last executing test programs:

24.330009846s ago: executing program 1 (id=274):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000500)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="0200"], 0x10)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@cgroup=r2, 0x2, 0x0, 0x0, &(0x7f0000000280)=[0x0], 0x1, 0x0, &(0x7f00000014c0), 0x0, 0x0}, 0x40)

24.217925043s ago: executing program 1 (id=275):
r0 = socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r2)
socket$inet6(0xa, 0x2, 0x3a)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
socket$unix(0x1, 0x1, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
recvmmsg(r3, &(0x7f0000004180), 0x0, 0x40000000, 0x0)
sendmsg$SMC_PNETID_DEL(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4080)
recvmsg$kcm(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x40000100)

23.980458621s ago: executing program 1 (id=282):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4)
setsockopt$inet6_mreq(r0, 0x29, 0x1d, &(0x7f0000000200)={@empty}, 0x14)
bind$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c)
syz_emit_ethernet(0x6e, &(0x7f00000002c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00318e", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x1, 0x0, 0x0, '\x00', {0x0, 0x6, "000006", 0xda34, 0x3a, 0x0, @mcast1, @empty, [], "3a6cbb0a0d000000"}}}}}}}, 0x0)

17.89009073s ago: executing program 1 (id=282):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4)
setsockopt$inet6_mreq(r0, 0x29, 0x1d, &(0x7f0000000200)={@empty}, 0x14)
bind$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c)
syz_emit_ethernet(0x6e, &(0x7f00000002c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00318e", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x1, 0x0, 0x0, '\x00', {0x0, 0x6, "000006", 0xda34, 0x3a, 0x0, @mcast1, @empty, [], "3a6cbb0a0d000000"}}}}}}}, 0x0)

11.643859431s ago: executing program 1 (id=282):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4)
setsockopt$inet6_mreq(r0, 0x29, 0x1d, &(0x7f0000000200)={@empty}, 0x14)
bind$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c)
syz_emit_ethernet(0x6e, &(0x7f00000002c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00318e", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x1, 0x0, 0x0, '\x00', {0x0, 0x6, "000006", 0xda34, 0x3a, 0x0, @mcast1, @empty, [], "3a6cbb0a0d000000"}}}}}}}, 0x0)

4.92755988s ago: executing program 1 (id=282):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4)
setsockopt$inet6_mreq(r0, 0x29, 0x1d, &(0x7f0000000200)={@empty}, 0x14)
bind$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c)
syz_emit_ethernet(0x6e, &(0x7f00000002c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00318e", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x1, 0x0, 0x0, '\x00', {0x0, 0x6, "000006", 0xda34, 0x3a, 0x0, @mcast1, @empty, [], "3a6cbb0a0d000000"}}}}}}}, 0x0)

498.812485ms ago: executing program 2 (id=614):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000011c0)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000000000000850000007300000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

420.042125ms ago: executing program 2 (id=616):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newtaction={0x5c, 0x31, 0x53b, 0x0, 0x0, {0x9}, [{0x48, 0x1, [@m_sample={0x44, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x15, 0x6, "fc51c6dddb3669f174c19dd93c9df2e162"}, {0xc}, {0xc, 0x4, {0x0, 0x2}}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x44}, 0x0)

309.76905ms ago: executing program 0 (id=617):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000016c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f0000000140)={0x34, r1, 0xf1aad47e89fb43b5, 0x0, 0x0, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0)

309.433211ms ago: executing program 2 (id=618):
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x8c, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0xfff7, 0xfff3}, {}, {0xa}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x54, 0x2, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x6fe2}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0xb380, 0x4, 0x0, 0xd87, 0x6}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xfff7, 0xfff3}, {}, {0xa}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_skbedit={0x48, 0x1, 0x0, 0x0, {{0xc}, {0x1c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0xb380, 0x4, 0x0, 0xd87, 0x6}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x0)

275.724517ms ago: executing program 0 (id=619):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f00000006c0)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20, 0x1fffffff}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

191.208403ms ago: executing program 0 (id=620):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4)
sendmsg$inet6(r0, &(0x7f0000000100)={&(0x7f0000000180)={0xa, 0x4e21, 0x80000, @loopback}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000002900000037000000f6b6"], 0x18}, 0x40c0)

190.928259ms ago: executing program 2 (id=621):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000140)=[{0x24, 0x0, 0x40, 0xfffff00c}, {0x6}]}, 0x10)

138.947939ms ago: executing program 0 (id=622):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='ip6gre0\x00', 0x10)
listen(r0, 0x0)
shutdown(r0, 0x0)

80.8549ms ago: executing program 0 (id=623):
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xb, 0x5, 0xfffffffe, 0x8, 0x5, 0xffffffffffffffff, 0xfffffffe, '\x00', 0x0, 0xffffffffffffffff, 0xffffffff}, 0x50)

80.662612ms ago: executing program 2 (id=624):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$sock_int(r0, 0x1, 0x4a, &(0x7f0000000040)=0xb, 0x4)

127.342µs ago: executing program 2 (id=625):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000007bec5590fe2245bf90b093cc59a642e7f3face2b8b7ddd66d0dcbb4a0a8c1df8541f3d9ae95e3590e1f021c5c26f23074463ce36e19a2f4d882348687fd63747c0efa0cd544f5d480496d78f8d2610c37a0b118b95c5d337b9b051ee09cdc2d92206e9a41307f88264321913bf10ebee1f4d149024148ffefa017da57a8c0ab66aa56d5457a66fb0bd2b31246e29e11cc7df7d8c259ecb5259218e8d5f95116ded65821b52c233f18868fedd82a2e4725e193e5e883135ac8234193ef1964f9"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
socketpair(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a4000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000440)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000005140)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01000000000000000000010000000c00020000000000000000001c0007800c00018008000100", @ANYRES32=r1], 0x3c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@ipv4_delroute={0x2c, 0x19, 0xa428a332fa3ee95f, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x1}, [@RTA_DST={0x8, 0x1, @dev}, @RTA_GATEWAY={0x8, 0x5, @private=0xa010102}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$FS_IOC_GETFSLABEL(r5, 0x400452c9, &(0x7f0000000100))

0s ago: executing program 0 (id=626):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e24, 0x1, @mcast2, 0x5907}], 0x1c)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:39482' (ED25519) to the list of known hosts.
syzkaller login: [   55.852825][ T5815] cgroup: Unknown subsys name 'net'
[   55.985164][ T5815] cgroup: Unknown subsys name 'cpuset'
[   55.992058][ T5815] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   57.602246][ T5815] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   64.575081][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   64.581423][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   64.584881][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   64.588982][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   64.602821][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   64.618778][ T5833] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   64.622886][ T5833] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   64.626423][ T5833] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   64.630922][ T5833] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   64.634505][ T5833] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   64.716462][ T5224] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   64.721516][ T5224] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   64.731246][ T5224] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   64.736024][ T5224] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   64.747487][ T5224] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   64.996253][ T5832] chnl_net:caif_netlink_parms(): no params data found
[   65.076066][ T5836] chnl_net:caif_netlink_parms(): no params data found
[   65.154459][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.158122][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.162197][ T5832] bridge_slave_0: entered allmulticast mode
[   65.166154][ T5832] bridge_slave_0: entered promiscuous mode
[   65.172138][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.175238][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.178167][ T5832] bridge_slave_1: entered allmulticast mode
[   65.182910][ T5832] bridge_slave_1: entered promiscuous mode
[   65.242116][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.248762][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.299041][ T5841] chnl_net:caif_netlink_parms(): no params data found
[   65.308052][ T5832] team0: Port device team_slave_0 added
[   65.329320][ T5832] team0: Port device team_slave_1 added
[   65.354012][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.356979][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.359918][ T5836] bridge_slave_0: entered allmulticast mode
[   65.364914][ T5836] bridge_slave_0: entered promiscuous mode
[   65.381166][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.383882][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.394003][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.410004][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.414363][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.417152][ T5836] bridge_slave_1: entered allmulticast mode
[   65.420196][ T5836] bridge_slave_1: entered promiscuous mode
[   65.424015][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.426503][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.436640][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.507420][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.533461][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.537384][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.540730][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.543593][ T5841] bridge_slave_0: entered allmulticast mode
[   65.547279][ T5841] bridge_slave_0: entered promiscuous mode
[   65.556339][ T5832] hsr_slave_0: entered promiscuous mode
[   65.558840][ T5832] hsr_slave_1: entered promiscuous mode
[   65.582586][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.585268][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.587634][ T5841] bridge_slave_1: entered allmulticast mode
[   65.590527][ T5841] bridge_slave_1: entered promiscuous mode
[   65.605397][ T5836] team0: Port device team_slave_0 added
[   65.645468][ T5836] team0: Port device team_slave_1 added
[   65.651574][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.689710][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.731370][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.733821][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.742356][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.767255][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.770312][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.780836][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.786349][ T5841] team0: Port device team_slave_0 added
[   65.798965][ T5841] team0: Port device team_slave_1 added
[   65.850401][ T5836] hsr_slave_0: entered promiscuous mode
[   65.852964][ T5836] hsr_slave_1: entered promiscuous mode
[   65.855108][ T5836] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   65.857519][ T5836] Cannot create hsr debugfs directory
[   65.864450][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.867192][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.875972][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.889827][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.893027][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.901182][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.974758][ T5841] hsr_slave_0: entered promiscuous mode
[   65.978176][ T5841] hsr_slave_1: entered promiscuous mode
[   65.981330][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   65.984462][ T5841] Cannot create hsr debugfs directory
[   66.071432][ T5832] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   66.081762][ T5832] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   66.112405][ T5832] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   66.119598][ T5832] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   66.298380][ T5836] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   66.306963][ T5836] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   66.318111][ T5836] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   66.327852][ T5836] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   66.396706][ T5841] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   66.404829][ T5841] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   66.415723][ T5841] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   66.428994][ T5841] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   66.488016][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.527096][ T5832] 8021q: adding VLAN 0 to HW filter on device team0
[   66.541392][ T1135] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.544409][ T1135] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.560361][ T1135] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.563728][ T1135] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.629459][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.640368][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.661591][ T5833] Bluetooth: hci0: command tx timeout
[   66.663727][ T5224] Bluetooth: hci1: command tx timeout
[   66.675403][ T5836] 8021q: adding VLAN 0 to HW filter on device team0
[   66.680034][ T5841] 8021q: adding VLAN 0 to HW filter on device team0
[   66.692614][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.695489][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.713916][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.717194][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.733758][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.736016][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.752280][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.755297][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.831969][ T5224] Bluetooth: hci2: command tx timeout
[   66.945828][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.989984][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.034387][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.042905][ T5832] veth0_vlan: entered promiscuous mode
[   67.056723][ T5832] veth1_vlan: entered promiscuous mode
[   67.089570][ T5841] veth0_vlan: entered promiscuous mode
[   67.107541][ T5841] veth1_vlan: entered promiscuous mode
[   67.129441][ T5832] veth0_macvtap: entered promiscuous mode
[   67.143138][ T5832] veth1_macvtap: entered promiscuous mode
[   67.147720][ T5836] veth0_vlan: entered promiscuous mode
[   67.169107][ T5836] veth1_vlan: entered promiscuous mode
[   67.177210][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.179926][ T5841] veth0_macvtap: entered promiscuous mode
[   67.197221][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.199910][ T5841] veth1_macvtap: entered promiscuous mode
[   67.214916][ T5832] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.217925][ T5832] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.222293][ T5832] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.226363][ T5832] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.263022][ T5836] veth0_macvtap: entered promiscuous mode
[   67.269499][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.287875][ T5836] veth1_macvtap: entered promiscuous mode
[   67.298197][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.339453][ T5841] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.352835][ T5841] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.356715][ T5841] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.360371][ T5841] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.407701][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.423465][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.433049][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.436275][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.453044][ T5836] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.457236][ T5836] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.463714][ T5836] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.466856][ T5836] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.512420][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.524319][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.535059][ T2996] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.539473][ T2996] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.603930][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.607210][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.616722][ T5832] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   67.646549][ T2996] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.649793][ T2996] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.689536][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.694430][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.813479][ T5905] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3'.
[   67.818260][ T5905] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3'.
[   68.353799][ T5947] Bluetooth: MGMT ver 1.23
[   68.502511][ T5955] netlink: 'syz.2.24': attribute type 11 has an invalid length.
[   68.614375][ T5962] netlink: 8 bytes leftover after parsing attributes in process `syz.1.25'.
[   68.750464][ T5224] Bluetooth: hci0: command tx timeout
[   68.750535][ T5833] Bluetooth: hci1: command tx timeout
[   68.902243][ T5833] Bluetooth: hci2: command tx timeout
[   68.959378][ T5988] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   69.006245][ T5990] netlink: 'syz.2.39': attribute type 29 has an invalid length.
[   69.009270][ T5990] netlink: 8 bytes leftover after parsing attributes in process `syz.2.39'.
[   69.069108][ T5995] xt_socket: unknown flags 0xfc
[   69.246002][ T6011] netlink: 'syz.0.47': attribute type 25 has an invalid length.
[   69.261582][ T6011] netlink: 'syz.0.47': attribute type 1 has an invalid length.
[   69.266038][ T6011] bridge0: port 1(bridge_slave_0) entered learning state
[   69.356879][ T6017] netlink: 32 bytes leftover after parsing attributes in process `syz.0.48'.
[   69.363795][ T6017] netlink: 48 bytes leftover after parsing attributes in process `syz.0.48'.
[   69.367273][ T6017] netlink: 48 bytes leftover after parsing attributes in process `syz.0.48'.
[   69.697791][ T6037] netlink: 12 bytes leftover after parsing attributes in process `syz.0.55'.
[   69.787939][ T6043] Illegal XDP return value 4294967294 on prog  (id 5) dev N/A, expect packet loss!
[   70.516707][ T6080] netlink: 24 bytes leftover after parsing attributes in process `syz.0.72'.
[   70.814015][ T6088] netlink: 24 bytes leftover after parsing attributes in process `syz.2.77'.
[   70.821659][ T5833] Bluetooth: hci0: command tx timeout
[   70.821716][ T5224] Bluetooth: hci1: command tx timeout
[   70.850216][ T6092] syz.1.78 uses obsolete (PF_INET,SOCK_PACKET)
[   70.990831][ T5224] Bluetooth: hci2: command tx timeout
[   71.167560][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[   71.170771][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[   71.883797][ T6130] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   71.888394][ T6130] batadv_slave_0: entered promiscuous mode
[   72.411290][ T6145] netlink: 'syz.0.101': attribute type 322 has an invalid length.
[   72.577826][ T6153] warning: `syz.0.105' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   72.782855][ T6164] netlink: 'syz.2.110': attribute type 1 has an invalid length.
[   72.786057][ T6164] netlink: 'syz.2.110': attribute type 3 has an invalid length.
[   72.905534][ T5224] Bluetooth: hci1: command tx timeout
[   72.907612][ T5224] Bluetooth: hci0: command tx timeout
[   73.005678][ T6142] netlink: 'syz.1.100': attribute type 4 has an invalid length.
[   73.066891][ T5833] Bluetooth: hci2: command tx timeout
[   73.408032][ T6185] netlink: 'syz.2.119': attribute type 3 has an invalid length.
[   73.749954][ T6201] IPVS: Error connecting to the multicast addr
[   74.046795][ T6213] netem: incorrect ge model size
[   74.062599][ T6213] netem: change failed
[   74.307286][ T6222] netlink: 'syz.2.137': attribute type 10 has an invalid length.
[   74.311531][ T6222] syz_tun: entered promiscuous mode
[   74.322689][ T6222] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[   74.329829][ T6222] syz.2.137 (6222) used greatest stack depth: 19992 bytes left
[   74.861895][ T6255] __nla_validate_parse: 2 callbacks suppressed
[   74.861911][ T6255] netlink: 28 bytes leftover after parsing attributes in process `syz.1.153'.
[   74.876490][ T6255] netlink: 28 bytes leftover after parsing attributes in process `syz.1.153'.
[   74.880378][ T6255] netlink: 28 bytes leftover after parsing attributes in process `syz.1.153'.
[   74.894238][ T6252] IPv6: addrconf: prefix option has invalid lifetime
[   75.274102][ T6277] Zero length message leads to an empty skb
[   75.483909][ T6292] lo speed is unknown, defaulting to 1000
[   75.495804][ T6292] lo speed is unknown, defaulting to 1000
[   75.510355][ T6292] lo speed is unknown, defaulting to 1000
[   75.515848][ T6292] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   75.524525][ T6292] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   75.593187][ T6292] lo speed is unknown, defaulting to 1000
[   75.597953][ T6292] lo speed is unknown, defaulting to 1000
[   75.603762][ T6292] lo speed is unknown, defaulting to 1000
[   75.692868][ T6301] netlink: 120 bytes leftover after parsing attributes in process `syz.1.176'.
[   75.815683][ T6311] sctp: [Deprecated]: syz.1.180 (pid 6311) Use of struct sctp_assoc_value in delayed_ack socket option.
[   75.815683][ T6311] Use struct sctp_sack_info instead
[   77.208828][ T6353] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   77.872218][ T6387] netlink: 28 bytes leftover after parsing attributes in process `syz.1.216'.
[   78.277324][ T6398] vlan2: entered allmulticast mode
[   78.666564][ T6412] netlink: 8 bytes leftover after parsing attributes in process `syz.0.227'.
[   78.670956][ T6412] netlink: 8 bytes leftover after parsing attributes in process `syz.0.227'.
[   78.895583][ T6421] netlink: 48 bytes leftover after parsing attributes in process `syz.0.232'.
[   79.094981][ T6440] netlink: 104 bytes leftover after parsing attributes in process `syz.1.237'.
[   79.327254][ T6463] netlink: 24 bytes leftover after parsing attributes in process `syz.1.248'.
[   79.330814][ T6463] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   79.561774][ T6477] netlink: 'syz.1.256': attribute type 1 has an invalid length.
[   79.764019][ T6485] lo speed is unknown, defaulting to 1000
[   80.485983][ T6524] __nla_validate_parse: 2 callbacks suppressed
[   80.485997][ T6524] netlink: 32 bytes leftover after parsing attributes in process `syz.0.277'.
[   80.629961][ T5863] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.725140][ T5863] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.855104][ T5863] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.029164][ T5224] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   81.033583][ T5224] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   81.037551][ T5224] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   81.043246][ T5224] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   81.046728][ T5224] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   81.088314][ T6551] lo speed is unknown, defaulting to 1000
[   81.274698][ T5863] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.327537][ T6551] chnl_net:caif_netlink_parms(): no params data found
[   81.552658][ T6551] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.555778][ T6551] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.570025][ T6570] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[   81.570354][ T6551] bridge_slave_0: entered allmulticast mode
[   81.583910][ T6551] bridge_slave_0: entered promiscuous mode
[   81.599063][ T6551] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.605972][ T6551] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.608760][ T6551] bridge_slave_1: entered allmulticast mode
[   81.636743][ T6551] bridge_slave_1: entered promiscuous mode
[   81.714117][ T6551] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   81.724301][   T10] IPVS: starting estimator thread 0...
[   81.732753][ T6551] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   81.743436][ T6577] tipc: Started in network mode
[   81.748127][ T6577] tipc: Node identity 561cafacb894, cluster identity 4711
[   81.753493][ T6577] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   81.757906][ T6575] lo speed is unknown, defaulting to 1000
[   81.774738][ T5863] bridge_slave_1: left allmulticast mode
[   81.777339][ T5863] bridge_slave_1: left promiscuous mode
[   81.781559][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.789791][ T5863] bridge_slave_0: left allmulticast mode
[   81.793493][ T5863] bridge_slave_0: left promiscuous mode
[   81.795990][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.820734][ T6579] IPVS: using max 79 ests per chain, 189600 per kthread
[   82.022150][    C1] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.088371][ T5863] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   82.093490][ T5863] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   82.097957][ T5863] bond0 (unregistering): Released all slaves
[   82.109813][ T6577] syzkaller0: entered promiscuous mode
[   82.112076][ T6577] syzkaller0: entered allmulticast mode
[   82.134672][ T6582] tipc: Resetting bearer <eth:syzkaller0>
[   82.167015][ T6551] team0: Port device team_slave_0 added
[   82.169974][ T6574] tipc: Resetting bearer <eth:syzkaller0>
[   82.188295][ T6574] tipc: Disabling bearer <eth:syzkaller0>
[   82.202593][ T6551] team0: Port device team_slave_1 added
[   82.244319][ T6551] batman_adv: batadv0: Adding interface: batadv_slave_0
[   82.246990][ T6551] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   82.259826][ T6551] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   82.265883][ T6551] batman_adv: batadv0: Adding interface: batadv_slave_1
[   82.268604][ T6551] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   82.280098][ T6551] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   82.485532][ T6551] hsr_slave_0: entered promiscuous mode
[   82.487883][ T6551] hsr_slave_1: entered promiscuous mode
[   82.490198][ T6551] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   82.522252][ T6551] Cannot create hsr debugfs directory
[   82.545527][ T5863] hsr_slave_0: left promiscuous mode
[   82.554190][ T5863] hsr_slave_1: left promiscuous mode
[   82.556554][ T5863] batman_adv: batadv0: Removing interface: batadv_slave_0
[   82.560729][ T5863] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   82.564170][ T5863] batman_adv: batadv0: Removing interface: batadv_slave_1
[   82.576144][ T5863] veth1_macvtap: left promiscuous mode
[   82.585871][ T5863] veth0_macvtap: left promiscuous mode
[   82.588212][ T5863] veth1_vlan: left promiscuous mode
[   82.598333][ T5863] veth0_vlan: left promiscuous mode
[   82.911120][ T5863] team0 (unregistering): Port device team_slave_1 removed
[   82.941300][ T5863] team0 (unregistering): Port device team_slave_0 removed
[   83.062610][ T5833] Bluetooth: hci0: command tx timeout
[   83.280830][ T6596] bridge1: entered promiscuous mode
[   83.283548][ T6596] bridge1: entered allmulticast mode
[   83.289921][ T6596] team0: Port device bridge1 added
[   83.359533][  T791] lo speed is unknown, defaulting to 1000
[   83.365062][  T791] infiniband syz2: ib_query_port failed (-19)
[   83.685503][ T6619] netlink: 32 bytes leftover after parsing attributes in process `syz.2.305'.
[   83.689992][ T6619] netlink: 7 bytes leftover after parsing attributes in process `syz.2.305'.
[   84.343956][ T6551] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   84.374736][ T6551] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   84.390191][ T6551] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   84.412774][ T6551] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   84.559860][ T6551] 8021q: adding VLAN 0 to HW filter on device bond0
[   84.578033][ T6551] 8021q: adding VLAN 0 to HW filter on device team0
[   84.594690][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.597122][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.624792][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.627144][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.739019][ T6675] netlink: 'syz.0.316': attribute type 29 has an invalid length.
[   84.745514][ T6675] netlink: 'syz.0.316': attribute type 29 has an invalid length.
[   84.749580][ T6675] netlink: 52 bytes leftover after parsing attributes in process `syz.0.316'.
[   84.897316][ T6551] 8021q: adding VLAN 0 to HW filter on device batadv0
[   84.976673][ T6686] netlink: 8 bytes leftover after parsing attributes in process `syz.0.320'.
[   84.985350][ T6551] veth0_vlan: entered promiscuous mode
[   85.072303][ T6551] veth1_vlan: entered promiscuous mode
[   85.105230][ T6551] veth0_macvtap: entered promiscuous mode
[   85.110145][ T6551] veth1_macvtap: entered promiscuous mode
[   85.127372][ T6551] batman_adv: batadv0: Interface activated: batadv_slave_0
[   85.133897][ T6551] batman_adv: batadv0: Interface activated: batadv_slave_1
[   85.138685][ T6551] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   85.143990][ T5833] Bluetooth: hci0: command tx timeout
[   85.156822][ T6551] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   85.160849][ T6551] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   85.164539][ T6551] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   85.356503][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.364099][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.413828][   T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.417820][   T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.788336][ T6726] netlink: 'syz.2.337': attribute type 1 has an invalid length.
[   86.256604][ T6753] netlink: 100 bytes leftover after parsing attributes in process `syz.0.350'.
[   86.260517][ T6753] netlink: 100 bytes leftover after parsing attributes in process `syz.0.350'.
[   86.502936][  T792] cfg80211: failed to load regulatory.db
[   86.748291][ T5863] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.789210][ T6777] netlink: 4 bytes leftover after parsing attributes in process `syz.0.361'.
[   86.885741][ T6775] netlink: 'syz.0.361': attribute type 21 has an invalid length.
[   86.889425][ T6775] netlink: 132 bytes leftover after parsing attributes in process `syz.0.361'.
[   86.897492][ T6775] netlink: 'syz.0.361': attribute type 13 has an invalid length.
[   86.904592][ T6775] netlink: 'syz.0.361': attribute type 17 has an invalid length.
[   87.174419][ T5224] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   87.178453][ T5224] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   87.183119][ T5224] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   87.187997][ T5224] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   87.191150][ T5224] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   87.383336][ T6803] netlink: 12 bytes leftover after parsing attributes in process `syz.2.371'.
[   87.418140][ T6803] xt_CT: You must specify a L4 protocol and not use inversions on it
[   87.526692][ T6792] chnl_net:caif_netlink_parms(): no params data found
[   87.546705][ T6812] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   87.559451][ T6814] netlink: 1041 bytes leftover after parsing attributes in process `syz.0.375'.
[   87.645458][ T6822] netlink: 8 bytes leftover after parsing attributes in process `syz.0.376'.
[   87.652506][ T6822] netlink: 8 bytes leftover after parsing attributes in process `syz.0.376'.
[   87.661966][ T6792] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.665317][ T6792] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.669196][ T6792] bridge_slave_0: entered allmulticast mode
[   87.674353][ T6792] bridge_slave_0: entered promiscuous mode
[   87.719021][ T6792] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.727830][ T6792] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.732550][ T6792] bridge_slave_1: entered allmulticast mode
[   87.737558][ T6792] bridge_slave_1: entered promiscuous mode
[   87.796962][ T6792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.838994][ T6792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.905656][ T6792] team0: Port device team_slave_0 added
[   87.944852][ T6832] netlink: 8 bytes leftover after parsing attributes in process `syz.2.381'.
[   87.951906][ T5863] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.963116][ T6792] team0: Port device team_slave_1 added
[   87.991867][ T6832] bridge0: entered promiscuous mode
[   87.997117][ T6832] bridge0: left promiscuous mode
[   88.045639][ T6792] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.049040][ T6792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.061570][ T6792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.071879][ T6792] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.075131][ T6792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.087178][ T6792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.161907][ T6839] netlink: 8 bytes leftover after parsing attributes in process `syz.0.385'.
[   88.187786][ T6792] hsr_slave_0: entered promiscuous mode
[   88.198144][ T6792] hsr_slave_1: entered promiscuous mode
[   88.275151][ T5863] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.348892][ T5863] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.561412][ T5863] bridge_slave_1: left allmulticast mode
[   88.566326][ T5863] bridge_slave_1: left promiscuous mode
[   88.569776][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.577649][ T5863] bridge_slave_0: left allmulticast mode
[   88.580163][ T5863] bridge_slave_0: left promiscuous mode
[   88.585518][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.880042][ T5863] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   88.886308][ T5863] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   88.892629][ T5863] bond0 (unregistering): Released all slaves
[   89.231269][ T5224] Bluetooth: hci0: command tx timeout
[   89.358124][ T5863] hsr_slave_0: left promiscuous mode
[   89.376086][ T5863] hsr_slave_1: left promiscuous mode
[   89.382276][ T5863] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   89.394579][ T5863] batman_adv: batadv0: Removing interface: batadv_slave_0
[   89.398568][ T5863] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   89.407533][ T5863] batman_adv: batadv0: Removing interface: batadv_slave_1
[   89.441505][ T5863] veth1_macvtap: left promiscuous mode
[   89.446992][ T5863] veth0_macvtap: left promiscuous mode
[   89.457435][ T5863] veth1_vlan: left promiscuous mode
[   89.462771][ T5863] veth0_vlan: left promiscuous mode
[   89.860381][ T5863] team0 (unregistering): Port device team_slave_1 removed
[   89.893543][ T5863] team0 (unregistering): Port device team_slave_0 removed
[   90.373276][ T6792] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   90.402724][ T6792] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   90.429662][ T6792] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   90.461664][ T6792] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   90.910046][ T6792] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.957402][ T6792] 8021q: adding VLAN 0 to HW filter on device team0
[   90.979722][   T32] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.982809][   T32] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.994821][   T32] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.997198][   T32] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.215281][ T6792] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.273828][ T6792] veth0_vlan: entered promiscuous mode
[   91.286039][ T6792] veth1_vlan: entered promiscuous mode
[   91.310979][ T5224] Bluetooth: hci0: command tx timeout
[   91.343239][ T6792] veth0_macvtap: entered promiscuous mode
[   91.348640][ T6792] veth1_macvtap: entered promiscuous mode
[   91.351418][ T6933] netlink: 'syz.2.410': attribute type 7 has an invalid length.
[   91.353757][ T6933] netlink: 'syz.2.410': attribute type 8 has an invalid length.
[   91.356101][ T6933] netlink: 'syz.2.410': attribute type 4 has an invalid length.
[   91.367713][ T6792] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.372155][ T6933] __nla_validate_parse: 3 callbacks suppressed
[   91.372219][ T6933] netlink: 204 bytes leftover after parsing attributes in process `syz.2.410'.
[   91.373842][ T6792] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.404581][ T6792] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.407763][ T6792] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.412263][ T6792] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.416941][ T6792] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.515369][   T32] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.522252][   T32] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.549032][ T2996] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.553230][ T2996] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.752431][ T6957] netlink: 4 bytes leftover after parsing attributes in process `syz.0.418'.
[   91.814494][ T6959] netlink: 'syz.0.419': attribute type 1 has an invalid length.
[   91.848065][ T6959] bond1: (slave bridge3): making interface the new active one
[   91.852002][ T6959] bond1: (slave bridge3): Enslaving as an active interface with an up link
[   92.197251][ T6977] unsupported nla_type 52263
[   92.446293][ T6991] netlink: 112 bytes leftover after parsing attributes in process `syz.0.434'.
[   92.449627][ T6991] netlink: 8 bytes leftover after parsing attributes in process `syz.0.434'.
[   92.616350][ T7003] netlink: 8 bytes leftover after parsing attributes in process `syz.2.441'.
[   92.692485][ T7009] netlink: 676 bytes leftover after parsing attributes in process `syz.0.442'.
[   92.706086][ T7009] netlink: 676 bytes leftover after parsing attributes in process `syz.0.442'.
[   93.028903][ T5863] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   93.579734][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   93.584140][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   93.588779][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   93.596643][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   93.602059][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   93.833523][ T7053] chnl_net:caif_netlink_parms(): no params data found
[   93.847394][ T7070] netlink: 8 bytes leftover after parsing attributes in process `syz.2.467'.
[   94.014431][ T7077] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode
[   94.022765][ T7077] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[   94.144479][ T7053] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.147529][ T7053] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.162363][ T7053] bridge_slave_0: entered allmulticast mode
[   94.166899][ T7053] bridge_slave_0: entered promiscuous mode
[   94.179539][ T7053] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.183942][ T7053] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.187367][ T7053] bridge_slave_1: entered allmulticast mode
[   94.193007][ T7053] bridge_slave_1: entered promiscuous mode
[   94.249078][ T5863] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.372543][ T7053] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.392377][ T7053] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.465069][ T7053] team0: Port device team_slave_0 added
[   94.472276][ T7053] team0: Port device team_slave_1 added
[   94.589597][ T7053] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.605780][ T7053] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.633162][ T7053] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.650363][ T7053] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.653644][ T7053] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.667599][ T7053] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.879577][ T5863] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.053739][ T7053] hsr_slave_0: entered promiscuous mode
[   95.059057][ T7053] hsr_slave_1: entered promiscuous mode
[   95.063324][ T7053] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   95.070453][ T7053] Cannot create hsr debugfs directory
[   95.108578][ T5863] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.424512][ T5863] bridge_slave_1: left allmulticast mode
[   95.427374][ T5863] bridge_slave_1: left promiscuous mode
[   95.435727][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.440133][ T5863] bridge_slave_0: left allmulticast mode
[   95.445740][ T5863] bridge_slave_0: left promiscuous mode
[   95.447898][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.624718][ T5224] Bluetooth: hci0: command tx timeout
[   95.709246][ T5863] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   95.715975][ T5863] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   95.723225][ T5863] bond0 (unregistering): Released all slaves
[   96.256232][ T5863] hsr_slave_0: left promiscuous mode
[   96.258946][ T5863] hsr_slave_1: left promiscuous mode
[   96.263300][ T5863] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   96.266214][ T5863] batman_adv: batadv0: Removing interface: batadv_slave_0
[   96.286624][ T5863] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   96.289222][ T5863] batman_adv: batadv0: Removing interface: batadv_slave_1
[   96.309715][ T5863] veth1_macvtap: left promiscuous mode
[   96.313076][ T5863] veth0_macvtap: left promiscuous mode
[   96.315020][ T5863] veth1_vlan: left promiscuous mode
[   96.316928][ T5863] veth0_vlan: left promiscuous mode
[   96.705717][ T5863] team0 (unregistering): Port device team_slave_1 removed
[   96.735490][ T5863] team0 (unregistering): Port device team_slave_0 removed
[   97.430146][ T7053] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   97.453919][ T7053] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   97.472899][ T7053] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   97.492494][ T7053] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   97.639302][ T7226] netlink: 'syz.0.501': attribute type 6 has an invalid length.
[   97.702621][ T5224] Bluetooth: hci0: command tx timeout
[   97.769421][ T7053] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.786582][ T7053] 8021q: adding VLAN 0 to HW filter on device team0
[   97.805197][ T1186] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.808344][ T1186] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.829159][ T1186] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.832365][ T1186] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.067457][ T7053] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.127669][ T7053] veth0_vlan: entered promiscuous mode
[   98.142675][ T7053] veth1_vlan: entered promiscuous mode
[   98.175047][ T7053] veth0_macvtap: entered promiscuous mode
[   98.185904][ T7053] veth1_macvtap: entered promiscuous mode
[   98.195366][ T7242] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048)
[   98.204094][ T7053] batman_adv: batadv0: Interface activated: batadv_slave_0
[   98.216766][ T7053] batman_adv: batadv0: Interface activated: batadv_slave_1
[   98.230012][ T7053] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.234279][ T7053] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.238113][ T7053] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.244413][ T7053] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.322674][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.336086][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.367888][ T1135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.376428][ T1135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.053338][ T7286] netlink: 12 bytes leftover after parsing attributes in process `syz.0.529'.
[   99.064312][ T7288] vlan0: entered promiscuous mode
[   99.127012][ T7292] netlink: 'syz.0.531': attribute type 1 has an invalid length.
[   99.195964][ T7296] netlink: 32 bytes leftover after parsing attributes in process `syz.0.534'.
[   99.256595][ T7302] openvswitch: netlink: Either Ethernet header or EtherType is required.
[   99.298031][ T7304] netlink: 104 bytes leftover after parsing attributes in process `syz.2.538'.
[   99.698369][ T6835] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.292736][ T7334] netlink: 4 bytes leftover after parsing attributes in process `syz.2.552'.
[  100.544937][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  100.548583][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  100.554957][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  100.563258][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  100.566903][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  100.576232][ T7345] syz.0.556 (7345) used greatest stack depth: 18264 bytes left
[  101.010143][ T6835] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.059321][ T7356] netlink: 104 bytes leftover after parsing attributes in process `syz.0.561'.
[  101.067176][ T7356] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  101.128382][ T7362] bridge0: port 3(syz_tun) entered blocking state
[  101.138328][ T7362] bridge0: port 3(syz_tun) entered disabled state
[  101.142303][ T7362] syz_tun: entered allmulticast mode
[  101.145392][ T7362] syz_tun: entered promiscuous mode
[  101.148115][ T7362] bridge0: port 3(syz_tun) entered blocking state
[  101.150937][ T7362] bridge0: port 3(syz_tun) entered forwarding state
[  101.174768][ T7344] chnl_net:caif_netlink_parms(): no params data found
[  101.364942][ T6835] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.386099][ T7344] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.389430][ T7344] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.400112][ T7344] bridge_slave_0: entered allmulticast mode
[  101.405171][ T7344] bridge_slave_0: entered promiscuous mode
[  101.423762][ T7344] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.426847][ T7344] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.429816][ T7344] bridge_slave_1: entered allmulticast mode
[  101.442717][ T7344] bridge_slave_1: entered promiscuous mode
[  101.494647][ T6835] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.534397][ T7344] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.547550][ T7344] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.628094][ T7344] team0: Port device team_slave_0 added
[  101.640165][ T7344] team0: Port device team_slave_1 added
[  101.736614][ T7344] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.739212][ T7344] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.757727][ T7344] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.767256][ T7344] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.770229][ T7344] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.782697][ T7344] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.865931][ T6835] bridge_slave_1: left allmulticast mode
[  101.870141][ T6835] bridge_slave_1: left promiscuous mode
[  101.875287][ T6835] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.902125][ T6835] bridge_slave_0: left allmulticast mode
[  101.904287][ T6835] bridge_slave_0: left promiscuous mode
[  101.906665][ T6835] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.191907][ T6835] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  102.198119][ T6835] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  102.204042][ T6835] bond0 (unregistering): Released all slaves
[  102.233287][ T7344] hsr_slave_0: entered promiscuous mode
[  102.236867][ T7344] hsr_slave_1: entered promiscuous mode
[  102.630570][ T6835] hsr_slave_0: left promiscuous mode
[  102.634098][ T6835] hsr_slave_1: left promiscuous mode
[  102.636813][ T6835] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  102.640409][ T6835] batman_adv: batadv0: Removing interface: batadv_slave_0
[  102.647826][ T6835] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  102.651361][ T6835] batman_adv: batadv0: Removing interface: batadv_slave_1
[  102.661095][ T5833] Bluetooth: hci0: command tx timeout
[  102.670554][ T6835] veth1_macvtap: left promiscuous mode
[  102.684351][ T6835] veth0_macvtap: left promiscuous mode
[  102.692927][ T6835] veth1_vlan: left promiscuous mode
[  102.698907][ T6835] veth0_vlan: left promiscuous mode
[  103.055887][ T6835] team0 (unregistering): Port device team_slave_1 removed
[  103.079146][ T6835] team0 (unregistering): Port device team_slave_0 removed
[  103.865864][ T7344] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  103.879506][ T7344] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  103.903889][ T7344] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  103.923836][ T7344] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  104.066068][ T7344] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.105935][ T7344] 8021q: adding VLAN 0 to HW filter on device team0
[  104.125355][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.128322][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.156692][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.159843][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  104.457210][ T7344] 8021q: adding VLAN 0 to HW filter on device batadv0
[  104.510414][ T7344] veth0_vlan: entered promiscuous mode
[  104.525388][ T7344] veth1_vlan: entered promiscuous mode
[  104.564800][ T7344] veth0_macvtap: entered promiscuous mode
[  104.575345][ T7344] veth1_macvtap: entered promiscuous mode
[  104.590347][ T7344] batman_adv: batadv0: Interface activated: batadv_slave_0
[  104.607976][ T7344] batman_adv: batadv0: Interface activated: batadv_slave_1
[  104.626030][ T7344] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  104.630544][ T7344] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  104.635310][ T7344] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  104.638893][ T7344] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  104.662718][ T7525] 
[  104.663918][ T7525] ======================================================
[  104.666771][ T7525] WARNING: possible circular locking dependency detected
[  104.669451][ T7525] 6.16.0-rc5-syzkaller-00159-g47c84997c686-dirty #0 Not tainted
[  104.673134][ T7525] ------------------------------------------------------
[  104.675806][ T7525] syz.2.625/7525 is trying to acquire lock:
[  104.678298][ T7525] ffff88801feff988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  104.682769][ T7525] 
[  104.682769][ T7525] but task is already holding lock:
[  104.685754][ T7525] ffff88801feffa30 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_connect+0x94f/0x1930
[  104.689257][ T7525] 
[  104.689257][ T7525] which lock already depends on the new lock.
[  104.689257][ T7525] 
[  104.693249][ T7525] 
[  104.693249][ T7525] the existing dependency chain (in reverse order) is:
[  104.697408][ T7525] 
[  104.697408][ T7525] -> #2 (&nbd->config_lock){+.+.}-{4:4}:
[  104.700497][ T7525]        lock_acquire+0x120/0x360
[  104.702448][ T7525]        __mutex_lock+0x182/0xe80
[  104.704332][ T7525]        refcount_dec_and_mutex_lock+0x30/0xa0
[  104.706623][ T7525]        nbd_config_put+0x2c/0x790
[  104.708646][ T7525]        nbd_release+0xfe/0x140
[  104.710885][ T7525]        bdev_release+0x536/0x650
[  104.713443][ T7525]        blkdev_release+0x15/0x20
[  104.715475][ T7525]        __fput+0x44c/0xa70
[  104.717196][ T7525]        fput_close_sync+0x119/0x200
[  104.719186][ T7525]        __x64_sys_close+0x7f/0x110
[  104.721234][ T7525]        do_syscall_64+0xfa/0x3b0
[  104.723173][ T7525]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.725879][ T7525] 
[  104.725879][ T7525] -> #1 (&disk->open_mutex){+.+.}-{4:4}:
[  104.729326][ T7525]        lock_acquire+0x120/0x360
[  104.731289][ T7525]        __mutex_lock+0x182/0xe80
[  104.733173][ T7525]        __del_gendisk+0x129/0x9e0
[  104.735038][ T7525]        del_gendisk+0xe8/0x160
[  104.736876][ T7525]        nbd_dev_remove_work+0x47/0xe0
[  104.739124][ T7525]        process_scheduled_works+0xae1/0x17b0
[  104.742338][ T7525]        worker_thread+0x8a0/0xda0
[  104.744467][ T7525]        kthread+0x711/0x8a0
[  104.746217][ T7525]        ret_from_fork+0x3fc/0x770
[  104.748217][ T7525]        ret_from_fork_asm+0x1a/0x30
[  104.750169][ T7525] 
[  104.750169][ T7525] -> #0 (&set->update_nr_hwq_lock){++++}-{4:4}:
[  104.753392][ T7525]        validate_chain+0xb9b/0x2140
[  104.755473][ T7525]        __lock_acquire+0xab9/0xd20
[  104.757519][ T7525]        lock_acquire+0x120/0x360
[  104.759625][ T7525]        down_write+0x96/0x1f0
[  104.761537][ T7525]        blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  104.763782][ T7525]        nbd_start_device+0x16c/0xac0
[  104.765874][ T7525]        nbd_genl_connect+0x1250/0x1930
[  104.768029][ T7525]        genl_family_rcv_msg_doit+0x215/0x300
[  104.770444][ T7525]        genl_rcv_msg+0x60e/0x790
[  104.772694][ T7525]        netlink_rcv_skb+0x208/0x470
[  104.774842][ T7525]        genl_rcv+0x28/0x40
[  104.776551][ T7525]        netlink_unicast+0x75c/0x8e0
[  104.778485][ T7525]        netlink_sendmsg+0x805/0xb30
[  104.780530][ T7525]        __sock_sendmsg+0x21c/0x270
[  104.782623][ T7525]        ____sys_sendmsg+0x505/0x830
[  104.784720][ T7525]        ___sys_sendmsg+0x21f/0x2a0
[  104.786776][ T7525]        __x64_sys_sendmsg+0x19b/0x260
[  104.788874][ T7525]        do_syscall_64+0xfa/0x3b0
[  104.790829][ T7525]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.793251][ T7525] 
[  104.793251][ T7525] other info that might help us debug this:
[  104.793251][ T7525] 
[  104.797525][ T7525] Chain exists of:
[  104.797525][ T7525]   &set->update_nr_hwq_lock --> &disk->open_mutex --> &nbd->config_lock
[  104.797525][ T7525] 
[  104.802787][ T7525]  Possible unsafe locking scenario:
[  104.802787][ T7525] 
[  104.805566][ T7525]        CPU0                    CPU1
[  104.807557][ T7525]        ----                    ----
[  104.809629][ T7525]   lock(&nbd->config_lock);
[  104.811651][ T7525]                                lock(&disk->open_mutex);
[  104.814500][ T7525]                                lock(&nbd->config_lock);
[  104.817163][ T7525]   lock(&set->update_nr_hwq_lock);
[  104.819085][ T7525] 
[  104.819085][ T7525]  *** DEADLOCK ***
[  104.819085][ T7525] 
[  104.822045][ T7525] 3 locks held by syz.2.625/7525:
[  104.823953][ T7525]  #0: ffffffff8f583b70 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  104.827631][ T7525]  #1: ffffffff8f583988 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  104.831055][ T7525]  #2: ffff88801feffa30 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_connect+0x94f/0x1930
[  104.834534][ T7525] 
[  104.834534][ T7525] stack backtrace:
[  104.836673][ T7525] CPU: 0 UID: 0 PID: 7525 Comm: syz.2.625 Not tainted 6.16.0-rc5-syzkaller-00159-g47c84997c686-dirty #0 PREEMPT(full) 
[  104.836687][ T7525] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  104.836694][ T7525] Call Trace:
[  104.836700][ T7525]  <TASK>
[  104.836705][ T7525]  dump_stack_lvl+0x189/0x250
[  104.836721][ T7525]  ? __pfx_dump_stack_lvl+0x10/0x10
[  104.836734][ T7525]  ? __pfx__printk+0x10/0x10
[  104.836747][ T7525]  ? print_lock_name+0xde/0x100
[  104.836762][ T7525]  print_circular_bug+0x2ee/0x310
[  104.836776][ T7525]  check_noncircular+0x134/0x160
[  104.836792][ T7525]  validate_chain+0xb9b/0x2140
[  104.836810][ T7525]  __lock_acquire+0xab9/0xd20
[  104.836821][ T7525]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  104.836832][ T7525]  lock_acquire+0x120/0x360
[  104.836840][ T7525]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  104.836851][ T7525]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  104.836861][ T7525]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  104.836875][ T7525]  down_write+0x96/0x1f0
[  104.836890][ T7525]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  104.836899][ T7525]  ? __pfx_down_write+0x10/0x10
[  104.836911][ T7525]  blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  104.836923][ T7525]  ? nbd_add_socket+0x688/0x9a0
[  104.836932][ T7525]  ? nbd_add_socket+0x688/0x9a0
[  104.836943][ T7525]  nbd_start_device+0x16c/0xac0
[  104.836953][ T7525]  ? __nla_parse+0x40/0x60
[  104.836963][ T7525]  nbd_genl_connect+0x1250/0x1930
[  104.836974][ T7525]  ? __pfx_nbd_genl_connect+0x10/0x10
[  104.836983][ T7525]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  104.837001][ T7525]  ? __nla_parse+0x40/0x60
[  104.837010][ T7525]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  104.837025][ T7525]  genl_family_rcv_msg_doit+0x215/0x300
[  104.837041][ T7525]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  104.837059][ T7525]  ? __lock_acquire+0xab9/0xd20
[  104.837070][ T7525]  genl_rcv_msg+0x60e/0x790
[  104.837086][ T7525]  ? __pfx_genl_rcv_msg+0x10/0x10
[  104.837100][ T7525]  ? __pfx_nbd_genl_connect+0x10/0x10
[  104.837111][ T7525]  netlink_rcv_skb+0x208/0x470
[  104.837122][ T7525]  ? __pfx_genl_rcv_msg+0x10/0x10
[  104.837136][ T7525]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  104.837174][ T7525]  ? down_read+0x1ad/0x2e0
[  104.837186][ T7525]  genl_rcv+0x28/0x40
[  104.837200][ T7525]  netlink_unicast+0x75c/0x8e0
[  104.837213][ T7525]  netlink_sendmsg+0x805/0xb30
[  104.837226][ T7525]  ? __pfx_netlink_sendmsg+0x10/0x10
[  104.837239][ T7525]  ? aa_sock_msg_perm+0x94/0x160
[  104.837254][ T7525]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  104.837270][ T7525]  ? __pfx_netlink_sendmsg+0x10/0x10
[  104.837282][ T7525]  __sock_sendmsg+0x21c/0x270
[  104.837292][ T7525]  ____sys_sendmsg+0x505/0x830
[  104.837308][ T7525]  ? __pfx_____sys_sendmsg+0x10/0x10
[  104.837321][ T7525]  ? import_iovec+0x74/0xa0
[  104.837332][ T7525]  ___sys_sendmsg+0x21f/0x2a0
[  104.837344][ T7525]  ? __pfx____sys_sendmsg+0x10/0x10
[  104.837362][ T7525]  ? __fget_files+0x2a/0x420
[  104.837375][ T7525]  ? __fget_files+0x3a0/0x420
[  104.837388][ T7525]  __x64_sys_sendmsg+0x19b/0x260
[  104.837400][ T7525]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  104.837414][ T7525]  ? rcu_is_watching+0x15/0xb0
[  104.837425][ T7525]  ? do_syscall_64+0xbe/0x3b0
[  104.837436][ T7525]  do_syscall_64+0xfa/0x3b0
[  104.837444][ T7525]  ? lockdep_hardirqs_on+0x9c/0x150
[  104.837457][ T7525]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.837467][ T7525]  ? exc_page_fault+0x9f/0xf0
[  104.837480][ T7525]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.837489][ T7525] RIP: 0033:0x7f7e43f8e929
[  104.837499][ T7525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.837507][ T7525] RSP: 002b:00007f7e44e11038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  104.837517][ T7525] RAX: ffffffffffffffda RBX: 00007f7e441b5fa0 RCX: 00007f7e43f8e929
[  104.837524][ T7525] RDX: 0000000000000000 RSI: 0000200000001ac0 RDI: 0000000000000007
[  104.837530][ T7525] RBP: 00007f7e44010b39 R08: 0000000000000000 R09: 0000000000000000
[  104.837536][ T7525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  104.837541][ T7525] R13: 0000000000000000 R14: 00007f7e441b5fa0 R15: 00007ffc10e0cce8
[  104.837551][ T7525]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  105.006710][ T5833] Bluetooth: hci0: command tx timeout
[  105.064085][ T7344] ieee80211 phy18: Selected rate control algorithm 'minstrel_ht'
[  105.083810][ T7344] ieee80211 phy19: Selected rate control algorithm 'minstrel_ht'
[  105.086998][ T1186] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.090574][ T1186] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.115302][ T1186] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.118635][ T1186] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.275680][ T5836] bond0: (slave syz_tun): Releasing backup interface
[  105.376471][ T5841] bridge0: port 3(syz_tun) entered disabled state
[  105.384719][ T5841] syz_tun (unregistering): left allmulticast mode
[  105.387857][ T5841] syz_tun (unregistering): left promiscuous mode
[  105.390488][ T5841] bridge0: port 3(syz_tun) entered disabled state
[  105.632335][ T5862] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.684974][ T5862] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.765849][ T5862] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.859703][ T5862] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.967077][ T5862] bridge_slave_1: left allmulticast mode
[  105.969688][ T5862] bridge_slave_1: left promiscuous mode
[  105.972753][ T5862] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.977089][ T5862] bridge_slave_0: left promiscuous mode
[  105.979030][ T5862] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.066964][ T5862] team0: Port device bridge1 removed
[  106.213386][ T5862] bond1 (unregistering): (slave bridge3): Releasing active interface
[  106.255277][ T5862] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  106.260271][ T5862] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  106.265762][ T5862] bond0 (unregistering): Released all slaves
[  106.272069][ T5862] bond1 (unregistering): Released all slaves
[  106.579535][ T5862] hsr_slave_0: left promiscuous mode
[  106.582812][ T5862] hsr_slave_1: left promiscuous mode
[  106.585537][ T5862] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  106.589186][ T5862] batman_adv: batadv0: Removing interface: batadv_slave_0
[  106.593074][ T5862] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  106.596260][ T5862] batman_adv: batadv0: Removing interface: batadv_slave_1
[  106.601968][ T5862] veth1_macvtap: left promiscuous mode
[  106.604386][ T5862] veth0_macvtap: left promiscuous mode
[  106.607097][ T5862] veth1_vlan: left promiscuous mode
[  106.609609][ T5862] veth0_vlan: left promiscuous mode
[  106.722153][ T5862] team0 (unregistering): Port device team_slave_1 removed
[  106.736153][ T5862] team0 (unregistering): Port device team_slave_0 removed
[  107.045625][ T5862] IPVS: stop unused estimator thread 0...
[  107.163699][ T5862] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.944358][ T5862] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.984339][ T5862] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.024974][ T5862] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.077341][ T5862] bridge_slave_1: left allmulticast mode
[  108.079696][ T5862] bridge_slave_1: left promiscuous mode
[  108.082331][ T5862] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.086515][ T5862] bridge_slave_0: left allmulticast mode
[  108.088957][ T5862] bridge_slave_0: left promiscuous mode
[  108.091553][ T5862] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.155849][ T5862] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  108.159843][ T5862] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  108.163802][ T5862] bond0 (unregistering): Released all slaves
[  108.376093][ T5862] hsr_slave_0: left promiscuous mode
[  108.378720][ T5862] hsr_slave_1: left promiscuous mode
[  108.381367][ T5862] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  108.383926][ T5862] batman_adv: batadv0: Removing interface: batadv_slave_0
[  108.387515][ T5862] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  108.390860][ T5862] batman_adv: batadv0: Removing interface: batadv_slave_1
[  108.395875][ T5862] veth1_macvtap: left promiscuous mode
[  108.397759][ T5862] veth0_macvtap: left promiscuous mode
[  108.399733][ T5862] veth1_vlan: left promiscuous mode
[  108.402417][ T5862] veth0_vlan: left promiscuous mode
[  108.486584][ T5862] team0 (unregistering): Port device team_slave_1 removed
[  108.498409][ T5862] team0 (unregistering): Port device team_slave_0 removed

VM DIAGNOSIS:
13:03:26  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000063 RBX=0000000000000063 RCX=0000000000000000 RDX=00000000000003f8
RSI=00000000000014aa RDI=00000000000014ab RBP=00000000000003f8 RSP=ffffc90004d16710
R8 =ffff88801fd08237 R9 =1ffff11003fa1046 R10=dffffc0000000000 R11=ffffffff85478780
R12=dffffc0000000000 R13=ffffffff99af98b6 R14=ffffffff99dfe6e0 R15=0000000000000000
RIP=ffffffff854787fc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f7e44e116c0 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fd1c057f2d8 CR3=000000001f488000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=0000000000000000 0000000000000000 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f7e44011c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffff81b4c210 RBX=ffff88813663b1c0 RCX=ffff8880228ed640 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=ffffc9000353f6c0 RSP=ffffc9000353f560
R8 =ffffffff8fa1f3f7 R9 =1ffffffff1f43e7e R10=dffffc0000000000 R11=fffffbfff1f43e7f
R12=1ffff11009608385 R13=dffffc0000000000 R14=0000000000000000 R15=ffff88804b041c28
RIP=ffffffff81b4c1f9 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555566bbc500 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fd1c10e56c0 CR3=00000000228fc000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=0000000000000000 0000000000000000 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007fd1c0411c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
