last executing test programs:

1.892254923s ago: executing program 1 (id=1736):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000040)='notify_on_release\x00', 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000140)=ANY=[], 0x27)

1.8429136s ago: executing program 1 (id=1737):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)}, 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x9, [@typedef={0x7}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x2d}, 0x12)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={r0, 0x58, &(0x7f00000002c0)}, 0x10)

1.842455177s ago: executing program 1 (id=1739):
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = socket$kcm(0x15, 0x5, 0x0)
recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0xfffffffffffffffd}, 0x100)

1.412398699s ago: executing program 0 (id=1752):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2105, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x4, @perf_config_ext={0x3}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002480)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x41, 0x0, 0x11}, 0x0)
r0 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x10000002}]}, 0x90)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10)
r4 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10, 0x0}, 0x40040d4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
close(r6)
recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r7=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r4, 0x84, 0x64, &(0x7f0000000000)=r7, 0x10)
close(r4)

1.260130105s ago: executing program 0 (id=1754):
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x80000000c8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r1)
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce8100036c00fc08000000110200875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef)
r3 = socket$kcm(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
syz_open_procfs$namespace(0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf, 0x5}, 0x100e64, 0xc78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0xfffffffffffffe33)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_MAP_GET_NEXT_ID(0xc, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0)
close(r4)
r5 = socket$kcm(0x2, 0x200000000000001, 0x106)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
sendmsg$inet(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @loopback}, 0x10, 0x0}, 0x34004000)
write$cgroup_type(r4, &(0x7f0000000080), 0x11ffffce1)
sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x6, &(0x7f0000000000)=[{&(0x7f0000000080)="1400000016000b63d25a80648c2594f90d24fc60", 0x14}], 0x1}, 0x0)

952.084754ms ago: executing program 0 (id=1759):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f84843", 0x15}], 0x1}, 0x40)
r0 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="33fe000024"], 0xfe33)

902.572584ms ago: executing program 0 (id=1761):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = socket$kcm(0x23, 0x5, 0x0)
setsockopt$sock_attach_bpf(r2, 0x113, 0x4, 0x0, 0x0)

902.496054ms ago: executing program 1 (id=1762):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8000}, [@call={0x85, 0x0, 0x0, 0x75}]}, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10)

852.399146ms ago: executing program 1 (id=1764):
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2d, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0)
r0 = socket$kcm(0xa, 0x922000000003, 0x11)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x50)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3, 0x0, &(0x7f0000000c40)=[{0x0, 0x1, 0x0, 0x3}, {0x0, 0x3, 0x8}, {0x0, 0x4, 0x10004}], 0x10, 0x1000000}, 0x94)
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080), 0x1}, 0x20044841)
setsockopt$sock_attach_bpf(r0, 0x29, 0x24, 0x0, 0x0)
close(r1)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = socket$kcm(0x10, 0x2, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801})
write$cgroup_devices(r5, &(0x7f0000000100)=ANY=[@ANYBLOB="1b2968150001", @ANYRES16=r5, @ANYBLOB="33f38ed0"], 0xffdd)
r6 = socket$kcm(0x10, 0x400000002, 0x0)
recvmsg$kcm(r6, &(0x7f0000006480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000014c0)=""/4096, 0x1000}, {&(0x7f00000024c0)=""/4096, 0x1000}, {&(0x7f0000000b80)=""/72, 0x48}], 0x3}, 0x0)
bpf$LINK_DETACH(0x22, &(0x7f00000001c0), 0x4)
openat$cgroup_ro(r1, &(0x7f0000000200)='memory.numa_stat\x00', 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x19, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x18, &(0x7f0000001840)=ANY=[@ANYBLOB="180000009a010000000000000500000018110000d5903d0fe25ee49d69c127a073c160a2e47ba3c3e5dd5f4ef66aede2387e24f6a5867909d956a80475a81b48eb04a23fd18dec90db36f40eebdcd557a2323c2f6312963b330c7b2b762675577d309b6e97d5c60c2e7909bd1126fd0d8067883f546b874a3def588f8141dd1f7b18446fcef0f36c55ee16878fe632cb3ac4fab8b89cbc7caabe65831a1bedf5ee7f49416e9c2601b720b77b977da661a230b65c1782240b463b9e4aa74f783504234fd4da8e69fc24dcbfe03362320b4b1ab91d5cfa7b694fe192785f68592068", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000090000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x8, 0x0, 0x0, 0x41100, 0x71, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x2, 0x8, 0x472, 0x5}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000040)=[0x1], &(0x7f0000001700)=[{0x4, 0x3, 0x5, 0x3}], 0x10, 0xb}, 0x94)
sendmsg$inet(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029ea69801d76ab0a272a2a788bab6c95f79725074", 0x1c}], 0x1}, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x89f1, &(0x7f0000000900)={'bond0\x00', @random})
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000004c0)="140000002d000b35f8ffffffffffffff0424ff0f", 0x14}], 0x1, 0x0, 0x0, 0x2000000}, 0x8840)
socketpair(0x24, 0xa, 0x3ff, &(0x7f0000000600))
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040), 0x4)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
write$cgroup_int(r7, &(0x7f0000000100), 0x1001)

852.08356ms ago: executing program 0 (id=1765):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_int(r1, 0x0, 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[], 0x27)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
recvmsg$unix(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r4)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r4, 0x0, 0x58, 0x9c, &(0x7f0000000440)="ffbd34095698fe5b2625a68163fc9c7774db716b14f7aee1d7f8e359a6e1ba43507ab772f66643c6a8dfe17f95735f41694d8a5b07c7e992b54b0917cfc93bb93675def050645b5013b7354788fd668ec855cd567704be83", &(0x7f00000004c0)=""/156, 0x20000000, 0x0, 0x49, 0x98, &(0x7f0000000600)="5d9651a128c75cb346f024b1d8dc07f252f1610b47010aa1dc64fec089b6daf33788cff13f6810c45ece3d28ed8d92fb5faffd2fcd317b26c8efe79e4c345332a2466e28ab094b899e", &(0x7f00000007c0)="02c10187c71ebf36040f3807f6d862c95e23a2494ab66e7685aa930bfdf3620362691617139f72239450c2f31070f7853dbdc3343590e9532fc6ab4f010d8c293e80c1eefd9cd0f0ad3d288aab44d43cf10c76bcdb48825e606f5500032ba3ea0ef3d5c9b0e012fc8fac1bb405e637952f7aebc1a6cfe900fd7ed1064f055006251865dc745eaf27c405fcf992e6104028f2fdf1d47c3537", 0x5, 0x0, 0x6}, 0x50)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1}, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
socketpair(0x2, 0x3, 0x4, &(0x7f00000002c0))
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
close(r6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='/proc/1k\xfc\x9e\x98\xac;#\xdb\x0f!/\x00\x82q\xee\xe5\xa0\xbd\xc2\x98#'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
socket$kcm(0x10, 0x2, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000880)=ANY=[@ANYBLOB], 0x0, 0x40}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400}, 0x94)
syz_clone(0x84005080, 0x0, 0x0, 0x0, 0x0, 0x0)

413.213434ms ago: executing program 2 (id=1772):
bpf$ITER_CREATE(0x21, &(0x7f0000000380), 0x8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="12000000d30000000800000002"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1}, &(0x7f0000001d80), &(0x7f0000001d40)=r0}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000002c0)={r1, &(0x7f0000000340)="5bc6dbe63aca866b8c614949c19723add819b98eb270", &(0x7f0000000580)=""/208}, 0x20)

412.824574ms ago: executing program 2 (id=1773):
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f0000000000)=@framed={{}, [@printk={@lx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x10}}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

412.548187ms ago: executing program 1 (id=1774):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_config_ext={0x400, 0x8}, 0x4202, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_bp={&(0x7f0000000c40), 0x1}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[], &(0x7f0000000c00)='GPL\x00'}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000080654d970008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$kcm(0xa, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x8918, &(0x7f0000000000)={r1})
write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000180)={'b', ' *:* ', 'm\x00'}, 0x8)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$kcm(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x202, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[], &(0x7f0000000c00)='GPL\x00'}, 0x94)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371600000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0)

260.917389ms ago: executing program 2 (id=1775):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x21, &(0x7f0000000ac0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xc5ae447da5e7c058}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)

260.705831ms ago: executing program 2 (id=1776):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r0, 0x2f, 0x14, 0x4, @void, @value=r0}, 0x20)

260.596899ms ago: executing program 2 (id=1777):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f00000002c0)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000540)=ANY=[@ANYBLOB='E'], 0x31)

261.933µs ago: executing program 2 (id=1778):
r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000580)={0x2, 0x80, 0x8, 0x1, 0x0, 0x7e, 0x0, 0x7ff0, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7f, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x8)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000100))
r1 = perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x4)
r2 = socket$kcm(0xa, 0x922000000003, 0x11)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x50)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4)
sendmsg$kcm(r2, &(0x7f0000000000)={&(0x7f0000000cc0)=@l2tp6={0xa, 0x0, 0x1000, @mcast1, 0x7, 0x83}, 0x80, &(0x7f0000000180)=[{&(0x7f00000007c0)="f4000900062b3325fe80000000000000dc8b850f23848f7e5c74a57f32cd8caf80bc8e7a2f3ce32a", 0x28}], 0x1}, 0x800)
r3 = socket$kcm(0x10, 0x2, 0x10)
perf_event_open$cgroup(&(0x7f0000000180)={0x1, 0x80, 0xf7, 0xfa, 0x0, 0x2, 0x0, 0x1, 0x8000, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x6, 0x0, @perf_bp={&(0x7f0000000140), 0x2}, 0x100000, 0x2, 0xd, 0x1, 0x1, 0x4, 0xe, 0x0, 0xf31, 0x0, 0xfff}, 0xffffffffffffffff, 0x9, r1, 0x0)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="140000002d000b35f8ffffffffffffff0424ff0f", 0x14}], 0x1, 0x0, 0x0, 0x2000000}, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[], &(0x7f0000000c00)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r5, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$kcm(0xa, 0x1, 0x106)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r6}, 0x18)
bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r7}, 0x8)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x3, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x2000, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x29, 0x2, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001cc0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123f51c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e3962dcddef6af1a11972a6b4975022278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd0971d379380bf63432872cfed453870000b219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d3f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3296e52d3112874ec51d6fe048ba6866adebab53168770a71ad901ace383e7927de217d6bf74daf41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafce5c1b3f97a297c9e490f241999085afabdd529f62ca0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637f99f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec737555392a0b06491cba71f897144910fe050038ec9e475e89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb6179d257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0117c9b737b9b59418006c1bc1aafa2768e82597251e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b101000f49e298727340e87cdefb40e56e9cfad973347d0de7ba4754ff231a1b933d8f931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf444b032dad13007b82e6044f643fc8cd07a97e2bbe636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935f602325984386b21b96492ae662082b56cf666e63a757c0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e71338a40c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2603bfab96831957a08e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d"], &(0x7f0000000140)='GPL\x00'}, 0x94)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000540)={@fallback=r4, 0x0, 0x1, 0x2, &(0x7f0000000240)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000280)=[0x0, 0x0, 0x0], 0x0, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40)
r9 = socket$kcm(0x2, 0x1, 0x0)
setsockopt$sock_attach_bpf(r9, 0x1, 0x32, &(0x7f00000001c0)=r8, 0x4)

0s ago: executing program 0 (id=1779):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000c00)=ANY=[@ANYBLOB="61126f000000000061134c0000000000bf20000000000000070000000f0000003d030100000000009500ffb1000000006926000000000000bf670000000000001500fdff0fff52e84407000009300000240600000ee60000bf050000000000001c63000000000000650700000200000007070000fbffffff1f75000000000000bf54000000000000070400000410f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8673e2060162cc43bcba1060999eef9d60bb39d0af449deaa27ea949e8f9000d885deea2783835e29eba8546fc020c1966f8b5f32b095f566edf66b7751828da9dbd5b996b9e8d897e461c01c697671d100000000400036c17fb01dde179c1f2686ee970d6482a2e71a55d6ebe700b3be005e47ef55e0dd81244b18590e000000000000356d82e43407a6d7fa94b21002f06cd247b126b6349ab62d7b07ba0a71a72145edade9941f49f300a8c8913e0e4ea9e4c77740ab3312edee62a4dc2fc85755d387bfa1bc9b49da28724ba9cd79fbee8f97af876d0e30c19555ffdd7d73815b459f4763c6222175c974be2f76fb5f330b015a68587a75c013000000000000000000000003000000000000d6ddc46e58eff8f4fbadfc6a3af8123b7f42407107000cdc9d7820c4eb67cc0f8b5fe9258eeacb5776aebbab3d5c55020000006082778366dadfc36029633e0514cbcee1f3928970bde148c940434f33acd377cbad17673b2d30b6339255c98eba97efb4e9ac1f11be815dd6045592edcbee7f253ec74c7c1313505bd7ff8fd58b3a6569c91dbdef1df585aeaea7346a2a65caee5c85f9eddeeeee3c8a2e523c864ac430eb47cb4d0c8767b9d4125661b5a1a170c04b64da3a99ddb93bf14fae3ca2d1e882375b8dbac83978e136c34f90b33cc0eeb57debcfe26589efc08124d5d62a7e593c9738a50171adf051ea4f07e7e7e770c2016eeacbe8511afffffbea75759a1ea5404f5453c0b5c46c9700808c096cf8cf5223f341cb003841b5cd224c1b381d56afebe9f99a00e3cd94dc0bb7af9e8709db487cc4d9b3b96723d69d512ddd57b0dee9b9f6ae80a502cce352098603e75414c91fce6c86287945bd8d258442760000ff010000000000000000000000300807f2f3906c1d45d05ba9df828d35376fed399fa311ff63a34f0c0b82b4f2825e729eb9b7f4c9ab3be5bc011ff29904bbc424880247fabe7325a6e8d139e99d2b2fbf7e84fca3b21c78840b858ce900a4eb9c2b8b9b7fb664d2aeac991ca09b1afc0ef7aed4541a2f7275130a9fa3853481c81e919c000000000000000000000000b1e0e4b55e0d5d8c657b4853fc18ec43be33e5f971cceda04d95c87489910ce692ee55c536d1671bffd4c9b98efb741b13f0ab26ac191c74"], &(0x7f0000000100)='GPL\x00'}, 0x48)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:30604' (ED25519) to the list of known hosts.
syzkaller login: [   48.996681][ T5800] cgroup: Unknown subsys name 'net'
[   49.143495][ T5800] cgroup: Unknown subsys name 'cpuset'
[   49.147309][ T5800] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.567328][ T5800] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   57.043298][ T5822] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   58.368342][ T5835] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   58.371798][ T5835] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   58.381606][ T5840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   58.384858][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   58.390665][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   58.409196][ T5839] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   58.410583][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   58.413046][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   58.414412][ T5844] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   58.419254][ T5835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   58.419447][ T5844] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   58.425812][ T5835] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   58.428392][ T5844] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   58.431963][ T5844] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   58.434419][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   58.759551][ T5841] chnl_net:caif_netlink_parms(): no params data found
[   58.796821][ T5833] chnl_net:caif_netlink_parms(): no params data found
[   58.817725][ T5837] chnl_net:caif_netlink_parms(): no params data found
[   58.900765][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.903655][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.906120][ T5841] bridge_slave_0: entered allmulticast mode
[   58.908894][ T5841] bridge_slave_0: entered promiscuous mode
[   58.918582][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.922744][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.925652][ T5833] bridge_slave_0: entered allmulticast mode
[   58.929536][ T5833] bridge_slave_0: entered promiscuous mode
[   58.935800][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.938830][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.942578][ T5841] bridge_slave_1: entered allmulticast mode
[   58.946417][ T5841] bridge_slave_1: entered promiscuous mode
[   58.970374][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.976502][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.979478][ T5833] bridge_slave_1: entered allmulticast mode
[   58.984470][ T5833] bridge_slave_1: entered promiscuous mode
[   59.013070][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.034456][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.067118][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.097200][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.100162][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.104199][ T5837] bridge_slave_0: entered allmulticast mode
[   59.108070][ T5837] bridge_slave_0: entered promiscuous mode
[   59.114672][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.127140][ T5841] team0: Port device team_slave_0 added
[   59.129325][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.133819][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.136639][ T5837] bridge_slave_1: entered allmulticast mode
[   59.140528][ T5837] bridge_slave_1: entered promiscuous mode
[   59.173035][ T5841] team0: Port device team_slave_1 added
[   59.189920][ T5833] team0: Port device team_slave_0 added
[   59.215794][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.219467][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0
[   59.222703][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.231981][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.237443][ T5833] team0: Port device team_slave_1 added
[   59.241811][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.245244][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.247668][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.256850][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.302923][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[   59.305712][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.316338][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.332190][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.335041][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.345386][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.352570][ T5837] team0: Port device team_slave_0 added
[   59.374623][ T5837] team0: Port device team_slave_1 added
[   59.389241][ T5841] hsr_slave_0: entered promiscuous mode
[   59.392096][ T5841] hsr_slave_1: entered promiscuous mode
[   59.428666][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0
[   59.431978][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.443000][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.492536][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.495416][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.506081][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.515578][ T5833] hsr_slave_0: entered promiscuous mode
[   59.520004][ T5833] hsr_slave_1: entered promiscuous mode
[   59.523504][ T5833] debugfs: 'hsr0' already exists in 'hsr'
[   59.525903][ T5833] Cannot create hsr debugfs directory
[   59.662712][ T5837] hsr_slave_0: entered promiscuous mode
[   59.665892][ T5837] hsr_slave_1: entered promiscuous mode
[   59.668826][ T5837] debugfs: 'hsr0' already exists in 'hsr'
[   59.672154][ T5837] Cannot create hsr debugfs directory
[   59.849993][ T5841] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   59.867493][ T5841] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   59.882586][ T5841] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   59.886668][ T5841] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   59.939311][ T5833] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   59.945588][ T5833] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   59.953760][ T5833] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   59.972097][ T5833] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   60.029814][ T5837] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   60.037680][ T5837] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   60.054428][ T5837] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   60.063130][ T5837] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   60.155893][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.190365][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.198129][ T5841] 8021q: adding VLAN 0 to HW filter on device team0
[   60.215679][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.218689][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.238914][ T1092] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.241390][ T1092] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.248579][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[   60.262633][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.266184][ T1092] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.268587][ T1092] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.295942][ T5837] 8021q: adding VLAN 0 to HW filter on device team0
[   60.304544][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.307667][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.333832][ T1092] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.336833][ T1092] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.373656][ T1092] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.376504][ T1092] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.492368][ T5835] Bluetooth: hci2: command tx timeout
[   60.494613][ T5835] Bluetooth: hci1: command tx timeout
[   60.496447][ T5835] Bluetooth: hci0: command tx timeout
[   60.566990][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.594908][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.628139][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.643756][ T5841] veth0_vlan: entered promiscuous mode
[   60.666037][ T5841] veth1_vlan: entered promiscuous mode
[   60.679506][ T5833] veth0_vlan: entered promiscuous mode
[   60.695408][ T5833] veth1_vlan: entered promiscuous mode
[   60.704153][ T5841] veth0_macvtap: entered promiscuous mode
[   60.723562][ T5841] veth1_macvtap: entered promiscuous mode
[   60.727120][ T5837] veth0_vlan: entered promiscuous mode
[   60.748283][ T5837] veth1_vlan: entered promiscuous mode
[   60.755889][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.773329][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.786965][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.795216][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.803413][ T5833] veth0_macvtap: entered promiscuous mode
[   60.810668][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.816123][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   60.833960][ T5833] veth1_macvtap: entered promiscuous mode
[   60.844956][ T5837] veth0_macvtap: entered promiscuous mode
[   60.853800][ T5837] veth1_macvtap: entered promiscuous mode
[   60.882400][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.893578][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.905817][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.927967][ T5679] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.932971][ T5679] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.938213][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.963379][ T5679] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.967074][ T5679] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   60.989444][ T5679] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   61.013487][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.017648][ T5679] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   61.021276][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.025718][ T5679] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   61.043666][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.047780][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.048380][ T5849] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   61.133024][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.140060][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.158630][   T83] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.171077][   T83] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.215265][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.222461][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.262777][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.268132][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.655689][    C1] hrtimer: interrupt took 32048 ns
[   62.405157][ T5928] syz_tun: refused to change device tx_queue_len
[   62.453099][ T5934] C: renamed from team_slave_0 (while UP)
[   62.571725][ T5840] Bluetooth: hci0: command tx timeout
[   62.574120][ T5840] Bluetooth: hci1: command tx timeout
[   62.576430][ T5840] Bluetooth: hci2: command tx timeout
[   62.925158][ T5934] netlink: 'syz.2.20': attribute type 1 has an invalid length.
[   62.930156][ T5934] netlink: 152 bytes leftover after parsing attributes in process `syz.2.20'.
[   63.207063][ T5950] netlink: 10 bytes leftover after parsing attributes in process `syz.1.28'.
[   64.132364][ T5978] netlink: 'syz.0.41': attribute type 16 has an invalid length.
[   64.136898][ T5978] netlink: 152 bytes leftover after parsing attributes in process `syz.0.41'.
[   64.152941][ T5981] netlink: 'syz.2.39': attribute type 15 has an invalid length.
[   64.156301][ T5981] netlink: 'syz.2.39': attribute type 7 has an invalid length.
[   64.185129][ T5981] netlink: 52 bytes leftover after parsing attributes in process `syz.2.39'.
[   64.278987][ T5985] netlink: 'syz.1.43': attribute type 10 has an invalid length.
[   64.324942][ T5985] team0: Cannot enslave team device to itself
[   64.486535][ T5996] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.48'.
[   64.661066][ T5840] Bluetooth: hci2: command tx timeout
[   64.663356][ T5835] Bluetooth: hci1: command tx timeout
[   64.665994][ T5835] Bluetooth: hci0: command tx timeout
[   65.008583][ T6022] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   65.017883][ T6022] sock: sock_timestamping_bind_phc: sock not bind to device
[   65.126283][ T6030] warning: `syz.1.64' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   65.263299][ T6038] netlink: 56537 bytes leftover after parsing attributes in process `syz.1.68'.
[   65.414584][ T6044] Zero length message leads to an empty skb
[   65.462468][ T5208] Bluetooth: hci2: Unable to find connection for big 0x00
[   66.015871][ T6065] netlink: 'syz.1.79': attribute type 1 has an invalid length.
[   66.019069][ T6065] netlink: 'syz.1.79': attribute type 4 has an invalid length.
[   66.024167][ T6065] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.79'.
[   66.664908][ T6067] netlink: 132 bytes leftover after parsing attributes in process `syz.1.80'.
[   66.742488][ T5208] Bluetooth: hci0: command tx timeout
[   66.744874][ T5208] Bluetooth: hci2: command tx timeout
[   66.747546][ T5835] Bluetooth: hci1: command tx timeout
[   67.653181][ T6120] netlink: 'syz.2.104': attribute type 21 has an invalid length.
[   67.662555][ T6120] netlink: 'syz.2.104': attribute type 5 has an invalid length.
[   67.673303][ T6121] netlink: 'syz.1.103': attribute type 15 has an invalid length.
[   67.688466][ T6121] netlink: 52 bytes leftover after parsing attributes in process `syz.1.103'.
[   67.854484][ T6135] netlink: 152 bytes leftover after parsing attributes in process `syz.0.111'.
[   67.954794][ T6144] __nla_validate_parse: 1 callbacks suppressed
[   67.954804][ T6144] netlink: 4068 bytes leftover after parsing attributes in process `syz.1.115'.
[   68.267256][ T6164] cgroup: fork rejected by pids controller in /syz2
[   68.726693][ T5849] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.815471][ T5849] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.882282][ T5849] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.894798][ T6195] validate_nla: 3 callbacks suppressed
[   68.894808][ T6195] netlink: 'syz.1.140': attribute type 2 has an invalid length.
[   68.900568][ T6195] netlink: 'syz.1.140': attribute type 1 has an invalid length.
[   68.905302][ T6195] netlink: 199820 bytes leftover after parsing attributes in process `syz.1.140'.
[   68.913299][ T6195] block nbd5: not configured, cannot reconfigure
[   68.951408][ T5849] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   69.180494][ T5849] bridge_slave_1: left allmulticast mode
[   69.190579][ T5849] bridge_slave_1: left promiscuous mode
[   69.211444][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.235509][ T5849] bridge_slave_0: left allmulticast mode
[   69.237888][ T5849] bridge_slave_0: left promiscuous mode
[   69.245836][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.275888][ T5840] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   69.279913][ T5840] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   69.284293][ T5840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   69.288494][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   69.294376][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   69.967878][ T5849] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   69.975301][ T5849] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   69.980691][ T5849] bond0 (unregistering): Released all slaves
[   70.140219][ T6223] syzkaller0: entered promiscuous mode
[   70.145115][ T6223] syzkaller0: entered allmulticast mode
[   70.334594][ T6237] netlink: 'syz.0.153': attribute type 21 has an invalid length.
[   71.197824][ T6241] netlink: 160 bytes leftover after parsing attributes in process `syz.0.155'.
[   71.298123][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   71.302559][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   71.374085][ T5208] Bluetooth: hci0: command tx timeout
[   71.404621][ T6251] Illegal XDP return value 1364789168 on prog  (id 42) dev N/A, expect packet loss!
[   71.426764][ T5849] hsr_slave_0: left promiscuous mode
[   71.439884][ T5849] hsr_slave_1: left promiscuous mode
[   71.443798][ T5849] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   71.447021][ T5849] batman_adv: batadv0: Removing interface: batadv_slave_0
[   71.470210][ T5849] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   71.490931][ T5849] batman_adv: batadv0: Removing interface: batadv_slave_1
[   71.524087][ T5849] veth1_macvtap: left promiscuous mode
[   71.526630][ T5849] veth0_macvtap: left promiscuous mode
[   71.529329][ T5849] veth1_vlan: left promiscuous mode
[   71.535457][ T5849] veth0_vlan: left promiscuous mode
[   72.238256][ T5849] team0 (unregistering): Port device team_slave_1 removed
[   72.270950][ T5849] team0 (unregistering): Port device C removed
[   72.329112][ T6273] netlink: 'syz.0.165': attribute type 40 has an invalid length.
[   72.599724][ T6273] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.675812][ T6202] chnl_net:caif_netlink_parms(): no params data found
[   73.139078][ T6202] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.146120][ T6202] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.148932][ T6202] bridge_slave_0: entered allmulticast mode
[   73.161732][ T6202] bridge_slave_0: entered promiscuous mode
[   73.165545][ T6202] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.168064][ T6202] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.170706][ T6202] bridge_slave_1: entered allmulticast mode
[   73.174252][ T6202] bridge_slave_1: entered promiscuous mode
[   73.290083][ T6202] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.312960][ T6202] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.423746][ T6202] team0: Port device team_slave_0 added
[   73.429015][ T6202] team0: Port device team_slave_1 added
[   73.451395][ T5208] Bluetooth: hci0: command tx timeout
[   73.822541][ T6202] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.825867][ T6202] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.836707][ T6202] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.843220][ T6202] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.846554][ T6202] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.860705][ T6202] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.998896][ T6202] hsr_slave_0: entered promiscuous mode
[   74.004122][ T6202] hsr_slave_1: entered promiscuous mode
[   74.006400][ T6202] debugfs: 'hsr0' already exists in 'hsr'
[   74.010415][ T6202] Cannot create hsr debugfs directory
[   75.531248][ T5208] Bluetooth: hci0: command tx timeout
[   75.601425][ T6329] netlink: 212424 bytes leftover after parsing attributes in process `syz.0.178'.
[   75.873398][ T6202] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   75.889093][ T6202] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   75.976553][ T6202] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   76.051743][ T6202] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   76.616652][ T6202] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.636963][ T6202] 8021q: adding VLAN 0 to HW filter on device team0
[   76.648161][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.651203][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.660085][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.663118][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.805757][ T6202] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.829874][ T6202] veth0_vlan: entered promiscuous mode
[   76.836785][ T6202] veth1_vlan: entered promiscuous mode
[   76.867729][ T6202] veth0_macvtap: entered promiscuous mode
[   76.879284][ T6202] veth1_macvtap: entered promiscuous mode
[   76.889852][ T6202] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.898052][ T6202] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.905320][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.908348][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.919314][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.924076][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.930952][   T47] cfg80211: failed to load regulatory.db
[   77.082237][ T6378] tap0: tun_chr_ioctl cmd 1074025672
[   77.086459][ T6378] tap0: ignored: set checksum enabled
[   77.484691][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.492155][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.513040][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.515687][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.611162][ T5208] Bluetooth: hci0: command tx timeout
[   77.636763][ T6393] C: renamed from team_slave_0 (while UP)
[   77.644296][ T6393] netlink: 'syz.1.191': attribute type 3 has an invalid length.
[   77.646921][ T6393] netlink: 152 bytes leftover after parsing attributes in process `syz.1.191'.
[   77.650467][ T6393] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[   77.851553][ T6404] netlink: 'syz.1.196': attribute type 2 has an invalid length.
[   77.858781][ T6404] netlink: 137592 bytes leftover after parsing attributes in process `syz.1.196'.
[   79.647289][ T6417] netlink: 144 bytes leftover after parsing attributes in process `syz.1.202'.
[   79.660994][ T6419] netlink: 'syz.2.203': attribute type 10 has an invalid length.
[   79.789637][ T6428] netlink: 132 bytes leftover after parsing attributes in process `syz.0.207'.
[   80.763393][ T6443] netlink: 'syz.1.213': attribute type 29 has an invalid length.
[   80.770303][ T6443] netlink: 'syz.1.213': attribute type 29 has an invalid length.
[   80.780439][ T6443] netlink: 'syz.1.213': attribute type 29 has an invalid length.
[   80.780698][ T6445] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:0603:0000:0023 with DS=0x3f
[   81.087961][ T6470] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.225'.
[   81.116509][ T6466] : renamed from bond0 (while UP)
[   81.208010][ T6477] netlink: 'syz.1.228': attribute type 10 has an invalid length.
[   81.225388][ T6477] netlink: 40 bytes leftover after parsing attributes in process `syz.1.228'.
[   81.247969][ T6477] batman_adv: batadv0: Adding interface: vlan1
[   81.250481][ T6477] batman_adv: batadv0: The MTU of interface vlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.304468][ T6477] batman_adv: batadv0: Interface activated: vlan1
[   82.561462][ T6545] netlink: 'syz.2.255': attribute type 2 has an invalid length.
[   82.581073][ T6545] netlink: 'syz.2.255': attribute type 1 has an invalid length.
[   82.594998][ T6545] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.255'.
[   82.610372][ T6545] block nbd5: not configured, cannot reconfigure
[   84.184692][ T6604] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.282'.
[   84.373983][ T6610] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.285'.
[   84.630740][ T6626] netlink: 'syz.1.291': attribute type 10 has an invalid length.
[   84.639933][ T6626] netlink: 65015 bytes leftover after parsing attributes in process `syz.1.291'.
[   85.237890][ T6662] netdevsim netdevsim0 : renamed from netdevsim0 (while UP)
[   86.577318][ T6674] netlink: 152 bytes leftover after parsing attributes in process `syz.2.313'.
[   86.581250][ T6674] tc_dump_action: action bad kind
[   87.576074][ T6713] netlink: 10 bytes leftover after parsing attributes in process `syz.0.332'.
[   87.604746][ T6715] netlink: 'syz.0.333': attribute type 3 has an invalid length.
[   87.613826][ T6715] netlink: 'syz.0.333': attribute type 1 has an invalid length.
[   87.616379][ T6715] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.333'.
[   87.638046][ T6715] netlink: 17 bytes leftover after parsing attributes in process `syz.0.333'.
[   88.435175][ T6776] netlink: 'syz.2.361': attribute type 3 has an invalid length.
[   88.437774][ T6776] netlink: 201336 bytes leftover after parsing attributes in process `syz.2.361'.
[   88.532454][ T6778] netlink: 64859 bytes leftover after parsing attributes in process `syz.0.362'.
[   89.038498][ T6808] netlink: 830 bytes leftover after parsing attributes in process `syz.2.376'.
[   89.084255][ T6805] netlink: 'syz.1.375': attribute type 4 has an invalid length.
[   89.087848][ T6805] netlink: 152 bytes leftover after parsing attributes in process `syz.1.375'.
[   89.091006][ T6812] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.378'.
[   89.201979][ T6805] netlink: 6 bytes leftover after parsing attributes in process `syz.1.375'.
[   89.205285][ T6805] A link change request failed with some changes committed already. Interface  may have been left with an inconsistent configuration, please check.
[   89.215768][ T6805] syz.1.375 (6805) used greatest stack depth: 18488 bytes left
[   89.296866][ T6817] netlink: 'syz.0.380': attribute type 10 has an invalid length.
[   89.745043][ T6836] netlink: 'syz.1.388': attribute type 21 has an invalid length.
[   91.744941][ T6863] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[   91.749475][ T6863] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[   92.034159][ T6877] netlink: 'syz.2.404': attribute type 1 has an invalid length.
[   92.038247][ T6877] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.404'.
[   92.265585][ T6886] caif0: entered promiscuous mode
[   92.268153][ T6886] caif0: entered allmulticast mode
[   93.394261][ T6912] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.421'.
[   94.663733][ T6923] netlink: 60 bytes leftover after parsing attributes in process `syz.0.424'.
[   94.681375][ T6922] netlink: 60 bytes leftover after parsing attributes in process `syz.0.424'.
[   94.692111][ T6922] netlink: 60 bytes leftover after parsing attributes in process `syz.0.424'.
[   94.882077][ T6928] netlink: 60 bytes leftover after parsing attributes in process `syz.1.426'.
[   94.908666][ T6928] netlink: 60 bytes leftover after parsing attributes in process `syz.1.426'.
[   94.923689][ T6928] netlink: 60 bytes leftover after parsing attributes in process `syz.1.426'.
[   95.296806][ T6944] netlink: 'syz.2.433': attribute type 21 has an invalid length.
[   95.300424][ T6944] netlink: 100 bytes leftover after parsing attributes in process `syz.2.433'.
[   95.307982][ T6943] netlink: 'syz.1.432': attribute type 10 has an invalid length.
[   95.310737][ T6943] netlink: 156 bytes leftover after parsing attributes in process `syz.1.432'.
[   95.726792][ T6970] netlink: 'syz.0.444': attribute type 16 has an invalid length.
[   96.922027][ T7003] netlink: 'syz.0.454': attribute type 3 has an invalid length.
[  101.464876][ T7108] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  101.468405][ T7108] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  101.950674][ T7124] __nla_validate_parse: 2 callbacks suppressed
[  101.950732][ T7124] netlink: 13435 bytes leftover after parsing attributes in process `syz.2.508'.
[  101.974027][ T7124] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.508'.
[  103.478942][ T7153] netlink: 44 bytes leftover after parsing attributes in process `syz.1.518'.
[  103.486381][ T7153] netlink: 'syz.1.518': attribute type 3 has an invalid length.
[  103.583875][ T7163] netlink: 'syz.0.519': attribute type 39 has an invalid length.
[  103.733648][ T7171] netlink: 'syz.2.526': attribute type 10 has an invalid length.
[  103.801407][ T7171] bridge0: port 3(netdevsim0) entered blocking state
[  103.830922][ T7171] bridge0: port 3(netdevsim0) entered disabled state
[  103.834196][ T7171] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  103.898930][ T7171] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  104.087359][ T7195] netlink: 1053 bytes leftover after parsing attributes in process `syz.2.535'.
[  104.934689][ T7235] netlink: 'syz.2.553': attribute type 46 has an invalid length.
[  104.937912][ T7235] netlink: 55 bytes leftover after parsing attributes in process `syz.2.553'.
[  105.012118][ T7237] netlink: 'syz.2.555': attribute type 46 has an invalid length.
[  105.595462][ T7256] netlink: 60 bytes leftover after parsing attributes in process `syz.0.562'.
[  106.057623][ T7282] netlink: 'syz.0.568': attribute type 10 has an invalid length.
[  106.069557][ T7282] netlink: 55 bytes leftover after parsing attributes in process `syz.0.568'.
[  106.931686][ T7304] netlink: 60 bytes leftover after parsing attributes in process `syz.0.582'.
[  106.937099][ T7304] netlink: 60 bytes leftover after parsing attributes in process `syz.0.582'.
[  106.943198][ T7304] netlink: 60 bytes leftover after parsing attributes in process `syz.0.582'.
[  106.983739][ T7310] netlink: 'syz.1.583': attribute type 1 has an invalid length.
[  106.987155][ T7310] netlink: 4 bytes leftover after parsing attributes in process `syz.1.583'.
[  107.245590][ T5208] Bluetooth: hci0: unexpected event 0x3d length: 151 > 14
[  107.529151][ T5208] Bluetooth: hci0: unknown advertising packet type: 0xff
[  107.588754][ T7353] netlink: 180 bytes leftover after parsing attributes in process `syz.0.603'.
[  107.614540][ T7355] netlink: 14 bytes leftover after parsing attributes in process `syz.2.605'.
[  107.618275][ T7355] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  107.622403][ T7355] batman_adv: batadv0: Removing interface: batadv_slave_0
[  107.625524][ T7355] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  107.628012][ T7355] batman_adv: batadv0: Removing interface: batadv_slave_1
[  108.195517][ T7387] netlink: 'syz.0.620': attribute type 10 has an invalid length.
[  108.318771][ T7397] netlink: 'syz.0.625': attribute type 10 has an invalid length.
[  108.322501][ T7397] netlink: 40 bytes leftover after parsing attributes in process `syz.0.625'.
[  108.777498][ T7428] syz.2.640 uses obsolete (PF_INET,SOCK_PACKET)
[  109.112761][ T7451] netlink: 'syz.2.649': attribute type 41 has an invalid length.
[  109.119344][ T7451] netlink: 40 bytes leftover after parsing attributes in process `syz.2.649'.
[  109.182754][ T7455] netlink: 16255 bytes leftover after parsing attributes in process `syz.2.652'.
[  109.457744][ T7477] netlink: 'syz.1.661': attribute type 20 has an invalid length.
[  110.254310][ T7507] netlink: 16255 bytes leftover after parsing attributes in process `syz.0.676'.
[  110.458224][ T7509] netlink: 'syz.1.675': attribute type 1 has an invalid length.
[  110.467409][ T7509] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.675'.
[  111.029745][ T7547] netlink: 'syz.2.692': attribute type 3 has an invalid length.
[  111.033411][ T7547] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.692'.
[  111.129152][ T7553] netlink: 'syz.0.695': attribute type 19 has an invalid length.
[  111.133097][ T7553] netlink: 55 bytes leftover after parsing attributes in process `syz.0.695'.
[  115.322816][ T7601] netlink: 65051 bytes leftover after parsing attributes in process `syz.2.716'.
[  115.468022][ T7612] netlink: 60 bytes leftover after parsing attributes in process `syz.1.721'.
[  115.471689][ T7612] netlink: 60 bytes leftover after parsing attributes in process `syz.1.721'.
[  115.497721][ T7613] netlink: 'syz.2.717': attribute type 39 has an invalid length.
[  115.592681][ T7617] netlink: 26 bytes leftover after parsing attributes in process `syz.1.723'.
[  115.725825][ T7624] netlink: 40227 bytes leftover after parsing attributes in process `syz.0.725'.
[  115.861704][ T7637] netlink: 60 bytes leftover after parsing attributes in process `syz.1.730'.
[  115.865039][ T7634] netlink: 60 bytes leftover after parsing attributes in process `syz.1.730'.
[  116.080727][ T7641] netlink: 'syz.1.733': attribute type 21 has an invalid length.
[  116.086379][ T7641] netlink: 'syz.1.733': attribute type 6 has an invalid length.
[  116.090287][ T7641] netlink: 132 bytes leftover after parsing attributes in process `syz.1.733'.
[  116.784877][ T7683] netlink: 61211 bytes leftover after parsing attributes in process `syz.0.751'.
[  118.079894][ T7743] netlink: 'syz.2.778': attribute type 49 has an invalid length.
[  118.563982][ T7764] netlink: 'syz.2.785': attribute type 11 has an invalid length.
[  118.566934][ T7764] netlink: 168 bytes leftover after parsing attributes in process `syz.2.785'.
[  119.517284][ T7790] netlink: 'syz.2.798': attribute type 21 has an invalid length.
[  119.733262][ T7815] netlink: 'syz.2.810': attribute type 10 has an invalid length.
[  120.653475][ T7877] __nla_validate_parse: 4 callbacks suppressed
[  120.653553][ T7877] netlink: 12 bytes leftover after parsing attributes in process `syz.2.836'.
[  121.360905][    C1] clocksource: Long readout interval, skipping watchdog check: cs_nsec: 1130002630 wd_nsec: 1130002679
[  121.706941][ T7908] netlink: 'syz.2.850': attribute type 39 has an invalid length.
[  122.089196][ T7921] netlink: 14601 bytes leftover after parsing attributes in process `syz.2.856'.
[  122.128882][ T7923] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.857'.
[  122.133133][ T7923] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  122.137363][ T7923] openvswitch: netlink: Message has 2 unknown bytes.
[  122.291533][ T7930] netlink: 'syz.2.860': attribute type 29 has an invalid length.
[  122.295220][ T7930] netlink: 'syz.2.860': attribute type 29 has an invalid length.
[  122.300313][ T7930] netlink: 'syz.2.860': attribute type 29 has an invalid length.
[  122.313873][ T7930] netlink: 'syz.2.860': attribute type 29 has an invalid length.
[  122.560195][ T7944] netlink: 'syz.1.867': attribute type 7 has an invalid length.
[  122.965323][ T7969] sit0: entered allmulticast mode
[  122.975499][ T7969] sit0: entered promiscuous mode
[  123.916295][ T7984] netlink: 'syz.0.885': attribute type 29 has an invalid length.
[  123.988276][ T7986] netlink: 'syz.2.886': attribute type 10 has an invalid length.
[  123.991691][ T7986] netlink: 'syz.2.886': attribute type 16 has an invalid length.
[  123.994371][ T7986] netlink: 156 bytes leftover after parsing attributes in process `syz.2.886'.
[  124.448012][ T5208] Bluetooth: hci2: Malformed HCI Event: 0x22
[  124.946459][ T8065] syzkaller0: entered promiscuous mode
[  124.948860][ T8065] syzkaller0: entered allmulticast mode
[  125.034217][ T8071] netlink: 'syz.1.924': attribute type 5 has an invalid length.
[  125.037526][ T8071] netlink: 176 bytes leftover after parsing attributes in process `syz.1.924'.
[  125.324002][ T8077] IPv6: Can't replace route, no match found
[  125.367208][ T8086] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.931'.
[  125.989777][ T8137] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  126.893776][ T5208] Bluetooth: hci0: unexpected cc 0x1004 length: 12 > 11
[  126.905241][ T8170] netlink: 132 bytes leftover after parsing attributes in process `syz.1.965'.
[  127.116935][ T8177] validate_nla: 1 callbacks suppressed
[  127.116967][ T8177] netlink: 'syz.2.968': attribute type 3 has an invalid length.
[  127.136655][ T5208] Bluetooth: hci1: Malformed LE Event: 0x0d
[  127.140930][ T8177] netlink: 'syz.2.968': attribute type 1 has an invalid length.
[  127.143599][ T8177] netlink: 60387 bytes leftover after parsing attributes in process `syz.2.968'.
[  127.174545][ T8181] netlink: 8 bytes leftover after parsing attributes in process `syz.0.970'.
[  127.179216][ T8181] netlink: 4 bytes leftover after parsing attributes in process `syz.0.970'.
[  127.184798][ T8181] netlink: 2 bytes leftover after parsing attributes in process `syz.0.970'.
[  127.188847][ T8181] netlink: 4 bytes leftover after parsing attributes in process `syz.0.970'.
[  127.202290][ T8181] netlink: 2 bytes leftover after parsing attributes in process `syz.0.970'.
[  127.741467][ T8215] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  128.273815][ T8245] netlink: 4 bytes leftover after parsing attributes in process `syz.2.999'.
[  128.277106][ T8245] netlink: 130076 bytes leftover after parsing attributes in process `syz.2.999'.
[  128.282405][ T8245] netlink: 4 bytes leftover after parsing attributes in process `syz.2.999'.
[  128.306606][ T8248] netlink: 'syz.1.1000': attribute type 11 has an invalid length.
[  128.311260][ T8247] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  128.430694][ T8257] macsec0: entered promiscuous mode
[  128.434113][ T8257] macsec0: entered allmulticast mode
[  128.436358][ T8257] veth1_macvtap: entered allmulticast mode
[  128.482992][ T8261] delete_channel: no stack
[  128.715536][ T8282] netlink: 'syz.0.1016': attribute type 2 has an invalid length.
[  128.718313][ T8282] netlink: 'syz.0.1016': attribute type 1 has an invalid length.
[  128.735389][ T8282] nbd: illegal input index -404748436
[  128.955368][ T8286] netlink: 'syz.0.1017': attribute type 10 has an invalid length.
[  128.972991][ T8286] delete_channel: no stack
[  129.242244][ T5208] Bluetooth: hci1: ISO packet for unknown connection handle 0
[  130.658497][ T8363] netlink: 'syz.1.1053': attribute type 11 has an invalid length.
[  130.971772][ T5208] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  130.975607][ T5208] Bluetooth: hci0: Injecting HCI hardware error event
[  130.979027][ T5840] Bluetooth: hci0: hardware error 0x00
[  132.157020][ T8410] __nla_validate_parse: 5 callbacks suppressed
[  132.157036][ T8410] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1073'.
[  132.165851][ T8410] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1073'.
[  132.169982][ T8410] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1073'.
[  132.208621][ T8412] netlink: 'syz.1.1074': attribute type 22 has an invalid length.
[  132.409370][ T8422] netlink: 'syz.1.1079': attribute type 2 has an invalid length.
[  132.415173][ T8422] netlink: 'syz.1.1079': attribute type 8 has an invalid length.
[  132.418477][ T8422] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1079'.
[  132.470634][ T8424] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1080'.
[  132.735174][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  132.738324][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[  132.762418][ T8446] netlink: 'syz.0.1089': attribute type 29 has an invalid length.
[  132.766623][ T8446] netlink: 'syz.0.1089': attribute type 29 has an invalid length.
[  132.909429][ T8455] netlink: 'syz.0.1095': attribute type 10 has an invalid length.
[  132.913852][ T8455] netlink: 55 bytes leftover after parsing attributes in process `syz.0.1095'.
[  132.987914][ T8460] veth1_vlan: entered allmulticast mode
[  133.050970][ T5840] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  133.204106][ T8471] blkio.reset_stats is deprecated
[  136.615786][ T8475] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  136.620361][ T8475] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  136.997936][ T8505] netlink: 193500 bytes leftover after parsing attributes in process `syz.1.1115'.
[  137.003267][ T8505] netlink: 'syz.1.1115': attribute type 1 has an invalid length.
[  138.366616][ T8551] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1134'.
[  138.816895][ T8561] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1138'.
[  138.950434][ T8581] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1148'.
[  138.965233][ T8581] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.004515][ T8581] bridge_slave_0 (unregistering): left allmulticast mode
[  139.007398][ T8581] bridge_slave_0 (unregistering): left promiscuous mode
[  139.010093][ T8581] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.237814][ T8589] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.1151'.
[  140.093632][ T8609] netlink: 'syz.2.1158': attribute type 21 has an invalid length.
[  140.166616][ T8613] netlink: 'syz.0.1159': attribute type 29 has an invalid length.
[  140.247188][ T8620] netlink: 'syz.0.1159': attribute type 29 has an invalid length.
[  140.270053][ T8613] netlink: 'syz.0.1159': attribute type 29 has an invalid length.
[  140.309216][ T8626] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1166'.
[  140.389514][ T8613] netlink: 'syz.0.1159': attribute type 29 has an invalid length.
[  140.693179][ T8654] netlink: 'syz.0.1169': attribute type 29 has an invalid length.
[  140.721409][ T8654] netlink: 'syz.0.1169': attribute type 29 has an invalid length.
[  140.985273][ T8691] netlink: 'syz.2.1179': attribute type 3 has an invalid length.
[  140.988242][ T8691] netlink: 'syz.2.1179': attribute type 8 has an invalid length.
[  140.993143][ T8691] netlink: 'syz.2.1179': attribute type 6 has an invalid length.
[  140.995819][ T8691] netlink: 144448 bytes leftover after parsing attributes in process `syz.2.1179'.
[  141.896411][ T8764] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  141.952538][ T8769] pim6reg1: tun_chr_ioctl cmd 1074025680
[  142.067492][ T8780] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1202'.
[  142.135121][ T8784] netlink: 14560 bytes leftover after parsing attributes in process `syz.2.1204'.
[  142.929084][ T8827] team0: Device ip6_vti0 is of different type
[  142.930028][ T8825] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1223'.
[  143.019296][ T8833] netlink: 16255 bytes leftover after parsing attributes in process `syz.1.1227'.
[  143.149668][ T8844] sctp: [Deprecated]: syz.2.1232 (pid 8844) Use of struct sctp_assoc_value in delayed_ack socket option.
[  143.149668][ T8844] Use struct sctp_sack_info instead
[  144.655592][ T5840] Bluetooth: hci2: unexpected event 0x2c length: 82 > 17
[  144.882267][ T8940] syzkaller0: entered promiscuous mode
[  144.886556][ T8940] syzkaller0: entered allmulticast mode
[  145.892266][ T8954] veth1_to_bond: entered allmulticast mode
[  146.567953][ T9012] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1310'.
[  146.859914][ T9039] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1322'.
[  147.857647][ T9082] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1341'.
[  147.890637][ T9084] validate_nla: 9 callbacks suppressed
[  147.890651][ T9084] netlink: 'syz.0.1342': attribute type 21 has an invalid length.
[  147.897189][ T9084] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1342'.
[  147.900314][ T9084] netlink: 'syz.0.1342': attribute type 6 has an invalid length.
[  147.903578][ T9084] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1342'.
[  148.019134][ T9088] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.1344'.
[  148.104058][ T9090] netlink: 'syz.0.1345': attribute type 29 has an invalid length.
[  148.168311][ T5840] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10
[  148.168339][ T5840] Bluetooth: unknown link type 8
[  148.177096][ T5840] Bluetooth: hci1: connection err: -111
[  148.924770][ T9161] netlink: 140 bytes leftover after parsing attributes in process `syz.2.1379'.
[  149.130258][ T9182] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.1390'.
[  149.278412][ T9203] netlink: 188 bytes leftover after parsing attributes in process `syz.0.1398'.
[  149.344064][ T9211] bond_slave_1: mtu less than device minimum
[  149.422449][ T9215] netlink: 'syz.1.1404': attribute type 10 has an invalid length.
[  149.425147][ T9215] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1404'.
[  149.616003][ T9233] netlink: 'syz.0.1410': attribute type 9 has an invalid length.
[  149.640107][ T9236] netlink: 'syz.2.1413': attribute type 2 has an invalid length.
[  149.645096][ T9236] netlink: 'syz.2.1413': attribute type 1 has an invalid length.
[  150.011973][ T9270] netlink: 'syz.0.1430': attribute type 29 has an invalid length.
[  150.150080][ T9277] netlink: 'syz.2.1433': attribute type 13 has an invalid length.
[  151.184458][ T9306] netlink: 'syz.0.1443': attribute type 46 has an invalid length.
[  151.256940][ T9312] A link change request failed with some changes committed already. Interface  may have been left with an inconsistent configuration, please check.
[  153.247835][ T9354] validate_nla: 1 callbacks suppressed
[  153.247845][ T9354] netlink: 'syz.2.1466': attribute type 29 has an invalid length.
[  153.280155][ T9354] netlink: 'syz.2.1466': attribute type 29 has an invalid length.
[  153.283616][ T9354] netlink: 'syz.2.1466': attribute type 29 has an invalid length.
[  153.617041][ T9386] mac80211_hwsim hwsim4 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  153.742075][ T9390] netlink: 'syz.1.1483': attribute type 10 has an invalid length.
[  153.745680][ T9390] __nla_validate_parse: 5 callbacks suppressed
[  153.745693][ T9390] netlink: 55 bytes leftover after parsing attributes in process `syz.1.1483'.
[  154.824401][ T9398] netlink: 'syz.2.1486': attribute type 10 has an invalid length.
[  154.830400][ T9398] team0: Device ipvlan1 failed to register rx_handler
[  155.054104][ T5840] Bluetooth: hci2: unexpected event 0x08 length: 15 > 4
[  155.062875][ T9410] netlink: 'syz.1.1492': attribute type 1 has an invalid length.
[  155.769444][ T9455] netlink: 763 bytes leftover after parsing attributes in process `syz.2.1511'.
[  155.823444][ T9460] netlink: 'syz.0.1513': attribute type 33 has an invalid length.
[  155.826204][ T9460] netlink: 'syz.0.1513': attribute type 3 has an invalid length.
[  155.828797][ T9460] netlink: 153952 bytes leftover after parsing attributes in process `syz.0.1513'.
[  155.914796][ T9469] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.1517'.
[  155.918120][ T9469] netlink: zone id is out of range
[  155.919899][ T9469] netlink: get zone limit has 8 unknown bytes
[  155.938472][ T9470] netlink: 'syz.0.1516': attribute type 21 has an invalid length.
[  155.941380][ T9470] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1516'.
[  155.987951][ T9476] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1520'.
[  156.109718][ T9486] netlink: 'syz.0.1525': attribute type 41 has an invalid length.
[  156.132929][ T9490] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1527'.
[  156.665941][ T9508] team0: Device ipvlan1 failed to register rx_handler
[  156.921850][ T9526] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.1543'.
[  157.131816][ T5208] Bluetooth: hci2: command 0x0406 tx timeout
[  157.259557][ T9566] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1563'.
[  157.264215][ T9566] netlink: 4595 bytes leftover after parsing attributes in process `syz.0.1563'.
[  158.446557][ T9649] validate_nla: 6 callbacks suppressed
[  158.446567][ T9649] netlink: 'syz.2.1601': attribute type 22 has an invalid length.
[  158.726727][ T5840] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  158.779741][ T9665] netlink: 'syz.1.1607': attribute type 10 has an invalid length.
[  158.796548][ T9665] : (slave dummy0): Enslaving as an active interface with an up link
[  159.153564][ T9692] __nla_validate_parse: 4 callbacks suppressed
[  159.153575][ T9692] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1619'.
[  159.247768][ T9700] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1623'.
[  159.252146][ T9700] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1623'.
[  159.255383][ T9700] netlink: 33 bytes leftover after parsing attributes in process `syz.1.1623'.
[  159.259252][ T9700] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1623'.
[  159.264062][ T9700] netlink: 33 bytes leftover after parsing attributes in process `syz.1.1623'.
[  159.345344][ T9704] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1625'.
[  159.514098][ T9720] netlink: 1057 bytes leftover after parsing attributes in process `syz.2.1633'.
[  159.622940][ T9726] netlink: 'syz.2.1636': attribute type 28 has an invalid length.
[  159.626868][ T9726] netlink: 'syz.2.1636': attribute type 3 has an invalid length.
[  159.630633][ T9726] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1636'.
[  160.842697][ T9745] bridge_slave_1: left allmulticast mode
[  160.845043][ T9745] bridge_slave_1: left promiscuous mode
[  160.882210][ T9745] bridge0: port 2(bridge_slave_1) entered disabled state
[  160.902177][ T9745] bridge_slave_0: left promiscuous mode
[  160.904190][ T9745] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.342392][ T9774] netlink: 'syz.0.1656': attribute type 16 has an invalid length.
[  161.345030][ T9774] netlink: 'syz.0.1656': attribute type 3 has an invalid length.
[  161.347697][ T9774] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1656'.
[  161.495823][ T9783] netlink: 'syz.2.1661': attribute type 1 has an invalid length.
[  162.754119][ T9798] netlink: 'syz.2.1666': attribute type 10 has an invalid length.
[  162.758979][ T9798] netlink: 'syz.2.1666': attribute type 19 has an invalid length.
[  162.838886][ T9806] netlink: 'syz.2.1671': attribute type 3 has an invalid length.
[  162.893016][ T9812] syzkaller0: entered promiscuous mode
[  162.894885][ T9812] syzkaller0: entered allmulticast mode
[  163.040816][ T9828] syz.1.1681: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  163.052513][ T9828] CPU: 0 UID: 0 PID: 9828 Comm: syz.1.1681 Not tainted 6.16.0-syzkaller-06600-g1dbf1d590d10-dirty #0 PREEMPT(full) 
[  163.052525][ T9828] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  163.052530][ T9828] Call Trace:
[  163.052533][ T9828]  <TASK>
[  163.052537][ T9828]  dump_stack_lvl+0x189/0x250
[  163.052551][ T9828]  ? __pfx_dump_stack_lvl+0x10/0x10
[  163.052559][ T9828]  ? __pfx__printk+0x10/0x10
[  163.052569][ T9828]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  163.052578][ T9828]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  163.052588][ T9828]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  163.052597][ T9828]  warn_alloc+0x214/0x310
[  163.052608][ T9828]  ? stack_depot_save_flags+0x429/0x900
[  163.052618][ T9828]  ? __pfx_warn_alloc+0x10/0x10
[  163.052626][ T9828]  ? kasan_save_track+0x4f/0x80
[  163.052637][ T9828]  ? xskq_create+0x56/0x170
[  163.052648][ T9828]  ? xsk_init_queue+0xb0/0x110
[  163.052656][ T9828]  ? xsk_setsockopt+0x57b/0x8d0
[  163.052665][ T9828]  ? do_sock_setsockopt+0x17c/0x1b0
[  163.052672][ T9828]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  163.052678][ T9828]  ? do_syscall_64+0xfa/0x3b0
[  163.052689][ T9828]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.052699][ T9828]  __vmalloc_node_range_noprof+0x125/0x12f0
[  163.052718][ T9828]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  163.052728][ T9828]  ? __kasan_kmalloc+0x93/0xb0
[  163.052739][ T9828]  vmalloc_user_noprof+0xad/0xf0
[  163.052746][ T9828]  ? xskq_create+0xbf/0x170
[  163.052756][ T9828]  xskq_create+0xbf/0x170
[  163.052767][ T9828]  xsk_init_queue+0xb0/0x110
[  163.052777][ T9828]  xsk_setsockopt+0x57b/0x8d0
[  163.052787][ T9828]  ? __pfx_xsk_setsockopt+0x10/0x10
[  163.052796][ T9828]  ? __pfx_aa_sk_perm+0x10/0x10
[  163.052806][ T9828]  ? __fget_files+0x2a/0x420
[  163.052813][ T9828]  ? aa_sock_opt_perm+0x74/0x110
[  163.052823][ T9828]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  163.052831][ T9828]  ? __pfx_xsk_setsockopt+0x10/0x10
[  163.052841][ T9828]  do_sock_setsockopt+0x17c/0x1b0
[  163.052849][ T9828]  __x64_sys_setsockopt+0x13f/0x1b0
[  163.052858][ T9828]  do_syscall_64+0xfa/0x3b0
[  163.052868][ T9828]  ? lockdep_hardirqs_on+0x9c/0x150
[  163.052878][ T9828]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.052885][ T9828]  ? exc_page_fault+0x9f/0xf0
[  163.052895][ T9828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.052902][ T9828] RIP: 0033:0x7f8da9b8ebe9
[  163.052909][ T9828] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.052915][ T9828] RSP: 002b:00007f8daa916038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  163.052924][ T9828] RAX: ffffffffffffffda RBX: 00007f8da9db5fa0 RCX: 00007f8da9b8ebe9
[  163.052929][ T9828] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000007
[  163.052933][ T9828] RBP: 00007f8da9c11e19 R08: 0000000000000004 R09: 0000000000000000
[  163.052938][ T9828] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000
[  163.052942][ T9828] R13: 00007f8da9db6038 R14: 00007f8da9db5fa0 R15: 00007ffc13bdafc8
[  163.052953][ T9828]  </TASK>
[  163.052957][ T9828] Mem-Info:
[  163.201799][ T9828] active_anon:18261 inactive_anon:0 isolated_anon:0
[  163.201799][ T9828]  active_file:13521 inactive_file:38255 isolated_file:0
[  163.201799][ T9828]  unevictable:1768 dirty:235 writeback:0
[  163.201799][ T9828]  slab_reclaimable:9581 slab_unreclaimable:56043
[  163.201799][ T9828]  mapped:18092 shmem:2450 pagetables:987
[  163.201799][ T9828]  sec_pagetables:0 bounce:0
[  163.201799][ T9828]  kernel_misc_reclaimable:0
[  163.201799][ T9828]  free:269847 free_pcp:16084 free_cma:0
[  163.223617][ T9828] Node 0 active_anon:53708kB inactive_anon:0kB active_file:47952kB inactive_file:10708kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:12560kB dirty:560kB writeback:0kB shmem:4912kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5752kB pagetables:1936kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  163.235573][ T9828] Node 1 active_anon:19336kB inactive_anon:0kB active_file:6132kB inactive_file:142312kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:59808kB dirty:380kB writeback:0kB shmem:4888kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5700kB pagetables:2012kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  163.247397][ T9828] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  163.258537][ T9828] lowmem_reserve[]: 0 814 814 814 814
[  163.260470][ T9828] Node 0 DMA32 free:390276kB boost:0kB min:33720kB low:42148kB high:50576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:53708kB inactive_anon:0kB active_file:47952kB inactive_file:10708kB unevictable:3536kB writepending:560kB present:1556484kB managed:834028kB mlocked:0kB bounce:0kB free_pcp:28700kB local_pcp:8076kB free_cma:0kB
[  163.272549][ T9828] lowmem_reserve[]: 0 0 0 0 0
[  163.274317][ T9828] Node 1 DMA32 free:458492kB boost:0kB min:19168kB low:23960kB high:28752kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:116kB local_pcp:0kB free_cma:0kB
[  163.285157][ T9828] lowmem_reserve[]: 0 0 854 854 854
[  163.287109][ T9828] Node 1 Normal free:215260kB boost:0kB min:36576kB low:45720kB high:54864kB reserved_highatomic:0KB free_highatomic:0KB active_anon:19336kB inactive_anon:0kB active_file:6132kB inactive_file:142312kB unevictable:3536kB writepending:380kB present:1048576kB managed:875016kB mlocked:0kB bounce:0kB free_pcp:35904kB local_pcp:17544kB free_cma:0kB
[  163.298663][ T9828] lowmem_reserve[]: 0 0 0 0 0
[  163.300375][ T9828] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  163.307386][ T9828] Node 0 DMA32: 2*4kB (E) 32*8kB (UME) 164*16kB (UE) 723*32kB (UE) 379*64kB (UME) 138*128kB (UM) 67*256kB (UME) 34*512kB (UME) 11*1024kB (UME) 5*2048kB (UME) 65*4096kB (M) = 390248kB
[  163.314259][ T9828] Node 1 DMA32: 3*4kB (UM) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 2*128kB (UM) 3*256kB (UM) 3*512kB (UM) 3*1024kB (UM) 3*2048kB (UM) 109*4096kB (M) = 458492kB
[  163.320516][ T9828] Node 1 Normal: 291*4kB (UM) 138*8kB (UME) 366*16kB (UME) 50*32kB (UM) 179*64kB (UME) 142*128kB (UM) 75*256kB (UME) 18*512kB (UM) 12*1024kB (UME) 6*2048kB (UM) 30*4096kB (UM) = 215228kB
[  163.327382][ T9828] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  163.330773][ T9828] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  163.334520][ T9828] 54226 total pagecache pages
[  163.336287][ T9828] 0 pages in swap cache
[  163.337834][ T9828] Free swap  = 124996kB
[  163.339535][ T9828] Total swap = 124996kB
[  163.341182][ T9828] 786301 pages RAM
[  163.342601][ T9828] 0 pages HighMem/MovableOnly
[  163.344338][ T9828] 240546 pages reserved
[  163.345928][ T9828] 0 pages cma reserved
[  164.213934][ T9869] __nla_validate_parse: 4 callbacks suppressed
[  164.213943][ T9869] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1699'.
[  164.608426][ T9909] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1718'.
[  164.611716][ T9909] hsr0: entered promiscuous mode
[  164.613365][ T9909] hsr0: entered allmulticast mode
[  164.615027][ T9909] hsr_slave_0: entered allmulticast mode
[  164.616868][ T9909] hsr_slave_1: entered allmulticast mode
[  164.630811][ T9911] syzkaller0: entered promiscuous mode
[  164.633699][ T9911] syzkaller0: entered allmulticast mode
[  164.656314][ T9913] validate_nla: 1 callbacks suppressed
[  164.656357][ T9913] netlink: 'syz.0.1720': attribute type 21 has an invalid length.
[  164.764866][ T9925] netlink: 'syz.0.1726': attribute type 22 has an invalid length.
[  164.991469][ T9944] netlink: 'syz.0.1734': attribute type 3 has an invalid length.
[  164.994164][ T9944] netlink: 'syz.0.1734': attribute type 1 has an invalid length.
[  164.997683][ T9944] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.1734'.
[  165.066678][ T9951] ref_ctr_offset mismatch. inode: 0xb81 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x20
[  165.505472][ T9978] netlink: 1041 bytes leftover after parsing attributes in process `syz.2.1751'.
[  165.906589][ T9990] netlink: 'syz.2.1756': attribute type 21 has an invalid length.
[  165.956460][ T9996] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.1759'.
[  166.627145][T10038] netlink: 'syz.1.1774': attribute type 39 has an invalid length.
[  166.709055][T10043] Dead loop on virtual device ip6_vti0, fix it urgently!
[  180.891079][ T5835] Bluetooth: hci2: command 0x0406 tx timeout
[  180.893105][ T5835] Bluetooth: hci1: command 0x0406 tx timeout
[  271.550863][    C1] rcu: INFO: rcu_preempt self-detected stall on CPU
[  271.553029][    C1] rcu: 	1-....: (10500 ticks this GP) idle=de04/1/0x4000000000000000 softirq=29288/29290 fqs=5249
[  271.557722][    C1] rcu: 	         hardirqs   softirqs   csw/system
[  271.559995][    C1] rcu: 	 number:   987773          0            0
[  271.562158][    C1] rcu: 	cputime:    25787      26701           94   ==> 52500(ms)
[  271.564595][    C1] rcu: 	(t=10502 jiffies g=21533 q=1432 ncpus=2)
[  271.566901][    C1] CPU: 1 UID: 0 PID: 10034 Comm: syz.1.1774 Not tainted 6.16.0-syzkaller-06600-g1dbf1d590d10-dirty #0 PREEMPT(full) 
[  271.566911][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  271.566915][    C1] RIP: 0010:rcu_read_unlock_special+0x87/0x4c0
[  271.566928][    C1] Code: f1 f1 f1 00 f2 f2 f2 4a 89 04 2b 66 42 c7 44 2b 09 f3 f3 42 c6 44 2b 0b f3 65 44 8b 35 b2 e8 f2 10 41 f7 c6 00 00 f0 00 74 49 <48> c7 44 24 40 0e 36 e0 45 4a c7 04 2b 00 00 00 00 66 42 c7 44 2b
[  271.566934][    C1] RSP: 0000:ffffc900001e05a0 EFLAGS: 00000206
[  271.566941][    C1] RAX: 0f12d20200603300 RBX: 1ffff9200003c0bc RCX: 0f12d20200603300
[  271.566946][    C1] RDX: 0000000000000000 RSI: ffffffff8d9792dd RDI: ffffffff8be30a00
[  271.566951][    C1] RBP: ffffc900001e0698 R08: ffffffff8fa07bf7 R09: 1ffffffff1f40f7e
[  271.566955][    C1] R10: dffffc0000000000 R11: fffffbfff1f40f7f R12: ffffffff8e141800
[  271.566959][    C1] R13: dffffc0000000000 R14: 0000000000000246 R15: 0000000000000002
[  271.566983][    C1] FS:  00007f8daa9166c0(0000) GS:ffff8881a3c80000(0000) knlGS:0000000000000000
[  271.566989][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  271.566993][    C1] CR2: 0000000000000000 CR3: 000000011051e000 CR4: 00000000000006f0
[  271.567018][    C1] DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000
[  271.567024][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  271.567027][    C1] Call Trace:
[  271.567032][    C1]  <IRQ>
[  271.567035][    C1]  ? __lock_acquire+0xab9/0xd20
[  271.567049][    C1]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  271.567059][    C1]  ? unwind_next_frame+0xa5/0x2390
[  271.567069][    C1]  __rcu_read_unlock+0x84/0xe0
[  271.567078][    C1]  ? unwind_next_frame+0xa5/0x2390
[  271.567083][    C1]  unwind_next_frame+0x19ae/0x2390
[  271.567092][    C1]  ? unwind_next_frame+0xa5/0x2390
[  271.567099][    C1]  ? slab_free_after_rcu_debug+0x60/0x2a0
[  271.567109][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  271.567117][    C1]  arch_stack_walk+0x11c/0x150
[  271.567128][    C1]  ? rcu_core+0xca8/0x1710
[  271.567139][    C1]  stack_trace_save+0x9c/0xe0
[  271.567146][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  271.567155][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  271.567164][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  271.567175][    C1]  kasan_save_track+0x3e/0x80
[  271.567184][    C1]  ? kasan_save_track+0x3e/0x80
[  271.567191][    C1]  ? kasan_save_free_info+0x46/0x50
[  271.567198][    C1]  ? __kasan_slab_free+0x62/0x70
[  271.567206][    C1]  ? kfree+0x18e/0x440
[  271.567214][    C1]  ? slab_free_after_rcu_debug+0x60/0x2a0
[  271.567243][    C1]  kasan_save_free_info+0x46/0x50
[  271.567250][    C1]  __kasan_slab_free+0x62/0x70
[  271.567259][    C1]  ? slab_free_after_rcu_debug+0x60/0x2a0
[  271.567266][    C1]  kfree+0x18e/0x440
[  271.567275][    C1]  ? rcu_core+0xc34/0x1710
[  271.567284][    C1]  slab_free_after_rcu_debug+0x60/0x2a0
[  271.567293][    C1]  ? __pfx_slab_free_after_rcu_debug+0x10/0x10
[  271.567300][    C1]  ? rcu_core+0xc34/0x1710
[  271.567309][    C1]  rcu_core+0xca8/0x1710
[  271.567331][    C1]  ? __pfx_rcu_core+0x10/0x10
[  271.567340][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  271.567357][    C1]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  271.567366][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  271.567374][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  271.567387][    C1]  handle_softirqs+0x286/0x870
[  271.567398][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  271.567410][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  271.567422][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  271.567432][    C1]  __irq_exit_rcu+0xca/0x1f0
[  271.567442][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  271.567455][    C1]  irq_exit_rcu+0x9/0x30
[  271.567464][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  271.567473][    C1]  </IRQ>
[  271.567475][    C1]  <TASK>
[  271.567478][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  271.567485][    C1] RIP: 0010:preempt_schedule_irq+0xb0/0x150
[  271.567494][    C1] Code: 24 20 f6 44 24 21 02 74 0c 90 0f 0b 48 f7 03 08 00 00 00 74 64 bf 01 00 00 00 e8 eb 1f 1f f6 e8 c6 48 56 f6 fb bf 01 00 00 00 <e8> eb aa ff ff 48 c7 44 24 40 00 00 00 00 9c 8f 44 24 40 8b 44 24
[  271.567499][    C1] RSP: 0000:ffffc90002bcfdc0 EFLAGS: 00000282
[  271.567504][    C1] RAX: 0f12d20200603300 RBX: 0000000000000000 RCX: 0f12d20200603300
[  271.567509][    C1] RDX: 0000000000000000 RSI: ffffffff8d9792dd RDI: 0000000000000001
[  271.567513][    C1] RBP: ffffc90002bcfe70 R08: ffffffff8fa07bf7 R09: 1ffffffff1f40f7e
[  271.567517][    C1] R10: dffffc0000000000 R11: fffffbfff1f40f7f R12: 0000000000000000
[  271.567521][    C1] R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff92000579fb8
[  271.567533][    C1]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  271.567546][    C1]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[  271.567557][    C1]  irqentry_exit+0x6f/0x90
[  271.567566][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  271.567574][    C1] RIP: 0010:its_return_thunk+0x0/0x10
[  271.567581][    C1] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc <c3> cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e9 4b b1 c0 f5 cc
[  271.567585][    C1] RSP: 0000:ffffc90002bcff30 EFLAGS: 00000286
[  271.567590][    C1] RAX: 0f12d20200603300 RBX: ffffc90002bcff58 RCX: 0f12d20200603300
[  271.567595][    C1] RDX: 0000000000000000 RSI: ffffffff8d9792dd RDI: ffffffff8be30a00
[  271.567599][    C1] RBP: 0000000000000000 R08: ffffffff8fa07bf7 R09: 1ffffffff1f40f7e
[  271.567602][    C1] R10: dffffc0000000000 R11: fffffbfff1f40f7f R12: 0000000000000000
[  271.567606][    C1] R13: 0000000000000000 R14: ffff88810a8d5640 R15: 0000000000000008
[  271.567618][    C1]  irqentry_exit_to_user_mode+0x51/0x120
[  271.567628][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  271.567634][    C1] RIP: 0033:0x7f8da9b8ebf1
[  271.567642][    C1] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 <c3> 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
[  271.567646][    C1] RSP: 002b:00007f8daa916038 EFLAGS: 00000203
[  271.567651][    C1] RAX: 0000000000000009 RBX: 00007f8da9db5fa0 RCX: 00007f8da9b8ebe9
[  271.567655][    C1] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000200000000480
[  271.567659][    C1] RBP: 00007f8da9c11e19 R08: 0000000000000000 R09: 0000000000000000
[  271.567663][    C1] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
[  271.567667][    C1] R13: 00007f8da9db6038 R14: 00007f8da9db5fa0 R15: 00007ffc13bdafc8
[  271.567679][    C1]  </TASK>
[  271.770871][    C1] sched: DL replenish lagged too much

VM DIAGNOSIS:
22:34:57  Registers:
info registers vcpu 0

CPU#0
RAX=f98a73af11750a00 RBX=ffffffff81969b18 RCX=f98a73af11750a00 RDX=0000000000000001
RSI=ffffffff8d9792dd RDI=ffffffff8be30a00 RBP=ffffffff8de07eb8 RSP=ffffffff8de07d80
R8 =ffff88804b032f5b R9 =1ffff110096065eb R10=dffffc0000000000 R11=ffffed10096065ec
R12=ffffffff8fa07bf0 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a18
RIP=ffffffff8b6fc4f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8680000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffc9a057ff8 CR3=000000000df38000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000001 XMM01=0000000000000000 00007f434ed87d20
XMM02=08001003000000b5 ffffff0400000000 XMM03=0813800313800403 8003038004200300
XMM04=0000000000000000 000000000000000e XMM05=04a1801000000000 0000060806060168
XMM06=d220808080080060 03001000000000b7 XMM07=ffffffff00000000 0210003003281000
XMM08=0390030fff2404ff ffffffff000000b6 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000030 RBX=0000000000000030 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900001df8d0
R8 =ffff888107d50237 R9 =1ffff11020faa046 R10=dffffc0000000000 R11=ffffffff854c1d90
R12=dffffc0000000000 R13=ffffffff99a95939 R14=ffffffff99d9a4e0 R15=0000000000000000
RIP=ffffffff854c1e0c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f8daa9166c0 ffffffff 00c00000
GS =0000 ffff8881a3c80000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000000000000 CR3=000000011051e000 CR4=000006f0
DR0=0000200000000300 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f8da9d87498 00007f8da9d87470 XMM03=00007f8da9d874a8 00007f8da9d874a0
XMM04=00007f8daa8ed100 00007f8da9d87460 XMM05=00007f8da9d87478 00007f8da9d874c0
XMM06=00007f8da9d874b8 00007f8da9d874b0 XMM07=00007f8da9d874a8 00007f8da9d874a0
XMM08=0000000000000000 00007f8da9c12ee7 XMM09=0000000000000000 00007f8da9c12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
