last executing test programs:

852.191544ms ago: executing program 0 (id=164):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r0, 0x0, 0xc, &(0x7f0000000040)=0xfffffffc, 0x4)
setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f0000000180)=0x8, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

607.280697ms ago: executing program 0 (id=168):
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e21, 0x200, @private2={0xfc, 0x2, '\x00', 0x1}, 0x4}, 0x1c)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b18, &(0x7f0000000000)={'wlan0\x00'})
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000086)

606.49293ms ago: executing program 2 (id=170):
r0 = socket(0x10, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000e5f757be5c89982b8c651e417ca32801b308c0cab7ee308b6a7bcf5218f4df1329fa571648bc1aeefba9438ee84016a07ce2c0374e50d6a69a8751804b9ff5bb8427517048e54bb42a17ce7703d390dff6c021635e9079687cb9e80ae56a0dc5866b88c3b8b1142051835e114c281f94bc483ead3fe4fde3053142adea646430b097928f13cd182a37886ee0402193fe40467c6eec786b5873cc7104fe6e4e414102c1f194cca82b19b6596279fa3c81c6bfb45099727a929d9543def65bf082ea3856146191435b010a6aa2f0b9a02056dc5b1e1e27fc9831ce054c11046177eae6b105d4317998d74569a87c225e0057abfa5204a76d4072282fb5d8ec1d3e89c32d525f8e00485b5da876f7a94bb2988433a532b05a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a320000000008004100"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x400c844)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000580)='kfree\x00', r2}, 0x18)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000300), r0)
sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000500)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000004c0)={&(0x7f0000000340)={0x164, r4, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x6}]}, @TIPC_NLA_NODE={0x138, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x43, 0x4, {'gcm(aes)\x00', 0x1b, "ee50dc544168a73e548917d81108f81a7c567e1ee481a643d60e29"}}, @TIPC_NLA_NODE_ID={0xc1, 0x3, "aba14c34ccfa707a0e18e0870bb0eca7cd9d8e7666e9887a69cc23dbb5390ebcd7b123165fc0386905770bd9ec5c1325158d9fc01146011b6c6bd04052a04ff42c5f3ef75c1f44858cca7b756a8a3d5f23a6e5e67c09c3856c5c76acfc944a735691ebdec46eb64b97eaac4a0e031e8035efafc9d6d73b1a488d46cd7213f3ab84056b05a55fca66d6a1bbf9acbebff53aa99590bac40c09e8a363bea88edfedbdaba2ba28bf822295348d67824039bf805046b66144a3e19277096619"}, @TIPC_NLA_NODE_ID={0x22, 0x3, "4a51e41d81f435861bb1a32fc3afc2dbc8614d6eae79d491014fbace6d65"}, @TIPC_NLA_NODE_ID={0x6, 0x3, "e7fb"}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}]}]}, 0x164}, 0x1, 0x0, 0x0, 0x40}, 0x48040)
unshare(0x64000600)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)=@updsa={0x104, 0x1a, 0xa21, 0x0, 0x0, {{@in=@remote, @in=@dev={0xac, 0x14, 0x14, 0x27}, 0x0, 0x0, 0x4e22, 0x0, 0x0, 0x0, 0x0, 0x6c}, {@in, 0x0, 0x3c}, @in6=@empty, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x0, 0x0, 0x0, 0x8d8d}, {}, 0x0, 0xffffffff, 0x2, 0x0, 0x0, 0x39}, [@coaddr={0x14, 0xe, @in6=@dev={0xfe, 0x80, '\x00', 0x17}}]}, 0x104}}, 0x810)
r6 = socket$inet6(0x10, 0x2, 0x0)
write(r6, &(0x7f0000000000)="fc0000001c000705ab092509b86813000aab080102000000b85b0e93210001c0f0060848050000010000000000039815fa2c53c28648000000b937799f377a00bc000c00f0036cdf0db400600033d44000040060b16a482c0a3c313012dafd5a32e273fc83ab82d710f74cec18444ef90d475ef8b2863ef3d92c94170e5bba2e177312e081f691bc5110556888100000463ae4f5df1b394cfd6239ec2a0f0d1bcae5f5502943283f4b9e611183b102b2b8f5566791cb19020191bd0733802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4794eedfca92c09d776e7a90ab79a6f00a1960548deac279c00"/252, 0xfc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r7, 0x0)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
shutdown(r8, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r10 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockname(r10, 0x0, &(0x7f0000000a80))
r11 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000340)={'bridge0\x00'})
socket(0x10, 0x80002, 0x0)

551.921281ms ago: executing program 0 (id=171):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000005d00)={0x114, 0x2d, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x104, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac08}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x16}}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82", @typed={0x4, 0xe9}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)

490.118705ms ago: executing program 0 (id=173):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000f80)={'wlan1\x00', &(0x7f0000000f40)=@ethtool_stats})

489.283026ms ago: executing program 0 (id=174):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0b0000001f00000002040000ff03000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r0, &(0x7f00000001c0), &(0x7f0000000000)=""/7, 0x2}, 0x20)

419.291396ms ago: executing program 0 (id=175):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440), 0x10)
listen(r0, 0x5)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
accept4$unix(r0, 0x0, 0x0, 0x0)
sendto$packet(r1, &(0x7f0000000600)="5f0efc3e1792a50972d2eb21bdff9ca4ac804c2847fe7bf05ddc63ff512d4074687760a5fbd1fc97772c6f5027dcea15b6658de3b024a6ea22baafb445bf8427c8055d00", 0xffffff3d, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x76, 0x10001, 0xe, 0x5, 0x8, 0x1, 0xa4, 0x8}, 0x0, 0x0, 0x0, 0x0)

239.149384ms ago: executing program 2 (id=180):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000), 0x2a979d)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)

237.965295ms ago: executing program 1 (id=181):
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000040)={0x2000003c, &(0x7f0000000280)})
bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f0000000040)=ANY=[], 0x6)

140.428502ms ago: executing program 1 (id=182):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000340)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x28}, @call={0x85, 0x0, 0x0, 0x23}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

140.165457ms ago: executing program 1 (id=183):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0abefe14cf9d059de3cdec2b2fc1333915"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48)

139.487217ms ago: executing program 2 (id=184):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x28}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x3b, 0x10, 0x0, 0x1800}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000025c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x4, 0x0, &(0x7f00000001c0)="65cf0aff", 0x0, 0x4, 0x0, 0x400}, 0x50)

71.726435ms ago: executing program 2 (id=185):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000680)=@newtaction={0x174, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x160, 0x1, [@m_connmark={0x50, 0x2, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0xd, 0x5, 0x0, 0x40000003}, 0x8}}]}, {0x4}, {0xc}, {0xc}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe6, 0x0, 0x3}}]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0xc8, 0x3, 0x0, 0x0, {{0x9}, {0x4c, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x2, 0xea3, 0xffffffffffffffff}}, @TCA_GACT_PROB={0x7, 0x3, {0x0, 0x1d28}}, @TCA_GACT_PARMS={0x18, 0x2, {0xb66, 0xb3, 0x10000000, 0x34e, 0xffff}}, @TCA_GACT_PROB={0x0, 0x3, {0x1, 0x16fc, 0x1}}]}, {0x52, 0x6, "a06b1d1931f3579c6d7c5159238a286074602c3726c701f3c0d5382de62a6e8c4fb714fcd674c66cd306a4f78d3d05530609c9b04b7483bd084d70df8e77e6fbd503917aa0a6c737cef0ed021b60"}, {0xc}, {0xc, 0x8, {0x5, 0x2}}}}]}]}, 0x174}}, 0x0)

71.47051ms ago: executing program 1 (id=186):
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000580)={@map, 0xffffffffffffffff, 0x1f, 0x4}, 0x20)

71.365981ms ago: executing program 1 (id=187):
syz_emit_ethernet(0xae, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x78, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1803"}, {0x0, 0x1, "00e9ff06ffffaf64000000a2"}, {0x0, 0x1, "fe906d26efe3"}]}}}}}}, 0x0)

71.115762ms ago: executing program 2 (id=188):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0xfffffffc)
sendto$inet6(r0, 0x0, 0x0, 0x20004011, 0x0, 0x0)

213.317µs ago: executing program 1 (id=189):
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x10)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000001400)={<r1=>r0})
sendmmsg$alg(r1, &(0x7f0000000300)=[{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000080)}], 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="780000000000000017010000c60000187a22ec104b065cf506de8cdc08a6d0fddc0d72778aece33162e224760128908354ebe677afaf0fba4d209101c48a04692828bd124430ce0542ec901330cfd17ecda3ea1ff3d715545d42da58b55978fbbd3cf28bf72800000000000000170100000200000014000008d240a5aaf782aa7e74e12faa551a3e8899099e1542f8ed4490000000000000000000"], 0xa0, 0x200040d4}], 0x1, 0x20008852)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000090000000400000003000006040000000400000007000000020000000400000004000000fcffffff002e71a061"], 0x0, 0x45, 0x0, 0x1, 0x80000001}, 0x28)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'batadv0\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001008c000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r6, &(0x7f0000004ec0)=[{{}, 0x5}], 0x1, 0x40010160, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001380)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="1b00040000000000140012800c0001006d6163766c616e000400028008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5, @ANYRESDEC=r4], 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x4000040)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000680)={0x14, 0x1, 0x2, 0x201, 0x0, 0x0, {0xa, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x40)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r9, &(0x7f0000001440)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x28, 0x3, 0x6, 0x401, 0x0, 0x0, {0x2, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x48090}, 0x40000)
close(r8)
r11 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="6d9310000000f4dbdf25010000000c00060000000000020000000800010000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20048890}, 0x880)
r12 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r12}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}, {0x4}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x6, 0xa, 0x9, 0xfff0, 0xf1}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x6, 0x1, 0xb, 0xa, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x9}, {}, {}, {0x18, 0x6, 0x2, 0x0, r2}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a09000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c0003802800008008000340000000021c00028018000280080001"], 0xec}}, 0x0)

0s ago: executing program 2 (id=190):
sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, 0x0, 0x24040000)
r0 = socket$netlink(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
bind$rds(0xffffffffffffffff, 0x0, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:9923' (ED25519) to the list of known hosts.
syzkaller login: [   49.092551][ T5747] cgroup: Unknown subsys name 'net'
[   49.221605][ T5747] cgroup: Unknown subsys name 'cpuset'
[   49.226453][ T5747] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.610398][ T5747] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   60.213468][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   60.217691][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   60.221471][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   60.241411][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   60.246618][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   60.323285][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   60.326886][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   60.330556][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   60.334218][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   60.338555][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   60.409804][   T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   60.413281][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   60.418850][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   60.422585][   T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   60.426237][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   60.710385][ T5840] chnl_net:caif_netlink_parms(): no params data found
[   60.780702][ T5844] chnl_net:caif_netlink_parms(): no params data found
[   60.872690][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.876133][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.880448][ T5840] bridge_slave_0: entered allmulticast mode
[   60.884763][ T5840] bridge_slave_0: entered promiscuous mode
[   60.894162][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.897793][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.900793][ T5840] bridge_slave_1: entered allmulticast mode
[   60.904740][ T5840] bridge_slave_1: entered promiscuous mode
[   60.916578][ T5846] chnl_net:caif_netlink_parms(): no params data found
[   60.978500][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.982330][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.985448][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.989162][ T5844] bridge_slave_0: entered allmulticast mode
[   60.992802][ T5844] bridge_slave_0: entered promiscuous mode
[   60.998971][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.028922][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.031505][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.034330][ T5844] bridge_slave_1: entered allmulticast mode
[   61.037581][ T5844] bridge_slave_1: entered promiscuous mode
[   61.062478][ T5840] team0: Port device team_slave_0 added
[   61.081918][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.091792][ T5840] team0: Port device team_slave_1 added
[   61.095449][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.153746][ T5844] team0: Port device team_slave_0 added
[   61.185114][ T5844] team0: Port device team_slave_1 added
[   61.214262][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.217870][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.226883][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.255504][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.259259][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.269472][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.274498][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.276885][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.287094][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.291246][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.294214][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.297771][ T5846] bridge_slave_0: entered allmulticast mode
[   61.301610][ T5846] bridge_slave_0: entered promiscuous mode
[   61.306063][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.309255][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.312188][ T5846] bridge_slave_1: entered allmulticast mode
[   61.314814][ T5846] bridge_slave_1: entered promiscuous mode
[   61.322012][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.324154][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.333777][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.365408][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.388972][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.404456][ T5840] hsr_slave_0: entered promiscuous mode
[   61.406849][ T5840] hsr_slave_1: entered promiscuous mode
[   61.437693][ T5844] hsr_slave_0: entered promiscuous mode
[   61.439968][ T5844] hsr_slave_1: entered promiscuous mode
[   61.442419][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   61.444909][ T5844] Cannot create hsr debugfs directory
[   61.460341][ T5846] team0: Port device team_slave_0 added
[   61.470012][ T5846] team0: Port device team_slave_1 added
[   61.546373][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.548989][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.559117][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.580398][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.582862][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.591172][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.699265][ T5846] hsr_slave_0: entered promiscuous mode
[   61.701734][ T5846] hsr_slave_1: entered promiscuous mode
[   61.703941][ T5846] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   61.706642][ T5846] Cannot create hsr debugfs directory
[   61.804766][ T5840] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   61.821084][ T5840] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   61.846774][ T5840] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   61.851476][ T5840] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   61.899228][ T5844] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   61.908046][ T5844] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   61.920781][ T5844] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   61.941260][ T5844] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   61.963332][ T5846] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   61.971854][ T5846] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   61.977377][ T5846] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   61.985754][ T5846] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   62.106275][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.134566][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.142286][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[   62.150888][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.168497][ T1087] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.171551][ T1087] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.183112][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.186046][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.195453][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[   62.209601][ T5844] 8021q: adding VLAN 0 to HW filter on device team0
[   62.215984][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.218881][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.248703][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.251546][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.254812][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.257126][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.274208][ T1087] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.277103][ T1087] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.277958][ T5842] Bluetooth: hci0: command tx timeout
[   62.358082][ T5842] Bluetooth: hci1: command tx timeout
[   62.447486][ T5842] Bluetooth: hci2: command tx timeout
[   62.512041][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.561948][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.590639][ T5840] veth0_vlan: entered promiscuous mode
[   62.596581][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.619460][ T5840] veth1_vlan: entered promiscuous mode
[   62.668240][ T5844] veth0_vlan: entered promiscuous mode
[   62.692067][ T5840] veth0_macvtap: entered promiscuous mode
[   62.698931][ T5846] veth0_vlan: entered promiscuous mode
[   62.702171][ T5844] veth1_vlan: entered promiscuous mode
[   62.709374][ T5840] veth1_macvtap: entered promiscuous mode
[   62.722652][ T5846] veth1_vlan: entered promiscuous mode
[   62.756850][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.773290][ T5844] veth0_macvtap: entered promiscuous mode
[   62.780325][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.789580][ T5844] veth1_macvtap: entered promiscuous mode
[   62.794130][ T5846] veth0_macvtap: entered promiscuous mode
[   62.799560][ T5840] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.803265][ T5840] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.806704][ T5840] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.812132][ T5840] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.822737][ T5846] veth1_macvtap: entered promiscuous mode
[   62.841624][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.849678][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.866191][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.874822][ T5844] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.878995][ T5844] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.882072][ T5844] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.885216][ T5844] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.906438][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.933227][ T5846] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.936652][ T5846] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.942558][ T5846] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.945880][ T5846] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.974676][ T1087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.984323][ T1087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.030466][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.033555][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.064064][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.066799][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.070908][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.073316][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.073702][ T5840] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   63.115565][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.124341][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.144620][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.148599][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.238087][ T5907] netlink: 24 bytes leftover after parsing attributes in process `syz.0.21'.
[   63.349760][ T5919] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   63.524088][ T5933] netlink: 134820 bytes leftover after parsing attributes in process `syz.2.33'.
[   63.703657][ T5947] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.40'.
[   63.709139][ T5947] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[   63.713600][ T5947] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[   64.190172][ T5913] syz.0.23 (5913) used greatest stack depth: 19480 bytes left
[   64.358346][ T5842] Bluetooth: hci0: command tx timeout
[   64.437740][ T5842] Bluetooth: hci1: command tx timeout
[   64.481310][ T6002] netlink: 148 bytes leftover after parsing attributes in process `syz.2.64'.
[   64.485013][ T6002] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[   64.519187][ T5842] Bluetooth: hci2: command tx timeout
[   64.661601][ T6019] netlink: 12 bytes leftover after parsing attributes in process `syz.2.73'.
[   64.863340][ T6037] netlink: 40 bytes leftover after parsing attributes in process `syz.0.82'.
[   64.979044][ T6045] netlink: 8 bytes leftover after parsing attributes in process `syz.0.87'.
[   65.218001][ T6070] geneve2: entered promiscuous mode
[   65.223626][ T6070] geneve2: entered allmulticast mode
[   65.275117][ T6073] netlink: 8 bytes leftover after parsing attributes in process `syz.2.99'.
[   65.287820][ T6073] netlink: 32 bytes leftover after parsing attributes in process `syz.2.99'.
[   65.294741][ T6068] netlink: 40 bytes leftover after parsing attributes in process `syz.0.97'.
[   65.301026][ T6073] gtp0: entered promiscuous mode
[   65.302797][ T6073] gtp0: entered allmulticast mode
[   65.478628][ T6082] syz.2.102 uses obsolete (PF_INET,SOCK_PACKET)
[   65.490555][ T6082] netlink: 'syz.2.102': attribute type 10 has an invalid length.
[   65.519547][ T6082] 8021q: adding VLAN 0 to HW filter on device team0
[   65.524451][ T6082] bond0: (slave team0): Enslaving as an active interface with an up link
[   65.989277][ T6090] Zero length message leads to an empty skb
[   66.437212][ T5842] Bluetooth: hci0: command tx timeout
[   66.440722][ T6114] netlink: 'syz.1.116': attribute type 2 has an invalid length.
[   66.497158][ T6116] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0
[   66.517218][ T5842] Bluetooth: hci1: command tx timeout
[   66.522717][ T6118] bond0: entered promiscuous mode
[   66.524402][ T6118] bond_slave_0: entered promiscuous mode
[   66.526362][ T6118] bond_slave_1: entered promiscuous mode
[   66.530038][ T6118] bond0: left promiscuous mode
[   66.531572][ T6118] bond_slave_0: left promiscuous mode
[   66.533420][ T6118] bond_slave_1: left promiscuous mode
[   66.597642][ T5842] Bluetooth: hci2: command tx timeout
[   67.519637][ T6174] netlink: 'syz.0.143': attribute type 1 has an invalid length.
[   67.962081][ T6200] IPVS: sync thread started: state = BACKUP, mcast_ifn = bridge0, syncid = 0, id = 0
[   68.036167][ T6206] netlink: set zone limit has 8 unknown bytes
[   68.333617][ T6236] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   68.416696][ T6238] warning: `syz.0.168' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   68.466123][ T6244] netlink: 'syz.0.171': attribute type 11 has an invalid length.
[   68.471997][ T6244] __nla_validate_parse: 12 callbacks suppressed
[   68.472007][ T6244] netlink: 224 bytes leftover after parsing attributes in process `syz.0.171'.
[   68.523354][ T5842] Bluetooth: hci0: command tx timeout
[   68.581864][ T6241] netlink: 20 bytes leftover after parsing attributes in process `syz.2.170'.
[   68.598077][ T5842] Bluetooth: hci1: command tx timeout
[   68.606892][ T6241] netlink: 'syz.2.170': attribute type 12 has an invalid length.
[   68.677161][ T5842] Bluetooth: hci2: command tx timeout
[   68.936291][ T6277] netlink: 108 bytes leftover after parsing attributes in process `syz.2.185'.
[   68.942873][ T6277] netlink: 108 bytes leftover after parsing attributes in process `syz.2.185'.
[   69.013330][ T6285] erspan0: entered promiscuous mode
[   69.015836][ T6287] netlink: 'syz.2.190': attribute type 10 has an invalid length.
[   69.017451][ T6285] batman_adv: batadv0: Adding interface: macvlan2
[   69.020746][ T6285] batman_adv: batadv0: The MTU of interface macvlan2 is too small (1450) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.031171][ T6285] batman_adv: batadv0: Interface activated: macvlan2
[   69.043247][ T6287] team0: Port device dummy0 added
[   69.052360][ T6287] netlink: 'syz.2.190': attribute type 10 has an invalid length.
[   69.055104][ T6287] 
[   69.055905][ T6287] ======================================================
[   69.058157][ T6287] WARNING: possible circular locking dependency detected
[   69.060440][ T6287] 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 Not tainted
[   69.063572][ T6287] ------------------------------------------------------
[   69.065798][ T6287] syz.2.190/6287 is trying to acquire lock:
[   69.067678][ T6287] ffff88811b4ace00 (team->team_lock_key#3){+.+.}-{4:4}, at: team_device_event+0x182/0xa20
[   69.070777][ T6287] 
[   69.070777][ T6287] but task is already holding lock:
[   69.073165][ T6287] ffff88811b572d30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: do_setlink+0x388/0x41c0
[   69.076296][ T6287] 
[   69.076296][ T6287] which lock already depends on the new lock.
[   69.076296][ T6287] 
[   69.079671][ T6287] 
[   69.079671][ T6287] the existing dependency chain (in reverse order) is:
[   69.082434][ T6287] 
[   69.082434][ T6287] -> #1 (&dev_instance_lock_key#3){+.+.}-{4:4}:
[   69.085116][ T6287]        lock_acquire+0x120/0x360
[   69.086814][ T6287]        __mutex_lock+0x182/0xe80
[   69.088486][ T6287]        dev_set_mtu+0x10e/0x260
[   69.090139][ T6287]        team_add_slave+0x8b8/0x2840
[   69.091901][ T6287]        do_set_master+0x533/0x6d0
[   69.093590][ T6287]        do_setlink+0xcf0/0x41c0
[   69.095179][ T6287]        rtnl_newlink+0x160b/0x1c70
[   69.096865][ T6287]        rtnetlink_rcv_msg+0x7cf/0xb70
[   69.098963][ T6287]        netlink_rcv_skb+0x208/0x470
[   69.100943][ T6287]        netlink_unicast+0x75b/0x8d0
[   69.102692][ T6287]        netlink_sendmsg+0x805/0xb30
[   69.104454][ T6287]        __sock_sendmsg+0x21c/0x270
[   69.106216][ T6287]        ____sys_sendmsg+0x505/0x830
[   69.108122][ T6287]        ___sys_sendmsg+0x21f/0x2a0
[   69.109860][ T6287]        __x64_sys_sendmsg+0x19b/0x260
[   69.111753][ T6287]        do_syscall_64+0xfa/0x3b0
[   69.113433][ T6287]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.115565][ T6287] 
[   69.115565][ T6287] -> #0 (team->team_lock_key#3){+.+.}-{4:4}:
[   69.118419][ T6287]        validate_chain+0xb9b/0x2140
[   69.120239][ T6287]        __lock_acquire+0xab9/0xd20
[   69.121955][ T6287]        lock_acquire+0x120/0x360
[   69.123623][ T6287]        __mutex_lock+0x182/0xe80
[   69.125276][ T6287]        team_device_event+0x182/0xa20
[   69.127540][ T6287]        notifier_call_chain+0x1b6/0x3e0
[   69.129920][ T6287]        __dev_notify_flags+0x18d/0x2e0
[   69.132251][ T6287]        netif_change_flags+0xe8/0x1a0
[   69.134597][ T6287]        do_setlink+0xc55/0x41c0
[   69.136633][ T6287]        rtnl_newlink+0x160b/0x1c70
[   69.138767][ T6287]        rtnetlink_rcv_msg+0x7cf/0xb70
[   69.141099][ T6287]        netlink_rcv_skb+0x208/0x470
[   69.143311][ T6287]        netlink_unicast+0x75b/0x8d0
[   69.145425][ T6287]        netlink_sendmsg+0x805/0xb30
[   69.147553][ T6287]        __sock_sendmsg+0x21c/0x270
[   69.149640][ T6287]        ____sys_sendmsg+0x505/0x830
[   69.151780][ T6287]        ___sys_sendmsg+0x21f/0x2a0
[   69.153852][ T6287]        __x64_sys_sendmsg+0x19b/0x260
[   69.156146][ T6287]        do_syscall_64+0xfa/0x3b0
[   69.158186][ T6287]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.160994][ T6287] 
[   69.160994][ T6287] other info that might help us debug this:
[   69.160994][ T6287] 
[   69.165707][ T6287]  Possible unsafe locking scenario:
[   69.165707][ T6287] 
[   69.169132][ T6287]        CPU0                    CPU1
[   69.171557][ T6287]        ----                    ----
[   69.173949][ T6287]   lock(&dev_instance_lock_key#3);
[   69.176283][ T6287]                                lock(team->team_lock_key#3);
[   69.179543][ T6287]                                lock(&dev_instance_lock_key#3);
[   69.182869][ T6287]   lock(team->team_lock_key#3);
[   69.184817][ T6287] 
[   69.184817][ T6287]  *** DEADLOCK ***
[   69.184817][ T6287] 
[   69.188006][ T6287] 2 locks held by syz.2.190/6287:
[   69.189931][ T6287]  #0: ffffffff8f50ffc8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[   69.193415][ T6287]  #1: ffff88811b572d30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: do_setlink+0x388/0x41c0
[   69.197802][ T6287] 
[   69.197802][ T6287] stack backtrace:
[   69.200504][ T6287] CPU: 0 UID: 0 PID: 6287 Comm: syz.2.190 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[   69.200550][ T6287] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   69.200557][ T6287] Call Trace:
[   69.200565][ T6287]  <TASK>
[   69.200574][ T6287]  dump_stack_lvl+0x189/0x250
[   69.200599][ T6287]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.200619][ T6287]  ? __pfx__printk+0x10/0x10
[   69.200635][ T6287]  ? print_lock_name+0xde/0x100
[   69.200649][ T6287]  print_circular_bug+0x2ee/0x310
[   69.200664][ T6287]  check_noncircular+0x134/0x160
[   69.200679][ T6287]  validate_chain+0xb9b/0x2140
[   69.200692][ T6287]  ? __lock_acquire+0xab9/0xd20
[   69.200711][ T6287]  __lock_acquire+0xab9/0xd20
[   69.200729][ T6287]  ? team_device_event+0x182/0xa20
[   69.200743][ T6287]  lock_acquire+0x120/0x360
[   69.200758][ T6287]  ? team_device_event+0x182/0xa20
[   69.200773][ T6287]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   69.200792][ T6287]  __mutex_lock+0x182/0xe80
[   69.200810][ T6287]  ? team_device_event+0x182/0xa20
[   69.200824][ T6287]  ? __try_to_del_timer_sync+0x34a/0x3a0
[   69.200844][ T6287]  ? team_device_event+0x182/0xa20
[   69.200859][ T6287]  ? __pfx___mutex_lock+0x10/0x10
[   69.200877][ T6287]  ? __timer_delete_sync+0x218/0x2d0
[   69.200896][ T6287]  team_device_event+0x182/0xa20
[   69.200916][ T6287]  notifier_call_chain+0x1b6/0x3e0
[   69.200937][ T6287]  __dev_notify_flags+0x18d/0x2e0
[   69.200952][ T6287]  ? __pfx___dev_notify_flags+0x10/0x10
[   69.200964][ T6287]  ? __dev_change_flags+0x4cc/0x6d0
[   69.200978][ T6287]  ? __pfx___dev_change_flags+0x10/0x10
[   69.200991][ T6287]  ? __pfx_console_unlock+0x10/0x10
[   69.201003][ T6287]  ? irq_work_queue+0xbc/0x140
[   69.201019][ T6287]  netif_change_flags+0xe8/0x1a0
[   69.201034][ T6287]  do_setlink+0xc55/0x41c0
[   69.201053][ T6287]  ? __pfx_do_setlink+0x10/0x10
[   69.201065][ T6287]  ? _printk+0xcf/0x120
[   69.201079][ T6287]  ? __pfx____ratelimit+0x10/0x10
[   69.201106][ T6287]  ? __lock_acquire+0xab9/0xd20
[   69.201123][ T6287]  ? __mutex_trylock_common+0x153/0x260
[   69.201136][ T6287]  ? __pfx___mutex_trylock_common+0x10/0x10
[   69.201148][ T6287]  ? rcu_is_watching+0x15/0xb0
[   69.201166][ T6287]  ? trace_contention_end+0x39/0x120
[   69.201177][ T6287]  ? __mutex_lock+0x330/0xe80
[   69.201195][ T6287]  ? __pfx_aa_get_newest_label+0x10/0x10
[   69.201211][ T6287]  ? rtnl_newlink+0x8db/0x1c70
[   69.201221][ T6287]  ? rcu_is_watching+0x15/0xb0
[   69.201238][ T6287]  ? __pfx___mutex_lock+0x10/0x10
[   69.201257][ T6287]  ? ns_capable+0x8a/0xf0
[   69.201275][ T6287]  ? rtnl_link_get_net_capable+0x16a/0x350
[   69.201301][ T6287]  rtnl_newlink+0x160b/0x1c70
[   69.201317][ T6287]  ? netlink_sendmsg+0x805/0xb30
[   69.201336][ T6287]  ? __pfx_rtnl_newlink+0x10/0x10
[   69.201354][ T6287]  ? kasan_quarantine_put+0xdd/0x220
[   69.201375][ T6287]  ? lockdep_hardirqs_on+0x9c/0x150
[   69.201393][ T6287]  ? nlmon_xmit+0xb0/0x100
[   69.201411][ T6287]  ? kmem_cache_free+0x18f/0x400
[   69.201425][ T6287]  ? __local_bh_enable_ip+0x12d/0x1c0
[   69.201443][ T6287]  ? lockdep_hardirqs_on+0x9c/0x150
[   69.201459][ T6287]  ? __local_bh_enable_ip+0x12d/0x1c0
[   69.201475][ T6287]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   69.201493][ T6287]  ? __dev_queue_xmit+0x27e/0x3a70
[   69.201540][ T6287]  ? __lock_acquire+0xab9/0xd20
[   69.201567][ T6287]  ? __pfx_rtnl_newlink+0x10/0x10
[   69.201578][ T6287]  rtnetlink_rcv_msg+0x7cf/0xb70
[   69.201589][ T6287]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[   69.201600][ T6287]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   69.201610][ T6287]  ? ref_tracker_free+0x63a/0x7d0
[   69.201625][ T6287]  ? __copy_skb_header+0xa7/0x550
[   69.201640][ T6287]  ? __pfx_ref_tracker_free+0x10/0x10
[   69.201654][ T6287]  ? __skb_clone+0x63/0x7a0
[   69.201676][ T6287]  netlink_rcv_skb+0x208/0x470
[   69.201691][ T6287]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   69.201702][ T6287]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   69.201719][ T6287]  ? netlink_deliver_tap+0x2e/0x1b0
[   69.201731][ T6287]  ? netlink_deliver_tap+0x2e/0x1b0
[   69.201746][ T6287]  netlink_unicast+0x75b/0x8d0
[   69.201762][ T6287]  netlink_sendmsg+0x805/0xb30
[   69.201779][ T6287]  ? __pfx_netlink_sendmsg+0x10/0x10
[   69.201794][ T6287]  ? aa_sock_msg_perm+0x94/0x160
[   69.201810][ T6287]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   69.201825][ T6287]  ? __pfx_netlink_sendmsg+0x10/0x10
[   69.201843][ T6287]  __sock_sendmsg+0x21c/0x270
[   69.201865][ T6287]  ____sys_sendmsg+0x505/0x830
[   69.201882][ T6287]  ? __pfx_____sys_sendmsg+0x10/0x10
[   69.201901][ T6287]  ? import_iovec+0x74/0xa0
[   69.201913][ T6287]  ___sys_sendmsg+0x21f/0x2a0
[   69.201927][ T6287]  ? __pfx____sys_sendmsg+0x10/0x10
[   69.201950][ T6287]  ? __fget_files+0x2a/0x420
[   69.201963][ T6287]  ? __fget_files+0x3a0/0x420
[   69.201977][ T6287]  __x64_sys_sendmsg+0x19b/0x260
[   69.201991][ T6287]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   69.202008][ T6287]  ? rcu_is_watching+0x15/0xb0
[   69.202026][ T6287]  ? do_syscall_64+0xbe/0x3b0
[   69.202037][ T6287]  do_syscall_64+0xfa/0x3b0
[   69.202047][ T6287]  ? lockdep_hardirqs_on+0x9c/0x150
[   69.202062][ T6287]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.202074][ T6287]  ? exc_page_fault+0x9f/0xf0
[   69.202090][ T6287]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.202101][ T6287] RIP: 0033:0x7ff280f8e929
[   69.202113][ T6287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.202123][ T6287] RSP: 002b:00007ff281db6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   69.202135][ T6287] RAX: ffffffffffffffda RBX: 00007ff2811b5fa0 RCX: 00007ff280f8e929
[   69.202144][ T6287] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000004
[   69.202150][ T6287] RBP: 00007ff281010b39 R08: 0000000000000000 R09: 0000000000000000
[   69.202157][ T6287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   69.202164][ T6287] R13: 0000000000000000 R14: 00007ff2811b5fa0 R15: 00007fff795d0ed8
[   69.202176][ T6287]  </TASK>
[   69.393011][ T6285] netlink: 12 bytes leftover after parsing attributes in process `syz.1.189'.
[   69.402677][ T6287] team0: Port device dummy0 removed
[   69.405914][ T6287] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   71.079667][ T1359] ieee802154 phy0 wpan0: encryption failed: -22
[   71.082454][ T1359] ieee802154 phy1 wpan1: encryption failed: -22

VM DIAGNOSIS:
09:33:57  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000035 RBX=0000000000000035 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000002cea RDI=0000000000002ceb RBP=00000000000003f8 RSP=ffffc90006a95f10
R8 =ffff888107610237 R9 =1ffff11020ec2046 R10=dffffc0000000000 R11=ffffffff85474610
R12=dffffc0000000000 R13=ffffffff99ac48f0 R14=ffffffff99dc9760 R15=0000000000000000
RIP=ffffffff8547468c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007ff281db66c0 ffffffff 00c00000
GS =0000 ffff8880b8650000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c2d30f0 CR3=0000000115360000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007ff281184478 00007ff281184450 XMM03=00007ff281184488 00007ff281184480
XMM04=00007ff281ced100 00007ff281184440 XMM05=00007ff281184458 00007ff2811844a0
XMM06=00007ff281184498 00007ff281184490 XMM07=00007ff281184488 00007ff281184480
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007ff281011c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=36c3626b5033af00 RBX=ffffffff81974d58 RCX=36c3626b5033af00 RDX=0000000000000001
RSI=ffffffff8be28d20 RDI=ffffffff81974d58 RBP=ffffc90000177f20 RSP=ffffc90000177de0
R8 =ffff888136632f5b R9 =1ffff11026cc65eb R10=dffffc0000000000 R11=ffffed1026cc65ec
R12=ffffffff8fa10df0 R13=0000000000000001 R14=0000000000000001 R15=1ffff110200d1000
RIP=ffffffff8b66c4a3 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c50000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055e0ff13c0a8 CR3=000000001ef06000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff8234c122 ffffffff81685ddf
XMM02=00007effa1984478 ffffffff81685ddf XMM03=00007effa1984488 00007effa1984480
XMM04=00007effa24ed100 00007effa1984440 XMM05=00007effa1984458 00007effa19844a0
XMM06=00007effa1984498 00007effa1984490 XMM07=00007effa1984488 00007effa1984480
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007effa1811c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
