last executing test programs:

45.997187605s ago: executing program 2 (id=866):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = openat$cgroup_devices(r0, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r1, &(0x7f0000000140)=ANY=[@ANYBLOB='c 75:*\trmr'], 0x3d)

45.933612303s ago: executing program 2 (id=867):
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0xffffff38)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x3, &(0x7f0000000580)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000880)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, 0x0)
ioctl$TUNATTACHFILTER(r2, 0x401054d5, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$TUNSETOWNER(r2, 0x400454cc, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_TYPE={0x5, 0x2, 0x83}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0)

44.978482646s ago: executing program 2 (id=874):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x3, 0x5, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x403}, [@call={0x85, 0x0, 0x0, 0x27}, @call={0x85, 0x0, 0x0, 0xe}]}, &(0x7f00000000c0)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x30, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0, 0x6}, 0x1b, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3}, 0x0, 0xffffffdfffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9d, 0x1, 0x0, 0x0, 0x0, 0x5, 0x40200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x2420, 0x0, 0x0, 0x3, 0x3, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, 0xffffffffffffffff)
socketpair(0x1, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x1c0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x9a)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x4, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486"], 0xfdef)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2e6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00ee0000850000000d000000b70000000000000095000000000000002c3f2cc2b7956244cef7baf48e6d2885a09a87507ebfc75b5b0f4e4309ebcdac5f7a860c000c9c781f6410457253e89ad528d985636a86ec0f68f59cd1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81078545c146a0857153b7b8f00034debae58a4ab415b0d7ff0575cc272cd3d7e8d974927676468ff2d86e0ffac94792ed9cf6b40b3cf252a47c05af3a70d57cc3e067d1867b54d24e20000000000000020009ebf84d3b042d6e4e4e29d8b33fbdd02e86a6432cd080e3b57239f0127473e6ba922aff649609d40b47ec331ccba3ce8f530ffff19a6471bf5abc742d9cbcfb964b13831034694a6aad84cf08a6c7b2235dc99de9aa3e6b77c7a2877261ed32da90864987f30926c9013eec3b86836ae50447aa5a79f40c235000000453302712c3d8fc4e2b61adb0695e800000000d4f4e91f0000002c33df871a8e782339bc424d1bafe5725c8a404724f8a4f1cda7997b65954f74097579b91da309b887af2485c2d9ab09b506000000000000000bf7b2ff4602aec1eea200000064881c5630521a08e051374cf05c921a06fb78183e7e68de9dc8d95e0e5b365d10e1004dae58b3b5b89709b0ff47b200000000004000cbefd9a6bb70f60eb9c01dd2fc79b85e4d961498f3a80131d21d85618ba2189f45d011ef1da5c6d57bb8fd387ccea9c3899a914e47e82f040000009de2323f927355408f87264797d3fa970949793b94329d580500d1f91c0d22587e05a61e3d8576ca168e88d7a9af95b04a37c27bfffab9abbb31fa8c0080258cfa6d3f166e695f3c56490aeef464d9965d70a50f1282619344f223548e75fa39643adac1322c87ca253ff2fb1882760d6feab16bacdf83c11816dbe959ebc5ec479c8319f73e2249eab0486b110702a481d3b51976a52303056e800b4ae5acc2df636a65eb1d672bf2000000cda8462cc9b16624998be65683321e970000000009b8e20762c1bf4a3eb6769f2b23e842bacd9c685edea0ffa3e975424f8ede49e61a4de808a38ba3512d64dc71867df4eee3f1ff791cf7c9862f98b45852e4b2f78721b978addf2f2a29a387c6f0576b36038f819286eea99a6a434811cf2a117d775fe986a49fb82cf5f15972d55185ab18f1045384501adabb20f7b0e15ff47f1744e2341b59034959a1289ba6e243668e671d305707e3de7652bfc5b60c76deff43a1d6fd6a4180ab723735abbeffe7f2ec3a0bb86f9eddfc0f3d1d503d7a540f64000000000000fbb4c256409e54daefbb107c381fa729ff5fe607d93430da178d685d7730f5e129438a5214f722096d2986334c25e454474f92e65828b018174a9f4738b8c71fbdead06ab95e02f9a847182766964976b1fccdb9f35721e43e33883cf16ed1343fb7429eb395123b0a4262b7023c22039b9002589a379ed4c6267965af78b861bd335312538cec97966b8973d4e299d9802264d06e40ae118e1d242d1128dcedeb44030df12ef68ffce8d141e8960ef790fb0078215d65f96eb55db8cbcb060000000d988374e45451a694ffe38a1d03912b31c98d42e1a1bda1290de1a499a5d6849914c1788a7aca37177cc34102f44fec5c5e0abae01c439a1b0311e074e81ae9993b5b3459553ecece78d4c1541c70f5d81e0725d5b273755c0000000000000000aa4234e282182952a76233d18e7d49638aeb04e7a9e9e7eafb7c255372795d2d192a0a33cab0f5bf2e93e0544fcdf2df2bc6ce96e5a7d72fcdb0a11993d54d97a23754ac828674dbb93c0ad345715be4a13678b01edf76d8a9236558fea2c88cce004505ab45d8f5f88aa887bbce5c18970428516f6099bdbb2cd7a2356397f1a0a23e662e2a6c4834400cbaa41c3c574ea68da5ec1ae49f968bbe0e0bf9878516f553639f5b4828e92019b61f5874be1c7cdd9482df50bc24a8a1fa10d291390eb84e26a2e8dbeaa45604b05a116c1210a7540bf81005044273f5a8ffc538db289350eb248e483bd8920efcf30a798c2b636243e0a37262ca47dfeefa1ce69b4475d7d714ba0c636e6ae9f710411d30ef424aeaabe057c7df6ff8f767bcd9012e1047c686f5ccb76ab3a5df53cbc22ba7ea8f6a8edc19d6c1be841503850803bc2c2d5e0e34270a7f1cca0c6c53a8e5f891f7a793a70da62d6d88fbb90d220acc687931b42d6be83ab870da3c0a567f5e65ec0457f4ad2a4ec0b671b36388afd5520a8483a4b11f7d02a41b315f0f9e59f47668d68a74838d6976e12fd45200014041dffacbf60892ec8bd7560686f137a806d3dfaba900b47cac62f828342fff009adb5b2251461a1b9d6ba625b8fe04e69a1a4be2696f24bb68f486e172932e03000000000000005942e1b9d6dc28ab8e19e1111dd893e8d5bc5642faf21eef40d6e7de3ef62c4bc5ff17e7aeb2841098f0cf74f845d1cc9ec4eee79c290fb0ba939b13707004e2e9cc0d350538c1c8c6bb9a38c6ac5ca07df32601240ea3f160d3a7b83ecd0509ce9eba0c7bf7843799b1b56a234f9eaab8a3f14f1472bb6aaeb8ac9ee4055f05558ab31f339f6a4caf2ee2fd01f34dca330000000000000000000000000000000000000000000000000000000000000000000000000095e6f945ba9a941cef5e70b8c152321e24b5b29bcf374dcf5a29a35d76e6e2bf8df95462690a4fc9ec8129e92b6ebb4b40a992a75d3c5954d0bfc87db24d856359079b29b3c374d081c300b2cfaa596d24e800ef8e2201f2fb7a9946f89f9f31f7cbd6f7fd7f8898c70b5c65f2e28f22e983892c383882809f557affbda5e1850d66a4a1ee73b2084681f880a754acddcdafe3ceeeebc0b5f2fedfe7d198e3067f3dbac9441a9ab8409cbbb7e15b9ae3944097de34de2001c8533a3766e6e4c4c4702ccb932a27a3962814cd6aa8fc684beeaa3932efae9052be8eec1e95f6ad8d41dd34829504ba4b66e27154cb6e34aa13450522df1723130b6fe347c93f00e40e293c98d849a33f773c743728992f40faccd5c23130a1c6bfd6fc661bca1598137ddd1090ded672f5a48a40cab3f640c8241a364cbdd3f188eec7da7bccafbd5bf28a46f0eecc6b550471b06a5a411c0e0b19e15a461e7c6833ba936e214b013f2819ec6572a43b5cd32b11d7e4f8dcf8f7820a17b7b2ee6178a03351dd31091e46bfd82a3979b9cad109fd6217cd52aa81bdabd50826a474bd16b8f7e6aed12a305366599f5f029a7b24558c02750500002f1c19d16a6f391906000000cc03bbfb8c698ecc137d96711100e01031aa74fad86b99eebf0527552a9331e646c424b14ffbb815622bfd2f635855bed1b164d0a56bd104be069854111c5b26ec3c652b5f0a6b9676dae987ec23456ba05a4dfb15321ef6b76e7e547a688c67ab531cfc86784c9f940d9fb0464a72ce635e14b80dc5c1c64e8f58c570e7afd83ee77f157c146aa747b728969aeb4aba1d8f9de1b3fb8ab6ea50e884c2ea98e6400bf0c5ae2887cd1da0e57ccfdf5eca2b455247efcc13102846c0a85f20c80007c0ce6efce627b95b8ad3003385de97101678fb2163ecea6e70a77a6fbc089e31a5ccece932229b8f79faa6863d6857c3d9a9710f938ad16eeb8342278f1c1cbc226498028234d21466892983378fe64acbb44f694cd78e43c74aa75505cb1c91b189f8f89f233a05f5cd4e173a373178557843dd705268f74a9e5429945503195aefd6706e587f7ee8375fa559c3ad195d3795df1a8364cd13acc3256ee4634c73eeb6954d0fcf09ab84df0b8900e0c6fea2cc0e7c207b8942fafd70530a0fc4622ecf132d1d5bdc9ffc79f0549b82df521817651d5fead5128205b92ccdccc69407ab556217af277af999dbd456dfc43dd061b6c91485dcc208cf0b3d0bf851de413f5de5ec015e296914afab6411109355e027ce04990d9aae251b9deb11b7db45b9f15b7b55d8fdbedd9e6cf891205694f02be8b9ea8ecd41308a0e1b93ae3435bfa88b440b1f701b4d0fc49c82193f27f8023b630ea97edbf3bf421a0a1a2b4ac7bb30bcd1cdd172c0df37408fd6827bb03e8742fc1c7a2be0d1299928c5f79e846a8dc7ca648d960a759e6711b69776896a9656d59af6d44bff348229fa84034faf8421a22c4b4c17a3d24a4aeee0d0850371feefd77cc4eef51c2b417c8c7458ddd7dd9d1a863bf0a9e1a30a19020490038017a5c7e474c83302a2b59654d49a11c6736ac63e8eb383760fc2b5c976dacf3dda7191c757f28e44f6a5f95db7055f7ed983f5665210f20a494fabb0dbcd335700000000000000000000000000000086666201251aa4f139d0485ffcf89f01639fd1579a3802f720a0215c720a97071f5065a23642a5826fdbca444b00e2e5835185d5d5b2796eb0fe32cf3b0633f58ecc7648c3c6efe82f93a3008052416512eea30ea9472e0b456a652883c0907323cf03be193ad0438cdef7a98a1671a1918df310dc4bfd61c3db3c22673884dca370558936b85737e14819ab1c57b348a8ff16d36364a20fe846d11d045de81f069bac8425b31c5d08b433562ffb318c1285011f9b78b2401989384311101e452f54661ecdb251ab9eefc8e400191f0f0f8c679b0000000000000000000000b41b0ae67d9351c49e1ff285d05a3cc39a5b0cd20afe0a00086650f8fad20c0e1e7131836c85b2cbacd41593928207312189fdd66abc45a139f0c9dbcc58237cec5bd56ffe0c6de23254a7951a298501ca04ab30b5723df6dd01d0b1a87c197b83b286374ba9a9dd1bd09ea1b71b24a1f527bf59d9633e3d15ed3757acc494f464482e49884c13780cc392bfe67b5d91e5b513daea48cac7645db35f07ba41aa187f65c5344717d7a0ee353a7e36b14fdce5898a613cef224d3addb3d2de74cef73f7520dc8cc8ffaa62cbd25e691ef4c45fdd25675b32c129a8464f08c4da9c08713b54416f3b56a04086dab1d196884e062287ad4758e883d2f99833d8aaf0c56718f6b0434740900faf4ab824662a719bf370fd0b2de04c1455ec14908ce5cbec79466f2f2cc337c53437d626254e00000000000000000000000000000000c34646f8ae68c095e7298300feab8a3dfe2c43fc971385b13b4f3b61ddbf5044ff572defcc67930f0e715774e1e970751534398faf79350255cfa9021378f10c2043e7ecd5649c9720530da7ea227b792f31cb5d688b5f1eba9ff5f85c97b35e00ecf76282912b483e31c76e303e527e98a9ca14f718d495ad45db16c4500011de506f0ca35f7ea96ed1831e3c1219f985b26cb8a70e7c8efcb287984871e0fed3f1985cf63f00289292b378188ad0dfae12c265b88961a9223b48cf7055d641595e0cb926d63c1f8a207f48bd482290b79867285c2155e655e017bca6cbba43f9b49042fb2fb390c436b3306e8a0800000090d159004da838a50235b91f5273c1fe083067ce1e2d8011c9e2b6d3ea69dfc3712e5ce440432fbd29ffd004000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
r3 = socket$kcm(0x11, 0x200000000000002, 0x300)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000000c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000140)=r5, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r2, 0x20e, 0x5ee, 0xfd000004, &(0x7f00000004c0)="b9180bb7600a070c009e40f086dd1fff310005e03300fd010010ac14142ee0080001c699da153f0ae0e6e380f60115f683317585d7472ce0ab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28)
r6 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r6, 0x84, 0xd, &(0x7f0000000480), 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed38775c6d20920e392f5", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)

44.432950451s ago: executing program 2 (id=887):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703010000001f00000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)

44.204299083s ago: executing program 2 (id=889):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e20, 0x10001, @local, 0xfffffffd}}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x68000000}, 0x0)
r0 = socket$kcm(0xa, 0x5, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x1f, &(0x7f0000000100), 0x120)

44.203406008s ago: executing program 2 (id=891):
r0 = socket$kcm(0x10, 0x3, 0x10)
socket$kcm(0x10, 0x3, 0x10)
r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x221, 0x0, 0x0, 0x8, 0x3fe, 0x7ffeffff, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240))
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
socket$nl_netfilter(0x10, 0x3, 0xc)
recvmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffc9}, 0x40000100)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @reject={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_REJECT_TYPE={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_REJECT_ICMP_CODE={0x5, 0x2, 0xfe}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x7c}, 0x1, 0x0, 0x0, 0x80040}, 0x24000000)

43.687890698s ago: executing program 1 (id=905):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000100)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d360a52}, [@printk={@li, {0x3, 0x3, 0x3, 0xa, 0x0}, {0x5, 0x1, 0xb, 0x1, 0x5}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xffffffff}, {0x85, 0x0, 0x0, 0x19}}]}, &(0x7f0000000000)='GPL\x00', 0x8}, 0x94)

43.68743122s ago: executing program 1 (id=907):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000140)=ANY=[@ANYBLOB="180800001bc81a000000000000000001851000000600000018000000", @ANYRES32=0x0, @ANYBLOB="00000000000000006608000000000101180000000000000000000000000000009500000000000000360a000000000000180100002020782500000000002020207b1af8ff00000000bfa10000000000000701000000ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xd3, &(0x7f0000000040)=""/211}, 0x94)

43.617510706s ago: executing program 1 (id=908):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000100)={0x1c, 0x2, 0x3, 0x101, 0x0, 0x0, {0x4, 0x0, 0x1a}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x1e}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x2000c010)
sendmsg$NFQNL_MSG_VERDICT(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x14, 0x1, 0x3, 0x101, 0x0, 0x0, {0x0, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x10)

43.617248488s ago: executing program 0 (id=909):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket$kcm(0xa, 0x5, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r1 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r1, 0x107, 0xf, 0x0, 0x0)
sendmsg$kcm(r1, &(0x7f00000000c0)={&(0x7f0000000040)=@qipcrtr={0x2a, 0x4, 0x1}, 0x80, 0x0}, 0x4)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffc8)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg$AUDIT_USER_AVC(r2, 0x0, 0x4000000)
recvmsg$qrtr(0xffffffffffffffff, 0x0, 0x0, 0x40001121)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$OSF_MSG_ADD(r3, 0x0, 0x800)
sendmsg$kcm(r0, &(0x7f0000002dc0)={&(0x7f0000001640)=@l2tp6={0xa, 0x0, 0x7fff, @local, 0x9, 0x1}, 0x80, &(0x7f0000000340)=[{&(0x7f00000003c0)='`', 0x37}], 0x1}, 0x41)
setsockopt$sock_attach_bpf(r0, 0x84, 0x1e, &(0x7f0000000000), 0x4)
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8916, &(0x7f0000000000)={'syz_tun\x00', @random="0200"})
r5 = socket$kcm(0x2, 0x3, 0x2)
close(0x3)
ioctl$SIOCSIFHWADDR(r5, 0x8918, &(0x7f0000000040)={'wg1\x00', @random="0200ac7f7f00"})

43.599286985s ago: executing program 0 (id=910):
r0 = socket$kcm(0xa, 0x1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x29, 0x22, &(0x7f0000000100), 0x120)

43.518854026s ago: executing program 0 (id=911):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x2400, {0x3}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_MATCH_INFO={0x4}, @NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x24}, @NFTA_MATCH_NAME={0x8, 0x1, 'u32\x00'}]}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x80}}, 0x10)

43.518629726s ago: executing program 1 (id=912):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33)
recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000004700)=""/4097, 0x1001}, {&(0x7f0000003700)=""/4064, 0xfe0}, {&(0x7f0000002500)=""/4137, 0x1029}, {&(0x7f0000000200)=""/115, 0x73}, {&(0x7f0000000780)=""/190, 0xbe}, {&(0x7f00000005c0)=""/172, 0xac}, {&(0x7f0000000440)=""/171, 0xab}], 0x7}, 0x0)

43.456246471s ago: executing program 1 (id=913):
r0 = perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r2}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r3}, 0x10)
r4 = socket$kcm(0x21, 0x2, 0x2)
recvmsg$kcm(r4, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)

43.45582674s ago: executing program 0 (id=914):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a3200000000a0000000060a010400000000000000000100000008000b400000000078000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000400001800c00010062697477697365003000028008000340000000fc0800014000000014080002400000001408000580040001000c000480060001008a9500000900010073797a30"], 0x114}, 0x1, 0x0, 0x0, 0x80}, 0x0)

43.359039015s ago: executing program 0 (id=915):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c00000000010104000000000000000002001000240002801400018008000100e000000108000200e00000010c00028005000100000000001c0010800800014000000000d97405010000000008000240000000000800", @ANYRES64=r0], 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)

43.358721917s ago: executing program 0 (id=916):
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x1}, 0x408, 0x8, 0x6, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r1, 0x29, 0x17, &(0x7f0000000100), 0x4)
sendmsg$NFNL_MSG_ACCT_DEL(r0, 0x0, 0x0)
perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x400000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef9}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x24}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000040)={0x5, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1b23a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffffffffffff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=@getspdinfo={0x14, 0x25, 0x1, 0x70bd2c, 0x25dfdbfb, 0x1000}, 0x14}, 0x1, 0x0, 0x0, 0x4008010}, 0x4000000)

43.295468809s ago: executing program 1 (id=917):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x4}, 0xf242, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0xa, 0x1, 0x106)
r2 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r2, 0x0, 0x0)
sendmsg$kcm(r1, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0x0, @empty}, 0x80, 0x0}, 0x20000001)

332.915µs ago: executing program 32 (id=891):
r0 = socket$kcm(0x10, 0x3, 0x10)
socket$kcm(0x10, 0x3, 0x10)
r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x221, 0x0, 0x0, 0x8, 0x3fe, 0x7ffeffff, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240))
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
socket$nl_netfilter(0x10, 0x3, 0xc)
recvmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffc9}, 0x40000100)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @reject={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_REJECT_TYPE={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_REJECT_ICMP_CODE={0x5, 0x2, 0xfe}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x7c}, 0x1, 0x0, 0x0, 0x80040}, 0x24000000)

130.282µs ago: executing program 33 (id=916):
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000540)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x1}, 0x408, 0x8, 0x6, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r1, 0x29, 0x17, &(0x7f0000000100), 0x4)
sendmsg$NFNL_MSG_ACCT_DEL(r0, 0x0, 0x0)
perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x400000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef9}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x24}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000040)={0x5, 0xc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1b23a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffffffffffff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=@getspdinfo={0x14, 0x25, 0x1, 0x70bd2c, 0x25dfdbfb, 0x1000}, 0x14}, 0x1, 0x0, 0x0, 0x4008010}, 0x4000000)

0s ago: executing program 34 (id=917):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x4}, 0xf242, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$kcm(0xa, 0x1, 0x106)
r2 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r2, 0x0, 0x0)
sendmsg$kcm(r1, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0x0, @empty}, 0x80, 0x0}, 0x20000001)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:45948' (ED25519) to the list of known hosts.
syzkaller login: [   49.208518][ T5831] cgroup: Unknown subsys name 'net'
[   49.318783][ T5831] cgroup: Unknown subsys name 'cpuset'
[   49.326627][ T5831] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   51.440717][ T5831] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   56.247795][ T5238] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   56.251613][ T5238] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   56.254973][ T5238] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   56.258483][ T5238] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   56.261923][ T5238] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   56.336984][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   56.340481][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   56.343715][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   56.347771][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   56.351231][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   56.371086][ T5238] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   56.375104][ T5238] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   56.381399][ T5238] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   56.386143][ T5238] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   56.395199][ T5238] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   56.608245][ T5846] chnl_net:caif_netlink_parms(): no params data found
[   56.764642][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.767671][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.770662][ T5846] bridge_slave_0: entered allmulticast mode
[   56.775723][ T5846] bridge_slave_0: entered promiscuous mode
[   56.784737][ T5851] chnl_net:caif_netlink_parms(): no params data found
[   56.791996][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.795374][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.798132][ T5846] bridge_slave_1: entered allmulticast mode
[   56.801880][ T5846] bridge_slave_1: entered promiscuous mode
[   56.877729][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.902542][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.958687][ T5846] team0: Port device team_slave_0 added
[   56.966833][ T5846] team0: Port device team_slave_1 added
[   56.969538][ T5853] chnl_net:caif_netlink_parms(): no params data found
[   57.045622][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.048438][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.051619][ T5851] bridge_slave_0: entered allmulticast mode
[   57.055937][ T5851] bridge_slave_0: entered promiscuous mode
[   57.060385][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.062783][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.072070][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   57.097110][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.099921][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.102714][ T5851] bridge_slave_1: entered allmulticast mode
[   57.107176][ T5851] bridge_slave_1: entered promiscuous mode
[   57.110692][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[   57.112763][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.120302][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   57.163369][ T5853] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.166077][ T5853] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.168658][ T5853] bridge_slave_0: entered allmulticast mode
[   57.171344][ T5853] bridge_slave_0: entered promiscuous mode
[   57.191637][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.209429][ T5853] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.211780][ T5853] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.214009][ T5853] bridge_slave_1: entered allmulticast mode
[   57.218090][ T5853] bridge_slave_1: entered promiscuous mode
[   57.231225][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.250872][ T5846] hsr_slave_0: entered promiscuous mode
[   57.253947][ T5846] hsr_slave_1: entered promiscuous mode
[   57.274771][ T5853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.292736][ T5853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.307944][ T5851] team0: Port device team_slave_0 added
[   57.331356][ T5851] team0: Port device team_slave_1 added
[   57.376969][ T5853] team0: Port device team_slave_0 added
[   57.385956][ T5853] team0: Port device team_slave_1 added
[   57.388689][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.391299][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.400209][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   57.405717][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1
[   57.407780][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.416460][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   57.462240][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.465590][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.475290][ T5853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   57.493340][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_1
[   57.496068][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.505405][ T5853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   57.569578][ T5851] hsr_slave_0: entered promiscuous mode
[   57.572314][ T5851] hsr_slave_1: entered promiscuous mode
[   57.575296][ T5851] debugfs: 'hsr0' already exists in 'hsr'
[   57.577437][ T5851] Cannot create hsr debugfs directory
[   57.645120][ T5853] hsr_slave_0: entered promiscuous mode
[   57.648085][ T5853] hsr_slave_1: entered promiscuous mode
[   57.650801][ T5853] debugfs: 'hsr0' already exists in 'hsr'
[   57.653039][ T5853] Cannot create hsr debugfs directory
[   57.863333][ T5846] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   57.899189][ T5846] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   57.922853][ T5846] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   57.939530][ T5846] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   57.996493][ T5851] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   58.009022][ T5851] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   58.027380][ T5851] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   58.043219][ T5851] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   58.101648][ T5853] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   58.109473][ T5853] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   58.116657][ T5853] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   58.130476][ T5853] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   58.236087][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.277882][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[   58.288286][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.296557][ T5853] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.300859][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.303715][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.321088][ T1089] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.323895][ T1089] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.327906][   T54] Bluetooth: hci0: command tx timeout
[   58.333951][ T5851] 8021q: adding VLAN 0 to HW filter on device team0
[   58.359737][ T5853] 8021q: adding VLAN 0 to HW filter on device team0
[   58.371863][  T723] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.374674][  T723] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.386440][  T723] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.388663][  T723] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.392781][  T723] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.395352][  T723] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.404800][   T54] Bluetooth: hci1: command tx timeout
[   58.416063][  T723] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.418640][  T723] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.487528][   T54] Bluetooth: hci2: command tx timeout
[   58.603554][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.648100][ T5853] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.666047][ T5851] veth0_vlan: entered promiscuous mode
[   58.676653][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.691171][ T5851] veth1_vlan: entered promiscuous mode
[   58.738691][ T5853] veth0_vlan: entered promiscuous mode
[   58.747195][ T5851] veth0_macvtap: entered promiscuous mode
[   58.755054][ T5851] veth1_macvtap: entered promiscuous mode
[   58.769677][ T5853] veth1_vlan: entered promiscuous mode
[   58.780812][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.796363][ T5846] veth0_vlan: entered promiscuous mode
[   58.800747][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.816144][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.821553][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.826133][ T5846] veth1_vlan: entered promiscuous mode
[   58.829456][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.839214][ T5853] veth0_macvtap: entered promiscuous mode
[   58.848270][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.858642][ T5853] veth1_macvtap: entered promiscuous mode
[   58.915354][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.927064][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.950639][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.961068][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.970476][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.975804][ T5846] veth0_macvtap: entered promiscuous mode
[   58.981970][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.985912][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.988856][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.993964][ T5846] veth1_macvtap: entered promiscuous mode
[   59.050571][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.060085][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.062261][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.066961][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.087848][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.091515][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.097037][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.103177][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.116319][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.121568][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.157873][ T5851] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   59.204526][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.207548][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.213535][ T4432] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.216729][ T4432] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.248598][ T4432] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.251246][ T4432] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.364650][ T5917] syzkaller0: entered promiscuous mode
[   59.366583][ T5917] syzkaller0: entered allmulticast mode
[   59.423111][   T54] Bluetooth: hci1: unexpected subevent 0x0e length: 150 > 15
[   59.428129][   T54] Bluetooth: hci1: Unable to find connection for dst 00:00:00:00:00:00 sid 0x00
[   59.567024][ T5923] warning: `syz.1.7' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   59.699700][ T5931] netlink: 16 bytes leftover after parsing attributes in process `syz.0.11'.
[   59.854189][    C1] hrtimer: interrupt took 37713 ns
[   60.022065][ T5953] netlink: 'syz.0.21': attribute type 4 has an invalid length.
[   60.025119][ T5953] netlink: 17 bytes leftover after parsing attributes in process `syz.0.21'.
[   60.327502][ T5961] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   60.384850][ T5961] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   60.404292][   T54] Bluetooth: hci0: command tx timeout
[   60.478379][   T54] Bluetooth: hci1: command tx timeout
[   60.556675][   T54] Bluetooth: hci2: command tx timeout
[   60.613151][ T5964] netlink: 220 bytes leftover after parsing attributes in process `syz.2.25'.
[   60.636878][ T5964] openvswitch: netlink: Key 0 has unexpected len 4 expected 0
[   60.736630][ T5973] netlink: 60 bytes leftover after parsing attributes in process `syz.1.28'.
[   60.741786][   T54] Bluetooth: hci1: unexpected subevent 0x0c length: 150 > 5
[   60.746618][ T5970] netlink: 60 bytes leftover after parsing attributes in process `syz.1.28'.
[   60.756091][ T5973] netlink: 60 bytes leftover after parsing attributes in process `syz.1.28'.
[   60.910174][ T5981] netlink: 12 bytes leftover after parsing attributes in process `syz.2.33'.
[   61.000030][    C1] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
[   61.072442][ T5990] netlink: 'syz.1.35': attribute type 39 has an invalid length.
[   61.396673][ T5995] netlink: 12 bytes leftover after parsing attributes in process `syz.0.38'.
[   62.107955][ T6011] netlink: 4 bytes leftover after parsing attributes in process `syz.2.44'.
[   62.214799][ T6018] ksmbd: Daemon and kernel module version mismatch. ksmbd: 36, kernel module: 1. User-space ksmbd should terminate.
[   62.521114][   T54] Bluetooth: hci0: command tx timeout
[   62.555234][   T54] Bluetooth: hci1: command tx timeout
[   62.634363][   T54] Bluetooth: hci2: command tx timeout
[   62.652860][ T6029] netlink: 830 bytes leftover after parsing attributes in process `syz.2.52'.
[   62.670956][ T6029] bond_slave_0: entered promiscuous mode
[   62.674592][ T6029] bond_slave_1: entered promiscuous mode
[   62.822297][ T6040] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[   62.824942][ T6040] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[   62.913169][ T6040] xt_time: unknown flags 0xf4
[   63.163864][ T6059] netlink: 'syz.1.60': attribute type 10 has an invalid length.
[   63.166885][ T6059] dummy0: entered promiscuous mode
[   63.170692][ T6059] bridge0: port 3(dummy0) entered blocking state
[   63.173359][ T6059] bridge0: port 3(dummy0) entered disabled state
[   63.193930][ T6059] dummy0: entered allmulticast mode
[   63.199984][ T6059] bridge0: port 3(dummy0) entered blocking state
[   63.203318][ T6059] bridge0: port 3(dummy0) entered forwarding state
[   63.303870][ T6066] netlink: 'syz.0.63': attribute type 13 has an invalid length.
[   63.313387][ T6066] netlink: 'syz.0.63': attribute type 58 has an invalid length.
[   63.878395][ T6103] netlink: 'syz.1.82': attribute type 1 has an invalid length.
[   64.202156][ T6123] syzkaller0: entered promiscuous mode
[   64.204126][ T6123] syzkaller0: entered allmulticast mode
[   64.941761][   T54] Bluetooth: hci0: command tx timeout
[   64.941814][ T5238] Bluetooth: hci1: command tx timeout
[   64.943436][   T54] Bluetooth: hci2: command tx timeout
[   65.077794][ T6130] openvswitch: netlink: ct_state flags 0000e7cd unsupported
[   65.786916][ T6142] openvswitch: netlink: IPv4 tunnel dst address is zero
[   66.387957][ T6152] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   66.406193][ T6152] netlink: 'syz.1.103': attribute type 10 has an invalid length.
[   66.418397][ T6152] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   66.577450][ T5238] Bluetooth: hci2: unexpected event 0x0b length: 15 > 11
[   66.837151][ T6184] __nla_validate_parse: 3 callbacks suppressed
[   66.837167][ T6184] netlink: 163260 bytes leftover after parsing attributes in process `syz.0.119'.
[   66.959465][ T6196] Zero length message leads to an empty skb
[   66.970069][ T6196] netlink: 'syz.1.124': attribute type 10 has an invalid length.
[   66.984840][ T6196] netlink: 55 bytes leftover after parsing attributes in process `syz.1.124'.
[   67.330367][ T6209] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.130'.
[   67.383314][ T6211] netlink: 104 bytes leftover after parsing attributes in process `syz.1.131'.
[   67.502155][ T6217] netlink: 'syz.1.134': attribute type 10 has an invalid length.
[   67.506187][ T6217] netlink: 40 bytes leftover after parsing attributes in process `syz.1.134'.
[   67.509931][ T6217] batadv0: entered promiscuous mode
[   67.511669][ T6217] batadv0: entered allmulticast mode
[   67.514238][ T6217] bridge0: port 4(batadv0) entered blocking state
[   67.516462][ T6217] bridge0: port 4(batadv0) entered disabled state
[   67.520922][ T6217] bridge0: port 4(batadv0) entered blocking state
[   67.523018][ T6217] bridge0: port 4(batadv0) entered forwarding state
[   67.633035][ T6223] netlink: 4 bytes leftover after parsing attributes in process `syz.0.137'.
[   67.640056][ T6223] netlink: 52 bytes leftover after parsing attributes in process `syz.0.137'.
[   67.935645][   T13] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[   67.939523][   T13] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[   68.485338][   T28] wlan1: Trigger new scan to find an IBSS to join
[   69.006933][ T6266] tap0: tun_chr_ioctl cmd 1074025677
[   69.009229][ T6266] tap0: linktype set to 0
[   69.303442][ T5238] Bluetooth: hci2: unexpected cc 0x1004 length: 12 > 11
[   69.334366][ T6291] openvswitch: netlink: Key type 50 is out of range max 32
[   69.473155][ T6298] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   70.359565][ T6308] netlink: 10 bytes leftover after parsing attributes in process `syz.1.172'.
[   70.439675][ T6314] netlink: 'syz.1.174': attribute type 23 has an invalid length.
[   70.457922][ T6317] netlink: 'syz.0.175': attribute type 21 has an invalid length.
[   70.626892][ T6319] netlink: 'syz.2.176': attribute type 10 has an invalid length.
[   70.630351][ T6319] netlink: 40 bytes leftover after parsing attributes in process `syz.2.176'.
[   70.731714][ T6319] batman_adv: batadv0: Adding interface: hsr_slave_1
[   70.745884][ T6319] batman_adv: batadv0: The MTU of interface hsr_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.755841][ T6319] batman_adv: batadv0: Interface activated: hsr_slave_1
[   70.797179][ T6333] netlink: 809 bytes leftover after parsing attributes in process `syz.1.179'.
[   70.958754][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[   70.962001][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[   71.052510][ T6343] netlink: 'syz.2.187': attribute type 46 has an invalid length.
[   71.451798][ T1089] wlan1: Trigger new scan to find an IBSS to join
[   71.911132][ T6374] __nla_validate_parse: 3 callbacks suppressed
[   71.911185][ T6374] netlink: 48 bytes leftover after parsing attributes in process `syz.0.201'.
[   72.033599][ T6380] netlink: 'syz.2.204': attribute type 16 has an invalid length.
[   72.037582][ T6380] netlink: 156 bytes leftover after parsing attributes in process `syz.2.204'.
[   72.046503][ T6380] netlink: 809 bytes leftover after parsing attributes in process `syz.2.204'.
[   72.049595][ T6380] netlink: 130160 bytes leftover after parsing attributes in process `syz.2.204'.
[   72.052621][ T6380] netlink: 809 bytes leftover after parsing attributes in process `syz.2.204'.
[   72.142478][ T6382] syzkaller0: entered promiscuous mode
[   72.144289][ T6382] syzkaller0: entered allmulticast mode
[   72.159334][ T6386] =======================================================
[   72.159334][ T6386] WARNING: The mand mount option has been deprecated and
[   72.159334][ T6386]          and is ignored by this kernel. Remove the mand
[   72.159334][ T6386]          option from the mount to silence this warning.
[   72.159334][ T6386] =======================================================
[   73.050504][ T5238] Bluetooth: hci2: ISO packet too small
[   73.355336][ T5238] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[   73.358660][ T5238] Bluetooth: hci2: Injecting HCI hardware error event
[   73.362097][ T5238] Bluetooth: hci2: hardware error 0x00
[   74.394506][ T4432] wlan1: Creating new IBSS network, BSSID 0a:54:35:21:e3:fb
[   74.437828][ T5298] udevd[5298]: worker [5849] terminated by signal 33 (Unknown signal 33)
[   74.440944][ T5298] udevd[5298]: worker [5849] failed while handling '/devices/virtual/block/loop0'
[   74.599908][ T6429] netlink: 'syz.2.226': attribute type 21 has an invalid length.
[   75.097828][ T6462] openvswitch: netlink: IP tunnel dst address not specified
[   75.121048][ T6464] netlink: 1010 bytes leftover after parsing attributes in process `syz.0.242'.
[   75.126213][ T6464] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[   75.378053][ T6476] openvswitch: netlink: Either Ethernet header or EtherType is required.
[   75.539572][ T6487] netlink: 8 bytes leftover after parsing attributes in process `syz.0.253'.
[   75.549077][ T6478] syz.2.249 uses obsolete (PF_INET,SOCK_PACKET)
[   75.616017][ T6492] netlink: 60 bytes leftover after parsing attributes in process `syz.1.254'.
[   75.619942][ T6489] netlink: 60 bytes leftover after parsing attributes in process `syz.1.254'.
[   75.623243][ T6489] netlink: 60 bytes leftover after parsing attributes in process `syz.1.254'.
[   76.071630][ T6504] netlink: 'syz.1.261': attribute type 3 has an invalid length.
[   76.600467][ T5238] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[   76.678032][ T6516] delete_channel: no stack
[   76.680184][ T6516] delete_channel: no stack
[   77.992485][ T6544] delete_channel: no stack
[   78.604758][ T6550] netlink: 'syz.1.280': attribute type 21 has an invalid length.
[   78.607723][ T6550] __nla_validate_parse: 1 callbacks suppressed
[   78.607736][ T6550] netlink: 128 bytes leftover after parsing attributes in process `syz.1.280'.
[   78.613497][ T6550] netlink: 3 bytes leftover after parsing attributes in process `syz.1.280'.
[   78.693049][ T6553] siw: device registration error -23
[   78.791528][ T6548] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.279'.
[   78.920259][ T6566] netlink: 60 bytes leftover after parsing attributes in process `syz.2.287'.
[   78.979967][ T6575] netlink: 60 bytes leftover after parsing attributes in process `syz.2.287'.
[   79.018027][ T6580] netlink: 1057 bytes leftover after parsing attributes in process `syz.0.290'.
[   79.386040][ T6605] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[   79.388415][ T6605] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[   79.538429][ T6615] tap0: tun_chr_ioctl cmd 21731
[   79.547629][ T6615] tap0: tun_chr_ioctl cmd 2147767521
[   79.719272][ T6619] netlink: 'syz.1.308': attribute type 8 has an invalid length.
[   79.722671][ T6619] netlink: 'syz.1.308': attribute type 6 has an invalid length.
[   79.731001][ T6619] netlink: 144448 bytes leftover after parsing attributes in process `syz.1.308'.
[   79.775481][ T6621] netlink: 61859 bytes leftover after parsing attributes in process `syz.1.309'.
[   79.923208][ T6627] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.312'.
[   79.928020][ T6627] netlink: 4595 bytes leftover after parsing attributes in process `syz.1.312'.
[   80.217012][ T6634] netlink: 'syz.0.315': attribute type 39 has an invalid length.
[   80.988892][ T6683] sctp: [Deprecated]: syz.2.338 (pid 6683) Use of int in maxseg socket option.
[   80.988892][ T6683] Use struct sctp_assoc_value instead
[   81.203929][ T3144] cfg80211: failed to load regulatory.db
[   81.301349][ T6692] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   83.358448][ T6710] netlink: 'syz.1.351': attribute type 10 has an invalid length.
[   83.678045][ T6719] __nla_validate_parse: 5 callbacks suppressed
[   83.678062][ T6719] netlink: 60 bytes leftover after parsing attributes in process `syz.2.355'.
[   83.739751][ T6719] netlink: 60 bytes leftover after parsing attributes in process `syz.2.355'.
[   84.966849][ T6760] netlink: 'syz.1.367': attribute type 29 has an invalid length.
[   84.972754][ T6760] netlink: 'syz.1.367': attribute type 29 has an invalid length.
[   85.060834][ T6769] netlink: 60 bytes leftover after parsing attributes in process `syz.2.373'.
[   85.067129][ T6769] netlink: 60 bytes leftover after parsing attributes in process `syz.2.373'.
[   85.071583][ T6769] netlink: 60 bytes leftover after parsing attributes in process `syz.2.373'.
[   85.163714][ T6779] netlink: 68 bytes leftover after parsing attributes in process `syz.0.378'.
[   85.167632][ T6779] netlink: 68 bytes leftover after parsing attributes in process `syz.0.378'.
[   85.271030][ T6787] : port 1(veth0_to_bridge) entered blocking state
[   85.276370][ T6787] : port 1(veth0_to_bridge) entered disabled state
[   85.279678][ T6787] veth0_to_bridge: entered allmulticast mode
[   85.283609][ T6787] veth0_to_bridge: entered promiscuous mode
[   85.562148][ T5238] Bluetooth: hci0: unexpected event 0x14 length: 15 > 6
[   85.625389][ T6799] netlink: 'syz.2.385': attribute type 10 has an invalid length.
[   85.687007][ T6799] team0 (unregistering): Port device team_slave_0 removed
[   85.691848][ T6799] team0 (unregistering): Port device team_slave_1 removed
[   85.785133][ T6802] netlink: 8 bytes leftover after parsing attributes in process `syz.1.386'.
[   85.808804][ T6802] : entered promiscuous mode
[   85.883687][ T6810] lo speed is unknown, defaulting to 1000
[   85.885922][ T6810] lo speed is unknown, defaulting to 1000
[   85.891112][ T6810] lo speed is unknown, defaulting to 1000
[   85.963978][ T6810] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   86.133712][ T6810] lo speed is unknown, defaulting to 1000
[   86.149170][ T6810] lo speed is unknown, defaulting to 1000
[   86.166203][ T6810] lo speed is unknown, defaulting to 1000
[   87.052791][ T6853] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   87.085034][ T6857] netlink: 'syz.0.410': attribute type 3 has an invalid length.
[   87.087413][ T6857] netlink: 'syz.0.410': attribute type 6 has an invalid length.
[   87.101432][ T6857] netlink: 'syz.0.410': attribute type 8 has an invalid length.
[   87.103877][ T6857] netlink: 'syz.0.410': attribute type 10 has an invalid length.
[   87.106635][ T6857] netlink: 'syz.0.410': attribute type 11 has an invalid length.
[   87.109063][ T6857] netlink: 198236 bytes leftover after parsing attributes in process `syz.0.410'.
[   87.229739][ T6863] netlink: 146936 bytes leftover after parsing attributes in process `syz.1.414'.
[   87.233882][ T6863] openvswitch: netlink: Message has 6 unknown bytes.
[   87.273063][ T6872] netlink: 'syz.0.418': attribute type 9 has an invalid length.
[   87.308108][ T6873] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[   87.312088][ T6873] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[   90.478160][ T6898] netlink: 8 bytes leftover after parsing attributes in process `syz.0.430'.
[   90.708008][ T6906] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   91.457828][ T6939] netlink: 8 bytes leftover after parsing attributes in process `syz.1.449'.
[   91.468164][ T6939] openvswitch: netlink: nsh attr 165 is out of range max 3
[   91.472184][ T6939] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   91.479516][ T6938] syzkaller0: entered promiscuous mode
[   91.481739][ T6938] syzkaller0: entered allmulticast mode
[   91.493981][ T6938] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 65487
[   91.655440][ T6957] netlink: 40 bytes leftover after parsing attributes in process `syz.1.458'.
[   92.302697][ T6979] netlink: 24032 bytes leftover after parsing attributes in process `syz.1.467'.
[   92.336876][ T6979] netlink: 104088 bytes leftover after parsing attributes in process `syz.1.467'.
[   92.340680][ T6979] netlink: 24032 bytes leftover after parsing attributes in process `syz.1.467'.
[   92.613287][ T6987] netlink: 28 bytes leftover after parsing attributes in process `syz.0.471'.
[   92.617108][ T6987] netlink: 28 bytes leftover after parsing attributes in process `syz.0.471'.
[   92.629638][ T6985] netlink: 'syz.2.470': attribute type 10 has an invalid length.
[   92.632951][ T6985] netlink: 2 bytes leftover after parsing attributes in process `syz.2.470'.
[   92.638072][ T6985] bond0: entered promiscuous mode
[   92.652338][ T6985] bridge0: port 3(bond0) entered blocking state
[   92.662103][ T6985] bridge0: port 3(bond0) entered disabled state
[   92.667505][ T6985] bond0: entered allmulticast mode
[   92.669696][ T6985] bond_slave_0: entered allmulticast mode
[   92.673358][ T6985] bond_slave_1: entered allmulticast mode
[   92.700900][ T6990] netlink: 80 bytes leftover after parsing attributes in process `syz.0.472'.
[   92.822194][ T6985] bridge0: port 3(bond0) entered blocking state
[   92.825917][ T6985] bridge0: port 3(bond0) entered forwarding state
[   93.387461][ T7015] netlink: 'syz.2.483': attribute type 39 has an invalid length.
[   93.929290][ T7062] openvswitch: netlink: IP tunnel TTL not specified.
[   96.840851][ T7206] Driver unsupported XDP return value 0 on prog  (id 190) dev N/A, expect packet loss!
[   98.005272][ T7250] netlink: 'syz.2.546': attribute type 29 has an invalid length.
[   98.009964][ T7250] netlink: 'syz.2.546': attribute type 29 has an invalid length.
[   98.013951][ T7250] netlink: 'syz.2.546': attribute type 29 has an invalid length.
[   98.205581][ T7256] netlink: 'syz.0.549': attribute type 2 has an invalid length.
[   98.208447][ T7256] __nla_validate_parse: 7 callbacks suppressed
[   98.208455][ T7256] netlink: 120 bytes leftover after parsing attributes in process `syz.0.549'.
[   98.942387][ T7269] netlink: 4400 bytes leftover after parsing attributes in process `syz.2.555'.
[   98.958472][ T7271] netlink: 92 bytes leftover after parsing attributes in process `syz.0.556'.
[   99.060725][ T7271] netlink: 'syz.0.556': attribute type 39 has an invalid length.
[   99.242558][ T7286] netlink: 12 bytes leftover after parsing attributes in process `syz.2.563'.
[   99.863471][ T7331] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  100.377709][ T7364] netlink: 8 bytes leftover after parsing attributes in process `syz.2.597'.
[  100.489386][ T7376] netlink: 763 bytes leftover after parsing attributes in process `syz.1.603'.
[  101.629711][ T7393] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.609'.
[  101.691238][ T7398] netlink: 12 bytes leftover after parsing attributes in process `syz.0.612'.
[  101.698906][ T7396] netlink: 12 bytes leftover after parsing attributes in process `syz.1.611'.
[  101.809529][ T7406] netlink: 132 bytes leftover after parsing attributes in process `syz.1.616'.
[  102.196106][ T7416] netlink: 'syz.0.620': attribute type 10 has an invalid length.
[  102.200467][ T7416] veth1_vlan: entered allmulticast mode
[  102.211679][ T7416] team0: Device veth1_vlan failed to register rx_handler
[  102.220460][ T7421] netlink: 'syz.1.622': attribute type 2 has an invalid length.
[  102.436009][  T723] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  102.960556][ T7484] netlink: 'syz.0.648': attribute type 29 has an invalid length.
[  102.963661][ T7484] netlink: 'syz.0.648': attribute type 29 has an invalid length.
[  102.966519][ T7484] netlink: 'syz.0.648': attribute type 29 has an invalid length.
[  104.511618][ T7539] netlink: 'syz.0.676': attribute type 21 has an invalid length.
[  104.617409][ T7541] netlink: 'syz.0.677': attribute type 1 has an invalid length.
[  104.619787][ T7541] __nla_validate_parse: 4 callbacks suppressed
[  104.619795][ T7541] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.677'.
[  105.042152][ T7546] netlink: 'syz.1.679': attribute type 1 has an invalid length.
[  105.044757][ T7546] netlink: 'syz.1.679': attribute type 1 has an invalid length.
[  105.361580][ T7566] netlink: 'syz.0.689': attribute type 29 has an invalid length.
[  105.365412][ T7566] netlink: 'syz.0.689': attribute type 29 has an invalid length.
[  105.506418][ T7574] netlink: 'syz.0.692': attribute type 10 has an invalid length.
[  105.533494][ T7574] 8021q: adding VLAN 0 to HW filter on device batadv0
[  105.542872][ T7574] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  105.543202][ T7576] netlink: 20 bytes leftover after parsing attributes in process `syz.1.693'.
[  106.743249][ T7619] netlink: 'syz.2.712': attribute type 1 has an invalid length.
[  106.745776][ T7619] netlink: 'syz.2.712': attribute type 4 has an invalid length.
[  106.748578][ T7619] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.712'.
[  106.756421][ T7619] netlink: 'syz.2.712': attribute type 1 has an invalid length.
[  106.759577][ T7619] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.712'.
[  106.787989][ T7621] lo speed is unknown, defaulting to 1000
[  107.073728][ T7645] netlink: 44 bytes leftover after parsing attributes in process `syz.1.724'.
[  107.076803][ T7645] netlink: 43 bytes leftover after parsing attributes in process `syz.1.724'.
[  107.079532][ T7645] netlink: 43 bytes leftover after parsing attributes in process `syz.1.724'.
[  107.096627][ T7646] netlink: 15231 bytes leftover after parsing attributes in process `syz.2.723'.
[  107.232970][ T7650] netlink: 92 bytes leftover after parsing attributes in process `syz.0.726'.
[  107.923047][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.997383][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.055649][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.111738][ T7669] sit0: entered allmulticast mode
[  108.128447][ T7671] netlink: 14548 bytes leftover after parsing attributes in process `syz.2.737'.
[  108.176550][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.185879][ T7669] sit0: entered promiscuous mode
[  108.377509][   T12] bridge_slave_1: left allmulticast mode
[  108.379944][   T12] bridge_slave_1: left promiscuous mode
[  108.386791][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.424900][ T5848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  108.429618][ T5848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  108.433591][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  108.439146][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  108.444989][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  108.450466][   T12] bridge_slave_0: left allmulticast mode
[  108.452253][   T12] bridge_slave_0: left promiscuous mode
[  108.454108][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.724806][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  108.733759][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  108.747384][   T12] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  108.752648][   T12] bond0 (unregistering): Released all slaves
[  108.812763][ T7680] lo speed is unknown, defaulting to 1000
[  109.087961][   T12] hsr_slave_0: left promiscuous mode
[  109.090848][   T12] hsr_slave_1: left promiscuous mode
[  109.093777][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  109.101826][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  109.108104][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  109.110989][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  109.133679][   T12] veth1_macvtap: left promiscuous mode
[  109.137564][   T12] veth0_macvtap: left promiscuous mode
[  109.139678][   T12] veth0_vlan: left promiscuous mode
[  109.477092][   T12] team0 (unregistering): Port device team_slave_1 removed
[  109.509591][   T12] team0 (unregistering): Port device team_slave_0 removed
[  109.780230][ T7680] chnl_net:caif_netlink_parms(): no params data found
[  109.951443][ T7680] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.953732][ T7680] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.960043][ T7680] bridge_slave_0: entered allmulticast mode
[  109.962859][ T7680] bridge_slave_0: entered promiscuous mode
[  109.972818][ T7680] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.975662][ T7680] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.978280][ T7680] bridge_slave_1: entered allmulticast mode
[  109.981435][ T7680] bridge_slave_1: entered promiscuous mode
[  110.015660][ T7680] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  110.026768][ T7680] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  110.066663][ T7680] team0: Port device team_slave_0 added
[  110.070036][ T7680] team0: Port device team_slave_1 added
[  110.074061][ T7755] __nla_validate_parse: 4 callbacks suppressed
[  110.074071][ T7755] netlink: 64859 bytes leftover after parsing attributes in process `syz.1.771'.
[  110.118771][ T7680] batman_adv: batadv0: Adding interface: batadv_slave_0
[  110.120919][ T7680] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.142011][ T7680] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.149181][ T7680] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.151495][ T7680] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.160644][ T7680] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  110.213134][ T7680] hsr_slave_0: entered promiscuous mode
[  110.216084][ T7680] hsr_slave_1: entered promiscuous mode
[  110.218235][ T7680] debugfs: 'hsr0' already exists in 'hsr'
[  110.220029][ T7680] Cannot create hsr debugfs directory
[  110.474566][ T5848] Bluetooth: hci1: command tx timeout
[  110.503117][ T7776] syzkaller0: entered promiscuous mode
[  110.506780][ T7776] syzkaller0: entered allmulticast mode
[  110.532672][ T7778] netlink: 24 bytes leftover after parsing attributes in process `syz.2.782'.
[  110.536469][ T7778] netlink: 24 bytes leftover after parsing attributes in process `syz.2.782'.
[  110.623646][ T7786] netlink: 830 bytes leftover after parsing attributes in process `syz.2.786'.
[  110.676648][ T7790] netlink: 32 bytes leftover after parsing attributes in process `syz.2.788'.
[  110.684000][ T7680] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  110.696027][ T7680] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  110.710252][ T7680] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  110.719886][ T7680] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  110.764048][ T7680] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.766469][ T7680] bridge0: port 2(bridge_slave_1) entered forwarding state
[  110.768845][ T7680] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.771072][ T7680] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.816222][ T7680] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.840841][ T4432] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.844240][ T4432] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.872592][ T7680] 8021q: adding VLAN 0 to HW filter on device team0
[  110.883756][ T4432] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.886098][ T4432] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.900219][ T4432] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.902528][ T4432] bridge0: port 2(bridge_slave_1) entered forwarding state
[  110.938858][ T7680] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  110.942293][ T7680] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  111.005511][ T7819] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.799'.
[  111.057300][ T7680] 8021q: adding VLAN 0 to HW filter on device batadv0
[  111.064779][ T7827] netlink: 60 bytes leftover after parsing attributes in process `syz.2.798'.
[  111.068649][ T7822] netlink: 60 bytes leftover after parsing attributes in process `syz.2.798'.
[  111.080526][ T7827] netlink: 60 bytes leftover after parsing attributes in process `syz.2.798'.
[  111.120845][ T7680] veth0_vlan: entered promiscuous mode
[  111.128653][ T7680] veth1_vlan: entered promiscuous mode
[  111.151530][ T7680] veth0_macvtap: entered promiscuous mode
[  111.159918][ T7680] veth1_macvtap: entered promiscuous mode
[  111.167529][ T7830] validate_nla: 8 callbacks suppressed
[  111.167553][ T7830] netlink: 'syz.1.800': attribute type 10 has an invalid length.
[  111.183181][ T7680] batman_adv: batadv0: Interface activated: batadv_slave_0
[  111.193742][ T7830] netlink: 152 bytes leftover after parsing attributes in process `syz.1.800'.
[  111.202263][ T7830] dummy0: left allmulticast mode
[  111.211525][ T7830] bridge0: port 3(dummy0) entered disabled state
[  111.223090][ T7830] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[  111.231015][ T7680] batman_adv: batadv0: Interface activated: batadv_slave_1
[  111.240296][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  111.243430][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  111.247689][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  111.256891][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  111.328039][   T28] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.334661][   T28] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.357864][   T28] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.360590][   T28] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.560739][ T5848] Bluetooth: hci1: command tx timeout
[  113.628403][ T7897] tun0: tun_chr_ioctl cmd 1074025677
[  113.630974][ T7897] tun0: linktype set to 270
[  113.864084][ T7911] netlink: 'syz.2.837': attribute type 21 has an invalid length.
[  114.172599][ T7942] netlink: 'syz.1.852': attribute type 6 has an invalid length.
[  114.373005][ T7954] netlink: 'syz.2.857': attribute type 5 has an invalid length.
[  114.379553][ T7954] netlink: 'syz.2.857': attribute type 7 has an invalid length.
[  114.488946][ T7957] netlink: 'syz.2.858': attribute type 64 has an invalid length.
[  114.536195][ T7958] netlink: 'syz.0.856': attribute type 10 has an invalid length.
[  114.634605][ T5848] Bluetooth: hci1: command tx timeout
[  116.721153][ T5848] Bluetooth: hci1: command tx timeout
[  116.730171][ T8008] sctp: [Deprecated]: syz.2.874 (pid 8008) Use of int in maxseg socket option.
[  116.730171][ T8008] Use struct sctp_assoc_value instead
[  117.170495][ T8027] netlink: 'syz.2.887': attribute type 10 has an invalid length.
[  117.173431][ T8027] __nla_validate_parse: 5 callbacks suppressed
[  117.173442][ T8027] netlink: 40 bytes leftover after parsing attributes in process `syz.2.887'.
[  117.181842][ T8027] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  117.427239][ T8045] netlink: 'syz.1.895': attribute type 2 has an invalid length.
[  117.430192][ T8045] netlink: 'syz.1.895': attribute type 1 has an invalid length.
[  117.433022][ T8045] netlink: 132 bytes leftover after parsing attributes in process `syz.1.895'.
[  117.492013][ T8045] netlink: 60 bytes leftover after parsing attributes in process `syz.1.895'.
[  117.498528][ T8045] netlink: 60 bytes leftover after parsing attributes in process `syz.1.895'.
[  117.503100][ T8045] netlink: 60 bytes leftover after parsing attributes in process `syz.1.895'.
[  119.873385][    C1] clocksource: Long readout interval, skipping watchdog check: cs_nsec: 1488542365 wd_nsec: 1488542321
[  132.420585][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[  132.423208][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  134.083750][ T5238] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  134.087655][ T5238] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  134.090379][ T5238] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  134.096372][ T5238] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  134.099405][ T5238] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  135.464871][ T5238] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  135.468009][ T5238] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  135.470643][ T5238] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  135.473441][ T5238] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  135.480488][ T5238] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  135.493918][ T5848] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  135.498594][ T5848] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  135.501177][ T5848] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  135.504110][ T5848] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  135.552406][ T5848] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  136.174987][ T5238] Bluetooth: hci3: command tx timeout
[  137.555655][ T5238] Bluetooth: hci4: command tx timeout
[  137.618978][ T5238] Bluetooth: hci5: command tx timeout
[  138.254678][ T5238] Bluetooth: hci3: command tx timeout
[  139.594641][ T5238] Bluetooth: hci4: command tx timeout
[  139.685873][ T5238] Bluetooth: hci5: command tx timeout
[  140.314398][ T5238] Bluetooth: hci3: command tx timeout
[  141.676036][ T5238] Bluetooth: hci4: command tx timeout
[  141.754443][ T5238] Bluetooth: hci5: command tx timeout
[  142.394438][ T5238] Bluetooth: hci3: command tx timeout
[  142.712333][    C1] clocksource: Long readout interval, skipping watchdog check: cs_nsec: 20477044394 wd_nsec: 20477045823
[  143.754397][ T5238] Bluetooth: hci4: command tx timeout
[  143.835944][ T5238] Bluetooth: hci5: command tx timeout
[  149.954549][  T723] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  167.704184][    C1] sched: DL replenish lagged too much
[  181.518543][ T5848] Bluetooth: hci0: command 0x0406 tx timeout
[  193.580509][ T8104] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  193.584111][   T54] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  193.590430][   T54] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  193.594307][   T54] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  193.598122][   T54] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  194.602764][ T8108] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  194.607044][ T8108] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  194.610287][ T8108] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  194.613774][ T8108] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  194.618434][ T8108] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  195.059278][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[  195.061698][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  195.600513][ T8112] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  195.604835][ T8112] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  195.608024][ T8112] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  195.611738][ T8112] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  195.618314][ T8112] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  197.663982][   T27] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  231.754515][ T8120] Bluetooth: hci1: command 0x0406 tx timeout
[  254.640490][ T8123] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  254.645409][ T8123] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  254.649071][ T8123] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  254.655570][ T8123] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  254.659034][ T8123] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  255.652890][ T8104] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  255.657899][ T8104] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  255.661822][ T8104] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  255.666175][ T8104] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  255.669703][ T8104] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  256.465406][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[  256.467924][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[  256.678193][ T8131] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  256.683933][ T8133] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  256.689559][ T8133] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  256.693359][ T8133] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  256.698644][ T8133] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  258.716564][ T8104] Bluetooth: hci3: command 0x0406 tx timeout
[  262.557905][ T8135] Bluetooth: hci4: command 0x0406 tx timeout
[  262.560326][ T8135] Bluetooth: hci5: command 0x0406 tx timeout
[  272.814162][    C0] rcu: INFO: rcu_preempt self-detected stall on CPU
SYZFAIL: failed to recv rpc
[  272.816580][    C0] rcu: 	0-....: (10464 ticks this GP) idle=fa6c/1/0x4000000000000000 softirq=23552/23786 fqs=5232
[  272.821797][    C0] rcu: 	         hardirqs   softirqs   csw/system
[  272.823916][    C0] rcu: 	 number:  1222709        844            0
[  272.825987][    C0] rcu: 	cputime:    31068      21418           40   ==> 52500(ms)
[  272.828270][    C0] rcu: 	(t=10502 jiffies g=15577 q=1275 ncpus=2)
[  272.830228][    C0] CPU: 0 UID: 0 PID: 8089 Comm: syz.0.916 Not tainted syzkaller #0 PREEMPT(full) 
[  272.830245][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  272.830254][    C0] RIP: 0010:mac80211_hwsim_tx_frame_no_nl+0x7cb/0x11c0
[  272.830273][    C0] Code: 00 00 00 00 00 00 4c 39 eb 74 70 4d 8d bd 10 3e 00 00 4c 89 f8 48 c1 e8 03 42 0f b6 04 30 84 c0 0f 85 b4 05 00 00 41 80 3f 00 <74> 59 4d 8d bd 11 3e 00 00 4c 89 f8 48 c1 e8 03 42 0f b6 04 30 84
[  272.830280][    C0] RSP: 0018:ffffc90000007980 EFLAGS: 00000202
[  272.830287][    C0] RAX: 0000000000000000 RBX: ffff888038f3b0a0 RCX: ffff888107f8b980
[  272.830293][    C0] RDX: 0000000000000100 RSI: 0000000000000004 RDI: ffffc90000007900
[  272.830298][    C0] RBP: ffffc90000007b18 R08: 0000000000000003 R09: 0000000000000004
[  272.830302][    C0] R10: dffffc0000000000 R11: fffff52000000f20 R12: ffff888038f3b338
[  272.830307][    C0] R13: ffff888107d030a0 R14: dffffc0000000000 R15: ffff888107d06eb0
[  272.830312][    C0] FS:  00007f5f3d4bd6c0(0000) GS:ffff8880b861c000(0000) knlGS:0000000000000000
[  272.830319][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  272.830323][    C0] CR2: 00007f0d86a44a72 CR3: 000000002abd4000 CR4: 00000000000006f0
[  272.830346][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  272.830351][    C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  272.830355][    C0] Call Trace:
[  272.830360][    C0]  <IRQ>
[  272.830370][    C0]  ? __pfx_mac80211_hwsim_tx_frame_no_nl+0x10/0x10
[  272.830389][    C0]  ? mac80211_hwsim_monitor_rx+0x1d7/0x880
[  272.830402][    C0]  mac80211_hwsim_tx_frame+0x1b5/0x200
[  272.830412][    C0]  mac80211_hwsim_beacon_tx+0x3f0/0x860
[  272.830420][    C0]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[  272.830431][    C0]  __iterate_interfaces+0x2ab/0x590
[  272.830439][    C0]  ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10
[  272.830446][    C0]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[  272.830454][    C0]  ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10
[  272.830461][    C0]  ieee80211_iterate_active_interfaces_atomic+0xdb/0x180
[  272.830471][    C0]  mac80211_hwsim_beacon+0xbb/0x1c0
[  272.830481][    C0]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  272.830490][    C0]  __hrtimer_run_queues+0x52c/0xc60
[  272.830507][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  272.830519][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  272.830528][    C0]  handle_softirqs+0x286/0x870
[  272.830538][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  272.830548][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  272.830557][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  272.830568][    C0]  __irq_exit_rcu+0xca/0x1f0
[  272.830575][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  272.830586][    C0]  irq_exit_rcu+0x9/0x30
[  272.830592][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  272.830603][    C0]  </IRQ>
[  272.830605][    C0]  <TASK>
[  272.830618][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  272.830626][    C0] RIP: 0010:__schedule+0x5/0x4cc0
[  272.830636][    C0] Code: 89 d9 48 8b 5c 24 08 e9 ee fe ff ff cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 <48> 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 81 ec e0 01 00
[  272.830641][    C0] RSP: 0018:ffffc90004f17b70 EFLAGS: 00000282
[  272.830648][    C0] RAX: 249f674544773a00 RBX: 0000000000000000 RCX: 249f674544773a00
[  272.830653][    C0] RDX: 0000000000000000 RSI: ffffffff8d9b6ac3 RDI: 0000000000000001
[  272.830657][    C0] RBP: ffffc90004f17c30 R08: ffffffff8fa38037 R09: 1ffffffff1f47006
[  272.830662][    C0] R10: dffffc0000000000 R11: fffffbfff1f47007 R12: 0000000000000000
[  272.830667][    C0] R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff920009e2f70
[  272.830680][    C0]  preempt_schedule_irq+0xb5/0x150
[  272.830689][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  272.830702][    C0]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[  272.830711][    C0]  irqentry_exit+0x6f/0x90
[  272.830720][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  272.830727][    C0] RIP: 0010:preempt_schedule_thunk+0x0/0x30
[  272.830738][    C0] Code: e5 8b 00 48 c7 c0 00 58 80 8b e9 0b 65 48 0a cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <55> 48 89 e5 57 56 52 51 50 41 50 41 51 41 52 41 53 e8 2a a8 46 0a
[  272.830743][    C0] RSP: 0018:ffffc90004f17cf8 EFLAGS: 00000246
[  272.830775][    C0] RAX: 0000000000000000 RBX: 0000000000000a06 RCX: 0000000000000000
[  272.830779][    C0] RDX: 0000000000000000 RSI: ffffffff8d9b6ac3 RDI: 00000000ffffffff
[  272.830784][    C0] RBP: ffffc90004f17d98 R08: ffffffff8fa38037 R09: 1ffffffff1f47006
[  272.830789][    C0] R10: dffffc0000000000 R11: fffffbfff1f47007 R12: dffffc0000000000
[  272.830794][    C0] R13: dffffc0000000000 R14: ffffffff8f59b4c0 R15: 1ffff920009e2fa0
[  272.830807][    C0]  _raw_read_unlock_irqrestore+0xfd/0x110
[  272.830818][    C0]  ? __pfx__raw_read_unlock_irqrestore+0x10/0x10
[  272.830832][    C0]  netlink_create+0xfa/0x590
[  272.830843][    C0]  __sock_create+0x4b3/0x9f0
[  272.830857][    C0]  __sys_socket+0xd7/0x1b0
[  272.830868][    C0]  __x64_sys_socket+0x7a/0x90
[  272.830878][    C0]  do_syscall_64+0xfa/0x3b0
[  272.830889][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  272.830896][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  272.830905][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  272.830912][    C0] RIP: 0033:0x7f5f3c58ebe9
[  272.830920][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  272.830925][    C0] RSP: 002b:00007f5f3d4bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  272.830933][    C0] RAX: ffffffffffffffda RBX: 00007f5f3c7c5fa0 RCX: 00007f5f3c58ebe9
[  272.830938][    C0] RDX: 000000000000000c RSI: 0000000000000003 RDI: 0000000000000010
[  272.830942][    C0] RBP: 00007f5f3c611e19 R08: 0000000000000000 R09: 0000000000000000
[  272.830946][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  272.830950][    C0] R13: 00007f5f3c7c6038 R14: 00007f5f3c7c5fa0 R15: 00007ffe10bcdf18
[  272.830962][    C0]  </TASK>
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  274.474748][   T34] INFO: task syz.2.891:8035 blocked for more than 143 seconds.
[  274.477581][   T34]       Not tainted syzkaller #0
[  274.479383][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  274.482586][   T34] task:syz.2.891       state:D stack:24208 pid:8035  tgid:8035  ppid:5853   task_flags:0x400040 flags:0x00004004
[  274.494485][   T34] Call Trace:
[  274.495806][   T34]  <TASK>
[  274.496934][   T34]  __schedule+0x1798/0x4cc0
[  274.498665][   T34]  ? __pfx_trace_call_bpf+0x10/0x10
[  274.500641][   T34]  ? __lock_acquire+0xab9/0xd20
[  274.502472][   T34]  ? __pfx___schedule+0x10/0x10
[  274.508265][   T34]  ? schedule+0x91/0x360
[  274.509829][   T34]  schedule+0x165/0x360
[  274.511333][   T34]  ? netlink_table_grab+0x118/0x290
[  274.513227][   T34]  netlink_table_grab+0x189/0x290
[  274.515804][   T34]  ? __pfx_netlink_table_grab+0x10/0x10
[  274.517934][   T34]  ? __pfx_default_wake_function+0x10/0x10
[  274.520039][   T34]  ? netlink_release+0x108/0x1b10
[  274.521860][   T34]  netlink_release+0xcb6/0x1b10
[  274.523676][   T34]  ? netlink_release+0x108/0x1b10
[  274.528568][   T34]  ? __pfx_netlink_release+0x10/0x10
[  274.530591][   T34]  ? down_write+0x162/0x1f0
[  274.532260][   T34]  ? __pfx_down_write+0x10/0x10
[  274.534027][   T34]  sock_close+0xc3/0x240
[  274.536609][   T34]  ? __pfx_sock_close+0x10/0x10
[  274.538493][   T34]  __fput+0x44c/0xa70
[  274.540025][   T34]  task_work_run+0x1d4/0x260
[  274.541777][   T34]  ? __pfx_task_work_run+0x10/0x10
[  274.543652][   T34]  ? exit_to_user_mode_loop+0x40/0x110
[  274.548748][   T34]  exit_to_user_mode_loop+0xec/0x110
[  274.550699][   T34]  do_syscall_64+0x2bd/0x3b0
[  274.552339][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.555000][   T34]  ? asm_sysvec_call_function_single+0x1a/0x20
[  274.557240][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.559385][   T34] RIP: 0033:0x7f761ed8ebe9
[  274.560984][   T34] RSP: 002b:00007ffcf73f8cc8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  274.564018][   T34] RAX: 0000000000000000 RBX: 00007f761efc7da0 RCX: 00007f761ed8ebe9
[  274.572433][   T34] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  274.576468][   T34] RBP: 00007f761efc7da0 R08: 000000000000e4d8 R09: 0000000ff73f8fbf
[  274.579322][   T34] R10: 00007f761efc7cb0 R11: 0000000000000246 R12: 000000000001cd1c
[  274.582134][   T34] R13: 00007f761efc6180 R14: ffffffffffffffff R15: 00007ffcf73f8de0
[  274.587825][   T34]  </TASK>
[  274.588985][   T34] INFO: task syz.2.891:8036 blocked for more than 143 seconds.
[  274.591635][   T34]       Not tainted syzkaller #0
[  274.593386][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  274.597069][   T34] task:syz.2.891       state:D stack:25984 pid:8036  tgid:8035  ppid:5853   task_flags:0x400140 flags:0x00004006
[  274.601336][   T34] Call Trace:
[  274.602588][   T34]  <TASK>
[  274.603744][   T34]  __schedule+0x1798/0x4cc0
[  274.608166][   T34]  ? __pfx_trace_call_bpf+0x10/0x10
[  274.610143][   T34]  ? __lock_acquire+0xab9/0xd20
[  274.611969][   T34]  ? __pfx___schedule+0x10/0x10
[  274.613783][   T34]  ? schedule+0x91/0x360
[  274.616691][   T34]  schedule+0x165/0x360
[  274.618236][   T34]  ? netlink_table_grab+0x118/0x290
[  274.620100][   T34]  netlink_table_grab+0x189/0x290
[  274.621915][   T34]  ? __pfx_netlink_table_grab+0x10/0x10
[  274.623898][   T34]  ? __pfx_default_wake_function+0x10/0x10
[  274.628565][   T34]  ? netlink_release+0x108/0x1b10
[  274.630471][   T34]  netlink_release+0xcb6/0x1b10
[  274.632282][   T34]  ? netlink_release+0x108/0x1b10
[  274.634953][   T34]  ? __pfx_netlink_release+0x10/0x10
[  274.636927][   T34]  ? down_write+0x162/0x1f0
[  274.638573][   T34]  ? __pfx_down_write+0x10/0x10
[  274.640331][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  274.642249][   T34]  sock_close+0xc3/0x240
[  274.643861][   T34]  ? __pfx_sock_close+0x10/0x10
[  274.648669][   T34]  __fput+0x44c/0xa70
[  274.650198][   T34]  task_work_run+0x1d4/0x260
[  274.651907][   T34]  ? __pfx_task_work_run+0x10/0x10
[  274.653793][   T34]  ? trace_call_bpf+0xb7/0x850
[  274.656248][   T34]  ? trace_call_bpf+0xb7/0x850
[  274.658006][   T34]  get_signal+0x11ed/0x1340
[  274.659668][   T34]  ? __pfx_trace_call_bpf+0x10/0x10
[  274.661553][   T34]  ? __fput_deferred+0x215/0x390
[  274.663376][   T34]  ? __pfx___fput_deferred+0x10/0x10
[  274.668718][   T34]  arch_do_signal_or_restart+0x9a/0x750
[  274.670769][   T34]  ? perf_trace_preemptirq_template+0x280/0x340
[  274.672984][   T34]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  274.678247][   T34]  ? exit_to_user_mode_loop+0x40/0x110
[  274.680315][   T34]  exit_to_user_mode_loop+0x75/0x110
[  274.682227][   T34]  do_syscall_64+0x2bd/0x3b0
[  274.683951][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  274.688674][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.690877][   T34]  ? exc_page_fault+0x9f/0xf0
[  274.692576][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.695399][   T34] RIP: 0033:0x7f761ed8ebe9
[  274.697127][   T34] RSP: 002b:00007f761fb2c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  274.700132][   T34] RAX: fffffffffffffe00 RBX: 00007f761efc5fa0 RCX: 00007f761ed8ebe9
[  274.702968][   T34] RDX: 0000000040000100 RSI: 0000200000000280 RDI: 0000000000000003
[  274.708895][   T34] RBP: 00007f761ee11e19 R08: 0000000000000000 R09: 0000000000000000
[  274.711863][   T34] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  274.715366][   T34] R13: 00007f761efc6038 R14: 00007f761efc5fa0 R15: 00007ffcf73f8b68
[  274.718340][   T34]  </TASK>
[  274.719503][   T34] INFO: task syz.0.916:8088 blocked for more than 143 seconds.
[  274.722182][   T34]       Not tainted syzkaller #0
[  274.724019][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  274.730904][   T34] task:syz.0.916       state:D stack:25096 pid:8088  tgid:8088  ppid:7680   task_flags:0x400040 flags:0x00004004
[  274.735507][   T34] Call Trace:
[  274.736734][   T34]  <TASK>
[  274.737818][   T34]  __schedule+0x1798/0x4cc0
[  274.739461][   T34]  ? __pfx_trace_call_bpf+0x10/0x10
[  274.741352][   T34]  ? __lock_acquire+0xab9/0xd20
[  274.743124][   T34]  ? __pfx___schedule+0x10/0x10
[  274.747650][   T34]  ? schedule+0x91/0x360
[  274.749231][   T34]  schedule+0x165/0x360
[  274.750779][   T34]  ? netlink_table_grab+0x118/0x290
[  274.752697][   T34]  netlink_table_grab+0x189/0x290
[  274.755473][   T34]  ? netlink_release+0x963/0x1b10
[  274.757368][   T34]  ? __pfx_netlink_table_grab+0x10/0x10
[  274.759469][   T34]  ? rht_lock+0xff/0x220
[  274.760998][   T34]  ? __pfx_default_wake_function+0x10/0x10
[  274.763147][   T34]  ? netlink_release+0x108/0x1b10
[  274.767950][   T34]  netlink_release+0xcb6/0x1b10
[  274.769789][   T34]  ? netlink_release+0x108/0x1b10
[  274.791583][   T34]  ? __pfx_netlink_release+0x10/0x10
[  274.793540][   T34]  ? down_write+0x162/0x1f0
[  274.796385][   T34]  ? __pfx_down_write+0x10/0x10
[  274.798190][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  274.800065][   T34]  sock_close+0xc3/0x240
[  274.801587][   T34]  ? __pfx_sock_close+0x10/0x10
[  274.803390][   T34]  __fput+0x44c/0xa70
[  274.807972][   T34]  task_work_run+0x1d4/0x260
[  274.809624][   T34]  ? __pfx_task_work_run+0x10/0x10
[  274.811463][   T34]  ? exit_to_user_mode_loop+0x40/0x110
[  274.813420][   T34]  exit_to_user_mode_loop+0xec/0x110
[  274.815925][   T34]  do_syscall_64+0x2bd/0x3b0
[  274.817613][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.819756][   T34]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  274.821946][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.824097][   T34] RIP: 0033:0x7f5f3c58ebe9
[  274.828667][   T34] RSP: 002b:00007ffe10bce078 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  274.831747][   T34] RAX: 0000000000000000 RBX: 00007f5f3c7c7da0 RCX: 00007f5f3c58ebe9
[  274.835917][   T34] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  274.838863][   T34] RBP: 00007f5f3c7c7da0 R08: 0000000000000150 R09: 0000001210bce36f
[  274.841782][   T34] R10: 00007f5f3c7c7cb0 R11: 0000000000000246 R12: 000000000001d07b
[  274.847577][   T34] R13: 00007f5f3c7c6090 R14: ffffffffffffffff R15: 00007ffe10bce190
[  274.850567][   T34]  </TASK>
[  274.851742][   T34] INFO: task syz.1.917:8090 blocked for more than 143 seconds.
[  274.854993][   T34]       Not tainted syzkaller #0
[  274.856889][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  274.860053][   T34] task:syz.1.917       state:D stack:26920 pid:8090  tgid:8090  ppid:5846   task_flags:0x400040 flags:0x00004004
[  274.867359][   T34] Call Trace:
[  274.868673][   T34]  <TASK>
[  274.869786][   T34]  __schedule+0x1798/0x4cc0
[  274.871482][   T34]  ? __pfx_trace_call_bpf+0x10/0x10
[  274.873736][   T34]  ? __lock_acquire+0xab9/0xd20
[  274.876320][   T34]  ? __pfx___schedule+0x10/0x10
[  274.878164][   T34]  ? schedule+0x91/0x360
[  274.879728][   T34]  schedule+0x165/0x360
[  274.881266][   T34]  ? netlink_table_grab+0x118/0x290
[  274.883176][   T34]  netlink_table_grab+0x189/0x290
[  274.888240][   T34]  ? __pfx_netlink_table_grab+0x10/0x10
[  274.890301][   T34]  ? __pfx_default_wake_function+0x10/0x10
[  274.892455][   T34]  ? netlink_release+0x108/0x1b10
[  274.897361][   T34]  netlink_release+0xcb6/0x1b10
[  274.899227][   T34]  ? netlink_release+0x108/0x1b10
[  274.901122][   T34]  ? __pfx_netlink_release+0x10/0x10
[  274.903079][   T34]  ? down_write+0x162/0x1f0
[  274.907796][   T34]  ? __pfx_down_write+0x10/0x10
[  274.909633][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  274.911527][   T34]  sock_close+0xc3/0x240
[  274.913086][   T34]  ? __pfx_sock_close+0x10/0x10
[  274.915453][   T34]  __fput+0x44c/0xa70
[  274.916979][   T34]  task_work_run+0x1d4/0x260
[  274.918684][   T34]  ? __pfx_task_work_run+0x10/0x10
[  274.920546][   T34]  ? exit_to_user_mode_loop+0x40/0x110
[  274.922607][   T34]  exit_to_user_mode_loop+0xec/0x110
[  274.927714][   T34]  do_syscall_64+0x2bd/0x3b0
[  274.929417][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  274.931271][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.933472][   T34]  ? exc_page_fault+0x9f/0xf0
[  274.935787][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.937981][   T34] RIP: 0033:0x7fa31618ebe9
[  274.939612][   T34] RSP: 002b:00007ffde5116198 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  274.942551][   T34] RAX: 0000000000000000 RBX: 000000000001cd56 RCX: 00007fa31618ebe9
[  274.949230][   T34] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  274.952111][   T34] RBP: 00007fa3163c7da0 R08: 0000000000000001 R09: 0000000ce511648f
[  274.955426][   T34] R10: 0000001b31420000 R11: 0000000000000246 R12: 00007fa3163c5fac
[  274.958338][   T34] R13: 00007fa3163c5fa0 R14: ffffffffffffffff R15: 00007ffde51162b0
[  274.961196][   T34]  </TASK>
[  274.962360][   T34] 
[  274.962360][   T34] Showing all locks held in the system:
[  274.968438][   T34] 4 locks held by kworker/u10:0/27:
[  274.970341][   T34]  #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  274.974892][   T34]  #1: ffffc9000060fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  274.979477][   T34]  #2: ffff88811af10768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470
[  274.983083][   T34]  #3: ffffffff8e13f938 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  274.989990][   T34] 1 lock held by khungtaskd/34:
[  274.991796][   T34]  #0: ffffffff8e139ea0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  274.995795][   T34] 4 locks held by kworker/u11:0/54:
[  274.997737][   T34]  #0: ffff888120a73148 ((wq_completion)hci8#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  275.001647][   T34]  #1: ffffc900007cfbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  275.011324][   T34]  #2: ffff8881114f80b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
[  275.015212][   T34]  #3: ffffffff8f69cb48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
[  275.019036][   T34] 7 locks held by kworker/u11:1/5238:
[  275.020995][   T34]  #0: ffff88810faa5148 ((wq_completion)hci0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  275.027958][   T34]  #1: ffffc900257e7bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  275.032462][   T34]  #2: ffff888027e94dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  275.037232][   T34]  #3: ffff888027e940b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
[  275.040867][   T34]  #4: ffffffff8f69cb48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  275.047787][   T34]  #5: ffff88810faa7b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[  275.051307][   T34]  #6: ffffffff8e13f938 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730
[  275.056566][   T34] 2 locks held by getty/5676:
[  275.058387][   T34]  #0: ffff88802404a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  275.061884][   T34]  #1: ffffc900029032f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  275.068500][   T34] 4 locks held by kworker/u11:2/5848:
[  275.070525][   T34]  #0: ffff8880474a5148 ((wq_completion)hci6#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  275.075053][   T34]  #1: ffffc900032afbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  275.079888][   T34]  #2: ffff88811158c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
[  275.083655][   T34]  #3: ffffffff8f69cb48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
[  275.090630][   T34] 1 lock held by syz.2.891/8035:
[  275.092490][   T34]  #0: ffff888114301a08 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  275.096858][   T34] 1 lock held by syz.2.891/8036:
[  275.098700][   T34]  #0: ffff888114302008 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  275.102405][   T34] 1 lock held by syz.0.916/8088:
[  275.107239][   T34]  #0: ffff88802b212c08 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  275.110971][   T34] 2 locks held by syz.0.916/8089:
[  275.112857][   T34] 1 lock held by syz.1.917/8090:
[  275.120488][   T34]  #0: ffff88802b215008 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  275.129106][   T34] 1 lock held by syz-executor/8094:
[  275.131074][   T34]  #0: ffff88802b216208 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  275.135341][   T34] 1 lock held by syz-executor/8098:
[  275.137321][   T34]  #0: ffff88802b210808 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  275.141102][   T34] 1 lock held by syz-executor/8099:
[  275.143074][   T34]  #0: ffff88802b28a608 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  275.149854][   T34] 1 lock held by syz-executor/8103:
[  275.151837][   T34]  #0: ffff88811413a008 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  275.156356][   T34] 5 locks held by kworker/u11:3/8104:
[  275.158385][   T34]  #0: ffff888039364948 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  275.162383][   T34]  #1: ffffc90004eb7bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  275.170613][   T34]  #2: ffff888038f7cdc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  275.174553][   T34]  #3: ffff888038f7c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
[  275.178116][   T34]  #4: ffffffff8f69cb48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  275.182019][   T34] 1 lock held by syz-executor/8107:
[  275.183979][   T34]  #0: ffff88811413e208 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  275.190702][   T34] 4 locks held by kworker/u11:4/8108:
[  275.192716][   T34]  #0: ffff88803a5ed148 ((wq_completion)hci7#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  275.197104][   T34]  #1: ffffc90004aafbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  275.201439][   T34]  #2: ffff88811336c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
[  275.207893][   T34]  #3: ffffffff8f69cb48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
[  275.211754][   T34] 1 lock held by syz-executor/8111:
[  275.213686][   T34]  #0: ffff88802b2abe08 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  275.217916][   T34] 5 locks held by kworker/u11:5/8112:
[  275.219895][   T34]  #0: ffff88810aa71148 ((wq_completion)hci1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  275.223834][   T34]  #1: ffffc90004a4fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  275.234259][   T34]  #2: ffff888119f1cdc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  275.237692][   T34]  #3: ffff888119f1c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
[  275.241207][   T34]  #4: ffffffff8f69cb48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  275.247262][   T34] 1 lock held by dhcpcd/8114:
[  275.249024][   T34]  #0: ffff888114f08258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  275.252514][   T34] 1 lock held by dhcpcd/8115:
[  275.254725][   T34]  #0: ffff888122234258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  275.258263][   T34] 1 lock held by dhcpcd/8116:
[  275.259970][   T34]  #0: ffff888122198258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  275.263466][   T34] 1 lock held by dhcpcd/8117:
[  275.267901][   T34]  #0: ffff88812219c258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  275.271357][   T34] 1 lock held by dhcpcd/8118:
[  275.273044][   T34]  #0: ffff88811acb4258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  275.278063][   T34] 1 lock held by dhcpcd/8119:
[  275.279844][   T34]  #0: ffff88811b43a258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  275.283696][   T34] 4 locks held by kworker/u11:6/8120:
[  275.288424][   T34]  #0: ffff888046ad8148 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  275.292423][   T34]  #1: ffffc900045cfbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  275.297431][   T34]  #2: ffff888027e900b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
[  275.301120][   T34]  #3: ffffffff8f69cb48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
[  275.307766][   T34] 1 lock held by syz-executor/8122:
[  275.309747][   T34]  #0: ffff8881083be808 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  275.313549][   T34] 4 locks held by kworker/u11:7/8123:
[  275.316128][   T34]  #0: ffff888113197148 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  275.320231][   T34]  #1: ffffc9000451fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  275.327411][   T34]  #2: ffff88811a4b80b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
[  275.331121][   T34]  #3: ffffffff8f69cb48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
[  275.337922][   T34] 1 lock held by syz-executor/8126:
[  275.339908][   T34]  #0: ffff8881083bbe08 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  275.343712][   T34] 5 locks held by kworker/u11:8/8127:
[  275.348037][   T34]  #0: ffff888039599948 ((wq_completion)hci4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  275.351616][   T34]  #1: ffffc900044ffbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  275.356992][   T34]  #2: ffff888039450dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  275.360190][   T34]  #3: ffff8880394500b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
[  275.363471][   T34]  #4: ffffffff8f69cb48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  275.369056][   T34] 1 lock held by syz-executor/8130:
[  275.370887][   T34]  #0: ffff88802b215608 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  275.374874][   T34] 5 locks held by kworker/u11:9/8131:
[  275.376925][   T34]  #0: ffff888113061148 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  275.380793][   T34]  #1: ffffc900044dfbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  275.387619][   T34]  #2: ffff88811a4bcdc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  275.390652][   T34]  #3: ffff88811a4bc0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
[  275.394793][   T34]  #4: ffffffff8f69cb48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  275.398495][   T34] 4 locks held by kworker/u11:10/8133:
[  275.400615][   T34]  #0: ffff88811335d148 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  275.408191][   T34]  #1: ffffc900044bfbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  275.412829][   T34]  #2: ffff88802166c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
[  275.417085][   T34]  #3: ffffffff8f69cb48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
[  275.421027][   T34] 
[  275.421914][   T34] =============================================
[  275.421914][   T34] 
[  275.427361][   T34] NMI backtrace for cpu 1
[  275.427370][   T34] CPU: 1 UID: 0 PID: 34 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  275.427379][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  275.427383][   T34] Call Trace:
[  275.427387][   T34]  <TASK>
[  275.427391][   T34]  dump_stack_lvl+0x189/0x250
[  275.427406][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  275.427415][   T34]  ? __pfx__printk+0x10/0x10
[  275.427430][   T34]  nmi_cpu_backtrace+0x39e/0x3d0
[  275.427441][   T34]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  275.427451][   T34]  ? __pfx__printk+0x10/0x10
[  275.427463][   T34]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  275.427476][   T34]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  275.427486][   T34]  watchdog+0xf93/0xfe0
[  275.427499][   T34]  ? watchdog+0x1de/0xfe0
[  275.427511][   T34]  kthread+0x711/0x8a0
[  275.427522][   T34]  ? __pfx_watchdog+0x10/0x10
[  275.427531][   T34]  ? __pfx_kthread+0x10/0x10
[  275.427541][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  275.427571][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  275.427581][   T34]  ? __pfx_kthread+0x10/0x10
[  275.427590][   T34]  ret_from_fork+0x3fc/0x770
[  275.427600][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  275.427610][   T34]  ? __switch_to_asm+0x39/0x70
[  275.427620][   T34]  ? __switch_to_asm+0x33/0x70
[  275.427628][   T34]  ? __pfx_kthread+0x10/0x10
[  275.427638][   T34]  ret_from_fork_asm+0x1a/0x30
[  275.427653][   T34]  </TASK>
[  275.427657][   T34] Sending NMI from CPU 1 to CPUs 0:
[  275.483672][    C0] NMI backtrace for cpu 0
[  275.483685][    C0] CPU: 0 UID: 0 PID: 8089 Comm: syz.0.916 Not tainted syzkaller #0 PREEMPT(full) 
[  275.483695][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  275.483700][    C0] RIP: 0010:native_apic_msr_write+0x39/0x50
[  275.483716][    C0] Code: 74 2a 83 ff 30 74 25 eb 10 81 ff d0 00 00 00 74 1b 81 ff e0 00 00 00 74 13 c1 ef 04 81 c7 00 08 00 00 89 f9 89 f0 31 d2 0f 30 <66> 90 c3 cc cc cc cc cc f3 0f 1e fa 89 f6 31 d2 e9 52 65 8e 03 66
[  275.483722][    C0] RSP: 0018:ffffc90000007848 EFLAGS: 00000046
[  275.483730][    C0] RAX: 0000000000000124 RBX: ffff88804b023900 RCX: 0000000000000838
[  275.483736][    C0] RDX: 0000000000000000 RSI: 0000000000000124 RDI: 0000000000000838
[  275.483740][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff81ae033e
[  275.483745][    C0] R10: 0000000000000003 R11: ffffffff81703490 R12: 0000000010004eda
[  275.483749][    C0] R13: dffffc0000000000 R14: 0000000000000124 R15: 0000000000000020
[  275.483754][    C0] FS:  00007f5f3d4bd6c0(0000) GS:ffff8880b861c000(0000) knlGS:0000000000000000
[  275.483760][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  275.483765][    C0] CR2: 00007f0d86a44a72 CR3: 000000002abd4000 CR4: 00000000000006f0
[  275.483788][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  275.483794][    C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  275.483798][    C0] Call Trace:
[  275.483802][    C0]  <IRQ>
[  275.483805][    C0]  lapic_next_event+0x11/0x20
[  275.483814][    C0]  clockevents_program_event+0x1cf/0x360
[  275.483828][    C0]  hrtimer_interrupt+0x620/0xaa0
[  275.483841][    C0]  __sysvec_apic_timer_interrupt+0x10b/0x410
[  275.483850][    C0]  sysvec_apic_timer_interrupt+0x52/0xc0
[  275.483860][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  275.483868][    C0] RIP: 0010:kasan_check_range+0x7/0x2c0
[  275.483880][    C0] Code: e8 ce f2 04 ff 90 0f 0b cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 55 41 57 <41> 56 41 55 41 54 53 b0 01 48 85 f6 0f 84 ba 01 00 00 4c 8d 04 37
[  275.483886][    C0] RSP: 0018:ffffc90000007ab0 EFLAGS: 00000246
[  275.483892][    C0] RAX: 000000000000000c RBX: 000000000000032f RCX: ffffffff89cd6d83
[  275.483897][    C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888039565060
[  275.483902][    C0] RBP: ffff888039aa0010 R08: ffff888039565067 R09: 1ffff110072aca0c
[  275.483907][    C0] R10: dffffc0000000000 R11: ffffed10072aca0d R12: 000000000000032f
[  275.483912][    C0] R13: dffffc0000000000 R14: 0000000000000010 R15: ffff888039565000
[  275.483923][    C0]  ? bitmap_ipmac_gc+0x1a3/0x570
[  275.483935][    C0]  bitmap_ipmac_gc+0x1a3/0x570
[  275.483948][    C0]  call_timer_fn+0x17e/0x5f0
[  275.483959][    C0]  ? __pfx_bitmap_ipmac_gc+0x10/0x10
[  275.483967][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  275.483976][    C0]  ? call_timer_fn+0xbe/0x5f0
[  275.483985][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  275.483997][    C0]  ? __pfx_bitmap_ipmac_gc+0x10/0x10
[  275.484007][    C0]  __run_timer_base+0x61a/0x860
[  275.484016][    C0]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  275.484029][    C0]  ? __pfx___run_timer_base+0x10/0x10
[  275.484041][    C0]  run_timer_softirq+0xb7/0x180
[  275.484050][    C0]  handle_softirqs+0x286/0x870
[  275.484059][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  275.484067][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  275.484075][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  275.484085][    C0]  __irq_exit_rcu+0xca/0x1f0
[  275.484092][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  275.484100][    C0]  irq_exit_rcu+0x9/0x30
[  275.484106][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  275.484115][    C0]  </IRQ>
[  275.484117][    C0]  <TASK>
[  275.484120][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  275.484127][    C0] RIP: 0010:__schedule+0x5/0x4cc0
[  275.484137][    C0] Code: 89 d9 48 8b 5c 24 08 e9 ee fe ff ff cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 <48> 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 81 ec e0 01 00
[  275.484143][    C0] RSP: 0018:ffffc90004f17b70 EFLAGS: 00000282
[  275.484149][    C0] RAX: 249f674544773a00 RBX: 0000000000000000 RCX: 249f674544773a00
[  275.484153][    C0] RDX: 0000000000000000 RSI: ffffffff8d9b6ac3 RDI: 0000000000000001
[  275.484158][    C0] RBP: ffffc90004f17c30 R08: ffffffff8fa38037 R09: 1ffffffff1f47006
[  275.484163][    C0] R10: dffffc0000000000 R11: fffffbfff1f47007 R12: 0000000000000000
[  275.484167][    C0] R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff920009e2f70
[  275.484176][    C0]  preempt_schedule_irq+0xb5/0x150
[  275.484186][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  275.484197][    C0]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[  275.484205][    C0]  irqentry_exit+0x6f/0x90
[  275.484214][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  275.484221][    C0] RIP: 0010:preempt_schedule_thunk+0x0/0x30
[  275.484233][    C0] Code: e5 8b 00 48 c7 c0 00 58 80 8b e9 0b 65 48 0a cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <55> 48 89 e5 57 56 52 51 50 41 50 41 51 41 52 41 53 e8 2a a8 46 0a
[  275.484239][    C0] RSP: 0018:ffffc90004f17cf8 EFLAGS: 00000246
[  275.484245][    C0] RAX: 0000000000000000 RBX: 0000000000000a06 RCX: 0000000000000000
[  275.484249][    C0] RDX: 0000000000000000 RSI: ffffffff8d9b6ac3 RDI: 00000000ffffffff
[  275.484254][    C0] RBP: ffffc90004f17d98 R08: ffffffff8fa38037 R09: 1ffffffff1f47006
[  275.484259][    C0] R10: dffffc0000000000 R11: fffffbfff1f47007 R12: dffffc0000000000
[  275.484264][    C0] R13: dffffc0000000000 R14: ffffffff8f59b4c0 R15: 1ffff920009e2fa0
[  275.484273][    C0]  _raw_read_unlock_irqrestore+0xfd/0x110
[  275.484283][    C0]  ? __pfx__raw_read_unlock_irqrestore+0x10/0x10
[  275.484294][    C0]  netlink_create+0xfa/0x590
[  275.484303][    C0]  __sock_create+0x4b3/0x9f0
[  275.484315][    C0]  __sys_socket+0xd7/0x1b0
[  275.484324][    C0]  __x64_sys_socket+0x7a/0x90
[  275.484333][    C0]  do_syscall_64+0xfa/0x3b0
[  275.484344][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  275.484351][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  275.484359][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  275.484366][    C0] RIP: 0033:0x7f5f3c58ebe9
[  275.484374][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  275.484379][    C0] RSP: 002b:00007f5f3d4bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  275.484386][    C0] RAX: ffffffffffffffda RBX: 00007f5f3c7c5fa0 RCX: 00007f5f3c58ebe9
[  275.484391][    C0] RDX: 000000000000000c RSI: 0000000000000003 RDI: 0000000000000010
[  275.484395][    C0] RBP: 00007f5f3c611e19 R08: 0000000000000000 R09: 0000000000000000
[  275.484400][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  275.484404][    C0] R13: 00007f5f3c7c6038 R14: 00007f5f3c7c5fa0 R15: 00007ffe10bcdf18
[  275.484412][    C0]  </TASK>
[  275.712243][   T34] Kernel panic - not syncing: hung_task: blocked tasks
[  275.715065][   T34] CPU: 1 UID: 0 PID: 34 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  275.718655][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  275.722747][   T34] Call Trace:
[  275.724123][   T34]  <TASK>
[  275.725355][   T34]  dump_stack_lvl+0x99/0x250
[  275.726924][   T34]  ? __asan_memcpy+0x40/0x70
[  275.728746][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  275.730806][   T34]  ? __pfx__printk+0x10/0x10
[  275.732675][   T34]  vpanic+0x281/0x750
[  275.734292][   T34]  ? __pfx_vpanic+0x10/0x10
[  275.736129][   T34]  ? preempt_schedule+0xae/0xc0
[  275.738086][   T34]  ? preempt_schedule_common+0x83/0xd0
[  275.740273][   T34]  panic+0xb9/0xc0
[  275.741814][   T34]  ? __pfx_panic+0x10/0x10
[  275.743636][   T34]  ? preempt_schedule_thunk+0x16/0x30
[  275.745800][   T34]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  275.748241][   T34]  watchdog+0xfd2/0xfe0
[  275.749947][   T34]  ? watchdog+0x1de/0xfe0
[  275.751699][   T34]  kthread+0x711/0x8a0
[  275.753347][   T34]  ? __pfx_watchdog+0x10/0x10
[  275.755236][   T34]  ? __pfx_kthread+0x10/0x10
[  275.757087][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  275.759046][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  275.761107][   T34]  ? __pfx_kthread+0x10/0x10
[  275.762992][   T34]  ret_from_fork+0x3fc/0x770
[  275.764844][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  275.766876][   T34]  ? __switch_to_asm+0x39/0x70
[  275.768793][   T34]  ? __switch_to_asm+0x33/0x70
[  275.770748][   T34]  ? __pfx_kthread+0x10/0x10
[  275.772504][   T34]  ret_from_fork_asm+0x1a/0x30
[  275.774459][   T34]  </TASK>
[  275.776379][   T34] Kernel Offset: disabled
[  275.778151][   T34] Rebooting in 86400 seconds..

VM DIAGNOSIS:
18:59:19  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000034 RBX=0000000000000034 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90000006cb0
R8 =ffff888106790237 R9 =1ffff11020cf2046 R10=dffffc0000000000 R11=ffffffff854efb30
R12=dffffc0000000000 R13=ffffffff99af990a R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854efbac RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f5f3d4bd6c0 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f0d86a44a72 CR3=000000002abd4000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000001 XMM01=0000000000000000 00007f0d88d97d20
XMM02=d0030010000000a5 0210001600000000 XMM03=080606015cce2008 0016e00300100016
XMM04=0000000000000000 00007f0d88d97d20 XMM05=00005555626627d2 00005555626627a0
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 000000000003bf12
XMM08=f408be7b209c5bb5 6c2b21b4000000a6 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000017af5725 RBX=0000000000000003 RCX=00000000ffd7cd2e RDX=0000000000becfb4
RSI=00000000153c8a8e RDI=ffff8880211a5640 RBP=0000000000000000 RSP=ffffc90002ddf460
R8 =0000000000000000 R9 =ffffffff822e4da7 R10=dffffc0000000000 R11=fffff9400015ceb1
R12=00000000e2434607 R13=ffff8880211a6130 R14=ffff8880211a61a8 R15=000000006977febe
RIP=ffffffff819d67b0 RFL=00000017 [----APC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f0d898f7d60 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00007f0d88d976c3 00007f0d88d976c3 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 00ff000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000ff0000 XMM05=0000000000000000 000000000003bf12
XMM06=ffffffff8ac8647d ffffffff00000007 XMM07=ffffffff00000000 ffffffff8ac812d2
XMM08=ffffffff86fcb7e3 ffffffff00000006 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
