last executing test programs:

601.419618ms ago: executing program 1 (id=654):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xfffff274}]}}}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x4040)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000340)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x5a}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x18, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x2}]}}}}}}}}, 0x0)

531.533562ms ago: executing program 1 (id=655):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1200000008000000080000000800000000000000", @ANYRES32], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000085000000a000000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r1, 0x8982, &(0x7f0000000080)={0x8, 'batadv_slave_1\x00', {'vxcan1\x00'}, 0x3})
setsockopt$packet_int(r1, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd2a, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x4}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)

470.619178ms ago: executing program 1 (id=658):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
sendmsg$alg(r0, &(0x7f0000003100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002ec0)=[@assoc={0x18, 0x117, 0x4, 0xff}, @iv={0x18}], 0x30, 0x368438cd61b90292}, 0x40)

421.002041ms ago: executing program 1 (id=660):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000010000000000000000008085000000a4000000850000006e00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80}, 0x94)

420.916822ms ago: executing program 1 (id=661):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000400000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r1}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x4924b68, 0x0)

272.57222ms ago: executing program 1 (id=667):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x19, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x8, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)

160.538326ms ago: executing program 2 (id=672):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x4, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="850000006b0000006a0a00ff000000002600000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="100000b9b99fce2505000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0x2, 0xa, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d)

111.054574ms ago: executing program 2 (id=674):
r0 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0xab, @empty, 0x1}, 0x1c)
sendmsg$nl_generic(r0, 0x0, 0x40000)
setsockopt$pppl2tp_PPPOL2TP_SO_LNSMODE(r0, 0x111, 0x4, 0x1, 0x4)

110.990986ms ago: executing program 0 (id=675):
unshare(0x6020400)
r0 = socket(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000040)={0x2, '\x00', 0x1}, 0x18)

61.713697ms ago: executing program 2 (id=676):
r0 = epoll_create1(0x80000)
r1 = socket$unix(0x1, 0x1, 0x0)
close(r1)
socket$kcm(0x21, 0x2, 0x2)
setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0x80, 0x4)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0xa0028000})

61.496961ms ago: executing program 0 (id=677):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
unshare(0x2c020400)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
close(r2)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
bpf$MAP_DELETE_BATCH(0x18, 0x0, 0x0)

61.052307ms ago: executing program 0 (id=678):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r0, &(0x7f0000000000)={0x2, @long={0x3, 0x3, {0xaaaaaaaaaaaa0002}}}, 0x14)

60.830857ms ago: executing program 2 (id=679):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)

678.176µs ago: executing program 0 (id=680):
r0 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPGETCONNLIST(r0, 0x800442d2, &(0x7f0000000080)={0x2, &(0x7f0000000300)=[{0x0, 0x0, 0x0, @multicast}, {0x0, 0x0, 0x0, @local}]})

533.085µs ago: executing program 2 (id=681):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
close(r0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000890438000000000095000072"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000080)={@cgroup=r0, r0, 0x36, 0x0, 0x4, @void, @value=r1}, 0x20)

299.889µs ago: executing program 0 (id=682):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c0000006d00673c25bd7000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="9881040004680200180034801400351e64756d6d79300000000000000000000014000300"], 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

111.019µs ago: executing program 2 (id=683):
bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'essiv(cbc(aes),sha256)\x00'}, 0x58)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x67, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e22, 0x2, 'lc\x00', 0xa, 0x81, 0x22}, 0x2c)
readv(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), r1)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="160000000000000084000000ffff000000000000", @ANYRES32=0x1, @ANYBLOB='\x00\t\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001280)=[r3, r3]}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xd, 0x5a87, 0x4, 0x3, 0x0, r3}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0x2, r4, 0x0, 0x8000000}, 0x27)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f00000002c0)=@newsa={0x180, 0x1a, 0x1, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in=@remote, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in=@remote, 0x16, 0x6c}, @in=@multicast2, {0x0, 0x0, 0x0, 0xffffffe7ffffffff, 0x0, 0xfffffffffffffffc, 0x1000000000000000, 0x80}, {0x0, 0x4, 0x0, 0x1}, {0x0, 0x5}, 0x0, 0x1, 0x2, 0x1, 0x6}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @algo_crypt={0x48, 0x2, {{'ctr-aes-neon\x00'}}}]}, 0x180}, 0x1, 0x0, 0x0, 0x4004050}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000300)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x90, r2, 0x1, 0x2, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_SEC_LEVEL={0x44, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x5}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x3}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x1}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x2}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x6}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x2}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc}]}, 0x90}, 0x1, 0x0, 0x0, 0x4085}, 0x4000)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000004c0)={<r7=>0xffffffffffffffff})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="0200"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="010000000400000000000000000000002497b9141d347a51fff279553ba75ae800"/44], 0x50)
sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000980)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x2c, 0x0, 0x300, 0x70bd26, 0x25dfdbfc, {}, [@NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @rand_addr=0x64010100}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x1}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040011}, 0x80000)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000c80), r1)
r8 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=@newqdisc={0x64, 0x24, 0xf0b, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}, {0xe, 0xfff1}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x0, 0xb, 0x5}}}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x9, 0x6, 0x5, 0xa, 0x1, 0x6, 0x6}}, {0x4}}]}]}, 0x64}}, 0x4000010)
setsockopt$MRT6_DEL_MIF(r7, 0x29, 0xcb, &(0x7f0000000f40)={0xffffffffffffffff, 0x0, 0x31, 0x0, 0x81}, 0xc)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r10 = openat$tun(0xffffffffffffff9c, 0x0, 0x701203, 0x0)
close(r10)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r11)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, r12)
sendmsg$TIPC_CMD_ENABLE_BEARER(r12, 0x0, 0x0)

0s ago: executing program 0 (id=684):
r0 = socket$kcm(0x2d, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x4000001)
bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0)
close(0xffffffffffffffff)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETCHAIN(r5, &(0x7f0000002000)={0x0, 0x0, &(0x7f0000001fc0)={&(0x7f0000001f40)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x800}, 0x8000)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r3, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000580), 0x0, 0xfe2, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0041, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$TUNSETVNETHDRSZ(r7, 0x400454d8, &(0x7f0000000140)=0x90)
write$tun(r7, &(0x7f0000000040)=ANY=[@ANYBLOB], 0xfdef)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000640)="0a001c008e9381064e81f7a2db44b9b545c7910006007c09", 0x18}], 0x1}, 0x40008c4)
socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r8, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"})
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e3, &(0x7f0000000180)={r0, r1})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000ec0)=ANY=[], 0x0}, 0x94)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:46471' (ED25519) to the list of known hosts.
syzkaller login: [   49.862691][ T5809] cgroup: Unknown subsys name 'net'
[   49.965283][ T5809] cgroup: Unknown subsys name 'cpuset'
[   49.969852][ T5809] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   51.377130][ T5809] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   55.410313][ T5212] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   55.414024][ T5212] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   55.416796][ T5212] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   55.422417][ T5212] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   55.425495][ T5212] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   55.461151][ T5212] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   55.464365][ T5212] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   55.467352][ T5212] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   55.471058][ T5212] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   55.474905][ T5212] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   55.514086][   T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   55.517591][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   55.520857][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   55.532648][   T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   55.538500][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   55.799200][ T5826] chnl_net:caif_netlink_parms(): no params data found
[   55.820645][ T5821] chnl_net:caif_netlink_parms(): no params data found
[   55.868265][ T5828] chnl_net:caif_netlink_parms(): no params data found
[   56.008043][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.013936][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.017485][ T5826] bridge_slave_0: entered allmulticast mode
[   56.023138][ T5826] bridge_slave_0: entered promiscuous mode
[   56.034829][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.037869][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.041056][ T5821] bridge_slave_0: entered allmulticast mode
[   56.045095][ T5821] bridge_slave_0: entered promiscuous mode
[   56.051436][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.054921][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.057841][ T5826] bridge_slave_1: entered allmulticast mode
[   56.061610][ T5826] bridge_slave_1: entered promiscuous mode
[   56.083863][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.087060][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.090417][ T5821] bridge_slave_1: entered allmulticast mode
[   56.095408][ T5821] bridge_slave_1: entered promiscuous mode
[   56.134274][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.136943][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.139552][ T5828] bridge_slave_0: entered allmulticast mode
[   56.142699][ T5828] bridge_slave_0: entered promiscuous mode
[   56.165555][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.168649][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.171016][ T5828] bridge_slave_1: entered allmulticast mode
[   56.175704][ T5828] bridge_slave_1: entered promiscuous mode
[   56.181088][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.187484][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.192835][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.216278][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.242071][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.256264][ T5821] team0: Port device team_slave_0 added
[   56.268194][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.275241][ T5821] team0: Port device team_slave_1 added
[   56.278889][ T5826] team0: Port device team_slave_0 added
[   56.302466][ T5826] team0: Port device team_slave_1 added
[   56.327079][ T5828] team0: Port device team_slave_0 added
[   56.336987][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.339475][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.348530][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.354259][ T5828] team0: Port device team_slave_1 added
[   56.356840][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.359675][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.372297][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.385089][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.387410][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.396872][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.414684][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.416908][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.425558][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.447461][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.450297][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.461116][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.467263][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.470209][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.481111][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.537060][ T5821] hsr_slave_0: entered promiscuous mode
[   56.540276][ T5821] hsr_slave_1: entered promiscuous mode
[   56.563464][ T5826] hsr_slave_0: entered promiscuous mode
[   56.566714][ T5826] hsr_slave_1: entered promiscuous mode
[   56.569648][ T5826] debugfs: 'hsr0' already exists in 'hsr'
[   56.573680][ T5826] Cannot create hsr debugfs directory
[   56.604573][ T5828] hsr_slave_0: entered promiscuous mode
[   56.606872][ T5828] hsr_slave_1: entered promiscuous mode
[   56.609069][ T5828] debugfs: 'hsr0' already exists in 'hsr'
[   56.610936][ T5828] Cannot create hsr debugfs directory
[   56.912872][ T5821] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   56.922503][ T5821] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   56.936655][ T5821] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   56.949542][ T5821] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   56.985268][ T5826] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   56.995854][ T5826] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   57.007032][ T5826] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   57.012451][ T5826] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   57.055540][ T5828] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   57.068572][ T5828] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   57.078007][ T5828] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   57.093743][ T5828] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   57.146835][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.174280][ T5821] 8021q: adding VLAN 0 to HW filter on device team0
[   57.179396][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.192045][ T3598] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.194797][ T3598] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.207373][ T3598] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.209896][ T3598] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.219593][ T5826] 8021q: adding VLAN 0 to HW filter on device team0
[   57.245201][ T1088] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.248293][ T1088] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.256863][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.259855][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.289177][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.320453][ T5828] 8021q: adding VLAN 0 to HW filter on device team0
[   57.338077][ T1088] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.340484][ T1088] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.353430][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.356414][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.443432][   T55] Bluetooth: hci0: command tx timeout
[   57.513224][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.524750][   T55] Bluetooth: hci1: command tx timeout
[   57.554460][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.559506][ T5821] veth0_vlan: entered promiscuous mode
[   57.571300][ T5821] veth1_vlan: entered promiscuous mode
[   57.605417][ T5826] veth0_vlan: entered promiscuous mode
[   57.612458][   T55] Bluetooth: hci2: command tx timeout
[   57.618303][ T5826] veth1_vlan: entered promiscuous mode
[   57.627809][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.649281][ T5821] veth0_macvtap: entered promiscuous mode
[   57.660749][ T5821] veth1_macvtap: entered promiscuous mode
[   57.667811][ T5826] veth0_macvtap: entered promiscuous mode
[   57.675725][ T5826] veth1_macvtap: entered promiscuous mode
[   57.694237][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.701211][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.718623][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.730221][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.750411][ T5684] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.755826][ T5684] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.760797][ T5828] veth0_vlan: entered promiscuous mode
[   57.778143][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.785070][ T5848] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.788796][ T5848] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.803017][ T5848] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.807911][ T5848] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.826847][ T5848] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.837104][ T5828] veth1_vlan: entered promiscuous mode
[   57.870806][ T1088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.884109][ T1088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.902600][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.905497][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.915101][ T5828] veth0_macvtap: entered promiscuous mode
[   57.919422][ T5828] veth1_macvtap: entered promiscuous mode
[   57.946997][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.949921][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.958531][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.966670][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.969602][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.972297][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.979040][ T5848] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.983450][ T5848] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.986480][ T5848] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.989552][ T5848] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.027066][ T5821] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   58.049711][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.057349][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.091562][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.100730][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.255133][ T5899] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7'.
[   58.288904][ T5903] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[   58.833792][ T5934] sock: sock_set_timeout: `syz.2.18' (pid 5934) tries to set negative timeout
[   59.388538][ T5951] netlink: 4 bytes leftover after parsing attributes in process `syz.1.23'.
[   59.523415][   T55] Bluetooth: hci0: command tx timeout
[   59.603112][   T55] Bluetooth: hci1: command tx timeout
[   59.606049][ T5970] batman_adv: batadv0: Adding interface: dummy0
[   59.608283][ T5970] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.620177][ T5970] batman_adv: batadv0: Interface activated: dummy0
[   59.628849][ T5970] batadv0: mtu less than device minimum
[   59.631445][ T5970] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   59.636806][ T5970] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   59.642559][ T5970] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   59.648083][ T5970] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   59.653582][ T5970] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   59.659169][ T5970] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   59.664511][ T5970] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   59.670077][ T5970] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   59.682101][   T55] Bluetooth: hci2: command tx timeout
[   60.452595][ T5885] IPVS: starting estimator thread 0...
[   60.541587][ T6020] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   60.552342][ T6013] IPVS: using max 79 ests per chain, 189600 per kthread
[   60.600996][ T6023] netlink: 4 bytes leftover after parsing attributes in process `syz.0.48'.
[   60.708908][ T6023] bridge_slave_1: left allmulticast mode
[   60.711939][ T6023] bridge_slave_1: left promiscuous mode
[   60.715409][ T6023] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.726027][ T6023] bridge_slave_0: left allmulticast mode
[   60.736993][ T6023] bridge_slave_0: left promiscuous mode
[   60.739608][ T6023] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.768762][ T6036] netlink: 'syz.2.54': attribute type 1 has an invalid length.
[   60.771426][ T6036] netlink: 128 bytes leftover after parsing attributes in process `syz.2.54'.
[   60.774653][ T6036] netlink: 'syz.2.54': attribute type 2 has an invalid length.
[   60.777210][ T6036] netlink: 'syz.2.54': attribute type 1 has an invalid length.
[   60.835120][ T6039] netlink: 52 bytes leftover after parsing attributes in process `syz.2.55'.
[   60.898388][ T6043] netlink: 'syz.1.57': attribute type 21 has an invalid length.
[   60.901105][ T6043] netlink: 156 bytes leftover after parsing attributes in process `syz.1.57'.
[   60.904325][ T6043] netlink: 4 bytes leftover after parsing attributes in process `syz.1.57'.
[   60.975122][ T6048] netlink: 'syz.0.59': attribute type 10 has an invalid length.
[   60.986815][ T6048] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   60.996180][ T6048] netlink: 8 bytes leftover after parsing attributes in process `syz.0.59'.
[   61.064119][ T6057] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   61.602148][   T55] Bluetooth: hci0: command tx timeout
[   61.682081][   T55] Bluetooth: hci1: command tx timeout
[   61.761988][   T55] Bluetooth: hci2: command tx timeout
[   62.006552][ T6076] tipc: Started in network mode
[   62.008274][ T6076] tipc: Node identity 96939b0d662b, cluster identity 4711
[   62.010666][ T6076] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   62.042736][ T2274] IPVS: starting estimator thread 0...
[   62.051039][ T6076] syzkaller0: entered promiscuous mode
[   62.054706][ T6076] syzkaller0: entered allmulticast mode
[   62.056918][ T6076] tipc: Resetting bearer <eth:syzkaller0>
[   62.087242][ T6075] tipc: Resetting bearer <eth:syzkaller0>
[   62.133628][ T6081] IPVS: using max 44 ests per chain, 105600 per kthread
[   62.745298][ T6075] tipc: Disabling bearer <eth:syzkaller0>
[   62.754807][ T6094] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode
[   62.850544][ T6100] syzkaller1: entered promiscuous mode
[   62.856173][ T6100] syzkaller1: entered allmulticast mode
[   62.877901][ T6102] netlink: 12 bytes leftover after parsing attributes in process `syz.0.83'.
[   62.977304][ T6106] C: renamed from lo (while UP)
[   63.179454][ T6129] netlink: 8 bytes leftover after parsing attributes in process `syz.0.94'.
[   63.451749][ T6153] ieee802154 phy0 wpan0: encryption failed: -22
[   63.683426][   T55] Bluetooth: hci0: command tx timeout
[   63.757238][ T6176] netlink: 16 bytes leftover after parsing attributes in process `syz.2.113'.
[   63.764389][   T55] Bluetooth: hci1: command tx timeout
[   63.842329][   T55] Bluetooth: hci2: command tx timeout
[   63.915856][ T6190] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   63.919113][ T6190] IPv6: NLM_F_CREATE should be set when creating new route
[   63.922378][ T6190] IPv6: NLM_F_CREATE should be set when creating new route
[   63.925469][ T6190] IPv6: NLM_F_CREATE should be set when creating new route
[   63.931437][ T6190] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   63.935065][ T6190] Zero length message leads to an empty skb
[   64.047047][ T6201] syz.0.125 uses obsolete (PF_INET,SOCK_PACKET)
[   64.068413][ T6203] net_ratelimit: 14 callbacks suppressed
[   64.068428][ T6203] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   64.144094][ T6208] netlink: 8 bytes leftover after parsing attributes in process `syz.2.128'.
[   64.147675][ T6208] netlink: 4 bytes leftover after parsing attributes in process `syz.2.128'.
[   64.151289][ T6208] netlink: 'syz.2.128': attribute type 18 has an invalid length.
[   64.358129][ T6226] vcan0: tx drop: invalid sa for name 0xffffffffffffffff
[   64.773739][ T6264] netlink: 8 bytes leftover after parsing attributes in process `syz.2.155'.
[   64.900690][ T6273] warning: `syz.2.159' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   65.043021][ T6282] netlink: 14 bytes leftover after parsing attributes in process `syz.1.163'.
[   65.121477][ T6282] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   65.130743][ T6282] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   65.138071][ T6282] bond0 (unregistering): Released all slaves
[   65.281030][ T6293] netlink: 8 bytes leftover after parsing attributes in process `syz.0.167'.
[   65.285192][ T6293] netlink: 8 bytes leftover after parsing attributes in process `syz.0.167'.
[   65.318866][ T6297] netlink: 16 bytes leftover after parsing attributes in process `syz.0.169'.
[   65.356582][ T6302] netlink: 8 bytes leftover after parsing attributes in process `syz.0.171'.
[   65.451974][ T6314] netlink: 'syz.0.177': attribute type 3 has an invalid length.
[   65.494251][ T6320] netlink: 'syz.0.180': attribute type 2 has an invalid length.
[   65.498248][ T6320] netlink: 'syz.0.180': attribute type 1 has an invalid length.
[   65.501498][ T6320] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.180'.
[   65.506267][ T6320] nbd: couldn't find device at index 16
[   65.673288][ T6337] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   66.501663][ T6350] smc: net device bond0 applied user defined pnetid SYZ2
[   66.505798][ T6350] smc: net device bond0 erased user defined pnetid SYZ2
[   66.598846][ T6350] syz.2.193 (6350) used greatest stack depth: 20008 bytes left
[   66.668988][ T6361] tipc: Started in network mode
[   66.671092][ T6361] tipc: Node identity 5a30744b4cb, cluster identity 4711
[   66.674102][ T6361] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   66.677491][ T6361] syzkaller0: entered promiscuous mode
[   66.679684][ T6361] syzkaller0: entered allmulticast mode
[   66.696231][ T6361] tipc: Resetting bearer <eth:syzkaller0>
[   66.701459][ T6360] tipc: Resetting bearer <eth:syzkaller0>
[   66.725174][ T6360] tipc: Disabling bearer <eth:syzkaller0>
[   67.941355][ T6406] netlink: 'syz.0.218': attribute type 39 has an invalid length.
[   68.367444][ T6428] netlink: 'syz.1.228': attribute type 10 has an invalid length.
[   69.070852][ T6488] pim6reg: entered allmulticast mode
[   69.081678][ T6488] pim6reg: left allmulticast mode
[   69.177208][ T6494] tipc: Started in network mode
[   69.179482][ T6494] tipc: Node identity 3276ad8e54b7, cluster identity 4711
[   69.184681][ T6494] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   69.188511][ T6494] syzkaller0: entered promiscuous mode
[   69.192310][ T6494] syzkaller0: entered allmulticast mode
[   69.210447][ T6494] tipc: Resetting bearer <eth:syzkaller0>
[   69.223005][ T6493] tipc: Resetting bearer <eth:syzkaller0>
[   69.230210][ T6493] tipc: Disabling bearer <eth:syzkaller0>
[   69.427377][ T6508] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   69.433224][ T6508] syzkaller0: entered promiscuous mode
[   69.435037][ T6508] syzkaller0: entered allmulticast mode
[   69.464209][ T6508] tipc: Resetting bearer <eth:syzkaller0>
[   69.467101][ T6506] tipc: Resetting bearer <eth:syzkaller0>
[   69.475992][ T6506] tipc: Disabling bearer <eth:syzkaller0>
[   69.648354][ T6522] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[   69.661057][ T6522] openvswitch: netlink: VXLAN extension message has 9 unknown bytes.
[   69.818018][ T6530] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   69.821076][ T6530] syzkaller0: entered promiscuous mode
[   69.823785][ T6530] syzkaller0: entered allmulticast mode
[   69.838387][ T6530] tipc: Resetting bearer <eth:syzkaller0>
[   69.841740][ T6529] tipc: Resetting bearer <eth:syzkaller0>
[   69.850748][ T6529] tipc: Disabling bearer <eth:syzkaller0>
[   69.936933][    C0] Illegal XDP return value 16128 on prog  (id 49) dev lo, expect packet loss!
[   70.877244][ T6571] vlan0: entered promiscuous mode
[   71.171223][ T6589] Bluetooth: MGMT ver 1.23
[   71.212834][ T1360] ieee802154 phy0 wpan0: encryption failed: -22
[   71.215351][ T1360] ieee802154 phy1 wpan1: encryption failed: -22
[   71.288618][ T6594] __nla_validate_parse: 4 callbacks suppressed
[   71.288631][ T6594] netlink: 4 bytes leftover after parsing attributes in process `syz.2.290'.
[   71.502322][ T6608] netlink: 'syz.2.296': attribute type 10 has an invalid length.
[   71.510162][ T6608] netlink: 2 bytes leftover after parsing attributes in process `syz.2.296'.
[   71.520727][ T6608] team0: entered promiscuous mode
[   71.526236][ T6608] team_slave_0: entered promiscuous mode
[   71.529507][ T6608] team_slave_1: entered promiscuous mode
[   71.532824][ T6608] bridge0: port 3(team0) entered blocking state
[   71.535755][ T6608] bridge0: port 3(team0) entered disabled state
[   71.538749][ T6608] team0: entered allmulticast mode
[   71.541027][ T6608] team_slave_0: entered allmulticast mode
[   71.545569][ T6608] team_slave_1: entered allmulticast mode
[   71.551569][ T6608] bridge0: port 3(team0) entered blocking state
[   71.554407][ T6608] bridge0: port 3(team0) entered forwarding state
[   71.858870][ T6636] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[   71.861402][ T5869] IPVS: starting estimator thread 0...
[   71.951890][ T6644] IPVS: using max 79 ests per chain, 189600 per kthread
[   71.998598][ T6658] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   72.160302][ T6675] netlink: 24 bytes leftover after parsing attributes in process `syz.2.323'.
[   72.431763][ T6705] netlink: 112 bytes leftover after parsing attributes in process `syz.1.338'.
[   72.853549][ T6746] batman_adv: batadv0: Interface deactivated: dummy0
[   72.855817][ T6746] batman_adv: batadv0: Removing interface: dummy0
[   72.864454][ T6746] bridge_slave_0: left allmulticast mode
[   72.866479][ T6746] bridge_slave_0: left promiscuous mode
[   72.868656][ T6746] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.875517][ T6746] bridge_slave_1: left allmulticast mode
[   72.878089][ T6746] bridge_slave_1: left promiscuous mode
[   72.880797][ T6746] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.893151][ T6746] team0: Port device team_slave_0 removed
[   72.897257][ T6746] team0: Port device team_slave_1 removed
[   72.899522][ T6746] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   72.904539][ T6746] batman_adv: batadv0: Removing interface: batadv_slave_0
[   72.907932][ T6746] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   72.910355][ T6746] batman_adv: batadv0: Removing interface: batadv_slave_1
[   72.989841][ T6739] netlink: 'syz.1.353': attribute type 10 has an invalid length.
[   73.327524][ T6768] netlink: 8 bytes leftover after parsing attributes in process `syz.2.364'.
[   73.591113][ T6784] netlink: 'syz.2.369': attribute type 12 has an invalid length.
[   73.808936][ T6794] IPVS: length: 163 != 8
[   74.293983][ T6822] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input5
[   74.461720][ T6836] netlink: 1041 bytes leftover after parsing attributes in process `syz.0.391'.
[   74.843696][ T6859] netlink: 8 bytes leftover after parsing attributes in process `syz.0.402'.
[   75.087140][ T6870] netlink: 4 bytes leftover after parsing attributes in process `syz.0.407'.
[   75.390129][ T6887] netlink: 8 bytes leftover after parsing attributes in process `syz.1.414'.
[   75.633969][   T12] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   75.639606][   T12] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   75.652277][   T12] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   75.655832][   T12] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   75.674751][ T6921] netlink: 24 bytes leftover after parsing attributes in process `syz.1.427'.
[   75.853724][ T6939] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   76.514960][ T6988] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   76.520265][ T6988] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.566044][ T6988] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   76.569381][ T6988] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.660201][ T6988] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   76.671692][ T6988] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.754282][ T6988] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   76.764943][ T6988] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.848574][ T7001] netlink: 56 bytes leftover after parsing attributes in process `syz.2.457'.
[   76.854212][ T7001] netlink: 8 bytes leftover after parsing attributes in process `syz.2.457'.
[   76.911319][ T5848] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[   76.917367][ T5848] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.945529][ T5848] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[   76.948471][ T5848] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.963041][ T5848] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[   76.966099][ T5848] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.989473][ T5848] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[   76.993160][ T5848] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.146426][ T7015] netlink: 16 bytes leftover after parsing attributes in process `syz.2.463'.
[   77.334784][   T10] IPVS: starting estimator thread 0...
[   77.442723][ T7022] IPVS: using max 50 ests per chain, 120000 per kthread
[   77.472606][ T7019] netlink: 'syz.2.465': attribute type 1 has an invalid length.
[   77.476012][ T7019] netlink: 232 bytes leftover after parsing attributes in process `syz.2.465'.
[   77.479796][ T7019] netlink: 8 bytes leftover after parsing attributes in process `syz.2.465'.
[   77.548313][   T12] IPVS: stop unused estimator thread 0...
[   77.642760][ T7046] netlink: 28 bytes leftover after parsing attributes in process `syz.0.475'.
[   77.949927][ T7067] netlink: 248 bytes leftover after parsing attributes in process `syz.0.485'.
[   77.953941][ T7067] netlink: 48 bytes leftover after parsing attributes in process `syz.0.485'.
[   77.961570][ T7067] netlink: 22 bytes leftover after parsing attributes in process `syz.0.485'.
[   77.987877][ T7067] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   78.177203][ T7082] bridge1: entered promiscuous mode
[   78.179432][ T7082] bridge1: entered allmulticast mode
[   78.332265][ T7086] block nbd1: server does not support multiple connections per device.
[   78.336210][ T7086] block nbd1: shutting down sockets
[   78.469852][ T7094] netlink: 212 bytes leftover after parsing attributes in process `syz.2.498'.
[   78.477238][ T7094] netlink: 'syz.2.498': attribute type 1 has an invalid length.
[   78.637261][ T7108] netlink: 'syz.0.505': attribute type 4 has an invalid length.
[   78.896641][ T7131] netlink: 'syz.2.516': attribute type 83 has an invalid length.
[   80.099412][ T7187] netlink: 'syz.1.541': attribute type 10 has an invalid length.
[   80.108393][ T7193] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0
[   80.162366][   T55] Bluetooth: hci2: command tx timeout
[   80.328551][ T7218] netlink: 'syz.0.554': attribute type 2 has an invalid length.
[   80.538266][ T7244] netlink: 'syz.2.566': attribute type 21 has an invalid length.
[   80.858597][ T7279] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add()
[   80.974740][ T7290] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[   81.239143][ T7312] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   81.242162][ T7312] syzkaller0: entered promiscuous mode
[   81.244730][ T7312] syzkaller0: entered allmulticast mode
[   81.256371][ T7312] tipc: Resetting bearer <eth:syzkaller0>
[   81.260290][ T7311] tipc: Resetting bearer <eth:syzkaller0>
[   81.269397][ T7311] tipc: Disabling bearer <eth:syzkaller0>
[   81.356636][ T7315] vlan2: entered allmulticast mode
[   81.358410][ T7315] veth1: entered allmulticast mode
[   81.360903][ T7315] batman_adv: batadv0: Adding interface: vlan2
[   81.364246][ T7315] batman_adv: batadv0: The MTU of interface vlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.373791][ T7315] batman_adv: batadv0: Not using interface vlan2 (retrying later): interface not active
[   81.444788][   T24] cfg80211: failed to load regulatory.db
[   81.786995][ T7345] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   82.066963][ T7355] __nla_validate_parse: 10 callbacks suppressed
[   82.066975][ T7355] netlink: 36 bytes leftover after parsing attributes in process `syz.1.608'.
[   82.149923][ T7361] netlink: 28 bytes leftover after parsing attributes in process `syz.1.611'.
[   83.157415][ T7421] sch_tbf: burst 19869 is lower than device lo mtu (65550) !
[   83.318893][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.324888][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.649124][ T7464] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   83.657890][ T7464] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   83.776377][ T5848] netdevsim netdevsim0 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[   83.779933][ T5848] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[   83.791474][ T5848] netdevsim netdevsim0 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[   83.797281][ T5848] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[   83.807112][ T5848] netdevsim netdevsim0 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[   83.810684][ T5848] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[   83.823714][ T5848] netdevsim netdevsim0 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[   83.827000][ T5848] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[   83.891295][ T7495] netlink: 72 bytes leftover after parsing attributes in process `syz.2.659'.
[   84.010028][ T7500] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   84.142693][ T7520] bond0: option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-rr(0)
[   84.279105][ T7538] pimreg: entered allmulticast mode
[   84.345296][ T7548] netlink: 4 bytes leftover after parsing attributes in process `syz.0.684'.
[   84.356000][ T7548] ------------[ cut here ]------------
[   84.357975][ T7548] wlan1: Failed check-sdata-in-driver check, flags: 0x0
[   84.360570][ T7548] WARNING: CPU: 0 PID: 7548 at net/mac80211/driver-ops.c:366 drv_unassign_vif_chanctx+0x50b/0x7e0
[   84.364310][ T7548] Modules linked in:
[   84.365805][ T7548] CPU: 0 UID: 0 PID: 7548 Comm: syz.0.684 Not tainted 6.16.0-syzkaller-06620-gae633388cae3-dirty #0 PREEMPT(full) 
[   84.370276][ T7548] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   84.373682][ T7548] RIP: 0010:drv_unassign_vif_chanctx+0x50b/0x7e0
[   84.375852][ T7548] Code: 8d 8d b8 09 00 00 48 85 c0 48 0f 44 f1 43 0f b6 04 3e 84 c0 0f 85 6b 02 00 00 8b 55 00 48 c7 c7 e0 7e ad 8c e8 66 35 a5 f6 90 <0f> 0b 90 90 e9 ee fc ff ff e8 a7 91 e1 f6 90 0f 0b 90 42 80 7c 3d
[   84.382271][ T7548] RSP: 0018:ffffc90003e2f910 EFLAGS: 00010246
[   84.384325][ T7548] RAX: b639ec0b2fc73500 RBX: 0000000000000000 RCX: 0000000000080000
[   84.386877][ T7548] RDX: ffffc900062a2000 RSI: 00000000000044e2 RDI: 00000000000044e3
[   84.389477][ T7548] RBP: ffff888037e2d728 R08: ffff88804b024253 R09: 1ffff1100960484a
[   84.392262][ T7548] R10: dffffc0000000000 R11: ffffed100960484b R12: ffff888037e2e9d0
[   84.394809][ T7548] R13: ffff888037e2cd80 R14: 1ffff11006fc5ae5 R15: dffffc0000000000
[   84.397422][ T7548] FS:  00007faa654c76c0(0000) GS:ffff8880b8680000(0000) knlGS:0000000000000000
[   84.400434][ T7548] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   84.403533][ T7548] CR2: 000020000000f000 CR3: 000000010e02a000 CR4: 00000000000006f0
[   84.406583][ T7548] Call Trace:
[   84.407817][ T7548]  <TASK>
[   84.409027][ T7548]  ieee80211_assign_link_chanctx+0x1ec/0xd70
[   84.411552][ T7548]  __ieee80211_link_release_channel+0x33b/0x4a0
[   84.414622][ T7548]  ieee80211_if_change_type+0x14c/0x990
[   84.417028][ T7548]  ieee80211_change_iface+0xd5/0x510
[   84.419261][ T7548]  cfg80211_change_iface+0x795/0xef0
[   84.421520][ T7548]  cfg80211_wext_siwmode+0x1db/0x2a0
[   84.424035][ T7548]  ? __pfx_cfg80211_wext_siwmode+0x10/0x10
[   84.426524][ T7548]  ? full_name_hash+0x92/0xe0
[   84.428479][ T7548]  ? __pfx_cfg80211_wext_siwmode+0x10/0x10
[   84.430836][ T7548]  ioctl_standard_call+0xcb/0x1b0
[   84.433294][ T7548]  ? __pfx_cfg80211_wext_siwmode+0x10/0x10
[   84.435689][ T7548]  wext_ioctl_dispatch+0xee/0x410
[   84.437823][ T7548]  ? __pfx_ioctl_standard_call+0x10/0x10
[   84.440208][ T7548]  wext_handle_ioctl+0x100/0x1c0
[   84.442702][ T7548]  ? __pfx_wext_handle_ioctl+0x10/0x10
[   84.444917][ T7548]  ? __lock_acquire+0xab9/0xd20
[   84.446975][ T7548]  sock_ioctl+0x15f/0x790
[   84.448683][ T7548]  ? __pfx_sock_ioctl+0x10/0x10
[   84.450386][ T7548]  ? __fget_files+0x2a/0x420
[   84.452138][ T7548]  ? __fget_files+0x3a0/0x420
[   84.453744][ T7548]  ? __fget_files+0x2a/0x420
[   84.455353][ T7548]  ? bpf_lsm_file_ioctl+0x9/0x20
[   84.457057][ T7548]  ? __pfx_sock_ioctl+0x10/0x10
[   84.458782][ T7548]  __se_sys_ioctl+0xfc/0x170
[   84.460470][ T7548]  do_syscall_64+0xfa/0x3b0
[   84.462563][ T7548]  ? lockdep_hardirqs_on+0x9c/0x150
[   84.464714][ T7548]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.467278][ T7548]  ? exc_page_fault+0x9f/0xf0
[   84.469313][ T7548]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.471551][ T7548] RIP: 0033:0x7faa6458ebe9
[   84.473391][ T7548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.481309][ T7548] RSP: 002b:00007faa654c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   84.485010][ T7548] RAX: ffffffffffffffda RBX: 00007faa647b5fa0 RCX: 00007faa6458ebe9
[   84.488326][ T7548] RDX: 0000200000000080 RSI: 0000000000008b06 RDI: 0000000000000009
[   84.491123][ T7548] RBP: 00007faa64611e19 R08: 0000000000000000 R09: 0000000000000000
[   84.494440][ T7548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   84.497550][ T7548] R13: 00007faa647b6038 R14: 00007faa647b5fa0 R15: 00007ffc7f7ad798
[   84.500219][ T7548]  </TASK>
[   84.501529][ T7548] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   84.504400][ T7548] CPU: 0 UID: 0 PID: 7548 Comm: syz.0.684 Not tainted 6.16.0-syzkaller-06620-gae633388cae3-dirty #0 PREEMPT(full) 
[   84.509329][ T7548] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   84.513488][ T7548] Call Trace:
[   84.514902][ T7548]  <TASK>
[   84.516131][ T7548]  dump_stack_lvl+0x99/0x250
[   84.518092][ T7548]  ? __asan_memcpy+0x40/0x70
[   84.520042][ T7548]  ? __pfx_dump_stack_lvl+0x10/0x10
[   84.522171][ T7548]  ? __pfx__printk+0x10/0x10
[   84.524174][ T7548]  panic+0x2db/0x790
[   84.525810][ T7548]  ? __pfx_panic+0x10/0x10
[   84.527277][ T7548]  __warn+0x31b/0x4b0
[   84.528940][ T7548]  ? drv_unassign_vif_chanctx+0x50b/0x7e0
[   84.531349][ T7548]  ? drv_unassign_vif_chanctx+0x50b/0x7e0
[   84.533806][ T7548]  report_bug+0x2be/0x4f0
[   84.535625][ T7548]  ? drv_unassign_vif_chanctx+0x50b/0x7e0
[   84.538003][ T7548]  ? drv_unassign_vif_chanctx+0x50b/0x7e0
[   84.540440][ T7548]  ? drv_unassign_vif_chanctx+0x50d/0x7e0
[   84.542895][ T7548]  handle_bug+0x84/0x160
[   84.544744][ T7548]  exc_invalid_op+0x1a/0x50
[   84.546739][ T7548]  asm_exc_invalid_op+0x1a/0x20
[   84.548881][ T7548] RIP: 0010:drv_unassign_vif_chanctx+0x50b/0x7e0
[   84.551569][ T7548] Code: 8d 8d b8 09 00 00 48 85 c0 48 0f 44 f1 43 0f b6 04 3e 84 c0 0f 85 6b 02 00 00 8b 55 00 48 c7 c7 e0 7e ad 8c e8 66 35 a5 f6 90 <0f> 0b 90 90 e9 ee fc ff ff e8 a7 91 e1 f6 90 0f 0b 90 42 80 7c 3d
[   84.559802][ T7548] RSP: 0018:ffffc90003e2f910 EFLAGS: 00010246
[   84.562439][ T7548] RAX: b639ec0b2fc73500 RBX: 0000000000000000 RCX: 0000000000080000
[   84.565669][ T7548] RDX: ffffc900062a2000 RSI: 00000000000044e2 RDI: 00000000000044e3
[   84.568885][ T7548] RBP: ffff888037e2d728 R08: ffff88804b024253 R09: 1ffff1100960484a
[   84.572171][ T7548] R10: dffffc0000000000 R11: ffffed100960484b R12: ffff888037e2e9d0
[   84.575540][ T7548] R13: ffff888037e2cd80 R14: 1ffff11006fc5ae5 R15: dffffc0000000000
[   84.578825][ T7548]  ieee80211_assign_link_chanctx+0x1ec/0xd70
[   84.581422][ T7548]  __ieee80211_link_release_channel+0x33b/0x4a0
[   84.584067][ T7548]  ieee80211_if_change_type+0x14c/0x990
[   84.586347][ T7548]  ieee80211_change_iface+0xd5/0x510
[   84.588599][ T7548]  cfg80211_change_iface+0x795/0xef0
[   84.590815][ T7548]  cfg80211_wext_siwmode+0x1db/0x2a0
[   84.593113][ T7548]  ? __pfx_cfg80211_wext_siwmode+0x10/0x10
[   84.595571][ T7548]  ? full_name_hash+0x92/0xe0
[   84.597467][ T7548]  ? __pfx_cfg80211_wext_siwmode+0x10/0x10
[   84.599883][ T7548]  ioctl_standard_call+0xcb/0x1b0
[   84.602080][ T7548]  ? __pfx_cfg80211_wext_siwmode+0x10/0x10
[   84.604582][ T7548]  wext_ioctl_dispatch+0xee/0x410
[   84.606719][ T7548]  ? __pfx_ioctl_standard_call+0x10/0x10
[   84.609118][ T7548]  wext_handle_ioctl+0x100/0x1c0
[   84.611181][ T7548]  ? __pfx_wext_handle_ioctl+0x10/0x10
[   84.613440][ T7548]  ? __lock_acquire+0xab9/0xd20
[   84.615545][ T7548]  sock_ioctl+0x15f/0x790
[   84.617385][ T7548]  ? __pfx_sock_ioctl+0x10/0x10
[   84.619398][ T7548]  ? __fget_files+0x2a/0x420
[   84.621005][ T7548]  ? __fget_files+0x3a0/0x420
[   84.622959][ T7548]  ? __fget_files+0x2a/0x420
[   84.624832][ T7548]  ? bpf_lsm_file_ioctl+0x9/0x20
[   84.626494][ T7548]  ? __pfx_sock_ioctl+0x10/0x10
[   84.628124][ T7548]  __se_sys_ioctl+0xfc/0x170
[   84.629651][ T7548]  do_syscall_64+0xfa/0x3b0
[   84.631524][ T7548]  ? lockdep_hardirqs_on+0x9c/0x150
[   84.633744][ T7548]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.636308][ T7548]  ? exc_page_fault+0x9f/0xf0
[   84.638275][ T7548]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.640806][ T7548] RIP: 0033:0x7faa6458ebe9
[   84.642693][ T7548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.650683][ T7548] RSP: 002b:00007faa654c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   84.654271][ T7548] RAX: ffffffffffffffda RBX: 00007faa647b5fa0 RCX: 00007faa6458ebe9
[   84.657593][ T7548] RDX: 0000200000000080 RSI: 0000000000008b06 RDI: 0000000000000009
[   84.660962][ T7548] RBP: 00007faa64611e19 R08: 0000000000000000 R09: 0000000000000000
[   84.664295][ T7548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   84.667580][ T7548] R13: 00007faa647b6038 R14: 00007faa647b5fa0 R15: 00007ffc7f7ad798
[   84.670962][ T7548]  </TASK>
[   84.673132][ T7548] Kernel Offset: disabled
[   84.674942][ T7548] Rebooting in 86400 seconds..

VM DIAGNOSIS:
13:13:23  Registers:
info registers vcpu 0

CPU#0
RAX=1ffffffff33b3405 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=0000000000014167 RDI=0000000000014168 RBP=ffffc90003e2f290 RSP=ffffc90003e2f0b8
R8 =0000000000000003 R9 =0000000000000004 R10=dffffc0000000000 R11=ffffffff854c1cc0
R12=dffffc0000000000 R13=dffffc0000000000 R14=ffffffff99d9a4e0 R15=0000000000000000
RIP=ffffffff854c1d37 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007faa654c76c0 ffffffff 00c00000
GS =0000 ffff8880b8680000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000020000000f000 CR3=000000010e02a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f9511387498 00007f9511387470 XMM03=00007f95113874a8 00007f95113874a0
XMM04=00007f9511eed100 00007f9511387460 XMM05=00007f9511387478 00007f95113874c0
XMM06=00007f95113874b8 00007f95113874b0 XMM07=00007f95113874a8 00007f95113874a0
XMM08=0000000000000000 00007f9511212ee7 XMM09=0000000000000000 00007f9511212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=97fc535001445a00 RBX=ffffffff81969b18 RCX=97fc535001445a00 RDX=0000000000000001
RSI=ffffffff8d9792aa RDI=ffffffff8be30a00 RBP=ffffc90000177f20 RSP=ffffc90000177de0
R8 =ffff888136632f5b R9 =1ffff11026cc65eb R10=dffffc0000000000 R11=ffffed1026cc65ec
R12=ffffffff8fa07bf0 R13=0000000000000001 R14=0000000000000001 R15=1ffff1102001d000
RIP=ffffffff8b6fc4f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c80000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f44fdb74c40 CR3=0000000022538000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 00000000000000ff XMM01=0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a
XMM02=0000ffff00000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
