last executing test programs:

710.900777ms ago: executing program 0 (id=295):
r0 = socket$kcm(0x29, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x119, 0x8, &(0x7f0000000000), 0x4)

710.451882ms ago: executing program 0 (id=297):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x12, 0x0, &(0x7f0000000000)="b9ff03076044238c9e9e15f088a84cb688a8", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x0, 0x7}, {0x0, 0x0, 0x0, 0x81}]})
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2688f54c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
socketpair(0x11, 0xa, 0x300, &(0x7f0000000000))
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

533.496115ms ago: executing program 0 (id=301):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, @perf_bp={0x0, 0xf}, 0x1000, 0x4, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x6, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000011008188040f46ecdb00e3bd6efb4400080000000a000f00000aba8000001201", 0x24}, {&(0x7f0000000200)="cc182c338cba61617516", 0xa}], 0x2}, 0x0)

350.467678ms ago: executing program 0 (id=311):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0fff100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001011404000011000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb450063dedba767ade51f7f1f66acd19100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb4e4d0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e85cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd0cf8f79a015c7bd3f15aa6aadbeab2a01685108e61aa00000000000000000000000000c67c6c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e3b42bcae95239ef5ca2a730a00c87c493db0300e63fda97a296820000000001000000eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e180022537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d3f00000000000000665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d81ab324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e2603217606637ece1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca7670000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de56f7a0000e094fa4e3f05528caab5a430c08dd810bc97204b767dd969721a26aa740000000000bc433fe2d0a6ef2a8a91cd3cb305aa80dadef8b0caca780000000000000000863e21db415a222bb1a7ab94bfe4a74157d794f9d0430c2c0eb563350559829865a3dd08fb31bd0801e09aa3ee45e61a56fc83076451cff7632e49a41eadb5044a0d5f73d6932161ae5e9ce218a35cd8e7b747887b1a74798982d0b492c3f0ff53189d80733eb04f8124877b648ff438f7d66c7efcc09a8f3330b6c22d14e80db8e5608bdeab9388b758a15f4ce70390c214bc6838798f5b9b0b500d4e8b5174f329b8501c6feb7a6982bcea74a0f2ced7fa2059234a8d10b7f0597151d5c9067d57d85f4ae933eaf5174ba122f3f702ef8695578d3c08562c9fc185f0f65d11b4c58ae52500cbe99cde3758a5cbe6093dd328ac820e2de309d25a324647aadffcecf0f3bbaeda7af4436d9ffbce1b240a2f5e346eba8812e6329e01b087bde7da4a6448f478102e90c8134f531de08d4cf4f6f35b15a202544c0ced0c1715fd3a90099f785a13a2412bedba2981dd22bd9d736c00000000000000000000000000000000eb6fec8d7d2f77f4d470a9caa5b1bfc00cd1d40830ac35f229f8ffe1c02a63d3c2d9"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x57)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x702, 0xe, 0x700, &(0x7f0000000540)="e460334470b8d480eb00c15286dd", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

291.369233ms ago: executing program 2 (id=312):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000100)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x2c}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x2107, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

274.701686ms ago: executing program 2 (id=314):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x8}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

222.036954ms ago: executing program 0 (id=315):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000072"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r0)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x20008000)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r2}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
recvmsg(r1, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000a80)=""/20, 0x14}], 0x1}, 0x0)

221.887157ms ago: executing program 2 (id=316):
r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100904}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='cgroup.controllers\x00', 0x26e1, 0x0)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
ioctl$SIOCSIFHWADDR(r2, 0x8b05, &(0x7f0000000000)={'wlan1\x00'})

221.811335ms ago: executing program 1 (id=317):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x6, 0x4, 0xfff, 0x9, 0x0, 0xffffffffffffffff, 0x7}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x2000}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000080850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f00000021c0)={r2, 0x0, 0x0}, 0x10)

151.608729ms ago: executing program 1 (id=318):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="140000004f007f049e", 0x9}, {&(0x7f00000001c0)="000050b783000000051c1f", 0xb}], 0x2}, 0x800)

151.495635ms ago: executing program 1 (id=319):
mkdir(&(0x7f0000000000)='./file0\x00', 0xbe9bac6d2d0f4e0b)
mkdir(&(0x7f0000000040)='./file0/file0\x00', 0x0)
unlink(&(0x7f0000000080)='./file0/file0\x00')

151.277897ms ago: executing program 1 (id=320):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x7, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000e5000300000000000600000000000000250000001000000006000000faffffff95"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)

90.597996ms ago: executing program 2 (id=321):
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="5c00000015006b03004e21000af32c6e020675f800250002400100000017d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b498fa51f60a64c9f4d4938037e786a6d0bdd70000b6c0504bb9189d9193e9bd1c1b78", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

90.471464ms ago: executing program 2 (id=322):
r0 = socket$kcm(0xa, 0x2, 0x73)
close(r0)

90.133263ms ago: executing program 1 (id=323):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r0, 0x8, 0x0, 0x0, 0x18, &(0x7f0000000200), 0x1}, 0x6d)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0xc, 0x1, &(0x7f0000000500)=@raw=[@generic={0x34, 0x8, 0x3, 0x8, 0xa9ac}], 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0x23, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)

13.65963ms ago: executing program 2 (id=324):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110c23003f)

13.449905ms ago: executing program 1 (id=325):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x22a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffffffffffff}}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1a1740, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'xfrm0\x00', 0x84aebfbd6349b7f2})
recvmsg(0xffffffffffffffff, 0x0, 0x140)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000002340)={0x0, 0x0, &(0x7f0000001680), &(0x7f0000002300), 0x8001}, 0x38)
close(r1)
socket$kcm(0x11, 0x200000000000002, 0x300)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0, 0x4a}, 0x28)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x10}, 0x0, 0xca, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000005100)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@struct={0x2, 0x0, 0x0, 0x4, 0x0, 0x6}]}, {0x0, [0x2e, 0x2e, 0x5f]}}, 0x0, 0x29, 0x0, 0x1, 0xfffffff7}, 0x28)
close(0xffffffffffffffff)
r4 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r4, 0x6, 0x12, &(0x7f0000000200), 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r3, 0x0, 0x0, 0x47, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8000, 0x1}, 0x50)
recvmsg$unix(r0, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000180)=ANY=[@ANYRES8=r1, @ANYBLOB="3ee901"], 0x9a)
unlink(&(0x7f0000000000)='./file0\x00')

0s ago: executing program 0 (id=326):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000001100000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x3a)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:1707' (ED25519) to the list of known hosts.
syzkaller login: [   48.977819][ T5788] cgroup: Unknown subsys name 'net'
[   49.106651][ T5788] cgroup: Unknown subsys name 'cpuset'
[   49.113290][ T5788] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.487773][ T5788] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   54.411213][ T5220] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   54.414822][ T5220] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   54.417602][ T5220] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   54.421670][ T5220] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   54.448147][ T5830] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   54.450968][ T5830] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   54.470501][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   54.473154][ T5834] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   54.476080][ T5834] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   54.479204][ T5834] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   54.479992][ T5835] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   54.481736][ T5834] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   54.487344][ T5835] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   54.491211][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   54.495509][ T5828] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   54.740694][ T5825] chnl_net:caif_netlink_parms(): no params data found
[   54.780756][ T5832] chnl_net:caif_netlink_parms(): no params data found
[   54.796561][ T5829] chnl_net:caif_netlink_parms(): no params data found
[   54.925305][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.928545][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.930976][ T5825] bridge_slave_0: entered allmulticast mode
[   54.934481][ T5825] bridge_slave_0: entered promiscuous mode
[   54.964454][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.967572][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.970532][ T5832] bridge_slave_0: entered allmulticast mode
[   54.974743][ T5832] bridge_slave_0: entered promiscuous mode
[   54.977819][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.980388][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.983719][ T5825] bridge_slave_1: entered allmulticast mode
[   54.986568][ T5825] bridge_slave_1: entered promiscuous mode
[   54.996926][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.999546][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.001915][ T5829] bridge_slave_0: entered allmulticast mode
[   55.004951][ T5829] bridge_slave_0: entered promiscuous mode
[   55.008085][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.010851][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.014102][ T5832] bridge_slave_1: entered allmulticast mode
[   55.017025][ T5832] bridge_slave_1: entered promiscuous mode
[   55.037983][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.041051][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.044270][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.046680][ T5829] bridge_slave_1: entered allmulticast mode
[   55.049654][ T5829] bridge_slave_1: entered promiscuous mode
[   55.060755][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.089169][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.101774][ T5825] team0: Port device team_slave_0 added
[   55.105728][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.109632][ T5825] team0: Port device team_slave_1 added
[   55.112774][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.118345][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.162803][ T5832] team0: Port device team_slave_0 added
[   55.168106][ T5832] team0: Port device team_slave_1 added
[   55.180513][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.183852][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.193724][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.215532][ T5829] team0: Port device team_slave_0 added
[   55.218704][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.221764][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.233485][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.242482][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.244941][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.254335][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.259685][ T5829] team0: Port device team_slave_1 added
[   55.276692][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.279197][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.288425][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.311121][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.313919][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.322627][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.327442][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.329713][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.338424][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.346620][ T5825] hsr_slave_0: entered promiscuous mode
[   55.348978][ T5825] hsr_slave_1: entered promiscuous mode
[   55.389777][ T5832] hsr_slave_0: entered promiscuous mode
[   55.392217][ T5832] hsr_slave_1: entered promiscuous mode
[   55.394843][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.397464][ T5832] Cannot create hsr debugfs directory
[   55.410257][ T5829] hsr_slave_0: entered promiscuous mode
[   55.412604][ T5829] hsr_slave_1: entered promiscuous mode
[   55.415353][ T5829] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.418376][ T5829] Cannot create hsr debugfs directory
[   55.637290][ T5832] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   55.645099][ T5832] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   55.656175][ T5832] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   55.668155][ T5832] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   55.691956][ T5825] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   55.717977][ T5825] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   55.722240][ T5825] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   55.738650][ T5825] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   55.775574][ T5829] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   55.781918][ T5829] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   55.786873][ T5829] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   55.791960][ T5829] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   55.909832][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.918356][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.948423][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.954364][ T5832] 8021q: adding VLAN 0 to HW filter on device team0
[   55.965444][ T5829] 8021q: adding VLAN 0 to HW filter on device team0
[   55.970353][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.973678][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.998445][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.000792][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.004190][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.007027][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.011713][ T5825] 8021q: adding VLAN 0 to HW filter on device team0
[   56.020146][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.022464][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.035149][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.037560][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.058050][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.060461][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.124464][ T5825] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   56.232547][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.246203][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.255195][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.307594][ T5832] veth0_vlan: entered promiscuous mode
[   56.315101][ T5825] veth0_vlan: entered promiscuous mode
[   56.326955][ T5829] veth0_vlan: entered promiscuous mode
[   56.331023][ T5832] veth1_vlan: entered promiscuous mode
[   56.336774][ T5825] veth1_vlan: entered promiscuous mode
[   56.346995][ T5829] veth1_vlan: entered promiscuous mode
[   56.371944][ T5832] veth0_macvtap: entered promiscuous mode
[   56.377935][ T5825] veth0_macvtap: entered promiscuous mode
[   56.381777][ T5832] veth1_macvtap: entered promiscuous mode
[   56.390606][ T5825] veth1_macvtap: entered promiscuous mode
[   56.406179][ T5829] veth0_macvtap: entered promiscuous mode
[   56.418322][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.422269][ T5829] veth1_macvtap: entered promiscuous mode
[   56.429884][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.438390][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.447940][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.453791][ T5825] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.457606][ T5825] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.461343][ T5825] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.468760][ T5825] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.490111][ T5832] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.493667][ T5832] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.493676][ T5220] Bluetooth: hci2: command tx timeout
[   56.496774][ T5832] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.502063][ T5832] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.503632][ T5220] Bluetooth: hci0: command tx timeout
[   56.518143][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.538934][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.574056][ T5220] Bluetooth: hci1: command tx timeout
[   56.578330][ T5829] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.581253][ T5829] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.591502][ T5829] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.595174][ T5829] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.608952][   T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.612352][   T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.661931][ T3057] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.665648][ T3057] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.689706][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.698251][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.700937][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.705904][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.739366][ T5825] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   56.748947][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.752263][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.798133][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.805445][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.880743][ T5897] netlink: 'syz.1.4': attribute type 27 has an invalid length.
[   56.911637][ T5897] netlink: 2418 bytes leftover after parsing attributes in process `syz.1.4'.
[   57.257777][ T5920] bond_slave_1: mtu less than device minimum
[   57.507973][ T5945] netlink: 'syz.1.25': attribute type 1 has an invalid length.
[   57.510770][ T5945] netlink: 'syz.1.25': attribute type 3 has an invalid length.
[   57.514370][ T5945] netlink: 132 bytes leftover after parsing attributes in process `syz.1.25'.
[   57.569032][ T5945] Zero length message leads to an empty skb
[   57.632226][ T5957] netlink: 183676 bytes leftover after parsing attributes in process `syz.0.28'.
[   57.842025][ T5972] netlink: 4 bytes leftover after parsing attributes in process `syz.0.37'.
[   57.932125][ T5980] netlink: 'syz.2.41': attribute type 13 has an invalid length.
[   57.942234][ T5980] netlink: 'syz.2.41': attribute type 58 has an invalid length.
[   57.946394][ T5980] netlink: 152 bytes leftover after parsing attributes in process `syz.2.41'.
[   58.057364][ T5990] warning: `syz.2.43' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   58.092867][    C0] hrtimer: interrupt took 70907 ns
[   58.124123][ T5984] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   58.339187][ T6000] netlink: 132 bytes leftover after parsing attributes in process `syz.2.49'.
[   58.394080][ T6004] netlink: 62967 bytes leftover after parsing attributes in process `syz.2.51'.
[   58.499415][   T10] cfg80211: failed to load regulatory.db
[   58.578568][ T5220] Bluetooth: hci0: command tx timeout
[   58.580563][ T5220] Bluetooth: hci2: command tx timeout
[   58.595504][ T6010] netlink: 40 bytes leftover after parsing attributes in process `syz.1.54'.
[   58.665041][   T54] Bluetooth: hci1: command tx timeout
[   58.843110][ T6018] netlink: 'syz.1.58': attribute type 10 has an invalid length.
[   58.855369][ T6018] bond0: (slave bond_slave_0): Releasing backup interface
[   58.862480][ T6020] netlink: 'syz.2.59': attribute type 10 has an invalid length.
[   58.880951][ T6020] macvlan0: entered promiscuous mode
[   58.888354][ T6020] macvlan0: entered allmulticast mode
[   58.906971][ T6020] veth1_vlan: entered allmulticast mode
[   58.912130][ T6020] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[   59.009623][ T6024] netlink: 'syz.2.61': attribute type 4 has an invalid length.
[   59.016633][ T6024] netlink: 152 bytes leftover after parsing attributes in process `syz.2.61'.
[   59.036380][ T6024] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[   59.044989][ T6026] netlink: 'syz.1.62': attribute type 10 has an invalid length.
[   59.050601][ T6026] netlink: 65015 bytes leftover after parsing attributes in process `syz.1.62'.
[   59.110966][ T6033] netlink: 'syz.2.66': attribute type 2 has an invalid length.
[   59.116081][ T6033] nbd: must specify a device to reconfigure
[   60.653449][ T5220] Bluetooth: hci0: command tx timeout
[   60.654735][   T54] Bluetooth: hci2: command tx timeout
[   60.733848][   T54] Bluetooth: hci1: command tx timeout
[   62.265240][ T6056] netlink: 'syz.0.77': attribute type 15 has an invalid length.
[   62.268251][ T6056] __nla_validate_parse: 1 callbacks suppressed
[   62.268259][ T6056] netlink: 11206 bytes leftover after parsing attributes in process `syz.0.77'.
[   62.357793][ T6061] ref_ctr_offset mismatch. inode: 0x8f offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x20
[   62.363993][ T6061] netlink: 60 bytes leftover after parsing attributes in process `syz.0.78'.
[   62.368665][ T6058] netlink: 60 bytes leftover after parsing attributes in process `syz.0.78'.
[   62.405438][ T6064] netlink: 'syz.2.80': attribute type 2 has an invalid length.
[   62.407940][ T6064] netlink: 'syz.2.80': attribute type 1 has an invalid length.
[   62.414821][ T6064] netlink: 193500 bytes leftover after parsing attributes in process `syz.2.80'.
[   62.417685][ T6064] nbd: must specify at least one socket
[   62.569621][ T6076] netlink: 'syz.2.85': attribute type 22 has an invalid length.
[   62.575617][ T6076] netlink: 4 bytes leftover after parsing attributes in process `syz.2.85'.
[   62.610958][ T6078] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.86'.
[   62.733806][   T54] Bluetooth: hci0: command tx timeout
[   62.733838][ T5220] Bluetooth: hci2: command tx timeout
[   62.806411][ T6092] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.93'.
[   62.813462][ T5220] Bluetooth: hci1: command tx timeout
[   62.925578][ T6100] netlink: 'syz.0.97': attribute type 21 has an invalid length.
[   62.928107][ T6100] netlink: 'syz.0.97': attribute type 4 has an invalid length.
[   63.347616][ T5220] Bluetooth: hci1: Malformed LE Event: 0x0d
[   64.639297][ T6145] syzkaller0: entered promiscuous mode
[   64.641216][ T6145] syzkaller0: entered allmulticast mode
[   64.847667][ T6161] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.124'.
[   64.863231][ T6161] netlink: 6328 bytes leftover after parsing attributes in process `syz.2.124'.
[   66.006600][ T6196] netlink: 'syz.1.141': attribute type 4 has an invalid length.
[   66.009455][ T6196] netlink: 193500 bytes leftover after parsing attributes in process `syz.1.141'.
[   66.066327][ T6202] netlink: 'syz.1.144': attribute type 4 has an invalid length.
[   66.089375][ T6202] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[   66.102684][ T5220] Bluetooth: hci1: unexpected event 0x31 length: 15 > 6
[   66.321433][ T6223] netlink: 'syz.2.154': attribute type 2 has an invalid length.
[   67.453198][ T6259] __nla_validate_parse: 4 callbacks suppressed
[   67.453208][ T6259] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.169'.
[   67.502331][ T6263] netlink: 60 bytes leftover after parsing attributes in process `syz.1.171'.
[   68.026441][ T6277] netlink: 'syz.1.177': attribute type 10 has an invalid length.
[   68.029016][ T6277] netlink: 3819 bytes leftover after parsing attributes in process `syz.1.177'.
[   70.126831][ T6341] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
[   70.141557][ T6341] netlink: 36 bytes leftover after parsing attributes in process `syz.2.206'.
[   70.158330][ T6341] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   70.168326][ T6349] netlink: 60 bytes leftover after parsing attributes in process `syz.1.210'.
[   70.189094][ T6349] netlink: 60 bytes leftover after parsing attributes in process `syz.1.210'.
[   70.194731][ T6349] netlink: 60 bytes leftover after parsing attributes in process `syz.1.210'.
[   70.195580][ T6352] netlink: 'syz.0.211': attribute type 1 has an invalid length.
[   70.201343][ T6352] netlink: 199820 bytes leftover after parsing attributes in process `syz.0.211'.
[   70.822825][ T6386] syzkaller0: entered promiscuous mode
[   70.824850][ T6386] syzkaller0: entered allmulticast mode
[   70.896541][ T1360] ieee802154 phy0 wpan0: encryption failed: -22
[   70.898705][ T1360] ieee802154 phy1 wpan1: encryption failed: -22
[   71.265305][ T5220] Bluetooth: hci0: unexpected event 0x07 length: 15 < 255
[   71.579367][ T6390] netlink: 103 bytes leftover after parsing attributes in process `syz.2.230'.
[   71.733748][ T6408] Driver unsupported XDP return value 0 on prog  (id 84) dev N/A, expect packet loss!
[   71.983173][ T6434] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.251'.
[   73.024857][ T6460] netlink: 36 bytes leftover after parsing attributes in process `syz.2.262'.
[   73.838809][ T6479] sctp: [Deprecated]: syz.2.267 (pid 6479) Use of struct sctp_assoc_value in delayed_ack socket option.
[   73.838809][ T6479] Use struct sctp_sack_info instead
[   74.903609][ T5220] Bluetooth: hci0: Malformed LE Event: 0x0d
[   74.925017][ T6518] netlink: 5 bytes leftover after parsing attributes in process `syz.0.285'.
[   75.036858][ T6528] netlink: 132 bytes leftover after parsing attributes in process `syz.2.287'.
[   75.047189][ T5220] Bluetooth: hci1: ISO packet for unknown connection handle 3327
[   75.051131][ T5220] Bluetooth: hci1: unexpected subevent 0x01 length: 150 > 18
[   75.057497][ T6534] netlink: 'syz.0.290': attribute type 10 has an invalid length.
[   75.192546][ T6546] netlink: 'syz.1.296': attribute type 4 has an invalid length.
[   75.352342][ T6561] netlink: 'syz.1.303': attribute type 21 has an invalid length.
[   75.357935][ T6562] netlink: 14 bytes leftover after parsing attributes in process `syz.0.301'.
[   75.418511][ T6566] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.305'.
[   75.607762][ T6582] netlink: 24032 bytes leftover after parsing attributes in process `syz.1.313'.
[   75.611342][ T6582] netlink: 104088 bytes leftover after parsing attributes in process `syz.1.313'.
[   75.616498][ T6582] netlink: 24032 bytes leftover after parsing attributes in process `syz.1.313'.
[   75.912620][ T6608] 
[   75.913761][ T6608] =============================
[   75.915336][ T6608] WARNING: suspicious RCU usage
[   75.916893][ T6608] 6.16.0-rc6-syzkaller-00434-gcd7c97f4584a-dirty #0 Not tainted
[   75.920086][ T6608] -----------------------------
[   75.921655][ T6608] net/core/netclassid_cgroup.c:24 suspicious rcu_dereference_check() usage!
[   75.924440][ T6608] 
[   75.924440][ T6608] other info that might help us debug this:
[   75.924440][ T6608] 
[   75.927717][ T6608] 
[   75.927717][ T6608] rcu_scheduler_active = 2, debug_locks = 1
[   75.930357][ T6608] 1 lock held by syz.0.326/6608:
[   75.932009][ T6608]  #0: ffffffff8e13f280 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x38/0x80
[   75.935991][ T6608] 
[   75.935991][ T6608] stack backtrace:
[   75.938147][ T6608] CPU: 0 UID: 0 PID: 6608 Comm: syz.0.326 Not tainted 6.16.0-rc6-syzkaller-00434-gcd7c97f4584a-dirty #0 PREEMPT(full) 
[   75.938158][ T6608] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   75.938163][ T6608] Call Trace:
[   75.938167][ T6608]  <TASK>
[   75.938171][ T6608]  dump_stack_lvl+0x189/0x250
[   75.938186][ T6608]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.938201][ T6608]  ? __pfx__printk+0x10/0x10
[   75.938219][ T6608]  ? print_lock_name+0xde/0x100
[   75.938236][ T6608]  lockdep_rcu_suspicious+0x140/0x1d0
[   75.938247][ T6608]  task_cls_state+0x1a5/0x1d0
[   75.938259][ T6608]  bpf_get_cgroup_classid_curr+0x18/0x60
[   75.938277][ T6608]  bpf_prog_cd2e46495e8fe8a5+0x20/0x26
[   75.938289][ T6608]  bpf_prog_run_pin_on_cpu+0x6a/0x150
[   75.938302][ T6608]  bpf_prog_test_run_syscall+0x312/0x4b0
[   75.938317][ T6608]  ? __pfx_bpf_prog_test_run_syscall+0x10/0x10
[   75.938328][ T6608]  ? __fget_files+0x2a/0x420
[   75.938345][ T6608]  ? __pfx_bpf_prog_test_run_syscall+0x10/0x10
[   75.938358][ T6608]  bpf_prog_test_run+0x2c7/0x340
[   75.938372][ T6608]  __sys_bpf+0x581/0x870
[   75.938384][ T6608]  ? __pfx___sys_bpf+0x10/0x10
[   75.938403][ T6608]  ? exc_page_fault+0x76/0xf0
[   75.938420][ T6608]  ? rcu_is_watching+0x15/0xb0
[   75.938436][ T6608]  __x64_sys_bpf+0x7c/0x90
[   75.938453][ T6608]  do_syscall_64+0xfa/0x3b0
[   75.938467][ T6608]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.938480][ T6608]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.938491][ T6608]  ? exc_page_fault+0x9f/0xf0
[   75.938506][ T6608]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.938516][ T6608] RIP: 0033:0x7fb0d318eb69
[   75.938526][ T6608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.938536][ T6608] RSP: 002b:00007fb0d3f6d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   75.938574][ T6608] RAX: ffffffffffffffda RBX: 00007fb0d33b5fa0 RCX: 00007fb0d318eb69
[   75.938584][ T6608] RDX: 000000000000003a RSI: 0000200000000340 RDI: 000000000000000a
[   75.938590][ T6608] RBP: 00007fb0d3211df1 R08: 0000000000000000 R09: 0000000000000000
[   75.938597][ T6608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.938604][ T6608] R13: 0000000000000000 R14: 00007fb0d33b5fa0 R15: 00007ffce514de48
[   75.938623][ T6608]  </TASK>
[   76.034393][   T54] Bluetooth: hci0: unexpected subevent 0x01 length: 150 > 18
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[   76.678350][ T5858] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.764098][ T5858] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.825623][ T5858] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.898526][ T5858] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.013629][ T5858] bridge_slave_1: left allmulticast mode
[   77.015560][ T5858] bridge_slave_1: left promiscuous mode
[   77.017830][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.022667][ T5858] bridge_slave_0: left allmulticast mode
[   77.026144][ T5858] bridge_slave_0: left promiscuous mode
[   77.028159][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.260402][ T5858] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   77.264944][ T5858] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   77.269324][ T5858] bond0 (unregistering): Released all slaves
[   77.466562][ T5858] hsr_slave_0: left promiscuous mode
[   77.469663][ T5858] hsr_slave_1: left promiscuous mode
[   77.472616][ T5858] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   77.475999][ T5858] batman_adv: batadv0: Removing interface: batadv_slave_0
[   77.480053][ T5858] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   77.483221][ T5858] batman_adv: batadv0: Removing interface: batadv_slave_1
[   77.500372][ T5858] veth1_macvtap: left promiscuous mode
[   77.508707][ T5858] veth0_macvtap: left promiscuous mode
[   77.510616][ T5858] veth1_vlan: left promiscuous mode
[   77.512424][ T5858] veth0_vlan: left promiscuous mode
[   77.788668][ T5858] team0 (unregistering): Port device team_slave_1 removed
[   77.804707][ T5858] team0 (unregistering): Port device team_slave_0 removed
[   78.345260][ T5858] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.397605][ T5858] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.450504][ T5858] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.481699][ T5858] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.587303][ T5858] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.634084][ T5858] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.678038][ T5858] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.734737][ T5858] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.824707][ T5858] bridge_slave_1: left allmulticast mode
[   78.826570][ T5858] bridge_slave_1: left promiscuous mode
[   78.828471][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.834183][ T5858] bridge_slave_0: left allmulticast mode
[   78.838630][ T5858] bridge_slave_0: left promiscuous mode
[   78.840568][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.846457][ T5858] bridge_slave_1: left allmulticast mode
[   78.848694][ T5858] bridge_slave_1: left promiscuous mode
[   78.850685][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.859348][ T5858] bridge_slave_0: left allmulticast mode
[   78.861329][ T5858] bridge_slave_0: left promiscuous mode
[   78.870588][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.085156][ T5858] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   79.089802][ T5858] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   79.094072][ T5858] bond0 (unregistering): (slave macvlan0): Releasing backup interface
[   79.097443][ T5858] veth1_vlan: left allmulticast mode
[   79.100254][ T5858] bond0 (unregistering): Released all slaves
[   79.246287][ T5858] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   79.250034][ T5858] bond0 (unregistering): Released all slaves
[   79.560691][ T5858] hsr_slave_0: left promiscuous mode
[   79.565307][ T5858] hsr_slave_1: left promiscuous mode
[   79.567886][ T5858] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   79.570874][ T5858] batman_adv: batadv0: Removing interface: batadv_slave_0
[   79.575094][ T5858] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   79.577581][ T5858] batman_adv: batadv0: Removing interface: batadv_slave_1
[   79.584926][ T5858] hsr_slave_0: left promiscuous mode
[   79.587614][ T5858] hsr_slave_1: left promiscuous mode
[   79.589778][ T5858] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   79.592260][ T5858] batman_adv: batadv0: Removing interface: batadv_slave_0
[   79.597104][ T5858] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   79.599764][ T5858] batman_adv: batadv0: Removing interface: batadv_slave_1
[   79.618391][ T5858] veth1_macvtap: left promiscuous mode
[   79.620317][ T5858] veth0_macvtap: left promiscuous mode
[   79.622184][ T5858] veth1_vlan: left promiscuous mode
[   79.624830][ T5858] veth0_vlan: left promiscuous mode
[   79.627469][ T5858] veth1_macvtap: left promiscuous mode
[   79.630145][ T5858] veth0_macvtap: left promiscuous mode
[   79.632287][ T5858] veth1_vlan: left promiscuous mode
[   79.636126][ T5858] veth0_vlan: left promiscuous mode
[   79.950232][ T5858] team0 (unregistering): Port device team_slave_1 removed
[   79.979081][ T5858] team0 (unregistering): Port device team_slave_0 removed
[   80.368111][ T5858] team0 (unregistering): Port device team_slave_1 removed
[   80.389040][ T5858] team0 (unregistering): Port device team_slave_0 removed

VM DIAGNOSIS:
09:42:24  Registers:
info registers vcpu 0

CPU#0
RAX=000000000000002d RBX=000000000000002d RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000f7c RDI=0000000000000f7d RBP=00000000000003f8 RSP=ffffc90002e6f550
R8 =ffff888108848237 R9 =1ffff11021109046 R10=dffffc0000000000 R11=ffffffff85471fa0
R12=dffffc0000000000 R13=ffffffff99af58b2 R14=ffffffff99dfa1e0 R15=0000000000000000
RIP=ffffffff8547201c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fb0d3f6d6c0 ffffffff 00c00000
GS =0000 ffff8880b861f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2fe1fffc CR3=0000000110822000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fb0d3387498 00007fb0d3387470 XMM03=00007fb0d33874a8 00007fb0d33874a0
XMM04=00007fb0d3eed100 00007fb0d3387460 XMM05=00007fb0d3387478 00007fb0d33874c0
XMM06=00007fb0d33874b8 00007fb0d33874b0 XMM07=00007fb0d33874a8 00007fb0d33874a0
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007fb0d3212f89
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000000000de RBX=ffff888136623900 RCX=0000000000000838 RDX=0000000000000000
RSI=00000000000000de RDI=0000000000000838 RBP=0000000000000000 RSP=ffffc900001e03e8
R8 =0000000000000000 R9 =ffffffff81aebece R10=0000000000000003 R11=ffffffff81702490
R12=00000000100010c6 R13=dffffc0000000000 R14=00000000000000de R15=0000000000000020
RIP=ffffffff81714f69 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f23a0df06c0 ffffffff 00c00000
GS =0000 ffff8881a3c1f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055555bd5a808 CR3=000000010fc90000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=0000000000000000 0000000000000000 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007fa939212f89
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
