last executing test programs:

522.103501ms ago: executing program 0 (id=2193):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r2, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e)
close(r0)
connect$unix(r1, &(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e)

470.602301ms ago: executing program 0 (id=2196):
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xd, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000030000000000000001004000850000001900000095"], &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sock_ops=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

470.480272ms ago: executing program 1 (id=2197):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000000)={@remote, @multicast1, 0x4, "d30f388c52647612d91de4353d68b0fa00", 0x0, 0x0, 0x4000000, 0x8}, 0x3c)
setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000280)={@broadcast, @multicast1, 0x0, "7ea97ddb2ac127ffa5b7216fe75ebaa2855a422a8bf8ec7caf003751804500", 0x0, 0x0, 0x4, 0xfffffffe}, 0x3c)
setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000200)={@empty, @private, 0x0, "606b177019716ea6ff1f4d7ed79c31e2e0f1da00000000230000002000", 0x3e1f}, 0x3c)
setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000180)={@private=0xa010102, @multicast2, 0x0, "941621a61c5815f4678d8fd403f2f30229a88d74d71fd55708016d20fd419884", 0x0, 0x1}, 0x3c)
setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f00000003c0)=0xa, 0x4)

468.133565ms ago: executing program 2 (id=2198):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000003c0007010000000000400000017c00000400fc80100001805fd05a607fd4804000000000080002"], 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="81a880d2e06ca68eb9000100000008789a7bc428ad000100030000002400048005000300010000000500030000000000050003000003000700000008000200030000000200000000"], 0x48}}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="2000000068000100ffffffffffdbdf250a0000000000000004000b00040006"], 0x20}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r5, &(0x7f00000001c0)={0xa, 0x4, 0x3ff, @loopback, 0x1}, 0x1c)
sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x20000001)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f00000000c0)={0x5, &(0x7f0000000000)=[{0x15, 0x0, 0x3, 0xb}, {0x20}, {}, {0x0, 0x2}, {0x6}]})

414.295089ms ago: executing program 0 (id=2199):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', <r1=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000100)={r1, 0x3, 0x6, @remote}, 0x10)
close(0x3)

413.941635ms ago: executing program 0 (id=2200):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x3, 0x8}}, @volatile={0x0, 0x0, 0x0, 0xa, 0x5}, @const={0x0, 0x0, 0x0, 0xa, 0x2}, @restrict, @union]}}, 0x0, 0x62}, 0x28)

364.76577ms ago: executing program 0 (id=2201):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmmsg$inet6(r0, &(0x7f0000002340)=[{{&(0x7f0000000300)={0xa, 0x4e21, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}, 0x1c, &(0x7f0000000cc0)=[{&(0x7f00000000c0)='O', 0x1}], 0x1}}, {{&(0x7f0000000080)={0xa, 0x4e22, 0xe2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x10000}, 0x1c, &(0x7f0000000480)=[{&(0x7f0000000100)="b0", 0x1}], 0x1}}], 0x2, 0x4000840)
shutdown(r0, 0x1)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r2, &(0x7f0000000200), 0x806000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000040)={0x0, 0x18}, &(0x7f0000000000)=0x8)

364.43737ms ago: executing program 1 (id=2202):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000fefffe7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000c9be17044171e1d3d7b1efd036d7af273bce36015779c4cef58fa35d17c668a4b63e069efb29797573b8538e31ec24925095a163b9d4e76be2661f2a395e41f7e31a8021e00b00104e0801d4de36e5fdc6c42a7b3ff13f2360a6e231fd223bc33091dd61258a1fda45991fbdce6793c8a4785ee8b60092659b941bbd694dff0f0000000000003a45404b04bf97c4fea679c032b363956cd8bac9626b5db1b07a0bd7cc85e961506a35a04617dc0200379e731d3a8d8feac94a4ee293001f6ce7d5b40bf2a7f9be8173a9639a79fae885d05afe042c0e7821d406c967379e7521292d24d6c8034f2fc7c855a8945e9bce678ee9a015abc9daac8876623db56346916674ceb55f60b493f2f4d736acb2f206fc538450a676d71c01175b8454eb92567e8f8a707b590d7219288e23ee0800000000000010a49fc8f4ff0300000000000000000000cb947d6017ad27714772ad790af252e648ef8c313c604324f5b306000000000000cf327a00000000000000080a70162bba30ad7804fa4140f1a754ffff000000ab744d306619dfb3a37d897662bee00189f43da46a908a235c84cbad335fd1d2f2ef93a6a70c8b8ece0e243eab05a34ab0a7e7e497065e5e282e284f8d5e8852a265d528075214af000000000070d42182d8f3a347d48289a8b29b911ac473c5fa02bb0e24e5b7b238e27263a23c0b865f75331d888c72df1da4b290582f00024227f03204add786a87b23ceb17c25810e769fe2d6a7bd8e504843b66b1a8c7b364bd2194ba9c8f60ac0c9b18d8c1b9e1a736825c91b4dff0000c1c5dcffa295c2930000000000235d84b0193a5ea7c77cdb7de9ce1a59ab4158097b4dd13ebfaf4425c6855530b56a3320d85c8fe85f667998b1a7e589f486c107761108e4e230419fd27b6ad9c10b25c6b6ed84badbb970dcf133279dd355e41de944564bdab99c5c712a9fbc8e9691c775bb94f746505e1e748cf1710d52468b4b1625ce21612ed5e807dfb5f19f3267e5366b2c0b2a0be49ae476263c9407ac6c596bf3cf66204984f5aebf93d1caa220ea6969cea852fe9a7d1eee13f1f48722a69ad9fb850bd093a302b9250245900ad5c8e5f20ddf77ee3d5a168964fad1aa7347d36c502d02b1d96d753ef6fc354fc126070060c65c147651fca62c0a06939f40c90ebc3042e753fe91b5770b24f25c558736dd7e1e9fb214cbb04c5c6ee4c970b320ba6fb6ef4615f4092de54c519f4622e1224153463ea80248a45a95a189958f586d606dcaa9aac656cf95a2d35225cfb0e6f47486d5cbb04a590116d4de92e203e107d68728a189b0d537d2442beab2f8ce7b2dd357200dcd139e47267012fc2a2b6bad79be429d1ddaccbe0139f16ca1b9bc1103000000ed1ece54cfdbe04670bee9b42fe3dc42033997e2e700b6edb2b49b5f2f6001ee0a9e5d1bee199ce9124a5cb479040000000000000049ead5b02d5ea1dcf6cdcf332fe94b3c1932d8d391754774a32c9b7e6ca4023bce2c7281d27a2cb62383ab3a3bb535650fbfb96c89936855eb7a485698f0d20c3eedd6123ef8f218d52ea2c346f80acb8b9a71856d2f2d1a7c6f45ee127b6a1d1ac1e243ed02e49e8aafe835919564af915965a050c37ceff855bd2dec3452c7c38f5dbf1ff1ff00020000000000006a1a029ea6540b40b2f797813af2c7d4ed235c2dc5f1dbbfcc52b2f55fd3f9f100c4891d0cb4c10ed01489bf235c45822594d7a6edc9d1270a7819fc0c597fdfb4d7842da1b411346297a40bbf221bbf63ad3822575dcc01a3c34b5aa4e3750400000000000000fc0fd9c746cf0ed4b0343d00a154e6a869346256ffbd666a34414ab0f40bec45b1c24f02ac9bc20e69201968537dd4dc61323c8b6d3643183631664eeca616696fb30fe89c8bdb15037c801fca4a9c220fec5d14582a00b62548ddf2599e5ffc5330cefb8903d276eae21b0b4b20100ead8256636c7e754185e815dd21445cc965a0526da38021a3e540949494ef3041cfa5067f556a0af5c19d27ff4f61fa7762d7963c96853709e773f14c47eef784cb145ae9d6d37fc7b5d83e05ac773fcc429eae6826a9d207d4c39df8eed9cc2ae3f68df1c6495a82d02939b448bf8038521057714e6e6405000000be9e0b0025d16b7eff573f78364ed70a62a7b1e55311dc0193d47f9ecc8c7ad268dc6e2e75f8cc83315411bd6c6b88e1850ee757ac2f9e4d6ac510003717d5847a19e750db92d33d6bdc434d0b52b2eb4b1790459e35122f46b205120a54bf657da9fd55d43a89e333481de468f5984a69509e9eac7a5b39c004396e8cb3ab037fd62fa43f259f13ebc4b590e9ea07ea37689049c799cd444d45dabe3e3cf086768daa6816c37793d17a284d2828f5eab2d3d0bedd5334b7bb4c983fa9cd4bd86f0ad227901e83ef4871695380d25bea2929fa66382af6ddb89917ab100046151bd08fce74247955247daa1ea75139b9ce3771526503c7db3a4b3ff39301986c1fd9b5c42d39e768946c9a7ee8dd081bfb6ea5fa132ebdbe72d02ce9f2000000006f63ae8311afc4943c963d39e42c54a3f52d121bfb425fe268892f654febdaee43e95b5ae6749275e1ad8b8b279e1ae296e03a8d9386d8e199dc1f00000008000000000000000026c43493c622f041b47d329b248e8ccd92e9b17007ba2578eefcb59f50343722e6cba3be72fd037eb5fa243a395b5c83376a14414b32c2e8a33de8000000003927da2bec76f4e15c8bf3715c5bfe7b3617d0fcf9b5861554b5b76b8ae69c644a48931306a16cff8a38ea95553867e2c5fb1e99b1802e616345871b4611627874cfbe30fa5793c873ae6f75427f3eeda690147b9615b096d967c2d7f5ddf725f0544f8750a5ed04d6ca0f223506fec5d5e65b467c59459f6113cf41c174a63a17fc79d0b777a0c903c0d2e7f79b6f9ce68a3b72315407040f6a09cadc25e87b7c6b4a3079c7989b4cf04b2581b555fa9a2d74392939b4dbaa9e620e22ab975ac3a5a329157762c1f29075fbdd39451a56b97c90e4fde6782a7c78e7fbe8400054dcafcd51e9eef2d2ea10a3f2636ac2239cef5d8505060de55f472aa89cb8e0188f2ee96cb1ae8dee3c03d0a942c6289cbc4499cea402bd0550520f4aae98c436f18a667ae4efeb5e6a4b1b3f53536145a87578ead8ec76b17acd9d9629449714ed1302714c3519fdd8529b5a86ce2fabb7f285fe73730000000000000000000000000000000073b6f8e9255567374cb2cc80be58fca5b1dc50d85342e56beda632edb7f0a4abcabae102fadfbffecc6b1549315dda8e09d18a7fe5e1574e4fad426b6ca211da39a16dffdd661a20b20c390e00004b002cd83b754c3d32819c823027b3cf8f8da6e63d099712be370bb2aa06debff931ea0a2e7aa0390000000000000045b6720d74c470d49e1e97d1668bb75ad994089d723c2eeaad3f857937fa3df615121a1841ed452dd395788e1a82efda18b41c06c948ef44af8500fbe1ee0828a3b047afb80435935b0f99b381dcf101e9a1593bdaab3bc88c70bf56995a4790a339e1b62516356644ed7df6db419d0976a5169e68e8bd4712552c5ec03f2818c17c4a5bf1e5ecd9bb40074a63c66b61f4779226a99dc5ff9c442e93991570797493569e6f9ccd6d73bcbce41022e2731fc61b6bf0188c74a21471332a546ffe8e9dd738aa2ca782ff5a547a1ad7c348c59ff99d1496404eafcd0333df8f2801d39ad0c82735af24b819efc2fd67c6a53835f0af6a51d1b9123f4b9af7fa2ee2ebf4bc2973cf04380b41aa7577e35bcd28446bfcea19aa85440fe0fdce12e53da7b8842b7527a34d1bcb16fcdc84f2c46a78c01c2ff463cdd0d65267b0822e899e893514a02acd8c21583d181224175d08ff75223da84d53656eb7ab46ad442d70c67a6010029329924b8b39e6dc4b2077a4b9645d8e0a445ae2c7be53d66007d491ab0f6851a2cc1cffeed15f586a035c1a2888c56f43"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x18000000000002a0, 0xe80, 0x0, &(0x7f0000000000)="b9ff03030018698cb89e40f086dd6000000e00002f00630677", 0x0, 0xfa, 0x2000000, 0x3f, 0xc0, &(0x7f0000000440), &(0x7f0000000080), 0x4}, 0x50)

290.943303ms ago: executing program 1 (id=2203):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000007c0)=@mpls_newroute={0x1c, 0x18, 0x101, 0x70bd2d, 0x25dfdbfc, {0x1c, 0x14, 0x0, 0x3, 0x0, 0x3, 0x2, 0xa, 0x200}}, 0x1c}, 0x1, 0x0, 0x0, 0x40010}, 0x4080)

290.726875ms ago: executing program 1 (id=2204):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x18)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
recvmmsg(r1, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}, 0xf5ff}], 0xf00, 0x0, 0x0)
shutdown(r1, 0x0)

280.187423ms ago: executing program 2 (id=2205):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfc, 0x2ffffffff}, 0xc)
r1 = socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x5}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xfffa, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_ETH_DST={0xa, 0x4, @broadcast}]}}]}, 0x48}}, 0x24004000)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)

173.537494ms ago: executing program 2 (id=2206):
r0 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r0, &(0x7f0000000380)={&(0x7f0000000240)={0x2, 0x4e1f, @multicast2=0xe0000020}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ssrr={0x89, 0x7, 0x4, [@remote]}]}}}], 0x18}, 0x40014)

173.353962ms ago: executing program 2 (id=2207):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x1000001, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x2000)
setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, &(0x7f0000000040)={0x2, 0x4, 0x7fffffff}, 0xc)

79.474882ms ago: executing program 1 (id=2208):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@rights={{0x14, 0x1, 0x1, [<r2=>0xffffffffffffffff]}}], 0x18}, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0xff02, 0x0)

77.818289ms ago: executing program 0 (id=2209):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x5, 0x3b071, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r1, &(0x7f0000000200), 0x806000)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2, 0x11, r0, 0x0)

77.60366ms ago: executing program 2 (id=2210):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000000)=0x1, 0x4)
bind$802154_dgram(r0, &(0x7f0000000040)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14)
sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f00000006c0)={&(0x7f0000000180), 0xc, &(0x7f0000000680)={0x0}, 0x1, 0x0, 0x0, 0x4000010}, 0x4)

248.111µs ago: executing program 1 (id=2211):
pipe(0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb", 0x8}], 0x1, 0x1)
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond_slave_1\x00'})
ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, &(0x7f0000000080)=0x1)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0xf0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r2, 0x21eae}}, 0x20}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0)
close(r5)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
ioctl$SIOCSIFHWADDR(r5, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="060000000010"})
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r7=>0xffffffffffffffff})
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r9=>0x0})
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_NEW_STATION(r10, &(0x7f0000007380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x44, r8, 0xe096044a3fc9e6f1, 0xffffffff, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0xfa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x200000d0}, 0x8050)
sendmsg$kcm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
r11 = socket$unix(0x1, 0x2, 0x0)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r13=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r12, @ANYBLOB="010028b6296be141526b7e00000008000300", @ANYRES32=r13, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c6572300000000000000800050006000000"], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
socket$inet_sctp(0x2, 0x1, 0x84)

0s ago: executing program 2 (id=2212):
r0 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r0, 0x84, 0x7c, &(0x7f0000000000), 0x62)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:8287' (ED25519) to the list of known hosts.
syzkaller login: [   55.697695][ T5805] cgroup: Unknown subsys name 'net'
[   55.818067][ T5805] cgroup: Unknown subsys name 'cpuset'
[   55.822035][ T5805] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   57.330823][ T5805] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   61.884395][ T5826] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   61.887370][ T5826] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   61.890009][ T5826] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   61.893292][ T5826] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   61.898993][ T5826] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   61.913109][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   61.916307][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   61.919693][ T5213] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   61.922858][ T5213] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   61.925683][ T5213] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   61.983938][ T5213] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   61.996333][ T5213] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   61.998938][ T5213] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   62.002163][ T5213] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   62.005087][ T5213] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   62.114319][ T5823] chnl_net:caif_netlink_parms(): no params data found
[   62.221234][ T5827] chnl_net:caif_netlink_parms(): no params data found
[   62.295104][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.298374][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.301146][ T5823] bridge_slave_0: entered allmulticast mode
[   62.304227][ T5823] bridge_slave_0: entered promiscuous mode
[   62.329971][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.332686][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.335520][ T5823] bridge_slave_1: entered allmulticast mode
[   62.338784][ T5823] bridge_slave_1: entered promiscuous mode
[   62.392355][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.395048][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.398132][ T5827] bridge_slave_0: entered allmulticast mode
[   62.401887][ T5827] bridge_slave_0: entered promiscuous mode
[   62.406586][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.409728][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.412928][ T5827] bridge_slave_1: entered allmulticast mode
[   62.416758][ T5827] bridge_slave_1: entered promiscuous mode
[   62.458137][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   62.465926][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   62.479047][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   62.488154][ T5833] chnl_net:caif_netlink_parms(): no params data found
[   62.511385][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   62.557411][ T5827] team0: Port device team_slave_0 added
[   62.565931][ T5827] team0: Port device team_slave_1 added
[   62.569561][ T5823] team0: Port device team_slave_0 added
[   62.597988][ T5823] team0: Port device team_slave_1 added
[   62.630746][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.633001][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.641567][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.663396][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.667734][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.677948][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.693238][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.696152][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.704486][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.724197][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.726904][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.735038][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.754974][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.758045][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.760955][ T5833] bridge_slave_0: entered allmulticast mode
[   62.763836][ T5833] bridge_slave_0: entered promiscuous mode
[   62.783695][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.786501][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.788884][ T5833] bridge_slave_1: entered allmulticast mode
[   62.792014][ T5833] bridge_slave_1: entered promiscuous mode
[   62.813100][ T5827] hsr_slave_0: entered promiscuous mode
[   62.816432][ T5827] hsr_slave_1: entered promiscuous mode
[   62.833903][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   62.861966][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   62.883611][ T5823] hsr_slave_0: entered promiscuous mode
[   62.887294][ T5823] hsr_slave_1: entered promiscuous mode
[   62.890100][ T5823] debugfs: 'hsr0' already exists in 'hsr'
[   62.892427][ T5823] Cannot create hsr debugfs directory
[   62.924396][ T5833] team0: Port device team_slave_0 added
[   62.928446][ T5833] team0: Port device team_slave_1 added
[   62.965918][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.968679][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.979457][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   63.000548][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[   63.003546][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.015667][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   63.127943][ T5833] hsr_slave_0: entered promiscuous mode
[   63.130455][ T5833] hsr_slave_1: entered promiscuous mode
[   63.132922][ T5833] debugfs: 'hsr0' already exists in 'hsr'
[   63.137364][ T5833] Cannot create hsr debugfs directory
[   63.266617][ T5827] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   63.293519][ T5827] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   63.320687][ T5827] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   63.332198][ T5827] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   63.378509][ T5823] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   63.384978][ T5823] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   63.397096][ T5823] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   63.414123][ T5823] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   63.454426][ T5833] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   63.461408][ T5833] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   63.473079][ T5833] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   63.479164][ T5833] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   63.582551][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0
[   63.606694][ T5827] 8021q: adding VLAN 0 to HW filter on device team0
[   63.618691][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.621325][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.633685][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[   63.645696][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.648722][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.654868][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0
[   63.679505][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[   63.698469][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.701391][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.719371][ T5823] 8021q: adding VLAN 0 to HW filter on device team0
[   63.730075][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.733067][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.757257][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.760223][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.773078][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.776102][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.939450][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.988935][ T5827] veth0_vlan: entered promiscuous mode
[   63.997558][ T5827] veth1_vlan: entered promiscuous mode
[   64.017948][ T5213] Bluetooth: hci2: command tx timeout
[   64.018935][   T54] Bluetooth: hci0: command tx timeout
[   64.020523][ T5213] Bluetooth: hci1: command tx timeout
[   64.040482][ T5827] veth0_macvtap: entered promiscuous mode
[   64.044714][ T5827] veth1_macvtap: entered promiscuous mode
[   64.057512][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.074765][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.099076][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.102400][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.106987][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.112308][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.134400][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.148983][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.222490][ T2263] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.229158][ T2263] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.239384][ T5833] veth0_vlan: entered promiscuous mode
[   64.271507][ T5833] veth1_vlan: entered promiscuous mode
[   64.279280][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.282459][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.287123][ T5823] veth0_vlan: entered promiscuous mode
[   64.297987][ T5823] veth1_vlan: entered promiscuous mode
[   64.327209][ T5833] veth0_macvtap: entered promiscuous mode
[   64.333271][ T5823] veth0_macvtap: entered promiscuous mode
[   64.339356][ T5833] veth1_macvtap: entered promiscuous mode
[   64.342843][ T5823] veth1_macvtap: entered promiscuous mode
[   64.352515][ T5827] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   64.352665][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.376554][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.399397][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.411052][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.421141][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.431663][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.437777][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.441389][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.467411][ T5852] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.473410][ T5852] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.492006][ T5852] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.498276][ T5852] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.601161][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.610417][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.656982][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.664581][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.719030][   T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.728561][   T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.784121][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.789890][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.994705][ T5875] IPVS: starting estimator thread 0...
[   65.085695][ T5916] IPVS: using max 55 ests per chain, 132000 per kthread
[   65.500015][ T5946] netlink: 60 bytes leftover after parsing attributes in process `syz.0.25'.
[   65.504519][ T5946] unsupported nlmsg_type 40
[   66.096765][ T5213] Bluetooth: hci1: command tx timeout
[   66.097836][ T5826] Bluetooth: hci0: command tx timeout
[   66.099092][ T5213] Bluetooth: hci2: command tx timeout
[   66.404080][ T5995] netlink: 'syz.0.49': attribute type 1 has an invalid length.
[   66.408349][ T5995] netlink: 4 bytes leftover after parsing attributes in process `syz.0.49'.
[   66.414190][ T5995] netlink: 45 bytes leftover after parsing attributes in process `syz.0.49'.
[   67.070886][ T6028] syz.2.62 uses obsolete (PF_INET,SOCK_PACKET)
[   67.453517][ T6052] netlink: 8 bytes leftover after parsing attributes in process `syz.0.75'.
[   68.075796][ T6087] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   68.097076][ T6087] netlink: 'syz.1.86': attribute type 7 has an invalid length.
[   68.100403][ T6087] netlink: 248 bytes leftover after parsing attributes in process `syz.1.86'.
[   68.107306][ T6089] netlink: 8 bytes leftover after parsing attributes in process `syz.0.87'.
[   68.131597][ T6089] netlink: 4 bytes leftover after parsing attributes in process `syz.0.87'.
[   68.177205][ T5213] Bluetooth: hci0: command tx timeout
[   68.178972][ T5213] Bluetooth: hci1: command tx timeout
[   68.179038][   T54] Bluetooth: hci2: command tx timeout
[   68.200436][ T6093] netlink: 24 bytes leftover after parsing attributes in process `syz.1.89'.
[   68.569320][ T6103] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   68.594420][ T6103] tipc: Started in network mode
[   68.596739][ T6103] tipc: Node identity 4, cluster identity 4711
[   68.599196][ T6103] tipc: Node number set to 4
[   68.804529][ T6112] 8021q: adding VLAN 0 to HW filter on device bond1
[   68.861845][ T6118] netlink: 788 bytes leftover after parsing attributes in process `syz.1.99'.
[   69.003469][ T6124] netlink: 16 bytes leftover after parsing attributes in process `syz.0.101'.
[   69.870880][ T6162] Illegal XDP return value 4294967274 on prog  (id 26) dev N/A, expect packet loss!
[   70.100588][ T6168] openvswitch: netlink: Tunnel attr 227 out of range max 16
[   70.255562][   T54] Bluetooth: hci1: command tx timeout
[   70.255992][ T5826] Bluetooth: hci0: command tx timeout
[   70.265932][ T5826] Bluetooth: hci2: command tx timeout
[   70.546430][ T6195] unknown channel width for channel at 909000KHz?
[   70.550144][ T6195] unknown channel width for channel at 909000KHz?
[   70.558399][ T6195] unknown channel width for channel at 909000KHz?
[   70.578243][ T6193] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   71.009524][ T6222] Zero length message leads to an empty skb
[   71.049685][ T6225] warning: `syz.2.147' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   71.110877][ T6227] sock: sock_set_timeout: `syz.0.148' (pid 6227) tries to set negative timeout
[   71.230703][ T6232] netlink: 'syz.0.150': attribute type 10 has an invalid length.
[   71.234042][ T6232] __nla_validate_parse: 3 callbacks suppressed
[   71.234060][ T6232] netlink: 40 bytes leftover after parsing attributes in process `syz.0.150'.
[   71.250976][ T6232] dummy0: entered promiscuous mode
[   71.257765][ T6232] bridge0: port 3(dummy0) entered blocking state
[   71.260680][ T6232] bridge0: port 3(dummy0) entered disabled state
[   71.263529][ T6232] dummy0: entered allmulticast mode
[   71.269110][ T6232] bridge0: port 3(dummy0) entered blocking state
[   71.271981][ T6232] bridge0: port 3(dummy0) entered forwarding state
[   71.282472][ T6232] netlink: 8 bytes leftover after parsing attributes in process `syz.0.150'.
[   71.288618][ T6232] netlink: 'syz.0.150': attribute type 3 has an invalid length.
[   71.293521][ T6232] netlink: 220 bytes leftover after parsing attributes in process `syz.0.150'.
[   71.303054][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[   71.308594][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[   71.679165][ T6256] netlink: 'syz.0.160': attribute type 4 has an invalid length.
[   71.694895][ T6256] netlink: 'syz.0.160': attribute type 4 has an invalid length.
[   71.831776][ T6259] netlink: 20 bytes leftover after parsing attributes in process `syz.1.162'.
[   72.062673][ T6273] Bluetooth: MGMT ver 1.23
[   72.132706][ T6277] netlink: 'syz.0.170': attribute type 3 has an invalid length.
[   72.144648][ T6277] netlink: 156 bytes leftover after parsing attributes in process `syz.0.170'.
[   72.148589][ T6277] netlink: 'syz.0.170': attribute type 3 has an invalid length.
[   72.151907][ T6277] netlink: 156 bytes leftover after parsing attributes in process `syz.0.170'.
[   72.877666][ T6307] vti0: entered promiscuous mode
[   73.089811][ T6321] netlink: 28 bytes leftover after parsing attributes in process `syz.2.190'.
[   73.544671][ T6341] netlink: 4 bytes leftover after parsing attributes in process `syz.1.200'.
[   73.550851][ T6341] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   73.588839][ T6341] batman_adv: batadv0: Removing interface: batadv_slave_1
[   73.783120][ T6353] netlink: 4 bytes leftover after parsing attributes in process `syz.0.204'.
[   73.789344][ T6353] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   73.810273][ T6353] batman_adv: batadv0: Removing interface: batadv_slave_1
[   73.944898][ T6362] netlink: 'syz.2.207': attribute type 21 has an invalid length.
[   73.951274][ T6362] netlink: 132 bytes leftover after parsing attributes in process `syz.2.207'.
[   75.213426][ T6406] sctp: [Deprecated]: syz.1.225 (pid 6406) Use of struct sctp_assoc_value in delayed_ack socket option.
[   75.213426][ T6406] Use struct sctp_sack_info instead
[   76.164402][ T6467] netlink: 'syz.0.255': attribute type 1 has an invalid length.
[   76.170278][ T6467] netlink: 'syz.0.255': attribute type 1 has an invalid length.
[   76.229423][ T6469] sctp: [Deprecated]: syz.1.258 (pid 6469) Use of struct sctp_assoc_value in delayed_ack socket option.
[   76.229423][ T6469] Use struct sctp_sack_info instead
[   76.355898][ T6479] __nla_validate_parse: 2 callbacks suppressed
[   76.355913][ T6479] netlink: 165 bytes leftover after parsing attributes in process `syz.1.260'.
[   76.398780][ T6481] netlink: 172 bytes leftover after parsing attributes in process `syz.0.261'.
[   76.856586][ T6503] netlink: 'syz.1.271': attribute type 10 has an invalid length.
[   76.859918][ T6503] netlink: 40 bytes leftover after parsing attributes in process `syz.1.271'.
[   76.863667][ T6503] dummy0: entered promiscuous mode
[   76.893659][ T6503] dummy0: entered allmulticast mode
[   76.906510][ T6503] bridge0: port 3(dummy0) entered blocking state
[   76.924234][ T6503] bridge0: port 3(dummy0) entered disabled state
[   76.935436][ T6503] bridge0: port 3(dummy0) entered blocking state
[   76.938353][ T6503] bridge0: port 3(dummy0) entered forwarding state
[   77.052118][ T6512] veth3: entered allmulticast mode
[   77.202622][ T6519] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[   77.208959][ T6519] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[   77.230876][ T6521] netlink: 'syz.2.279': attribute type 1 has an invalid length.
[   77.428738][ T6532] tipc: Started in network mode
[   77.430916][ T6532] tipc: Node identity 3a53c74f4e5a, cluster identity 4711
[   77.434354][ T6532] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   77.438932][ T6532] syzkaller0: entered promiscuous mode
[   77.441434][ T6532] syzkaller0: entered allmulticast mode
[   77.470655][ T6530] tipc: Resetting bearer <eth:syzkaller0>
[   77.484134][ T6530] tipc: Disabling bearer <eth:syzkaller0>
[   77.873445][ T6546] netlink: 20 bytes leftover after parsing attributes in process `syz.2.288'.
[   78.752614][ T6583] netlink: 8 bytes leftover after parsing attributes in process `syz.2.296'.
[   79.109064][ T6602] netlink: 24 bytes leftover after parsing attributes in process `syz.2.301'.
[   79.294278][ T6613] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   79.480260][ T6624] netlink: 24 bytes leftover after parsing attributes in process `syz.0.312'.
[   79.484141][ T6624] netlink: 48 bytes leftover after parsing attributes in process `syz.0.312'.
[   79.520578][    T9] cfg80211: failed to load regulatory.db
[   79.564858][ T6628] netlink: 'syz.0.314': attribute type 1 has an invalid length.
[   79.984511][ T6648] netlink: 16 bytes leftover after parsing attributes in process `syz.0.324'.
[   79.999615][ T6648] netlink: 16 bytes leftover after parsing attributes in process `syz.0.324'.
[   80.134174][ T6661] netlink: 'syz.1.329': attribute type 2 has an invalid length.
[   80.618055][ T6695] ip6gre1: entered allmulticast mode
[   80.816618][ T6696] block nbd0: server does not support multiple connections per device.
[   80.822222][ T6696] block nbd0: shutting down sockets
[   80.862334][ T6700] netlink: 'syz.1.347': attribute type 10 has an invalid length.
[   80.874759][ T6700] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   81.362089][ T6735] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.431727][ T6735] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.517348][ T6735] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.631782][ T6735] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.770564][ T5839] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.778342][ T5839] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.793033][ T5839] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.809717][ T5839] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.078445][ T6780] ieee802154 phy0 wpan0: encryption failed: -22
[   82.155814][ T6784] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[   82.362525][ T6800] netlink: 'syz.1.381': attribute type 2 has an invalid length.
[   82.366701][ T6800] netlink: 'syz.1.381': attribute type 1 has an invalid length.
[   82.369837][ T6800] __nla_validate_parse: 2 callbacks suppressed
[   82.369846][ T6800] netlink: 8 bytes leftover after parsing attributes in process `syz.1.381'.
[   82.573464][ T6814] netlink: 'syz.1.388': attribute type 11 has an invalid length.
[   82.598275][ T6814] netlink: 'syz.1.388': attribute type 11 has an invalid length.
[   82.598874][ T6818] sctp: [Deprecated]: syz.0.390 (pid 6818) Use of struct sctp_assoc_value in delayed_ack socket option.
[   82.598874][ T6818] Use struct sctp_sack_info instead
[   82.601543][ T6814] netlink: 224 bytes leftover after parsing attributes in process `syz.1.388'.
[   83.234537][ T6854] netlink: 'syz.1.407': attribute type 1 has an invalid length.
[   83.268987][ T6854] 8021q: adding VLAN 0 to HW filter on device bond1
[   83.292529][ T6854] 8021q: adding VLAN 0 to HW filter on device bond1
[   83.298123][ T6854] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[   83.303934][ T6854] bond1: (slave vxcan3): Error -95 calling set_mac_address
[   83.341921][ T6858] gretap1: entered promiscuous mode
[   83.349689][ T6858] bond1: (slave gretap1): making interface the new active one
[   83.353766][ T6858] bond1: (slave gretap1): Enslaving as an active interface with an up link
[   83.370417][ T6858] macvlan2: entered promiscuous mode
[   83.372862][ T6858] macvlan2: entered allmulticast mode
[   83.377908][ T6858] bond1: entered promiscuous mode
[   83.381717][ T6858] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   83.387502][ T6858] bond1: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1
[   83.393389][ T6858] bond1: left promiscuous mode
[   85.562091][ T6926] netlink: 28 bytes leftover after parsing attributes in process `syz.0.433'.
[   85.617868][ T6926] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   85.628565][ T6926] syzkaller0: entered promiscuous mode
[   85.643549][ T6926] syzkaller0: entered allmulticast mode
[   85.652901][ T6925] tipc: Resetting bearer <eth:syzkaller0>
[   85.679269][ T6925] tipc: Disabling bearer <eth:syzkaller0>
[   85.971184][ T6951] netlink: 28 bytes leftover after parsing attributes in process `syz.2.443'.
[   86.041511][ T6955] netlink: 16 bytes leftover after parsing attributes in process `syz.1.445'.
[   86.195945][ T6963] geneve2: entered promiscuous mode
[   86.198324][ T6963] geneve2: entered allmulticast mode
[   86.203888][   T13] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 45692 - 0
[   86.215954][   T13] netdevsim netdevsim0 eth0: set [1, 2] type 2 family 0 port 47031 - 0
[   86.227060][ T5839] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 45692 - 0
[   86.230570][ T5839] netdevsim netdevsim0 eth1: set [1, 2] type 2 family 0 port 47031 - 0
[   86.244465][ T5839] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 45692 - 0
[   86.260190][ T5839] netdevsim netdevsim0 eth2: set [1, 2] type 2 family 0 port 47031 - 0
[   86.289470][ T5839] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 45692 - 0
[   86.293720][ T5839] netdevsim netdevsim0 eth3: set [1, 2] type 2 family 0 port 47031 - 0
[   86.386716][ T6973] netlink: 'syz.0.451': attribute type 32 has an invalid length.
[   86.439221][ T6976] netlink: 276 bytes leftover after parsing attributes in process `syz.1.452'.
[   86.457088][ T6968] bond0: (slave bond_slave_1): Releasing backup interface
[   86.760164][   T55] block nbd0: Receive control failed (result -32)
[   86.802447][ T6994] netlink: 16 bytes leftover after parsing attributes in process `syz.2.459'.
[   87.210705][ T7007] netlink: 16 bytes leftover after parsing attributes in process `syz.1.466'.
[   87.230127][ T7007] IPv6: sit1: Disabled Multicast RS
[   87.233035][ T7007] sit1: entered allmulticast mode
[   87.272760][ T7010] netlink: 36 bytes leftover after parsing attributes in process `syz.0.467'.
[   87.373033][ T7012] netlink: 20 bytes leftover after parsing attributes in process `syz.1.468'.
[   87.466547][ T7012] smc: net device bond0 applied user defined pnetid SYZ2
[   87.471197][ T7012] smc: net device bond0 erased user defined pnetid SYZ2
[   87.540344][ T7025] netlink: 'syz.0.473': attribute type 8 has an invalid length.
[   87.750278][ T7029] netlink: 48 bytes leftover after parsing attributes in process `syz.1.475'.
[   87.866189][ T7029] nbd1: detected capacity change from 0 to 875674160
[   88.085069][ T7054] syzkaller1: entered promiscuous mode
[   88.089717][    C1] vcan0: j1939_tp_rxtimer: 0xffff8881117cc000: rx timeout, send abort
[   88.096124][ T7054] syzkaller1: entered allmulticast mode
[   88.590146][    C1] vcan0: j1939_tp_rxtimer: 0xffff888111666800: rx timeout, send abort
[   88.593338][    C1] vcan0: j1939_tp_rxtimer: 0xffff8881117cc000: abort rx timeout. Force session deactivation
[   88.598634][   T55] block nbd1: Receive control failed (result -104)
[   89.061887][ T7083] netlink: 12 bytes leftover after parsing attributes in process `syz.1.499'.
[   89.093763][    C1] vcan0: j1939_tp_rxtimer: 0xffff888111666800: abort rx timeout. Force session deactivation
[   89.632002][ T7109] netlink: 84 bytes leftover after parsing attributes in process `syz.2.509'.
[   89.636840][ T7109] netlink: 16 bytes leftover after parsing attributes in process `syz.2.509'.
[   89.640635][ T7109] netlink: 16 bytes leftover after parsing attributes in process `syz.2.509'.
[   89.752382][ T7115] netlink: 'syz.0.511': attribute type 1 has an invalid length.
[   89.805001][ T7115] 8021q: adding VLAN 0 to HW filter on device bond2
[   89.871507][ T7119] bond2: (slave veth3): Enslaving as an active interface with a down link
[   89.884198][ T7115] 8021q: adding VLAN 0 to HW filter on device batadv1
[   89.890249][ T7115] bond2: (slave batadv1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open
[   90.248370][ T7134] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   90.326418][ T7139] netlink: 52 bytes leftover after parsing attributes in process `syz.1.522'.
[   90.351798][ T7139] netlink: 4 bytes leftover after parsing attributes in process `syz.1.522'.
[   90.934125][ T7169] syz.1.535 uses old SIOCAX25GETINFO
[   90.940312][   T33] audit: type=1800 audit(1754575878.569:2): pid=7164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.533" name="cgroup.controllers" dev="tmpfs" ino=925 res=0 errno=0
[   91.093831][ T7177] netlink: 24 bytes leftover after parsing attributes in process `syz.2.539'.
[   91.098257][ T7177] netlink: 'syz.2.539': attribute type 1 has an invalid length.
[   91.101050][ T7177] netlink: 'syz.2.539': attribute type 2 has an invalid length.
[   91.105081][ T7177] netlink: 16 bytes leftover after parsing attributes in process `syz.2.539'.
[   91.322805][ T7197] sctp: [Deprecated]: syz.1.550 (pid 7197) Use of int in maxseg socket option.
[   91.322805][ T7197] Use struct sctp_assoc_value instead
[   91.328532][ T7199] netlink: 'syz.2.549': attribute type 1 has an invalid length.
[   91.331809][ T7199] netlink: 144 bytes leftover after parsing attributes in process `syz.2.549'.
[   92.398121][ T7207] syz.2.554 (7207) used greatest stack depth: 19416 bytes left
[   92.678499][ T7304] vlan2: entered promiscuous mode
[   92.680378][ T7304] bridge0: entered promiscuous mode
[   92.878615][ T7326] veth0_to_bridge: entered promiscuous mode
[   92.881687][ T7325] veth0_to_bridge: left promiscuous mode
[   92.891670][ T7328] __nla_validate_parse: 3 callbacks suppressed
[   92.891684][ T7328] netlink: 16 bytes leftover after parsing attributes in process `syz.0.591'.
[   92.931150][ T7331] netlink: 12 bytes leftover after parsing attributes in process `syz.2.594'.
[   93.304717][ T7370] netlink: 44 bytes leftover after parsing attributes in process `syz.2.603'.
[   93.452432][ T7387] netlink: 24 bytes leftover after parsing attributes in process `syz.2.611'.
[   93.871056][ T7417] netlink: 3 bytes leftover after parsing attributes in process `syz.0.623'.
[   93.871749][ T7416] netlink: 8 bytes leftover after parsing attributes in process `syz.2.624'.
[   93.881329][ T7417] batadv1: entered promiscuous mode
[   93.884212][ T7417] batadv1: entered allmulticast mode
[   94.007512][ T7417] netlink: 48 bytes leftover after parsing attributes in process `syz.0.623'.
[   94.226938][ T7436] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[   94.229536][    T9] IPVS: starting estimator thread 0...
[   94.317225][ T7440] IPVS: using max 80 ests per chain, 192000 per kthread
[   94.631793][ T7471] openvswitch: netlink: Message has 16 unknown bytes.
[   94.842319][ T7493] netlink: 8 bytes leftover after parsing attributes in process `syz.0.660'.
[   94.852416][ T7493] netlink: 'syz.0.660': attribute type 30 has an invalid length.
[   94.856552][ T7493] netlink: 12 bytes leftover after parsing attributes in process `syz.0.660'.
[   94.949202][ T7502] GUP no longer grows the stack in syz.1.664 (7502): 200000006000-20000000a000 (200000005000)
[   94.953380][ T7502] CPU: 0 UID: 0 PID: 7502 Comm: syz.1.664 Not tainted 6.16.0-syzkaller-06600-g1dbf1d590d10-dirty #0 PREEMPT(full) 
[   94.953394][ T7502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   94.953400][ T7502] Call Trace:
[   94.953404][ T7502]  <TASK>
[   94.953408][ T7502]  dump_stack_lvl+0x189/0x250
[   94.953426][ T7502]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.953438][ T7502]  ? __pfx__printk+0x10/0x10
[   94.953447][ T7502]  ? find_vma+0xe7/0x160
[   94.953465][ T7502]  __get_user_pages+0x2a60/0x30b0
[   94.953490][ T7502]  ? __pfx___get_user_pages+0x10/0x10
[   94.953501][ T7502]  ? __gup_longterm_locked+0xbf7/0x15b0
[   94.953511][ T7502]  ? down_read_killable+0x1d1/0x350
[   94.953520][ T7502]  ? try_get_folio+0x633/0x660
[   94.953532][ T7502]  __gup_longterm_locked+0xd66/0x15b0
[   94.953544][ T7502]  ? try_grab_folio_fast+0x1be/0x4f0
[   94.953585][ T7502]  ? gup_fast_fallback+0x1afc/0x2260
[   94.953598][ T7502]  gup_fast_fallback+0x1cd4/0x2260
[   94.953624][ T7502]  ? __pfx_gup_fast_fallback+0x10/0x10
[   94.953633][ T7502]  ? __mutex_lock+0x335/0x1340
[   94.953649][ T7502]  ? is_valid_gup_args+0x11f/0x200
[   94.953661][ T7502]  ? get_user_pages_fast+0x4d/0xb0
[   94.953673][ T7502]  __iov_iter_get_pages_alloc+0x39a/0xb40
[   94.953690][ T7502]  ? __pfx_pipe_clear_nowait+0x10/0x10
[   94.953697][ T7502]  ? wait_for_space+0x24d/0x2d0
[   94.953709][ T7502]  iov_iter_get_pages2+0x5e/0xa0
[   94.953720][ T7502]  __se_sys_vmsplice+0x548/0x10d0
[   94.953731][ T7502]  ? futex_private_hash_put+0x4b/0x280
[   94.953742][ T7502]  ? __pfx___se_sys_vmsplice+0x10/0x10
[   94.953755][ T7502]  ? __pfx_futex_wake+0x10/0x10
[   94.953769][ T7502]  ? __lock_acquire+0xab9/0xd20
[   94.953795][ T7502]  ? do_pipe2+0xf7/0x170
[   94.953804][ T7502]  ? rcu_is_watching+0x15/0xb0
[   94.953817][ T7502]  ? do_syscall_64+0xbe/0x3b0
[   94.953830][ T7502]  do_syscall_64+0xfa/0x3b0
[   94.953840][ T7502]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.953850][ T7502]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.953857][ T7502]  ? exc_page_fault+0x9f/0xf0
[   94.953868][ T7502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.953875][ T7502] RIP: 0033:0x7f774158ebe9
[   94.953884][ T7502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.953890][ T7502] RSP: 002b:00007f773f7ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000116
[   94.953900][ T7502] RAX: ffffffffffffffda RBX: 00007f77417b5fa0 RCX: 00007f774158ebe9
[   94.953905][ T7502] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000009
[   94.953910][ T7502] RBP: 00007f7741611e19 R08: 0000000000000000 R09: 0000000000000000
[   94.953914][ T7502] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[   94.953918][ T7502] R13: 00007f77417b6038 R14: 00007f77417b5fa0 R15: 00007ffdb18c75b8
[   94.953930][ T7502]  </TASK>
[   95.731372][ T7546] IPVS: set_ctl: invalid protocol: 47 172.20.20.187:20002
[   95.754114][ T7548] netlink: 'syz.2.681': attribute type 10 has an invalid length.
[   95.761962][ T7548] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   96.471404][ T7592] netlink: 28 bytes leftover after parsing attributes in process `syz.0.701'.
[   96.677516][ T7613] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   96.681334][ T7613] syzkaller0: entered promiscuous mode
[   96.683629][ T7613] syzkaller0: entered allmulticast mode
[   96.706347][ T7613] sch_tbf: burst 151 is lower than device syzkaller0 mtu (1514) !
[   96.719968][ T7613] tipc: Resetting bearer <eth:syzkaller0>
[   96.734755][ T7612] tipc: Resetting bearer <eth:syzkaller0>
[   96.752998][ T7612] tipc: Disabling bearer <eth:syzkaller0>
[   96.942766][ T7637] gretap0: entered promiscuous mode
[   96.947691][ T7637] vlan2: entered promiscuous mode
[   97.100209][ T7649] netlink: 'syz.0.729': attribute type 1 has an invalid length.
[   97.171382][ T7649] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address
[   97.179382][ T7649] bond3: (slave vxcan3): Error -95 calling set_mac_address
[   97.232822][ T7651] gretap1: entered promiscuous mode
[   97.245096][ T7651] bond3: (slave gretap1): making interface the new active one
[   97.249149][ T7651] bond3: (slave gretap1): Enslaving as an active interface with an up link
[   97.385947][ T7665] netlink: 'syz.1.735': attribute type 3 has an invalid length.
[   97.751303][ T7691] netlink: 'syz.2.746': attribute type 1 has an invalid length.
[   97.769762][ T7691] netlink: 'syz.2.746': attribute type 1 has an invalid length.
[   97.797274][ T7693] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   97.842717][ T7693] syzkaller0: entered promiscuous mode
[   97.844662][ T7693] syzkaller0: entered allmulticast mode
[   97.847800][ T7693] tipc: Resetting bearer <eth:syzkaller0>
[   97.888056][ T7690] tipc: Resetting bearer <eth:syzkaller0>
[   97.962790][ T7708] __nla_validate_parse: 2 callbacks suppressed
[   97.962801][ T7708] netlink: 12 bytes leftover after parsing attributes in process `syz.2.754'.
[   98.411438][ T7720] netlink: 'syz.2.759': attribute type 16 has an invalid length.
[   98.415006][ T7720] netlink: 'syz.2.759': attribute type 17 has an invalid length.
[   98.844958][ T7690] tipc: Disabling bearer <eth:syzkaller0>
[   98.860175][ T7720] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   98.941421][ T7732] netlink: 12 bytes leftover after parsing attributes in process `syz.0.765'.
[   98.944454][ T7732] netlink: 12 bytes leftover after parsing attributes in process `syz.0.765'.
[   98.947986][ T7732] netlink: 68 bytes leftover after parsing attributes in process `syz.0.765'.
[   98.973124][ T7737] netlink: 8 bytes leftover after parsing attributes in process `syz.1.768'.
[   98.988403][ T7737] gtp0: entered promiscuous mode
[   98.990277][ T7737] gtp0: entered allmulticast mode
[   99.164140][ T7757] netlink: 'syz.1.777': attribute type 1 has an invalid length.
[   99.167043][ T7757] netlink: 76 bytes leftover after parsing attributes in process `syz.1.777'.
[   99.216429][ T7762] netlink: 16 bytes leftover after parsing attributes in process `syz.2.778'.
[   99.420880][ T7786] netlink: 8 bytes leftover after parsing attributes in process `syz.1.789'.
[   99.480067][ T7791] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[   99.582881][ T7799] netlink: 28 bytes leftover after parsing attributes in process `syz.2.793'.
[   99.860923][ T7824] netlink: 40 bytes leftover after parsing attributes in process `syz.0.805'.
[   99.868807][ T7826] netlink: 'syz.2.807': attribute type 3 has an invalid length.
[  100.124886][ T7847] vlan2: entered promiscuous mode
[  100.311160][ T7859] pimreg: entered allmulticast mode
[  100.320044][ T7859] pimreg: left allmulticast mode
[  101.247050][ T7870] openvswitch: netlink: nsh attribute has 65520 unknown bytes.
[  101.249618][ T7870] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  101.253736][ T7869] tipc: Started in network mode
[  101.259168][ T7869] tipc: Node identity 3e0cade49578, cluster identity 4711
[  101.265737][ T7869] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  101.269100][ T7869] syzkaller0: entered promiscuous mode
[  101.271169][ T7869] syzkaller0: entered allmulticast mode
[  101.278717][ T7869] tipc: Resetting bearer <eth:syzkaller0>
[  101.283229][ T7865] tipc: Resetting bearer <eth:syzkaller0>
[  101.293201][ T7865] tipc: Disabling bearer <eth:syzkaller0>
[  101.515661][ T7898] IPv6: addrconf: prefix option has invalid lifetime
[  101.518047][ T7898] IPv6: addrconf: prefix option has invalid lifetime
[  101.520672][ T7898] IPv6: addrconf: prefix option has invalid lifetime
[  101.533465][ T7900] syz_tun: entered allmulticast mode
[  101.547810][ T7900] syz_tun: left allmulticast mode
[  101.633364][ T7910] netlink: 'syz.1.846': attribute type 1 has an invalid length.
[  101.637564][ T7910] netlink: 'syz.1.846': attribute type 1 has an invalid length.
[  101.828094][ T7931] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  101.863664][ T7931] syzkaller0: entered promiscuous mode
[  101.868710][ T7931] syzkaller0: entered allmulticast mode
[  101.872279][ T7931] tipc: Resetting bearer <eth:syzkaller0>
[  101.890014][ T7935] netlink: 'syz.0.858': attribute type 3 has an invalid length.
[  101.914371][ T7928] tipc: Resetting bearer <eth:syzkaller0>
[  102.747227][ T7928] tipc: Disabling bearer <eth:syzkaller0>
[  103.140881][ T7962] __nla_validate_parse: 9 callbacks suppressed
[  103.140900][ T7962] netlink: 24 bytes leftover after parsing attributes in process `syz.2.868'.
[  103.202838][ T7957] netlink: 4 bytes leftover after parsing attributes in process `syz.2.868'.
[  103.434827][ T7990] netlink: 104 bytes leftover after parsing attributes in process `syz.0.883'.
[  104.548574][ T8090] netlink: 8 bytes leftover after parsing attributes in process `syz.1.928'.
[  104.564395][ T8090] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  104.569336][ T8090] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  104.612832][ T8095] 8021q: VLANs not supported on ipvlan1
[  104.849305][ T8111] openvswitch: netlink: Missing key (keys=40, expected=80)
[  105.322153][ T8141] netlink: 'syz.0.953': attribute type 4 has an invalid length.
[  105.562626][ T8163] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.569664][ T8163] netdevsim netdevsim0 eth3 (unregistering): unset [1, 1] type 2 family 0 port 45692 - 0
[  105.573354][ T8165] netlink: 8 bytes leftover after parsing attributes in process `syz.2.965'.
[  105.573808][ T8163] netdevsim netdevsim0 eth3 (unregistering): unset [1, 2] type 2 family 0 port 47031 - 0
[  105.615620][ T8169] netlink: 4 bytes leftover after parsing attributes in process `syz.2.966'.
[  105.634613][ T8163] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.643982][ T8163] netdevsim netdevsim0 eth2 (unregistering): unset [1, 1] type 2 family 0 port 45692 - 0
[  105.648725][ T8163] netdevsim netdevsim0 eth2 (unregistering): unset [1, 2] type 2 family 0 port 47031 - 0
[  105.704548][ T8163] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.714893][ T8163] netdevsim netdevsim0 eth1 (unregistering): unset [1, 1] type 2 family 0 port 45692 - 0
[  105.719998][ T8163] netdevsim netdevsim0 eth1 (unregistering): unset [1, 2] type 2 family 0 port 47031 - 0
[  105.763471][ T8163] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.768950][ T8163] netdevsim netdevsim0 eth0 (unregistering): unset [1, 1] type 2 family 0 port 45692 - 0
[  105.773196][ T8163] netdevsim netdevsim0 eth0 (unregistering): unset [1, 2] type 2 family 0 port 47031 - 0
[  105.803754][ T8184] netlink: 'syz.2.972': attribute type 15 has an invalid length.
[  105.950666][   T13] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 47031 - 0
[  105.954224][   T13] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 45692 - 0
[  105.958655][   T13] netdevsim netdevsim0 eth0: set [1, 2] type 2 family 0 port 6081 - 0
[  105.962206][   T13] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 47031 - 0
[  105.973996][   T13] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 45692 - 0
[  105.979053][   T13] netdevsim netdevsim0 eth1: set [1, 2] type 2 family 0 port 6081 - 0
[  105.982641][   T13] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 47031 - 0
[  105.998537][   T13] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 45692 - 0
[  106.002048][   T13] netdevsim netdevsim0 eth2: set [1, 2] type 2 family 0 port 6081 - 0
[  106.007607][   T13] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 47031 - 0
[  106.010854][   T13] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 45692 - 0
[  106.013586][   T13] netdevsim netdevsim0 eth3: set [1, 2] type 2 family 0 port 6081 - 0
[  106.050817][ T8201] netlink: 12 bytes leftover after parsing attributes in process `syz.0.977'.
[  106.294025][ T8226] macvlan1: entered promiscuous mode
[  106.296950][ T8226] ipvlan0: entered promiscuous mode
[  106.299387][ T8226] ipvlan0: left promiscuous mode
[  106.301397][ T8226] macvlan1: left promiscuous mode
[  106.358043][ T8230] netlink: 8 bytes leftover after parsing attributes in process `syz.2.991'.
[  106.469429][ T8242] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  106.549770][ T8249] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1000'.
[  106.554574][ T8249] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1000'.
[  106.631544][ T8257] netlink: 'syz.0.1004': attribute type 11 has an invalid length.
[  106.632090][ T8255] syzkaller1: entered promiscuous mode
[  106.637328][ T8255] syzkaller1: entered allmulticast mode
[  106.938980][ T8273] bridge0: port 3(dummy0) entered disabled state
[  106.941602][ T8273] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.944990][ T8273] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.054412][ T8273] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  107.162557][ T8273] ip6gre1: left allmulticast mode
[  107.168385][ T8273] gretap1: left promiscuous mode
[  107.171152][ T8273] sit1: left allmulticast mode
[  107.175921][ T8273] gtp0: left promiscuous mode
[  107.177951][ T8273] gtp0: left allmulticast mode
[  107.197219][   T13] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  107.205489][   T13] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  107.209318][   T13] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  107.223613][   T13] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  107.486232][ T8304] netlink: 'syz.1.1023': attribute type 21 has an invalid length.
[  107.494192][ T8304] netlink: 'syz.1.1023': attribute type 6 has an invalid length.
[  107.870846][ T8331] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.975092][ T8331] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.039626][ T8331] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.136140][ T8331] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.243617][   T13] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.294965][   T13] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.300897][   T13] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.323137][   T13] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.800766][ T8366] syzkaller0: entered promiscuous mode
[  108.803577][ T8366] syzkaller0: entered allmulticast mode
[  109.789589][ T8376] netlink: 'syz.1.1056': attribute type 2 has an invalid length.
[  110.084869][ T8400] __nla_validate_parse: 5 callbacks suppressed
[  110.084886][ T8400] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1068'.
[  110.196109][ T8406] netlink: 'syz.0.1071': attribute type 27 has an invalid length.
[  110.214743][ T8408] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  110.283616][ T8414] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1075'.
[  110.314889][ T8412] syzkaller0: entered promiscuous mode
[  110.320512][ T8412] syzkaller0: entered allmulticast mode
[  111.348613][ T8429] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  111.361553][ T8429] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1082'.
[  111.623704][ T8448] netlink: 'syz.1.1090': attribute type 1 has an invalid length.
[  111.628188][ T8448] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1090'.
[  111.860507][ T8470] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1100'.
[  112.460207][ T8508] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1115'.
[  112.502101][ T8510] netlink: 'syz.1.1116': attribute type 1 has an invalid length.
[  112.507934][ T8510] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1116'.
[  112.602599][ T8516] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1119'.
[  112.608029][ T8516] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1119'.
[  112.778321][ T8524] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1123'.
[  113.083090][ T8540] team0: Port device syz_tun added
[  113.404156][ T8568] netlink: 'syz.2.1143': attribute type 1 has an invalid length.
[  113.482127][ T8572] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  113.893073][ T8604] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  114.226328][ T8631] Bluetooth: MGMT ver 1.23
[  115.272686][ T8666] v: renamed from dummy0 (while UP)
[  115.289333][ T8666] bridge0: port 3(v) entered disabled state
[  115.643206][ T8686] __nla_validate_parse: 7 callbacks suppressed
[  115.643219][ T8686] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1196'.
[  115.714701][ T8686] nbd: socks must be embedded in a SOCK_ITEM attr
[  115.781928][  T351] wlan1: Trigger new scan to find an IBSS to join
[  115.831797][ T8697] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1201'.
[  116.791562][ T8732] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  116.794940][ T8732] syzkaller0: entered promiscuous mode
[  116.798648][ T8732] syzkaller0: entered allmulticast mode
[  116.813618][ T8732] tipc: Resetting bearer <eth:syzkaller0>
[  116.818534][ T8731] tipc: Resetting bearer <eth:syzkaller0>
[  116.831429][ T8731] tipc: Disabling bearer <eth:syzkaller0>
[  116.960586][ T8736] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1217'.
[  117.018285][ T8740] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1218'.
[  117.121062][ T8748] netlink: 'syz.0.1223': attribute type 15 has an invalid length.
[  117.123825][ T8748] netlink: 666 bytes leftover after parsing attributes in process `syz.0.1223'.
[  117.208921][ T8754] netlink: 'syz.2.1226': attribute type 1 has an invalid length.
[  117.290063][ T8764] netlink: 'syz.0.1231': attribute type 3 has an invalid length.
[  117.758965][ T8805] syzkaller1: entered promiscuous mode
[  117.762896][ T8805] syzkaller1: entered allmulticast mode
[  117.893061][ T8816] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1258'.
[  117.951188][ T8821] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1260'.
[  117.987653][ T8824] x_tables: ip_tables: bpf.1 match: invalid size 528 (kernel) != (user) 536
[  118.027978][   T60] block nbd1: Possible stuck request ffff888020e48000: control (read@0,4096B). Runtime 30 seconds
[  118.108726][ T8834] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  118.112477][ T8834] macsec1: entered allmulticast mode
[  118.114268][ T8834] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
[  118.121234][ T8834] batman_adv: batadv0: Adding interface: macsec1
[  118.124060][ T8834] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  118.134424][ T8834] batman_adv: batadv0: Interface activated: macsec1
[  118.147484][ T8836] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1267'.
[  118.204149][ T8842] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1270'.
[  118.270675][ T8846] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1271'.
[  118.489308][ T8867] raw_sendmsg: syz.2.1281 forgot to set AF_INET. Fix it!
[  118.830182][ T1090] wlan1: Trigger new scan to find an IBSS to join
[  118.986110][ T8911] pimreg: entered allmulticast mode
[  119.103953][ T8922] netlink: 'syz.2.1302': attribute type 4 has an invalid length.
[  119.198854][ T8931] netlink: 'syz.2.1307': attribute type 1 has an invalid length.
[  119.339989][ T8939] af_packet: tpacket_rcv: packet too big, clamped from 32 to 4294967272. macoff=96
[  119.447328][ T8947] 8021q: adding VLAN 0 to HW filter on device bond3
[  119.493518][ T8947] bond_slave_0: entered promiscuous mode
[  119.496029][ T8947] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode
[  119.500648][ T8947] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  119.507098][ T8947] bond3: (slave macvlan3): Enslaving as a backup interface with an up link
[  119.524586][ T8947] bridge_slave_0: left allmulticast mode
[  119.527510][ T8947] bridge_slave_0: left promiscuous mode
[  119.529877][ T8947] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.540558][ T8947] bridge_slave_1: left allmulticast mode
[  119.542981][ T8947] bridge_slave_1: left promiscuous mode
[  119.555788][ T8947] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.577725][ T8947] bond0: (slave bond_slave_0): Releasing backup interface
[  119.582790][ T8947] bond_slave_0: left promiscuous mode
[  119.610713][ T8947] team0: Port device team_slave_0 removed
[  119.629094][ T8947] team0: Port device team_slave_1 removed
[  119.636841][ T8947] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  119.647203][ T8947] batman_adv: batadv0: Removing interface: batadv_slave_0
[  119.652281][ T8947] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  119.659816][ T8947] batman_adv: batadv0: Removing interface: batadv_slave_1
[  119.692676][ T8947] bond0: (slave wlan1): Releasing backup interface
[  119.698201][ T8947] mac80211_hwsim hwsim5 wlan1: left promiscuous mode
[  119.703029][ T8966] netlink: 'syz.1.1323': attribute type 13 has an invalid length.
[  119.720286][ T8947] bond3: (slave macvlan3): Removing an active aggregator
[  119.724230][ T8947] bond3: (slave macvlan3): Releasing backup interface
[  119.767844][ T7349] wlan1: Creating new IBSS network, BSSID 9e:05:8d:48:32:ca
[  119.953826][ T8977] netlink: 'syz.1.1328': attribute type 1 has an invalid length.
[  120.061537][ T8985] netlink: 'syz.0.1331': attribute type 8 has an invalid length.
[  120.674939][ T9023] __nla_validate_parse: 12 callbacks suppressed
[  120.674955][ T9023] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1347'.
[  120.688897][ T9023] netlink: 'syz.1.1347': attribute type 29 has an invalid length.
[  120.850833][ T9038] bridge0: entered allmulticast mode
[  120.853814][ T9038] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1353'.
[  120.860253][ T9038] v: left allmulticast mode
[  120.862529][ T9038] bridge0: port 3(v) entered disabled state
[  120.871911][ T9038] bridge_slave_1: left allmulticast mode
[  120.874314][ T9038] bridge_slave_1: left promiscuous mode
[  120.880103][ T9038] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.886735][ T9038] bridge_slave_0: left allmulticast mode
[  120.888641][ T9038] bridge_slave_0: left promiscuous mode
[  120.892283][ T9038] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.929044][ T9038] bridge0 (unregistering): left allmulticast mode
[  120.978331][ T9045] syzkaller0: entered promiscuous mode
[  120.980664][ T9045] syzkaller0: entered allmulticast mode
[  120.986525][ T9044] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  121.004544][ T9035] tipc: Resetting bearer <eth:syzkaller0>
[  121.009192][ T9034] tipc: Resetting bearer <eth:syzkaller0>
[  121.020043][ T9034] tipc: Disabling bearer <eth:syzkaller0>
[  121.101478][ T9053] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1360'.
[  121.181443][ T9063] netlink: 'syz.1.1364': attribute type 3 has an invalid length.
[  121.602188][ T9106] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  121.606915][ T9106] syzkaller0: entered promiscuous mode
[  121.609151][ T9106] syzkaller0: entered allmulticast mode
[  121.626642][ T9106] tipc: Resetting bearer <eth:syzkaller0>
[  121.629981][ T9105] tipc: Resetting bearer <eth:syzkaller0>
[  121.641774][ T9105] tipc: Disabling bearer <eth:syzkaller0>
[  122.323345][ T9152] netlink: 'syz.0.1406': attribute type 21 has an invalid length.
[  122.329501][ T9152] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1406'.
[  122.347749][ T9152] netlink: 'syz.0.1406': attribute type 5 has an invalid length.
[  122.351724][ T9152] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1406'.
[  122.471275][ T9159] bridge0: entered allmulticast mode
[  122.567990][ T9165] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1409'.
[  122.599747][ T9167] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  122.603344][ T9167] syzkaller0: entered promiscuous mode
[  122.607898][ T9167] syzkaller0: entered allmulticast mode
[  122.644314][ T9167] tipc: Resetting bearer <eth:syzkaller0>
[  122.650533][ T9170] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1412'.
[  122.671780][ T9166] tipc: Resetting bearer <eth:syzkaller0>
[  122.687173][ T9166] tipc: Disabling bearer <eth:syzkaller0>
[  122.693403][ T9171] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1413'.
[  122.791935][ T9176] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1415'.
[  122.799141][ T9176] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1415'.
[  122.896245][ T9183] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  123.374147][ T5826] Bluetooth: hci2: link tx timeout
[  123.376998][ T5826] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  123.481903][ T9235] vlan2: entered allmulticast mode
[  123.484175][ T9235] veth1: entered allmulticast mode
[  123.490610][ T9235] batman_adv: batadv0: Adding interface: vlan2
[  123.497112][ T9235] batman_adv: batadv0: The MTU of interface vlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  123.505976][ T9235] batman_adv: batadv0: Not using interface vlan2 (retrying later): interface not active
[  123.991486][ T9267] openvswitch: netlink: Unexpected mask (mask=1040, allowed=10048)
[  124.732968][ T9324] netlink: 'syz.0.1481': attribute type 31 has an invalid length.
[  125.209263][ T9361] netlink: 'syz.0.1496': attribute type 1 has an invalid length.
[  125.232123][ T9361] bond4: entered promiscuous mode
[  125.234107][ T9361] 8021q: adding VLAN 0 to HW filter on device bond4
[  125.252382][ T9361] batadv1: entered promiscuous mode
[  125.254649][ T9361] batadv1: entered allmulticast mode
[  125.260496][ T9361] 8021q: adding VLAN 0 to HW filter on device batadv1
[  125.264741][ T9361] bond4: (slave batadv1): making interface the new active one
[  125.270666][ T9361] bond4: (slave batadv1): Enslaving as an active interface with an up link
[  125.465648][ T5826] Bluetooth: hci2: command 0x0406 tx timeout
[  125.872776][ T9415] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  126.167524][ T9439] ieee802154 phy0 wpan0: encryption failed: -90
[  126.303031][ T9445] __nla_validate_parse: 13 callbacks suppressed
[  126.303045][ T9445] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1534'.
[  126.411697][ T9449] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1536'.
[  126.418176][ T9449] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1536'.
[  126.622665][   T12] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  126.637466][   T12] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  126.641102][   T12] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  126.649209][   T12] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  126.842295][ T9467] netlink: 'syz.1.1544': attribute type 10 has an invalid length.
[  126.850305][ T9467] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1544'.
[  126.863912][ T9467] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1544'.
[  126.868979][ T9467] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  126.879614][ T9467] netlink: 'syz.1.1544': attribute type 12 has an invalid length.
[  126.882931][ T9467] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1544'.
[  126.896902][ T9470] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1546'.
[  127.023382][ T9482] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1552'.
[  127.150839][ T9495] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1558'.
[  127.203471][ T9499] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.1560'.
[  127.484717][ T9528] RDS: rds_bind could not find a transport for ::ffff:172.30.1.1, load rds_tcp or rds_rdma?
[  127.518686][ T9532] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048)
[  129.973219][ T9575] vti0: left promiscuous mode
[  129.977805][ T9575] veth3: left allmulticast mode
[  130.023580][ T9582] @: renamed from veth0_vlan
[  130.038242][   T12] netdevsim netdevsim2 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  130.041547][   T12] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  130.051884][   T12] netdevsim netdevsim2 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  130.054624][   T12] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  130.059277][   T12] netdevsim netdevsim2 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  130.062373][   T12] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  130.077326][   T12] netdevsim netdevsim2 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  130.090931][   T12] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  130.351345][ T9618] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  131.164624][ T9654] dvmrp1: tun_chr_ioctl cmd 1074025677
[  131.167483][ T9654] dvmrp1: linktype set to 773
[  131.228905][ T9658] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-tlb(5)
[  131.262869][ T9662] netlink: 'syz.1.1630': attribute type 1 has an invalid length.
[  131.266359][ T9662] netlink: 'syz.1.1630': attribute type 1 has an invalid length.
[  131.870572][ T9687] __nla_validate_parse: 9 callbacks suppressed
[  131.870592][ T9687] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1641'.
[  131.878383][ T9687] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1641'.
[  132.267258][ T9695] netlink: 'syz.0.1643': attribute type 13 has an invalid length.
[  132.416078][ T9687] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1641'.
[  132.610272][ T9716] netlink: 'syz.2.1652': attribute type 11 has an invalid length.
[  132.623197][ T9716] netlink: 140 bytes leftover after parsing attributes in process `syz.2.1652'.
[  132.739628][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  132.743982][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  133.064173][ T9755] syzkaller1: entered promiscuous mode
[  133.071044][ T9755] syzkaller1: entered allmulticast mode
[  133.451890][ T9775] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[  134.075060][ T9797] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1690'.
[  134.126583][ T9802] netlink: 'syz.2.1692': attribute type 1 has an invalid length.
[  134.132722][ T9802] netlink: 'syz.2.1692': attribute type 4 has an invalid length.
[  134.138188][ T9802] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.1692'.
[  134.166638][ T9803] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  134.173393][ T9803] syzkaller0: entered promiscuous mode
[  134.176681][ T9803] syzkaller0: entered allmulticast mode
[  134.181686][ T9805] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  134.207432][ T9803] tipc: Resetting bearer <eth:syzkaller0>
[  134.214066][ T9801] tipc: Resetting bearer <eth:syzkaller0>
[  134.259039][ T9801] tipc: Disabling bearer <eth:syzkaller0>
[  134.355381][ T9814] netlink: 'syz.2.1694': attribute type 13 has an invalid length.
[  134.358144][ T9814] netlink: 'syz.2.1694': attribute type 17 has an invalid length.
[  134.418572][ T9814] 8021q: adding VLAN 0 to HW filter on device bond0
[  134.422431][ T9814] 8021q: adding VLAN 0 to HW filter on device team0
[  134.431168][ T9814] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  134.446508][ T9818] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  134.454570][ T9818] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  134.500576][ T9824] netlink: 'syz.1.1700': attribute type 1 has an invalid length.
[  134.708284][ T9841] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1710'.
[  134.714956][ T9841] macvlan4: entered promiscuous mode
[  134.726779][ T9841] bond0: entered promiscuous mode
[  134.728866][ T9841] 8021q: adding VLAN 0 to HW filter on device macvlan4
[  134.782740][ T9850] nbd: must specify an index to disconnect
[  135.491044][ T9881] bond0: left promiscuous mode
[  135.500643][ T5839] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  135.504542][ T5839] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  135.509375][ T5839] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  135.513229][ T5839] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  135.954042][ T9929] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1748'.
[  135.995891][ T9931] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  136.108296][ T9947] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1754'.
[  136.115365][ T9947] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1754'.
[  136.685961][ T9957] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  136.793469][ T9957] syzkaller0: entered promiscuous mode
[  136.800643][ T9957] syzkaller0: entered allmulticast mode
[  136.934292][ T9965] tipc: Resetting bearer <eth:syzkaller0>
[  136.936770][ T9966] netlink: 'syz.1.1761': attribute type 11 has an invalid length.
[  136.939524][ T9966] __nla_validate_parse: 1 callbacks suppressed
[  136.939532][ T9966] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1761'.
[  136.948437][ T9954] tipc: Resetting bearer <eth:syzkaller0>
[  136.970725][ T9954] tipc: Disabling bearer <eth:syzkaller0>
[  137.238447][ T9992] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1773'.
[  137.302816][ T9997] netlink: 'syz.0.1776': attribute type 1 has an invalid length.
[  137.306575][ T9997] netlink: 172 bytes leftover after parsing attributes in process `syz.0.1776'.
[  137.312420][ T9997] netlink: 'syz.0.1776': attribute type 1 has an invalid length.
[  137.537586][T10020] trusted_key: syz.0.1787 sent an empty control message without MSG_MORE.
[  137.591427][T10026] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  137.699662][T10036] netlink: 'syz.2.1794': attribute type 1 has an invalid length.
[  137.744784][T10040] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1795'.
[  137.941291][T10052] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1802'.
[  137.951678][T10052] openvswitch: netlink: Missing key (keys=40, expected=100)
[  138.249130][T10074] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  138.252751][T10074] syzkaller0: entered promiscuous mode
[  138.259971][T10074] syzkaller0: entered allmulticast mode
[  138.280784][T10074] tipc: Resetting bearer <eth:syzkaller0>
[  138.284891][T10073] tipc: Resetting bearer <eth:syzkaller0>
[  138.304991][T10073] tipc: Disabling bearer <eth:syzkaller0>
[  138.368502][T10083] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1817'.
[  138.372613][T10083] 0X: renamed from caif0
[  138.378361][T10083] 0X: entered allmulticast mode
[  138.380715][T10083] A link change request failed with some changes committed already. Interface 60X may have been left with an inconsistent configuration, please check.
[  138.450975][T10092] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1822'.
[  138.497168][T10092] hsr_slave_1 (unregistering): left promiscuous mode
[  138.952014][T10127] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1838'.
[  138.981821][T10127] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input5
[  140.091825][T10197] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1865'.
[  140.142301][T10201] netlink: 248 bytes leftover after parsing attributes in process `syz.0.1867'.
[  140.494360][T10228] netlink: 'syz.0.1879': attribute type 10 has an invalid length.
[  140.753683][T10242] sctp: [Deprecated]: syz.1.1886 (pid 10242) Use of int in max_burst socket option.
[  140.753683][T10242] Use struct sctp_assoc_value instead
[  141.656361][T10250] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  142.262465][T10331] gtp0: entered promiscuous mode
[  142.264551][T10331] gtp0: entered allmulticast mode
[  142.622129][T10343] netlink: 'syz.2.1929': attribute type 9 has an invalid length.
[  142.630646][T10343] netlink: 'syz.2.1929': attribute type 6 has an invalid length.
[  142.768974][T10350] __nla_validate_parse: 3 callbacks suppressed
[  142.768992][T10350] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1931'.
[  143.065356][ T5826] Bluetooth: hci2: command 0x0406 tx timeout
[  143.237916][T10367] netlink: 'syz.1.1939': attribute type 12 has an invalid length.
[  143.242010][T10367] netlink: 'syz.1.1939': attribute type 29 has an invalid length.
[  143.248319][T10367] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1939'.
[  143.894547][T10399] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1954'.
[  144.133875][T10407] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1958'.
[  144.154578][T10407] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1958'.
[  144.189742][T10422] netlink: 'syz.0.1965': attribute type 3 has an invalid length.
[  144.200696][T10422] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1965'.
[  144.332682][T10437] netlink: zone id is out of range
[  144.338482][T10437] netlink: zone id is out of range
[  144.341414][T10437] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  144.349944][T10437] syzkaller0: entered promiscuous mode
[  144.352248][T10437] syzkaller0: entered allmulticast mode
[  144.442259][T10444] netlink: 'syz.2.1976': attribute type 3 has an invalid length.
[  144.454395][T10444] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1976'.
[  145.103377][T10511] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  145.329058][T10530] atomic_op ffff8881203e4998 conn xmit_atomic 0000000000000000
[  145.648080][   T33] audit: type=1804 audit(1754575933.279:3): pid=10549 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2026" name="x000000000000000300000000000000000000003" dev="tmpfs" ino=3436 res=1 errno=0
[  145.679389][   T33] audit: type=1800 audit(1754575933.289:4): pid=10549 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2026" name="x000000000000000300000000000000000000003" dev="tmpfs" ino=3436 res=0 errno=0
[  145.781631][T10556] batadv_slave_1: entered promiscuous mode
[  145.788233][T10555] batadv_slave_1: left promiscuous mode
[  145.851979][T10560] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2031'.
[  145.862645][T10560] netlink: 245 bytes leftover after parsing attributes in process `syz.0.2031'.
[  146.076794][T10573] netlink: 'syz.2.2037': attribute type 1 has an invalid length.
[  146.080343][T10573] netlink: 'syz.2.2037': attribute type 1 has an invalid length.
[  146.083844][T10573] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2037'.
[  146.088791][T10573] block nbd2: shutting down sockets
[  147.035828][T10621] syzkaller1: entered promiscuous mode
[  147.038355][T10621] syzkaller1: entered allmulticast mode
[  147.803585][T10629] IPv6: NLM_F_CREATE should be specified when creating new route
[  148.089559][T10649] syzkaller0: left promiscuous mode
[  148.091492][T10649] syzkaller0: left allmulticast mode
[  148.102600][   T60] block nbd1: Possible stuck request ffff888020e48000: control (read@0,4096B). Runtime 60 seconds
[  148.127646][T10653] __nla_validate_parse: 1 callbacks suppressed
[  148.127657][T10653] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2073'.
[  148.132931][T10653] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2073'.
[  148.229134][T10659] pim6reg1: entered promiscuous mode
[  148.231126][T10659] pim6reg1: entered allmulticast mode
[  148.263488][T10663] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2078'.
[  148.323019][T10667] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.2080'.
[  148.429773][T10681] netlink: 'syz.1.2087': attribute type 1 has an invalid length.
[  148.433306][T10681] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2087'.
[  148.503563][T10687] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2090'.
[  148.975793][   T54] Bluetooth: hci2: command 0x0406 tx timeout
[  148.997080][T10734] netlink: 'syz.1.2111': attribute type 1 has an invalid length.
[  149.003660][T10734] netlink: 'syz.1.2111': attribute type 2 has an invalid length.
[  149.008199][T10734] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2111'.
[  149.182649][T10751] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  149.187443][T10751] syzkaller0: entered promiscuous mode
[  149.189624][T10751] syzkaller0: entered allmulticast mode
[  149.299609][T10758] netlink: 216 bytes leftover after parsing attributes in process `syz.2.2121'.
[  149.302874][T10758] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2121'.
[  149.306733][T10758] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2121'.
[  149.397289][T10763] bond0: entered promiscuous mode
[  149.399202][T10763] bond0: entered allmulticast mode
[  150.222176][T10806] netlink: 'syz.0.2143': attribute type 3 has an invalid length.
[  150.297305][   T51] tipc: Node number set to 1946797903
[  150.366176][T10817] netlink: 'syz.0.2148': attribute type 3 has an invalid length.
[  150.370091][T10817] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  150.497246][T10831] bond0: option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-rr(0)
[  150.511859][T10831] netlink: 'syz.2.2155': attribute type 1 has an invalid length.
[  150.521346][T10831] netlink: 'syz.2.2155': attribute type 2 has an invalid length.
[  150.524250][T10831] netlink: 'syz.2.2155': attribute type 3 has an invalid length.
[  151.572944][T10897] team0: Device gtp1 is of different type
[  151.636925][T10905] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  151.716265][T10911] netlink: zone id is out of range
[  151.811098][T10922] veth0: entered promiscuous mode
[  151.813693][T10922] veth0: left promiscuous mode
[  151.866192][T10925] _Z`Ԁ@: entered promiscuous mode
[  152.239909][T10951] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[  152.266776][T10951] ------------[ cut here ]------------
[  152.269345][T10951] wlan1: Failed check-sdata-in-driver check, flags: 0x0
[  152.272927][T10951] WARNING: CPU: 0 PID: 10951 at net/mac80211/driver-ops.c:366 drv_unassign_vif_chanctx+0x50b/0x7e0
[  152.278031][T10951] Modules linked in:
[  152.280508][T10951] CPU: 0 UID: 0 PID: 10951 Comm: syz.1.2211 Not tainted 6.16.0-syzkaller-06600-g1dbf1d590d10-dirty #0 PREEMPT(full) 
[  152.286042][T10951] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  152.290518][T10951] RIP: 0010:drv_unassign_vif_chanctx+0x50b/0x7e0
[  152.293275][T10951] Code: 8d 8d b8 09 00 00 48 85 c0 48 0f 44 f1 43 0f b6 04 3e 84 c0 0f 85 6b 02 00 00 8b 55 00 48 c7 c7 e0 7e ad 8c e8 86 35 a5 f6 90 <0f> 0b 90 90 e9 ee fc ff ff e8 c7 91 e1 f6 90 0f 0b 90 42 80 7c 3d
[  152.301796][T10951] RSP: 0018:ffffc900061cf910 EFLAGS: 00010246
[  152.304462][T10951] RAX: 5d8df2e950cd0d00 RBX: 0000000000000000 RCX: 0000000000080000
[  152.308219][T10951] RDX: ffffc9000f8c9000 RSI: 00000000000043ca RDI: 00000000000043cb
[  152.311687][T10951] RBP: ffff8880273dd728 R08: ffff88804b024253 R09: 1ffff1100960484a
[  152.315085][T10951] R10: dffffc0000000000 R11: ffffed100960484b R12: ffff8880273de9d0
[  152.318892][T10951] R13: ffff8880273dcd80 R14: 1ffff11004e7bae5 R15: dffffc0000000000
[  152.322240][T10951] FS:  00007f773f7ee6c0(0000) GS:ffff8880b8680000(0000) knlGS:0000000000000000
[  152.326720][T10951] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  152.329605][T10951] CR2: 0000200000000000 CR3: 00000000278f2000 CR4: 00000000000006f0
[  152.333032][T10951] Call Trace:
[  152.334542][T10951]  <TASK>
[  152.336496][T10951]  ieee80211_assign_link_chanctx+0x1ec/0xd70
[  152.338765][T10951]  __ieee80211_link_release_channel+0x33b/0x4a0
[  152.340958][T10951]  ieee80211_if_change_type+0x14c/0x990
[  152.342915][T10951]  ieee80211_change_iface+0xd5/0x510
[  152.344754][T10951]  cfg80211_change_iface+0x795/0xef0
[  152.346986][T10951]  cfg80211_wext_siwmode+0x1db/0x2a0
[  152.349060][T10951]  ? __pfx_cfg80211_wext_siwmode+0x10/0x10
[  152.351618][T10951]  ? full_name_hash+0x92/0xe0
[  152.354105][T10951]  ? __pfx_cfg80211_wext_siwmode+0x10/0x10
[  152.357113][T10951]  ioctl_standard_call+0xcb/0x1b0
[  152.359922][T10951]  ? __pfx_cfg80211_wext_siwmode+0x10/0x10
[  152.362482][T10951]  wext_ioctl_dispatch+0xee/0x410
[  152.364411][T10951]  ? __pfx_ioctl_standard_call+0x10/0x10
[  152.367083][T10951]  wext_handle_ioctl+0x100/0x1c0
[  152.369203][T10951]  ? __pfx_wext_handle_ioctl+0x10/0x10
[  152.371163][T10951]  ? __lock_acquire+0xab9/0xd20
[  152.373113][T10951]  sock_ioctl+0x15f/0x790
[  152.374953][T10951]  ? __pfx_sock_ioctl+0x10/0x10
[  152.377500][T10951]  ? __fget_files+0x2a/0x420
[  152.379484][T10951]  ? __fget_files+0x3a0/0x420
[  152.381534][T10951]  ? __fget_files+0x2a/0x420
[  152.383526][T10951]  ? bpf_lsm_file_ioctl+0x9/0x20
[  152.386055][T10951]  ? __pfx_sock_ioctl+0x10/0x10
[  152.388078][T10951]  __se_sys_ioctl+0xfc/0x170
[  152.390084][T10951]  do_syscall_64+0xfa/0x3b0
[  152.392015][T10951]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.394277][T10951]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.397622][T10951]  ? exc_page_fault+0x9f/0xf0
[  152.399692][T10951]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.402234][T10951] RIP: 0033:0x7f774158ebe9
[  152.404165][T10951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  152.412910][T10951] RSP: 002b:00007f773f7ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  152.416891][T10951] RAX: ffffffffffffffda RBX: 00007f77417b5fa0 RCX: 00007f774158ebe9
[  152.420163][T10951] RDX: 0000200000000000 RSI: 0000000000008b06 RDI: 0000000000000008
[  152.423458][T10951] RBP: 00007f7741611e19 R08: 0000000000000000 R09: 0000000000000000
[  152.427333][T10951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  152.430665][T10951] R13: 00007f77417b6038 R14: 00007f77417b5fa0 R15: 00007ffdb18c75b8
[  152.433899][T10951]  </TASK>
[  152.435820][T10951] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  152.438900][T10951] CPU: 0 UID: 0 PID: 10951 Comm: syz.1.2211 Not tainted 6.16.0-syzkaller-06600-g1dbf1d590d10-dirty #0 PREEMPT(full) 
[  152.442970][T10951] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  152.446714][T10951] Call Trace:
[  152.448160][T10951]  <TASK>
[  152.449443][T10951]  dump_stack_lvl+0x99/0x250
[  152.451464][T10951]  ? __asan_memcpy+0x40/0x70
[  152.453497][T10951]  ? __pfx_dump_stack_lvl+0x10/0x10
[  152.455746][T10951]  ? __pfx__printk+0x10/0x10
[  152.457800][T10951]  panic+0x2db/0x790
[  152.459517][T10951]  ? __pfx_panic+0x10/0x10
[  152.461413][T10951]  __warn+0x31b/0x4b0
[  152.463090][T10951]  ? drv_unassign_vif_chanctx+0x50b/0x7e0
[  152.465446][T10951]  ? drv_unassign_vif_chanctx+0x50b/0x7e0
[  152.467925][T10951]  report_bug+0x2be/0x4f0
[  152.469812][T10951]  ? drv_unassign_vif_chanctx+0x50b/0x7e0
[  152.472184][T10951]  ? drv_unassign_vif_chanctx+0x50b/0x7e0
[  152.474497][T10951]  ? drv_unassign_vif_chanctx+0x50d/0x7e0
[  152.476977][T10951]  handle_bug+0x84/0x160
[  152.478678][T10951]  exc_invalid_op+0x1a/0x50
[  152.480603][T10951]  asm_exc_invalid_op+0x1a/0x20
[  152.482590][T10951] RIP: 0010:drv_unassign_vif_chanctx+0x50b/0x7e0
[  152.485084][T10951] Code: 8d 8d b8 09 00 00 48 85 c0 48 0f 44 f1 43 0f b6 04 3e 84 c0 0f 85 6b 02 00 00 8b 55 00 48 c7 c7 e0 7e ad 8c e8 86 35 a5 f6 90 <0f> 0b 90 90 e9 ee fc ff ff e8 c7 91 e1 f6 90 0f 0b 90 42 80 7c 3d
[  152.491670][T10951] RSP: 0018:ffffc900061cf910 EFLAGS: 00010246
[  152.493950][T10951] RAX: 5d8df2e950cd0d00 RBX: 0000000000000000 RCX: 0000000000080000
[  152.496812][T10951] RDX: ffffc9000f8c9000 RSI: 00000000000043ca RDI: 00000000000043cb
[  152.499492][T10951] RBP: ffff8880273dd728 R08: ffff88804b024253 R09: 1ffff1100960484a
[  152.502258][T10951] R10: dffffc0000000000 R11: ffffed100960484b R12: ffff8880273de9d0
[  152.505216][T10951] R13: ffff8880273dcd80 R14: 1ffff11004e7bae5 R15: dffffc0000000000
[  152.508601][T10951]  ieee80211_assign_link_chanctx+0x1ec/0xd70
[  152.511046][T10951]  __ieee80211_link_release_channel+0x33b/0x4a0
[  152.513252][T10951]  ieee80211_if_change_type+0x14c/0x990
[  152.515555][T10951]  ieee80211_change_iface+0xd5/0x510
[  152.517508][T10951]  cfg80211_change_iface+0x795/0xef0
[  152.519459][T10951]  cfg80211_wext_siwmode+0x1db/0x2a0
[  152.521529][T10951]  ? __pfx_cfg80211_wext_siwmode+0x10/0x10
[  152.523676][T10951]  ? full_name_hash+0x92/0xe0
[  152.525499][T10951]  ? __pfx_cfg80211_wext_siwmode+0x10/0x10
[  152.527505][T10951]  ioctl_standard_call+0xcb/0x1b0
[  152.529193][T10951]  ? __pfx_cfg80211_wext_siwmode+0x10/0x10
[  152.531112][T10951]  wext_ioctl_dispatch+0xee/0x410
[  152.533242][T10951]  ? __pfx_ioctl_standard_call+0x10/0x10
[  152.535645][T10951]  wext_handle_ioctl+0x100/0x1c0
[  152.537830][T10951]  ? __pfx_wext_handle_ioctl+0x10/0x10
[  152.540237][T10951]  ? __lock_acquire+0xab9/0xd20
[  152.542349][T10951]  sock_ioctl+0x15f/0x790
[  152.544196][T10951]  ? __pfx_sock_ioctl+0x10/0x10
[  152.545976][T10951]  ? __fget_files+0x2a/0x420
[  152.547718][T10951]  ? __fget_files+0x3a0/0x420
[  152.549752][T10951]  ? __fget_files+0x2a/0x420
[  152.551808][T10951]  ? bpf_lsm_file_ioctl+0x9/0x20
[  152.553984][T10951]  ? __pfx_sock_ioctl+0x10/0x10
[  152.556113][T10951]  __se_sys_ioctl+0xfc/0x170
[  152.558161][T10951]  do_syscall_64+0xfa/0x3b0
[  152.559912][T10951]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.561621][T10951]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.563677][T10951]  ? exc_page_fault+0x9f/0xf0
[  152.565288][T10951]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.567339][T10951] RIP: 0033:0x7f774158ebe9
[  152.569083][T10951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  152.577005][T10951] RSP: 002b:00007f773f7ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  152.580213][T10951] RAX: ffffffffffffffda RBX: 00007f77417b5fa0 RCX: 00007f774158ebe9
[  152.583037][T10951] RDX: 0000200000000000 RSI: 0000000000008b06 RDI: 0000000000000008
[  152.585978][T10951] RBP: 00007f7741611e19 R08: 0000000000000000 R09: 0000000000000000
[  152.588965][T10951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  152.591938][T10951] R13: 00007f77417b6038 R14: 00007f77417b5fa0 R15: 00007ffdb18c75b8
[  152.594992][T10951]  </TASK>
[  152.596889][T10951] Kernel Offset: disabled
[  152.598347][T10951] Rebooting in 86400 seconds..

VM DIAGNOSIS:
14:12:20  Registers:
info registers vcpu 0

CPU#0
RAX=1ffffffff33b3460 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=0000000000013aae RDI=0000000000013aaf RBP=ffffffff99d9a770 RSP=ffffc900061cf010
R8 =ffff888107a48237 R9 =1ffff11020f49046 R10=dffffc0000000000 R11=ffffffff854c1cc0
R12=dffffc0000000000 R13=0000000000000000 R14=ffffffff99d9a4e0 R15=0000000000000000
RIP=ffffffff854c1d37 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f773f7ee6c0 ffffffff 00c00000
GS =0000 ffff8880b8680000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000000 CR3=00000000278f2000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007f7741612e53
XMM06=0000000000000000 00007f7741612e4d XMM07=0000000000000000 00007f7741612e61
XMM08=0000000000000000 00007f7741612ee7 XMM09=0000000000000000 00007f7741612fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffff82235df3 RBX=0000000000140cca RCX=ffff88801e55d640 RDX=ffffc90020751000
RSI=000000000007ffff RDI=0000000000080000 RBP=0000000000000000 RSP=ffffc9000644f2c0
R8 =0000000000000000 R9 =ffffffff8215895d R10=ffffc9000644f3a0 R11=fffff52000c89e79
R12=1ffff92000c89e6f R13=0000000000140cca R14=0000000000000008 R15=1ffff92000c89e74
RIP=ffffffff81bfb0fa RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fcdb8d366c0 ffffffff 00c00000
GS =0000 ffff8881a3c80000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00002000000000c0 CR3=000000010863a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 00000000000001a4 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
