75 07 e8 66 e7 1e 00 eb 06 e8 5f e7 1e 00 fb 48 8b 44 24 28 <42> 80 3c 20 00 74 08 48 89 df e8 8a 0a 82 00 48 8b 1b 48 8b 44 24
[  156.945849][    C1] RSP: 0018:ffffc900065fed00 EFLAGS: 00000246
[  156.945854][    C1] RAX: 1ffffffff1d902ff RBX: ffffffff8ec817f8 RCX: 0000000000080000
[  156.945858][    C1] RDX: ffffc90003c41000 RSI: 000000000007ffff RDI: 0000000000080000
[  156.945862][    C1] RBP: ffffc900065fee50 R08: ffffffff8fa1e9f7 R09: 1ffffffff1f43d3e
[  156.945866][    C1] R10: dffffc0000000000 R11: fffffbfff1f43d3f R12: dffffc0000000000
[  156.945909][    C1] R13: 0000000000000001 R14: 0000000000000200 R15: ffffffff8ec817a0
[  156.945971][    C1]  ? console_flush_all+0x13a/0xc40
[  156.945996][    C1]  ? __pfx_console_flush_all+0x10/0x10
[  156.946028][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  156.946048][    C1]  console_unlock+0xc4/0x270
[  156.946064][    C1]  ? __pfx_console_unlock+0x10/0x10
[  156.946083][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  156.946102][    C1]  vprintk_emit+0x5b7/0x7a0
[  156.946119][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  156.946125][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  156.946136][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  156.946179][    C1]  _printk+0xcf/0x120
[  156.946191][    C1]  ? __pfx____ratelimit+0x10/0x10
[  156.946209][    C1]  ? __pfx__printk+0x10/0x10
[  156.946229][    C1]  ? trace_call_bpf+0x5ba/0x850
[  156.946252][    C1]  __nla_validate_parse+0x2563/0x2d40
[  156.946303][    C1]  ? __pfx___nla_validate_parse+0x10/0x10
[  156.946314][    C1]  ? perf_trace_lock_acquire+0x335/0x410
[  156.946350][    C1]  ? __lock_acquire+0xab9/0xd20
[  156.946384][    C1]  __nla_parse+0x40/0x60
[  156.946405][    C1]  rtnl_fdb_add+0x17b/0xa50
[  156.946423][    C1]  ? trace_contention_end+0x39/0x120
[  156.946435][    C1]  ? __mutex_lock+0x330/0xe80
[  156.946447][    C1]  ? perf_trace_lock+0xec/0x3b0
[  156.946456][    C1]  ? __pfx_rtnl_fdb_add+0x10/0x10
[  156.946524][    C1]  ? __pfx_rtnl_fdb_add+0x10/0x10
[  156.946532][    C1]  rtnetlink_rcv_msg+0x77c/0xb70
[  156.946552][    C1]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  156.946563][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  156.946572][    C1]  ? ref_tracker_free+0x63a/0x7d0
[  156.946579][    C1]  ? __copy_skb_header+0xa7/0x550
[  156.946593][    C1]  ? __pfx_ref_tracker_free+0x10/0x10
[  156.946603][    C1]  ? __skb_clone+0x63/0x7a0
[  156.946629][    C1]  netlink_rcv_skb+0x208/0x470
[  156.946642][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  156.946658][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  156.946694][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  156.946702][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  156.946723][    C1]  netlink_unicast+0x75c/0x8e0
[  156.946757][    C1]  netlink_sendmsg+0x805/0xb30
[  156.946785][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  156.946801][    C1]  ? aa_sock_msg_perm+0x94/0x160
[  156.946816][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  156.946826][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  156.946838][    C1]  __sock_sendmsg+0x21c/0x270
[  156.946857][    C1]  ____sys_sendmsg+0x505/0x830
[  156.946910][    C1]  ? __pfx_____sys_sendmsg+0x10/0x10
[  156.946945][    C1]  ? import_iovec+0x74/0xa0
[  156.946963][    C1]  ___sys_sendmsg+0x21f/0x2a0
[  156.946980][    C1]  ? __pfx____sys_sendmsg+0x10/0x10
[  156.947031][    C1]  ? __fget_files+0x2a/0x420
[  156.947065][    C1]  ? __fget_files+0x2a/0x420
[  156.947073][    C1]  ? __fget_files+0x3a0/0x420
[  156.947103][    C1]  __x64_sys_sendmsg+0x19b/0x260
[  156.947123][    C1]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  156.947181][    C1]  do_syscall_64+0xfa/0x3b0
[  156.947195][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.947201][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  156.947218][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.947224][    C1] RIP: 0033:0x7f6dc338e9a9
[  156.947234][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.947239][    C1] RSP: 002b:00007f6dc41e9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  156.947246][    C1] RAX: ffffffffffffffda RBX: 00007f6dc35b5fa0 RCX: 00007f6dc338e9a9
[  156.947250][    C1] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000c
[  156.947254][    C1] RBP: 00007f6dc3410d69 R08: 0000000000000000 R09: 0000000000000000
[  156.947258][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  156.947261][    C1] R13: 0000000000000000 R14: 00007f6dc35b5fa0 R15: 00007ffc39125658
[  156.947297][    C1]  </TASK>
[  170.186636][ T5830] Bluetooth: hci1: command 0x0406 tx timeout
[  170.186680][ T5830] Bluetooth: hci0: command 0x0406 tx timeout
[  170.186731][ T5830] Bluetooth: hci2: command 0x0406 tx timeout
[  183.469745][   T18] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 1-.... } 13153 jiffies s: 1173 root: 0x2/.
[  183.469774][   T18] rcu: blocking rcu_node structures (internal RCU debug):
[  183.469783][   T18] Sending NMI from CPU 0 to CPUs 1:
[  183.469825][    C1] NMI backtrace for cpu 1
[  183.469836][    C1] CPU: 1 UID: 0 PID: 6016 Comm: syz.2.54 Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0 PREEMPT(full) 
[  183.469844][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  183.469848][    C1] RIP: 0010:asm_sysvec_irq_work+0x0/0x20
[  183.469859][    C1] Code: 16 74 6e 0a e9 41 05 00 00 90 f3 0f 1e fa 0f 1f 00 fc 6a ff e8 f1 03 00 00 48 89 c4 48 89 e7 e8 f6 52 6e 0a e9 21 05 00 00 90 <f3> 0f 1e fa 0f 1f 00 fc 6a ff e8 d1 03 00 00 48 89 c4 48 89 e7 e8
[  183.469865][    C1] RSP: 0018:ffffc900001e03b8 EFLAGS: 00000006
[  183.469872][    C1] RAX: 790d570c812bb200 RBX: 1ffff9200003c084 RCX: 790d570c812bb200
[  183.469876][    C1] RDX: 0000000000000002 RSI: ffffffff8d998940 RDI: ffffffff8be29f40
[  183.469881][    C1] RBP: ffffc900001e04d8 R08: ffffffff8fa1e9f7 R09: 1ffffffff1f43d3e
[  183.469885][    C1] R10: dffffc0000000000 R11: fffffbfff1f43d3f R12: ffffffff8e144400
[  183.469889][    C1] R13: dffffc0000000000 R14: 0000000000000246 R15: 0000000000000002
[  183.469894][    C1] FS:  00007f6dc41e96c0(0000) GS:ffff8881a3c1f000(0000) knlGS:0000000000000000
[  183.469899][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  183.469903][    C1] CR2: 0000200000010000 CR3: 000000010bd4a000 CR4: 00000000000006f0
[  183.469929][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  183.469934][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  183.469938][    C1] Call Trace:
[  183.469942][    C1]  <IRQ>
[  183.469944][    C1] RIP: 0010:rcu_read_unlock_special+0x87/0x4c0
[  183.469955][    C1] Code: f1 f1 f1 00 f2 f2 f2 4a 89 04 2b 66 42 c7 44 2b 09 f3 f3 42 c6 44 2b 0b f3 65 44 8b 35 62 2c f8 10 41 f7 c6 00 00 f0 00 74 49 <48> c7 44 24 40 0e 36 e0 45 4a c7 04 2b 00 00 00 00 66 42 c7 44 2b
[  183.469960][    C1] RSP: 0018:ffffc900001e03e0 EFLAGS: 00000206
[  183.469971][    C1]  ? __pfx_perf_trace_lock+0x10/0x10
[  183.469987][    C1]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  183.470001][    C1]  ? unwind_next_frame+0xa5/0x2390
[  183.470021][    C1]  __rcu_read_unlock+0x84/0xe0
[  183.470034][    C1]  ? unwind_next_frame+0xa5/0x2390
[  183.470040][    C1]  unwind_next_frame+0x19ae/0x2390
[  183.470061][    C1]  ? unwind_next_frame+0xa5/0x2390
[  183.470070][    C1]  ? ____sys_sendmsg+0x505/0x830
[  183.470085][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  183.470095][    C1]  arch_stack_walk+0x11c/0x150
[  183.470112][    C1]  ? ___sys_sendmsg+0x21f/0x2a0
[  183.470126][    C1]  stack_trace_save+0x9c/0xe0
[  183.470136][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  183.470143][    C1]  ? irqentry_exit+0x74/0x90
[  183.470157][    C1]  ? perf_trace_run_bpf_submit+0xee/0x170
[  183.470173][    C1]  kasan_save_track+0x3e/0x80
[  183.470180][    C1]  ? kasan_save_track+0x3e/0x80
[  183.470184][    C1]  ? __kasan_slab_alloc+0x6c/0x80
[  183.470190][    C1]  ? kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  183.470196][    C1]  ? __alloc_skb+0x112/0x2d0
[  183.470202][    C1]  ? ndisc_alloc_skb+0x9f/0x480
[  183.470210][    C1]  ? ndisc_send_rs+0x2b5/0x630
[  183.470217][    C1]  ? addrconf_rs_timer+0x369/0x670
[  183.470224][    C1]  ? call_timer_fn+0x17e/0x5f0
[  183.470230][    C1]  ? __run_timer_base+0x61a/0x860
[  183.470238][    C1]  ? run_timer_softirq+0xb7/0x180
[  183.470246][    C1]  ? handle_softirqs+0x286/0x870
[  183.470253][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  183.470259][    C1]  ? irq_exit_rcu+0x9/0x30
[  183.470265][    C1]  ? sysvec_irq_work+0xa3/0xc0
[  183.470270][    C1]  ? asm_sysvec_irq_work+0x1a/0x20
[  183.470276][    C1]  ? vsnprintf+0x9a/0xf00
[  183.470282][    C1]  ? sprintf+0xd9/0x120
[  183.470287][    C1]  ? info_print_prefix+0x1f3/0x310
[  183.470296][    C1]  ? record_print_text+0x154/0x430
[  183.470303][    C1]  ? printk_get_next_message+0x26d/0x7b0
[  183.470311][    C1]  ? console_flush_all+0x4ca/0xc40
[  183.470318][    C1]  ? console_unlock+0xc4/0x270
[  183.470325][    C1]  ? vprintk_emit+0x5b7/0x7a0
[  183.470331][    C1]  ? _printk+0xcf/0x120
[  183.470339][    C1]  ? __nla_validate_parse+0x2563/0x2d40
[  183.470348][    C1]  ? __nla_parse+0x40/0x60
[  183.470355][    C1]  ? rtnl_fdb_add+0x17b/0xa50
[  183.470361][    C1]  ? rtnetlink_rcv_msg+0x77c/0xb70
[  183.470369][    C1]  ? netlink_rcv_skb+0x208/0x470
[  183.470375][    C1]  ? netlink_unicast+0x75c/0x8e0
[  183.470383][    C1]  ? netlink_sendmsg+0x805/0xb30
[  183.470389][    C1]  ? __sock_sendmsg+0x21c/0x270
[  183.470396][    C1]  ? ____sys_sendmsg+0x505/0x830
[  183.470440][    C1]  __kasan_slab_alloc+0x6c/0x80
[  183.470450][    C1]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  183.470459][    C1]  ? __alloc_skb+0x112/0x2d0
[  183.470472][    C1]  __alloc_skb+0x112/0x2d0
[  183.470486][    C1]  ndisc_alloc_skb+0x9f/0x480
[  183.470499][    C1]  ndisc_send_rs+0x2b5/0x630
[  183.470517][    C1]  addrconf_rs_timer+0x369/0x670
[  183.470534][    C1]  ? __pfx_addrconf_rs_timer+0x10/0x10
[  183.470573][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  183.470594][    C1]  call_timer_fn+0x17e/0x5f0
[  183.470601][    C1]  ? __pfx_addrconf_rs_timer+0x10/0x10
[  183.470607][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  183.470614][    C1]  ? call_timer_fn+0xbe/0x5f0
[  183.470621][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  183.470644][    C1]  ? __pfx_addrconf_rs_timer+0x10/0x10
[  183.470656][    C1]  __run_timer_base+0x61a/0x860
[  183.470664][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  183.470693][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  183.470725][    C1]  run_timer_softirq+0xb7/0x180
[  183.470737][    C1]  handle_softirqs+0x286/0x870
[  183.470750][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  183.470766][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  183.470774][    C1]  ? irq_work_single+0x1ac/0x240
[  183.470787][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  183.470800][    C1]  __irq_exit_rcu+0xca/0x1f0
[  183.470809][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  183.470823][    C1]  ? rcu_is_watching+0x15/0xb0
[  183.470835][    C1]  irq_exit_rcu+0x9/0x30
[  183.470842][    C1]  sysvec_irq_work+0xa3/0xc0
[  183.470849][    C1]  </IRQ>
[  183.470851][    C1]  <TASK>
[  183.470855][    C1]  asm_sysvec_irq_work+0x1a/0x20
[  183.470861][    C1] RIP: 0010:vsnprintf+0x9a/0xf00
[  183.470868][    C1] Code: c7 c1 ff ff ff ff 48 0f 43 c8 48 89 4c 24 20 4c 0f 43 e3 4c 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 10 0e 00 00 41 0f b6 1f <31> ff 89 de e8 2d 74 55 f6 85 db 0f 84 40 0d 00 00 4c 89 64 24 38
[  183.470873][    C1] RSP: 0018:ffffc900065fe790 EFLAGS: 00000297
[  183.470878][    C1] RAX: 0000000000000006 RBX: 000000000000005b RCX: 000000008b8b8900
[  183.470882][    C1] RDX: dffffc0000000000 RSI: 000000007fffffff RDI: 000000007fffffff
[  183.470886][    C1] RBP: ffffc900065fe910 R08: ffffc900065fe897 R09: 0000000000000000
[  183.470890][    C1] R10: ffffc900065fe880 R11: fffff52000cbfd13 R12: 000000007fffffff
[  183.470894][    C1] R13: dffffc0000000000 R14: ffffc900065fea6e R15: ffffffff8b8b8980
[  183.470936][    C1]  sprintf+0xd9/0x120
[  183.470942][    C1]  ? desc_read+0x208/0x3f0
[  183.470957][    C1]  ? __pfx_sprintf+0x10/0x10
[  183.470968][    C1]  ? desc_read+0x208/0x3f0
[  183.470987][    C1]  info_print_prefix+0x1f3/0x310
[  183.471002][    C1]  ? __pfx_info_print_prefix+0x10/0x10
[  183.471010][    C1]  ? _prb_read_valid+0xa7b/0xa90
[  183.471031][    C1]  record_print_text+0x154/0x430
[  183.471054][    C1]  ? __pfx__prb_read_valid+0x10/0x10
[  183.471064][    C1]  ? __pfx_record_print_text+0x10/0x10
[  183.471095][    C1]  printk_get_next_message+0x26d/0x7b0
[  183.471104][    C1]  ? perf_trace_preemptirq_template+0x280/0x340
[  183.471121][    C1]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  183.471132][    C1]  ? __pfx_printk_get_next_message+0x10/0x10
[  183.471174][    C1]  ? console_flush_all+0x476/0xc40
[  183.471190][    C1]  console_flush_all+0x4ca/0xc40
[  183.471199][    C1]  ? console_flush_all+0x861/0xc40
[  183.471210][    C1]  ? console_flush_all+0x13a/0xc40
[  183.471228][    C1]  ? __pfx_console_flush_all+0x10/0x10
[  183.471251][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  183.471266][    C1]  console_unlock+0xc4/0x270
[  183.471279][    C1]  ? __pfx_console_unlock+0x10/0x10
[  183.471294][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  183.471309][    C1]  vprintk_emit+0x5b7/0x7a0
[  183.471322][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  183.471329][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  183.471339][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  183.471369][    C1]  _printk+0xcf/0x120
[  183.471379][    C1]  ? __pfx____ratelimit+0x10/0x10
[  183.471393][    C1]  ? __pfx__printk+0x10/0x10
[  183.471408][    C1]  ? trace_call_bpf+0x5ba/0x850
[  183.471424][    C1]  __nla_validate_parse+0x2563/0x2d40
[  183.471458][    C1]  ? __pfx___nla_validate_parse+0x10/0x10
[  183.471469][    C1]  ? perf_trace_lock_acquire+0x335/0x410
[  183.471494][    C1]  ? __lock_acquire+0xab9/0xd20
[  183.471519][    C1]  __nla_parse+0x40/0x60
[  183.471535][    C1]  rtnl_fdb_add+0x17b/0xa50
[  183.471564][    C1]  ? trace_contention_end+0x39/0x120
[  183.471576][    C1]  ? __mutex_lock+0x330/0xe80
[  183.471586][    C1]  ? perf_trace_lock+0xec/0x3b0
[  183.471595][    C1]  ? __pfx_rtnl_fdb_add+0x10/0x10
[  183.471641][    C1]  ? __pfx_rtnl_fdb_add+0x10/0x10
[  183.471648][    C1]  rtnetlink_rcv_msg+0x77c/0xb70
[  183.471664][    C1]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  183.471674][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  183.471682][    C1]  ? ref_tracker_free+0x63a/0x7d0
[  183.471689][    C1]  ? __copy_skb_header+0xa7/0x550
[  183.471701][    C1]  ? __pfx_ref_tracker_free+0x10/0x10
[  183.471710][    C1]  ? __skb_clone+0x63/0x7a0
[  183.471729][    C1]  netlink_rcv_skb+0x208/0x470
[  183.471739][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  183.471752][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  183.471777][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  183.471784][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  183.471799][    C1]  netlink_unicast+0x75c/0x8e0
[  183.471824][    C1]  netlink_sendmsg+0x805/0xb30
[  183.471844][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  183.471857][    C1]  ? aa_sock_msg_perm+0x94/0x160
[  183.471869][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  183.471878][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  183.471887][    C1]  __sock_sendmsg+0x21c/0x270
[  183.471902][    C1]  ____sys_sendmsg+0x505/0x830
[  183.471919][    C1]  ? __pfx_____sys_sendmsg+0x10/0x10
[  183.471940][    C1]  ? import_iovec+0x74/0xa0
[  183.471954][    C1]  ___sys_sendmsg+0x21f/0x2a0
[  183.471966][    C1]  ? __pfx____sys_sendmsg+0x10/0x10
[  183.472002][    C1]  ? __fget_files+0x2a/0x420
[  183.472026][    C1]  ? __fget_files+0x2a/0x420
[  183.472033][    C1]  ? __fget_files+0x3a0/0x420
[  183.472060][    C1]  __x64_sys_sendmsg+0x19b/0x260
[  183.472073][    C1]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  183.472113][    C1]  do_syscall_64+0xfa/0x3b0
[  183.472124][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.472130][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  183.472143][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.472149][    C1] RIP: 0033:0x7f6dc338e9a9
[  183.472159][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  183.472163][    C1] RSP: 002b:00007f6dc41e9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  183.472170][    C1] RAX: ffffffffffffffda RBX: 00007f6dc35b5fa0 RCX: 00007f6dc338e9a9
[  183.472174][    C1] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000c
[  183.472178][    C1] RBP: 00007f6dc3410d69 R08: 0000000000000000 R09: 0000000000000000
[  183.472182][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  183.472185][    C1] R13: 0000000000000000 R14: 00007f6dc35b5fa0 R15: 00007ffc39125658
[  183.472210][    C1]  </TASK>
[  190.969296][ T5830] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  190.970267][ T5830] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  190.970784][ T5830] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  190.972121][ T5830] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  190.972899][ T5830] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  191.097109][ T5838] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  191.097942][ T5838] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  191.098426][ T5838] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  191.099786][ T5838] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  191.100579][ T5838] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  191.174489][ T6063] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  191.175278][ T6063] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  191.176153][ T6063] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  191.177478][ T6063] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  191.178414][ T6063] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  193.825365][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[  193.825444][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  195.777007][ T6067] Bluetooth: hci5: command 0x0406 tx timeout
[  195.777071][ T6067] Bluetooth: hci3: command 0x0406 tx timeout
[  195.777112][ T6067] Bluetooth: hci4: command 0x0406 tx timeout
[  205.870014][   T34] INFO: task rcu_tasks_trace:32 blocked for more than 143 seconds.
[  205.870031][   T34]       Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0
[  205.870037][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  205.870043][   T34] task:rcu_tasks_trace state:D stack:25576 pid:32    tgid:32    ppid:2      task_flags:0x208040 flags:0x00004000
[  205.870069][   T34] Call Trace:
[  205.870074][   T34]  <TASK>
[  205.870088][   T34]  __schedule+0x16f5/0x4d00
[  205.870139][   T34]  ? perf_trace_lock+0xec/0x3b0
[  205.870150][   T34]  ? schedule+0x165/0x360
[  205.870173][   T34]  ? __pfx___schedule+0x10/0x10
[  205.870217][   T34]  ? schedule+0x91/0x360
[  205.870238][   T34]  schedule+0x165/0x360
[  205.870257][   T34]  schedule_preempt_disabled+0x13/0x30
[  205.870268][   T34]  __mutex_lock+0x724/0xe80
[  205.870306][   T34]  ? __mutex_lock+0x51b/0xe80
[  205.870332][   T34]  ? synchronize_rcu_expedited+0x3b9/0x730
[  205.870351][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  205.870390][   T34]  ? do_raw_spin_unlock+0x4d/0x240
[  205.870413][   T34]  synchronize_rcu_expedited+0x3b9/0x730
[  205.870432][   T34]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  205.870482][   T34]  ? __pfx___might_resched+0x10/0x10
[  205.870499][   T34]  ? rcu_tasks_trace_pregp_step+0xe2a/0xe70
[  205.870537][   T34]  synchronize_rcu+0x11a/0x310
[  205.870551][   T34]  ? __pfx_synchronize_rcu+0x10/0x10
[  205.870564][   T34]  ? __pfx_rcu_tasks_trace_pregp_step+0x10/0x10
[  205.870576][   T34]  ? rcu_is_watching+0x15/0xb0
[  205.870589][   T34]  ? trace_contention_end+0x39/0x120
[  205.870604][   T34]  ? __mutex_lock+0x330/0xe80
[  205.870624][   T34]  rcu_tasks_wait_gp+0x490/0xac0
[  205.870657][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  205.870667][   T34]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  205.870680][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.870696][   T34]  ? __pfx_rcu_tasks_wait_gp+0x10/0x10
[  205.870711][   T34]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  205.870743][   T34]  rcu_tasks_one_gp+0xc19/0xdf0
[  205.870782][   T34]  ? rcu_tasks_one_gp+0xe9/0xdf0
[  205.870815][   T34]  rcu_tasks_kthread+0x195/0x1c0
[  205.870839][   T34]  kthread+0x711/0x8a0
[  205.870865][   T34]  ? __pfx_rcu_tasks_kthread+0x10/0x10
[  205.870879][   T34]  ? __pfx_kthread+0x10/0x10
[  205.870899][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  205.870911][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.870921][   T34]  ? __pfx_kthread+0x10/0x10
[  205.870938][   T34]  ret_from_fork+0x3fc/0x770
[  205.870956][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  205.870981][   T34]  ? __switch_to_asm+0x39/0x70
[  205.870992][   T34]  ? __switch_to_asm+0x33/0x70
[  205.871001][   T34]  ? __pfx_kthread+0x10/0x10
[  205.871019][   T34]  ret_from_fork_asm+0x1a/0x30
[  205.871061][   T34]  </TASK>
[  205.871115][   T34] INFO: task syz.2.54:6014 blocked for more than 143 seconds.
[  205.871122][   T34]       Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0
[  205.871128][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  205.871133][   T34] task:syz.2.54        state:D stack:24104 pid:6014  tgid:6014  ppid:5827   task_flags:0x400040 flags:0x00004004
[  205.871157][   T34] Call Trace:
[  205.871161][   T34]  <TASK>
[  205.871174][   T34]  __schedule+0x16f5/0x4d00
[  205.871219][   T34]  ? perf_trace_lock+0xec/0x3b0
[  205.871228][   T34]  ? schedule+0x165/0x360
[  205.871250][   T34]  ? __pfx___schedule+0x10/0x10
[  205.871314][   T34]  ? schedule+0x91/0x360
[  205.871337][   T34]  schedule+0x165/0x360
[  205.871356][   T34]  schedule_preempt_disabled+0x13/0x30
[  205.871367][   T34]  __mutex_lock+0x724/0xe80
[  205.871384][   T34]  ? __mutex_lock+0x51b/0xe80
[  205.871409][   T34]  ? perf_trace_destroy+0x2e/0x150
[  205.871427][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  205.871454][   T34]  ? security_perf_event_free+0x40/0x70
[  205.871468][   T34]  ? rcu_is_watching+0x15/0xb0
[  205.871484][   T34]  ? rcu_is_watching+0x15/0xb0
[  205.871499][   T34]  ? __pfx_tp_perf_event_destroy+0x10/0x10
[  205.871511][   T34]  perf_trace_destroy+0x2e/0x150
[  205.871527][   T34]  ? __pfx_tp_perf_event_destroy+0x10/0x10
[  205.871538][   T34]  __free_event+0x316/0x7b0
[  205.871554][   T34]  ? __pfx_perf_release+0x10/0x10
[  205.871568][   T34]  perf_event_release_kernel+0x45b/0x510
[  205.871584][   T34]  ? __pfx_perf_release+0x10/0x10
[  205.871599][   T34]  perf_release+0x38/0x50
[  205.871611][   T34]  __fput+0x44c/0xa70
[  205.871647][   T34]  task_work_run+0x1d4/0x260
[  205.871669][   T34]  ? __pfx_task_work_run+0x10/0x10
[  205.871695][   T34]  ? exit_to_user_mode_loop+0x40/0x110
[  205.871714][   T34]  exit_to_user_mode_loop+0xec/0x110
[  205.871728][   T34]  do_syscall_64+0x2bd/0x3b0
[  205.871740][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.871753][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.871763][   T34]  ? exc_page_fault+0x9f/0xf0
[  205.871781][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.871791][   T34] RIP: 0033:0x7f6dc338e9a9
[  205.871802][   T34] RSP: 002b:00007ffc391257b8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  205.871814][   T34] RAX: 0000000000000000 RBX: 00007f6dc35b7ba0 RCX: 00007f6dc338e9a9
[  205.871821][   T34] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  205.871827][   T34] RBP: 00007f6dc35b7ba0 R08: 000000000001521c R09: 0000001139125aaf
[  205.871834][   T34] R10: 00007f6dc35b7ac0 R11: 0000000000000246 R12: 000000000000cd1c
[  205.871844][   T34] R13: 00007f6dc35b6080 R14: ffffffffffffffff R15: 00007ffc391258d0
[  205.871883][   T34]  </TASK>
[  205.871888][   T34] INFO: task syz.1.56:6017 blocked for more than 143 seconds.
[  205.871895][   T34]       Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0
[  205.871900][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  205.871905][   T34] task:syz.1.56        state:D stack:26184 pid:6017  tgid:6017  ppid:5835   task_flags:0x400040 flags:0x00004004
[  205.871928][   T34] Call Trace:
[  205.871932][   T34]  <TASK>
[  205.871945][   T34]  __schedule+0x16f5/0x4d00
[  205.871962][   T34]  ? perf_trace_run_bpf_submit+0x100/0x170
[  205.871988][   T34]  ? perf_trace_lock_acquire+0x335/0x410
[  205.872010][   T34]  ? perf_trace_lock+0xec/0x3b0
[  205.872019][   T34]  ? schedule+0x165/0x360
[  205.872042][   T34]  ? __pfx___schedule+0x10/0x10
[  205.872068][   T34]  ? schedule+0x91/0x360
[  205.872093][   T34]  ? schedule+0x91/0x360
[  205.872114][   T34]  schedule+0x165/0x360
[  205.872133][   T34]  schedule_timeout+0x9a/0x270
[  205.872145][   T34]  ? __pfx_schedule_timeout+0x10/0x10
[  205.872161][   T34]  ? __wait_for_common+0x3c7/0x710
[  205.872189][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  205.872201][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.872220][   T34]  __wait_for_common+0x3da/0x710
[  205.872266][   T34]  ? __pfx_schedule_timeout+0x10/0x10
[  205.872296][   T34]  ? __pfx___wait_for_common+0x10/0x10
[  205.872318][   T34]  ? __raw_spin_lock_init+0x45/0x100
[  205.872336][   T34]  ? __init_swait_queue_head+0xa9/0x150
[  205.872357][   T34]  wait_for_completion_state+0x1c/0x40
[  205.872368][   T34]  __wait_rcu_gp+0x24c/0x280
[  205.872394][   T34]  synchronize_rcu_tasks_generic+0x132/0x220
[  205.872408][   T34]  ? __pfx_synchronize_rcu_tasks_generic+0x10/0x10
[  205.872420][   T34]  ? __pfx_call_rcu_tasks_trace+0x10/0x10
[  205.872434][   T34]  ? queue_work_on+0x1ed/0x270
[  205.872445][   T34]  ? __pfx_wakeme_after_rcu+0x10/0x10
[  205.872496][   T34]  uprobe_unregister_sync+0xe/0x20
[  205.872508][   T34]  probe_event_disable+0x2e5/0x3b0
[  205.872530][   T34]  trace_uprobe_register+0xba/0x560
[  205.872548][   T34]  ? uprobe_perf_close+0x3b1/0x480
[  205.872566][   T34]  perf_trace_event_unreg+0xb9/0x1b0
[  205.872582][   T34]  perf_uprobe_destroy+0xa4/0x170
[  205.872597][   T34]  ? __pfx_perf_uprobe_destroy+0x10/0x10
[  205.872607][   T34]  __free_event+0x316/0x7b0
[  205.872622][   T34]  ? __pfx_perf_release+0x10/0x10
[  205.872637][   T34]  perf_event_release_kernel+0x45b/0x510
[  205.872652][   T34]  ? __pfx_perf_release+0x10/0x10
[  205.872666][   T34]  perf_release+0x38/0x50
[  205.872678][   T34]  __fput+0x44c/0xa70
[  205.872714][   T34]  task_work_run+0x1d4/0x260
[  205.872735][   T34]  ? __pfx_task_work_run+0x10/0x10
[  205.872761][   T34]  ? exit_to_user_mode_loop+0x40/0x110
[  205.872780][   T34]  exit_to_user_mode_loop+0xec/0x110
[  205.872793][   T34]  do_syscall_64+0x2bd/0x3b0
[  205.872805][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.872817][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.872827][   T34]  ? exc_page_fault+0x9f/0xf0
[  205.872850][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.872859][   T34] RIP: 0033:0x7f4cb858e9a9
[  205.872870][   T34] RSP: 002b:00007ffda4b108a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  205.872881][   T34] RAX: 0000000000000000 RBX: 000000000000c9f4 RCX: 00007f4cb858e9a9
[  205.872887][   T34] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  205.872893][   T34] RBP: 00007f4cb87b7ba0 R08: 0000000000000001 R09: 00000008a4b10b9f
[  205.872900][   T34] R10: 00007f4cb8400000 R11: 0000000000000246 R12: 00007f4cb87b5fac
[  205.872906][   T34] R13: 00007f4cb87b5fa0 R14: ffffffffffffffff R15: 00007ffda4b109c0
[  205.872944][   T34]  </TASK>
[  205.872949][   T34] INFO: task syz.0.57:6019 blocked for more than 143 seconds.
[  205.872955][   T34]       Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0
[  205.872961][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  205.872966][   T34] task:syz.0.57        state:D stack:25928 pid:6019  tgid:6019  ppid:5831   task_flags:0x400040 flags:0x00004004
[  205.872988][   T34] Call Trace:
[  205.872992][   T34]  <TASK>
[  205.873006][   T34]  __schedule+0x16f5/0x4d00
[  205.873022][   T34]  ? perf_trace_run_bpf_submit+0x100/0x170
[  205.873044][   T34]  ? perf_trace_lock_acquire+0x335/0x410
[  205.873066][   T34]  ? perf_trace_lock+0xec/0x3b0
[  205.873075][   T34]  ? schedule+0x165/0x360
[  205.873097][   T34]  ? __pfx___schedule+0x10/0x10
[  205.873125][   T34]  ? schedule+0x91/0x360
[  205.873150][   T34]  ? schedule+0x91/0x360
[  205.873171][   T34]  schedule+0x165/0x360
[  205.873189][   T34]  synchronize_rcu_expedited+0x583/0x730
[  205.873209][   T34]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  205.873243][   T34]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  205.873260][   T34]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  205.873295][   T34]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  205.873312][   T34]  ? __pfx_autoremove_wake_function+0x10/0x10
[  205.873328][   T34]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  205.873361][   T34]  packet_release+0xa05/0xce0
[  205.873388][   T34]  ? __pfx_packet_release+0x10/0x10
[  205.873396][   T34]  ? down_write+0x162/0x1f0
[  205.873436][   T34]  sock_close+0xc3/0x240
[  205.873454][   T34]  ? __pfx_sock_close+0x10/0x10
[  205.873468][   T34]  __fput+0x44c/0xa70
[  205.873504][   T34]  task_work_run+0x1d4/0x260
[  205.873525][   T34]  ? __pfx_task_work_run+0x10/0x10
[  205.873551][   T34]  ? exit_to_user_mode_loop+0x40/0x110
[  205.873569][   T34]  exit_to_user_mode_loop+0xec/0x110
[  205.873583][   T34]  do_syscall_64+0x2bd/0x3b0
[  205.873594][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.873607][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.873616][   T34]  ? exc_page_fault+0x9f/0xf0
[  205.873635][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.873644][   T34] RIP: 0033:0x7fa530f8e9a9
[  205.873654][   T34] RSP: 002b:00007ffed6187298 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  205.873665][   T34] RAX: 0000000000000000 RBX: 000000000000ca5c RCX: 00007fa530f8e9a9
[  205.873671][   T34] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  205.873677][   T34] RBP: 00007fa5311b7ba0 R08: 0000000000000001 R09: 00000011d618758f
[  205.873684][   T34] R10: 00007fa530e00000 R11: 0000000000000246 R12: 00007fa5311b5fac
[  205.873690][   T34] R13: 00007fa5311b5fa0 R14: ffffffffffffffff R15: 00007ffed61873b0
[  205.873728][   T34]  </TASK>
[  205.873733][   T34] INFO: task dhcpcd:6023 blocked for more than 143 seconds.
[  205.873740][   T34]       Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0
[  205.873745][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  205.873750][   T34] task:dhcpcd          state:D stack:26728 pid:6023  tgid:6023  ppid:5576   task_flags:0x400140 flags:0x00004002
[  205.873773][   T34] Call Trace:
[  205.873777][   T34]  <TASK>
[  205.873791][   T34]  __schedule+0x16f5/0x4d00
[  205.873807][   T34]  ? perf_trace_run_bpf_submit+0x100/0x170
[  205.873828][   T34]  ? perf_trace_lock_acquire+0x335/0x410
[  205.873855][   T34]  ? perf_trace_lock+0xec/0x3b0
[  205.873864][   T34]  ? schedule+0x165/0x360
[  205.873887][   T34]  ? __pfx___schedule+0x10/0x10
[  205.873913][   T34]  ? schedule+0x91/0x360
[  205.873938][   T34]  ? schedule+0x91/0x360
[  205.873959][   T34]  schedule+0x165/0x360
[  205.873978][   T34]  synchronize_rcu_expedited+0x5f5/0x730
[  205.873997][   T34]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  205.874011][   T34]  ? __pfx_autoremove_wake_function+0x10/0x10
[  205.874057][   T34]  ? __unregister_prot_hook+0x4fe/0x6e0
[  205.874098][   T34]  __unregister_prot_hook+0x503/0x6e0
[  205.874114][   T34]  ? packet_do_bind+0x98/0xcd0
[  205.874131][   T34]  ? packet_do_bind+0x98/0xcd0
[  205.874143][   T34]  packet_do_bind+0x536/0xcd0
[  205.874160][   T34]  ? packet_do_bind+0x98/0xcd0
[  205.874181][   T34]  __sys_bind+0x2c6/0x3e0
[  205.874202][   T34]  ? __pfx___sys_bind+0x10/0x10
[  205.874261][   T34]  __x64_sys_bind+0x7a/0x90
[  205.874298][   T34]  do_syscall_64+0xfa/0x3b0
[  205.874312][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.874325][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.874334][   T34]  ? exc_page_fault+0x9f/0xf0
[  205.874353][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.874362][   T34] RIP: 0033:0x7f1294bd3677
[  205.874372][   T34] RSP: 002b:00007fffd09ff8b8 EFLAGS: 00000217 ORIG_RAX: 0000000000000031
[  205.874383][   T34] RAX: ffffffffffffffda RBX: 0000555e21041ca3 RCX: 00007f1294bd3677
[  205.874390][   T34] RDX: 0000000000000014 RSI: 00007fffd09ff8c8 RDI: 0000000000000005
[  205.874396][   T34] RBP: 0000000000000000 R08: 0000555e2bd9ae10 R09: 0000000000020000
[  205.874402][   T34] R10: 000000000000006d R11: 0000000000000217 R12: 0000555e2bd9f2d0
[  205.874409][   T34] R13: 0000555e2bd9a9d8 R14: 00007fffd0a201ac R15: 0000555e2bd9a9a4
[  205.874446][   T34]  </TASK>
[  205.874456][   T34] 
[  205.874456][   T34] Showing all locks held in the system:
[  205.874462][   T34] 3 locks held by kworker/0:1/10:
[  205.874469][   T34]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  205.874499][   T34]  #1: ffffc900000d7bc0 ((work_completion)(&fw_work->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  205.874528][   T34]  #2: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: regdb_fw_cb+0x7d/0x1c0
[  205.874557][   T34] 3 locks held by kworker/u8:1/13:
[  205.874564][   T34]  #0: ffff8880213d1148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  205.874592][   T34]  #1: ffffc90000107bc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  205.874620][   T34]  #2: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30
[  205.874650][   T34] 3 locks held by kworker/1:0/24:
[  205.874656][   T34] 2 locks held by rcu_tasks_trace/32:
[  205.874662][   T34]  #0: ffffffff8e13fe10 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{4:4}, at: rcu_tasks_one_gp+0xaf9/0xdf0
[  205.874692][   T34]  #1: ffffffff8e144bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  205.874721][   T34] 1 lock held by khungtaskd/34:
[  205.874727][   T34]  #0: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  205.874759][   T34] 5 locks held by kworker/u11:0/55:
[  205.874764][   T34]  #0: ffff888021dd5148 ((wq_completion)hci1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  205.874792][   T34]  #1: ffffc900007dfbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  205.874821][   T34]  #2: ffff888022894dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  205.874855][   T34]  #3: ffff8880228940b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0
[  205.874886][   T34]  #4: ffffffff8f685008 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  205.874930][   T34] 5 locks held by kworker/u9:5/4489:
[  205.874937][   T34] 4 locks held by kworker/u11:1/5221:
[  205.874942][   T34]  #0: ffff888032662948 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  205.874974][   T34]  #1: ffffc900024dfbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  205.875003][   T34]  #2: ffff888034fec0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
[  205.875032][   T34]  #3: ffffffff8f685008 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
[  205.875063][   T34] 2 locks held by getty/5657:
[  205.875068][   T34]  #0: ffff888027b0f0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  205.875096][   T34]  #1: ffffc900029062f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  205.875126][   T34] 4 locks held by kworker/u11:2/5830:
[  205.875132][   T34]  #0: ffff88803274c148 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  205.875164][   T34]  #1: ffffc90003b9fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  205.880759][   T34]  #2: ffff888032a3c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
[  205.880791][   T34]  #3: ffffffff8f685008 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
[  205.880821][   T34] 6 locks held by kworker/u11:3/5833:
[  205.880828][   T34]  #0: ffff8880213d7148 ((wq_completion)hci2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  205.880861][   T34]  #1: ffffc90003bcfbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  205.880889][   T34]  #2: ffff888111eb4dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  205.880918][   T34]  #3: ffff888111eb40b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0
[  205.880947][   T34]  #4: ffffffff8f685008 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  205.880974][   T34]  #5: ffff888028a0a338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[  205.881005][   T34] 5 locks held by kworker/u11:4/5834:
[  205.881011][   T34]  #0: ffff888021dd4148 ((wq_completion)hci0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  205.881039][   T34]  #1: ffffc90003befbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  205.881067][   T34]  #2: ffff888022890dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  205.881094][   T34]  #3: ffff8880228900b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0
[  205.881124][   T34]  #4: ffffffff8f685008 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  205.881151][   T34] 5 locks held by kworker/u11:5/5837:
[  205.881157][   T34]  #0: ffff88802ffbc948 ((wq_completion)hci4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  205.881185][   T34]  #1: ffffc90003c0fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  205.881212][   T34]  #2: ffff888029254dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  205.881240][   T34]  #3: ffff8880292540b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0
[  205.881269][   T34]  #4: ffffffff8f685008 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  205.881318][   T34] 5 locks held by kworker/u11:6/5838:
[  205.881324][   T34]  #0: ffff88802ed29948 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  205.881352][   T34]  #1: ffffc90003c1fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  205.881380][   T34]  #2: ffff888020cd4dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  205.881407][   T34]  #3: ffff888020cd40b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0
[  205.881437][   T34]  #4: ffffffff8f685008 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  205.881467][   T34] 3 locks held by kworker/0:5/5881:
[  205.881473][   T34]  #0: ffff88801a481d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  205.881501][   T34]  #1: ffffc90004ddfbc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  205.881529][   T34]  #2: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x95/0xf00
[  205.881557][   T34] 1 lock held by syz.2.54/6014:
[  205.881563][   T34]  #0: ffffffff8e1a2ca8 (event_mutex){+.+.}-{4:4}, at: perf_trace_destroy+0x2e/0x150
[  205.881591][   T34] 3 locks held by syz.2.54/6016:
[  205.881597][   T34] 1 lock held by syz.1.56/6017:
[  205.881603][   T34]  #0: ffffffff8e1a2ca8 (event_mutex){+.+.}-{4:4}, at: perf_uprobe_destroy+0x2e/0x170
[  205.881630][   T34] 2 locks held by syz.0.57/6019:
[  205.881636][   T34]  #0: ffff888021a63808 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  205.881668][   T34]  #1: ffffffff8e144bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  205.881698][   T34] 1 lock held by dhcpcd/6023:
[  205.881704][   T34]  #0: ffff888125b68258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  205.881733][   T34] 1 lock held by syz-executor/6027:
[  205.881738][   T34]  #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  205.881768][   T34] 1 lock held by syz-executor/6031:
[  205.881773][   T34]  #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  205.881802][   T34] 1 lock held by syz-executor/6033:
[  205.881807][   T34]  #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  205.881836][   T34] 1 lock held by dhcpcd/6036:
[  205.881846][   T34]  #0: ffff888032a74258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  205.881875][   T34] 1 lock held by dhcpcd/6037:
[  205.881880][   T34]  #0: ffff88802ae8e258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  205.881908][   T34] 1 lock held by dhcpcd/6038:
[  205.881914][   T34]  #0: ffff88802f976258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  205.881942][   T34] 1 lock held by dhcpcd/6039:
[  205.881948][   T34]  #0: ffff88802fb7a258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  205.881976][   T34] 1 lock held by dhcpcd/6040:
[  205.881982][   T34]  #0: ffff88801e9b6258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  205.882010][   T34] 1 lock held by syz-executor/6044:
[  205.882016][   T34]  #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  205.882044][   T34] 1 lock held by syz-executor/6047:
[  205.882050][   T34]  #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  205.882078][   T34] 1 lock held by syz-executor/6050:
[  205.882084][   T34]  #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  205.882114][   T34] 1 lock held by syz-executor/6055:
[  205.882119][   T34]  #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  205.882148][   T34] 1 lock held by syz-executor/6058:
[  205.882153][   T34]  #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  205.882182][   T34] 1 lock held by syz-executor/6062:
[  205.882187][   T34]  #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  205.882216][   T34] 4 locks held by kworker/u11:7/6063:
[  205.882221][   T34]  #0: ffff88803dd4f148 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  205.882253][   T34]  #1: ffffc9000678fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  205.882302][   T34]  #2: ffff88802f44c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
[  205.882332][   T34]  #3: ffffffff8f685008 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
[  205.882361][   T34] 5 locks held by kworker/u11:8/6065:
[  205.882366][   T34]  #0: ffff888032d01148 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  205.882394][   T34]  #1: ffffc900067cfbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  205.882421][   T34]  #2: ffff888105ed0dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  205.882449][   T34]  #3: ffff888105ed00b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0
[  205.882479][   T34]  #4: ffffffff8f685008 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  205.882508][   T34] 
[  205.882512][   T34] =============================================
[  205.882512][   T34] 
[  205.882518][   T34] NMI backtrace for cpu 0
[  205.882524][   T34] CPU: 0 UID: 0 PID: 34 Comm: khungtaskd Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0 PREEMPT(full) 
[  205.882533][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  205.882537][   T34] Call Trace:
[  205.882542][   T34]  <TASK>
[  205.882546][   T34]  dump_stack_lvl+0x189/0x250
[  205.882563][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  205.882575][   T34]  ? __pfx__printk+0x10/0x10
[  205.882611][   T34]  nmi_cpu_backtrace+0x39e/0x3d0
[  205.882628][   T34]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  205.882634][   T34]  ? _printk+0xcf/0x120
[  205.882655][   T34]  ? __pfx__printk+0x10/0x10
[  205.882673][   T34]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  205.882686][   T34]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  205.882702][   T34]  watchdog+0xfee/0x1030
[  205.882715][   T34]  ? watchdog+0x1de/0x1030
[  205.882740][   T34]  kthread+0x711/0x8a0
[  205.882759][   T34]  ? __pfx_watchdog+0x10/0x10
[  205.882768][   T34]  ? __pfx_kthread+0x10/0x10
[  205.882784][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  205.882795][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.882803][   T34]  ? __pfx_kthread+0x10/0x10
[  205.882818][   T34]  ret_from_fork+0x3fc/0x770
[  205.882834][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  205.882862][   T34]  ? __switch_to_asm+0x39/0x70
[  205.882870][   T34]  ? __switch_to_asm+0x33/0x70
[  205.882878][   T34]  ? __pfx_kthread+0x10/0x10
[  205.882893][   T34]  ret_from_fork_asm+0x1a/0x30
[  205.882931][   T34]  </TASK>
[  205.882934][   T34] Sending NMI from CPU 0 to CPUs 1:
[  205.882966][    C1] NMI backtrace for cpu 1
[  205.882991][    C1] CPU: 1 UID: 0 PID: 6016 Comm: syz.2.54 Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0 PREEMPT(full) 
[  205.883000][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  205.883004][    C1] RIP: 0010:native_apic_msr_write+0x39/0x50
[  205.883016][    C1] Code: 74 2a 83 ff 30 74 25 eb 10 81 ff d0 00 00 00 74 1b 81 ff e0 00 00 00 74 13 c1 ef 04 81 c7 00 08 00 00 89 f9 89 f0 31 d2 0f 30 <66> 90 c3 cc cc cc cc cc f3 0f 1e fa 89 f6 31 d2 e9 e2 db 86 03 66
[  205.883021][    C1] RSP: 0018:ffffc900001e0bd8 EFLAGS: 00000046
[  205.883028][    C1] RAX: 0000000000000323 RBX: ffff888136623900 RCX: 0000000000000838
[  205.883033][    C1] RDX: 0000000000000000 RSI: 0000000000000323 RDI: 0000000000000838
[  205.883037][    C1] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff81aec9fe
[  205.883041][    C1] R10: dffffc0000000000 R11: ffffffff81702490 R12: 0000000010000a10
[  205.883045][    C1] R13: dffffc0000000000 R14: 0000000000000323 R15: 0000000000000020
[  205.883049][    C1] FS:  00007f6dc41e96c0(0000) GS:ffff8881a3c1f000(0000) knlGS:0000000000000000
[  205.883054][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  205.883059][    C1] CR2: 0000200000010000 CR3: 000000010bd4a000 CR4: 00000000000006f0
[  205.883083][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  205.883088][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  205.883092][    C1] Call Trace:
[  205.883096][    C1]  <IRQ>
[  205.883099][    C1]  lapic_next_event+0x11/0x20
[  205.883108][    C1]  clockevents_program_event+0x1cf/0x360
[  205.883126][    C1]  hrtimer_interrupt+0x620/0xaa0
[  205.883169][    C1]  __sysvec_apic_timer_interrupt+0x10b/0x410
[  205.883181][    C1]  sysvec_apic_timer_interrupt+0x52/0xc0
[  205.883191][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  205.883198][    C1] RIP: 0010:handle_softirqs+0x1b0/0x870
[  205.883205][    C1] Code: 89 64 24 30 0f b7 db 48 c7 c7 00 ad 89 8b e8 a7 fe e8 09 65 66 c7 05 85 5b 1a 11 00 00 e8 58 00 42 00 fb 49 c7 c7 c0 c0 e0 8d <b8> ff ff ff ff 0f bc c3 41 89 c5 41 ff c5 0f 84 c2 03 00 00 89 5c
[  205.883210][    C1] RSP: 0018:ffffc900001e0e40 EFLAGS: 00000286
[  205.883216][    C1] RAX: 790d570c812bb200 RBX: 0000000000000200 RCX: 790d570c812bb200
[  205.883220][    C1] RDX: 0000000000000002 RSI: ffffffff8d998940 RDI: ffffffff8be29f40
[  205.883224][    C1] RBP: ffffc900001e0f50 R08: ffffffff8fa1e9f7 R09: 1ffffffff1f43d3e
[  205.883228][    C1] R10: dffffc0000000000 R11: fffffbfff1f43d3f R12: 000000000000000a
[  205.883232][    C1] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff8de0c0c0
[  205.883264][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  205.883309][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  205.883319][    C1]  ? irq_work_single+0x1ac/0x240
[  205.883332][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  205.883347][    C1]  __irq_exit_rcu+0xca/0x1f0
[  205.883356][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  205.883370][    C1]  ? rcu_is_watching+0x15/0xb0
[  205.883381][    C1]  irq_exit_rcu+0x9/0x30
[  205.883388][    C1]  sysvec_irq_work+0xa3/0xc0
[  205.883395][    C1]  </IRQ>
[  205.883398][    C1]  <TASK>
[  205.883402][    C1]  asm_sysvec_irq_work+0x1a/0x20
[  205.883408][    C1] RIP: 0010:format_decode+0x51e/0xe30
[  205.883415][    C1] Code: 00 00 00 00 00 fc ff df eb 42 e8 bd 5d 55 f6 49 89 ec 49 ff c4 4c 89 e0 48 c1 e8 03 48 ba 00 00 00 00 00 fc ff df 0f b6 04 10 <84> c0 4c 8b 74 24 18 0f 85 f1 05 00 00 41 0f b6 04 24 4c 8d 2c 85
[  205.883420][    C1] RSP: 0018:ffffc900065fe730 EFLAGS: 00000a02
[  205.883425][    C1] RAX: 0000000000000005 RBX: 0000000000000008 RCX: 0000000000000002
[  205.883429][    C1] RDX: dffffc0000000000 RSI: 0000000000000075 RDI: 000000000000006c
[  205.883432][    C1] RBP: ffffffff8b8b8949 R08: ffff888020333980 R09: 0000000000000002
[  205.883436][    C1] R10: 0000000000000025 R11: 0000000000000002 R12: ffffffff8b8b894a
[  205.883440][    C1] R13: 0000000000000075 R14: 000000000000006c R15: 0000000000000008
[  205.883475][    C1]  vsnprintf+0x102/0xf00
[  205.883498][    C1]  sprintf+0xd9/0x120
[  205.883515][    C1]  ? __pfx_sprintf+0x10/0x10
[  205.883521][    C1]  ? rcu_read_unlock_special+0x87/0x4c0
[  205.883533][    C1]  ? desc_read+0x208/0x3f0
[  205.883554][    C1]  info_print_prefix+0x155/0x310
[  205.883569][    C1]  ? __pfx_info_print_prefix+0x10/0x10
[  205.883577][    C1]  ? _prb_read_valid+0xa7b/0xa90
[  205.883598][    C1]  record_print_text+0x154/0x430
[  205.883616][    C1]  ? __pfx__prb_read_valid+0x10/0x10
[  205.883625][    C1]  ? __pfx_record_print_text+0x10/0x10
[  205.883655][    C1]  printk_get_next_message+0x26d/0x7b0
[  205.883665][    C1]  ? perf_trace_lock_acquire+0x335/0x410
[  205.883683][    C1]  ? __pfx_printk_get_next_message+0x10/0x10
[  205.883697][    C1]  ? __lock_acquire+0xab9/0xd20
[  205.883718][    C1]  ? console_flush_all+0x13a/0xc40
[  205.883735][    C1]  ? console_flush_all+0x476/0xc40
[  205.883751][    C1]  console_flush_all+0x4ca/0xc40
[  205.883760][    C1]  ? console_flush_all+0x861/0xc40
[  205.883771][    C1]  ? console_flush_all+0x13a/0xc40
[  205.883789][    C1]  ? __pfx_console_flush_all+0x10/0x10
[  205.883812][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  205.883827][    C1]  console_unlock+0xc4/0x270
[  205.883840][    C1]  ? __pfx_console_unlock+0x10/0x10
[  205.883855][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  205.883870][    C1]  vprintk_emit+0x5b7/0x7a0
[  205.883887][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  205.883894][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  205.883903][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  205.883934][    C1]  _printk+0xcf/0x120
[  205.883944][    C1]  ? __pfx____ratelimit+0x10/0x10
[  205.883958][    C1]  ? __pfx__printk+0x10/0x10
[  205.883972][    C1]  ? trace_call_bpf+0x5ba/0x850
[  205.883989][    C1]  __nla_validate_parse+0x2563/0x2d40
[  205.884024][    C1]  ? __pfx___nla_validate_parse+0x10/0x10
[  205.884034][    C1]  ? perf_trace_lock_acquire+0x335/0x410
[  205.884059][    C1]  ? __lock_acquire+0xab9/0xd20
[  205.884084][    C1]  __nla_parse+0x40/0x60
[  205.884100][    C1]  rtnl_fdb_add+0x17b/0xa50
[  205.884111][    C1]  ? trace_contention_end+0x39/0x120
[  205.884121][    C1]  ? __mutex_lock+0x330/0xe80
[  205.884132][    C1]  ? perf_trace_lock+0xec/0x3b0
[  205.884140][    C1]  ? __pfx_rtnl_fdb_add+0x10/0x10
[  205.884185][    C1]  ? __pfx_rtnl_fdb_add+0x10/0x10
[  205.884192][    C1]  rtnetlink_rcv_msg+0x77c/0xb70
[  205.884209][    C1]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  205.884219][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  205.884227][    C1]  ? ref_tracker_free+0x63a/0x7d0
[  205.884235][    C1]  ? __copy_skb_header+0xa7/0x550
[  205.884247][    C1]  ? __pfx_ref_tracker_free+0x10/0x10
[  205.884256][    C1]  ? __skb_clone+0x63/0x7a0
[  205.884293][    C1]  netlink_rcv_skb+0x208/0x470
[  205.884306][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  205.884319][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  205.884345][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  205.884352][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[  205.884367][    C1]  netlink_unicast+0x75c/0x8e0
[  205.884393][    C1]  netlink_sendmsg+0x805/0xb30
[  205.884413][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  205.884426][    C1]  ? aa_sock_msg_perm+0x94/0x160
[  205.884438][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  205.884447][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[  205.884457][    C1]  __sock_sendmsg+0x21c/0x270
[  205.884472][    C1]  ____sys_sendmsg+0x505/0x830
[  205.884488][    C1]  ? __pfx_____sys_sendmsg+0x10/0x10
[  205.884509][    C1]  ? import_iovec+0x74/0xa0
[  205.884523][    C1]  ___sys_sendmsg+0x21f/0x2a0
[  205.884536][    C1]  ? __pfx____sys_sendmsg+0x10/0x10
[  205.884571][    C1]  ? __fget_files+0x2a/0x420
[  205.884595][    C1]  ? __fget_files+0x2a/0x420
[  205.884603][    C1]  ? __fget_files+0x3a0/0x420
[  205.884625][    C1]  __x64_sys_sendmsg+0x19b/0x260
[  205.884637][    C1]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  205.884677][    C1]  do_syscall_64+0xfa/0x3b0
[  205.884688][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.884694][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  205.884707][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.884713][    C1] RIP: 0033:0x7f6dc338e9a9
[  205.884722][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  205.884727][    C1] RSP: 002b:00007f6dc41e9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  205.884733][    C1] RAX: ffffffffffffffda RBX: 00007f6dc35b5fa0 RCX: 00007f6dc338e9a9
[  205.884738][    C1] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000c
[  205.884741][    C1] RBP: 00007f6dc3410d69 R08: 0000000000000000 R09: 0000000000000000
[  205.884745][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  205.884749][    C1] R13: 0000000000000000 R14: 00007f6dc35b5fa0 R15: 00007ffc39125658
[  205.884773][    C1]  </TASK>
[  205.884963][   T34] Kernel panic - not syncing: hung_task: blocked tasks
[  205.884973][   T34] CPU: 0 UID: 0 PID: 34 Comm: khungtaskd Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0 PREEMPT(full) 
[  205.884982][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  205.884987][   T34] Call Trace:
[  205.884991][   T34]  <TASK>
[  205.884997][   T34]  dump_stack_lvl+0x99/0x250
[  205.885009][   T34]  ? __asan_memcpy+0x40/0x70
[  205.885023][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  205.885035][   T34]  ? __pfx__printk+0x10/0x10
[  205.885071][   T34]  panic+0x2db/0x790
[  205.885093][   T34]  ? __pfx_panic+0x10/0x10
[  205.885105][   T34]  ? nmi_backtrace_stall_check+0x433/0x440
[  205.885126][   T34]  ? irq_work_queue+0xc3/0x140
[  205.885152][   T34]  watchdog+0x102d/0x1030
[  205.885166][   T34]  ? watchdog+0x1de/0x1030
[  205.885207][   T34]  kthread+0x711/0x8a0
[  205.885229][   T34]  ? __pfx_watchdog+0x10/0x10
[  205.885238][   T34]  ? __pfx_kthread+0x10/0x10
[  205.885256][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  205.885267][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.885295][   T34]  ? __pfx_kthread+0x10/0x10
[  205.885312][   T34]  ret_from_fork+0x3fc/0x770
[  205.885329][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  205.885351][   T34]  ? __switch_to_asm+0x39/0x70
[  205.885360][   T34]  ? __switch_to_asm+0x33/0x70
[  205.885369][   T34]  ? __pfx_kthread+0x10/0x10
[  205.885384][   T34]  ret_from_fork_asm+0x1a/0x30
[  205.885423][   T34]  </TASK>
[  205.886072][   T34] Kernel Offset: disabled

VM DIAGNOSIS:
10:37:51  Registers:
info registers vcpu 0

CPU#0
RAX=1ffffffff33bf460 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=0000000000000000 RDI=0000000000000020 RBP=ffffffff99dfa470 RSP=ffffc9000068f750
R8 =ffff888107c30237 R9 =1ffff11020f86046 R10=dffffc0000000000 R11=ffffffff854729d0
R12=dffffc0000000000 R13=0000000000000000 R14=ffffffff99dfa1e0 R15=0000000000000000
RIP=ffffffff85472a47 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b861f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f7efda3a0d8 CR3=000000002896e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 00000000000000ff XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffff81680ea6 RBX=0000000000000000 RCX=ffff888020333980 RDX=0000000000010100
RSI=0000000000000008 RDI=ffffffff92a52460 RBP=ffffc900001e0a28 RSP=ffffc900001e09a0
R8 =ffffffff92a52467 R9 =1ffffffff254a48c R10=dffffc0000000000 R11=fffffbfff254a48d
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=dffffc0000000000
RIP=ffffffff81680ea7 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f6dc41e96c0 ffffffff 00c00000
GS =0000 ffff8881a3c1f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000010000 CR3=000000010bd4a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f6dc3586478 00007f6dc3586450 XMM03=00007f6dc3586488 00007f6dc3586480
XMM04=00007f6dc40ed100 00007f6dc3586440 XMM05=00007f6dc3586458 00007f6dc35864a0
XMM06=00007f6dc3586498 00007f6dc3586490 XMM07=00007f6dc3586488 00007f6dc3586480
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f6dc3411ec1
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
