last executing test programs:

1.45058791s ago: executing program 2 (id=477):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000003c80)=ANY=[], 0x12f4}}, 0x0)
recvmmsg(r1, &(0x7f00000070c0)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000a80)=""/17, 0x11}], 0x1}, 0x8}], 0x1, 0x2000, 0x0)

1.305853554s ago: executing program 2 (id=482):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b0000000180100002020782500000000f01f20207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r0}, 0x18)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10)

1.260995268s ago: executing program 2 (id=484):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x4, 0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000000000000000000000008500000029000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0xe, 0x0, &(0x7f0000000400)="e4e647c9e0b8e9a2f2ab3026da58", 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

381.386701ms ago: executing program 2 (id=505):
sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="78000000070a01020000000000000000050000060900010073797a3100000000580004805400018009000100261a54f75d7753086d6574610000000044000280080001400000000c080003400000000d08000240000003ff080001400000000008000240000000010800034000000000080002"], 0x78}, 0x1, 0x0, 0x0, 0x40080}, 0x4000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)

301.386617ms ago: executing program 2 (id=509):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x0, 0x1, 0x38}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)

301.254972ms ago: executing program 1 (id=511):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000004000000000000000000000850000007a00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20)
sendmmsg$inet6(r0, &(0x7f0000000b00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000ac0)="01", 0xfffffe9c}], 0x1}}], 0x2, 0x0)

301.196171ms ago: executing program 2 (id=512):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x204, 0x0, @private1, 0x9}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f00000010c0)=0x8)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000040)={r2, 0x1}, &(0x7f0000000080)=0x8)

238.090347ms ago: executing program 1 (id=513):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x6c, 0x2, 0x6, 0x1, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0x80ffffff}}, @IPSET_ATTR_NETMASK={0x5, 0x14, 0x2}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x6c}}, 0x0)

237.615749ms ago: executing program 1 (id=515):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
pread64(r0, 0x0, 0x0, 0x2)

151.550588ms ago: executing program 0 (id=517):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$sock_int(r0, 0x1, 0x29, 0x0, 0x0)

151.382703ms ago: executing program 0 (id=518):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)

151.158853ms ago: executing program 1 (id=519):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000004000000000000000000008500000050000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000000)='neigh_create\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000003e40)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca711fcc9cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b2cdf41dc10d1e8bf076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e4d5b318e2ec0e0700897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0476619f28d99cd0aa7b73340cc2160a1fe3c184b751c51160fbce841f8a97be6148ba532e6ea09c346dfebd31a08b32808b80200000000009dd27080e71113610e10d859e8327ef03fb6c86adac12233f9a1fb9c2aec61ce63a3462fd50117b89a9bb759b4eeb8cb000067d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed0030000002cab154ad029a119ca3c972780870014605c83d7d11c3c975d5aec84222fff0d7216fdb0d3a0ec4bfae563112f4b391aafe234870072858dc06e7c337642d3e5a815212f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a46939868d75211bbae0e7313bff5d4c391ddece00fc772dd6b4d4d0a917b239fe12280fc92c88c5b8dcdcc22ee1747790a8992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5dc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffff7f23877a6b24db0e067345560942fa629fbef2461c96a08707671215c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e42e50adab988dd8e12baf5c768a40538be5f76e9c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859adfe38f77b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aae73835d5a3cda9e90d76c1993e0799d4894ee7f8249dc1e3428d2129369ee1b85afa1a5be5f6eb2eea0d0df414b315f65112412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355a500587b603306a5af8d867d80a07f10d82eafb03062e95196d5e3ff010000000000000be959096ea948cfa8e7194123e918914a71ad5a8521fb9553bc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c63ebb4380b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989177a30280bc586e79a5dd8076c248e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fc03000000000000001547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5ffff000000000000c24411d415b6b085fb73a2c7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aac029d15af607ad83532ff181c985f54b39370c06e63055b4d6a36fa98a44e379d28307c9912fb097601f3f88a2ca6fd1f9320cfe7fc8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589ac5d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd926891927a7267c47cf897853d160100b39b613faefe16bed1fc105dddd77ab929b837d54aa17eb9fbdc2bdc0e98ae2c3f23a6131e2879f04ff01000030b92dd493be9b0220836729028b80ba28e8ffffff7f00000000bb2f89049c5f6d63d56995747639964217aacfe548bc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc17587641ed01889c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5a45706bda78ab60200000000000000000000000000000000000000706f78f0a2ea9667fb5b951808545a46830970c2dfae01adbda7d29bf1f7abdaf52e0de6f9d7150808ed086642e64ebf98762b34338b80e41b704c3eefaf0bb5f7d895de17a10b0a0ea15ccc0d7a830b6eb3596b61675511d693ef5e3c44bbf71cabc5175d879e7499f8baae2a1a09cf38da73297764fbc0e723e1cc3abb12e3076982ed32c94a2ce3e6f37c47e983da4ca5c96187db5a2a2e1742bc93a65d7187126126b3a80f17dd2f7dbbe82d104ede9ba6925afc2ee6cb94f56f1363cad635abf8f983292c49c0ebf5005154c7b58a3a2a2e5a00d2f953a86d2fd92b8661264f781e3fb02d05a28f3f17b64d0258853d45cb5ebde10cd3d82eeed2f1ed925b7cf400304932c5ed0a362b235ce37e1f17700f7d1fecf8be8a2c5d25a9c60657560d05441387ff158a018d19a286c56d0886eb59d509ee89cc2df52881d005b2e5c27563ba54e4153c132d0366a9660000000000000009c1aaec93ec0f925921fb2e9eb202a29bef28224dbabe723de5c584bc398a8792e493048c87f60a51a391e959212181d4bf32ed89c96d421c8171698c49403558fd13c649f90b0911d57eeb298b590581eba1ce383b539ab80fd15445987b1bb4eb512545e1ab65fef310e10b1ee362b51c72f82edf2f502ddf52567775e34a56d1be892f1e62b08950d517fa6fb1b0ef2edf1b67f8644786116b037d4a36fdd30b000063e58c856ec44cbbc2d370553f832af9480215e09aaa3843fe360b1c293a14627f2cfbe278f31d0abc0f5aaa10926dbbfe8a4b131c13a73d4e6d065c2c0fed3ab8442520ce0e0ad7d2d177377ab197ace3ef8b1c24ceb0bdee84bd6e6317633938dd19dc42de7f8f860eca6d9c74525fcd3497526df4c13e3ba5f0d75365a4542ae9440d2fede416d618cdaaf7e038879c5d177b3876fda4121e15a00adb976064a93e8d000000000000903350932d3eef7fdada20c19807066e2c72d0d816eb9fa50be213bf6bbb6ccb9f2e8a153e6ced68f192ebed6e86af0f2cec7335fa8039fd6eb025440bc2a34d071f0a0e6774308a2c5986aa9200a1306ffa5a71ca69e89a6980612b35fc858f37c2c398515a910a35e22ab0573c10b85df4c2972a2fb8b9c080fbb41a753791df727fdeadc5cf218a6eda31312256191c620cce34d1e3bf40a4a207ab1575b399eb8155781bfc7cb5920b49c039935a888d77041814f60fbbcafa487ee96b368e8769da90b44190e569fe8b1d155d0765baaca5c5548b5a78bb43e5d9e47a1d5809bb178184b5672d08e29aecf1f572ac1e6cab7e820751beed5f79de29a67a579150bfb31232d296b9d2977ed027ca90af7088d6466f1501d96a32bfa3cf9ab0dcd626ac9341833e92685af6917ae05473ae4768341426e244159b3c3e002b6f8ee80cbe6e26c816ab92658d956d849cd3a21ebf4b143d338035cd91f087633aa668e0644b05dc5a7937cd5fb62bd08242a858aeeda8c0cbb4fc2478a8155b859e88493f322702277939832bd4a1d8109f98c5a187564c9eb80acc63ac57459593c81ce8998e38ea231b81ebaa6b242ebdf382d70232f1d8e516a8eaf39d09ea40198cf1b72eb5ce5327d3a3861470be47a9a9dbf569e6f6f474fd1448adfd70c4f4a4487edaf193a00a808389a110a4286905ba81309735f6ac5d2ba7ab2be01fa25c11dbb3170258e9d9fed944fd85c03336a49f7016517a1988bc84ee301e167d3cf88c46c4eba6e2bfd099acd2eec5c624679aa7ebab76061a9ca792bffe3d6df4dbe70b5cab6299a51e63826fd0bda4846d06e322ebd745e73da718ba0c93e7567df9ed7ea8d2fdbde44e65a4cd01748b784d392645d013d1424c6e7f141f67ef620df8a8bac03489bf70423fa9f2c79c41d5b6496ae17718b5044c5cadb43264b290ebfcd9d5236d0b14e280fd3fcbb2fa330dcc58f44ed0b12c9299e74ea56ffefb003034230e20886f502e6df00aa138e9c8761d107bdea8d57b64345f91e055c6f52356aec1ce68e612e94224407bcf7b1df9f2aec27d44b0b9a944d16236"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0x26, 0x0, &(0x7f0000000100)="b9ff030f6044238cb89e14f088a81bff892f00004000633277fbac14142ce934a0a662079f4b4d2f87e56dca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c)

71.743084ms ago: executing program 0 (id=520):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x5, 0xff}, 0x10)

5.929415ms ago: executing program 0 (id=521):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_buf(r0, 0x1, 0x3b, 0x0, &(0x7f00000007c0))

4.475983ms ago: executing program 1 (id=522):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$sock_int(r0, 0x1, 0xb, &(0x7f0000000bc0)=0x5, 0x4)

4.142364ms ago: executing program 0 (id=523):
r0 = socket$inet6(0xa, 0x5, 0x0)
getsockopt$sock_int(r0, 0x1, 0x20, 0x0, &(0x7f0000000000))

3.893685ms ago: executing program 0 (id=524):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8e7}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000100)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffff8}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r0}, &(0x7f0000000040), &(0x7f0000000080)=r1}, 0x20)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_DELETE(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x14, 0x0, 0x1, 0x70bd28, 0x25dfdbfc}, 0x14}}, 0x40)

0s ago: executing program 1 (id=525):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000007bec5590fe2245bf90b093cc59a642e7f3face2b8b7ddd66d0dcbb4a0a8c1df8541f3d9ae95e3590e1f021c5c26f23074463ce36e19a2f4d882348687fd63747c0efa0cd544f5d480496d78f8d2610c37a0b118b95c5d337b9b051ee09cdc2d92206e9a41307f88264321913bf10ebee1f4d149024148ffefa017da57a8c0ab66aa56d5457a66fb0bd2b31246e29e11cc7df7d8c259ecb5259218e8d5f95116ded65821b52c233f18868fedd82a2e4725e193e5e883135ac8234193ef1964f9"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
socketpair(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a4000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000440)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000005140)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01000000000000000000010000000c00020000000000000000001c0007800c00018008000100", @ANYRES32=r1], 0x3c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@ipv4_delroute={0x2c, 0x19, 0xa428a332fa3ee95f, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x1}, [@RTA_DST={0x8, 0x1, @dev}, @RTA_GATEWAY={0x8, 0x5, @private=0xa010102}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$FS_IOC_GETFSLABEL(r5, 0x400452c9, &(0x7f0000000100))

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:57649' (ED25519) to the list of known hosts.
syzkaller login: [   48.263398][ T5815] cgroup: Unknown subsys name 'net'
[   48.386872][ T5815] cgroup: Unknown subsys name 'cpuset'
[   48.390986][ T5815] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   49.960832][ T5815] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   54.186763][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   54.191464][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   54.194988][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   54.198858][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   54.202326][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   54.204950][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   54.205440][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   54.211291][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   54.214280][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   54.220632][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   54.292749][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   54.304137][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   54.313650][ T5839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   54.317213][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   54.320749][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   54.500558][ T5833] chnl_net:caif_netlink_parms(): no params data found
[   54.548639][ T5837] chnl_net:caif_netlink_parms(): no params data found
[   54.565288][ T5844] chnl_net:caif_netlink_parms(): no params data found
[   54.609995][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.612589][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.615347][ T5833] bridge_slave_0: entered allmulticast mode
[   54.618180][ T5833] bridge_slave_0: entered promiscuous mode
[   54.657715][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.660378][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.662971][ T5833] bridge_slave_1: entered allmulticast mode
[   54.665936][ T5833] bridge_slave_1: entered promiscuous mode
[   54.700184][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.702477][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.705045][ T5837] bridge_slave_0: entered allmulticast mode
[   54.707706][ T5837] bridge_slave_0: entered promiscuous mode
[   54.727260][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.730239][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.732948][ T5837] bridge_slave_1: entered allmulticast mode
[   54.736961][ T5837] bridge_slave_1: entered promiscuous mode
[   54.741991][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.749042][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.805050][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.808091][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.811004][ T5844] bridge_slave_0: entered allmulticast mode
[   54.815360][ T5844] bridge_slave_0: entered promiscuous mode
[   54.819656][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.822326][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.824859][ T5844] bridge_slave_1: entered allmulticast mode
[   54.827905][ T5844] bridge_slave_1: entered promiscuous mode
[   54.835167][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.839898][ T5833] team0: Port device team_slave_0 added
[   54.855354][ T5833] team0: Port device team_slave_1 added
[   54.869482][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.875295][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.917409][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.921461][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.925375][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.935683][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.964550][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.967441][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.977427][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.985180][ T5837] team0: Port device team_slave_0 added
[   55.008272][ T5837] team0: Port device team_slave_1 added
[   55.013835][ T5844] team0: Port device team_slave_0 added
[   55.018565][ T5844] team0: Port device team_slave_1 added
[   55.072877][ T5833] hsr_slave_0: entered promiscuous mode
[   55.076365][ T5833] hsr_slave_1: entered promiscuous mode
[   55.101877][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.106289][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.116507][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.121478][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.124439][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.132328][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.136785][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.138952][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.146915][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.159716][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.161915][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.170956][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.242944][ T5844] hsr_slave_0: entered promiscuous mode
[   55.246006][ T5844] hsr_slave_1: entered promiscuous mode
[   55.248245][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.250839][ T5844] Cannot create hsr debugfs directory
[   55.256513][ T5837] hsr_slave_0: entered promiscuous mode
[   55.258851][ T5837] hsr_slave_1: entered promiscuous mode
[   55.261074][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.263978][ T5837] Cannot create hsr debugfs directory
[   55.448008][ T5833] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   55.466209][ T5833] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   55.477235][ T5833] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   55.487229][ T5833] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   55.501218][ T5844] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   55.517743][ T5844] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   55.523695][ T5844] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   55.540345][ T5844] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   55.580596][ T5837] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   55.590873][ T5837] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   55.596770][ T5837] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   55.602543][ T5837] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   55.658895][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.680603][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[   55.690738][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.693254][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.708193][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.710519][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.732124][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.745427][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.761231][ T5844] 8021q: adding VLAN 0 to HW filter on device team0
[   55.775220][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.777519][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.784664][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.787074][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.792663][ T5837] 8021q: adding VLAN 0 to HW filter on device team0
[   55.808370][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.811269][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.825675][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.828222][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.964614][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.008009][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.018925][ T5833] veth0_vlan: entered promiscuous mode
[   56.027109][ T5833] veth1_vlan: entered promiscuous mode
[   56.037575][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.066528][ T5844] veth0_vlan: entered promiscuous mode
[   56.074854][ T5844] veth1_vlan: entered promiscuous mode
[   56.077997][ T5833] veth0_macvtap: entered promiscuous mode
[   56.086808][ T5833] veth1_macvtap: entered promiscuous mode
[   56.106854][ T5837] veth0_vlan: entered promiscuous mode
[   56.111346][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.120925][ T5844] veth0_macvtap: entered promiscuous mode
[   56.125995][ T5837] veth1_vlan: entered promiscuous mode
[   56.129141][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.136519][ T5844] veth1_macvtap: entered promiscuous mode
[   56.140356][ T5833] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.145204][ T5833] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.148078][ T5833] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.150788][ T5833] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.177663][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.192246][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.204385][ T5844] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.207458][ T5844] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.211972][ T5844] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.216990][ T5844] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.224585][ T5839] Bluetooth: hci0: command tx timeout
[   56.234173][ T5837] veth0_macvtap: entered promiscuous mode
[   56.257666][ T5837] veth1_macvtap: entered promiscuous mode
[   56.264750][ T4880] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.267517][ T4880] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.294310][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.303768][ T5839] Bluetooth: hci1: command tx timeout
[   56.310695][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.316288][ T5837] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.320009][ T5837] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.322884][ T5837] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.327218][ T5837] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.338211][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.340712][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.383492][ T5839] Bluetooth: hci2: command tx timeout
[   56.389616][ T5833] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   56.398711][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.409668][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.453285][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.455810][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.481314][ T4880] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.490318][ T4880] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.504319][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.507486][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.910477][ T5937] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   57.194003][ T5964] netlink: 12 bytes leftover after parsing attributes in process `syz.0.29'.
[   57.262892][ T5970] netlink: 'syz.0.33': attribute type 1 has an invalid length.
[   57.273146][ T5970] netlink: 3 bytes leftover after parsing attributes in process `syz.0.33'.
[   57.288655][ T5970] batadv1: entered promiscuous mode
[   57.290441][ T5970] batadv1: entered allmulticast mode
[   57.351527][ T5977] netlink: 'syz.2.36': attribute type 1 has an invalid length.
[   57.409058][ T5981] netlink: 'syz.1.38': attribute type 1 has an invalid length.
[   57.415078][ T5981] netlink: 228 bytes leftover after parsing attributes in process `syz.1.38'.
[   57.418749][ T5979] netlink: 'syz.2.37': attribute type 83 has an invalid length.
[   57.422588][ T5981] netlink: 8 bytes leftover after parsing attributes in process `syz.1.38'.
[   57.478526][ T5973] syz.0.33 uses obsolete (PF_INET,SOCK_PACKET)
[   57.488277][ T5970] netlink: 48 bytes leftover after parsing attributes in process `syz.0.33'.
[   57.606273][ T5998] warning: `syz.1.45' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   57.988821][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   58.304272][ T5839] Bluetooth: hci0: command tx timeout
[   58.383268][ T5839] Bluetooth: hci1: command tx timeout
[   58.466126][ T5839] Bluetooth: hci2: command tx timeout
[   58.468723][ T5838] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   58.778407][ T6085] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   58.876268][ T6089] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   58.880275][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   59.079896][ T6101] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   59.108360][ T6103] netlink: 32 bytes leftover after parsing attributes in process `syz.0.91'.
[   59.433649][ T5884] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   59.505081][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   59.525435][ T6116] netlink: 596 bytes leftover after parsing attributes in process `syz.1.97'.
[   59.640346][ T6122] netdevsim netdevsim1 netdevsim1: entered allmulticast mode
[   59.714745][ T6130] netlink: 8 bytes leftover after parsing attributes in process `syz.2.103'.
[   59.792932][ T6136] netlink: 12 bytes leftover after parsing attributes in process `syz.2.106'.
[   59.918024][ T6148] netlink: 'syz.1.112': attribute type 15 has an invalid length.
[   60.054432][ T6158] netlink: 20 bytes leftover after parsing attributes in process `syz.2.117'.
[   60.066142][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   60.235403][ T6179] netlink: 'syz.1.127': attribute type 1 has an invalid length.
[   60.385961][ T5839] Bluetooth: hci0: command tx timeout
[   60.463385][ T5839] Bluetooth: hci1: command tx timeout
[   60.543293][ T5839] Bluetooth: hci2: command tx timeout
[   60.552278][ T5884] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   60.555897][ T5884] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   60.626708][ T5884] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   61.149900][ T6258] xt_l2tp: wrong L2TP version: 0
[   61.937835][ T6296] pimreg: entered allmulticast mode
[   61.940661][ T6296] pimreg: left allmulticast mode
[   62.141117][ T6313] Illegal XDP return value 4294967274 on prog  (id 26) dev N/A, expect packet loss!
[   62.189533][ T6316] netlink: 'syz.1.182': attribute type 1 has an invalid length.
[   62.222657][ T6316] 8021q: adding VLAN 0 to HW filter on device bond1
[   62.245156][ T6316] veth3: entered promiscuous mode
[   62.255670][ T6316] bond1: (slave veth3): Enslaving as an active interface with a down link
[   62.324360][ T6320] x_tables: unsorted entry at hook 1
[   62.463987][ T5839] Bluetooth: hci0: command tx timeout
[   62.543914][ T5839] Bluetooth: hci1: command tx timeout
[   62.623283][ T5839] Bluetooth: hci2: command tx timeout
[   63.031890][ T6343] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[   63.108776][ T6350] sch_tbf: peakrate 12 is lower than or equals to rate 6561010854487373889 !
[   63.193356][   T24] net_ratelimit: 6 callbacks suppressed
[   63.193373][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   63.665295][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   64.085639][ T6395] Zero length message leads to an empty skb
[   64.140778][ T6397] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   64.157083][ T6401] ieee802154 phy0 wpan0: encryption failed: -22
[   64.227765][ T5838] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   64.445611][ T6418] netlink: 'syz.0.229': attribute type 10 has an invalid length.
[   64.476353][ T6418] batman_adv: batadv0: Adding interface: team0
[   64.478471][ T6418] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.506612][ T6423] netlink: 'syz.0.229': attribute type 10 has an invalid length.
[   64.512434][ T6423] __nla_validate_parse: 6 callbacks suppressed
[   64.512444][ T6423] netlink: 2 bytes leftover after parsing attributes in process `syz.0.229'.
[   64.513265][ T6418] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[   64.527406][ T6423] team0: entered promiscuous mode
[   64.529185][ T6423] team_slave_0: entered promiscuous mode
[   64.538433][ T6423] team_slave_1: entered promiscuous mode
[   64.552888][ T6423] 8021q: adding VLAN 0 to HW filter on device team0
[   64.572282][ T6423] batman_adv: batadv0: Interface activated: team0
[   64.578891][ T6423] batman_adv: batadv0: Interface deactivated: team0
[   64.581379][ T6423] batman_adv: batadv0: Removing interface: team0
[   64.590661][ T6423] bridge0: port 3(team0) entered blocking state
[   64.593961][ T6423] bridge0: port 3(team0) entered disabled state
[   64.596813][ T6423] team0: entered allmulticast mode
[   64.599089][ T6423] team_slave_0: entered allmulticast mode
[   64.601685][ T6423] team_slave_1: entered allmulticast mode
[   64.608698][ T6423] bridge0: port 3(team0) entered blocking state
[   64.611726][ T6423] bridge0: port 3(team0) entered forwarding state
[   64.953182][ T6457] netlink: 'syz.1.246': attribute type 1 has an invalid length.
[   64.956323][ T6457] netlink: 224 bytes leftover after parsing attributes in process `syz.1.246'.
[   64.964783][ T6457] netlink: 8 bytes leftover after parsing attributes in process `syz.1.246'.
[   65.088700][ T6471] netlink: 4 bytes leftover after parsing attributes in process `syz.2.253'.
[   65.093856][ T6471] netlink: 4 bytes leftover after parsing attributes in process `syz.2.253'.
[   65.121375][ T6473] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   65.263632][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   65.343342][   T54] Bluetooth: hci2: command 0x0405 tx timeout
[   65.430159][ T6495] unknown channel width for channel at 909000KHz?
[   65.527823][ T6505] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   65.531632][ T6505] batadv_slave_0: entered promiscuous mode
[   65.552970][ T6509] netlink: 'syz.0.272': attribute type 23 has an invalid length.
[   65.635108][ T6518] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[   66.193559][ T6569] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   66.270164][ T6573] tipc: Started in network mode
[   66.273127][ T6573] tipc: Node identity ea38310d4407, cluster identity 4711
[   66.276225][ T6573] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   66.279594][ T6573] syzkaller0: entered promiscuous mode
[   66.287119][ T6573] syzkaller0: entered allmulticast mode
[   66.305495][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   66.331375][ T6573] tipc: Resetting bearer <eth:syzkaller0>
[   66.337348][ T6572] tipc: Resetting bearer <eth:syzkaller0>
[   66.389846][ T6572] tipc: Disabling bearer <eth:syzkaller0>
[   66.658531][ T6611] netlink: 'syz.2.316': attribute type 1 has an invalid length.
[   66.661920][ T6611] netlink: 228 bytes leftover after parsing attributes in process `syz.2.316'.
[   66.704712][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   66.789476][ T6625] lo: entered promiscuous mode
[   66.792065][ T6625] tunl0: entered promiscuous mode
[   66.796795][ T6625] gre0: entered promiscuous mode
[   66.799352][ T6625] gretap0: entered promiscuous mode
[   66.801857][ T6625] erspan0: entered promiscuous mode
[   66.815192][ T6625] ip_vti0: entered promiscuous mode
[   66.818748][ T6625] ip6_vti0: entered promiscuous mode
[   66.820778][ T6625] sit0: entered promiscuous mode
[   66.822601][ T6629] netlink: 'syz.0.326': attribute type 1 has an invalid length.
[   66.822812][ T6625] ip6tnl0: entered promiscuous mode
[   66.826446][ T6629] netlink: 224 bytes leftover after parsing attributes in process `syz.0.326'.
[   66.828715][ T6625] ip6gre0: entered promiscuous mode
[   66.834289][ T6625] syz_tun: entered promiscuous mode
[   66.836275][ T6625] ip6gretap0: entered promiscuous mode
[   66.838360][ T6625] bridge0: entered promiscuous mode
[   66.840265][ T6625] vcan0: entered promiscuous mode
[   66.842049][ T6625] bond0: entered promiscuous mode
[   66.845760][ T6625] bond_slave_0: entered promiscuous mode
[   66.847694][ T6625] bond_slave_1: entered promiscuous mode
[   66.855926][ T6625] team0: entered promiscuous mode
[   66.864811][ T6625] team_slave_0: entered promiscuous mode
[   66.867510][ T6625] team_slave_1: entered promiscuous mode
[   66.870784][ T6625] dummy0: entered promiscuous mode
[   66.886833][ T6625] nlmon0: entered promiscuous mode
[   66.892827][ T6625] caif0: entered promiscuous mode
[   66.895587][ T6625] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   66.964997][ T6636] netlink: 4 bytes leftover after parsing attributes in process `syz.1.329'.
[   67.040214][ T6644] netlink: 'syz.2.333': attribute type 1 has an invalid length.
[   67.042778][ T6644] netlink: 204 bytes leftover after parsing attributes in process `syz.2.333'.
[   67.053101][ T6644] netlink: 'syz.2.333': attribute type 1 has an invalid length.
[   67.308154][ T6677] netlink: 92 bytes leftover after parsing attributes in process `syz.0.349'.
[   67.664639][ T6715] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   67.691994][ T6715] batman_adv: batadv0: Removing interface: batadv_slave_1
[   67.722291][ T6727] syz_tun: entered allmulticast mode
[   67.732407][ T6726] syz_tun: left allmulticast mode
[   67.803219][ T6737] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 0, id = 0
[   68.203143][ T6777] net_ratelimit: 107 callbacks suppressed
[   68.203163][ T6777] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   68.209642][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   68.215903][ T6777] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   68.219293][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   68.222715][ T6777] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   68.226296][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   68.230467][ T6777] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   68.234156][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   68.237964][ T6777] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   68.240655][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   68.591421][ T6816] syz.1.410 (6816) used obsolete PPPIOCDETACH ioctl
[   68.639595][ T6820] syz.2.411 uses old SIOCAX25GETINFO
[   68.700022][ T6824] ip6t_srh: unknown srh invflags 4449
[   69.591453][ T6897] netlink: 'syz.0.446': attribute type 1 has an invalid length.
[   69.619714][ T6897] 8021q: adding VLAN 0 to HW filter on device bond1
[   69.642304][ T6899] pimreg: entered allmulticast mode
[   69.660637][ T6897] 8021q: adding VLAN 0 to HW filter on device bond1
[   69.665142][ T6897] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[   69.672036][ T6897] bond1: (slave vxcan3): Error -95 calling set_mac_address
[   69.706878][ T6900] veth3: entered promiscuous mode
[   69.710657][ T6900] bond1: (slave veth3): Enslaving as an active interface with a down link
[   69.715387][ T6899] pimreg: left allmulticast mode
[   69.747691][ T6897] erspan0: entered allmulticast mode
[   69.753700][ T6897] bond1: (slave erspan0): making interface the new active one
[   69.756816][ T6897] bond1: (slave erspan0): Enslaving as an active interface with an up link
[   70.720497][ T6972] Bluetooth: MGMT ver 1.23
[   71.109975][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   71.112190][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   71.858184][ T5884] hid-generic 0005:0458:5505.0001: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[   72.135874][ T7070] 
[   72.137005][ T7070] ======================================================
[   72.139911][ T7070] WARNING: possible circular locking dependency detected
[   72.142769][ T7070] 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 Not tainted
[   72.146894][ T7070] ------------------------------------------------------
[   72.149900][ T7070] syz.1.525/7070 is trying to acquire lock:
[   72.152436][ T7070] ffff88802273d988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   72.157074][ T7070] 
[   72.157074][ T7070] but task is already holding lock:
[   72.160094][ T7070] ffff88802273da30 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_connect+0x94f/0x1930
[   72.164116][ T7070] 
[   72.164116][ T7070] which lock already depends on the new lock.
[   72.164116][ T7070] 
[   72.168505][ T7070] 
[   72.168505][ T7070] the existing dependency chain (in reverse order) is:
[   72.172155][ T7070] 
[   72.172155][ T7070] -> #2 (&nbd->config_lock){+.+.}-{4:4}:
[   72.175337][ T7070]        lock_acquire+0x120/0x360
[   72.177497][ T7070]        __mutex_lock+0x182/0xe80
[   72.179600][ T7070]        refcount_dec_and_mutex_lock+0x30/0xa0
[   72.182151][ T7070]        nbd_config_put+0x2c/0x790
[   72.184311][ T7070]        nbd_release+0xfe/0x140
[   72.186416][ T7070]        bdev_release+0x536/0x650
[   72.188566][ T7070]        blkdev_release+0x15/0x20
[   72.190704][ T7070]        __fput+0x44c/0xa70
[   72.192585][ T7070]        fput_close_sync+0x119/0x200
[   72.194741][ T7070]        __x64_sys_close+0x7f/0x110
[   72.196878][ T7070]        do_syscall_64+0xfa/0x3b0
[   72.198956][ T7070]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.201576][ T7070] 
[   72.201576][ T7070] -> #1 (&disk->open_mutex){+.+.}-{4:4}:
[   72.204865][ T7070]        lock_acquire+0x120/0x360
[   72.206911][ T7070]        __mutex_lock+0x182/0xe80
[   72.208932][ T7070]        __del_gendisk+0x129/0x9e0
[   72.210995][ T7070]        del_gendisk+0xe8/0x160
[   72.213071][ T7070]        nbd_dev_remove_work+0x47/0xe0
[   72.215324][ T7070]        process_scheduled_works+0xae1/0x17b0
[   72.217896][ T7070]        worker_thread+0x8a0/0xda0
[   72.220055][ T7070]        kthread+0x711/0x8a0
[   72.222034][ T7070]        ret_from_fork+0x3fc/0x770
[   72.224223][ T7070]        ret_from_fork_asm+0x1a/0x30
[   72.226547][ T7070] 
[   72.226547][ T7070] -> #0 (&set->update_nr_hwq_lock){++++}-{4:4}:
[   72.230057][ T7070]        validate_chain+0xb9b/0x2140
[   72.232048][ T7070]        __lock_acquire+0xab9/0xd20
[   72.234039][ T7070]        lock_acquire+0x120/0x360
[   72.236185][ T7070]        down_write+0x96/0x1f0
[   72.238146][ T7070]        blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   72.240687][ T7070]        nbd_start_device+0x16c/0xac0
[   72.242860][ T7070]        nbd_genl_connect+0x1250/0x1930
[   72.245188][ T7070]        genl_family_rcv_msg_doit+0x215/0x300
[   72.247647][ T7070]        genl_rcv_msg+0x60e/0x790
[   72.249686][ T7070]        netlink_rcv_skb+0x208/0x470
[   72.251827][ T7070]        genl_rcv+0x28/0x40
[   72.253699][ T7070]        netlink_unicast+0x75b/0x8d0
[   72.255913][ T7070]        netlink_sendmsg+0x805/0xb30
[   72.258116][ T7070]        __sock_sendmsg+0x21c/0x270
[   72.260333][ T7070]        ____sys_sendmsg+0x505/0x830
[   72.262605][ T7070]        ___sys_sendmsg+0x21f/0x2a0
[   72.264857][ T7070]        __x64_sys_sendmsg+0x19b/0x260
[   72.267197][ T7070]        do_syscall_64+0xfa/0x3b0
[   72.269263][ T7070]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.272024][ T7070] 
[   72.272024][ T7070] other info that might help us debug this:
[   72.272024][ T7070] 
[   72.276082][ T7070] Chain exists of:
[   72.276082][ T7070]   &set->update_nr_hwq_lock --> &disk->open_mutex --> &nbd->config_lock
[   72.276082][ T7070] 
[   72.281713][ T7070]  Possible unsafe locking scenario:
[   72.281713][ T7070] 
[   72.284773][ T7070]        CPU0                    CPU1
[   72.287070][ T7070]        ----                    ----
[   72.289296][ T7070]   lock(&nbd->config_lock);
[   72.291295][ T7070]                                lock(&disk->open_mutex);
[   72.294201][ T7070]                                lock(&nbd->config_lock);
[   72.297204][ T7070]   lock(&set->update_nr_hwq_lock);
[   72.299385][ T7070] 
[   72.299385][ T7070]  *** DEADLOCK ***
[   72.299385][ T7070] 
[   72.302702][ T7070] 3 locks held by syz.1.525/7070:
[   72.304885][ T7070]  #0: ffffffff8f582af0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[   72.308317][ T7070]  #1: ffffffff8f582908 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[   72.312011][ T7070]  #2: ffff88802273da30 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_connect+0x94f/0x1930
[   72.315906][ T7070] 
[   72.315906][ T7070] stack backtrace:
[   72.318161][ T7070] CPU: 1 UID: 0 PID: 7070 Comm: syz.1.525 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[   72.318179][ T7070] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   72.318188][ T7070] Call Trace:
[   72.318196][ T7070]  <TASK>
[   72.318203][ T7070]  dump_stack_lvl+0x189/0x250
[   72.318226][ T7070]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.318241][ T7070]  ? __pfx__printk+0x10/0x10
[   72.318259][ T7070]  ? print_lock_name+0xde/0x100
[   72.318277][ T7070]  print_circular_bug+0x2ee/0x310
[   72.318295][ T7070]  check_noncircular+0x134/0x160
[   72.318312][ T7070]  validate_chain+0xb9b/0x2140
[   72.318335][ T7070]  __lock_acquire+0xab9/0xd20
[   72.318349][ T7070]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   72.318364][ T7070]  lock_acquire+0x120/0x360
[   72.318375][ T7070]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   72.318392][ T7070]  ? __mutex_unlock_slowpath+0x1cd/0x700
[   72.318406][ T7070]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   72.318424][ T7070]  down_write+0x96/0x1f0
[   72.318438][ T7070]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   72.318453][ T7070]  ? __pfx_down_write+0x10/0x10
[   72.318470][ T7070]  blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   72.318485][ T7070]  ? nbd_add_socket+0x688/0x9a0
[   72.318500][ T7070]  ? nbd_add_socket+0x688/0x9a0
[   72.318514][ T7070]  nbd_start_device+0x16c/0xac0
[   72.318526][ T7070]  ? __nla_parse+0x40/0x60
[   72.318538][ T7070]  nbd_genl_connect+0x1250/0x1930
[   72.318550][ T7070]  ? __pfx_nbd_genl_connect+0x10/0x10
[   72.318565][ T7070]  ? __nla_parse+0x40/0x60
[   72.318577][ T7070]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[   72.318592][ T7070]  genl_family_rcv_msg_doit+0x215/0x300
[   72.318615][ T7070]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   72.318641][ T7070]  genl_rcv_msg+0x60e/0x790
[   72.318661][ T7070]  ? __pfx_genl_rcv_msg+0x10/0x10
[   72.318677][ T7070]  ? __pfx_nbd_genl_connect+0x10/0x10
[   72.318693][ T7070]  netlink_rcv_skb+0x208/0x470
[   72.318706][ T7070]  ? __pfx_genl_rcv_msg+0x10/0x10
[   72.318724][ T7070]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   72.318742][ T7070]  ? down_read+0x1ad/0x2e0
[   72.318756][ T7070]  genl_rcv+0x28/0x40
[   72.318772][ T7070]  netlink_unicast+0x75b/0x8d0
[   72.318787][ T7070]  netlink_sendmsg+0x805/0xb30
[   72.318836][ T7070]  ? __pfx_netlink_sendmsg+0x10/0x10
[   72.318853][ T7070]  ? aa_sock_msg_perm+0x94/0x160
[   72.318874][ T7070]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   72.318885][ T7070]  ? __pfx_netlink_sendmsg+0x10/0x10
[   72.318900][ T7070]  __sock_sendmsg+0x21c/0x270
[   72.318912][ T7070]  ____sys_sendmsg+0x505/0x830
[   72.318930][ T7070]  ? __pfx_____sys_sendmsg+0x10/0x10
[   72.318957][ T7070]  ? import_iovec+0x74/0xa0
[   72.318974][ T7070]  ___sys_sendmsg+0x21f/0x2a0
[   72.318990][ T7070]  ? __pfx____sys_sendmsg+0x10/0x10
[   72.319016][ T7070]  ? __fget_files+0x2a/0x420
[   72.319032][ T7070]  ? __fget_files+0x3a0/0x420
[   72.319049][ T7070]  __x64_sys_sendmsg+0x19b/0x260
[   72.319066][ T7070]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   72.319084][ T7070]  ? rcu_is_watching+0x15/0xb0
[   72.319100][ T7070]  ? do_syscall_64+0xbe/0x3b0
[   72.319114][ T7070]  do_syscall_64+0xfa/0x3b0
[   72.319125][ T7070]  ? lockdep_hardirqs_on+0x9c/0x150
[   72.319135][ T7070]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.319147][ T7070]  ? exc_page_fault+0x9f/0xf0
[   72.319166][ T7070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.319179][ T7070] RIP: 0033:0x7f28e6b8e929
[   72.319193][ T7070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.319203][ T7070] RSP: 002b:00007f28e7aca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   72.319217][ T7070] RAX: ffffffffffffffda RBX: 00007f28e6db5fa0 RCX: 00007f28e6b8e929
[   72.319226][ T7070] RDX: 0000000000000000 RSI: 0000200000001ac0 RDI: 0000000000000007
[   72.319234][ T7070] RBP: 00007f28e6c10b39 R08: 0000000000000000 R09: 0000000000000000
[   72.319242][ T7070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   72.319250][ T7070] R13: 0000000000000000 R14: 00007f28e6db5fa0 R15: 00007ffd7ee2eb28
[   72.319264][ T7070]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
Connection to localhost closed by remote host.
[   72.909106][ T6425] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.967420][ T6425] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.008127][ T6425] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.068714][ T6425] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.154597][ T6425] team0: left allmulticast mode
[   73.156766][ T6425] team_slave_0: left allmulticast mode
[   73.159178][ T6425] team_slave_1: left allmulticast mode
[   73.161617][ T6425] bridge0: port 3(team0) entered disabled state
[   73.165681][ T6425] bridge_slave_1: left allmulticast mode
[   73.168032][ T6425] bridge_slave_1: left promiscuous mode
[   73.170480][ T6425] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.175824][ T6425] bridge_slave_0: left allmulticast mode
[   73.178399][ T6425] bridge_slave_0: left promiscuous mode
[   73.180820][ T6425] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.221606][ T6425] bond1 (unregistering): (slave erspan0): Releasing active interface
[   73.296878][ T6425] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   73.302065][ T6425] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   73.306686][ T6425] bond0 (unregistering): Released all slaves
[   73.355938][ T6425] bond1 (unregistering): (slave veth3): Releasing active interface
[   73.359641][ T6425] bond1 (unregistering): Released all slaves
[   73.430211][ T6425] tipc: Left network mode
[   73.473620][ T6425] IPVS: stopping backup sync thread 6737 ...
[   73.580483][ T6425] hsr_slave_0: left promiscuous mode
[   73.583553][ T6425] hsr_slave_1: left promiscuous mode
[   73.585997][ T6425] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   73.589046][ T6425] batman_adv: batadv0: Removing interface: batadv_slave_0
[   73.592529][ T6425] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   73.595764][ T6425] batman_adv: batadv0: Removing interface: batadv_slave_1
[   73.601375][ T6425] veth1_macvtap: left promiscuous mode
[   73.604472][ T6425] veth0_macvtap: left promiscuous mode
[   73.606988][ T6425] veth1_vlan: left promiscuous mode
[   73.609318][ T6425] veth0_vlan: left promiscuous mode
[   73.730683][ T6425] team_slave_1 (unregistering): left promiscuous mode
[   73.738077][ T6425] team0 (unregistering): Port device team_slave_1 removed
[   73.751350][ T6425] team_slave_0 (unregistering): left promiscuous mode
[   73.756514][ T6425] team0 (unregistering): Port device team_slave_0 removed
[   74.156809][ T6425] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.197432][ T6425] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.236500][ T6425] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.287504][ T6425] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.337669][ T6425] bridge_slave_1: left allmulticast mode
[   74.339508][ T6425] bridge_slave_1: left promiscuous mode
[   74.341342][ T6425] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.344499][ T6425] bridge_slave_0: left allmulticast mode
[   74.346470][ T6425] bridge_slave_0: left promiscuous mode
[   74.348590][ T6425] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.428839][ T6425] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   74.432018][ T6425] bond_slave_0: left promiscuous mode
[   74.434745][ T6425] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   74.437638][ T6425] bond_slave_1: left promiscuous mode
[   74.439751][ T6425] bond0 (unregistering): Released all slaves
[   74.647441][ T6425] hsr_slave_0: left promiscuous mode
[   74.649545][ T6425] hsr_slave_1: left promiscuous mode
[   74.651815][ T6425] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   74.654341][ T6425] batman_adv: batadv0: Removing interface: batadv_slave_0
[   74.656912][ T6425] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   74.659226][ T6425] batman_adv: batadv0: Removing interface: batadv_slave_1
[   74.664222][ T6425] veth1_macvtap: left promiscuous mode
[   74.665960][ T6425] veth0_macvtap: left promiscuous mode
[   74.667842][ T6425] veth1_vlan: left promiscuous mode
[   74.669603][ T6425] veth0_vlan: left promiscuous mode
[   74.768311][ T6425] team_slave_1 (unregistering): left promiscuous mode
[   74.771596][ T6425] team0 (unregistering): Port device team_slave_1 removed
[   74.791309][ T6425] team_slave_0 (unregistering): left promiscuous mode
[   74.794302][ T6425] team0 (unregistering): Port device team_slave_0 removed
[   81.353870][   T47] cfg80211: failed to load regulatory.db

VM DIAGNOSIS:
01:07:45  Registers:
info registers vcpu 0

CPU#0
RAX=ffffffff822f07e3 RBX=800000011f4f2007 RCX=ffff888108d91cc0 RDX=0000000000000000
RSI=0000000000000004 RDI=0000000000000000 RBP=0000000000000001 RSP=ffffc9000342f368
R8 =ffffea00047d3c87 R9 =1ffffd40008fa790 R10=dffffc0000000000 R11=fffff940008fa791
R12=000000001f4f2001 R13=800000011f4f2007 R14=ffff88802082c668 R15=ffff88802aa08000
RIP=ffffffff81c05ecd RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555590029500 ffffffff 00c00000
GS =0000 ffff8880b861d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f762fae56c0 CR3=000000010f07a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f2935585478 00007f2935585450 XMM03=00007f2935585488 00007f2935585480
XMM04=00007f29360ed100 00007f2935585440 XMM05=00007f2935585458 00007f29355854a0
XMM06=00007f2935585498 00007f2935585490 XMM07=00007f2935585488 00007f2935585480
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f2935411c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000067 RBX=0000000000000067 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000001362 RDI=0000000000001363 RBP=00000000000003f8 RSP=ffffc90007fee710
R8 =ffff888021010237 R9 =1ffff11004202046 R10=dffffc0000000000 R11=ffffffff85475610
R12=dffffc0000000000 R13=ffffffff99af78f3 R14=ffffffff99dfc760 R15=0000000000000000
RIP=ffffffff8547568c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f28e7aca6c0 ffffffff 00c00000
GS =0000 ffff8881a3c1d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000005140 CR3=000000010f15e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000001 XMM01=00060170ea010000 060806020103ec00
XMM02=ffffdf08018a8003 0008000210000210 XMM03=72656c6c616b7a79 7301ffffffffffff
XMM04=0000440c08018aa0 0300000000000030 XMM05=01018a800404a4c6 0800010000060806
XMM06=060122fec64e0000 00440c08018aa003 XMM07=0000000000003072 656c6c616b7a7973
XMM08=01ffffffffffffff ffdf08018a800300 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
