last executing test programs:

524.11033ms ago: executing program 0 (id=144):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x331e5c6805043cda)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x20e, 0x0, 0x0, 0x0, 0x0, 0x31, 0x6000000000000000, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket(0x1a, 0x4, 0x4)
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd2d, 0x400000, {0x0, 0x0, 0x0, r1, {}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xc, 0xa}}]}}]}, 0x40}}, 0x2004c850)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

463.222471ms ago: executing program 0 (id=146):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, 0x0, &(0x7f0000000140))

463.079914ms ago: executing program 1 (id=147):
r0 = socket(0xa, 0x3, 0x3a)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_link_settings={0x4d, 0x0, 0x4, 0x0, 0x7, 0x0, 0x0, 0x0, 0x20, 0xfd, [0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x4, 0x2]}})

462.973342ms ago: executing program 0 (id=148):
r0 = socket(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x5}}, 0x1c)
connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e)

462.825061ms ago: executing program 1 (id=149):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0xc2300, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x6}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd25, 0x4, {0x0, 0x0, 0x0, r2, {0x4, 0x2}, {}, {0x1, 0x6}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ETH_DST={0xa, 0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}}, @TCA_FLOWER_KEY_ETH_DST_MASK={0xa, 0x5, [0x0, 0xff, 0x0, 0x0, 0x0, 0xff]}]}}]}, 0x4c}}, 0x20040054)

462.741487ms ago: executing program 0 (id=150):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_group_source_req(r0, 0x0, 0x2f, &(0x7f0000000700)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x4e20, @broadcast}}}, 0x108)
setsockopt$inet_group_source_req(r0, 0x0, 0x2b, &(0x7f0000000000)={0x2, {{0x2, 0x4e26, @multicast2}}, {{0x2, 0x2, @dev={0xac, 0x14, 0x14, 0x37}}}}, 0x108)

394.079248ms ago: executing program 0 (id=151):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x300000d, 0x6052, r0, 0x1000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000002000000851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000100180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222}, 0x78)

393.668206ms ago: executing program 1 (id=153):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
r1 = socket$packet(0x11, 0x2, 0x300)
getsockname$packet(r1, &(0x7f00000000c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140))
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_AF_SPEC={0x14, 0x1a, 0x0, 0x1, [@AF_INET={0x10, 0x2, 0x0, 0x1, {0xc, 0x1, 0x0, 0x1, [{0x8}]}}]}]}, 0x34}}, 0x0)

334.178216ms ago: executing program 0 (id=154):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6(0xa, 0x800000000000002, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_group_source_req(r0, 0x0, 0x2f, &(0x7f0000000700)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x4e20, @broadcast}}}, 0x108)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/96, 0x2329000, 0x800}, 0x20)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x2, 0x100, @private=0xa010102}, 0x10, 0x0, 0x0, 0x0, 0x68}, 0xc00)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
setsockopt$inet_group_source_req(r0, 0x0, 0x2b, &(0x7f0000000240)={0x2, {{0x2, 0x4e26, @multicast2}}, {{0x2, 0x2, @dev={0xac, 0x14, 0x14, 0x37}}}}, 0x108)

333.671814ms ago: executing program 1 (id=156):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffa, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private0}, @in={0x2, 0x0, @multicast2}, @in6={0xa, 0x0, 0xd7d9, @loopback}, @in={0x2, 0x4e21, @dev}], 0x58)

271.669872ms ago: executing program 1 (id=159):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a31000000000800054000000004"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r1, 0x0, 0x40080c0)
write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRESHEX], 0xa)
syz_emit_ethernet(0x46, &(0x7f00000003c0)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0xf5}}}}}}, 0x0)
bind$qrtr(0xffffffffffffffff, &(0x7f0000000500)={0x2a, 0x1, 0x1}, 0xc)

271.161509ms ago: executing program 1 (id=160):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r1, 0x8)
sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x2, 0x9, 0x4, 0x2, 0x2, 0x0, 0x70bd29, 0x25dfdbfe}, 0x10}}, 0x20000c04)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=[{0x10, 0x1}, {0x10, 0x84, 0x1}], 0x20}, 0x20000000)
syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, 0x0, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000480)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0xa, 0x10, 0x3, 0x0, 0x0, {[@md5sig={0x13, 0x12, "d242d7728c9386c4a0ac7e05bafbae38"}]}}}}}}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x19, 0x4, 0x4, 0x20002, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r5 = socket(0x10, 0x80003, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000000000000000000100000e00"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000000}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0x0, 0xa, 0x89c8, 0x40401, r4, 0x7f, '\x00', r7, 0xffffffffffffffff, 0x4, 0x0, 0x3, 0x2}, 0x50)
sendmsg$TIPC_NL_NET_GET(r0, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x7c, 0x0, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_MEDIA={0x68, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xf}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x401}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x4000005)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0xa, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x9a}}, 0x0, 0x7fff, 0x0, 0x0, 0x41000, 0x60, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1ff}, 0x94)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="a03700002d00010026bd7000fcdbdf250400000005000b00", @ANYRES32=r0, @ANYBLOB="81120c"], 0x37a0}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)

142.900134ms ago: executing program 2 (id=164):
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r1}, 0x10)
r2 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x34, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r3, {0x0, 0xf}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}}, 0x0)

142.450914ms ago: executing program 2 (id=165):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r2=>0x0]}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000040)={r2, 0x101}, 0x8)

74.23773ms ago: executing program 2 (id=166):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x22, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc}}}, 0x24}}, 0x0)

74.134633ms ago: executing program 2 (id=167):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000e00)=ANY=[@ANYBLOB="b4000000000000007910280000000000150000000000000095000010000000009ee3fd3fb812ca5fa206e5f5a663e44259594903aa2c7c73c41069731415510985d32ff27f416867e7e90fef8b13c29962f3c680c829f6c6b88c22f4e37af7bc6d592140df63026c2313725312ba18ea77c834ef80fa17cc0fb3928fc61b45e6c54e1bf618a0c6f50c0ec682e20d7332860eac63b2b1ba0b908004328fac6715959b948cfd82a77524fbe9ef43966d246be6d79564bacd8ab0664449f77e482ae2e9e2d07251b445cf7350ce52abe1843a0d64440381bae4a111f562f4d8b01354d9343b581fcfd86befed0534525ea92b09fd20d7b4cc77f6793ce7207d88a72f136af30c516bf05c45f5551c8453146a4e7424e27025e4e9679609349ac2ee34a6708bc4dd63afce3df464915923331ffa6613e9888bdcc66236eff3e14973bcda2fa982000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48)

2.092851ms ago: executing program 2 (id=168):
syz_genetlink_get_family_id$netlbl_unlabel(0x0, 0xffffffffffffffff)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000005340), r0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000053c0)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_SET_PAN_ID(r0, &(0x7f0000005480)={0x0, 0x0, &(0x7f0000005440)={&(0x7f0000005400)={0x1c, r1, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8040}, 0x4004)

0s ago: executing program 2 (id=169):
unshare(0x20000400)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r1, 0x0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:49616' (ED25519) to the list of known hosts.
syzkaller login: [   47.924420][ T5807] cgroup: Unknown subsys name 'net'
[   48.034940][ T5807] cgroup: Unknown subsys name 'cpuset'
[   48.038439][ T5807] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   49.306070][ T5807] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   52.739833][ T5818] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   52.745253][ T5818] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   52.747895][ T5818] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   52.750694][ T5818] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   52.753229][ T5818] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   52.766349][ T5208] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   52.769860][ T5822] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   52.774190][ T5822] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   52.778331][ T5822] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   52.781949][ T5822] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   52.805255][ T5822] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   52.808351][ T5822] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   52.810988][ T5822] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   52.815107][ T5822] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   52.817864][ T5822] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   53.009808][ T5815] chnl_net:caif_netlink_parms(): no params data found
[   53.028622][ T5819] chnl_net:caif_netlink_parms(): no params data found
[   53.128311][ T5823] chnl_net:caif_netlink_parms(): no params data found
[   53.138526][ T5815] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.141452][ T5815] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.144123][ T5815] bridge_slave_0: entered allmulticast mode
[   53.147000][ T5815] bridge_slave_0: entered promiscuous mode
[   53.167610][ T5815] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.169958][ T5815] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.172327][ T5815] bridge_slave_1: entered allmulticast mode
[   53.175947][ T5815] bridge_slave_1: entered promiscuous mode
[   53.192879][ T5819] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.195230][ T5819] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.197588][ T5819] bridge_slave_0: entered allmulticast mode
[   53.200268][ T5819] bridge_slave_0: entered promiscuous mode
[   53.203663][ T5819] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.205973][ T5819] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.208209][ T5819] bridge_slave_1: entered allmulticast mode
[   53.210882][ T5819] bridge_slave_1: entered promiscuous mode
[   53.251185][ T5815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.259926][ T5819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.264804][ T5815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.282107][ T5819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.317149][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.319883][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.323109][ T5823] bridge_slave_0: entered allmulticast mode
[   53.325935][ T5823] bridge_slave_0: entered promiscuous mode
[   53.338167][ T5815] team0: Port device team_slave_0 added
[   53.340473][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.343592][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.346017][ T5823] bridge_slave_1: entered allmulticast mode
[   53.353942][ T5823] bridge_slave_1: entered promiscuous mode
[   53.358369][ T5819] team0: Port device team_slave_0 added
[   53.364136][ T5815] team0: Port device team_slave_1 added
[   53.415817][ T5819] team0: Port device team_slave_1 added
[   53.427314][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.439093][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_0
[   53.441426][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.449753][ T5815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   53.456059][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.468293][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_0
[   53.470627][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.479322][ T5819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   53.484056][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_1
[   53.486292][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.494709][ T5815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   53.505697][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_1
[   53.507969][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.516415][ T5819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   53.537213][ T5823] team0: Port device team_slave_0 added
[   53.549323][ T5823] team0: Port device team_slave_1 added
[   53.599673][ T5819] hsr_slave_0: entered promiscuous mode
[   53.602080][ T5819] hsr_slave_1: entered promiscuous mode
[   53.621325][ T5815] hsr_slave_0: entered promiscuous mode
[   53.624621][ T5815] hsr_slave_1: entered promiscuous mode
[   53.627384][ T5815] debugfs: 'hsr0' already exists in 'hsr'
[   53.629319][ T5815] Cannot create hsr debugfs directory
[   53.631858][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0
[   53.635466][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.643823][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   53.653465][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1
[   53.655700][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.664510][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   53.759631][ T5823] hsr_slave_0: entered promiscuous mode
[   53.761873][ T5823] hsr_slave_1: entered promiscuous mode
[   53.764495][ T5823] debugfs: 'hsr0' already exists in 'hsr'
[   53.766421][ T5823] Cannot create hsr debugfs directory
[   53.865206][ T5819] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   53.879051][ T5819] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   53.899258][ T5819] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   53.924570][ T5819] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   53.964954][ T5815] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   53.974352][ T5815] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   53.979270][ T5815] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   53.990455][ T5815] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   54.040240][ T5823] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   54.050572][ T5823] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   54.058788][ T5823] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   54.064694][ T5823] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   54.150278][ T5815] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.161041][ T5819] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.178583][ T5819] 8021q: adding VLAN 0 to HW filter on device team0
[   54.185155][ T5815] 8021q: adding VLAN 0 to HW filter on device team0
[   54.192151][ T1372] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.194609][ T1372] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.206502][ T1372] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.209142][ T1372] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.217534][ T1372] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.220089][ T1372] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.227809][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.233975][ T1372] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.236476][ T1372] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.259105][ T5823] 8021q: adding VLAN 0 to HW filter on device team0
[   54.281748][ T1372] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.284652][ T1372] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.298549][ T1372] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.300899][ T1372] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.400308][ T5815] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.437600][ T5819] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.467323][ T5815] veth0_vlan: entered promiscuous mode
[   54.482249][ T5819] veth0_vlan: entered promiscuous mode
[   54.487551][ T5815] veth1_vlan: entered promiscuous mode
[   54.495166][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.506550][ T5819] veth1_vlan: entered promiscuous mode
[   54.520815][ T5815] veth0_macvtap: entered promiscuous mode
[   54.529748][ T5815] veth1_macvtap: entered promiscuous mode
[   54.553407][ T5823] veth0_vlan: entered promiscuous mode
[   54.556361][ T5819] veth0_macvtap: entered promiscuous mode
[   54.560280][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_0
[   54.565375][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_1
[   54.574894][ T5819] veth1_macvtap: entered promiscuous mode
[   54.584940][ T5828] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   54.591063][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   54.597665][ T5823] veth1_vlan: entered promiscuous mode
[   54.601217][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   54.607635][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   54.611626][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_0
[   54.627243][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_1
[   54.634565][ T5828] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   54.648604][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   54.651480][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   54.665997][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   54.686082][ T5823] veth0_macvtap: entered promiscuous mode
[   54.693672][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   54.696326][ T5823] veth1_macvtap: entered promiscuous mode
[   54.696377][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   54.727232][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0
[   54.740314][ T3625] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   54.741704][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1
[   54.746737][ T3625] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   54.763535][ T5828] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   54.767344][ T5828] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   54.768989][ T3625] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   54.784683][ T3625] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   54.793374][ T5828] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   54.803650][ T5818] Bluetooth: hci1: command tx timeout
[   54.804199][ T5822] Bluetooth: hci0: command tx timeout
[   54.810477][ T5828] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   54.825877][ T3535] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   54.831665][ T3535] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   54.840208][ T5815] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   54.863512][ T3535] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   54.866082][ T3535] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   54.882743][ T5822] Bluetooth: hci2: command tx timeout
[   54.902338][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   54.906198][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   54.935582][ T5884] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3'.
[   54.942568][ T5884] block nbd0: not configured, cannot reconfigure
[   55.039666][ T5889] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5'.
[   55.075103][ T5893] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2'.
[   55.104134][ T5897] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[   55.170359][ T5902] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8'.
[   55.177972][ T5903] netlink: 'syz.1.9': attribute type 6 has an invalid length.
[   55.181540][ T5903] netlink: 'syz.1.9': attribute type 6 has an invalid length.
[   55.220052][ T5903] Zero length message leads to an empty skb
[   55.360516][ T5917] netlink: 'syz.1.15': attribute type 10 has an invalid length.
[   55.393873][ T5917] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.396872][ T5917] team0: Port device bond0 added
[   55.473632][ T5929] lo speed is unknown, defaulting to 1000
[   55.477702][ T5929] lo speed is unknown, defaulting to 1000
[   55.485821][ T5931] sctp: [Deprecated]: syz.1.23 (pid 5931) Use of int in maxseg socket option.
[   55.485821][ T5931] Use struct sctp_assoc_value instead
[   55.487669][ T5929] lo speed is unknown, defaulting to 1000
[   55.492565][ T5927] tap0: tun_chr_ioctl cmd 1074025675
[   55.494298][ T5927] tap0: persist disabled
[   55.498555][ T5929] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   55.514200][ T5929] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   55.536598][ T5929] lo speed is unknown, defaulting to 1000
[   55.540091][ T5929] lo speed is unknown, defaulting to 1000
[   55.545271][ T5929] lo speed is unknown, defaulting to 1000
[   55.621884][ T5936] lo speed is unknown, defaulting to 1000
[   55.661545][ T5945] gretap1: entered promiscuous mode
[   55.670003][ T5945] netlink: 240 bytes leftover after parsing attributes in process `syz.0.29'.
[   55.720221][ T5951] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   55.726382][ T5948] netlink: 'syz.2.30': attribute type 1 has an invalid length.
[   55.770984][ T5948] bond1 (unregistering): Released all slaves
[   55.834533][ T5959] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   55.840896][ T5960] netlink: 28 bytes leftover after parsing attributes in process `syz.2.30'.
[   56.038221][ T5971] netlink: 8 bytes leftover after parsing attributes in process `syz.2.39'.
[   56.242254][ T5986] netlink: 20 bytes leftover after parsing attributes in process `syz.1.45'.
[   56.264200][ T5986] nbd: socks must be embedded in a SOCK_ITEM attr
[   56.270498][ T5938] block nbd64: NBD_DISCONNECT
[   56.691226][ T6019] sctp: [Deprecated]: syz.1.59 (pid 6019) Use of struct sctp_assoc_value in delayed_ack socket option.
[   56.691226][ T6019] Use struct sctp_sack_info instead
[   56.711226][ T6018] bond_slave_0: entered promiscuous mode
[   56.713230][ T6018] bond_slave_1: entered promiscuous mode
[   56.713756][ T6019] sctp: [Deprecated]: syz.1.59 (pid 6019) Use of struct sctp_assoc_value in delayed_ack socket option.
[   56.713756][ T6019] Use struct sctp_sack_info instead
[   56.715867][ T6018] vlan2: entered promiscuous mode
[   56.725140][ T6018] bond0: entered promiscuous mode
[   56.883094][ T5822] Bluetooth: hci1: command tx timeout
[   56.892654][ T5822] Bluetooth: hci0: command tx timeout
[   56.942119][ T6034] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   56.973100][ T5822] Bluetooth: hci2: command tx timeout
[   57.294302][ T6061] netlink: 'syz.1.80': attribute type 6 has an invalid length.
[   57.300547][ T6061] netlink: 176 bytes leftover after parsing attributes in process `syz.1.80'.
[   57.332405][ T6064] syz.2.81 uses obsolete (PF_INET,SOCK_PACKET)
[   57.357366][ T6066] netlink: 4 bytes leftover after parsing attributes in process `syz.1.83'.
[   57.403029][ T6071] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[   57.864090][ T6120] warning: `syz.0.106' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   58.004360][ T6137] netlink: 'syz.0.115': attribute type 1 has an invalid length.
[   58.006933][ T6137] netlink: 'syz.0.115': attribute type 4 has an invalid length.
[   58.050480][ T6145] Driver unsupported XDP return value 0 on prog  (id 20) dev N/A, expect packet loss!
[   58.097095][ T6149] dvmrp0: entered allmulticast mode
[   58.913808][ T6240] netlink: 'syz.1.160': attribute type 12 has an invalid length.
[   58.974722][ T5822] Bluetooth: hci0: command tx timeout
[   58.976546][ T5822] Bluetooth: hci1: command tx timeout
[   59.042796][ T5818] Bluetooth: hci2: command tx timeout
Connection to localhost closed by remote host.
[   59.427438][ T5880] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.513093][ T5880] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.576764][ T5880] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.641796][ T5880] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   59.730810][ T5880] bridge_slave_1: left allmulticast mode
[   59.732866][ T5880] bridge_slave_1: left promiscuous mode
[   59.735473][ T5880] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.740428][ T5880] bridge_slave_0: left allmulticast mode
[   59.742248][ T5880] bridge_slave_0: left promiscuous mode
[   59.745848][ T5880] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.914643][ T5880] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   59.917814][ T5880] bond_slave_0: left promiscuous mode
[   59.921269][ T5880] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   59.925773][ T5880] bond_slave_1: left promiscuous mode
[   59.928744][ T5880] bond0 (unregistering): Released all slaves
[   60.133460][ T5880] hsr_slave_0: left promiscuous mode
[   60.135634][ T5880] hsr_slave_1: left promiscuous mode
[   60.137675][ T5880] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   60.140055][ T5880] batman_adv: batadv0: Removing interface: batadv_slave_0
[   60.143731][ T5880] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   60.146144][ T5880] batman_adv: batadv0: Removing interface: batadv_slave_1
[   60.155752][ T5880] veth1_macvtap: left promiscuous mode
[   60.157670][ T5880] veth0_macvtap: left promiscuous mode
[   60.159660][ T5880] veth1_vlan: left promiscuous mode
[   60.161620][ T5880] veth0_vlan: left promiscuous mode
[   60.389737][ T5880] team0 (unregistering): Port device team_slave_1 removed
[   60.406623][ T5880] team0 (unregistering): Port device team_slave_0 removed
[   60.874658][ T5880] ------------[ cut here ]------------
[   60.876637][ T5880] WARNING: CPU: 1 PID: 5880 at net/xfrm/xfrm_state.c:3303 xfrm_state_fini+0x270/0x2f0
[   60.879835][ T5880] Modules linked in:
[   60.881336][ T5880] CPU: 1 UID: 0 PID: 5880 Comm: kworker/u8:4 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f-dirty #0 PREEMPT(full) 
[   60.886357][ T5880] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   60.889764][ T5880] Workqueue: netns cleanup_net
[   60.891337][ T5880] RIP: 0010:xfrm_state_fini+0x270/0x2f0
[   60.893564][ T5880] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 88 50 0a f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 46 1f eb f7 e8 81 2d a7 f7 90 <0f> 0b 90 e9 fd fd ff ff e8 73 2d a7 f7 90 0f 0b 90 e9 60 fe ff ff
[   60.899791][ T5880] RSP: 0018:ffffc90003c3f898 EFLAGS: 00010293
[   60.901865][ T5880] RAX: ffffffff8a18832f RBX: ffff8881090da440 RCX: ffff888028155640
[   60.904664][ T5880] RDX: 0000000000000000 RSI: ffffffff8db65e93 RDI: ffff888028155640
[   60.907311][ T5880] RBP: ffffc90003c3f9b0 R08: ffffffff8fa07af7 R09: 1ffffffff1f40f5e
[   60.909950][ T5880] R10: dffffc0000000000 R11: fffffbfff1f40f5f R12: ffffffff8f601a20
[   60.913114][ T5880] R13: 1ffff92000787f40 R14: ffff8881090db8c0 R15: dffffc0000000000
[   60.915929][ T5880] FS:  0000000000000000(0000) GS:ffff8881a3c80000(0000) knlGS:0000000000000000
[   60.919065][ T5880] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   60.921266][ T5880] CR2: 00007fbfdb9b7dac CR3: 000000010e942000 CR4: 00000000000006f0
[   60.924269][ T5880] Call Trace:
[   60.925378][ T5880]  <TASK>
[   60.926356][ T5880]  xfrm_net_exit+0x2d/0x70
[   60.927894][ T5880]  ops_undo_list+0x49a/0x990
[   60.929481][ T5880]  ? __pfx_ops_undo_list+0x10/0x10
[   60.931161][ T5880]  ? do_raw_spin_unlock+0x4d/0x240
[   60.933645][ T5880]  cleanup_net+0x4c5/0x800
[   60.935169][ T5880]  ? __pfx_cleanup_net+0x10/0x10
[   60.936835][ T5880]  ? _raw_spin_unlock_irq+0x23/0x50
[   60.938529][ T5880]  ? process_scheduled_works+0x9ef/0x17b0
[   60.940367][ T5880]  ? process_scheduled_works+0x9ef/0x17b0
[   60.942298][ T5880]  process_scheduled_works+0xae1/0x17b0
[   60.944332][ T5880]  ? __pfx_process_scheduled_works+0x10/0x10
[   60.946273][ T5880]  worker_thread+0x8a0/0xda0
[   60.947838][ T5880]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   60.950058][ T5880]  ? __kthread_parkme+0x7b/0x200
[   60.951903][ T5880]  kthread+0x711/0x8a0
[   60.953609][ T5880]  ? __pfx_worker_thread+0x10/0x10
[   60.955333][ T5880]  ? __pfx_kthread+0x10/0x10
[   60.956833][ T5880]  ? _raw_spin_unlock_irq+0x23/0x50
[   60.958570][ T5880]  ? lockdep_hardirqs_on+0x9c/0x150
[   60.960278][ T5880]  ? __pfx_kthread+0x10/0x10
[   60.961843][ T5880]  ret_from_fork+0x3fc/0x770
[   60.963503][ T5880]  ? __pfx_ret_from_fork+0x10/0x10
[   60.965141][ T5880]  ? __switch_to_asm+0x39/0x70
[   60.966731][ T5880]  ? __switch_to_asm+0x33/0x70
[   60.968276][ T5880]  ? __pfx_kthread+0x10/0x10
[   60.969859][ T5880]  ret_from_fork_asm+0x1a/0x30
[   60.971426][ T5880]  </TASK>
[   60.972800][ T5880] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   60.975467][ T5880] CPU: 1 UID: 0 PID: 5880 Comm: kworker/u8:4 Not tainted 6.16.0-syzkaller-06574-gd9104cec3e8f-dirty #0 PREEMPT(full) 
[   60.979772][ T5880] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   60.983190][ T5880] Workqueue: netns cleanup_net
[   60.984813][ T5880] Call Trace:
[   60.985951][ T5880]  <TASK>
[   60.986945][ T5880]  dump_stack_lvl+0x99/0x250
[   60.988450][ T5880]  ? __asan_memcpy+0x40/0x70
[   60.990032][ T5880]  ? __pfx_dump_stack_lvl+0x10/0x10
[   60.991846][ T5880]  ? __pfx__printk+0x10/0x10
[   60.993708][ T5880]  panic+0x2db/0x790
[   60.994960][ T5880]  ? __pfx_panic+0x10/0x10
[   60.996350][ T5880]  ? ret_from_fork_asm+0x1a/0x30
[   60.997901][ T5880]  __warn+0x31b/0x4b0
[   60.999235][ T5880]  ? xfrm_state_fini+0x270/0x2f0
[   61.000843][ T5880]  ? xfrm_state_fini+0x270/0x2f0
[   61.002505][ T5880]  report_bug+0x2be/0x4f0
[   61.003890][ T5880]  ? xfrm_state_fini+0x270/0x2f0
[   61.005517][ T5880]  ? xfrm_state_fini+0x270/0x2f0
[   61.007118][ T5880]  ? xfrm_state_fini+0x272/0x2f0
[   61.008656][ T5880]  handle_bug+0x84/0x160
[   61.010074][ T5880]  exc_invalid_op+0x1a/0x50
[   61.011634][ T5880]  asm_exc_invalid_op+0x1a/0x20
[   61.013417][ T5880] RIP: 0010:xfrm_state_fini+0x270/0x2f0
[   61.015241][ T5880] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 88 50 0a f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 46 1f eb f7 e8 81 2d a7 f7 90 <0f> 0b 90 e9 fd fd ff ff e8 73 2d a7 f7 90 0f 0b 90 e9 60 fe ff ff
[   61.021426][ T5880] RSP: 0018:ffffc90003c3f898 EFLAGS: 00010293
[   61.023360][ T5880] RAX: ffffffff8a18832f RBX: ffff8881090da440 RCX: ffff888028155640
[   61.025897][ T5880] RDX: 0000000000000000 RSI: ffffffff8db65e93 RDI: ffff888028155640
[   61.028437][ T5880] RBP: ffffc90003c3f9b0 R08: ffffffff8fa07af7 R09: 1ffffffff1f40f5e
[   61.031277][ T5880] R10: dffffc0000000000 R11: fffffbfff1f40f5f R12: ffffffff8f601a20
[   61.033804][ T5880] R13: 1ffff92000787f40 R14: ffff8881090db8c0 R15: dffffc0000000000
[   61.036416][ T5880]  ? xfrm_state_fini+0x26f/0x2f0
[   61.038060][ T5880]  ? xfrm_state_fini+0x26f/0x2f0
[   61.039630][ T5880]  xfrm_net_exit+0x2d/0x70
[   61.041077][ T5880]  ops_undo_list+0x49a/0x990
[   61.042527][ T5880]  ? __pfx_ops_undo_list+0x10/0x10
[   61.044391][ T5880]  ? do_raw_spin_unlock+0x4d/0x240
[   61.046511][ T5880]  cleanup_net+0x4c5/0x800
[   61.048254][ T5880]  ? __pfx_cleanup_net+0x10/0x10
[   61.049935][ T5880]  ? _raw_spin_unlock_irq+0x23/0x50
[   61.051872][ T5880]  ? process_scheduled_works+0x9ef/0x17b0
[   61.054002][ T5880]  ? process_scheduled_works+0x9ef/0x17b0
[   61.056198][ T5880]  process_scheduled_works+0xae1/0x17b0
[   61.058141][ T5880]  ? __pfx_process_scheduled_works+0x10/0x10
[   61.060204][ T5880]  worker_thread+0x8a0/0xda0
[   61.061787][ T5880]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   61.063950][ T5880]  ? __kthread_parkme+0x7b/0x200
[   61.065589][ T5880]  kthread+0x711/0x8a0
[   61.066965][ T5880]  ? __pfx_worker_thread+0x10/0x10
[   61.068657][ T5880]  ? __pfx_kthread+0x10/0x10
[   61.070226][ T5880]  ? _raw_spin_unlock_irq+0x23/0x50
[   61.071944][ T5880]  ? lockdep_hardirqs_on+0x9c/0x150
[   61.073655][ T5880]  ? __pfx_kthread+0x10/0x10
[   61.075224][ T5880]  ret_from_fork+0x3fc/0x770
[   61.076765][ T5880]  ? __pfx_ret_from_fork+0x10/0x10
[   61.078574][ T5880]  ? __switch_to_asm+0x39/0x70
[   61.080462][ T5880]  ? __switch_to_asm+0x33/0x70
[   61.082028][ T5880]  ? __pfx_kthread+0x10/0x10
[   61.083544][ T5880]  ret_from_fork_asm+0x1a/0x30
[   61.085101][ T5880]  </TASK>
[   61.087050][ T5880] Kernel Offset: disabled
[   61.088779][ T5880] Rebooting in 86400 seconds..

VM DIAGNOSIS:
21:20:01  Registers:
info registers vcpu 0

CPU#0
RAX=f554f99c0e40eb00 RBX=ffffffff81969b18 RCX=f554f99c0e40eb00 RDX=0000000000000001
RSI=ffffffff8d979100 RDI=ffffffff8be30a00 RBP=ffffffff8de07eb8 RSP=ffffffff8de07d80
R8 =ffff88804b032f5b R9 =1ffff110096065eb R10=dffffc0000000000 R11=ffffed10096065ec
R12=ffffffff8fa07af0 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a18
RIP=ffffffff8b6fc4f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8680000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b3071eff8 CR3=000000000df38000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000080000010015 0000000c00000028 XMM01=0000000e00000001 0000000000000006
XMM02=0043004400010015 0000000000000040 XMM03=0000000000000000 0000000000000000
XMM04=0000ff0000000000 00000000000000ff XMM05=0031313230382f65 65692f316968702f
XMM06=0000000000000000 0000000000000000 XMM07=000000000000ff00 0000ff00000000ff
XMM08=ff00000000000000 0000000000000000 XMM09=3435313230386565 65692f6d69737768
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000005d RBX=000000000000005d RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90003c3f030
R8 =ffff8881087d0237 R9 =1ffff110210fa046 R10=dffffc0000000000 R11=ffffffff854c1d90
R12=dffffc0000000000 R13=ffffffff99a958ee R14=ffffffff99d9a4e0 R15=0000000000000000
RIP=ffffffff854c1e0c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c80000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fbfdb9b7dac CR3=000000010e942000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000ff 0000000000000000 XMM01=6f6c2f7261762f00 6469756e69676f6c
XMM02=0000ffffffffff00 0000000000000000 XMM03=0000000000000000 000000000000002f
XMM04=74772f676f6c2f72 61762f00706d7475 XMM05=3f3f3f3f3f3f3f3f 3f3f3f3f3f3f3f3f
XMM06=9999999999999999 9999999999999999 XMM07=2020202020202020 2020202020202020
XMM08=0020202000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
