last executing test programs:

1.296167138s ago: executing program 1 (id=378):
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x4, &(0x7f0000000580)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x1c}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.20330442s ago: executing program 1 (id=379):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f0000000000)=0x100020, 0x4)
setsockopt$sock_attach_bpf(r0, 0x1, 0x34, &(0x7f00000000c0), 0x4)

1.202913924s ago: executing program 1 (id=380):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
listen(r2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
ppoll(&(0x7f0000000080)=[{r3}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r5 = socket$inet6_icmp(0xa, 0x2, 0x3a)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
ioctl$sock_inet6_SIOCADDRT(r5, 0x890b, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'veth1_to_bridge\x00', <r6=>0x0})
bind$packet(r1, &(0x7f0000000080)={0x11, 0x4, r6, 0x1, 0x6}, 0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40000)

385.210583ms ago: executing program 0 (id=392):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x20, &(0x7f0000000800)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)

384.904147ms ago: executing program 2 (id=393):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x40, 0x3, 0x0, 0x800}, {0x6}]}, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd05005600080054"], 0xfdef)

290.873343ms ago: executing program 0 (id=394):
r0 = socket$nl_route(0x10, 0x3, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000340)="8a226ff432407a7f5fd09590d734f795e12e57ce9fed3f0300eb6368ed559a85603b0080", 0x24}], 0x2)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b36, &(0x7f0000000000)={'wlan0\x00'})

289.519265ms ago: executing program 1 (id=395):
r0 = socket$inet6(0xa, 0x3, 0x5)
r1 = socket$kcm(0x11, 0x200000000000002, 0x300)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001640)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff48700000020000005c0000000000000095000000000000002ba728041598d6fbd307ce99e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f071326bd9174842fa9ea4318123341cf9d90a0e168c1884d005d94f204e345c652fbc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc84e974a22a550d6f97181980400003e05df3ceb9f1feae5737ecaa81d666963c474c2a19eed87b277be335c75e04ad6ee1cbf9b0a4def23d410f6296b32ae343881dcc7b1b85f3c3d44aeaced3641110bec4e90a634196508000000000000f0f4ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d4dcecb0c005d2a1bcf9436e101040000f73902ebcf0200822775985b231f000040ccb0ecf31b715f5888b2a858ab3f11afc9bd08c676d2b89432fb465b3dad9d2aa7f1521bc9901de2eb879a15943b6dc8ea15aab9dd6968698e3095c4c5c7a156cec33a7bb727667d81ff2757ca1e6bfdd4c968dacf81e65998b9091957d1d11a5730baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba165d876defd3541772f26e27c44cfd7bb5097379cf1756869cebc7b0b2d85d6d29983e830a9cdd1d0a017c100344c52a6f387a1340a1c8889464f90c284a4db539621fbb70f01a2c02dec4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae610afd01409d9a337ac5d58bcb5e5fc231514952c5255f22bd8b325d9b76e57f041b665ab0249886c0a65cc99d5893521372c8d8b7bacac24000020a4a24d8dbd75062e1daef9dead619cc6e7baa72706287793c3d2a2661edcd3545236c204682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b993508000000e480cd9d4850a049ee19b67d17ef0477aeb12b1d2502000000d9051f22614d1f62734d678039a97d3e783df8b8a17e3aa9fe9c502f9acee4f1b56e1f23128d743792cead3c058a5b700d64d160abe33df726608510136ce8bf239414a1d98ea93e3d35dbb6c23b90cf36e83b8a4309b402d264b09f2779a0bcd7cd6dfc06b02e69d384146056d125cf4aadd80800000000000000e88d10acd06864eac44c42fbe334bdc3e9768fc360b130dc6111fe3293e8e02f819a2aa34dba1c25be27945507a3477b437525b81aef2f0b4c4f63483026b5e34d44705b76ef29f7f6e0a2be625eae975e02069f6f24e1e1bc976d965ddabb01085f16bff63a06578d6d184f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8eae87691fae365a70c3f15871565bba8dd8a8ca049f798abe646f738bebdfc9d8a5edd7a19ca6a42bc3f1db37c17f22a287c6d31a13db5dfef409eb1d3c91c6e6f80d215c9e16e0c47365e78c80854b2baf8eb320d8c34cfc81936315418f26770cca4e2f89800d18c89d7f46f679df6c9e2005f209dda94302a30003b952ae1ebfd0ca88368ee6ce139e8b5822422cf4c9dde943d34c432e1001171792c65986146666a549092398af45ba38c41df7e0fffeac41824ca1fd0eb68aa243c9035c788d5480e5aee9c9e5f2e5a3628995b1531bd20360d33d8f9ffffff5f4bf6ea8a1850c4f83306dbca02ee3686da707b6d85db491ba0cc33f6be92c55969a2b52a25419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9bc31f09834b4788be2a442aa81b259e9eb1bf5314844051f3a642aca9ff98c9036471ccff0522903e7bcf62e18f7796bbc280b95e8e0d6fd5644b0ebde330289d6348d183ed9d3dae3cccf109f7c78e8479a345e805e47dfa82cafc6b64b1f4659834aecbeded44b11a443c5ba92a326dd10921aa79c62800844c7a59f55ee205a11ab50fb402e7da6ada561ec1117cc186b01fd5c2061d22156b1b7d5f80c580dc31b0963ff953ce09148e8dfea9d03a61bbd2bb173518507a3cd0e37c4da0a71eee31071d5d642498181c69cee3b2e414ddd6a12ff4bdf6e96c247b6025d4376067e25357d3b521a5b927d3392a7503718aea24179528f6a0c6de4e61b49cad1e4d6b000000000000005b2d16877299acefc0655bc1422c3d425d988eedebcf242b780a687c9acae2a5a71c2a16a32ceb377f5d54f9b2fa90b2905925e611be56e9ebe20cab20c290a1f6c09272dbc3b2c0ab2b5baa1b07b16e81f278e54a479f1a06bc06e3656cfa196d6c050000000000000000814955c62a7d72b317399e572a7f6afd0fa1d46cfb110e3e8cff5579e83f2820f95eaa0c609f666950c24311740e36de8f65708cfffce788c99ef8f62fd2398e999b220125da8eb07947512365abbc5b84ef524bdf184727c67910051f204662264607d548dbdffe14b41dd0843cf3d85bb820656a88a9e52a4cd7b3eeadfe00007267f226019ef0a25bc15da71e893856a2182c3167d8ba73f709294b159a426ce44cd73f000000a66fc501eae0c3504c1400697ba69fd9b7eaf49aff6a6aea529610db8dfef86c3cc698e9fddf1b132876159972281a90c3a4cf415df25fbcdd35cf8368f068c4481844bdd0dda553e1cb0966d5686013d382956d50055dce0d1bc225c1d77612b1ec52e743dbc51f25cc07a202b704577316913cf067fa65e476f688de2d6c54ea192a569eed05d0d7536b3205c68d4ee0fe318ed3112c76dcf128a1d5595b773ef4c8a7ba4e10381de8808ff02dd0a7b996ecf1c65e6d9db90c87123d9cb3945330f7a270ee0cca35b1331ca8fec0b2f39f505140751b60f29a83e4bc0ef2ffea443e4aa221cc38a503add16a2c98cb589e1dac1912b4142a3be30f50b2d9479c5bde0beb38030d0c0ce0598700130000000000000000000000554361e1628ee0017ad19ca787f2c078aa260701ce0800000080623902000000000000000000003d118a04fa6a80c4928c01ccab57b5f4eb265ad15004f967543fe6e6ddc2a12165fe3a08bf9475ee0eee3539369b0e566fedbd215a6ddd4fe03dcc7a922e16410d820747b7e806c0f3b6f14c884d150a0ff07f2e0000bfb083c56d3bed0a61fab880f8885c612ebff8523d14cfb12aca274c000000005e5155611969f6e67dd83b20206207cb8b2cd2fab6fa6d7fdaed6a27a2e4db1d5adc80014ff11d9dbceba41d8dfce410333a054e82b1d0504f1ce0aeacb843b94d67f69f49eb4dd3b1b85b018359c32df01db8ebce0dbc36cade09c6b44f6bb956fac1ae4db5624d8a02f7be91bec65e4b3373059587dd6528bbc48e3379d477d482faff738c39c61cac1195043bd5b70cea5fc1083a169a8263e9aec56b9f7795fa27634a7f06359e3058d2dd69c4e5cc11b36d9ed9c4b2867f583de6fc582f789722bd1500e64c495abdb72de2c739d38c72f6f4fb1946081dcc825d5b5b747e9fa1b5226cd31e131263f1fcd7d45a630b46d04af906f0be464d829dd2dfcf7400002b7827f6d957e51bb1f1b44a50200c9dfadfaff2e32baa9c0edaac7144e174dba582a951d2b03c27219cec4fbc7b6e99c3f00188941e3fbf008cbace177ae250fd757a22e21ec05aa45c91e1345ca936184c3fc28153283e13654123cfaf4e661f4b6d430adad1e2116bc385f888405d48f0d386da0cc6747b33395772a68f2ea3fb7e7207000000b24088014c8e64f03d053c4e02ddd08b262e422eff1c9f124b892b0a9462b07d4f88c0693bd9c54ad2ab5227aa59ef2b53ac528c0800000000000000ebfde0c4a37c2d55c176680c4207000000e4aa467f995c9bc99e60441d4dbebead3b436427762618810bac7308c6d3298ea932b66572825e62d18462d3b2342ba48c145ff4674a94fa078cc552d064da2bb69a0d269076f8955076578f44ffb8895f11bd5e06840f8848df72230a28e0304569bfa0350b6dde9e96273de1758505aa1ba89dfb12be7a7c6dd18f6148354df7e60a489dc543ccdee1fff9d8f8d78844de27a77ef1181d5055c2a193a5763ed7749a17296c76818b60426082c86619dacc8a884c4de8572a044faf0c8e4377776c8703ecf2e3f1c3d64100cc000000008369f062639e3ddcf725be54f626448fb7bfc74c183b26e31b71a390ccea4be07278dd12fa16848797397b76908fa03613cd961b98b26a0879ccba4a78c82958764bce07a7f70df1cef6d4db1ddbda1db18e4f41c390fd3cb862216ece39a9ec60bd3be5f9329dcaf33bf2c87cc510557460d14421e1d26322ab64388f2ceae70922989f66827fe9acd2ec3ece39f3b4ffdc4dfea3da6ddb002512e2313253801044e751168e32d7bd6800000000a21008b8d26dabe977c503c30ef7c489e5ea1fff041e54de54cfeb258f2387dad096b72a78d91134927492cfc773c731cca9b13b3f6e7760ab0929c46f51ea5643f3df4f4044f3ad0a6ba739e72d8b8b2935d81534bea8372bc590c111d573e04280659a096eaa495a4154daae7d1800c130d920964845c50c8ba4763b19b6008f6d7a5091895c7a4b7816ab706503be879b18b778b0f61ecfde2f8bbb32cfeb766ec4430ee0ad45a0a263ddc4b2f47680c8d53439f8d388dab87112c83997c83e178be287eb6e8c95badaf8ed85cd5b03a7352a0fb83398566d1bc133582ce2d9f601cd23eba4432180b2d5c3019879cd949a5be1b241b3d0d0d52a3529cc9e704a9d8d54f4f7b776a969a4505e18fe5284985ca7d112c397d776e3baba918b7df456bd970e761e00f3b0efa5ce4246d9f08ba60da3be556c518a1f19504c7cea1491a9eadd27d747ca9cc5f92e30b2ca3cf0b142a8554c87e8026d4e586cf5f7c9d412e6eb4f66a076c8bca6b294305969dabb6c932b57a5dd4234bf1ed3bd095229ee3cbb86883d574c5af4bb78370561de3fbf55bfcd2db3979eb1be120b5795443324023353c959fd965702f1cd5bcb3c16d4b8bdd9fc87c862c247e140379ef098c7b3fa79a6638a245b6a74f14dde9bd4ee48e62cdc70f486ce38641e4e4309aa9f4bd097fa1530db966d9919544ab4890301e51f9525436f5d9591460340f5093161a78a249783945407f2576d6f35a99e3521d7991e3fdfde5ee7f6a8ff8181a68ef15a2ebfe9e22d7c745949ab5cc15b9f5659799b5e00debbf9f623f75bfd4d83c4859ca9b652cea33daeeef07b60c78a21965bcf91919071c7ded19317dc0b7587d9322f8cec9e32675a187465bdfa101bcd9ac680839b375af12c160247dd960e70eb7ee60c52a900440aa9bd9a6b15a4a34dc73c3c4936d8986300fdc264b28537df387e6442c3355fa2a31d24c1ed888a57fcc50400a084a38a3630ffc465f36a4b770fab0946148161184be39134542e934f3a538b011cb3928b430630b8ccc800000000881d4361e7fbd1fc2331b4e34733480bc497662a8234a7eeab3e65d6b0f5d92edff04416eedcd15b9ddbcb3cf9228afda6b17d44a276b205eabd0069f7e26aea50f537dc77b683ed83d2f9110e00a705f48e9d13378cf09bca22e8f45c4f360d5fff8ba35f21c4513bcc0800000000000000dc5cc7ad7290c60bc609bff9be7cd922f474c3faa78fd42cba7c78d6d912656b6313497625e2f9afaba05b17ca242b7ca8d6556175aee38142a8aac5f677c2f8a6967f2cb5e97aae97a5e5579a706243688ac4d38a4601b4aadb2d319fe7d6bf1272fa3fa701338d7bce390e8bf959081ed39e63a431901d615a26ff95e1620a6c26eda4f92d83499a173e7217001f58ed5406bdb59acbc997e8fd3d53b4c2c2a1b314bfe611e5958458af7b3c5319fdb4c40b8d01365fdee93af6fad7c7a8da86460f45c9e99d43264c921b090000000000000000000000000000000000007cf90000008f8a9da7a8a167815c6ffcd1b6863cde9ab45ecd8f06423198bb00cdf76877f407be46b000000000afbb4cb3a8de259a8beb2223f28b855e2bdf4b31b91e5062a42a55bd95e93f77f2499391cf0000000000000000000000000000195007ad27d1d61dc4d5512f117f0ed554c2c88c1713000000000000bb1ff447d6e12da22ee9f0422a84f361684861169f498909c4841f4d5a0f5807a3b7d833075fdcd9c1d169b03d7df7f415f6ac8b9e92eaf86992adbda360dd91de51c6df335445492608162fb0804dabdeac6fb71042f906eefd37f1d190a1c8a0d9de7f34dcc8cbd7b565fc675f3bf7aac559411808ee703ec3ad461c6ddc571994cb504c46eabbc2ff4b97df394bc75b5e7f45b4450753b5d2b8b8414a7fe6a17661bdb5b1d080cfd974811e1d60763d8d9509c75aa729a334b55ee76b0c2d5027e81ceec1a6d7441d0b538d7a4d048d156ebcff102e45c15d2a73b40d74807f5182a319d50edbf430f00b1c29a9e4bd92111caacbb1d4541545c2d262646070da42f76e3f3c6d139eed89cc9300000000000000000000000000000000000072d7e605eb8e978d76796d9d3a728c51a3145da8e1ca4973aa8fed855328e9d2f600000000000000e862eac50e9ba95b6a2a29e8ef08a9ae29792e77fb9952b1ac5c816db5c23a656d9a28f81f6a9465aec94d701ee8646b30650c84b9510a337e82702baf368d29281d3d54b39014756ca5a1be184d4ebb942f99581a6fbac0b9c9f97c920dfac7e2379ef6bb076118aa9bbb4ee12e64aa530f852bf4f970a08a55531934e39fbae483129949a918115571d76740ca6a1cea59df290f2e63675ca30a289775825fe3e5d6f206f3f395346c0738035dc74368bb035fc65a40f8124369b8950ded31af64855cb18b23517ca935a0fa1b630d70c4ca9acbaf0f08910f327fba506d834029a90d47701102045fff90675adb3c83983d125ae730b9497c681a912a6bb70300a2d7fba051f82b9d6f710426b5bd0d0bc0b08a0f801276789613da406905011bd6ebbac91ff17a21d1ed0882e73394025772f31dc8a3048789c703f920c55746f6fc955046f9332d72150be23c26cbb08d1b438e84b83f869fbb866c57567826efc6a16958fd46dc7b8cbea1da2d541324e373e9157696d698a0b4bc84d7cc2fdb069db8a5a491a9d2bbc0a61b73f75d81d07d778a1577db3b06d20a21b19ea17ecd996d7dea947ee8ce55fa2dea5a000000000000000000000000006f0143d8d4038ef9f57d58710d1febe7394cf8b02f59dab24d07db3d3c1ebff5244f438b3d6d15a30ec32aadb3cfa1c2f7dac7c5937c14702a3a0702b53115c163eb91275aedd6ad46b49b100208e73bb2c57068664f8ffd34bc8708faadd12d80875d7f1c0d9cd1ddd292e1efe9780c02487a38a688dfc173fac71249cdee0fc53336ede131253606067e3dd22f2e5db2b9d570b1fb3f3add20b3a02caf5721868b642a2e5cf40a03c49b8fe89fa6b7b4a823104f2314d37e7de67b719bf3aba1273a974f38f7c82d4fa14aa12599ad6ae5197c3c0040e5beb587d917992168e412403cf568acf630927e005b9a75"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000200)=r2, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e24, 0x0, @empty}, 0x1c)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)

213.469302ms ago: executing program 0 (id=396):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=@newqdisc={0x88, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x10, [0x7, 0x4, 0x3, 0xf, 0x0, 0x6, 0xc, 0xe, 0xe, 0xb, 0x4, 0x2, 0x5, 0x9, 0xa, 0x3], 0x0, [0x3, 0x8000, 0x6, 0xe, 0xb, 0x6, 0xb4, 0x4, 0xf, 0xa, 0x6, 0x400, 0xfc01, 0x200, 0x4, 0x7], [0x8, 0x3, 0xfff, 0x4, 0x3ff, 0x2, 0x2c6, 0x3, 0x4, 0x9, 0x31c, 0x7, 0x8, 0xf000, 0x7, 0x3]}}}}]}, 0x88}}, 0x0)

213.117891ms ago: executing program 0 (id=397):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x18, 0x16, 0xa01, 0x0, 0x0, {0x2}, [@nested={0x4, 0x5}]}, 0x18}}, 0x0)

130.247242ms ago: executing program 0 (id=398):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000040)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f00000003c0)='%ps    \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000800)={r1, <r2=>0xffffffffffffffff}, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000ffff0b867b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r3, 0x0, 0xe, 0x48000000, &(0x7f0000000300)="40f0538ef047b21fb60068305500", 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

128.352725ms ago: executing program 2 (id=399):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'erspan0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=@newqdisc={0x24, 0x25, 0x4ee4e6a52ff56541, 0x1, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xd}, {0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0xc000}, 0x0)

127.96265ms ago: executing program 2 (id=400):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = openat$cgroup_devices(r0, &(0x7f0000000200)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r1, &(0x7f0000000140)=ANY=[@ANYBLOB='c 75:*\twmm'], 0xa)

72.76067ms ago: executing program 1 (id=401):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x30, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MAX={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xa0}, 0x1, 0x0, 0x0, 0x850}, 0x0)

72.253595ms ago: executing program 2 (id=402):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r1, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0xfffffffa}]}, 0x30}, 0x1, 0x0, 0x0, 0x4080}, 0x810)

10.889532ms ago: executing program 2 (id=403):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x3, 0x25dfdbfe, {0x2, 0x0, 0x0, 0x0, 0xfe}, [@RTA_SRC={0x8, 0x2, @multicast2}]}, 0x24}}, 0x0)

10.489963ms ago: executing program 1 (id=404):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0a00000004fa0300e27f000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r0, &(0x7f0000000a40), &(0x7f0000000000)=""/10, 0x2}, 0x20)

2.018235ms ago: executing program 0 (id=405):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000fc0)=ANY=[@ANYBLOB="12000000030000000400000002"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r0}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r2, &(0x7f00000001c0)="1713"}, 0x20)

0s ago: executing program 2 (id=406):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:45056' (ED25519) to the list of known hosts.
syzkaller login: [   56.983096][ T5783] cgroup: Unknown subsys name 'net'
[   57.120563][ T5783] cgroup: Unknown subsys name 'cpuset'
[   57.126860][ T5783] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   59.044555][ T5783] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   68.163652][ T5848] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   68.168090][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   68.180507][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   68.186440][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   68.190125][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   68.471953][ T5846] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   70.266647][   T54] Bluetooth: hci0: command tx timeout
[   71.107007][ T5848] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   71.111760][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   71.115197][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   71.127014][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   71.130558][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   71.170383][ T5867] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   71.174007][ T5218] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   71.177661][ T5218] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   71.183226][ T5867] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   71.187069][ T5867] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   71.190629][ T5867] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   71.193909][ T5867] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   71.215632][ T5868] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   71.219852][ T5868] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   71.223115][ T5868] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   71.390976][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   71.393543][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   71.639914][ T5863] chnl_net:caif_netlink_parms(): no params data found
[   71.708568][ T5861] chnl_net:caif_netlink_parms(): no params data found
[   71.778212][ T5864] chnl_net:caif_netlink_parms(): no params data found
[   71.816631][ T5863] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.820170][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.822515][ T5863] bridge_slave_0: entered allmulticast mode
[   71.825359][ T5863] bridge_slave_0: entered promiscuous mode
[   71.831481][ T5863] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.834003][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.838005][ T5863] bridge_slave_1: entered allmulticast mode
[   71.841897][ T5863] bridge_slave_1: entered promiscuous mode
[   71.907653][ T5863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.925274][ T5861] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.928884][ T5861] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.931772][ T5861] bridge_slave_0: entered allmulticast mode
[   71.935819][ T5861] bridge_slave_0: entered promiscuous mode
[   71.950407][ T5863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.963985][ T5861] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.967057][ T5861] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.969845][ T5861] bridge_slave_1: entered allmulticast mode
[   71.973113][ T5861] bridge_slave_1: entered promiscuous mode
[   72.018461][ T5861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   72.034792][ T5863] team0: Port device team_slave_0 added
[   72.041966][ T5861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   72.069022][ T5863] team0: Port device team_slave_1 added
[   72.085395][ T5864] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.088318][ T5864] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.091213][ T5864] bridge_slave_0: entered allmulticast mode
[   72.093928][ T5864] bridge_slave_0: entered promiscuous mode
[   72.141165][ T5864] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.143743][ T5864] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.147104][ T5864] bridge_slave_1: entered allmulticast mode
[   72.150360][ T5864] bridge_slave_1: entered promiscuous mode
[   72.155610][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_0
[   72.158421][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   72.168307][ T5863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   72.178229][ T5861] team0: Port device team_slave_0 added
[   72.192841][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_1
[   72.195523][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   72.205117][ T5863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   72.219287][ T5861] team0: Port device team_slave_1 added
[   72.265270][ T5864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   72.271610][ T5864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   72.275223][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_0
[   72.278422][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   72.287991][ T5861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   72.318556][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_1
[   72.321269][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   72.331166][ T5861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   72.387648][ T5863] hsr_slave_0: entered promiscuous mode
[   72.390335][ T5863] hsr_slave_1: entered promiscuous mode
[   72.408004][ T5864] team0: Port device team_slave_0 added
[   72.413678][ T5864] team0: Port device team_slave_1 added
[   72.421700][ T5861] hsr_slave_0: entered promiscuous mode
[   72.424895][ T5861] hsr_slave_1: entered promiscuous mode
[   72.428179][ T5861] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   72.431315][ T5861] Cannot create hsr debugfs directory
[   72.478745][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_0
[   72.481665][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   72.492931][ T5864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   72.525328][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_1
[   72.527716][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   72.535322][ T5864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   72.658053][ T5864] hsr_slave_0: entered promiscuous mode
[   72.660329][ T5864] hsr_slave_1: entered promiscuous mode
[   72.662395][ T5864] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   72.664604][ T5864] Cannot create hsr debugfs directory
[   72.897743][ T5863] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   72.913262][ T5863] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   72.932334][ T5863] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   72.941338][ T5863] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   72.991741][ T5861] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   72.998004][ T5861] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   73.019356][ T5861] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   73.041902][ T5861] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   73.104363][ T5864] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   73.112021][ T5864] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   73.127479][ T5864] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   73.134566][ T5864] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   73.146599][ T5868] Bluetooth: hci0: command tx timeout
[   73.226359][ T5868] Bluetooth: hci1: command tx timeout
[   73.257051][ T5863] 8021q: adding VLAN 0 to HW filter on device bond0
[   73.288635][ T5861] 8021q: adding VLAN 0 to HW filter on device bond0
[   73.306355][ T5868] Bluetooth: hci2: command tx timeout
[   73.314000][ T5863] 8021q: adding VLAN 0 to HW filter on device team0
[   73.333125][ T5861] 8021q: adding VLAN 0 to HW filter on device team0
[   73.339506][   T85] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.342343][   T85] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.360893][   T85] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.363638][   T85] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.376541][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.378774][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.393214][ T1091] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.395997][ T1091] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.463045][ T5864] 8021q: adding VLAN 0 to HW filter on device bond0
[   73.489954][ T5863] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   73.529067][ T5864] 8021q: adding VLAN 0 to HW filter on device team0
[   73.543780][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.546307][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.572238][ T1091] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.574966][ T1091] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.621903][ T5864] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   73.710337][ T5863] 8021q: adding VLAN 0 to HW filter on device batadv0
[   73.806658][ T5863] veth0_vlan: entered promiscuous mode
[   73.823513][ T5863] veth1_vlan: entered promiscuous mode
[   73.864098][ T5863] veth0_macvtap: entered promiscuous mode
[   73.871098][ T5861] 8021q: adding VLAN 0 to HW filter on device batadv0
[   73.878906][ T5864] 8021q: adding VLAN 0 to HW filter on device batadv0
[   73.882048][ T5863] veth1_macvtap: entered promiscuous mode
[   73.901452][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.913013][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.928518][ T5863] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.931970][ T5863] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.935199][ T5863] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.939217][ T5863] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   74.039739][   T85] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.039981][ T5861] veth0_vlan: entered promiscuous mode
[   74.042634][   T85] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.088800][ T5864] veth0_vlan: entered promiscuous mode
[   74.094266][ T5861] veth1_vlan: entered promiscuous mode
[   74.100564][   T85] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.111135][   T85] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.115425][ T5864] veth1_vlan: entered promiscuous mode
[   74.149722][ T5861] veth0_macvtap: entered promiscuous mode
[   74.162959][ T5861] veth1_macvtap: entered promiscuous mode
[   74.190645][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_0
[   74.203038][ T5864] veth0_macvtap: entered promiscuous mode
[   74.217736][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_1
[   74.225262][ T5861] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   74.234159][ T5861] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   74.238705][ T5861] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   74.241880][ T5861] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   74.249583][ T5923] warning: `syz.2.13' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   74.257942][ T5864] veth1_macvtap: entered promiscuous mode
[   74.287154][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_0
[   74.292756][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_1
[   74.333767][ T5864] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   74.344503][ T5864] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   74.356596][ T5864] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   74.359955][ T5864] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   74.407680][ T5928] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   74.431386][ T5928] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15'.
[   74.448181][ T5928] ip6_vti0: entered promiscuous mode
[   74.450373][ T5928] ip6_vti0: entered allmulticast mode
[   74.499313][ T1096] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.502258][ T1096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.585246][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.592975][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.655999][ T1096] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.659282][ T1096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.693347][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.697438][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.193750][ T5958] netlink: 8 bytes leftover after parsing attributes in process `syz.0.27'.
[   75.226286][ T5868] Bluetooth: hci0: command tx timeout
[   75.305987][ T5868] Bluetooth: hci1: command tx timeout
[   75.368159][ T5964] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   75.386813][ T5868] Bluetooth: hci2: command tx timeout
[   75.696774][ T5980] ieee802154 phy0 wpan0: encryption failed: -22
[   75.699434][ T5980] ieee802154 phy0 wpan0: encryption failed: -22
[   75.736480][ T5983] netlink: 36 bytes leftover after parsing attributes in process `syz.2.38'.
[   75.999243][ T5997] syzkaller0: tun_chr_ioctl cmd 1074812118
[   76.035328][ T6003] netlink: 36 bytes leftover after parsing attributes in process `syz.0.48'.
[   76.888291][ T6034] netlink: 248 bytes leftover after parsing attributes in process `syz.2.56'.
[   77.289199][ T6083] netlink: 36 bytes leftover after parsing attributes in process `syz.1.70'.
[   77.306135][ T5868] Bluetooth: hci0: command tx timeout
[   77.397049][ T5868] Bluetooth: hci1: command tx timeout
[   77.475978][ T5868] Bluetooth: hci2: command tx timeout
[   77.575226][ T6096] netlink: 'syz.1.74': attribute type 1 has an invalid length.
[   77.606033][ T6096] netlink: 228 bytes leftover after parsing attributes in process `syz.1.74'.
[   77.791700][ T6105] syz.2.76 uses obsolete (PF_INET,SOCK_PACKET)
[   77.805190][ T6108] netlink: 'syz.0.78': attribute type 1 has an invalid length.
[   77.809171][ T6108] netlink: 16166 bytes leftover after parsing attributes in process `syz.0.78'.
[   78.137439][ T6133] netlink: 4 bytes leftover after parsing attributes in process `syz.1.89'.
[   78.223786][ T6139] openvswitch: netlink: IP tunnel dst address not specified
[   78.588138][ T6158] netlink: 8 bytes leftover after parsing attributes in process `syz.0.100'.
[   78.765530][ T6166] nbd: socks must be embedded in a SOCK_ITEM attr
[   78.771602][ T5830] block nbd64: NBD_DISCONNECT
[   78.773815][ T6167] netlink: 'syz.0.104': attribute type 12 has an invalid length.
[   79.399410][ T5868] Bluetooth: hci0: command tx timeout
[   79.466183][ T5868] Bluetooth: hci1: command tx timeout
[   79.482411][ T6198] raw_sendmsg: syz.2.115 forgot to set AF_INET. Fix it!
[   79.556559][ T5868] Bluetooth: hci2: command tx timeout
[   80.613457][ T6212] tipc: Started in network mode
[   80.616746][ T6212] tipc: Node identity 66f7374ebd8d, cluster identity 4711
[   80.620037][ T6212] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   80.627823][ T6213] tipc: Disabling bearer <eth:syzkaller0>
[   80.817115][ T6233] __nla_validate_parse: 3 callbacks suppressed
[   80.817136][ T6233] netlink: 24 bytes leftover after parsing attributes in process `syz.0.126'.
[   81.004441][ T6245] Zero length message leads to an empty skb
[   81.060306][   T52] IPVS: starting estimator thread 0...
[   81.148182][ T6249] IPVS: using max 47 ests per chain, 112800 per kthread
[   81.357518][ T6276] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   81.725062][ T6301] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16)
[   81.745884][ T6301] openvswitch: netlink: Either Ethernet header or EtherType is required.
[   82.149415][ T6329] netlink: 4 bytes leftover after parsing attributes in process `syz.0.170'.
[   82.249566][ T6329] bridge_slave_1: left allmulticast mode
[   82.251873][ T6329] bridge_slave_1: left promiscuous mode
[   82.255507][ T6329] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.264446][ T6329] bridge_slave_0: left allmulticast mode
[   82.268642][ T6329] bridge_slave_0: left promiscuous mode
[   82.273035][ T6329] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.459562][ T6331] mac80211_hwsim hwsim4 ": renamed from wlan0 (while UP)
[   83.964362][ T6433] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[   84.015024][ T6433] tipc: Resetting bearer <eth:syzkaller0>
[   84.034248][ T6431] tipc: Resetting bearer <eth:syzkaller0>
[   85.016554][ T5847] tipc: Node number set to 3682219854
[   85.172142][ T6448] GUP no longer grows the stack in syz.1.224 (6448): 200000006000-20000000a000 (200000005000)
[   85.176039][ T6448] CPU: 0 UID: 0 PID: 6448 Comm: syz.1.224 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77-dirty #0 PREEMPT(full) 
[   85.176053][ T6448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   85.176059][ T6448] Call Trace:
[   85.176064][ T6448]  <TASK>
[   85.176091][ T6448]  dump_stack_lvl+0x189/0x250
[   85.176110][ T6448]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.176121][ T6448]  ? __pfx__printk+0x10/0x10
[   85.176132][ T6448]  ? find_vma+0xe7/0x160
[   85.176150][ T6448]  __get_user_pages+0x2a60/0x30b0
[   85.176177][ T6448]  ? __pfx___get_user_pages+0x10/0x10
[   85.176188][ T6448]  ? __gup_longterm_locked+0xbf7/0x15b0
[   85.176198][ T6448]  ? down_read_killable+0x1d1/0x350
[   85.176208][ T6448]  ? try_get_folio+0x633/0x660
[   85.176220][ T6448]  __gup_longterm_locked+0xd66/0x15b0
[   85.176233][ T6448]  ? try_grab_folio_fast+0x1be/0x4f0
[   85.176248][ T6448]  ? gup_fast_fallback+0x1afc/0x2260
[   85.176284][ T6448]  gup_fast_fallback+0x1cd4/0x2260
[   85.176312][ T6448]  ? __pfx_gup_fast_fallback+0x10/0x10
[   85.176322][ T6448]  ? trace_contention_end+0x39/0x120
[   85.176335][ T6448]  ? __mutex_lock+0x330/0xe80
[   85.176347][ T6448]  ? is_valid_gup_args+0x11f/0x200
[   85.176358][ T6448]  ? get_user_pages_fast+0x4d/0xb0
[   85.176369][ T6448]  __iov_iter_get_pages_alloc+0x39a/0xb40
[   85.176385][ T6448]  ? __pfx_pipe_clear_nowait+0x10/0x10
[   85.176393][ T6448]  ? wait_for_space+0x24d/0x2d0
[   85.176406][ T6448]  iov_iter_get_pages2+0x5e/0xa0
[   85.176418][ T6448]  __se_sys_vmsplice+0x548/0x10d0
[   85.176440][ T6448]  ? __pfx___se_sys_vmsplice+0x10/0x10
[   85.176452][ T6448]  ? __pfx_futex_wait+0x10/0x10
[   85.176467][ T6448]  ? __lock_acquire+0xab9/0xd20
[   85.176494][ T6448]  ? do_pipe2+0xf7/0x170
[   85.176503][ T6448]  ? rcu_is_watching+0x15/0xb0
[   85.176515][ T6448]  ? do_syscall_64+0xbe/0x3b0
[   85.176527][ T6448]  do_syscall_64+0xfa/0x3b0
[   85.176535][ T6448]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.176543][ T6448]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.176553][ T6448]  ? exc_page_fault+0x9f/0xf0
[   85.176564][ T6448]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.176572][ T6448] RIP: 0033:0x7f27b298e929
[   85.176583][ T6448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.176604][ T6448] RSP: 002b:00007f27b37c8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000116
[   85.176615][ T6448] RAX: ffffffffffffffda RBX: 00007f27b2bb5fa0 RCX: 00007f27b298e929
[   85.176621][ T6448] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000009
[   85.176626][ T6448] RBP: 00007f27b2a10ca1 R08: 0000000000000000 R09: 0000000000000000
[   85.176632][ T6448] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[   85.176637][ T6448] R13: 0000000000000000 R14: 00007f27b2bb5fa0 R15: 00007ffc2158fcc8
[   85.176650][ T6448]  </TASK>
[   85.300369][ T6449] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[   85.414640][ T6431] tipc: Disabling bearer <eth:syzkaller0>
[   85.643301][ T6460] netlink: 'syz.0.230': attribute type 10 has an invalid length.
[   85.670552][ T6460] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   85.689322][ T6459] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   86.102778][ T6496] netlink: 12 bytes leftover after parsing attributes in process `syz.1.246'.
[   86.113666][ T6498] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   86.465432][ T6520] netlink: 76 bytes leftover after parsing attributes in process `syz.0.258'.
[   86.753932][    T9] cfg80211: failed to load regulatory.db
[   86.990529][ T6542] bond0: (slave bond_slave_0): Releasing backup interface
[   87.010929][ T6542] bond0: (slave bond_slave_1): Releasing backup interface
[   87.076860][ T6542] team0: Port device team_slave_0 removed
[   87.118476][ T6542] team0: Port device team_slave_1 removed
[   87.134252][ T6542] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   87.149430][ T6542] batman_adv: batadv0: Removing interface: batadv_slave_0
[   87.159767][ T6542] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   87.168288][ T6542] batman_adv: batadv0: Removing interface: batadv_slave_1
[   87.194278][ T6542] bond0: (slave wlan1): Releasing backup interface
[   87.336545][ T6553] Bluetooth: MGMT ver 1.23
[   87.457992][ T6558] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.554926][ T6558] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.623810][ T6558] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.701986][ T6558] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.855670][ T6558] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   87.893586][ T6558] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.910194][ T6558] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.938279][ T6558] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   88.073638][ T6590] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.112857][ T6590] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.154911][ T6590] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.208319][ T6590] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.631874][ T6620] netlink: 8 bytes leftover after parsing attributes in process `syz.2.300'.
[   88.643834][ T6620] vlan2: entered allmulticast mode
[   88.791736][ T6628] netlink: 'syz.2.304': attribute type 1 has an invalid length.
[   88.794861][ T6628] netlink: 228 bytes leftover after parsing attributes in process `syz.2.304'.
[   88.798313][ T6628] netlink: 8 bytes leftover after parsing attributes in process `syz.2.304'.
[   88.860176][ T6630] netlink: 20 bytes leftover after parsing attributes in process `syz.2.305'.
[   89.055568][ T6644] IPVS: length: 148 != 24
[   89.141642][ T6650] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[   89.144289][ T6650] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[   89.240331][ T6658] netlink: 'syz.0.318': attribute type 2 has an invalid length.
[   89.499189][ T6676] netlink: 12 bytes leftover after parsing attributes in process `syz.0.324'.
[   89.502830][ T6676] netlink: 8 bytes leftover after parsing attributes in process `syz.0.324'.
[   90.483250][ T6700] netlink: 256 bytes leftover after parsing attributes in process `syz.0.334'.
[   90.532204][ T6702] geneve2: entered promiscuous mode
[   90.774268][ T6711] netlink: 'syz.0.339': attribute type 2 has an invalid length.
[   90.777819][ T6711] netlink: 'syz.0.339': attribute type 1 has an invalid length.
[   90.781230][ T6711] netlink: 8 bytes leftover after parsing attributes in process `syz.0.339'.
[   91.185911][ T6734] netlink: 8 bytes leftover after parsing attributes in process `syz.0.350'.
[   91.499836][ T6754] netlink: 100 bytes leftover after parsing attributes in process `syz.2.354'.
[   91.503643][ T6754] netlink: 100 bytes leftover after parsing attributes in process `syz.2.354'.
[   91.525905][ T6590] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.541697][ T6590] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.561048][ T6590] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.573181][ T6590] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.145222][ T6777] netlink: 8 bytes leftover after parsing attributes in process `syz.2.365'.
[   92.152261][ T6777] netlink: 8 bytes leftover after parsing attributes in process `syz.2.365'.
[   92.702193][ T6800] xt_hashlimit: size too large, truncated to 1048576
[   92.828500][ T6794] netlink: 14 bytes leftover after parsing attributes in process `syz.0.372'.
[   93.131312][ T6794] bond0 (unregistering): Released all slaves
[   94.146727][ T6868] netlink: 'syz.2.406': attribute type 10 has an invalid length.
[   94.168205][ T6868] team0: Port device dummy0 added
[   94.172206][ T6868] netlink: 'syz.2.406': attribute type 10 has an invalid length.
[   94.175264][ T6868] 
[   94.176070][ T6868] ======================================================
[   94.178240][ T6868] WARNING: possible circular locking dependency detected
[   94.180523][ T6868] 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77-dirty #0 Not tainted
[   94.184168][ T6868] ------------------------------------------------------
[   94.186385][ T6868] syz.2.406/6868 is trying to acquire lock:
[   94.188155][ T6868] ffff888107390e00 (team->team_lock_key){+.+.}-{4:4}, at: team_device_event+0x182/0xa20
[   94.191341][ T6868] 
[   94.191341][ T6868] but task is already holding lock:
[   94.194105][ T6868] ffff88810ab38d30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: do_setlink+0x388/0x41c0
[   94.197313][ T6868] 
[   94.197313][ T6868] which lock already depends on the new lock.
[   94.197313][ T6868] 
[   94.200586][ T6868] 
[   94.200586][ T6868] the existing dependency chain (in reverse order) is:
[   94.203661][ T6868] 
[   94.203661][ T6868] -> #1 (&dev_instance_lock_key#3){+.+.}-{4:4}:
[   94.206377][ T6868]        lock_acquire+0x120/0x360
[   94.207912][ T6868]        __mutex_lock+0x182/0xe80
[   94.209459][ T6868]        dev_set_mtu+0x10e/0x260
[   94.211166][ T6868]        team_add_slave+0x8b8/0x2840
[   94.212863][ T6868]        do_set_master+0x533/0x6d0
[   94.214431][ T6868]        do_setlink+0xcf0/0x41c0
[   94.215990][ T6868]        rtnl_newlink+0x160b/0x1c70
[   94.217719][ T6868]        rtnetlink_rcv_msg+0x7cf/0xb70
[   94.219372][ T6868]        netlink_rcv_skb+0x208/0x470
[   94.221330][ T6868]        netlink_unicast+0x75c/0x8e0
[   94.223358][ T6868]        netlink_sendmsg+0x805/0xb30
[   94.225490][ T6868]        __sock_sendmsg+0x21c/0x270
[   94.227550][ T6868]        ____sys_sendmsg+0x505/0x830
[   94.229268][ T6868]        ___sys_sendmsg+0x21f/0x2a0
[   94.230946][ T6868]        __x64_sys_sendmsg+0x19b/0x260
[   94.232654][ T6868]        do_syscall_64+0xfa/0x3b0
[   94.234183][ T6868]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.236170][ T6868] 
[   94.236170][ T6868] -> #0 (team->team_lock_key){+.+.}-{4:4}:
[   94.238988][ T6868]        validate_chain+0xb9b/0x2140
[   94.241059][ T6868]        __lock_acquire+0xab9/0xd20
[   94.243061][ T6868]        lock_acquire+0x120/0x360
[   94.245042][ T6868]        __mutex_lock+0x182/0xe80
[   94.247069][ T6868]        team_device_event+0x182/0xa20
[   94.249201][ T6868]        notifier_call_chain+0x1b6/0x3e0
[   94.251441][ T6868]        __dev_notify_flags+0x18d/0x2e0
[   94.253603][ T6868]        netif_change_flags+0xe8/0x1a0
[   94.255786][ T6868]        do_setlink+0xc55/0x41c0
[   94.257779][ T6868]        rtnl_newlink+0x160b/0x1c70
[   94.259833][ T6868]        rtnetlink_rcv_msg+0x7cf/0xb70
[   94.261944][ T6868]        netlink_rcv_skb+0x208/0x470
[   94.264058][ T6868]        netlink_unicast+0x75c/0x8e0
[   94.266156][ T6868]        netlink_sendmsg+0x805/0xb30
[   94.268224][ T6868]        __sock_sendmsg+0x21c/0x270
[   94.270273][ T6868]        ____sys_sendmsg+0x505/0x830
[   94.272362][ T6868]        ___sys_sendmsg+0x21f/0x2a0
[   94.274446][ T6868]        __x64_sys_sendmsg+0x19b/0x260
[   94.276601][ T6868]        do_syscall_64+0xfa/0x3b0
[   94.278605][ T6868]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.281069][ T6868] 
[   94.281069][ T6868] other info that might help us debug this:
[   94.281069][ T6868] 
[   94.284869][ T6868]  Possible unsafe locking scenario:
[   94.284869][ T6868] 
[   94.287712][ T6868]        CPU0                    CPU1
[   94.289727][ T6868]        ----                    ----
[   94.291813][ T6868]   lock(&dev_instance_lock_key#3);
[   94.293885][ T6868]                                lock(team->team_lock_key);
[   94.296735][ T6868]                                lock(&dev_instance_lock_key#3);
[   94.299712][ T6868]   lock(team->team_lock_key);
[   94.301632][ T6868] 
[   94.301632][ T6868]  *** DEADLOCK ***
[   94.301632][ T6868] 
[   94.304776][ T6868] 2 locks held by syz.2.406/6868:
[   94.306761][ T6868]  #0: ffffffff8f51bb48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[   94.310319][ T6868]  #1: ffff88810ab38d30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: do_setlink+0x388/0x41c0
[   94.314292][ T6868] 
[   94.314292][ T6868] stack backtrace:
[   94.316615][ T6868] CPU: 1 UID: 0 PID: 6868 Comm: syz.2.406 Not tainted 6.16.0-rc5-syzkaller-00212-g9f735b6f8a77-dirty #0 PREEMPT(full) 
[   94.316637][ T6868] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   94.316648][ T6868] Call Trace:
[   94.316659][ T6868]  <TASK>
[   94.316669][ T6868]  dump_stack_lvl+0x189/0x250
[   94.316694][ T6868]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.316712][ T6868]  ? __pfx__printk+0x10/0x10
[   94.316732][ T6868]  ? print_lock_name+0xde/0x100
[   94.316754][ T6868]  print_circular_bug+0x2ee/0x310
[   94.316775][ T6868]  check_noncircular+0x134/0x160
[   94.316795][ T6868]  validate_chain+0xb9b/0x2140
[   94.316814][ T6868]  ? __lock_acquire+0xab9/0xd20
[   94.316832][ T6868]  __lock_acquire+0xab9/0xd20
[   94.316848][ T6868]  ? team_device_event+0x182/0xa20
[   94.316862][ T6868]  lock_acquire+0x120/0x360
[   94.316875][ T6868]  ? team_device_event+0x182/0xa20
[   94.316891][ T6868]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   94.316920][ T6868]  __mutex_lock+0x182/0xe80
[   94.316946][ T6868]  ? team_device_event+0x182/0xa20
[   94.316964][ T6868]  ? __try_to_del_timer_sync+0x34a/0x3a0
[   94.316987][ T6868]  ? team_device_event+0x182/0xa20
[   94.317001][ T6868]  ? __pfx___mutex_lock+0x10/0x10
[   94.317016][ T6868]  ? __timer_delete_sync+0x218/0x2d0
[   94.317045][ T6868]  team_device_event+0x182/0xa20
[   94.317061][ T6868]  notifier_call_chain+0x1b6/0x3e0
[   94.317081][ T6868]  __dev_notify_flags+0x18d/0x2e0
[   94.317107][ T6868]  ? __pfx___dev_notify_flags+0x10/0x10
[   94.317124][ T6868]  ? __dev_change_flags+0x4cc/0x6d0
[   94.317145][ T6868]  ? __pfx___dev_change_flags+0x10/0x10
[   94.317164][ T6868]  ? __pfx_console_unlock+0x10/0x10
[   94.317182][ T6868]  ? irq_work_queue+0xc3/0x140
[   94.317196][ T6868]  netif_change_flags+0xe8/0x1a0
[   94.317218][ T6868]  do_setlink+0xc55/0x41c0
[   94.317244][ T6868]  ? __pfx_do_setlink+0x10/0x10
[   94.317264][ T6868]  ? _printk+0xcf/0x120
[   94.317282][ T6868]  ? __pfx____ratelimit+0x10/0x10
[   94.317301][ T6868]  ? __lock_acquire+0xab9/0xd20
[   94.317319][ T6868]  ? __mutex_trylock_common+0x153/0x260
[   94.317340][ T6868]  ? __pfx___mutex_trylock_common+0x10/0x10
[   94.317362][ T6868]  ? rcu_is_watching+0x15/0xb0
[   94.317378][ T6868]  ? trace_contention_end+0x39/0x120
[   94.317426][ T6868]  ? __mutex_lock+0x330/0xe80
[   94.317445][ T6868]  ? __pfx_aa_get_newest_label+0x10/0x10
[   94.317460][ T6868]  ? rtnl_newlink+0x8db/0x1c70
[   94.317480][ T6868]  ? rcu_is_watching+0x15/0xb0
[   94.317498][ T6868]  ? __pfx___mutex_lock+0x10/0x10
[   94.317518][ T6868]  ? ns_capable+0x8a/0xf0
[   94.317536][ T6868]  ? rtnl_link_get_net_capable+0x16a/0x350
[   94.317559][ T6868]  rtnl_newlink+0x160b/0x1c70
[   94.317578][ T6868]  ? netlink_sendmsg+0x805/0xb30
[   94.317602][ T6868]  ? __pfx_rtnl_newlink+0x10/0x10
[   94.317627][ T6868]  ? kasan_quarantine_put+0xdd/0x220
[   94.317646][ T6868]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.317662][ T6868]  ? nlmon_xmit+0xb0/0x100
[   94.317680][ T6868]  ? kmem_cache_free+0x18f/0x400
[   94.317703][ T6868]  ? __local_bh_enable_ip+0x12d/0x1c0
[   94.317720][ T6868]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.317735][ T6868]  ? __local_bh_enable_ip+0x12d/0x1c0
[   94.317752][ T6868]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   94.317770][ T6868]  ? __dev_queue_xmit+0x27e/0x3a70
[   94.317788][ T6868]  ? __lock_acquire+0xab9/0xd20
[   94.317809][ T6868]  ? __pfx_rtnl_newlink+0x10/0x10
[   94.317827][ T6868]  rtnetlink_rcv_msg+0x7cf/0xb70
[   94.317846][ T6868]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[   94.317863][ T6868]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   94.317880][ T6868]  ? ref_tracker_free+0x63a/0x7d0
[   94.317895][ T6868]  ? __copy_skb_header+0xa7/0x550
[   94.317918][ T6868]  ? __pfx_ref_tracker_free+0x10/0x10
[   94.317940][ T6868]  ? __skb_clone+0x63/0x7a0
[   94.317955][ T6868]  netlink_rcv_skb+0x208/0x470
[   94.317976][ T6868]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   94.317995][ T6868]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   94.318019][ T6868]  ? netlink_deliver_tap+0x2e/0x1b0
[   94.318039][ T6868]  ? netlink_deliver_tap+0x2e/0x1b0
[   94.318060][ T6868]  netlink_unicast+0x75c/0x8e0
[   94.318080][ T6868]  netlink_sendmsg+0x805/0xb30
[   94.318105][ T6868]  ? __pfx_netlink_sendmsg+0x10/0x10
[   94.318128][ T6868]  ? aa_sock_msg_perm+0x94/0x160
[   94.318143][ T6868]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   94.318159][ T6868]  ? __pfx_netlink_sendmsg+0x10/0x10
[   94.318176][ T6868]  __sock_sendmsg+0x21c/0x270
[   94.318194][ T6868]  ____sys_sendmsg+0x505/0x830
[   94.318218][ T6868]  ? __pfx_____sys_sendmsg+0x10/0x10
[   94.318242][ T6868]  ? import_iovec+0x74/0xa0
[   94.318262][ T6868]  ___sys_sendmsg+0x21f/0x2a0
[   94.318281][ T6868]  ? __pfx____sys_sendmsg+0x10/0x10
[   94.318311][ T6868]  ? __fget_files+0x2a/0x420
[   94.318324][ T6868]  ? __fget_files+0x3a0/0x420
[   94.318341][ T6868]  __x64_sys_sendmsg+0x19b/0x260
[   94.318365][ T6868]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   94.318422][ T6868]  ? rcu_is_watching+0x15/0xb0
[   94.318443][ T6868]  ? do_syscall_64+0xbe/0x3b0
[   94.318464][ T6868]  do_syscall_64+0xfa/0x3b0
[   94.318480][ T6868]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.318495][ T6868]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.318510][ T6868]  ? exc_page_fault+0x9f/0xf0
[   94.318524][ T6868]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.318540][ T6868] RIP: 0033:0x7f12a858e929
[   94.318557][ T6868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.318571][ T6868] RSP: 002b:00007f12a9318038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   94.318588][ T6868] RAX: ffffffffffffffda RBX: 00007f12a87b5fa0 RCX: 00007f12a858e929
[   94.318599][ T6868] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000004
[   94.318608][ T6868] RBP: 00007f12a8610ca1 R08: 0000000000000000 R09: 0000000000000000
[   94.318618][ T6868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   94.318627][ T6868] R13: 0000000000000000 R14: 00007f12a87b5fa0 R15: 00007ffd19bffa28
[   94.318642][ T6868]  </TASK>
[   94.524063][ T6868] team0: Port device dummy0 removed
[   94.527476][ T6868] bond0: (slave dummy0): Enslaving as an active interface with an up link

VM DIAGNOSIS:
09:14:20  Registers:
info registers vcpu 0

CPU#0
RAX=ffffffff81b4c210 RBX=ffff88804b03b1c0 RCX=ffff888027031cc0 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=ffffc900034af6c0 RSP=ffffc900034af560
R8 =ffffffff8fa1d5f7 R9 =1ffffffff1f43abe R10=dffffc0000000000 R11=fffffbfff1f43abf
R12=1ffff11026cc7f5d R13=dffffc0000000000 R14=0000000000000001 R15=ffff88813663fae8
RIP=ffffffff81b4c1f9 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555562fbe500 ffffffff 00c00000
GS =0000 ffff8880b8626000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f27b36e56c0 CR3=0000000111dc0000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=0000000000000000 0000000000000000 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f27b2a11df9
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000000d RBX=000000000000000d RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000002dae RDI=0000000000002daf RBP=00000000000003f8 RSP=ffffc9000422df10
R8 =ffff888108650237 R9 =1ffff110210ca046 R10=dffffc0000000000 R11=ffffffff85460db0
R12=dffffc0000000000 R13=ffffffff99aee8d4 R14=ffffffff99df32e0 R15=0000000000000000
RIP=ffffffff85460e2c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f12a93186c0 ffffffff 00c00000
GS =0000 ffff8881a3c26000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c2f6d64 CR3=0000000029686000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f12a8786478 00007f12a8786450 XMM03=00007f12a8786488 00007f12a8786480
XMM04=00007f12a92ed100 00007f12a8786440 XMM05=00007f12a8786458 00007f12a87864a0
XMM06=00007f12a8786498 00007f12a8786490 XMM07=00007f12a8786488 00007f12a8786480
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 00007f12a8611df9
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
