last executing test programs:

1.179114176s ago: executing program 0 (id=323):
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_bp={0x0, 0x7}, 0x0, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r0 = socket$kcm(0x15, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, 0x0)

1.081976467s ago: executing program 0 (id=327):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="190000000400000004000000ff"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000004340)={0x6, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000540)={r1, 0x8, 0x25, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff27, 0x0, 0x0}, 0x19)

992.691919ms ago: executing program 0 (id=331):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x10, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000005000000000000008000000018000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000070000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

991.742379ms ago: executing program 0 (id=334):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="17fa00000000090000000400000000001c110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000000700000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b00000007000000010001000800000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f00000002c0)=r0}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r2], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r4}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))

927.434956ms ago: executing program 0 (id=336):
r0 = socket$kcm(0x2, 0x922000000001, 0x106)
setsockopt$sock_attach_bpf(r0, 0x1, 0x23, 0x0, 0x0)

848.31163ms ago: executing program 0 (id=338):
socket$kcm(0x29, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x2, @perf_config_ext={0x407fff, 0x4}, 0x14105, 0xee, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000700)={<r1=>0xffffffffffffffff})
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2)
bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=ANY=[@ANYRES32=0x1, @ANYRES32, @ANYBLOB="000000000200"/28], 0x48)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xd1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x90414, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x2, @perf_config_ext={0xc1a0, 0x8}, 0x0, 0x0, 0xffffffff, 0x0, 0x6, 0x87c, 0x8456, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x0)
syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d2f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x0, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000280)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$kcm(0x15, 0x5, 0x0)
setsockopt$sock_attach_bpf(r3, 0x114, 0x7, 0x0, 0xa0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f0000000000)=ANY=[], 0x0}, 0x94)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc851, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, @perf_bp={0x0, 0x8}, 0x4000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0xfffffffffffffffd}, 0x0, 0x8000000000000000, 0xffffffffffffffff, 0x1)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x210})
r4 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000180), 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000240)={[{0x2b, 'net_cls'}, {0x2b, 'net_prio'}, {0x2d, 'net_cls'}, {0x2b, 'net_cls'}, {0x6, 'rdma'}]}, 0x2b)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f1, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)

667.23546ms ago: executing program 1 (id=340):
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb1, 0x7f}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x13, &(0x7f0000000440)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018120000", @ANYRES32=r0, @ANYBLOB="00000000000000006608ffffffff0000180000000000000000000000000000009500000000000000a60a000000000000180000002020782500000000002020207b1af8ff00000000bfa10000000000000701000000feffffb70200009f000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222}, 0x94)

559.333846ms ago: executing program 1 (id=342):
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x804, 0x14c9, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x803, 0x0, @perf_config_ext={0x1}, 0x20a0, 0x58, 0x80000000, 0x4, 0x2, 0xfffffffe, 0x1, 0x0, 0x0, 0x0, 0x6e8}, 0x0, 0x0, 0xffffffffffffffff, 0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(0x0, 0x0, 0x0, r0, 0x9)
r2 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x44)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1800000041000b05d25a806c8c6394f90324fc60100002000a", 0x19}], 0x1}, 0x0)

497.579529ms ago: executing program 2 (id=344):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1, 0x21, 0x5, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={r0, 0x0, 0x0}, 0x20)

419.000698ms ago: executing program 1 (id=345):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="1b0000001d0081106cfffaecdb4cb9f207c804a00d0000006a4e99", 0x1b}], 0x1, 0x0, 0x0, 0x5865}, 0x0)

418.641888ms ago: executing program 2 (id=346):
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="27000000150081fb7059ae08060c04000aff0f110000000300110187f9375ed08a562af5745e7f", 0x27}], 0x1}, 0x0)

359.255763ms ago: executing program 2 (id=347):
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5}, 0x180, 0xc8, 0x400000, 0x0, 0x0, 0x4, 0x7, 0x0, 0x0, 0x0, 0x20b}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="8c38f0ff10"], 0x0, 0x42, 0x0, 0x0, 0x41000, 0x2a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x61, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7ff}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000c9"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa067707"], 0xfdef)
write$cgroup_subtree(r2, &(0x7f0000000000), 0xffc0)

359.029046ms ago: executing program 1 (id=348):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x4, &(0x7f0000000080)=@framed={{}, [@alu={0x7, 0x1, 0x4, 0x0, 0x0, 0x1}]}, 0x0, 0x9}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bond0\x00'})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8947, &(0x7f0000000080))

277.848909ms ago: executing program 2 (id=349):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x3, 0xd, &(0x7f00000000c0)=ANY=[@ANYBLOB="18020000000000000000000000000000851000000100000095000000000000001800000020646c2500000000002020207b1af8ff00000000bd21ffff0000000007010000f8ffffffb502020008040000b70300000000000085000000a400000095"], &(0x7f0000000080)='syzkaller\x00', 0x9, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)

277.535196ms ago: executing program 1 (id=350):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000760091"], 0xfe33)

209.955104ms ago: executing program 1 (id=351):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_type(r0, &(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f0000000c40), 0x12)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_subtree(r2, &(0x7f0000000140), 0x2, 0x0)
syz_clone(0x5000000, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_procs(r4, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
write$cgroup_pid(r5, &(0x7f00000001c0), 0x12)
write$cgroup_subtree(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="2b70696473206aa4af0b"], 0x6)

209.719585ms ago: executing program 2 (id=352):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000f"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001240)={0x11, 0x14, &(0x7f0000001440)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x55, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

0s ago: executing program 2 (id=353):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000007100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sched_cls=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x0, 0xe, 0x0, &(0x7f00000007c0)="c1188e99b95d02ff4284860188a8", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:1495' (ED25519) to the list of known hosts.
syzkaller login: [   49.483690][ T5756] cgroup: Unknown subsys name 'net'
[   49.576722][ T5756] cgroup: Unknown subsys name 'cpuset'
[   49.581123][ T5756] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   51.708072][ T5756] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   57.461333][ T5831] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   57.474193][ T5831] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   57.477114][ T5831] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   57.480194][ T5831] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   57.482907][ T5831] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   57.494955][ T5833] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   57.499401][ T5833] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   57.503204][ T5833] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   57.507355][ T5833] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   57.513211][ T5833] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   57.556705][ T5833] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   57.561564][ T5833] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   57.566345][ T5833] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   57.571435][ T5833] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   57.576000][ T5833] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   57.802462][ T5826] chnl_net:caif_netlink_parms(): no params data found
[   57.833598][ T5828] chnl_net:caif_netlink_parms(): no params data found
[   57.936026][ T5836] chnl_net:caif_netlink_parms(): no params data found
[   57.965257][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.969126][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.971904][ T5826] bridge_slave_0: entered allmulticast mode
[   57.975051][ T5826] bridge_slave_0: entered promiscuous mode
[   58.007459][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.010189][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.012373][ T5826] bridge_slave_1: entered allmulticast mode
[   58.016131][ T5826] bridge_slave_1: entered promiscuous mode
[   58.034906][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.037671][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.040515][ T5828] bridge_slave_0: entered allmulticast mode
[   58.045022][ T5828] bridge_slave_0: entered promiscuous mode
[   58.049915][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.052831][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.055527][ T5828] bridge_slave_1: entered allmulticast mode
[   58.058578][ T5828] bridge_slave_1: entered promiscuous mode
[   58.111743][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.127119][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.148563][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.157621][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.178624][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.181688][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.185670][ T5836] bridge_slave_0: entered allmulticast mode
[   58.189645][ T5836] bridge_slave_0: entered promiscuous mode
[   58.238915][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.242013][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.247777][ T5836] bridge_slave_1: entered allmulticast mode
[   58.251699][ T5836] bridge_slave_1: entered promiscuous mode
[   58.286351][ T5826] team0: Port device team_slave_0 added
[   58.306410][ T5828] team0: Port device team_slave_0 added
[   58.311515][ T5826] team0: Port device team_slave_1 added
[   58.342878][ T5828] team0: Port device team_slave_1 added
[   58.366236][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.397293][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.400117][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.409903][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.415327][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.417912][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.427521][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.433946][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.437629][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.440341][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.451339][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.480075][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.483621][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.494436][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.555176][ T5826] hsr_slave_0: entered promiscuous mode
[   58.557634][ T5826] hsr_slave_1: entered promiscuous mode
[   58.562287][ T5836] team0: Port device team_slave_0 added
[   58.567704][ T5836] team0: Port device team_slave_1 added
[   58.584916][ T5828] hsr_slave_0: entered promiscuous mode
[   58.587275][ T5828] hsr_slave_1: entered promiscuous mode
[   58.589530][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   58.591966][ T5828] Cannot create hsr debugfs directory
[   58.646527][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.649123][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.658825][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.677240][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.679813][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.690639][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.850627][ T5836] hsr_slave_0: entered promiscuous mode
[   58.855413][ T5836] hsr_slave_1: entered promiscuous mode
[   58.858144][ T5836] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   58.860809][ T5836] Cannot create hsr debugfs directory
[   59.013775][ T5826] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   59.025893][ T5826] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   59.051206][ T5826] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   59.072354][ T5826] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   59.140575][ T5828] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   59.146706][ T5828] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   59.170528][ T5828] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   59.176405][ T5828] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   59.253735][ T5836] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   59.260231][ T5836] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   59.268362][ T5836] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   59.285034][ T5836] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   59.315851][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.348211][ T5826] 8021q: adding VLAN 0 to HW filter on device team0
[   59.374156][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.376977][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.396796][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.405378][ T1089] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.408333][ T1089] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.465194][ T5828] 8021q: adding VLAN 0 to HW filter on device team0
[   59.480392][ T2185] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.482611][ T2185] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.504177][ T5833] Bluetooth: hci0: command tx timeout
[   59.511402][ T2185] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.513904][ T2185] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.536612][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.569472][ T5836] 8021q: adding VLAN 0 to HW filter on device team0
[   59.583534][ T5833] Bluetooth: hci2: command tx timeout
[   59.585272][ T5220] Bluetooth: hci1: command tx timeout
[   59.596978][ T1198] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.599189][ T1198] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.630244][ T5828] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   59.639413][ T1198] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.642188][ T1198] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.691356][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.781063][ T5826] veth0_vlan: entered promiscuous mode
[   59.792697][ T5826] veth1_vlan: entered promiscuous mode
[   59.836825][ T5826] veth0_macvtap: entered promiscuous mode
[   59.841118][ T5826] veth1_macvtap: entered promiscuous mode
[   59.869816][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.876462][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.882660][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.889043][ T5826] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.892039][ T5826] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.898801][ T5826] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.901357][ T5826] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.951521][ T5828] veth0_vlan: entered promiscuous mode
[   59.974262][ T5828] veth1_vlan: entered promiscuous mode
[   60.000821][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.005637][ T1198] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.011042][ T1198] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.013766][ T5828] veth0_macvtap: entered promiscuous mode
[   60.026548][ T5828] veth1_macvtap: entered promiscuous mode
[   60.048478][ T1198] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.050820][ T1198] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.060352][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.078646][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.097127][ T5836] veth0_vlan: entered promiscuous mode
[   60.101901][ T5828] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.106333][ T5828] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.109090][ T5826] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   60.109610][ T5828] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.119485][ T5828] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   60.146520][ T5836] veth1_vlan: entered promiscuous mode
[   60.205699][ T5836] veth0_macvtap: entered promiscuous mode
[   60.219204][ T5836] veth1_macvtap: entered promiscuous mode
[   60.233767][ T5893] sock: sock_set_timeout: `syz.0.1' (pid 5893) tries to set negative timeout
[   60.248842][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.251244][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.260790][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.306604][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.334701][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.337740][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.344684][ T5836] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.347689][ T5836] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.350882][ T5836] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.355786][ T5836] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   60.499425][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.502833][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.539905][ T5902] netlink: 25 bytes leftover after parsing attributes in process `syz.2.3'.
[   60.555490][ T5902] netlink: zone id is out of range
[   60.557573][ T5902] netlink: zone id is out of range
[   60.559162][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.565717][ T5902] netlink: zone id is out of range
[   60.571979][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.572142][ T5902] netlink: zone id is out of range
[   60.579773][ T5902] netlink: zone id is out of range
[   60.581732][ T5902] netlink: zone id is out of range
[   60.584342][ T5902] netlink: zone id is out of range
[   60.586366][ T5902] netlink: zone id is out of range
[   60.588280][ T5902] netlink: zone id is out of range
[   60.635704][ T5904] syzkaller0: entered allmulticast mode
[   60.661182][ T5908] netlink: 'syz.1.2': attribute type 3 has an invalid length.
[   60.664714][ T5908] netlink: 'syz.1.2': attribute type 2 has an invalid length.
[   60.666955][ T5908] netlink: 198000 bytes leftover after parsing attributes in process `syz.1.2'.
[   60.930462][ T5922] netlink: 'syz.2.15': attribute type 33 has an invalid length.
[   60.932853][ T5922] netlink: 'syz.2.15': attribute type 13 has an invalid length.
[   60.936364][ T5922] netlink: 152 bytes leftover after parsing attributes in process `syz.2.15'.
[   60.966537][ T5924] syz.0.16 uses obsolete (PF_INET,SOCK_PACKET)
[   60.971561][ T5924] netlink: 'syz.0.16': attribute type 6 has an invalid length.
[   60.985048][ T5924] netlink: 164 bytes leftover after parsing attributes in process `syz.0.16'.
[   61.002958][    C0] hrtimer: interrupt took 26547 ns
[   61.085367][ T5929] Zero length message leads to an empty skb
[   61.162183][ T5928] netlink: 'syz.2.17': attribute type 29 has an invalid length.
[   61.167368][ T5930] netlink: 'syz.2.17': attribute type 29 has an invalid length.
[   61.583921][ T5220] Bluetooth: hci0: command tx timeout
[   61.663481][ T5220] Bluetooth: hci2: command tx timeout
[   61.663634][ T5833] Bluetooth: hci1: command tx timeout
[   61.861846][ T5965] netlink: 'syz.1.34': attribute type 10 has an invalid length.
[   61.904848][ T5968] netlink: 'syz.1.34': attribute type 10 has an invalid length.
[   61.908683][ T5968] netlink: 55 bytes leftover after parsing attributes in process `syz.1.34'.
[   62.860672][ T5971] netlink: 1053 bytes leftover after parsing attributes in process `syz.0.35'.
[   62.993558][ T5833] Bluetooth: hci0: unexpected event 0x09 length: 15 > 3
[   63.402894][ T5999] netlink: 4 bytes leftover after parsing attributes in process `syz.0.49'.
[   63.487568][ T6003] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.50'.
[   63.533799][ T6009] netlink: 132 bytes leftover after parsing attributes in process `syz.0.54'.
[   63.663487][ T5833] Bluetooth: hci0: command tx timeout
[   63.743140][ T5833] Bluetooth: hci2: command tx timeout
[   63.753931][ T5833] Bluetooth: hci1: command tx timeout
[   63.760040][ T5833] Bluetooth: hci0: unexpected event 0x05 length: 15 > 4
[   65.052480][ T6059] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.79'.
[   65.106449][ T6062] netlink: 'syz.2.79': attribute type 10 has an invalid length.
[   65.109471][ T6062] bond0: entered promiscuous mode
[   65.111486][ T6062] bond_slave_0: entered promiscuous mode
[   65.116328][ T6062] bond_slave_1: entered promiscuous mode
[   65.118408][ T6062] bridge0: port 3(bond0) entered blocking state
[   65.143149][ T6062] bridge0: port 3(bond0) entered disabled state
[   65.145405][ T6062] bond0: entered allmulticast mode
[   65.147113][ T6062] bond_slave_0: entered allmulticast mode
[   65.148864][ T6062] bond_slave_1: entered allmulticast mode
[   65.185746][ T6062] bridge0: port 3(bond0) entered blocking state
[   65.188985][ T6062] bridge0: port 3(bond0) entered forwarding state
[   65.745812][ T5833] Bluetooth: hci0: command tx timeout
[   65.814960][ T6091] __nla_validate_parse: 1 callbacks suppressed
[   65.814972][ T6091] netlink: 60 bytes leftover after parsing attributes in process `syz.1.93'.
[   65.823215][ T5833] Bluetooth: hci1: command tx timeout
[   65.824584][ T5220] Bluetooth: hci2: command tx timeout
[   65.828238][ T6091] netlink: 60 bytes leftover after parsing attributes in process `syz.1.93'.
[   65.841231][ T6091] netlink: 60 bytes leftover after parsing attributes in process `syz.1.93'.
[   66.126563][ T6104] netlink: 60 bytes leftover after parsing attributes in process `syz.2.97'.
[   66.129502][ T6103] netlink: 60 bytes leftover after parsing attributes in process `syz.2.97'.
[   66.189671][ T6106] netlink: 160 bytes leftover after parsing attributes in process `syz.2.98'.
[   66.456526][ T6116] netlink: 36 bytes leftover after parsing attributes in process `syz.0.103'.
[   66.507942][ T6116] net_ratelimit: 79 callbacks suppressed
[   66.508119][ T6116] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   66.994629][ T6143] mac80211_hwsim hwsim3 O3c: renamed from wlan1 (while UP)
[   67.539435][ T6166] warning: `syz.2.124' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   68.256104][ T6183] netlink: 44 bytes leftover after parsing attributes in process `syz.0.131'.
[   68.259198][ T6182] netlink: 44 bytes leftover after parsing attributes in process `syz.0.131'.
[   68.267609][ T6182] netlink: 44 bytes leftover after parsing attributes in process `syz.0.131'.
[   71.100126][ T6263] validate_nla: 2 callbacks suppressed
[   71.100168][ T6263] netlink: 'syz.2.164': attribute type 21 has an invalid length.
[   71.188048][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   71.191150][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   71.468598][ T6273] netlink: 'syz.0.172': attribute type 3 has an invalid length.
[   71.471161][ T6273] __nla_validate_parse: 1 callbacks suppressed
[   71.471199][ T6273] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.172'.
[   71.668041][ T6277] IPv6: Can't replace route, no match found
[   72.141893][ T6299] netlink: 'syz.0.184': attribute type 3 has an invalid length.
[   72.154212][ T6299] netlink: 'syz.0.184': attribute type 1 has an invalid length.
[   72.158179][ T6299] netlink: 191152 bytes leftover after parsing attributes in process `syz.0.184'.
[   72.324992][ T5220] Bluetooth: hci1: unexpected event 0x04 length: 15 > 10
[   72.325305][ T5220] Bluetooth: hci1: connection err: -111
[   72.825883][ T6324] Illegal XDP return value 342339584 on prog  (id 64) dev N/A, expect packet loss!
[   73.207918][ T6330] netlink: 'syz.0.197': attribute type 16 has an invalid length.
[   73.215336][ T6330] netlink: 168 bytes leftover after parsing attributes in process `syz.0.197'.
[   73.962683][ T6360] netlink: 'syz.2.210': attribute type 3 has an invalid length.
[   73.971691][ T6360] netlink: 'syz.2.210': attribute type 6 has an invalid length.
[   73.975802][ T6360] netlink: 198000 bytes leftover after parsing attributes in process `syz.2.210'.
[   74.060131][ T6362] netlink: 65019 bytes leftover after parsing attributes in process `syz.0.211'.
[   74.430954][ T6382] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   76.653001][    C1] clocksource: Long readout interval, skipping watchdog check: cs_nsec: 1039346965 wd_nsec: 1039346949
[   80.931373][ T6463] netlink: 'syz.1.260': attribute type 5 has an invalid length.
[   81.008529][ T6466] netlink: 830 bytes leftover after parsing attributes in process `syz.0.262'.
[   81.012076][ T6466] bond_slave_0: entered promiscuous mode
[   81.014359][ T6466] bond_slave_1: entered promiscuous mode
[   81.252434][ T6475] syzkaller0: entered promiscuous mode
[   81.256897][ T6475] syzkaller0: entered allmulticast mode
[   82.716810][ T5220] Bluetooth: hci1: unexpected event 0x3d length: 15 > 14
[   82.863130][ T5220] Bluetooth: hci1: unexpected subevent 0x19 length: 150 > 28
[   82.868857][ T5220] Bluetooth: hci1: Unable to find connection with handle 0x0000
[   83.051132][ T6534] netlink: 60 bytes leftover after parsing attributes in process `syz.1.293'.
[   83.251407][ T6544] team0: Port device team_slave_0 removed
[   83.266651][ T6544] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[   83.335704][ T6544] syz.1.299 (6544) used greatest stack depth: 19968 bytes left
[   84.291472][ T5220] Bluetooth: hci2: unexpected event 0x05 length: 15 > 4
[  132.637862][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  132.640363][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[  180.784087][ T5831] Bluetooth: hci1: command 0x0406 tx timeout
[  180.786731][ T5831] Bluetooth: hci2: command 0x0406 tx timeout
[  190.542979][    C1] rcu: INFO: rcu_preempt self-detected stall on CPU
[  190.545173][    C1] rcu: 	1-....: (6135 ticks this GP) idle=ac74/1/0x4000000000000000 softirq=17873/17873 fqs=4925
[  190.550469][    C1] rcu: 	         hardirqs   softirqs   csw/system
[  190.552564][    C1] rcu: 	 number:  1141570          0            0
[  190.554464][    C1] rcu: 	cputime:    25277      27212           84   ==> 52490(ms)
[  190.556812][    C1] rcu: 	(t=10500 jiffies g=10805 q=623 ncpus=2)
[  190.558654][    C1] CPU: 1 UID: 0 PID: 6657 Comm: syz.1.351 Not tainted 6.16.0-rc6-syzkaller-00411-g95993dc3039e-dirty #0 PREEMPT(full) 
[  190.558664][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  190.558670][    C1] RIP: 0010:rcu_read_unlock_special+0x87/0x4c0
[  190.558691][    C1] Code: f1 f1 f1 00 f2 f2 f2 4a 89 04 2b 66 42 c7 44 2b 09 f3 f3 42 c6 44 2b 0b f3 65 44 8b 35 62 2c f8 10 41 f7 c6 00 00 f0 00 74 49 <48> c7 44 24 40 0e 36 e0 45 4a c7 04 2b 00 00 00 00 66 42 c7 44 2b
[  190.558698][    C1] RSP: 0018:ffffc900001e05a0 EFLAGS: 00000206
[  190.558707][    C1] RAX: dbcdccfb219e0900 RBX: 1ffff9200003c0bc RCX: dbcdccfb219e0900
[  190.558712][    C1] RDX: 0000000000000002 RSI: ffffffff8d99883e RDI: ffffffff8be29f40
[  190.558718][    C1] RBP: ffffc900001e0698 R08: ffffffff8fa1e8f7 R09: 1ffffffff1f43d1e
[  190.558723][    C1] R10: dffffc0000000000 R11: fffffbfff1f43d1f R12: ffffffff8e144400
[  190.558728][    C1] R13: dffffc0000000000 R14: 0000000000000246 R15: 0000000000000002
[  190.558733][    C1] FS:  00007f25be5f66c0(0000) GS:ffff8881a3c1f000(0000) knlGS:0000000000000000
[  190.558739][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  190.558744][    C1] CR2: 00007efc474e56c0 CR3: 000000004492e000 CR4: 00000000000006f0
[  190.558769][    C1] Call Trace:
[  190.558776][    C1]  <IRQ>
[  190.558779][    C1]  ? __lock_acquire+0xab9/0xd20
[  190.558795][    C1]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  190.558809][    C1]  ? unwind_next_frame+0xa5/0x2390
[  190.558823][    C1]  __rcu_read_unlock+0x84/0xe0
[  190.558835][    C1]  ? unwind_next_frame+0xa5/0x2390
[  190.558842][    C1]  unwind_next_frame+0x19ae/0x2390
[  190.558854][    C1]  ? unwind_next_frame+0xa5/0x2390
[  190.558863][    C1]  ? __cgroup1_procs_write+0x2cd/0x3c0
[  190.558878][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  190.558889][    C1]  arch_stack_walk+0x11c/0x150
[  190.558904][    C1]  ? cgroup_file_write+0x39e/0x740
[  190.558917][    C1]  stack_trace_save+0x9c/0xe0
[  190.558927][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  190.558939][    C1]  ? __irq_exit_rcu+0xd8/0x1f0
[  190.558949][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  190.558959][    C1]  kasan_save_track+0x3e/0x80
[  190.558967][    C1]  ? kasan_save_track+0x3e/0x80
[  190.558973][    C1]  ? kasan_save_free_info+0x46/0x50
[  190.558982][    C1]  ? __kasan_slab_free+0x62/0x70
[  190.558988][    C1]  ? kfree+0x18e/0x440
[  190.558995][    C1]  ? slab_free_after_rcu_debug+0x60/0x2a0
[  190.559005][    C1]  ? rcu_core+0xca8/0x1710
[  190.559012][    C1]  ? handle_softirqs+0x286/0x870
[  190.559019][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  190.559026][    C1]  ? irq_exit_rcu+0x9/0x30
[  190.559033][    C1]  ? sysvec_apic_timer_interrupt+0xa6/0xc0
[  190.559045][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  190.559053][    C1]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  190.559063][    C1]  ? freezer_attach+0x1a1/0x260
[  190.559100][    C1]  ? cgroup_migrate_execute+0x7a5/0xf40
[  190.559108][    C1]  ? cgroup_attach_task+0x6ce/0x970
[  190.559115][    C1]  ? __cgroup1_procs_write+0x2cd/0x3c0
[  190.559148][    C1]  kasan_save_free_info+0x46/0x50
[  190.559158][    C1]  __kasan_slab_free+0x62/0x70
[  190.559165][    C1]  ? slab_free_after_rcu_debug+0x60/0x2a0
[  190.559174][    C1]  kfree+0x18e/0x440
[  190.559183][    C1]  ? rcu_core+0xc34/0x1710
[  190.559191][    C1]  slab_free_after_rcu_debug+0x60/0x2a0
[  190.559201][    C1]  ? __pfx_slab_free_after_rcu_debug+0x10/0x10
[  190.559210][    C1]  ? rcu_core+0xc34/0x1710
[  190.559218][    C1]  rcu_core+0xca8/0x1710
[  190.559236][    C1]  ? __pfx_rcu_core+0x10/0x10
[  190.559243][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  190.559261][    C1]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  190.559270][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  190.559279][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  190.559293][    C1]  handle_softirqs+0x286/0x870
[  190.559304][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  190.559316][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  190.559326][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  190.559340][    C1]  __irq_exit_rcu+0xca/0x1f0
[  190.559348][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  190.559362][    C1]  irq_exit_rcu+0x9/0x30
[  190.559369][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  190.559379][    C1]  </IRQ>
[  190.559381][    C1]  <TASK>
[  190.559385][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  190.559393][    C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110
[  190.559402][    C1] Code: 74 05 e8 cb 9e 56 f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 13 cd 1f f6 65 8b 05 bc f9 2e 07 85 c0 74 40 48 c7 04 24 0e 36
[  190.559408][    C1] RSP: 0018:ffffc9000392f720 EFLAGS: 00000206
[  190.559415][    C1] RAX: dbcdccfb219e0900 RBX: 0000000000000a02 RCX: dbcdccfb219e0900
[  190.559420][    C1] RDX: 0000000000000006 RSI: ffffffff8d99883e RDI: 0000000000000001
[  190.559424][    C1] RBP: ffffc9000392f7b0 R08: ffffffff8fa1e8f7 R09: 1ffffffff1f43d1e
[  190.559429][    C1] R10: dffffc0000000000 R11: fffffbfff1f43d1f R12: dffffc0000000000
[  190.559434][    C1] R13: ffff888037412d20 R14: ffffffff8e15d060 R15: 1ffff92000725ee4
[  190.559450][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  190.559462][    C1]  ? __thaw_task+0x6c/0x210
[  190.559472][    C1]  freezer_attach+0x1a1/0x260
[  190.559485][    C1]  ? __pfx_freezer_attach+0x10/0x10
[  190.559494][    C1]  ? preempt_schedule_thunk+0x16/0x30
[  190.559507][    C1]  cgroup_migrate_execute+0x7a5/0xf40
[  190.559521][    C1]  cgroup_attach_task+0x6ce/0x970
[  190.559532][    C1]  ? cgroup_attach_task+0x1fb/0x970
[  190.559540][    C1]  ? __pfx_cgroup_attach_task+0x10/0x10
[  190.559554][    C1]  ? get_task_cred+0x23/0x300
[  190.559566][    C1]  ? get_task_cred+0x23/0x300
[  190.559574][    C1]  ? get_task_cred+0x23/0x300
[  190.559584][    C1]  ? get_task_cred+0x2c1/0x300
[  190.559592][    C1]  ? get_task_cred+0x23/0x300
[  190.559603][    C1]  __cgroup1_procs_write+0x2cd/0x3c0
[  190.559617][    C1]  ? __pfx___cgroup1_procs_write+0x10/0x10
[  190.559627][    C1]  ? kernfs_root+0x1c/0x230
[  190.559637][    C1]  ? kernfs_root+0x1c/0x230
[  190.559646][    C1]  ? kernfs_root+0x1ea/0x230
[  190.559654][    C1]  ? __pfx_cgroup1_procs_write+0x10/0x10
[  190.559664][    C1]  cgroup_file_write+0x39e/0x740
[  190.559678][    C1]  ? __pfx_cgroup_file_write+0x10/0x10
[  190.559696][    C1]  ? __pfx_cgroup_file_write+0x10/0x10
[  190.559705][    C1]  kernfs_fop_write_iter+0x378/0x4f0
[  190.559720][    C1]  vfs_write+0x54b/0xa90
[  190.559732][    C1]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  190.559743][    C1]  ? __pfx_vfs_write+0x10/0x10
[  190.559767][    C1]  ksys_write+0x145/0x250
[  190.559777][    C1]  ? __pfx_ksys_write+0x10/0x10
[  190.559791][    C1]  do_syscall_64+0xfa/0x3b0
[  190.559802][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.559809][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  190.559819][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.559826][    C1] RIP: 0033:0x7f25c078e9a9
[  190.559836][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  190.559842][    C1] RSP: 002b:00007f25be5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  190.559849][    C1] RAX: ffffffffffffffda RBX: 00007f25c09b5fa0 RCX: 00007f25c078e9a9
[  190.559854][    C1] RDX: 0000000000000012 RSI: 00002000000001c0 RDI: 0000000000000009
[  190.559859][    C1] RBP: 00007f25c0810d69 R08: 0000000000000000 R09: 0000000000000000
[  190.559863][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  190.559867][    C1] R13: 0000000000000000 R14: 00007f25c09b5fa0 R15: 00007ffc0e109f78
[  190.559881][    C1]  </TASK>
[  190.782934][    C1] sched: DL replenish lagged too much
[  194.076036][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  194.078706][ T1361] ieee802154 phy1 wpan1: encryption failed: -22

VM DIAGNOSIS:
10:17:04  Registers:
info registers vcpu 0

CPU#0
RAX=92626af576cf5400 RBX=ffffffff81976a48 RCX=92626af576cf5400 RDX=0000000000000001
RSI=ffffffff8d99883e RDI=ffffffff8be29f40 RBP=ffffffff8de07ea8 RSP=ffffffff8de07d80
R8 =ffff88804b032f9b R9 =1ffff110096065f3 R10=dffffc0000000000 R11=ffffed10096065f4
R12=ffffffff8fa1e8f0 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a50
RIP=ffffffff8b6e84f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b861f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055556878a5c8 CR3=000000000df38000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 00000000000000ff XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000002251 0000000000002231
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=ffffffffffff0000 ffffffffffff0000 XMM09=000000000000e951 0000000000003431
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000030 RBX=0000000000000030 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900001df8d0
R8 =ffff888107cd0237 R9 =1ffff11020f9a046 R10=dffffc0000000000 R11=ffffffff854728e0
R12=dffffc0000000000 R13=ffffffff99af58d0 R14=ffffffff99dfa1e0 R15=0000000000000000
RIP=ffffffff8547295c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f25be5f66c0 ffffffff 00c00000
GS =0000 ffff8881a3c1f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007efc474e56c0 CR3=000000004492e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=006c6f72746e6f63 5f65657274627573
XMM02=00007f5503b86478 00007f5503b86450 XMM03=00007f5503b86488 00007f5503b86480
XMM04=00007f55046ed100 00007f5503b86440 XMM05=00007f5503b86458 00007f5503b864a0
XMM06=00007f5503b86498 00007f5503b86490 XMM07=00007f5503b86488 00007f5503b86480
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f5503a11ec1
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
