last executing test programs:

1.660268497s ago: executing program 0 (id=394):
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}, 0x3, 0x2, 0x2}}, 0x80, 0x0, 0xfffffffffffffcb5}, 0x0)
r0 = socket$kcm(0x11, 0x3, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2505, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x20, 0x2004, 0x0, 0x0, 0x0, 0x101, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x2c}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000000)='Gb', 0x5dc}], 0x1}, 0x480c0)

1.46206612s ago: executing program 0 (id=398):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000fdffffff85"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000980)=@base={0xa, 0x8, 0x1, 0x40, 0x42}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000140), 0x1003, r0}, 0x38)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000240)={r0, &(0x7f0000000100), &(0x7f0000002240)=""/99}, 0x20)

1.314120362s ago: executing program 0 (id=400):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b87030f0000ff4000000000000000040014000d000a000f0000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)

1.165554798s ago: executing program 0 (id=401):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x668}, 0x50)

1.082907883s ago: executing program 0 (id=403):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0x40}, 0x14105, 0x2e, 0xfffffc03, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000700)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x24004880)
r3 = perf_event_open(&(0x7f0000001100)={0x5, 0x80, 0x9, 0x8, 0xb, 0xfb, 0x0, 0x3c, 0xc002, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}, 0x18842, 0x0, 0x7fffffff, 0x7, 0x9, 0x3, 0x7, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f00000005c0)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0x2, 0xffffffffffffffff, 0x0)
r4 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r4, 0x11e, 0x1e, 0x0, 0x0)
perf_event_open$cgroup(&(0x7f0000000e40)={0x5, 0x80, 0x8, 0x7, 0x81, 0x75, 0x0, 0x4, 0x40400, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3ff, 0x2, @perf_bp={0x0, 0x8}, 0x0, 0x7, 0x80000000, 0x1, 0x401, 0x3, 0x8, 0x0, 0x8000006, 0x0, 0x8}, 0xffffffffffffffff, 0x0, r3, 0xb)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x5, 0x5, &(0x7f0000001180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r5)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, 0x0, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4d31, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r1)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8937, &(0x7f0000000680)='lo:\x96o8\x14d\xa1\xe3\xd7\\b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x02\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00\xb1\x88\xebW_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xbaUn\x04\'%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x1f\x9c,\x113\x7f\x03\x93\xe1\xcc\xe7f\r\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\r\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x94\x1dx\xd6\x03b\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0Z\x9f\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18~x[\x85Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc5<J\x1f\xba\xfc\x90(\x985\x93\xa8\xd4\xf0\xbdTy\x18\xc8\xa0\xbb\x99\x8c\xe0Q\xffCl\xbdX~3\xa1\xa2\xf4\xd9\xf7\xc7\xfb\xce\x959x\xfeW\r\xf0{\xcaT\xecp)=\x9d\xdfG8\xa1\xe3=\xa6\x00\x98\xc1\xb3\x91-\xab\'W\x8al?d<JN\xcb\xd4H\xb0_jO\xf3\x90\xe8/l\xdfg)\x8d#\xfdo\xa9L\xdeA*\xec\xa1\x14,\xe8\x8d^\xb9r=\xc0\x18\xd4\x11dU[Ry\xed\xd6\x97\x8a\xe8\xca\x99\x10\x8e\xc8P\xa3\xae/\xdaof\x06\x7f\xf7\x80$f\b\x92\xae\xeb\xdd\"\x89\xb8\xf0\xc3\b\x00\x00\x00\x00')
perf_event_open(0x0, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x1)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0)
close(r6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r6, 0x8b28, 0x0)

776.433105ms ago: executing program 2 (id=414):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000fc0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x4, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18020000a50000000000000000000000850000002f00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc53c06d2626cc3f0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r1, 0x0, 0xe, 0x0, &(0x7f00000004c0)="e02742e8680d85ff9782762f86dd", 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

723.661994ms ago: executing program 2 (id=416):
r0 = socket$kcm(0x23, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89ef, &(0x7f0000000000)={r0})

723.547479ms ago: executing program 2 (id=417):
r0 = socket$kcm(0x15, 0x5, 0x0)
sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f0000000080)=@in6={0xa, 0x4e26, 0x1, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x7}, 0x80, 0x0}, 0x0)

661.148908ms ago: executing program 1 (id=418):
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x210e, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x4, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x32, 0xfffffbff, 0x3, 0x2, 0x0, 0xfffa, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socket$kcm(0x11, 0x200000000000002, 0x300)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0xf0, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socket$kcm(0x10, 0x2, 0x10)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x210e, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x407fff, 0x1}, 0x14105, 0x32, 0xfffffbff, 0x3, 0x6, 0x0, 0xffda, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000240)='ns/user\x00')
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
socket$kcm(0x2, 0x5, 0x84)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf, 0x5}, 0x100e64, 0xc78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x200000000000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000005c0)='cpuacct.usage_percpu\x00', 0x26e1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1d, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x4}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'wlan0\x00', 0x200})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8946, &(0x7f0000000080))

660.968968ms ago: executing program 2 (id=419):
r0 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r0, 0x8953, 0x0)

594.102728ms ago: executing program 2 (id=420):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x14, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(0x0, 0x0, 0x10, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x4000000000000, 0xffffffffffffffff, 0x0)
bpf$ITER_CREATE(0x21, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socketpair(0x1e, 0x1, 0x8, &(0x7f0000001140))
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x8, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f00000001c0)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20810, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffd, 0xfffffffffffffffe}, 0x8000, 0x7, 0x4, 0x6, 0x61, 0x0, 0x5, 0x0, 0x2ff, 0x0, 0xb}, 0x0, 0x4, 0xffffffffffffffff, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000080))
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7f, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0xfffffffd, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67db3e6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b19abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f0000000000f8e10238d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4082d43e12186195cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea209b53b230ef0f2ab85cbdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bd3339403004b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab900000000000000000000d71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdbf24a0c5441ce046078492b53467cfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89cb349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb15f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c00c57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137df47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b558982016b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8b49e3d0168bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85a3009a5d30f479e293a3302e11350ea857b37e76ca3f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c8ffe0d508dcee3070e8b42ac38545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b217eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4444e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24000000000000000000000000000000000000cd3211b3842b68a4eddca2eae28529e97a98d7ec3fd902df1ba8fc2ad2377e72d4e7aeacbbccef5614cd965511558f40720025c022bc9c213e407f6bc4b673c55aa8e729299a37fd6339acd906ac861ba56c9fa9b8b12b5e68a3cdadb906355e1f1d336a243172affe50d0fb36c3718a7498eed3d398f405a34d494414e87ef1ce1845510d43d00171d6b4b762f89564c22d542a119878709cd6822c3a3eb47a849b0737929fe9e1eecd1bff5a2b9880e2a6d8a3b3b7e88a673c96cda4455eff1c530db0e6598a2686aa09aeaf0f1aed95aeb8b0a2cc5ca31c0f56285cc05f7090a0e0583cf540d18cd8817e685c7b4ff176178ac1234f23e54445ec20b2689832d78409897a0307e89ebcd5f4ba042a3d10237a5a8a9a6eda36d2f337dc54537b80e8433341b135b4c5bb0173ffde46ccd260e1d4f2c51e8b07bb256f1317912cb1fc9e491e0bb9109e475cc795c23ad9f4f0042c5e9c655a4d865bc4a266e6a1d3d2b7ee53be9efb33a98933b5ba74ee3ac8d34b6af8c1fdbffade3abc80842b74354162f5b994ab5254cb068bc5e2ae242a1d37d0d49947c9317fa1a46c9e259ce0e1f9db992c53f7830a5e8f4fac6b187eb9f15ba61f730f86d7d7b63bbc7a1d9ff37e87a90a14e0655304da069f9009b62717649b6c6af94fcba713f8ee6fcce25aef44d009966614b61be9369ffc589a79051b0a0000000000000003ebd34c41afe268c33c9322c3a783772aec998f51a6e70fb932a8019e72ef5ab127bb30c79ebfd867441083546305fb39449c40a166ea389a6b77b7c87f66e8bf5806726b8fc50b943627314803a12c33312dce0a10f852da3e000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x8, 0x0, 0xee, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7}, 0x48)
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803002d000b12d25a80648c2594f90124fc60100c020000040000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001a00)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000480)="b9ff0307683a268cb8f8ffff888e", 0x0, 0xfe, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = getpid()
perf_event_open(0x0, r3, 0x3, 0xffffffffffffffff, 0xa)
socket$kcm(0xa, 0x2, 0x88)

593.617003ms ago: executing program 1 (id=421):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000740))
r0 = socket$kcm(0x15, 0x5, 0x0)
sendmsg$kcm(r0, 0x0, 0x24004045)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000240)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000180), &(0x7f00000001c0)='%pB    \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000280)={r2}, 0x4)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x4, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_config_ext={0x3, 0x8001}, 0x0, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000400008500000061000000b7080000000000007b8af8ff00000000b70800000000ff907b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0x28, 0x0, &(0x7f00000002c0)="b9ff03076003008cb89e08f086dd", 0x0, 0xfe6, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

265.71066ms ago: executing program 1 (id=422):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0xfffffffffffffe38, &(0x7f0000000100)=[{&(0x7f00000006c0)="5c00000012006bcd9e3fe3dc6e48aa31086b8703130000001f03000000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

189.914891ms ago: executing program 1 (id=423):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000280)="db", 0x1}], 0x1}, 0x41)
recvmsg(r0, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001)
sendmsg$inet(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000001c0)="04", 0x1}], 0x1}, 0x41)
recvmsg$unix(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x61)

189.263751ms ago: executing program 0 (id=424):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
socket$kcm(0x11, 0x200000000000002, 0x300)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x400000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x24}, r2, 0xfffffbffffffffff, 0xffffffffffffffff, 0x2)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x10}, 0x0, 0xca, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
close(0xffffffffffffffff)
recvmsg$unix(r0, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000180)=ANY=[@ANYRES8=r1, @ANYBLOB="3ee901"], 0x9a)

128.916946ms ago: executing program 1 (id=425):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000c00000095"], &(0x7f00000003c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10)
r1 = socket$kcm(0x2c, 0x3, 0x0)
setsockopt$sock_attach_bpf(r1, 0x11b, 0x6, &(0x7f0000000000), 0x4)

122.871092ms ago: executing program 2 (id=426):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb0100180000000000161e8153ef2b104c0000030000000d00000000000007000000000b000000000000010000000076004f010c0000000000001002000000030000000000000b0200"], &(0x7f0000000280)=""/195, 0x4f, 0xc3, 0x0, 0x6}, 0x28)
r0 = perf_event_open(0x0, 0x0, 0x3, 0xffffffffffffffff, 0x0)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000180)=0xffffffffffffffff, 0x4)
bpf$BPF_LINK_UPDATE(0x1d, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r1 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x4, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x0, @perf_bp={&(0x7f00000001c0), 0x6}, 0x0, 0x2e, 0xfffffbff, 0x4, 0x2, 0x0, 0x6}, 0x0, 0xffffffffffffffff, r0, 0x9)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x1}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0xfffffffffffffd46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402000a}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000040), 0xcf)
r3 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r3, 0x29, 0x23, &(0x7f0000000040), 0xcf)
r4 = socket$kcm(0xf, 0x3, 0x2)
sendmsg$inet(r4, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000080)=[{}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x4a, 0x0}, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x400000cf}, 0x8108, 0x0, 0x0, 0x0, 0x4000, 0x402000a, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x4000000)
r5 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
close(0xffffffffffffffff)
setsockopt$sock_attach_bpf(r5, 0x84, 0x83, 0x0, 0x0)
socket$kcm(0x29, 0x2, 0x0)

0s ago: executing program 1 (id=427):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000040)={0x2, &(0x7f00000000c0)=[{0x80}, {0x6}]})

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:48662' (ED25519) to the list of known hosts.
syzkaller login: [   49.424479][ T5822] cgroup: Unknown subsys name 'net'
[   49.496008][ T5822] cgroup: Unknown subsys name 'cpuset'
[   49.500046][ T5822] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   51.106306][ T5822] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   55.608171][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   55.612334][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   55.615814][   T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   55.619125][   T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   55.622090][   T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   55.699745][ T5221] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   55.702749][ T5221] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   55.706437][ T5221] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   55.709450][ T5221] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   55.712264][ T5221] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   55.747397][   T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   55.750407][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   55.753608][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   55.756909][   T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   55.760021][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   55.985659][ T5833] chnl_net:caif_netlink_parms(): no params data found
[   56.009855][ T5840] chnl_net:caif_netlink_parms(): no params data found
[   56.086008][ T5838] chnl_net:caif_netlink_parms(): no params data found
[   56.133739][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.137635][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.141699][ T5833] bridge_slave_0: entered allmulticast mode
[   56.147117][ T5833] bridge_slave_0: entered promiscuous mode
[   56.152788][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.157688][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.160712][ T5833] bridge_slave_1: entered allmulticast mode
[   56.164872][ T5833] bridge_slave_1: entered promiscuous mode
[   56.226001][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.229105][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.232255][ T5840] bridge_slave_0: entered allmulticast mode
[   56.237039][ T5840] bridge_slave_0: entered promiscuous mode
[   56.259436][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.262504][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.266187][ T5840] bridge_slave_1: entered allmulticast mode
[   56.269881][ T5840] bridge_slave_1: entered promiscuous mode
[   56.288337][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.311900][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.366116][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.369954][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.373157][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.377062][ T5838] bridge_slave_0: entered allmulticast mode
[   56.380991][ T5838] bridge_slave_0: entered promiscuous mode
[   56.388069][ T5833] team0: Port device team_slave_0 added
[   56.396110][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.412333][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.415706][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.418763][ T5838] bridge_slave_1: entered allmulticast mode
[   56.422728][ T5838] bridge_slave_1: entered promiscuous mode
[   56.427939][ T5833] team0: Port device team_slave_1 added
[   56.485928][ T5840] team0: Port device team_slave_0 added
[   56.504564][ T5840] team0: Port device team_slave_1 added
[   56.508013][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.510922][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.525292][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.534210][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.552398][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.556274][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.568544][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.582102][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.615057][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.618112][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.629696][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.651994][ T5838] team0: Port device team_slave_0 added
[   56.655660][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.658689][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.669863][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.691918][ T5838] team0: Port device team_slave_1 added
[   56.720152][ T5833] hsr_slave_0: entered promiscuous mode
[   56.722674][ T5833] hsr_slave_1: entered promiscuous mode
[   56.740753][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.743110][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.753918][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.761308][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.764647][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.775445][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.849542][ T5840] hsr_slave_0: entered promiscuous mode
[   56.852547][ T5840] hsr_slave_1: entered promiscuous mode
[   56.856467][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   56.859482][ T5840] Cannot create hsr debugfs directory
[   56.899065][ T5838] hsr_slave_0: entered promiscuous mode
[   56.902392][ T5838] hsr_slave_1: entered promiscuous mode
[   56.906060][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   56.909368][ T5838] Cannot create hsr debugfs directory
[   57.169952][ T5833] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   57.179345][ T5833] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   57.187646][ T5833] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   57.198532][ T5833] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   57.245336][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   57.250133][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   57.262603][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   57.268079][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   57.306887][ T5838] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   57.316353][ T5838] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   57.325411][ T5838] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   57.337399][ T5838] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   57.396442][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.431274][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[   57.450603][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.453698][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.464935][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.467815][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.497048][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.537812][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[   57.556369][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.566908][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.569969][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.588680][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.591909][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.608709][ T5838] 8021q: adding VLAN 0 to HW filter on device team0
[   57.631111][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.633658][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.636836][   T55] Bluetooth: hci0: command tx timeout
[   57.652584][ T1091] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.655195][ T1091] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.777303][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.796729][   T55] Bluetooth: hci2: command tx timeout
[   57.798853][   T55] Bluetooth: hci1: command tx timeout
[   57.849351][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.865465][ T5833] veth0_vlan: entered promiscuous mode
[   57.881911][ T5833] veth1_vlan: entered promiscuous mode
[   57.895330][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.923174][ T5833] veth0_macvtap: entered promiscuous mode
[   57.939412][ T5833] veth1_macvtap: entered promiscuous mode
[   57.964099][ T5840] veth0_vlan: entered promiscuous mode
[   57.981716][ T5840] veth1_vlan: entered promiscuous mode
[   57.990380][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.015413][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.018520][ T5838] veth0_vlan: entered promiscuous mode
[   58.032205][ T5833] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.038287][ T5833] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.042134][ T5833] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.049412][ T5833] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.069029][ T5840] veth0_macvtap: entered promiscuous mode
[   58.077536][ T5838] veth1_vlan: entered promiscuous mode
[   58.082435][ T5840] veth1_macvtap: entered promiscuous mode
[   58.136122][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.161011][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.173714][ T5840] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.177323][ T5840] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.181042][ T5840] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.185653][ T5840] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.199242][ T5838] veth0_macvtap: entered promiscuous mode
[   58.212993][ T5838] veth1_macvtap: entered promiscuous mode
[   58.221388][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.229262][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.261335][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.295987][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.311885][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.312955][ T5838] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.316772][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.319686][ T5838] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.326868][ T5838] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.330514][ T5838] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.354178][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.357290][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.425996][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.427594][ T5833] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   58.429120][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.465901][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.469063][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.514305][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.517514][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.614949][ T5899] syzkaller0: entered promiscuous mode
[   58.617138][ T5899] syzkaller0: entered allmulticast mode
[   58.809675][ T5909] netlink: 'syz.0.7': attribute type 5 has an invalid length.
[   58.895874][ T5910] netlink: 'syz.0.7': attribute type 25 has an invalid length.
[   58.898940][ T5910] netlink: 'syz.0.7': attribute type 1 has an invalid length.
[   58.902482][ T5910] bridge0: port 1(bridge_slave_0) entered learning state
[   59.258497][ T5917] netlink: 'syz.1.10': attribute type 19 has an invalid length.
[   59.730658][ T5221] Bluetooth: hci0: command tx timeout
[   59.873926][ T5221] Bluetooth: hci1: command tx timeout
[   59.874145][   T55] Bluetooth: hci2: command tx timeout
[   60.665638][ T5931] delete_channel: no stack
[   60.667818][ T5931] delete_channel: no stack
[   61.111731][ T5944] netlink: 'syz.1.22': attribute type 21 has an invalid length.
[   61.117516][ T5944] netlink: 128 bytes leftover after parsing attributes in process `syz.1.22'.
[   61.220180][ T5953] netlink: 132 bytes leftover after parsing attributes in process `syz.1.27'.
[   61.319246][ T5960] netlink: 17279 bytes leftover after parsing attributes in process `syz.1.30'.
[   61.460676][ T5968] netlink: 'syz.0.34': attribute type 22 has an invalid length.
[   61.464878][ T5968] netlink: 4 bytes leftover after parsing attributes in process `syz.0.34'.
[   61.804070][   T55] Bluetooth: hci0: command tx timeout
[   61.954536][   T55] Bluetooth: hci1: command tx timeout
[   61.954591][ T5221] Bluetooth: hci2: command tx timeout
[   62.042499][ T5982] netlink: 10 bytes leftover after parsing attributes in process `syz.2.40'.
[   62.555422][ T6002] netlink: 'syz.1.50': attribute type 10 has an invalid length.
[   62.926612][    C0] hrtimer: interrupt took 48189 ns
[   63.340290][ T6013] warning: `syz.0.55' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   63.874629][ T5836] Bluetooth: hci0: command tx timeout
[   64.019253][ T6034] Driver unsupported XDP return value 0 on prog  (id 32) dev N/A, expect packet loss!
[   64.037931][ T5836] Bluetooth: hci1: command tx timeout
[   64.042043][ T5221] Bluetooth: hci2: command tx timeout
[   64.070785][ T6038] netlink: 'syz.0.64': attribute type 21 has an invalid length.
[   64.398336][ T6050] mac80211_hwsim hwsim7 O3c: renamed from wlan1 (while UP)
[   64.951593][ T6069] netlink: 12 bytes leftover after parsing attributes in process `syz.0.78'.
[   64.960191][ T6069] tc_dump_action: action bad kind
[   65.541758][ T6083] netlink: 132 bytes leftover after parsing attributes in process `syz.1.84'.
[   65.543356][ T6081] netlink: 60 bytes leftover after parsing attributes in process `syz.2.85'.
[   65.609433][ T6087] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.87'.
[   65.662820][ T6089] netlink: 'syz.2.89': attribute type 4 has an invalid length.
[   65.669366][ T6089] netlink: 209028 bytes leftover after parsing attributes in process `syz.2.89'.
[   66.005008][ T6112] netlink: 'syz.0.99': attribute type 29 has an invalid length.
[   66.010167][ T6112] netlink: 'syz.0.99': attribute type 29 has an invalid length.
[   66.151214][ T6122] __nla_validate_parse: 1 callbacks suppressed
[   66.151230][ T6122] netlink: 132 bytes leftover after parsing attributes in process `syz.0.103'.
[   66.696361][ T6145] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   67.267426][ T6156] netlink: 'syz.0.118': attribute type 16 has an invalid length.
[   67.270062][ T6156] netlink: 152 bytes leftover after parsing attributes in process `syz.0.118'.
[   67.321911][ T6160] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:0603:0000:0023 with DS=0x3f
[   67.609833][ T6175] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.127'.
[   69.235430][ T6231] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.150'.
[   69.239999][ T6223] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.150'.
[   69.321394][ T6235] netlink: 'syz.0.154': attribute type 1 has an invalid length.
[   70.286561][ T6250] netlink: 1041 bytes leftover after parsing attributes in process `syz.0.160'.
[   70.429434][ T6258] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.164'.
[   70.433198][ T6258] netlink: 6108 bytes leftover after parsing attributes in process `syz.2.164'.
[   70.935957][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   70.938323][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   71.581302][ T6302] netlink: 'syz.2.185': attribute type 1 has an invalid length.
[   71.627720][ T6305] Zero length message leads to an empty skb
[   71.673963][ T6302] netlink: 4 bytes leftover after parsing attributes in process `syz.2.185'.
[   72.265009][ T6327] netlink: 1041 bytes leftover after parsing attributes in process `syz.2.194'.
[   72.866475][    C0] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.995016][ T6342] netlink: 132 bytes leftover after parsing attributes in process `syz.2.196'.
[   75.179924][    C1] clocksource: Long readout interval, skipping watchdog check: cs_nsec: 1326560840 wd_nsec: 1326561339
[   76.450490][ T6384] netlink: 'syz.2.213': attribute type 21 has an invalid length.
[   76.456609][ T6384] netlink: 128 bytes leftover after parsing attributes in process `syz.2.213'.
[   76.459442][ T6384] netlink: 'syz.2.213': attribute type 4 has an invalid length.
[   78.186834][ T6411] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.224'.
[   78.421605][ T6434] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.235'.
[   78.473637][ T6437] netlink: 'syz.1.234': attribute type 10 has an invalid length.
[   78.485125][ T6437] netlink: 40 bytes leftover after parsing attributes in process `syz.1.234'.
[   78.489010][ T6437] veth0_vlan: entered allmulticast mode
[   78.502029][ T6437] bridge0: port 3(veth0_vlan) entered blocking state
[   78.504983][ T6437] bridge0: port 3(veth0_vlan) entered disabled state
[   78.532019][ T6437] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[   78.742089][ T6449] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.239'.
[   78.756227][ T6444] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.239'.
[   78.814924][ T6457] netlink: 'syz.0.243': attribute type 10 has an invalid length.
[   78.817935][ T6457] netlink: 55 bytes leftover after parsing attributes in process `syz.0.243'.
[   78.818173][ T6455] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.244'.
[   79.803841][ T6470] netlink: 'syz.2.250': attribute type 4 has an invalid length.
[   79.807054][ T6470] netlink: 'syz.2.250': attribute type 16 has an invalid length.
[   79.811172][ T6472] netlink: 4 bytes leftover after parsing attributes in process `syz.1.252'.
[   79.825296][ T6470] netlink: 132 bytes leftover after parsing attributes in process `syz.2.250'.
[   80.868880][ T6498] netlink: 'syz.2.264': attribute type 46 has an invalid length.
[   81.176121][   T47] cfg80211: failed to load regulatory.db
[   81.497389][ T6522] tap0: tun_chr_ioctl cmd 1074025675
[   81.499771][ T6522] tap0: persist disabled
[   81.646256][ T6527] TCP: TCP_TX_DELAY enabled
[   81.809875][ T6538] netlink: 128 bytes leftover after parsing attributes in process `syz.0.281'.
[   81.816860][ T6538] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[   83.563657][ T6608] __nla_validate_parse: 1 callbacks suppressed
[   83.563676][ T6608] netlink: 8 bytes leftover after parsing attributes in process `syz.1.313'.
[   83.570254][ T6608] netlink: 4 bytes leftover after parsing attributes in process `syz.1.313'.
[   83.577256][ T6608] netlink: 33 bytes leftover after parsing attributes in process `syz.1.313'.
[   83.581754][ T6608] netlink: 4 bytes leftover after parsing attributes in process `syz.1.313'.
[   83.585986][ T6608] netlink: 33 bytes leftover after parsing attributes in process `syz.1.313'.
[   84.113845][ T6612] syz.1.315 uses obsolete (PF_INET,SOCK_PACKET)
[   84.197401][ T6619] netlink: 'syz.2.316': attribute type 1 has an invalid length.
[   84.200006][ T6619] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.316'.
[   85.143646][ T6626] netlink: 'syz.1.320': attribute type 6 has an invalid length.
[   85.152437][ T6626] netlink: 140 bytes leftover after parsing attributes in process `syz.1.320'.
[   85.562382][ T6661] netlink: 'syz.0.336': attribute type 1 has an invalid length.
[   85.576031][ T6661] netlink: 5 bytes leftover after parsing attributes in process `syz.0.336'.
[   85.736482][ T6673] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.340'.
[   85.740756][ T6670] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.340'.
[   86.136296][ T6692] syzkaller0: entered promiscuous mode
[   86.138553][ T6692] syzkaller0: entered allmulticast mode
[   87.389147][ T6709] pim6reg1: entered allmulticast mode
[   87.400029][ T6711] pim6reg1: left allmulticast mode
[   87.833021][ T6734] netlink: 'syz.1.364': attribute type 10 has an invalid length.
[   88.028646][ T5836] Bluetooth: hci0: Malformed HCI Event: 0x22
[   88.279677][ T6751] netlink: 'syz.1.372': attribute type 6 has an invalid length.
[   88.282238][ T6751] netlink: 'syz.1.372': attribute type 1 has an invalid length.
[   88.388564][ T6756] netlink: 'syz.0.374': attribute type 3 has an invalid length.
[   88.391368][ T6756] netlink: 'syz.0.374': attribute type 1 has an invalid length.
[   88.684732][ T6768] __nla_validate_parse: 8 callbacks suppressed
[   88.684796][ T6768] netlink: 196 bytes leftover after parsing attributes in process `syz.1.380'.
[   89.077875][ T6778] netlink: 'syz.2.384': attribute type 10 has an invalid length.
[   89.087268][ T6778] team0: Device ipvlan1 failed to register rx_handler
[   89.743157][ T6797] netlink: 'syz.1.393': attribute type 6 has an invalid length.
[   89.748258][ T6797] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.393'.
[   90.170194][ T6812] netlink: 'syz.0.400': attribute type 10 has an invalid length.
[   90.194116][ T6812] netlink: 40 bytes leftover after parsing attributes in process `syz.0.400'.
[   90.322667][ T6816] netlink: 830 bytes leftover after parsing attributes in process `syz.1.402'.
[   90.327707][ T6816] team0: default FDB implementation only supports local addresses
[   90.548171][ T6832] netlink: 'syz.2.409': attribute type 23 has an invalid length.
[   90.551420][ T6832] netlink: 'syz.2.409': attribute type 6 has an invalid length.
[   90.922201][ T6854] netlink: 'syz.2.420': attribute type 11 has an invalid length.
[   90.925945][ T6854] netlink: 149476 bytes leftover after parsing attributes in process `syz.2.420'.
[   91.178204][ T6861] netlink: 'syz.1.422': attribute type 10 has an invalid length.
[   91.181984][ T6861] netlink: 40 bytes leftover after parsing attributes in process `syz.1.422'.
[   91.230219][ T6853] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   91.317674][ T5836] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[   93.393537][ T5836] Bluetooth: hci1: command tx timeout
[  107.134494][ T5221] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  107.139157][ T5221] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  107.143718][ T5221] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  107.148090][ T5221] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  107.151702][ T5221] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  107.186950][ T5836] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  107.190345][ T5836] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  107.195615][ T5836] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  107.198826][ T5836] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  107.202538][ T5836] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  107.285958][ T5836] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  107.289500][ T5836] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  107.292298][ T5836] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  107.296658][ T5836] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  107.299260][ T5836] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  109.236087][ T5221] Bluetooth: hci3: command tx timeout
[  109.239810][ T5836] Bluetooth: hci4: command tx timeout
[  109.313682][ T5836] Bluetooth: hci5: command tx timeout
[  111.313487][ T5221] Bluetooth: hci3: command tx timeout
[  111.316053][ T5836] Bluetooth: hci4: command tx timeout
[  111.393541][ T5836] Bluetooth: hci5: command tx timeout
[  113.395042][ T5221] Bluetooth: hci3: command tx timeout
[  113.399008][ T5836] Bluetooth: hci4: command tx timeout
[  113.473483][ T5836] Bluetooth: hci5: command tx timeout
[  115.473543][ T5221] Bluetooth: hci3: command tx timeout
[  115.476073][ T5836] Bluetooth: hci4: command tx timeout
[  115.553660][ T5836] Bluetooth: hci5: command tx timeout
[  132.359088][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  132.361848][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[  160.683284][    C1] clocksource: Long readout interval, skipping watchdog check: cs_nsec: 60709984996 wd_nsec: 60709988842
[  171.010821][ T5221] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  171.013794][ T5221] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  171.014357][ T5221] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  171.020019][ T5221] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  171.020657][ T5221] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  171.104230][ T6905] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  171.108591][ T6905] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  171.109360][ T6905] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  171.109842][ T6905] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  171.110965][ T6905] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  171.112896][   T55] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  171.113994][   T55] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  171.115452][   T55] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  171.115760][   T55] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  171.117382][   T55] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  173.073565][   T55] Bluetooth: hci6: command tx timeout
[  173.153625][ T5221] Bluetooth: hci7: command tx timeout
[  173.154143][   T55] Bluetooth: hci8: command tx timeout
[  175.153505][   T55] Bluetooth: hci6: command tx timeout
[  175.233465][ T5221] Bluetooth: hci7: command tx timeout
[  175.233567][   T55] Bluetooth: hci8: command tx timeout
[  177.233518][   T55] Bluetooth: hci6: command tx timeout
[  177.313541][ T5221] Bluetooth: hci7: command tx timeout
[  177.313647][   T55] Bluetooth: hci8: command tx timeout
[  179.313465][ T6905] Bluetooth: hci6: command tx timeout
[  179.395132][ T6905] Bluetooth: hci8: command tx timeout
[  179.395175][ T6905] Bluetooth: hci7: command tx timeout
[  180.518265][ T6907] Bluetooth: hci0: command 0x0406 tx timeout
[  180.518351][ T6907] Bluetooth: hci1: command 0x0406 tx timeout
[  180.518400][ T6908] Bluetooth: hci2: command 0x0406 tx timeout
[  193.801087][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  193.801176][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[  196.403277][    C1] rcu: INFO: rcu_preempt self-detected stall on CPU
[  196.403292][    C1] rcu: 	1-....: (10499 ticks this GP) idle=1d04/1/0x4000000000000000 softirq=17459/17460 fqs=5247
[  196.403633][    C1] rcu: 	         hardirqs   softirqs   csw/system
[  196.403638][    C1] rcu: 	 number:   946783          0            0
[  196.403643][    C1] rcu: 	cputime:    24469      28030          101   ==> 52500(ms)
[  196.403650][    C1] rcu: 	(t=10501 jiffies g=10713 q=2412 ncpus=2)
[  196.403660][    C1] CPU: 1 UID: 0 PID: 6869 Comm: syz.2.426 Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0 PREEMPT(full) 
[  196.403668][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  196.403673][    C1] RIP: 0010:__down_trylock_console_sem+0x144/0x1e0
[  196.403690][    C1] Code: 11 e8 b0 09 1f 00 4d 85 ff 75 16 e8 a6 09 1f 00 eb 15 e8 9f 09 1f 00 e8 ca 69 cd 09 4d 85 ff 74 ea e8 90 09 1f 00 fb 45 31 ff <31> ff 44 89 f6 e8 c2 0d 1f 00 45 85 f6 74 0d e8 78 09 1f 00 41 bf
[  196.403696][    C1] RSP: 0018:ffffc900001e0760 EFLAGS: 00000246
[  196.403703][    C1] RAX: ffffffff81a11f60 RBX: 0000000000000000 RCX: ffff888021b7b980
[  196.403708][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  196.403712][    C1] RBP: ffffc900001e0830 R08: ffffffff8fa1e8f7 R09: 1ffffffff1f43d1e
[  196.403717][    C1] R10: dffffc0000000000 R11: fffffbfff1f43d1f R12: 1ffff9200003c0f0
[  196.403721][    C1] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[  196.403725][    C1] FS:  00007fdb518a46c0(0000) GS:ffff8881a3c1f000(0000) knlGS:0000000000000000
[  196.403731][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  196.403735][    C1] CR2: 0000000000000000 CR3: 0000000031578000 CR4: 00000000000006f0
[  196.403763][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  196.403769][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  196.403773][    C1] Call Trace:
[  196.403776][    C1]  <IRQ>
[  196.403780][    C1]  ? _printk+0xcf/0x120
[  196.403791][    C1]  ? __pfx___down_trylock_console_sem+0x10/0x10
[  196.403803][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  196.403814][    C1]  vprintk_emit+0x320/0x7a0
[  196.403824][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  196.403831][    C1]  ? irq_work_single+0x1ac/0x240
[  196.403841][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  196.403853][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  196.403865][    C1]  _printk+0xcf/0x120
[  196.403876][    C1]  ? __pfx__printk+0x10/0x10
[  196.403890][    C1]  clocksource_watchdog+0xdca/0x11c0
[  196.403899][    C1]  ? __lock_acquire+0xab9/0xd20
[  196.403912][    C1]  ? __pfx_clocksource_watchdog+0x10/0x10
[  196.403920][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  196.403930][    C1]  call_timer_fn+0x17e/0x5f0
[  196.403937][    C1]  ? __pfx_clocksource_watchdog+0x10/0x10
[  196.403943][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  196.403952][    C1]  ? call_timer_fn+0xbe/0x5f0
[  196.403958][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  196.403970][    C1]  ? __pfx_clocksource_watchdog+0x10/0x10
[  196.403978][    C1]  __run_timer_base+0x61a/0x860
[  196.403987][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  196.404002][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  196.404014][    C1]  ? __pfx_run_timer_softirq+0x10/0x10
[  196.404027][    C1]  run_timer_softirq+0x67/0x180
[  196.404036][    C1]  handle_softirqs+0x286/0x870
[  196.404045][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  196.404060][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  196.404067][    C1]  ? irq_work_single+0x1ac/0x240
[  196.404075][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  196.404085][    C1]  __irq_exit_rcu+0xca/0x1f0
[  196.404092][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  196.404101][    C1]  ? rcu_is_watching+0x15/0xb0
[  196.404111][    C1]  irq_exit_rcu+0x9/0x30
[  196.404117][    C1]  sysvec_irq_work+0xa3/0xc0
[  196.404123][    C1]  </IRQ>
[  196.404125][    C1]  <TASK>
[  196.404128][    C1]  asm_sysvec_irq_work+0x1a/0x20
[  196.404143][    C1] RIP: 0010:rcu_read_unlock_special+0x87/0x4c0
[  196.404152][    C1] Code: f1 f1 f1 00 f2 f2 f2 4a 89 04 2b 66 42 c7 44 2b 09 f3 f3 42 c6 44 2b 0b f3 65 44 8b 35 62 2c f8 10 41 f7 c6 00 00 f0 00 74 49 <48> c7 44 24 40 0e 36 e0 45 4a c7 04 2b 00 00 00 00 66 42 c7 44 2b
[  196.404157][    C1] RSP: 0018:ffffc90008f47ac0 EFLAGS: 00000206
[  196.404163][    C1] RAX: 050e79cd833f5800 RBX: 1ffff920011e8f60 RCX: 050e79cd833f5800
[  196.404168][    C1] RDX: 0000000000000006 RSI: ffffffff8d99883e RDI: ffffffff8be29f40
[  196.404172][    C1] RBP: ffffc90008f47ba8 R08: ffffffff8fa1e8f7 R09: 1ffffffff1f43d1e
[  196.404176][    C1] R10: dffffc0000000000 R11: fffffbfff1f43d1f R12: ffffffff8e144400
[  196.404180][    C1] R13: dffffc0000000000 R14: 0000000000000246 R15: 0000000000000002
[  196.404192][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  196.404201][    C1]  ? mod_objcg_mlstate+0x24/0x260
[  196.404211][    C1]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  196.404222][    C1]  ? mod_objcg_mlstate+0x24/0x260
[  196.404229][    C1]  ? mod_objcg_mlstate+0x24/0x260
[  196.404238][    C1]  __rcu_read_unlock+0x84/0xe0
[  196.404281][    C1]  __account_obj_stock+0x96/0x310
[  196.404293][    C1]  obj_cgroup_charge_account+0x3e0/0x660
[  196.404305][    C1]  ? obj_cgroup_charge_account+0x13b/0x660
[  196.404315][    C1]  __memcg_slab_post_alloc_hook+0x3e6/0x7f0
[  196.404329][    C1]  kmem_cache_alloc_lru_noprof+0x2c7/0x3d0
[  196.404337][    C1]  ? sock_alloc_inode+0x28/0xc0
[  196.404348][    C1]  ? __pfx_sock_alloc_inode+0x10/0x10
[  196.404356][    C1]  sock_alloc_inode+0x28/0xc0
[  196.404363][    C1]  alloc_inode+0x6a/0x1b0
[  196.404373][    C1]  __sock_create+0x12d/0x9f0
[  196.404381][    C1]  ? do_syscall_64+0xb7/0x3b0
[  196.404393][    C1]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  196.404406][    C1]  __sys_socket+0xd7/0x1b0
[  196.404416][    C1]  __x64_sys_socket+0x7a/0x90
[  196.404426][    C1]  do_syscall_64+0xfa/0x3b0
[  196.404434][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  196.404440][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  196.404449][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  196.404455][    C1] RIP: 0033:0x7fdb5098e9a9
[  196.404462][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  196.404468][    C1] RSP: 002b:00007fdb518a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  196.404475][    C1] RAX: ffffffffffffffda RBX: 00007fdb50bb5fa0 RCX: 00007fdb5098e9a9
[  196.404479][    C1] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000029
[  196.404483][    C1] RBP: 00007fdb50a10d69 R08: 0000000000000000 R09: 0000000000000000
[  196.404487][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  196.404490][    C1] R13: 0000000000000000 R14: 00007fdb50bb5fa0 R15: 00007ffea4944a38
[  196.404502][    C1]  </TASK>
[  224.513527][   T18] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 1-.... } 13311 jiffies s: 3901 root: 0x2/.
[  224.513572][   T18] rcu: blocking rcu_node structures (internal RCU debug):
[  224.513587][   T18] Sending NMI from CPU 0 to CPUs 1:
[  224.513646][    C1] NMI backtrace for cpu 1
[  224.513659][    C1] CPU: 1 UID: 0 PID: 6869 Comm: syz.2.426 Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0 PREEMPT(full) 
[  224.513668][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  224.513672][    C1] RIP: 0010:native_apic_msr_eoi+0xf/0x20
[  224.513689][    C1] Code: f8 c3 cc cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa b9 0b 08 00 00 31 c0 31 d2 0f 30 <e9> 8c 14 00 0a cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90
[  224.513695][    C1] RSP: 0018:ffffc900001e0530 EFLAGS: 00000046
[  224.513703][    C1] RAX: 0000000000000000 RBX: ffffc900001e0578 RCX: 000000000000080b
[  224.513708][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[  224.513712][    C1] RBP: 0000000000000000 R08: ffff888136623b0f R09: 1ffff11026cc4761
[  224.513716][    C1] R10: dffffc0000000000 R11: ffffed1026cc4762 R12: dffffc0000000000
[  224.513720][    C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  224.513724][    C1] FS:  00007fdb518a46c0(0000) GS:ffff8881a3c1f000(0000) knlGS:0000000000000000
[  224.513729][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  224.513734][    C1] CR2: 0000000000000000 CR3: 0000000031578000 CR4: 00000000000006f0
[  224.513759][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  224.513764][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  224.513768][    C1] Call Trace:
[  224.513772][    C1]  <IRQ>
[  224.513775][    C1]  __sysvec_apic_timer_interrupt+0x45/0x410
[  224.513787][    C1]  sysvec_apic_timer_interrupt+0x52/0xc0
[  224.513796][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  224.513804][    C1] RIP: 0010:console_flush_all+0x7f7/0xc40
[  224.513813][    C1] Code: 48 21 c3 0f 85 e9 01 00 00 e8 75 e7 1e 00 48 8b 5c 24 20 4d 85 f6 75 07 e8 66 e7 1e 00 eb 06 e8 5f e7 1e 00 fb 48 8b 44 24 28 <42> 80 3c 20 00 74 08 48 89 df e8 8a 0a 82 00 48 8b 1b 48 8b 44 24
[  224.513818][    C1] RSP: 0018:ffffc900001e0620 EFLAGS: 00000246
[  224.513824][    C1] RAX: 1ffffffff1d36927 RBX: ffffffff8e9b4938 RCX: ffff888021b7b980
[  224.513828][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  224.513832][    C1] RBP: ffffc900001e0770 R08: ffffffff8fa1e8f7 R09: 1ffffffff1f43d1e
[  224.513836][    C1] R10: dffffc0000000000 R11: fffffbfff1f43d1f R12: dffffc0000000000
[  224.513840][    C1] R13: 0000000000000001 R14: 0000000000000200 R15: ffffffff8e9b48e0
[  224.513849][    C1]  ? console_flush_all+0x13a/0xc40
[  224.513858][    C1]  ? __pfx_console_flush_all+0x10/0x10
[  224.513868][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  224.513877][    C1]  console_unlock+0xc4/0x270
[  224.513886][    C1]  ? __pfx_console_unlock+0x10/0x10
[  224.513893][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  224.513903][    C1]  vprintk_emit+0x5b7/0x7a0
[  224.513910][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  224.513917][    C1]  ? irq_work_single+0x1ac/0x240
[  224.513925][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  224.513935][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  224.513945][    C1]  _printk+0xcf/0x120
[  224.513956][    C1]  ? __pfx__printk+0x10/0x10
[  224.513965][    C1]  clocksource_watchdog+0xdca/0x11c0
[  224.513974][    C1]  ? __lock_acquire+0xab9/0xd20
[  224.513983][    C1]  ? __pfx_clocksource_watchdog+0x10/0x10
[  224.513989][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  224.513997][    C1]  call_timer_fn+0x17e/0x5f0
[  224.514004][    C1]  ? __pfx_clocksource_watchdog+0x10/0x10
[  224.514010][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  224.514017][    C1]  ? call_timer_fn+0xbe/0x5f0
[  224.514022][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  224.514030][    C1]  ? __pfx_clocksource_watchdog+0x10/0x10
[  224.514037][    C1]  __run_timer_base+0x61a/0x860
[  224.514046][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  224.514057][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  224.514067][    C1]  ? __pfx_run_timer_softirq+0x10/0x10
[  224.514076][    C1]  run_timer_softirq+0x67/0x180
[  224.514085][    C1]  handle_softirqs+0x286/0x870
[  224.514093][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  224.514105][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  224.514112][    C1]  ? irq_work_single+0x1ac/0x240
[  224.514118][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  224.514127][    C1]  __irq_exit_rcu+0xca/0x1f0
[  224.514134][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  224.514141][    C1]  ? rcu_is_watching+0x15/0xb0
[  224.514149][    C1]  irq_exit_rcu+0x9/0x30
[  224.514155][    C1]  sysvec_irq_work+0xa3/0xc0
[  224.514162][    C1]  </IRQ>
[  224.514164][    C1]  <TASK>
[  224.514167][    C1]  asm_sysvec_irq_work+0x1a/0x20
[  224.514173][    C1] RIP: 0010:rcu_read_unlock_special+0x87/0x4c0
[  224.514181][    C1] Code: f1 f1 f1 00 f2 f2 f2 4a 89 04 2b 66 42 c7 44 2b 09 f3 f3 42 c6 44 2b 0b f3 65 44 8b 35 62 2c f8 10 41 f7 c6 00 00 f0 00 74 49 <48> c7 44 24 40 0e 36 e0 45 4a c7 04 2b 00 00 00 00 66 42 c7 44 2b
[  224.514222][    C1] RSP: 0018:ffffc90008f47ac0 EFLAGS: 00000206
[  224.514228][    C1] RAX: 050e79cd833f5800 RBX: 1ffff920011e8f60 RCX: 050e79cd833f5800
[  224.514232][    C1] RDX: 0000000000000006 RSI: ffffffff8d99883e RDI: ffffffff8be29f40
[  224.514236][    C1] RBP: ffffc90008f47ba8 R08: ffffffff8fa1e8f7 R09: 1ffffffff1f43d1e
[  224.514241][    C1] R10: dffffc0000000000 R11: fffffbfff1f43d1f R12: ffffffff8e144400
[  224.514245][    C1] R13: dffffc0000000000 R14: 0000000000000246 R15: 0000000000000002
[  224.514253][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  224.514262][    C1]  ? mod_objcg_mlstate+0x24/0x260
[  224.514271][    C1]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  224.514281][    C1]  ? mod_objcg_mlstate+0x24/0x260
[  224.514288][    C1]  ? mod_objcg_mlstate+0x24/0x260
[  224.514295][    C1]  __rcu_read_unlock+0x84/0xe0
[  224.514305][    C1]  __account_obj_stock+0x96/0x310
[  224.514314][    C1]  obj_cgroup_charge_account+0x3e0/0x660
[  224.514324][    C1]  ? obj_cgroup_charge_account+0x13b/0x660
[  224.514333][    C1]  __memcg_slab_post_alloc_hook+0x3e6/0x7f0
[  224.514342][    C1]  kmem_cache_alloc_lru_noprof+0x2c7/0x3d0
[  224.514350][    C1]  ? sock_alloc_inode+0x28/0xc0
[  224.514360][    C1]  ? __pfx_sock_alloc_inode+0x10/0x10
[  224.514367][    C1]  sock_alloc_inode+0x28/0xc0
[  224.514375][    C1]  alloc_inode+0x6a/0x1b0
[  224.514383][    C1]  __sock_create+0x12d/0x9f0
[  224.514392][    C1]  ? do_syscall_64+0xb7/0x3b0
[  224.514401][    C1]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  224.514411][    C1]  __sys_socket+0xd7/0x1b0
[  224.514421][    C1]  __x64_sys_socket+0x7a/0x90
[  224.514429][    C1]  do_syscall_64+0xfa/0x3b0
[  224.514437][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.514443][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  224.514450][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.514456][    C1] RIP: 0033:0x7fdb5098e9a9
[  224.514463][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  224.514468][    C1] RSP: 002b:00007fdb518a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  224.514474][    C1] RAX: ffffffffffffffda RBX: 00007fdb50bb5fa0 RCX: 00007fdb5098e9a9
[  224.514479][    C1] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000029
[  224.514482][    C1] RBP: 00007fdb50a10d69 R08: 0000000000000000 R09: 0000000000000000
[  224.514486][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  224.514489][    C1] R13: 0000000000000000 R14: 00007fdb50bb5fa0 R15: 00007ffea4944a38
[  224.514496][    C1]  </TASK>
[  228.983802][ T6905] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  228.984809][ T6905] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  228.985240][ T6905] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  228.986349][ T6905] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  229.117064][ T6918] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  229.118132][ T6918] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  229.159821][ T6908] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  229.161241][ T6908] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  229.162099][ T6908] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  229.162499][ T6908] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  229.163200][ T6908] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  229.163806][ T6908] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  229.165903][ T6908] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  229.166069][ T6908] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  229.167502][ T6907] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  231.717160][ T6924] Bluetooth: hci3: command 0x0406 tx timeout
[  231.717253][ T6924] Bluetooth: hci4: command 0x0406 tx timeout
[  231.717273][ T6924] Bluetooth: hci5: command 0x0406 tx timeout
[  253.953670][   T34] INFO: task rcu_tasks_trace:32 blocked for more than 143 seconds.
[  253.953693][   T34]       Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0
[  253.953700][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  253.953706][   T34] task:rcu_tasks_trace state:D stack:26536 pid:32    tgid:32    ppid:2      task_flags:0x208040 flags:0x00004000
[  253.953737][   T34] Call Trace:
[  253.953742][   T34]  <TASK>
[  253.953750][   T34]  __schedule+0x16f5/0x4d00
[  253.953773][   T34]  ? do_raw_spin_lock+0x121/0x290
[  253.953788][   T34]  ? schedule+0x165/0x360
[  253.953799][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.953809][   T34]  ? __pfx___schedule+0x10/0x10
[  253.953827][   T34]  ? schedule+0x91/0x360
[  253.953839][   T34]  schedule+0x165/0x360
[  253.953850][   T34]  synchronize_rcu_expedited+0x583/0x730
[  253.953866][   T34]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  253.953886][   T34]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  253.953903][   T34]  ? __pfx___might_resched+0x10/0x10
[  253.953921][   T34]  ? __pfx_autoremove_wake_function+0x10/0x10
[  253.953952][   T34]  synchronize_rcu+0x11a/0x310
[  253.953970][   T34]  ? __pfx_synchronize_rcu+0x10/0x10
[  253.953987][   T34]  ? __pfx_rcu_tasks_trace_pregp_step+0x10/0x10
[  253.954008][   T34]  ? rcu_is_watching+0x15/0xb0
[  253.954025][   T34]  ? trace_contention_end+0x39/0x120
[  253.954044][   T34]  ? __mutex_lock+0x330/0xe80
[  253.954084][   T34]  rcu_tasks_wait_gp+0x490/0xac0
[  253.954112][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  253.954167][   T34]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  253.954185][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.954205][   T34]  ? __pfx_rcu_tasks_wait_gp+0x10/0x10
[  253.954225][   T34]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  253.954250][   T34]  rcu_tasks_one_gp+0xc19/0xdf0
[  253.954282][   T34]  ? rcu_tasks_one_gp+0xe9/0xdf0
[  253.954308][   T34]  rcu_tasks_kthread+0x195/0x1c0
[  253.954325][   T34]  kthread+0x711/0x8a0
[  253.954340][   T34]  ? __pfx_rcu_tasks_kthread+0x10/0x10
[  253.954351][   T34]  ? __pfx_kthread+0x10/0x10
[  253.954365][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  253.954375][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.954386][   T34]  ? __pfx_kthread+0x10/0x10
[  253.954398][   T34]  ret_from_fork+0x3fc/0x770
[  253.954412][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  253.954424][   T34]  ? __switch_to_asm+0x39/0x70
[  253.954438][   T34]  ? __switch_to_asm+0x33/0x70
[  253.954448][   T34]  ? __pfx_kthread+0x10/0x10
[  253.954460][   T34]  ret_from_fork_asm+0x1a/0x30
[  253.954478][   T34]  </TASK>
[  253.954562][   T34] INFO: task syz.0.424:6864 blocked for more than 143 seconds.
[  253.954569][   T34]       Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0
[  253.954576][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  253.954581][   T34] task:syz.0.424       state:D stack:26920 pid:6864  tgid:6864  ppid:5838   task_flags:0x400040 flags:0x00004004
[  253.954608][   T34] Call Trace:
[  253.954613][   T34]  <TASK>
[  253.954620][   T34]  __schedule+0x16f5/0x4d00
[  253.954633][   T34]  ? trace_call_bpf+0xb7/0x850
[  253.954647][   T34]  ? perf_trace_run_bpf_submit+0xf9/0x170
[  253.954660][   T34]  ? schedule+0x165/0x360
[  253.954671][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.954681][   T34]  ? __pfx___schedule+0x10/0x10
[  253.954698][   T34]  ? schedule+0x91/0x360
[  253.954710][   T34]  schedule+0x165/0x360
[  253.954721][   T34]  schedule_timeout+0x9a/0x270
[  253.954731][   T34]  ? __pfx_schedule_timeout+0x10/0x10
[  253.954746][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  253.954756][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.954768][   T34]  __wait_for_common+0x3da/0x710
[  253.954786][   T34]  ? __pfx_schedule_timeout+0x10/0x10
[  253.954795][   T34]  ? __pfx___wait_for_common+0x10/0x10
[  253.954808][   T34]  ? __raw_spin_lock_init+0x45/0x100
[  253.954821][   T34]  ? __init_swait_queue_head+0xa9/0x150
[  253.954834][   T34]  wait_for_completion_state+0x1c/0x40
[  253.954845][   T34]  __wait_rcu_gp+0x24c/0x280
[  253.954859][   T34]  synchronize_rcu_tasks_generic+0x132/0x220
[  253.954871][   T34]  ? __pfx_synchronize_rcu_tasks_generic+0x10/0x10
[  253.954881][   T34]  ? rcu_read_lock_any_held+0xb3/0x120
[  253.954891][   T34]  ? __pfx_call_rcu_tasks_trace+0x10/0x10
[  253.954903][   T34]  ? __pfx_wakeme_after_rcu+0x10/0x10
[  253.954923][   T34]  perf_trace_event_unreg+0xbe/0x1b0
[  253.954935][   T34]  perf_trace_destroy+0xa4/0x150
[  253.954945][   T34]  ? __pfx_tp_perf_event_destroy+0x10/0x10
[  253.954956][   T34]  __free_event+0x316/0x7b0
[  253.954966][   T34]  ? __pfx_perf_release+0x10/0x10
[  253.954978][   T34]  perf_event_release_kernel+0x45b/0x510
[  253.954988][   T34]  ? __pfx_perf_release+0x10/0x10
[  253.955000][   T34]  perf_release+0x38/0x50
[  253.955012][   T34]  __fput+0x44c/0xa70
[  253.955028][   T34]  task_work_run+0x1d4/0x260
[  253.955043][   T34]  ? __pfx_task_work_run+0x10/0x10
[  253.955058][   T34]  ? exit_to_user_mode_loop+0x40/0x110
[  253.955075][   T34]  exit_to_user_mode_loop+0xec/0x110
[  253.955086][   T34]  do_syscall_64+0x2bd/0x3b0
[  253.955099][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.955109][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.955145][   T34]  ? exc_page_fault+0x9f/0xf0
[  253.955157][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.955167][   T34] RIP: 0033:0x7f304b58e9a9
[  253.955177][   T34] RSP: 002b:00007ffe40770778 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  253.955195][   T34] RAX: 0000000000000000 RBX: 0000000000016416 RCX: 00007f304b58e9a9
[  253.955206][   T34] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  253.955215][   T34] RBP: 00007f304b7b7ba0 R08: 0000000000000001 R09: 0000000d40770a6f
[  253.955224][   T34] R10: 00007f304b400000 R11: 0000000000000246 R12: 00007f304b7b5fac
[  253.955234][   T34] R13: 00007f304b7b5fa0 R14: ffffffffffffffff R15: 00007ffe40770890
[  253.955255][   T34]  </TASK>
[  253.955262][   T34] INFO: task syz.0.424:6866 blocked for more than 143 seconds.
[  253.955272][   T34]       Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0
[  253.955281][   T34]       Blocked by coredump.
[  253.955286][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  253.955290][   T34] task:syz.0.424       state:D stack:26832 pid:6866  tgid:6866  ppid:6864   task_flags:0x40004c flags:0x00004002
[  253.955317][   T34] Call Trace:
[  253.955322][   T34]  <TASK>
[  253.955329][   T34]  __schedule+0x16f5/0x4d00
[  253.955346][   T34]  ? do_raw_spin_lock+0x121/0x290
[  253.955359][   T34]  ? schedule+0x165/0x360
[  253.955370][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.955379][   T34]  ? __pfx___schedule+0x10/0x10
[  253.955397][   T34]  ? schedule+0x91/0x360
[  253.955408][   T34]  schedule+0x165/0x360
[  253.955419][   T34]  synchronize_rcu_expedited+0x5f5/0x730
[  253.955433][   T34]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  253.955444][   T34]  ? __pfx_autoremove_wake_function+0x10/0x10
[  253.955459][   T34]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  253.955473][   T34]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  253.955486][   T34]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  253.955503][   T34]  packet_release+0xa05/0xce0
[  253.955518][   T34]  ? __pfx_packet_release+0x10/0x10
[  253.955526][   T34]  ? down_write+0x162/0x1f0
[  253.955540][   T34]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  253.955554][   T34]  sock_close+0xc3/0x240
[  253.955568][   T34]  ? __pfx_sock_close+0x10/0x10
[  253.955579][   T34]  __fput+0x44c/0xa70
[  253.955594][   T34]  task_work_run+0x1d4/0x260
[  253.955608][   T34]  ? __pfx_task_work_run+0x10/0x10
[  253.955624][   T34]  do_exit+0x6b5/0x22e0
[  253.955642][   T34]  ? __pfx_do_exit+0x10/0x10
[  253.955653][   T34]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  253.955668][   T34]  ? rcu_is_watching+0x15/0xb0
[  253.955682][   T34]  __x64_sys_exit+0x40/0x40
[  253.955693][   T34]  x64_sys_call+0x21a3/0x21c0
[  253.955705][   T34]  do_syscall_64+0xfa/0x3b0
[  253.955716][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.955727][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.955736][   T34]  ? exc_page_fault+0x9f/0xf0
[  253.955748][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.955756][   T34] RIP: 0033:0x7f304b58e9a9
[  253.955764][   T34] RSP: 002b:00007f30493f5fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
[  253.955775][   T34] RAX: ffffffffffffffda RBX: 00007f304b7b5fa0 RCX: 00007f304b58e9a9
[  253.955782][   T34] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  253.955788][   T34] RBP: 00007f304b610d69 R08: 0000000000000000 R09: 0000000000000000
[  253.955795][   T34] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  253.955801][   T34] R13: 0000000000000000 R14: 00007f304b7b5fa0 R15: 00007ffe40770618
[  253.955815][   T34]  </TASK>
[  253.955820][   T34] INFO: task syz.2.426:6868 blocked for more than 143 seconds.
[  253.955826][   T34]       Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0
[  253.955832][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  253.955837][   T34] task:syz.2.426       state:D stack:26864 pid:6868  tgid:6868  ppid:5840   task_flags:0x400040 flags:0x00004004
[  253.955861][   T34] Call Trace:
[  253.955866][   T34]  <TASK>
[  253.955872][   T34]  __schedule+0x16f5/0x4d00
[  253.955888][   T34]  ? do_raw_spin_lock+0x121/0x290
[  253.955900][   T34]  ? schedule+0x165/0x360
[  253.955911][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.955920][   T34]  ? __pfx___schedule+0x10/0x10
[  253.955937][   T34]  ? schedule+0x91/0x360
[  253.955949][   T34]  schedule+0x165/0x360
[  253.955960][   T34]  synchronize_rcu_expedited+0x5f5/0x730
[  253.955973][   T34]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  253.955984][   T34]  ? __pfx_autoremove_wake_function+0x10/0x10
[  253.956002][   T34]  ? __pfx___might_resched+0x10/0x10
[  253.956014][   T34]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  253.956032][   T34]  synchronize_rcu+0x11a/0x310
[  253.956042][   T34]  ? __pfx_synchronize_rcu+0x10/0x10
[  253.956052][   T34]  ? __local_bh_enable_ip+0x12d/0x1c0
[  253.956061][   T34]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  253.956082][   T34]  pfkey_release+0x258/0x320
[  253.956097][   T34]  sock_close+0xc3/0x240
[  253.956108][   T34]  ? __pfx_sock_close+0x10/0x10
[  253.956144][   T34]  __fput+0x44c/0xa70
[  253.956161][   T34]  task_work_run+0x1d4/0x260
[  253.956174][   T34]  ? __pfx_task_work_run+0x10/0x10
[  253.956188][   T34]  ? exit_to_user_mode_loop+0x40/0x110
[  253.956199][   T34]  exit_to_user_mode_loop+0xec/0x110
[  253.956208][   T34]  do_syscall_64+0x2bd/0x3b0
[  253.956220][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.956229][   T34]  ? asm_sysvec_call_function_single+0x1a/0x20
[  253.956241][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.956250][   T34] RIP: 0033:0x7fdb5098e9a9
[  253.956258][   T34] RSP: 002b:00007ffea4944b98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  253.956269][   T34] RAX: 0000000000000000 RBX: 00007fdb50bb7ba0 RCX: 00007fdb5098e9a9
[  253.956275][   T34] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  253.956282][   T34] RBP: 00007fdb50bb7ba0 R08: 0000000000000210 R09: 0000001ba4944e8f
[  253.956288][   T34] R10: 00007fdb50bb7ac0 R11: 0000000000000246 R12: 00000000000167b0
[  253.956295][   T34] R13: 00007ffea4944c90 R14: ffffffffffffffff R15: 00007ffea4944cb0
[  253.956309][   T34]  </TASK>
[  253.956314][   T34] INFO: task syz.1.427:6872 blocked for more than 143 seconds.
[  253.956321][   T34]       Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0
[  253.956326][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  253.956331][   T34] task:syz.1.427       state:D stack:26920 pid:6872  tgid:6872  ppid:5833   task_flags:0x400040 flags:0x00004004
[  253.956356][   T34] Call Trace:
[  253.956360][   T34]  <TASK>
[  253.956367][   T34]  __schedule+0x16f5/0x4d00
[  253.956382][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.956393][   T34]  ? schedule+0x165/0x360
[  253.956405][   T34]  ? __pfx___schedule+0x10/0x10
[  253.956421][   T34]  ? schedule+0x91/0x360
[  253.956433][   T34]  schedule+0x165/0x360
[  253.956444][   T34]  schedule_preempt_disabled+0x13/0x30
[  253.956455][   T34]  __mutex_lock+0x724/0xe80
[  253.956467][   T34]  ? __mutex_lock+0x51b/0xe80
[  253.956480][   T34]  ? synchronize_rcu_expedited+0x3b9/0x730
[  253.956492][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  253.956509][   T34]  ? do_raw_spin_unlock+0x4d/0x240
[  253.956522][   T34]  synchronize_rcu_expedited+0x3b9/0x730
[  253.956534][   T34]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  253.956550][   T34]  ? trace_contention_end+0x39/0x120
[  253.956565][   T34]  ? __pfx_ima_file_free+0x10/0x10
[  253.956584][   T34]  __tun_detach+0x87e/0x1560
[  253.956601][   T34]  ? __pfx_tun_chr_close+0x10/0x10
[  253.956613][   T34]  tun_chr_close+0x10a/0x1c0
[  253.956626][   T34]  __fput+0x44c/0xa70
[  253.956641][   T34]  task_work_run+0x1d4/0x260
[  253.956655][   T34]  ? __pfx_task_work_run+0x10/0x10
[  253.956669][   T34]  ? exit_to_user_mode_loop+0x40/0x110
[  253.956680][   T34]  exit_to_user_mode_loop+0xec/0x110
[  253.956690][   T34]  do_syscall_64+0x2bd/0x3b0
[  253.956700][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.956711][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.956720][   T34]  ? exc_page_fault+0x9f/0xf0
[  253.956731][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.956740][   T34] RIP: 0033:0x7f567ab8e9a9
[  253.956747][   T34] RSP: 002b:00007ffc45b614d8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  253.956758][   T34] RAX: 0000000000000000 RBX: 00000000000164b5 RCX: 00007f567ab8e9a9
[  253.956765][   T34] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  253.956770][   T34] RBP: 00007f567adb7ba0 R08: 0000000000000001 R09: 0000000345b617cf
[  253.956777][   T34] R10: 00007f567aa00000 R11: 0000000000000246 R12: 00007f567adb5fac
[  253.956783][   T34] R13: 00007f567adb5fa0 R14: ffffffffffffffff R15: 00007ffc45b615f0
[  253.956797][   T34]  </TASK>
[  253.956801][   T34] INFO: task dhcpcd:6874 blocked for more than 143 seconds.
[  253.956807][   T34]       Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0
[  253.956813][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  253.956818][   T34] task:dhcpcd          state:D stack:28456 pid:6874  tgid:6874  ppid:5576   task_flags:0x400140 flags:0x00004002
[  253.956843][   T34] Call Trace:
[  253.956847][   T34]  <TASK>
[  253.956854][   T34]  __schedule+0x16f5/0x4d00
[  253.956869][   T34]  ? do_raw_spin_lock+0x121/0x290
[  253.956881][   T34]  ? schedule+0x165/0x360
[  253.956892][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.956901][   T34]  ? __pfx___schedule+0x10/0x10
[  253.956918][   T34]  ? schedule+0x91/0x360
[  253.956929][   T34]  schedule+0x165/0x360
[  253.956940][   T34]  synchronize_rcu_expedited+0x5f5/0x730
[  253.956953][   T34]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  253.956964][   T34]  ? __pfx_autoremove_wake_function+0x10/0x10
[  253.956989][   T34]  __unregister_prot_hook+0x503/0x6e0
[  253.957000][   T34]  ? packet_do_bind+0x98/0xcd0
[  253.957011][   T34]  ? packet_do_bind+0x98/0xcd0
[  253.957021][   T34]  packet_do_bind+0x536/0xcd0
[  253.957032][   T34]  ? packet_do_bind+0x98/0xcd0
[  253.957044][   T34]  __sys_bind+0x2c6/0x3e0
[  253.957059][   T34]  ? __pfx___sys_bind+0x10/0x10
[  253.957085][   T34]  __x64_sys_bind+0x7a/0x90
[  253.957098][   T34]  do_syscall_64+0xfa/0x3b0
[  253.957108][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.957140][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.957150][   T34]  ? exc_page_fault+0x9f/0xf0
[  253.957162][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.957170][   T34] RIP: 0033:0x7f777365c677
[  253.957178][   T34] RSP: 002b:00007fff6f0a3478 EFLAGS: 00000217 ORIG_RAX: 0000000000000031
[  253.957189][   T34] RAX: ffffffffffffffda RBX: 0000558e4e9f2ca3 RCX: 00007f777365c677
[  253.957196][   T34] RDX: 0000000000000014 RSI: 00007fff6f0a3488 RDI: 0000000000000005
[  253.957202][   T34] RBP: 0000000000000000 R08: 0000558e71b96f60 R09: 0000000000020000
[  253.957208][   T34] R10: 000000000000006d R11: 0000000000000217 R12: 0000558e71b9b000
[  253.957215][   T34] R13: 0000558e71b95168 R14: 00007fff6f0c3d6c R15: 0000558e71b95134
[  253.957229][   T34]  </TASK>
[  253.957233][   T34] INFO: task dhcpcd:6875 blocked for more than 143 seconds.
[  253.957240][   T34]       Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0
[  253.957246][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  253.957251][   T34] task:dhcpcd          state:D stack:27504 pid:6875  tgid:6875  ppid:5576   task_flags:0x400140 flags:0x00004002
[  253.957288][   T34] Call Trace:
[  253.957294][   T34]  <TASK>
[  253.957305][   T34]  __schedule+0x16f5/0x4d00
[  253.957331][   T34]  ? do_raw_spin_lock+0x121/0x290
[  253.957350][   T34]  ? schedule+0x165/0x360
[  253.957366][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.957381][   T34]  ? __pfx___schedule+0x10/0x10
[  253.957410][   T34]  ? schedule+0x91/0x360
[  253.957428][   T34]  schedule+0x165/0x360
[  253.957446][   T34]  synchronize_rcu_expedited+0x5f5/0x730
[  253.957465][   T34]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  253.957483][   T34]  ? __pfx_autoremove_wake_function+0x10/0x10
[  253.957523][   T34]  __unregister_prot_hook+0x503/0x6e0
[  253.957535][   T34]  ? packet_do_bind+0x98/0xcd0
[  253.957546][   T34]  ? packet_do_bind+0x98/0xcd0
[  253.957556][   T34]  packet_do_bind+0x536/0xcd0
[  253.957568][   T34]  ? packet_do_bind+0x98/0xcd0
[  253.957580][   T34]  __sys_bind+0x2c6/0x3e0
[  253.957594][   T34]  ? __pfx___sys_bind+0x10/0x10
[  253.957616][   T34]  __x64_sys_bind+0x7a/0x90
[  253.957629][   T34]  do_syscall_64+0xfa/0x3b0
[  253.957641][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.957652][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.957660][   T34]  ? exc_page_fault+0x9f/0xf0
[  253.957671][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.957680][   T34] RIP: 0033:0x7f777365c677
[  253.957688][   T34] RSP: 002b:00007fff6f0a3478 EFLAGS: 00000217 ORIG_RAX: 0000000000000031
[  253.957699][   T34] RAX: ffffffffffffffda RBX: 0000558e4e9f2ca3 RCX: 00007f777365c677
[  253.957706][   T34] RDX: 0000000000000014 RSI: 00007fff6f0a3488 RDI: 0000000000000005
[  253.957712][   T34] RBP: 0000000000000000 R08: 0000558e71b96f60 R09: 0000000000020000
[  253.957719][   T34] R10: 000000000000006d R11: 0000000000000217 R12: 0000558e71b9b000
[  253.957725][   T34] R13: 0000558e71b96618 R14: 00007fff6f0c3d6c R15: 0000558e71b965e4
[  253.957739][   T34]  </TASK>
[  253.957745][   T34] INFO: task dhcpcd:6876 blocked for more than 143 seconds.
[  253.957751][   T34]       Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0
[  253.957757][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  253.957762][   T34] task:dhcpcd          state:D stack:27720 pid:6876  tgid:6876  ppid:5576   task_flags:0x400140 flags:0x00004002
[  253.957791][   T34] Call Trace:
[  253.957795][   T34]  <TASK>
[  253.957801][   T34]  __schedule+0x16f5/0x4d00
[  253.957817][   T34]  ? do_raw_spin_lock+0x121/0x290
[  253.957829][   T34]  ? schedule+0x165/0x360
[  253.957840][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.957849][   T34]  ? __pfx___schedule+0x10/0x10
[  253.957866][   T34]  ? schedule+0x91/0x360
[  253.957877][   T34]  schedule+0x165/0x360
[  253.957888][   T34]  synchronize_rcu_expedited+0x5f5/0x730
[  253.957901][   T34]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  253.957912][   T34]  ? __pfx_autoremove_wake_function+0x10/0x10
[  253.957938][   T34]  __unregister_prot_hook+0x503/0x6e0
[  253.957948][   T34]  ? packet_do_bind+0x98/0xcd0
[  253.957959][   T34]  ? packet_do_bind+0x98/0xcd0
[  253.957969][   T34]  packet_do_bind+0x536/0xcd0
[  253.957980][   T34]  ? packet_do_bind+0x98/0xcd0
[  253.957992][   T34]  __sys_bind+0x2c6/0x3e0
[  253.958005][   T34]  ? __pfx___sys_bind+0x10/0x10
[  253.958026][   T34]  __x64_sys_bind+0x7a/0x90
[  253.958039][   T34]  do_syscall_64+0xfa/0x3b0
[  253.958049][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.958060][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.958075][   T34]  ? exc_page_fault+0x9f/0xf0
[  253.958087][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.958095][   T34] RIP: 0033:0x7f777365c677
[  253.958102][   T34] RSP: 002b:00007fff6f0a3478 EFLAGS: 00000217 ORIG_RAX: 0000000000000031
[  253.958113][   T34] RAX: ffffffffffffffda RBX: 0000558e4e9f2ca3 RCX: 00007f777365c677
[  253.958143][   T34] RDX: 0000000000000014 RSI: 00007fff6f0a3488 RDI: 0000000000000005
[  253.958149][   T34] RBP: 0000000000000000 R08: 0000558e71b96f60 R09: 0000000000020000
[  253.958156][   T34] R10: 000000000000006d R11: 0000000000000217 R12: 0000558e71b9b000
[  253.958162][   T34] R13: 0000558e71b96028 R14: 00007fff6f0c3d6c R15: 0000558e71b95ff4
[  253.958176][   T34]  </TASK>
[  253.958181][   T34] INFO: task dhcpcd:6877 blocked for more than 143 seconds.
[  253.958187][   T34]       Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0
[  253.958193][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  253.958198][   T34] task:dhcpcd          state:D stack:27720 pid:6877  tgid:6877  ppid:5576   task_flags:0x400140 flags:0x00004002
[  253.958222][   T34] Call Trace:
[  253.958226][   T34]  <TASK>
[  253.958232][   T34]  __schedule+0x16f5/0x4d00
[  253.958249][   T34]  ? do_raw_spin_lock+0x121/0x290
[  253.958261][   T34]  ? schedule+0x165/0x360
[  253.958272][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.958281][   T34]  ? __pfx___schedule+0x10/0x10
[  253.958298][   T34]  ? schedule+0x91/0x360
[  253.958310][   T34]  schedule+0x165/0x360
[  253.958321][   T34]  synchronize_rcu_expedited+0x5f5/0x730
[  253.958333][   T34]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  253.958344][   T34]  ? __pfx_autoremove_wake_function+0x10/0x10
[  253.958370][   T34]  __unregister_prot_hook+0x503/0x6e0
[  253.958380][   T34]  ? packet_do_bind+0x98/0xcd0
[  253.958390][   T34]  ? packet_do_bind+0x98/0xcd0
[  253.958400][   T34]  packet_do_bind+0x536/0xcd0
[  253.958411][   T34]  ? packet_do_bind+0x98/0xcd0
[  253.958423][   T34]  __sys_bind+0x2c6/0x3e0
[  253.958436][   T34]  ? __pfx___sys_bind+0x10/0x10
[  253.958458][   T34]  __x64_sys_bind+0x7a/0x90
[  253.958471][   T34]  do_syscall_64+0xfa/0x3b0
[  253.958481][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.958492][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.958501][   T34]  ? exc_page_fault+0x9f/0xf0
[  253.958512][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.958520][   T34] RIP: 0033:0x7f777365c677
[  253.958528][   T34] RSP: 002b:00007fff6f0a3478 EFLAGS: 00000217 ORIG_RAX: 0000000000000031
[  253.958539][   T34] RAX: ffffffffffffffda RBX: 0000558e4e9f2ca3 RCX: 00007f777365c677
[  253.958545][   T34] RDX: 0000000000000014 RSI: 00007fff6f0a3488 RDI: 0000000000000005
[  253.958552][   T34] RBP: 0000000000000000 R08: 0000558e71b96f60 R09: 0000000000020000
[  253.958558][   T34] R10: 000000000000006d R11: 0000000000000217 R12: 0000558e71b9b000
[  253.958564][   T34] R13: 0000558e71b961a8 R14: 00007fff6f0c3d6c R15: 0000558e71b96174
[  253.958578][   T34]  </TASK>
[  253.958583][   T34] INFO: task dhcpcd:6878 blocked for more than 143 seconds.
[  253.958589][   T34]       Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0
[  253.958595][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  253.958600][   T34] task:dhcpcd          state:D stack:28456 pid:6878  tgid:6878  ppid:5576   task_flags:0x400140 flags:0x00004002
[  253.958624][   T34] Call Trace:
[  253.958629][   T34]  <TASK>
[  253.958635][   T34]  __schedule+0x16f5/0x4d00
[  253.958651][   T34]  ? do_raw_spin_lock+0x121/0x290
[  253.958664][   T34]  ? schedule+0x165/0x360
[  253.958674][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.958683][   T34]  ? __pfx___schedule+0x10/0x10
[  253.958700][   T34]  ? schedule+0x91/0x360
[  253.958712][   T34]  schedule+0x165/0x360
[  253.958723][   T34]  synchronize_rcu_expedited+0x5f5/0x730
[  253.958735][   T34]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  253.958746][   T34]  ? __pfx_autoremove_wake_function+0x10/0x10
[  253.958772][   T34]  __unregister_prot_hook+0x503/0x6e0
[  253.958782][   T34]  ? packet_do_bind+0x98/0xcd0
[  253.958792][   T34]  ? packet_do_bind+0x98/0xcd0
[  253.958802][   T34]  packet_do_bind+0x536/0xcd0
[  253.958813][   T34]  ? packet_do_bind+0x98/0xcd0
[  253.958825][   T34]  __sys_bind+0x2c6/0x3e0
[  253.958838][   T34]  ? __pfx___sys_bind+0x10/0x10
[  253.958859][   T34]  __x64_sys_bind+0x7a/0x90
[  253.958872][   T34]  do_syscall_64+0xfa/0x3b0
[  253.958883][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.958893][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.958902][   T34]  ? exc_page_fault+0x9f/0xf0
[  253.958913][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.958921][   T34] RIP: 0033:0x7f777365c677
[  253.958929][   T34] RSP: 002b:00007fff6f0a3478 EFLAGS: 00000217 ORIG_RAX: 0000000000000031
[  253.958939][   T34] RAX: ffffffffffffffda RBX: 0000558e4e9f2ca3 RCX: 00007f777365c677
[  253.958946][   T34] RDX: 0000000000000014 RSI: 00007fff6f0a3488 RDI: 0000000000000005
[  253.958952][   T34] RBP: 0000000000000000 R08: 0000558e71b96f60 R09: 0000000000020000
[  253.958959][   T34] R10: 000000000000006d R11: 0000000000000217 R12: 0000558e71b9b000
[  253.958965][   T34] R13: 0000558e71b96a08 R14: 00007fff6f0c3d6c R15: 0000558e71b969d4
[  253.958979][   T34]  </TASK>
[  253.958983][   T34] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[  253.958989][   T34] INFO: task dhcpcd:6879 blocked for more than 143 seconds.
[  253.958995][   T34]       Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0
[  253.959001][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  253.959006][   T34] task:dhcpcd          state:D stack:27720 pid:6879  tgid:6879  ppid:5576   task_flags:0x400140 flags:0x00004002
[  253.959031][   T34] Call Trace:
[  253.959035][   T34]  <TASK>
[  253.959042][   T34]  __schedule+0x16f5/0x4d00
[  253.959058][   T34]  ? do_raw_spin_lock+0x121/0x290
[  253.959074][   T34]  ? schedule+0x165/0x360
[  253.959085][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.959094][   T34]  ? __pfx___schedule+0x10/0x10
[  253.959111][   T34]  ? schedule+0x91/0x360
[  253.959146][   T34]  schedule+0x165/0x360
[  253.959157][   T34]  synchronize_rcu_expedited+0x5f5/0x730
[  253.959170][   T34]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  253.959181][   T34]  ? __pfx_autoremove_wake_function+0x10/0x10
[  253.959207][   T34]  __unregister_prot_hook+0x503/0x6e0
[  253.959217][   T34]  ? packet_do_bind+0x98/0xcd0
[  253.959227][   T34]  ? packet_do_bind+0x98/0xcd0
[  253.959237][   T34]  packet_do_bind+0x536/0xcd0
[  253.959248][   T34]  ? packet_do_bind+0x98/0xcd0
[  253.959260][   T34]  __sys_bind+0x2c6/0x3e0
[  253.959273][   T34]  ? __pfx___sys_bind+0x10/0x10
[  253.959294][   T34]  __x64_sys_bind+0x7a/0x90
[  253.959307][   T34]  do_syscall_64+0xfa/0x3b0
[  253.959318][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.959328][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.959337][   T34]  ? exc_page_fault+0x9f/0xf0
[  253.959349][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.959357][   T34] RIP: 0033:0x7f777365c677
[  253.959365][   T34] RSP: 002b:00007fff6f0a3478 EFLAGS: 00000217 ORIG_RAX: 0000000000000031
[  253.959376][   T34] RAX: ffffffffffffffda RBX: 0000558e4e9f2ca3 RCX: 00007f777365c677
[  253.959383][   T34] RDX: 0000000000000014 RSI: 00007fff6f0a3488 RDI: 0000000000000005
[  253.959389][   T34] RBP: 0000000000000000 R08: 0000558e71b96f60 R09: 0000000000020000
[  253.959395][   T34] R10: 000000000000006d R11: 0000000000000217 R12: 0000558e71b9b000
[  253.959402][   T34] R13: 0000558e71b96b88 R14: 00007fff6f0c3d6c R15: 0000558e71b96b54
[  253.959415][   T34]  </TASK>
[  253.959420][   T34] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[  253.959426][   T34] INFO: task syz-executor:6883 blocked for more than 143 seconds.
[  253.959432][   T34]       Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0
[  253.959438][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  253.959443][   T34] task:syz-executor    state:D stack:26920 pid:6883  tgid:6883  ppid:1      task_flags:0x400140 flags:0x00004004
[  253.959468][   T34] Call Trace:
[  253.959472][   T34]  <TASK>
[  253.959479][   T34]  __schedule+0x16f5/0x4d00
[  253.959494][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.959509][   T34]  ? schedule+0x165/0x360
[  253.959531][   T34]  ? __pfx___schedule+0x10/0x10
[  253.959557][   T34]  ? schedule+0x91/0x360
[  253.959576][   T34]  schedule+0x165/0x360
[  253.959595][   T34]  schedule_preempt_disabled+0x13/0x30
[  253.959611][   T34]  __mutex_lock+0x724/0xe80
[  253.959631][   T34]  ? __mutex_lock+0x51b/0xe80
[  253.959653][   T34]  ? inet_rtm_newaddr+0x3b0/0x18b0
[  253.959674][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  253.959700][   T34]  ? __nla_parse+0x40/0x60
[  253.959724][   T34]  inet_rtm_newaddr+0x3b0/0x18b0
[  253.959750][   T34]  ? __pfx_inet_rtm_newaddr+0x10/0x10
[  253.959783][   T34]  ? __pfx_inet_rtm_newaddr+0x10/0x10
[  253.959801][   T34]  rtnetlink_rcv_msg+0x7cf/0xb70
[  253.959819][   T34]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  253.959831][   T34]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  253.959850][   T34]  netlink_rcv_skb+0x208/0x470
[  253.959862][   T34]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  253.959875][   T34]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  253.959889][   T34]  ? netlink_deliver_tap+0x2e/0x1b0
[  253.959899][   T34]  ? netlink_deliver_tap+0x2e/0x1b0
[  253.959910][   T34]  netlink_unicast+0x75c/0x8e0
[  253.959928][   T34]  netlink_sendmsg+0x805/0xb30
[  253.959941][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  253.959952][   T34]  ? aa_sock_msg_perm+0x94/0x160
[  253.959966][   T34]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  253.959979][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  253.959989][   T34]  __sock_sendmsg+0x21c/0x270
[  253.960003][   T34]  __sys_sendto+0x3bd/0x520
[  253.960014][   T34]  ? __pfx___sys_sendto+0x10/0x10
[  253.960033][   T34]  ? do_syscall_64+0xb7/0x3b0
[  253.960045][   T34]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  253.960059][   T34]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  253.960079][   T34]  __x64_sys_sendto+0xde/0x100
[  253.960090][   T34]  do_syscall_64+0xfa/0x3b0
[  253.960101][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.960111][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.960146][   T34]  ? exc_page_fault+0x9f/0xf0
[  253.960157][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.960166][   T34] RIP: 0033:0x7f90f9b9083c
[  253.960174][   T34] RSP: 002b:00007ffd772cd3f0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  253.960186][   T34] RAX: ffffffffffffffda RBX: 00007f90fa8e4620 RCX: 00007f90f9b9083c
[  253.960193][   T34] RDX: 0000000000000028 RSI: 00007f90fa8e4670 RDI: 0000000000000003
[  253.960200][   T34] RBP: 0000000000000000 R08: 00007ffd772cd444 R09: 000000000000000c
[  253.960206][   T34] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  253.960213][   T34] R13: 0000000000000000 R14: 00007f90fa8e4670 R15: 0000000000000000
[  253.960226][   T34]  </TASK>
[  253.960231][   T34] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[  253.960236][   T34] INFO: task syz-executor:6886 blocked for more than 143 seconds.
[  253.960244][   T34]       Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0
[  253.960250][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  253.960255][   T34] task:syz-executor    state:D stack:26920 pid:6886  tgid:6886  ppid:1      task_flags:0x400140 flags:0x00004004
[  253.960279][   T34] Call Trace:
[  253.960283][   T34]  <TASK>
[  253.960290][   T34]  __schedule+0x16f5/0x4d00
[  253.960306][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.960317][   T34]  ? schedule+0x165/0x360
[  253.960331][   T34]  ? __pfx___schedule+0x10/0x10
[  253.960349][   T34]  ? schedule+0x91/0x360
[  253.960368][   T34]  schedule+0x165/0x360
[  253.960386][   T34]  schedule_preempt_disabled+0x13/0x30
[  253.960401][   T34]  __mutex_lock+0x724/0xe80
[  253.960421][   T34]  ? __mutex_lock+0x51b/0xe80
[  253.960444][   T34]  ? inet_rtm_newaddr+0x3b0/0x18b0
[  253.960464][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  253.960490][   T34]  ? __nla_parse+0x40/0x60
[  253.960514][   T34]  inet_rtm_newaddr+0x3b0/0x18b0
[  253.960539][   T34]  ? __pfx_inet_rtm_newaddr+0x10/0x10
[  253.960568][   T34]  ? __pfx_inet_rtm_newaddr+0x10/0x10
[  253.960585][   T34]  rtnetlink_rcv_msg+0x7cf/0xb70
[  253.960610][   T34]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  253.960630][   T34]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  253.960662][   T34]  netlink_rcv_skb+0x208/0x470
[  253.960679][   T34]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  253.960700][   T34]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  253.960725][   T34]  ? netlink_deliver_tap+0x2e/0x1b0
[  253.960741][   T34]  ? netlink_deliver_tap+0x2e/0x1b0
[  253.960760][   T34]  netlink_unicast+0x75c/0x8e0
[  253.960787][   T34]  netlink_sendmsg+0x805/0xb30
[  253.960810][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  253.960828][   T34]  ? aa_sock_msg_perm+0x94/0x160
[  253.960850][   T34]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  253.960871][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  253.960886][   T34]  __sock_sendmsg+0x21c/0x270
[  253.960908][   T34]  __sys_sendto+0x3bd/0x520
[  253.960925][   T34]  ? __pfx___sys_sendto+0x10/0x10
[  253.960958][   T34]  ? do_syscall_64+0xb7/0x3b0
[  253.960977][   T34]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  253.960999][   T34]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  253.961023][   T34]  __x64_sys_sendto+0xde/0x100
[  253.961041][   T34]  do_syscall_64+0xfa/0x3b0
[  253.961058][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.961085][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.961098][   T34]  ? exc_page_fault+0x9f/0xf0
[  253.961147][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.961163][   T34] RIP: 0033:0x7f7f6419083c
[  253.961178][   T34] RSP: 002b:00007ffd79d14bd0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  253.961194][   T34] RAX: ffffffffffffffda RBX: 00007f7f64ee4620 RCX: 00007f7f6419083c
[  253.961204][   T34] RDX: 0000000000000028 RSI: 00007f7f64ee4670 RDI: 0000000000000003
[  253.961213][   T34] RBP: 0000000000000000 R08: 00007ffd79d14c24 R09: 000000000000000c
[  253.961222][   T34] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  253.961230][   T34] R13: 0000000000000000 R14: 00007f7f64ee4670 R15: 0000000000000000
[  253.961249][   T34]  </TASK>
[  253.961255][   T34] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[  253.961263][   T34] INFO: task syz-executor:6889 blocked for more than 143 seconds.
[  253.961272][   T34]       Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0
[  253.961280][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  253.961286][   T34] task:syz-executor    state:D stack:26920 pid:6889  tgid:6889  ppid:1      task_flags:0x400140 flags:0x00004004
[  253.961323][   T34] Call Trace:
[  253.961328][   T34]  <TASK>
[  253.961337][   T34]  __schedule+0x16f5/0x4d00
[  253.961359][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.961374][   T34]  ? schedule+0x165/0x360
[  253.961390][   T34]  ? __pfx___schedule+0x10/0x10
[  253.961414][   T34]  ? schedule+0x91/0x360
[  253.961430][   T34]  schedule+0x165/0x360
[  253.961446][   T34]  schedule_preempt_disabled+0x13/0x30
[  253.961460][   T34]  __mutex_lock+0x724/0xe80
[  253.961476][   T34]  ? __mutex_lock+0x51b/0xe80
[  253.961495][   T34]  ? inet_rtm_newaddr+0x3b0/0x18b0
[  253.961511][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  253.961534][   T34]  ? __nla_parse+0x40/0x60
[  253.961554][   T34]  inet_rtm_newaddr+0x3b0/0x18b0
[  253.961574][   T34]  ? __pfx_inet_rtm_newaddr+0x10/0x10
[  253.961599][   T34]  ? __pfx_inet_rtm_newaddr+0x10/0x10
[  253.961613][   T34]  rtnetlink_rcv_msg+0x7cf/0xb70
[  253.961632][   T34]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  253.961649][   T34]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  253.961676][   T34]  netlink_rcv_skb+0x208/0x470
[  253.961689][   T34]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  253.961708][   T34]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  253.961728][   T34]  ? netlink_deliver_tap+0x2e/0x1b0
[  253.961739][   T34]  ? netlink_deliver_tap+0x2e/0x1b0
[  253.961755][   T34]  netlink_unicast+0x75c/0x8e0
[  253.961779][   T34]  netlink_sendmsg+0x805/0xb30
[  253.961796][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  253.961811][   T34]  ? aa_sock_msg_perm+0x94/0x160
[  253.961827][   T34]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  253.961842][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  253.961856][   T34]  __sock_sendmsg+0x21c/0x270
[  253.961874][   T34]  __sys_sendto+0x3bd/0x520
[  253.961888][   T34]  ? __pfx___sys_sendto+0x10/0x10
[  253.961914][   T34]  ? do_syscall_64+0xb7/0x3b0
[  253.961930][   T34]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  253.961948][   T34]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  253.961968][   T34]  __x64_sys_sendto+0xde/0x100
[  253.961983][   T34]  do_syscall_64+0xfa/0x3b0
[  253.961997][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.962012][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.962024][   T34]  ? exc_page_fault+0x9f/0xf0
[  253.962040][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.962052][   T34] RIP: 0033:0x7fea6319083c
[  253.962061][   T34] RSP: 002b:00007ffc85a81070 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  253.962080][   T34] RAX: ffffffffffffffda RBX: 00007fea63ee4620 RCX: 00007fea6319083c
[  253.962090][   T34] RDX: 0000000000000028 RSI: 00007fea63ee4670 RDI: 0000000000000003
[  253.962098][   T34] RBP: 0000000000000000 R08: 00007ffc85a810c4 R09: 000000000000000c
[  253.962106][   T34] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  253.962139][   T34] R13: 0000000000000000 R14: 00007fea63ee4670 R15: 0000000000000000
[  253.962160][   T34]  </TASK>
[  253.962166][   T34] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[  253.962184][   T34] 
[  253.962184][   T34] Showing all locks held in the system:
[  253.962195][   T34] 2 locks held by rcu_tasks_trace/32:
[  253.962204][   T34]  #0: ffffffff8e13fe10 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{4:4}, at: rcu_tasks_one_gp+0xaf9/0xdf0
[  253.962251][   T34]  #1: ffffffff8e144bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730
[  253.962293][   T34] 1 lock held by khungtaskd/34:
[  253.962301][   T34]  #0: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  253.962348][   T34] 5 locks held by kworker/u11:0/55:
[  253.962355][   T34]  #0: ffff88810e2ff148 ((wq_completion)hci2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  253.962396][   T34]  #1: ffffc900007dfbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  253.962435][   T34]  #2: ffff88802a420dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  253.962476][   T34]  #3: ffff88802a4200b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0
[  253.962519][   T34]  #4: ffffffff8f684f48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  253.962566][   T34] 2 locks held by kworker/0:2/972:
[  253.962574][   T34]  #0: ffff88801a482148 ((wq_completion)events_freezable_pwr_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  253.962614][   T34]  #1: ffffc900069ffbc0 ((work_completion)(&(&ev->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  253.962679][   T34] 5 locks held by kworker/u11:1/5221:
[  253.962687][   T34]  #0: ffff888023847148 ((wq_completion)hci1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  253.962725][   T34]  #1: ffffc90020ff7bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  253.962764][   T34]  #2: ffff888111f08dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  253.962802][   T34]  #3: ffff888111f080b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0
[  253.962843][   T34]  #4: ffffffff8f684f48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  253.962882][   T34] 2 locks held by getty/5653:
[  253.962889][   T34]  #0: ffff8880292110a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  253.962928][   T34]  #1: ffffc900029062f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  253.962970][   T34] 6 locks held by kworker/u11:2/5836:
[  253.962978][   T34]  #0: ffff88810a0bd148 ((wq_completion)hci0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  253.963017][   T34]  #1: ffffc9000332fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  253.963055][   T34]  #2: ffff888029290dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  253.963098][   T34]  #3: ffff8880292900b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0
[  253.963167][   T34]  #4: ffffffff8f684f48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  253.963204][   T34]  #5: ffff888023844338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[  253.985464][   T34] 3 locks held by kworker/u8:3/5861:
[  253.985472][   T34]  #0: ffff88810da9f948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  253.985504][   T34]  #1: ffffc9000442fbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  253.985534][   T34]  #2: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30
[  253.985569][   T34] 1 lock held by syz.0.424/6864:
[  253.985576][   T34]  #0: ffffffff8e1a2ca8 (event_mutex){+.+.}-{4:4}, at: perf_trace_destroy+0x2e/0x150
[  253.985607][   T34] 1 lock held by syz.0.424/6866:
[  253.985613][   T34]  #0: ffff88802abf5008 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  253.985648][   T34] 1 lock held by syz.2.426/6868:
[  253.985654][   T34]  #0: ffff88802aa4e208 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  253.985686][   T34] 5 locks held by syz.2.426/6869:
[  253.985692][   T34] 2 locks held by syz.1.427/6872:
[  253.985698][   T34]  #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[  253.985731][   T34]  #1: ffffffff8e144bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  253.985762][   T34] 1 lock held by dhcpcd/6874:
[  253.985768][   T34]  #0: ffff8880291fc258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  253.985799][   T34] 1 lock held by dhcpcd/6875:
[  253.985805][   T34]  #0: ffff88802ac52258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  253.985833][   T34] 1 lock held by dhcpcd/6876:
[  253.985839][   T34]  #0: ffff8880313d6258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  253.985868][   T34] 1 lock held by dhcpcd/6877:
[  253.985874][   T34]  #0: ffff888029494258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  253.985902][   T34] 1 lock held by dhcpcd/6878:
[  253.985908][   T34]  #0: ffff888036f74258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  253.985937][   T34] 1 lock held by dhcpcd/6879:
[  253.985943][   T34]  #0: ffff888108a08258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[  253.985971][   T34] 1 lock held by syz-executor/6883:
[  253.985977][   T34]  #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  253.986008][   T34] 1 lock held by syz-executor/6886:
[  253.986014][   T34]  #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  253.986043][   T34] 1 lock held by syz-executor/6889:
[  253.986049][   T34]  #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  253.986084][   T34] 1 lock held by syz-executor/6896:
[  253.986089][   T34]  #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  253.986142][   T34] 1 lock held by syz-executor/6899:
[  253.986148][   T34]  #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  253.986179][   T34] 1 lock held by syz-executor/6900:
[  253.986185][   T34]  #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  253.986214][   T34] 4 locks held by kworker/u11:3/6905:
[  253.986220][   T34]  #0: ffff888045520148 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  253.986252][   T34]  #1: ffffc90007d7fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  253.986281][   T34]  #2: ffff88810f0b80b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
[  253.986311][   T34]  #3: ffffffff8f684f48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
[  253.986341][   T34] 4 locks held by kworker/u11:4/6907:
[  253.986346][   T34]  #0: ffff888045525148 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  253.986379][   T34]  #1: ffffc900082dfbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  253.986406][   T34]  #2: ffff88810f0bc0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
[  253.986435][   T34]  #3: ffffffff8f684f48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
[  253.986465][   T34] 5 locks held by kworker/u11:5/6908:
[  253.986470][   T34]  #0: ffff8880308d7148 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  253.986498][   T34]  #1: ffffc90007f97bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  253.986527][   T34]  #2: ffff88802a060dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  253.986556][   T34]  #3: ffff88802a0600b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0
[  253.986586][   T34]  #4: ffffffff8f684f48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  253.986615][   T34] 1 lock held by syz-executor/6912:
[  253.986621][   T34]  #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  253.986649][   T34] 1 lock held by syz-executor/6913:
[  253.986655][   T34]  #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  253.986684][   T34] 1 lock held by syz-executor/6914:
[  253.986689][   T34]  #0: ffffffff8f51cdc8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  253.986718][   T34] 5 locks held by kworker/u11:6/6918:
[  253.986724][   T34]  #0: ffff88802fb8f148 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  253.986752][   T34]  #1: ffffc90007777bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  253.986780][   T34]  #2: ffff88802a49cdc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  253.986808][   T34]  #3: ffff88802a49c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0
[  253.986838][   T34]  #4: ffffffff8f684f48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  253.986865][   T34] 4 locks held by kworker/u11:7/6920:
[  253.986872][   T34]  #0: ffff888045527948 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  253.986903][   T34]  #1: ffffc9000752fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  253.986931][   T34]  #2: ffff888044d0c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
[  253.986959][   T34]  #3: ffffffff8f684f48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
[  253.986989][   T34] 5 locks held by kworker/u11:8/6923:
[  253.986994][   T34]  #0: ffff88802f999148 ((wq_completion)hci4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  253.987022][   T34]  #1: ffffc9000773fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  253.987050][   T34]  #2: ffff8880312e8dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[  253.987083][   T34]  #3: ffff8880312e80b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0
[  253.987113][   T34]  #4: ffffffff8f684f48 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[  253.991513][   T34] 
[  253.991526][   T34] =============================================
[  253.991526][   T34] 
[  253.991536][   T34] NMI backtrace for cpu 0
[  253.991548][   T34] CPU: 0 UID: 0 PID: 34 Comm: khungtaskd Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0 PREEMPT(full) 
[  253.991562][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  253.991570][   T34] Call Trace:
[  253.991575][   T34]  <TASK>
[  253.991581][   T34]  dump_stack_lvl+0x189/0x250
[  253.991603][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  253.991616][   T34]  ? __pfx__printk+0x10/0x10
[  253.991638][   T34]  nmi_cpu_backtrace+0x39e/0x3d0
[  253.991655][   T34]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  253.991665][   T34]  ? _printk+0xcf/0x120
[  253.991683][   T34]  ? __pfx__printk+0x10/0x10
[  253.991699][   T34]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  253.991712][   T34]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  253.991727][   T34]  watchdog+0xfee/0x1030
[  253.991742][   T34]  ? watchdog+0x1de/0x1030
[  253.991759][   T34]  kthread+0x711/0x8a0
[  253.991779][   T34]  ? __pfx_watchdog+0x10/0x10
[  253.991789][   T34]  ? __pfx_kthread+0x10/0x10
[  253.991804][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  253.991821][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.991835][   T34]  ? __pfx_kthread+0x10/0x10
[  253.991851][   T34]  ret_from_fork+0x3fc/0x770
[  253.991868][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  253.991883][   T34]  ? __switch_to_asm+0x39/0x70
[  253.991898][   T34]  ? __switch_to_asm+0x33/0x70
[  253.991910][   T34]  ? __pfx_kthread+0x10/0x10
[  253.991926][   T34]  ret_from_fork_asm+0x1a/0x30
[  253.991948][   T34]  </TASK>
[  253.991954][   T34] Sending NMI from CPU 0 to CPUs 1:
[  253.992031][    C1] NMI backtrace for cpu 1
[  253.992048][    C1] CPU: 1 UID: 0 PID: 6869 Comm: syz.2.426 Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0 PREEMPT(full) 
[  253.992063][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  253.992075][    C1] RIP: 0010:console_flush_all+0x7f7/0xc40
[  253.992096][    C1] Code: 48 21 c3 0f 85 e9 01 00 00 e8 75 e7 1e 00 48 8b 5c 24 20 4d 85 f6 75 07 e8 66 e7 1e 00 eb 06 e8 5f e7 1e 00 fb 48 8b 44 24 28 <42> 80 3c 20 00 74 08 48 89 df e8 8a 0a 82 00 48 8b 1b 48 8b 44 24
[  253.992106][    C1] RSP: 0018:ffffc900001e0620 EFLAGS: 00000246
[  253.992147][    C1] RAX: 1ffffffff1d902ff RBX: ffffffff8ec817f8 RCX: ffff888021b7b980
[  253.992157][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  253.992164][    C1] RBP: ffffc900001e0770 R08: ffffffff8fa1e8f7 R09: 1ffffffff1f43d1e
[  253.992171][    C1] R10: dffffc0000000000 R11: fffffbfff1f43d1f R12: dffffc0000000000
[  253.992179][    C1] R13: 0000000000000001 R14: 0000000000000200 R15: ffffffff8ec817a0
[  253.992187][    C1] FS:  00007fdb518a46c0(0000) GS:ffff8881a3c1f000(0000) knlGS:0000000000000000
[  253.992196][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  253.992204][    C1] CR2: 0000000000000000 CR3: 0000000031578000 CR4: 00000000000006f0
[  253.992237][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  253.992244][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  253.992251][    C1] Call Trace:
[  253.992257][    C1]  <IRQ>
[  253.992264][    C1]  ? console_flush_all+0x13a/0xc40
[  253.992280][    C1]  ? __pfx_console_flush_all+0x10/0x10
[  253.992297][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  253.992313][    C1]  console_unlock+0xc4/0x270
[  253.992326][    C1]  ? __pfx_console_unlock+0x10/0x10
[  253.992339][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  253.992356][    C1]  vprintk_emit+0x5b7/0x7a0
[  253.992368][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  253.992379][    C1]  ? irq_work_single+0x1ac/0x240
[  253.992392][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  253.992409][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  253.992427][    C1]  _printk+0xcf/0x120
[  253.992443][    C1]  ? __pfx__printk+0x10/0x10
[  253.992462][    C1]  clocksource_watchdog+0xdca/0x11c0
[  253.992475][    C1]  ? __lock_acquire+0xab9/0xd20
[  253.992491][    C1]  ? __pfx_clocksource_watchdog+0x10/0x10
[  253.992503][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  253.992516][    C1]  call_timer_fn+0x17e/0x5f0
[  253.992528][    C1]  ? __pfx_clocksource_watchdog+0x10/0x10
[  253.992538][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.992551][    C1]  ? call_timer_fn+0xbe/0x5f0
[  253.992561][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  253.992576][    C1]  ? __pfx_clocksource_watchdog+0x10/0x10
[  253.992588][    C1]  __run_timer_base+0x61a/0x860
[  253.992604][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  253.992623][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  253.992640][    C1]  ? __pfx_run_timer_softirq+0x10/0x10
[  253.992657][    C1]  run_timer_softirq+0x67/0x180
[  253.992673][    C1]  handle_softirqs+0x286/0x870
[  253.992686][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  253.992700][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  253.992711][    C1]  ? irq_work_single+0x1ac/0x240
[  253.992723][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  253.992738][    C1]  __irq_exit_rcu+0xca/0x1f0
[  253.992749][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  253.992762][    C1]  ? rcu_is_watching+0x15/0xb0
[  253.992776][    C1]  irq_exit_rcu+0x9/0x30
[  253.992787][    C1]  sysvec_irq_work+0xa3/0xc0
[  253.992799][    C1]  </IRQ>
[  253.992803][    C1]  <TASK>
[  253.992808][    C1]  asm_sysvec_irq_work+0x1a/0x20
[  253.992820][    C1] RIP: 0010:rcu_read_unlock_special+0x87/0x4c0
[  253.992838][    C1] Code: f1 f1 f1 00 f2 f2 f2 4a 89 04 2b 66 42 c7 44 2b 09 f3 f3 42 c6 44 2b 0b f3 65 44 8b 35 62 2c f8 10 41 f7 c6 00 00 f0 00 74 49 <48> c7 44 24 40 0e 36 e0 45 4a c7 04 2b 00 00 00 00 66 42 c7 44 2b
[  253.992847][    C1] RSP: 0018:ffffc90008f47ac0 EFLAGS: 00000206
[  253.992859][    C1] RAX: 050e79cd833f5800 RBX: 1ffff920011e8f60 RCX: 050e79cd833f5800
[  253.992867][    C1] RDX: 0000000000000006 RSI: ffffffff8d99883e RDI: ffffffff8be29f40
[  253.992874][    C1] RBP: ffffc90008f47ba8 R08: ffffffff8fa1e8f7 R09: 1ffffffff1f43d1e
[  253.992882][    C1] R10: dffffc0000000000 R11: fffffbfff1f43d1f R12: ffffffff8e144400
[  253.992889][    C1] R13: dffffc0000000000 R14: 0000000000000246 R15: 0000000000000002
[  253.992903][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.992918][    C1]  ? mod_objcg_mlstate+0x24/0x260
[  253.992933][    C1]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  253.992950][    C1]  ? mod_objcg_mlstate+0x24/0x260
[  253.992962][    C1]  ? mod_objcg_mlstate+0x24/0x260
[  253.992976][    C1]  __rcu_read_unlock+0x84/0xe0
[  253.992992][    C1]  __account_obj_stock+0x96/0x310
[  253.993008][    C1]  obj_cgroup_charge_account+0x3e0/0x660
[  253.993025][    C1]  ? obj_cgroup_charge_account+0x13b/0x660
[  253.993042][    C1]  __memcg_slab_post_alloc_hook+0x3e6/0x7f0
[  253.993058][    C1]  kmem_cache_alloc_lru_noprof+0x2c7/0x3d0
[  253.993076][    C1]  ? sock_alloc_inode+0x28/0xc0
[  253.993094][    C1]  ? __pfx_sock_alloc_inode+0x10/0x10
[  253.993107][    C1]  sock_alloc_inode+0x28/0xc0
[  253.993163][    C1]  alloc_inode+0x6a/0x1b0
[  253.993178][    C1]  __sock_create+0x12d/0x9f0
[  253.993194][    C1]  ? do_syscall_64+0xb7/0x3b0
[  253.993211][    C1]  ? __pfx_perf_trace_preemptirq_template+0x10/0x10
[  253.993230][    C1]  __sys_socket+0xd7/0x1b0
[  253.993246][    C1]  __x64_sys_socket+0x7a/0x90
[  253.993262][    C1]  do_syscall_64+0xfa/0x3b0
[  253.993276][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.993286][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  253.993299][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.993309][    C1] RIP: 0033:0x7fdb5098e9a9
[  253.993321][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  253.993329][    C1] RSP: 002b:00007fdb518a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  253.993341][    C1] RAX: ffffffffffffffda RBX: 00007fdb50bb5fa0 RCX: 00007fdb5098e9a9
[  253.993349][    C1] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000029
[  253.993355][    C1] RBP: 00007fdb50a10d69 R08: 0000000000000000 R09: 0000000000000000
[  253.993361][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  253.993368][    C1] R13: 0000000000000000 R14: 00007fdb50bb5fa0 R15: 00007ffea4944a38
[  253.993381][    C1]  </TASK>
[  253.994002][   T34] Kernel panic - not syncing: hung_task: blocked tasks
[  253.994012][   T34] CPU: 0 UID: 0 PID: 34 Comm: khungtaskd Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0 PREEMPT(full) 
[  253.994022][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  253.994027][   T34] Call Trace:
[  253.994032][   T34]  <TASK>
[  253.994036][   T34]  dump_stack_lvl+0x99/0x250
[  253.994049][   T34]  ? __asan_memcpy+0x40/0x70
[  253.994061][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  253.994076][   T34]  ? __pfx__printk+0x10/0x10
[  253.994090][   T34]  panic+0x2db/0x790
[  253.994098][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.994109][   T34]  ? __pfx_panic+0x10/0x10
[  253.994140][   T34]  ? __pfx_delay_tsc+0x10/0x10
[  253.994149][   T34]  ? nmi_backtrace_stall_check+0x433/0x440
[  253.994161][   T34]  ? irq_work_queue+0xbc/0x140
[  253.994172][   T34]  watchdog+0x102d/0x1030
[  253.994180][   T34]  ? watchdog+0x1de/0x1030
[  253.994190][   T34]  kthread+0x711/0x8a0
[  253.994202][   T34]  ? __pfx_watchdog+0x10/0x10
[  253.994208][   T34]  ? __pfx_kthread+0x10/0x10
[  253.994218][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  253.994227][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.994235][   T34]  ? __pfx_kthread+0x10/0x10
[  253.994245][   T34]  ret_from_fork+0x3fc/0x770
[  253.994254][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  253.994264][   T34]  ? __switch_to_asm+0x39/0x70
[  253.994273][   T34]  ? __switch_to_asm+0x33/0x70
[  253.994282][   T34]  ? __pfx_kthread+0x10/0x10
[  253.994291][   T34]  ret_from_fork_asm+0x1a/0x30
[  253.994306][   T34]  </TASK>
[  253.995107][   T34] Kernel Offset: disabled

VM DIAGNOSIS:
15:50:28  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000064 RBX=0000000000000064 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000068f7b0
R8 =ffff888107768237 R9 =1ffff11020eed046 R10=dffffc0000000000 R11=ffffffff85472aa0
R12=dffffc0000000000 R13=ffffffff99af58bd R14=ffffffff99dfa1e0 R15=0000000000000000
RIP=ffffffff85472b1c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b861f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055b9205e7be8 CR3=000000010fd7a000 CR4=000006f0
DR0=0000200000000300 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000ff0000 0000ff00ff000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffff81680ea6 RBX=0000000000000000 RCX=ffff888021b7b980 RDX=0000000000010100
RSI=0000000000000008 RDI=ffffffff92a52460 RBP=ffffc900001e0548 RSP=ffffc900001e04c0
R8 =ffffffff92a52467 R9 =1ffffffff254a48c R10=dffffc0000000000 R11=fffffbfff254a48d
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=dffffc0000000000
RIP=ffffffff81680ea7 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fdb518a46c0 ffffffff 00c00000
GS =0000 ffff8881a3c1f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000000000000 CR3=0000000031578000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fdb50b86478 00007fdb50b86450 XMM03=00007fdb50b86488 00007fdb50b86480
XMM04=00007fdb516ed100 00007fdb50b86440 XMM05=00007fdb50b86458 00007fdb50b864a0
XMM06=00007fdb50b86498 00007fdb50b86490 XMM07=00007fdb50b86488 00007fdb50b86480
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 00007fdb50a11ec1
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
