last executing test programs:

5.862060348s ago: executing program 1 (id=2):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="0200"], 0x10)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@cgroup=r0, 0x2, 0x0, 0x80000001, &(0x7f0000000200)=[0x0], 0x13, 0x0, 0xfffffffffffffffd, 0x0, 0x0}, 0x61)

5.710254522s ago: executing program 1 (id=10):
socket$igmp6(0xa, 0x3, 0x2)
unshare(0x20000400)
r0 = epoll_create1(0x0)
epoll_pwait(r0, 0xfffffffffffffffc, 0x40, 0x8000005, 0x0, 0x0)

4.538826893s ago: executing program 1 (id=43):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000000100)={'syzkaller0\x00', @random})
ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000000000)={'syzkaller0\x00', @random="112700000002"})

726.677455ms ago: executing program 0 (id=94):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)={{0x14}, [@NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELRULE={0x20, 0x8, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x9}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x74}}, 0x0)

672.119651ms ago: executing program 0 (id=96):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x30, r1, 0x1, 0x10100, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_STA_VLAN={0x8, 0x14, r2}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008814}, 0x4)

569.03416ms ago: executing program 0 (id=98):
socket$xdp(0x2c, 0x3, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000100)=ANY=[], 0x20)
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_DEL_MIF(r0, 0x29, 0xc8, 0x0, 0xc000000)
mmap$xdp(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x100000b, 0x100010, r0, 0x180000000)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40841, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000084ffffffff000000000300000000000000000000000200000000000000000000000000000b03000000000000000000000902"], 0x0, 0x56, 0x0, 0x3}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
pipe(&(0x7f0000000440)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
splice(r3, 0x0, r5, 0x0, 0xf3a, 0x0)
write$tun(r5, &(0x7f0000000540)=ANY=[], 0x8b)
read$alg(r4, &(0x7f00000003c0)=""/85, 0x55)
syz_genetlink_get_family_id$nl80211(0x0, r5)
write(r5, &(0x7f0000003300)="ac", 0x1)
ioctl$int_in(r5, 0x5452, &(0x7f0000000000)=0x10001)
write(r2, 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)=ANY=[], 0x98}, 0x1, 0x0, 0x0, 0x40000}, 0x4048010)
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="04000000ffffffffffffaaaaaaaaaaaa8100000086dd60b79a5600442900fe8000000000000000000000000000aaff45"], 0x82)

391.136608ms ago: executing program 2 (id=101):
socket$nl_route(0x10, 0x3, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_subtree(r1, &(0x7f0000000200), 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000080)={[{0x2b, 'cpu'}]}, 0x5)
write$cgroup_subtree(r2, &(0x7f0000000a00)=ANY=[@ANYBLOB='-cpu'], 0x5)
r3 = openat$cgroup_type(r0, &(0x7f0000000040), 0x2, 0x0)
write$cgroup_type(r3, &(0x7f00000001c0), 0x9)

330.128591ms ago: executing program 2 (id=102):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f00000000c0)={@val={0x8, 0x800}, @val={0x1, 0x3, 0x3, 0x2, 0x14}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x4, 0x28, 0x0, 0x0, 0x8, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, {{0x8100, 0x88a8, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x20, 0x8}}}}, 0xfdef)

180.520187ms ago: executing program 2 (id=103):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000240)='kfree_skb\x00', r0, 0x0, 0x8}, 0x18)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose, 0xffffffff}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48)

180.180887ms ago: executing program 2 (id=104):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x50, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x20, 0x2, {{0x10, 0x3, 0x1, 0x3, 0x400, 0x8}, [@TCA_NETEM_DELAY_DIST={0x4}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840)

136.01727ms ago: executing program 0 (id=105):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)={0x48, 0x2, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0xc040}, 0x0)

57.682135ms ago: executing program 2 (id=106):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r1)
sendmsg$IEEE802154_START_REQ(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000700)={0x14, r2, 0x1, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20000080}, 0x200c8000)

57.433757ms ago: executing program 0 (id=107):
r0 = socket(0x1d, 0x3, 0x1)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x22}}, 0x10)

259.318µs ago: executing program 0 (id=108):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
r2 = socket$kcm(0x10, 0x2, 0x10)
syz_emit_ethernet(0xbe, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffffff0000000000000800450000b000000000fe019078ac1e0001ac1414aa0301907803240000450000000001000000290005ac1414aa640101028677fffeffff000ce256b28c59881681fb520009020007651442eb000e7434954373561de584b703c80009e706d30bd224f80207cfa11cab1a00108475be675de6a70a05a0dc91e5c6000a6580a5e97612fe86001273bc23f9ffffffa30900a301c84600000012c8f46976e79ea788f03d9d3205927e3d8606ff"], 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000940)=ANY=[@ANYBLOB="380100001a0001000000000000000000fe80000000000000bb000000000000000000001000080000000000070000000000000071a5f488dc42e393ccbc0c10176387f546988498674ca40fbc659548182e7ca27cea8e84586cf02bccf69943610669b0514241ae7f611b2613ad8139ba06dae32e2b631491362d055d69132f7239628541097a88984a96b9a19a877dcd5c63aeff3aa0cba915e44175af1a0a44f57f7532152c2229ed16595d158d24d3de35bf5c6975f354cd6165a4e2e820eb1906d900000000000000d84ca126784c2a6c84ff4db6e41ec4a0741b892a9009b2d1feb25646eb425b08603d887b911474a71ca5a6daa5f3eeaa12c908ffc91b0935000000000000000000000050a7c9d2530ac7f700445d3d153f38c5d8d341a0a096e3338ed9d1e5f6b5689d2ec50fbee55a837e8612aacdb3eb579ce38e1ddec81862dae485e8b47bc10bcc8ae2c4258f87f610902fd9b54cc53584d1675aace4caffe3de1f61a9e35bd011a32b70e590a2590bd38d06caf693b9c229d9bb5b1c399bc44c6f82d4b60fd470ebb3fca31a1d05e7f531a89407ace4c8b3b2bb383a4eba6792c3f431df343abff4b7d3d66a95b52dba64626be59f0c0a0b24c84a1a49b4b1a4fa68dc966c41700ca92b5cd3c6f806005e338f4d77b48174f6444c215f115d569832b9c9d4dc77fd34cc027baf41296cedc95b059fc3a3f32f8f0351856efbbd9fd6ba2598", @ANYRES32, @ANYRES32=0x0, @ANYBLOB="fe880000000000000000000000000001000000006c0000007f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a", @ANYRESHEX=r1, @ANYRES16=r2], 0x138}, 0x1, 0x0, 0x0, 0x4008c84}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x1, 0x0, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x1, 0x0, 0x3, {@ip4=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x86dd}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000080)=@assoc_value, &(0x7f00000000c0)=0x8)
unshare(0x2c060000)
unshare(0x24020400)
unshare(0x2000000)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x2c)
setsockopt$inet_msfilter(r5, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c)
r6 = socket$netlink(0x10, 0x3, 0x0)
writev(r6, &(0x7f0000000440)=[{&(0x7f0000000300)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r6, &(0x7f0000000480)=[{&(0x7f0000000080)="390000001300034700bb5be1c3fbfeff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
setsockopt$inet_mreqsrc(r5, 0x0, 0x25, &(0x7f0000000100)={@multicast2, @loopback, @empty}, 0xc)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000780)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000001000000008000900010001001800018014000200776c616e30000000000000000000000008000800000002"], 0x3c}}, 0x0)
connect$unix(r3, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00'})

0s ago: executing program 2 (id=109):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000340)=@newsa={0x138, 0x10, 0x1, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@local, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x5c, 0x0, 0xffffffffffffffff}, {@in6=@remote, 0x14, 0x6c}, @in=@empty=0x14, {0x0, 0x800000000, 0x0, 0xfffffff7ffffffff, 0x0, 0x0, 0x1000000000000000}, {0x0, 0x4}, {}, 0x80000000, 0x0, 0x2, 0x1, 0x6, 0x2c}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x4004050}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:51524' (ED25519) to the list of known hosts.
syzkaller login: [   48.844512][ T5798] cgroup: Unknown subsys name 'net'
[   48.972415][ T5798] cgroup: Unknown subsys name 'cpuset'
[   48.976697][ T5798] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.331661][ T5798] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   54.546585][ T5205] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   54.550240][ T5205] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   54.553133][ T5205] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   54.556126][ T5205] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   54.560167][ T5205] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   54.590698][ T5817] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   54.594059][ T5817] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   54.597122][ T5817] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   54.600353][ T5817] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   54.607360][ T5817] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   54.652385][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   54.659559][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   54.662547][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   54.666750][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   54.670741][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   54.770933][ T5811] chnl_net:caif_netlink_parms(): no params data found
[   54.910418][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.913436][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.916076][ T5811] bridge_slave_0: entered allmulticast mode
[   54.918958][ T5811] bridge_slave_0: entered promiscuous mode
[   54.928794][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.931402][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.934097][ T5811] bridge_slave_1: entered allmulticast mode
[   54.937335][ T5811] bridge_slave_1: entered promiscuous mode
[   54.960102][ T5815] chnl_net:caif_netlink_parms(): no params data found
[   54.982084][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.003218][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.054212][ T5811] team0: Port device team_slave_0 added
[   55.070683][ T5811] team0: Port device team_slave_1 added
[   55.085518][ T5815] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.088609][ T5815] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.092316][ T5815] bridge_slave_0: entered allmulticast mode
[   55.095505][ T5815] bridge_slave_0: entered promiscuous mode
[   55.114739][ T5820] chnl_net:caif_netlink_parms(): no params data found
[   55.122328][ T5815] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.124735][ T5815] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.127281][ T5815] bridge_slave_1: entered allmulticast mode
[   55.130380][ T5815] bridge_slave_1: entered promiscuous mode
[   55.133529][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.135825][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.144581][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.173920][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.176403][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.187088][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.225006][ T5815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.253504][ T5815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.317446][ T5811] hsr_slave_0: entered promiscuous mode
[   55.321452][ T5811] hsr_slave_1: entered promiscuous mode
[   55.326261][ T5815] team0: Port device team_slave_0 added
[   55.328505][ T5820] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.332193][ T5820] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.335303][ T5820] bridge_slave_0: entered allmulticast mode
[   55.339824][ T5820] bridge_slave_0: entered promiscuous mode
[   55.345680][ T5815] team0: Port device team_slave_1 added
[   55.348301][ T5820] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.351547][ T5820] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.354101][ T5820] bridge_slave_1: entered allmulticast mode
[   55.357999][ T5820] bridge_slave_1: entered promiscuous mode
[   55.422885][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.425081][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.433541][ T5815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.443929][ T5820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.448151][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.450728][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.459978][ T5815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.474346][ T5820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.528062][ T5820] team0: Port device team_slave_0 added
[   55.556268][ T5820] team0: Port device team_slave_1 added
[   55.592872][ T5815] hsr_slave_0: entered promiscuous mode
[   55.596073][ T5815] hsr_slave_1: entered promiscuous mode
[   55.598957][ T5815] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.604532][ T5815] Cannot create hsr debugfs directory
[   55.625720][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.628623][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.640034][ T5820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.657152][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.659739][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.668200][ T5820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.734906][ T5820] hsr_slave_0: entered promiscuous mode
[   55.737453][ T5820] hsr_slave_1: entered promiscuous mode
[   55.741879][ T5820] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.744890][ T5820] Cannot create hsr debugfs directory
[   55.855356][ T5811] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   55.883658][ T5811] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   55.890911][ T5811] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   55.913711][ T5811] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   55.990008][ T5815] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   55.999844][ T5815] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   56.006234][ T5815] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   56.031762][ T5815] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   56.104894][ T5820] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   56.113453][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.122225][ T5820] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   56.132656][ T5820] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   56.148793][ T5820] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   56.171889][ T5811] 8021q: adding VLAN 0 to HW filter on device team0
[   56.190050][  T216] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.193235][  T216] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.205549][  T216] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.207950][  T216] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.265419][ T5815] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.277859][ T5811] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   56.285269][ T5811] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   56.312327][ T5815] 8021q: adding VLAN 0 to HW filter on device team0
[   56.323260][  T216] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.326133][  T216] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.352175][ T5115] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.354864][ T5115] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.381705][ T5820] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.411922][ T5820] 8021q: adding VLAN 0 to HW filter on device team0
[   56.431159][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.437953][  T216] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.440349][  T216] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.459609][  T216] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.461923][  T216] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.521583][ T5815] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.535055][ T5811] veth0_vlan: entered promiscuous mode
[   56.563063][ T5811] veth1_vlan: entered promiscuous mode
[   56.580301][   T54] Bluetooth: hci0: command tx timeout
[   56.593935][ T5811] veth0_macvtap: entered promiscuous mode
[   56.603108][ T5811] veth1_macvtap: entered promiscuous mode
[   56.644439][ T5815] veth0_vlan: entered promiscuous mode
[   56.654141][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.661756][   T54] Bluetooth: hci1: command tx timeout
[   56.663138][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.670086][ T5815] veth1_vlan: entered promiscuous mode
[   56.675479][ T5811] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.679856][ T5811] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.683565][ T5811] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.686968][ T5811] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.695258][ T5820] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.733881][ T5815] veth0_macvtap: entered promiscuous mode
[   56.745437][ T5815] veth1_macvtap: entered promiscuous mode
[   56.751786][   T54] Bluetooth: hci2: command tx timeout
[   56.789824][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.804885][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.839712][ T5820] veth0_vlan: entered promiscuous mode
[   56.842257][ T5815] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.845673][ T5815] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.850406][ T5815] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.853843][ T5815] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.865844][  T216] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.873949][  T216] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.883656][ T5820] veth1_vlan: entered promiscuous mode
[   56.944166][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.946806][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.949763][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.952339][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.991219][ T5820] veth0_macvtap: entered promiscuous mode
[   56.996820][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.999713][ T5820] veth1_macvtap: entered promiscuous mode
[   57.001729][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.028586][ T5811] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   57.037264][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.043754][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.047833][ T5820] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.060924][ T5820] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.063705][ T5820] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.066671][ T5820] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.168846][  T216] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.185854][  T216] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.225028][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.228445][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.486324][ T5897] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   57.547144][ T5901] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   57.560258][ T5900] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13'.
[   57.638121][ T5903] syz.2.14 uses obsolete (PF_INET,SOCK_PACKET)
[   57.724384][ T5908] netlink: 'syz.2.16': attribute type 5 has an invalid length.
[   57.799926][ T5912] netlink: 28 bytes leftover after parsing attributes in process `syz.0.18'.
[   57.861490][ T5916] netlink: 28 bytes leftover after parsing attributes in process `syz.2.19'.
[   57.864707][ T5916] netlink: 'syz.2.19': attribute type 7 has an invalid length.
[   57.872416][ T5914] Zero length message leads to an empty skb
[   57.873602][ T5916] netlink: 'syz.2.19': attribute type 8 has an invalid length.
[   57.878549][ T5916] netlink: 4 bytes leftover after parsing attributes in process `syz.2.19'.
[   57.890303][ T5916] gretap0: entered promiscuous mode
[   57.894099][ T5916] batadv_slave_1: entered promiscuous mode
[   58.135171][ T5928] warning: `syz.0.26' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   58.145893][ T5930] openvswitch: netlink: IPv4 tunnel dst address is zero
[   58.273848][ T5939] netlink: 24 bytes leftover after parsing attributes in process `syz.0.30'.
[   58.279602][ T5939] netlink: 8 bytes leftover after parsing attributes in process `syz.0.30'.
[   58.282589][ T5940] netlink: 'syz.2.32': attribute type 1 has an invalid length.
[   58.285081][ T5940] netlink: 4 bytes leftover after parsing attributes in process `syz.2.32'.
[   58.288188][ T5939] netlink: 24 bytes leftover after parsing attributes in process `syz.0.30'.
[   58.659536][   T54] Bluetooth: hci0: command tx timeout
[   58.662714][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.739332][   T54] Bluetooth: hci1: command tx timeout
[   58.793202][ T5965] openvswitch: netlink: Missing key (keys=40, expected=2000)
[   59.080872][ T5817] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   59.084715][ T5817] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   59.091576][ T5817] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   59.095628][ T5817] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   59.100355][ T5817] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   59.115375][ T5977] netlink: 40 bytes leftover after parsing attributes in process `syz.2.51'.
[   59.277397][ T5978] chnl_net:caif_netlink_parms(): no params data found
[   59.372911][ T5996] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[   59.375119][ T5978] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.390757][ T5978] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.398224][ T5978] bridge_slave_0: entered allmulticast mode
[   59.408614][ T5978] bridge_slave_0: entered promiscuous mode
[   59.421054][ T5978] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.426081][ T5978] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.428729][ T5978] bridge_slave_1: entered allmulticast mode
[   59.433080][ T5978] bridge_slave_1: entered promiscuous mode
[   59.465892][ T5978] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.471852][ T5978] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.496115][ T5978] team0: Port device team_slave_0 added
[   59.500470][ T5978] team0: Port device team_slave_1 added
[   59.520199][ T5978] batman_adv: batadv0: Adding interface: batadv_slave_0
[   59.522400][ T5978] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.531091][ T5978] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.536208][ T5978] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.538708][ T5978] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.547439][ T5978] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.574755][ T5978] hsr_slave_0: entered promiscuous mode
[   59.577116][ T5978] hsr_slave_1: entered promiscuous mode
[   59.579687][ T5978] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   59.582178][ T5978] Cannot create hsr debugfs directory
[   60.100802][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.456644][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.528500][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.620891][   T13] bridge_slave_1: left allmulticast mode
[   60.622804][   T13] bridge_slave_1: left promiscuous mode
[   60.625614][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.632317][   T13] bridge_slave_0: left allmulticast mode
[   60.634375][   T13] bridge_slave_0: left promiscuous mode
[   60.636550][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.753191][   T54] Bluetooth: hci0: command tx timeout
[   60.820864][   T54] Bluetooth: hci1: command tx timeout
[   60.883145][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   60.887357][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   60.891829][   T13] bond0 (unregistering): Released all slaves
[   60.908208][ T6028] netlink: 3696 bytes leftover after parsing attributes in process `syz.2.69'.
[   61.139888][   T54] Bluetooth: hci2: command tx timeout
[   61.419839][   T13] hsr_slave_0: left promiscuous mode
[   61.425269][   T13] hsr_slave_1: left promiscuous mode
[   61.427988][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   61.437062][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[   61.446871][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   61.450140][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[   61.473206][   T13] veth1_macvtap: left promiscuous mode
[   61.475510][   T13] veth0_macvtap: left promiscuous mode
[   61.478013][   T13] veth1_vlan: left promiscuous mode
[   61.483154][   T13] veth0_vlan: left promiscuous mode
[   61.813750][   T13] team0 (unregistering): Port device team_slave_1 removed
[   61.833025][   T13] team0 (unregistering): Port device team_slave_0 removed
[   62.106717][ T5978] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   62.139857][ T5978] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   62.152628][ T5978] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   62.161692][ T5978] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   62.364642][ T5978] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.391830][ T5978] 8021q: adding VLAN 0 to HW filter on device team0
[   62.400980][  T216] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.404108][  T216] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.428610][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.431030][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.656576][ T5978] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.704740][ T6120] netlink: 'syz.2.100': attribute type 2 has an invalid length.
[   62.726728][ T5978] veth0_vlan: entered promiscuous mode
[   62.756462][ T5978] veth1_vlan: entered promiscuous mode
[   62.771950][ T5978] veth0_macvtap: entered promiscuous mode
[   62.778240][ T5978] veth1_macvtap: entered promiscuous mode
[   62.794983][ T5978] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.805709][ T5978] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.816478][ T5978] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.820036][   T54] Bluetooth: hci0: command tx timeout
[   62.822670][ T5978] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.825504][ T5978] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.828308][ T5978] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.833753][ T6126] syzkaller1: entered promiscuous mode
[   62.835651][ T6126] syzkaller1: entered allmulticast mode
[   62.899993][   T54] Bluetooth: hci1: command tx timeout
[   62.965247][  T216] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.972938][  T216] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.002975][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.014094][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.021181][ T6132] netem: change failed
[   63.138547][ T6140] __nla_validate_parse: 1 callbacks suppressed
[   63.138566][ T6140] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.108'.
[   63.156870][ T6140] netlink: 'syz.0.108': attribute type 4 has an invalid length.
[   63.159528][ T5978] 
[   63.160934][ T5978] ======================================================
[   63.164290][ T5978] WARNING: possible circular locking dependency detected
[   63.166978][ T5978] 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 Not tainted
[   63.170724][ T5978] ------------------------------------------------------
[   63.173443][ T5978] syz-executor/5978 is trying to acquire lock:
[   63.176047][ T5978] ffff88810ffa9840 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}, at: __flush_work+0xd2/0xbc0
[   63.180849][ T5978] 
[   63.180849][ T5978] but task is already holding lock:
[   63.184045][ T5978] ffff88810ffa9b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[   63.187552][ T5978] 
[   63.187552][ T5978] which lock already depends on the new lock.
[   63.187552][ T5978] 
[   63.191115][ T5978] 
[   63.191115][ T5978] the existing dependency chain (in reverse order) is:
[   63.193903][ T5978] 
[   63.193903][ T5978] -> #1 (&conn->lock#2){+.+.}-{4:4}:
[   63.196701][ T5978]        lock_acquire+0x120/0x360
[   63.198449][ T5978]        __mutex_lock+0x182/0xe80
[   63.200095][ T5978]        l2cap_info_timeout+0x60/0xa0
[   63.201880][ T5978]        process_scheduled_works+0xae1/0x17b0
[   63.204339][ T5978]        worker_thread+0x8a0/0xda0
[   63.206031][ T5978]        kthread+0x711/0x8a0
[   63.207486][ T5978]        ret_from_fork+0x3fc/0x770
[   63.209245][ T5978]        ret_from_fork_asm+0x1a/0x30
[   63.210926][ T5978] 
[   63.210926][ T5978] -> #0 ((work_completion)(&(&conn->info_timer)->work)){+.+.}-{0:0}:
[   63.214222][ T5978]        validate_chain+0xb9b/0x2140
[   63.215965][ T5978]        __lock_acquire+0xab9/0xd20
[   63.218004][ T5978]        lock_acquire+0x120/0x360
[   63.219920][ T5978]        __flush_work+0x6b8/0xbc0
[   63.221524][ T5978]        __cancel_work_sync+0xbe/0x110
[   63.223270][ T5978]        l2cap_conn_del+0x4f0/0x680
[   63.225019][ T5978]        hci_conn_hash_flush+0x10d/0x230
[   63.226930][ T5978]        hci_dev_close_sync+0xaef/0x1330
[   63.229156][ T5978]        hci_unregister_dev+0x21a/0x510
[   63.231172][ T5978]        vhci_release+0x80/0xd0
[   63.232978][ T5978]        __fput+0x44c/0xa70
[   63.234720][ T5978]        task_work_run+0x1d4/0x260
[   63.236583][ T5978]        do_exit+0x6b5/0x22e0
[   63.238294][ T5978]        do_group_exit+0x21c/0x2d0
[   63.240032][ T5978]        __x64_sys_exit_group+0x3f/0x40
[   63.241744][ T5978]        x64_sys_call+0x21ba/0x21c0
[   63.243454][ T5978]        do_syscall_64+0xfa/0x3b0
[   63.245050][ T5978]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.247031][ T5978] 
[   63.247031][ T5978] other info that might help us debug this:
[   63.247031][ T5978] 
[   63.250486][ T5978]  Possible unsafe locking scenario:
[   63.250486][ T5978] 
[   63.253032][ T5978]        CPU0                    CPU1
[   63.254972][ T5978]        ----                    ----
[   63.256890][ T5978]   lock(&conn->lock#2);
[   63.258472][ T5978]                                lock((work_completion)(&(&conn->info_timer)->work));
[   63.261785][ T5978]                                lock(&conn->lock#2);
[   63.263945][ T5978]   lock((work_completion)(&(&conn->info_timer)->work));
[   63.266176][ T5978] 
[   63.266176][ T5978]  *** DEADLOCK ***
[   63.266176][ T5978] 
[   63.268715][ T5978] 5 locks held by syz-executor/5978:
[   63.270391][ T5978]  #0: ffff88801f2e4dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[   63.273510][ T5978]  #1: ffff88801f2e40b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[   63.276490][ T5978]  #2: ffffffff8f6780c8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[   63.279796][ T5978]  #3: ffff88810ffa9b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[   63.282696][ T5978]  #4: ffffffff8e13ee60 (rcu_read_lock){....}-{1:3}, at: __flush_work+0xd2/0xbc0
[   63.285530][ T5978] 
[   63.285530][ T5978] stack backtrace:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[   63.287423][ T5978] CPU: 0 UID: 0 PID: 5978 Comm: syz-executor Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[   63.287433][ T5978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   63.287438][ T5978] Call Trace:
[   63.287443][ T5978]  <TASK>
[   63.287448][ T5978]  dump_stack_lvl+0x189/0x250
[   63.287463][ T5978]  ? __pfx_dump_stack_lvl+0x10/0x10
[   63.287473][ T5978]  ? __pfx__printk+0x10/0x10
[   63.287482][ T5978]  ? print_lock_name+0xde/0x100
[   63.287489][ T5978]  print_circular_bug+0x2ee/0x310
[   63.287498][ T5978]  check_noncircular+0x134/0x160
[   63.287505][ T5978]  validate_chain+0xb9b/0x2140
[   63.287512][ T5978]  ? do_raw_spin_lock+0x121/0x290
[   63.287520][ T5978]  ? look_up_lock_class+0x74/0x170
[   63.287532][ T5978]  ? register_lock_class+0x51/0x320
[   63.287542][ T5978]  __lock_acquire+0xab9/0xd20
[   63.287555][ T5978]  ? __flush_work+0xd2/0xbc0
[   63.287563][ T5978]  lock_acquire+0x120/0x360
[   63.287576][ T5978]  ? __flush_work+0xd2/0xbc0
[   63.287586][ T5978]  ? _raw_spin_unlock_irq+0x23/0x50
[   63.287600][ T5978]  ? __flush_work+0xd2/0xbc0
[   63.287609][ T5978]  __flush_work+0x6b8/0xbc0
[   63.287618][ T5978]  ? __flush_work+0xd2/0xbc0
[   63.287627][ T5978]  ? __flush_work+0xd2/0xbc0
[   63.287636][ T5978]  ? __pfx___flush_work+0x10/0x10
[   63.287646][ T5978]  ? __pfx_wq_barrier_func+0x10/0x10
[   63.287666][ T5978]  ? __pfx___cancel_work+0x10/0x10
[   63.287677][ T5978]  ? hci_conn_drop+0x14d/0x280
[   63.287692][ T5978]  __cancel_work_sync+0xbe/0x110
[   63.287703][ T5978]  l2cap_conn_del+0x4f0/0x680
[   63.287716][ T5978]  ? __pfx_l2cap_disconn_cfm+0x10/0x10
[   63.287727][ T5978]  hci_conn_hash_flush+0x10d/0x230
[   63.287743][ T5978]  hci_dev_close_sync+0xaef/0x1330
[   63.287758][ T5978]  ? __pfx_hci_dev_close_sync+0x10/0x10
[   63.287795][ T5978]  ? up_write+0x1c4/0x420
[   63.287808][ T5978]  hci_unregister_dev+0x21a/0x510
[   63.287826][ T5978]  vhci_release+0x80/0xd0
[   63.287844][ T5978]  ? __pfx_vhci_release+0x10/0x10
[   63.287860][ T5978]  __fput+0x44c/0xa70
[   63.287876][ T5978]  task_work_run+0x1d4/0x260
[   63.287890][ T5978]  ? __pfx_task_work_run+0x10/0x10
[   63.287902][ T5978]  ? kmem_cache_free+0x18f/0x400
[   63.287913][ T5978]  do_exit+0x6b5/0x22e0
[   63.287926][ T5978]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   63.287939][ T5978]  ? __pfx_do_exit+0x10/0x10
[   63.287952][ T5978]  ? _raw_spin_unlock_irq+0x23/0x50
[   63.287965][ T5978]  ? lockdep_hardirqs_on+0x9c/0x150
[   63.287980][ T5978]  do_group_exit+0x21c/0x2d0
[   63.287994][ T5978]  __x64_sys_exit_group+0x3f/0x40
[   63.288013][ T5978]  x64_sys_call+0x21ba/0x21c0
[   63.288026][ T5978]  do_syscall_64+0xfa/0x3b0
[   63.288034][ T5978]  ? lockdep_hardirqs_on+0x9c/0x150
[   63.288044][ T5978]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.288051][ T5978]  ? exc_page_fault+0x9f/0xf0
[   63.288061][ T5978]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.288068][ T5978] RIP: 0033:0x7f402418e929
[   63.288075][ T5978] Code: Unable to access opcode bytes at 0x7f402418e8ff.
[   63.288079][ T5978] RSP: 002b:00007ffd5467bd68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   63.288087][ T5978] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f402418e929
[   63.288092][ T5978] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
[   63.288096][ T5978] RBP: 00007f40241ee8f0 R08: 00007ffd54679b07 R09: 0000000000000003
[   63.288101][ T5978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   63.288105][ T5978] R13: 0000000000000003 R14: 00000000ffffffff R15: 00007ffd5467bf20
[   63.288111][ T5978]  </TASK>
[   63.407429][ T6141] netlink: 'syz.0.108': attribute type 4 has an invalid length.
[   63.461800][   T54] Bluetooth: hci2: command tx timeout
[   71.141795][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[   71.144141][ T1363] ieee802154 phy1 wpan1: encryption failed: -22

VM DIAGNOSIS:
04:21:14  Registers:
info registers vcpu 0

CPU#0
RAX=000000000000007a RBX=000000000000007a RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000403ee30
R8 =ffff8881074b8237 R9 =1ffff11020e97046 R10=dffffc0000000000 R11=ffffffff85474610
R12=dffffc0000000000 R13=ffffffff99ac48e5 R14=ffffffff99dc9760 R15=0000000000000000
RIP=ffffffff8547468c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055555e06c500 ffffffff 00c00000
GS =0000 ffff8880b8650000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f9e368e56c0 CR3=00000000268ee000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=0000000000000000 0000000000000000 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f3db9a11c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=ffffffff8fb4e4c4 RCX=0000000000000000 RDX=ffffffff8fb4e4c4
RSI=ffffffff903057e4 RDI=ffffffff8be28ce0 RBP=ffffffff8fb4e4c4 RSP=ffffc900001e0658
R8 =0000000000000001 R9 =0000000000000000 R10=ffffc900001e0778 R11=ffffffff81ace6a0
R12=ffffffff81747f50 R13=ffffffff8fb4e4c4 R14=ffffc900001e0728 R15=000000000000747f
RIP=ffffffff81729d3e RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c50000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f9c270e7d60 CR3=000000000df38000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00007f9c265846a3 00007f9c265846a3 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 00ff000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000ff0000 XMM05=000055555fdbc6ec 000055555fdbc4f0
XMM06=000055555fdc70f4 000055555fdc70f0 XMM07=d7d00300100001d7 c00302100001d7b0
XMM08=0304f0100001d690 0300080011e80300 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
