last executing test programs:

1.729774598s ago: executing program 1 (id=711):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000005c0)={0x1f, 0x0, @none, 0x4}, 0xe)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
socket$caif_seqpacket(0x25, 0x5, 0x4)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r6)
sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r8)
r9 = socket$unix(0x1, 0x5, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000780)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r11, {}, {0x2, 0xb}, {0x9, 0x4}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x40, 0x2, [@TCA_TBF_BURST={0x8, 0x6, 0x9}, @TCA_TBF_PARMS={0x28, 0x1, {{0x7, 0x1, 0x800, 0x7, 0x9223, 0x2}, {0x5, 0x2, 0xc, 0x2, 0x401, 0xe}, 0xac, 0x3, 0x19e8}}, @TCA_TBF_PRATE64={0xc, 0x5, 0x3e2e3c6fc38a2b0f}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x2000c0e9}, 0x4008000)
ioctl$SIOCSIFHWADDR(r8, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
close(0x4)
write$cgroup_int(r1, &(0x7f0000000200), 0xffffffc1)

720.702212ms ago: executing program 1 (id=727):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r0, 0x0, 0xd1, &(0x7f0000000000)=0x3, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan1\x00'})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[], 0x2b8}, 0x1, 0x0, 0x0, 0x80}, 0x4000001)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001640)={0x11, 0x19, &(0x7f0000001740)=ANY=[@ANYBLOB="180800000600000000000000000000008510"], &(0x7f0000000000)='GPL\x00', 0xa, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x1}, 0x94)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x18, &(0x7f0000001840)=ANY=[@ANYBLOB="180000009a010000000000000500000018110000d5903d0fe25ee49d69c127a073c160a2e47ba3c3e5dd5f4ef66aede2387e24f6a5867909d956a80475a81b48eb04a23fd18dec90db36f40eebdcd557a2323c2f6312963b330c7b2b762675577d309b6e97d5c60c2e7909bd1126fd0d8067883f546b874a3def588f8141dd1f7b18446fcef0f36c55ee16878fe632cb3ac4fab8b89cbc7caabe65831a1bedf5ee7f49416e9c2601b720b77b977da661a230b65c1782240b463b9e4aa74f783504234fd4da8e69fc24dcbfe03362320b4b1ab91d5cfa7b694fe192785f68592068", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000090000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x8, 0x0, 0x0, 0x41100, 0x71, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000040)=[0x1, 0xffffffffffffffff], &(0x7f0000001700)=[{0x4, 0x3, 0x5, 0x3}], 0x10, 0xb}, 0x94)
unshare(0x20020600)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071114200000000008510000002000000850000000500000095000d00000000009500a50000000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r2, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000001040)=@ipv6_newrule={0x30, 0x20, 0x1, 0xffffffff, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12}, [@FIB_RULE_POLICY=@FRA_IIFNAME={0x14, 0x3, 'lo\x00'}]}, 0x30}}, 0x0)
bind$rds(r4, &(0x7f0000000240)={0x2, 0x4e22, @remote}, 0x10)
bind(r3, &(0x7f00000002c0)=@isdn={0x22, 0x7f, 0x54, 0x1, 0x80}, 0x80)
getsockopt$sock_buf(r3, 0x1, 0x37, &(0x7f0000002440)=""/4102, &(0x7f00000000c0)=0x1006)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000080)={0x1f, 0x4, 0x3f, 0x2003202, @vifc_lcl_addr=@dev={0xac, 0x14, 0x14, 0x19}, @private=0xa010104}, 0x10)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x9, @private2, 0x9}, 0x1c)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a74000000060a0b0400000000000000000200000048000480440001800a0001006d61746368000000340002801800030003000000a7906e8f58c2052fade1bc2c62cdeb7508000240000000000d00010064657667726f7570000000000900010073797a30000000000900020073797a32"], 0x9c}}, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)

540.031703ms ago: executing program 2 (id=730):
r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, 0x0)
ioctl$PPPIOCSFLAGS1(r0, 0x40047459, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={0x1}, 0x4)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4f}}, {{@in6=@mcast2, 0x404d3, 0x2b}, 0x0, @in=@empty}}, 0xe4)
r2 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f00000000c0)={'veth0_macvtap\x00', @random="75e4f653fcc2"})
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
close(r1)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x4e21, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0xb}}}, 0xb8}}, 0x0)

469.212629ms ago: executing program 2 (id=731):
r0 = socket$netlink(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="50000000100023ff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000090560000280012800b000100697036746e6c0000180002801400020000000000000000000000ffffac14142a080004"], 0x50}, 0x1, 0x0, 0x0, 0x20040001}, 0x8000)

452.814419ms ago: executing program 1 (id=732):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0)
sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)={0x2c, 0xb, 0x6, 0x3, 0x0, 0x0, {0x2, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x44080}, 0x4000002)

390.016836ms ago: executing program 0 (id=733):
syz_emit_ethernet(0x16, &(0x7f0000006a00)={@dev, @empty, @val, {@generic={0x88ca}}}, 0x0)

389.709682ms ago: executing program 1 (id=734):
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'veth0_to_batadv\x00', 0x1})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b28, &(0x7f0000000000)={'wlan1\x00'})

339.099966ms ago: executing program 2 (id=735):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f00000000c0)={'syztnl0\x00', 0x0, 0x579b0cf1930a90d0, 0x3, 0xc, 0x7, 0x68, @private2={0xfc, 0x2, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7, 0x80, 0x7}})

338.855255ms ago: executing program 1 (id=736):
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x2000, @vifc_lcl_addr=@remote, @empty}, 0x10)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, 0x0, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f00000000c0)={0x8, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev={0xac, 0x14, 0x14, 0x40}}, 0x10)
setsockopt$inet_mreq(r3, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x2a, &(0x7f0000000180)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x80, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r4, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c)
socket$netlink(0x10, 0x3, 0x0)

272.85027ms ago: executing program 0 (id=737):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x68}, [@ldst={0x6}]}, &(0x7f0000000080)='GPL\x00', 0xa, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76}, 0x48)

272.586386ms ago: executing program 2 (id=738):
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58)
close(r0)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)={0x1c, 0x15, 0x301, 0x0, 0x0, {0xa}, [@typed={0x8, 0x2, 0x0, 0x0, @fd=r3}]}, 0x1c}}, 0x20000080)
sendmsg$NLBL_UNLABEL_C_STATICADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002, 0x0, 0x80}, 0x0)

219.650218ms ago: executing program 1 (id=739):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='percpu_create_chunk\x00', r2}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50)

219.246754ms ago: executing program 0 (id=740):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="6400000002060108000000000000000000000009140007800800114000080000050015000c000000050005000a000000050001000700000005000400000000000900020073797a320000000015000300686173683a69702c706f72742c6e6574"], 0x64}}, 0x0)

128.403583ms ago: executing program 2 (id=741):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001bc0)={0x34, r1, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x6b}, @val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x8000}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x58844}, 0x80)

128.097653ms ago: executing program 0 (id=742):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB="38010000100013070000000000000000fe88000000000000000000000000010100000000000000000000ffffac1414260000000000000000000000003b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc0200000000000000000000000000010000000232000000ac1414bb00eaffffff0000000000000000000000000000000000000000000000fffffeffffffffff0400000000000000040000000000000040000000000000000000000000000000000000000000000061f4ffffffffffff0300000000000000000000000000000000000100000000000000000002000000000000002dbd70000000000002000500000000000000000048000200"], 0x138}, 0x1, 0x0, 0x0, 0x24000010}, 0x800)

65.208986ms ago: executing program 2 (id=743):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000070000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
pselect6(0x40, &(0x7f00000008c0)={0x1, 0x5, 0xfffe, 0x990, 0x40000004, 0x6, 0xa2a, 0x7f}, &(0x7f00000001c0)={0x6, 0x6, 0x7, 0xa23d, 0x8, 0xfffffffffffffffc, 0x7, 0xbb0}, 0x0, &(0x7f0000000240), &(0x7f0000000940)={&(0x7f0000000980)={[0x3ff]}, 0x8})

64.973102ms ago: executing program 0 (id=744):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x6a)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0)
sendfile(r1, r1, 0x0, 0x1)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f0000000c40), 0x12)
read(r1, &(0x7f0000000240)=""/193, 0xc1)

0s ago: executing program 0 (id=745):
socket$xdp(0x2c, 0x3, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$xdp(0x2c, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000000040), 0x0, r0, 0x4}, 0x38)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
close(r1)
socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$SIOCSIFHWADDR(r1, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random='\x00\x00\x00\x00\x00 '})

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:57441' (ED25519) to the list of known hosts.
syzkaller login: [   56.001911][ T5781] cgroup: Unknown subsys name 'net'
[   56.129450][ T5781] cgroup: Unknown subsys name 'cpuset'
[   56.134071][ T5781] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   57.836471][ T5781] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   70.504623][ T5877] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   70.508230][ T5877] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   70.510946][ T5877] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   70.513620][ T5877] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   70.517563][ T5877] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   70.552914][ T5877] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   70.556016][ T5877] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   70.558596][ T5877] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   70.561430][ T5877] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   70.564021][ T5877] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   70.588841][ T5234] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   70.592474][ T5234] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   70.598941][ T5234] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   70.603184][ T5234] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   70.607416][ T5234] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   70.944858][ T5874] chnl_net:caif_netlink_parms(): no params data found
[   71.095993][ T5878] chnl_net:caif_netlink_parms(): no params data found
[   71.115080][ T5874] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.119018][ T5874] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.121826][ T5874] bridge_slave_0: entered allmulticast mode
[   71.125618][ T5874] bridge_slave_0: entered promiscuous mode
[   71.139185][ T5874] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.142087][ T5874] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.144981][ T5874] bridge_slave_1: entered allmulticast mode
[   71.151886][ T5874] bridge_slave_1: entered promiscuous mode
[   71.207181][ T5874] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.211202][ T5880] chnl_net:caif_netlink_parms(): no params data found
[   71.230804][ T5874] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.317477][ T5874] team0: Port device team_slave_0 added
[   71.320000][ T5878] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.323083][ T5878] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.326726][ T5878] bridge_slave_0: entered allmulticast mode
[   71.330506][ T5878] bridge_slave_0: entered promiscuous mode
[   71.339991][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[   71.342680][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[   71.353426][ T5874] team0: Port device team_slave_1 added
[   71.366419][ T5878] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.369342][ T5878] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.372116][ T5878] bridge_slave_1: entered allmulticast mode
[   71.376100][ T5878] bridge_slave_1: entered promiscuous mode
[   71.447508][ T5874] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.450217][ T5874] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.460054][ T5874] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.467055][ T5878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.470533][ T5874] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.472615][ T5874] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.481697][ T5874] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.485467][ T5880] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.490097][ T5880] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.492993][ T5880] bridge_slave_0: entered allmulticast mode
[   71.498315][ T5880] bridge_slave_0: entered promiscuous mode
[   71.503004][ T5880] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.505617][ T5880] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.508316][ T5880] bridge_slave_1: entered allmulticast mode
[   71.511826][ T5880] bridge_slave_1: entered promiscuous mode
[   71.516531][ T5878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.564499][ T5880] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.568947][ T5878] team0: Port device team_slave_0 added
[   71.585624][ T5878] team0: Port device team_slave_1 added
[   71.590363][ T5880] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.661813][ T5874] hsr_slave_0: entered promiscuous mode
[   71.664826][ T5874] hsr_slave_1: entered promiscuous mode
[   71.668441][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.671048][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.681439][ T5878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.687566][ T5880] team0: Port device team_slave_0 added
[   71.692186][ T5880] team0: Port device team_slave_1 added
[   71.722271][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.724813][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.733878][ T5878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.761129][ T5880] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.763732][ T5880] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.773248][ T5880] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.794800][ T5880] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.797574][ T5880] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.807273][ T5880] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.868406][ T5878] hsr_slave_0: entered promiscuous mode
[   71.871344][ T5878] hsr_slave_1: entered promiscuous mode
[   71.873485][ T5878] debugfs: 'hsr0' already exists in 'hsr'
[   71.875388][ T5878] Cannot create hsr debugfs directory
[   71.922004][ T5880] hsr_slave_0: entered promiscuous mode
[   71.924971][ T5880] hsr_slave_1: entered promiscuous mode
[   71.928216][ T5880] debugfs: 'hsr0' already exists in 'hsr'
[   71.930316][ T5880] Cannot create hsr debugfs directory
[   72.196960][ T5874] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   72.205268][ T5874] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   72.211348][ T5874] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   72.216652][ T5874] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   72.288692][ T5878] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   72.302754][ T5878] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   72.316926][ T5878] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   72.340228][ T5878] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   72.399981][ T5880] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   72.419255][ T5880] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   72.429864][ T5880] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   72.454428][ T5880] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   72.490905][ T5874] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.513724][ T5874] 8021q: adding VLAN 0 to HW filter on device team0
[   72.523251][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.525729][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.537210][ T5234] Bluetooth: hci0: command tx timeout
[   72.549121][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.551568][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.592292][ T5878] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.616064][ T5234] Bluetooth: hci1: command tx timeout
[   72.629181][ T5878] 8021q: adding VLAN 0 to HW filter on device team0
[   72.648393][  T318] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.651142][  T318] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.670272][   T54] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.672586][   T54] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.699947][ T5880] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.703413][ T5234] Bluetooth: hci2: command tx timeout
[   72.757829][ T5880] 8021q: adding VLAN 0 to HW filter on device team0
[   72.790283][   T54] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.792886][   T54] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.798285][   T54] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.800924][   T54] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.909277][ T5874] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.972159][ T5874] veth0_vlan: entered promiscuous mode
[   72.998821][ T5874] veth1_vlan: entered promiscuous mode
[   73.031155][ T5878] 8021q: adding VLAN 0 to HW filter on device batadv0
[   73.042273][ T5880] 8021q: adding VLAN 0 to HW filter on device batadv0
[   73.069564][ T5874] veth0_macvtap: entered promiscuous mode
[   73.083006][ T5874] veth1_macvtap: entered promiscuous mode
[   73.128860][ T5880] veth0_vlan: entered promiscuous mode
[   73.138655][ T5878] veth0_vlan: entered promiscuous mode
[   73.144443][ T5874] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.153531][ T5880] veth1_vlan: entered promiscuous mode
[   73.158678][ T5874] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.168756][ T5878] veth1_vlan: entered promiscuous mode
[   73.189166][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.192080][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.199362][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.205597][ T5880] veth0_macvtap: entered promiscuous mode
[   73.219292][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.224458][ T5880] veth1_macvtap: entered promiscuous mode
[   73.238793][ T5878] veth0_macvtap: entered promiscuous mode
[   73.257811][ T5878] veth1_macvtap: entered promiscuous mode
[   73.292974][ T5880] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.317668][ T5880] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.329173][ T5878] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.351537][ T5878] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.368645][ T5884] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.374275][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.382680][   T54] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.386155][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.386195][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.390258][   T54] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.414742][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.438676][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.452634][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.459870][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.475355][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.479347][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.556873][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.559582][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.569085][ T5874] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   73.625514][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.629646][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.639063][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.645597][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.684355][   T54] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.688503][   T54] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.768503][ T5942] netlink: 'syz.0.20': attribute type 1 has an invalid length.
[   73.771726][ T5942] netlink: 228 bytes leftover after parsing attributes in process `syz.0.20'.
[   73.780598][ T5944] ip6gretap0: entered promiscuous mode
[   73.784055][ T5944] macsec1: entered promiscuous mode
[   73.787133][ T5944] macsec1: entered allmulticast mode
[   73.788999][ T5944] ip6gretap0: entered allmulticast mode
[   74.316276][ T5967] netlink: 12 bytes leftover after parsing attributes in process `syz.2.34'.
[   74.347865][ T5969] netlink: 32 bytes leftover after parsing attributes in process `syz.1.35'.
[   74.594351][ T5983] Zero length message leads to an empty skb
[   74.595925][   T13] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   74.615923][   T13] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   74.619120][   T13] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   74.626441][ T5234] Bluetooth: hci0: command tx timeout
[   74.653423][   T13] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   74.697649][ T5234] Bluetooth: hci1: command tx timeout
[   74.767010][ T5991] syz.0.46 uses obsolete (PF_INET,SOCK_PACKET)
[   74.782889][ T5234] Bluetooth: hci2: command tx timeout
[   75.008355][ T6007] netlink: 12 bytes leftover after parsing attributes in process `syz.2.54'.
[   75.042475][ T6009] lo speed is unknown, defaulting to 1000
[   75.045185][ T6009] lo speed is unknown, defaulting to 1000
[   75.051956][ T6009] lo speed is unknown, defaulting to 1000
[   75.063375][ T6009] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   75.100464][ T6009] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   75.160844][ T6009] lo speed is unknown, defaulting to 1000
[   75.167954][ T6009] lo speed is unknown, defaulting to 1000
[   75.172098][ T6009] lo speed is unknown, defaulting to 1000
[   75.348338][ T6024] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   75.419772][ T6028] geneve2: entered promiscuous mode
[   75.424614][   T13] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[   75.429077][   T13] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[   75.439879][   T13] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[   75.449308][   T13] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[   75.958098][ T6059] lo speed is unknown, defaulting to 1000
[   75.992094][ T6063] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.80'.
[   75.996846][ T6062] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.80'.
[   76.000540][ T6064] netlink: 4 bytes leftover after parsing attributes in process `syz.1.79'.
[   76.240088][ T6077] netlink: 8 bytes leftover after parsing attributes in process `syz.2.87'.
[   76.250801][ T6077] netlink: 24 bytes leftover after parsing attributes in process `syz.2.87'.
[   76.266000][ T6077] netlink: 8 bytes leftover after parsing attributes in process `syz.2.87'.
[   76.269389][ T6077] netlink: 'syz.2.87': attribute type 5 has an invalid length.
[   76.354246][ T6087] netlink: 'syz.1.91': attribute type 10 has an invalid length.
[   76.700794][ T5234] Bluetooth: hci0: command tx timeout
[   76.776338][ T5234] Bluetooth: hci1: command tx timeout
[   76.856775][ T5234] Bluetooth: hci2: command tx timeout
[   76.969676][ T6129] netlink: 'syz.2.110': attribute type 3 has an invalid length.
[   77.164695][ T6140] syzkaller0: entered promiscuous mode
[   77.170389][ T6140] syzkaller0: entered allmulticast mode
[   78.439811][ T6158] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   78.468445][ T5875] lo speed is unknown, defaulting to 1000
[   78.477224][ T5875] syz2: Port: 1 Link DOWN
[   78.651840][ T6162] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   78.781798][ T5234] Bluetooth: hci0: command tx timeout
[   78.856412][ T5234] Bluetooth: hci1: command tx timeout
[   78.936847][ T5234] Bluetooth: hci2: command tx timeout
[   79.099292][ T6197] lo speed is unknown, defaulting to 1000
[   79.493117][ T6203] lo speed is unknown, defaulting to 1000
[   80.219704][ T6235] __nla_validate_parse: 8 callbacks suppressed
[   80.219721][ T6235] netlink: 16 bytes leftover after parsing attributes in process `syz.2.158'.
[   80.351376][ T6243] ieee802154 phy0 wpan0: encryption failed: -90
[   80.507209][ T6248] tipc: Started in network mode
[   80.509291][ T6248] tipc: Node identity ac14140f, cluster identity 4711
[   80.512345][ T6248] tipc: New replicast peer: 255.255.255.255
[   80.521678][ T6248] tipc: Enabled bearer <udp:syz2>, priority 6
[   80.793625][ T6269] ipvlan1: entered promiscuous mode
[   80.797214][ T6269] netlink: 4 bytes leftover after parsing attributes in process `syz.1.173'.
[   80.819434][ T6269] ipvlan1 (unregistering): left promiscuous mode
[   81.032424][ T6265] lo speed is unknown, defaulting to 1000
[   81.176299][ T5877] Bluetooth: hci2: command 0x0405 tx timeout
[   81.636644][  T794] tipc: Node number set to 2886997007
[   81.755686][ T6283] af_packet: tpacket_rcv: packet too big, clamped from 36 to 4294967272. macoff=96
[   82.323568][ T6304] netlink: 'syz.0.187': attribute type 5 has an invalid length.
[   82.327655][ T6304] netlink: 8 bytes leftover after parsing attributes in process `syz.0.187'.
[   82.409309][ T6306] netlink: 'syz.0.189': attribute type 1 has an invalid length.
[   82.488299][ T6312] netlink: 'syz.1.190': attribute type 6 has an invalid length.
[   82.520501][ T6312] netlink: 'syz.1.190': attribute type 12 has an invalid length.
[   82.524115][ T6312] netlink: 9472 bytes leftover after parsing attributes in process `syz.1.190'.
[   82.538595][ T6316] netlink: 20 bytes leftover after parsing attributes in process `syz.2.193'.
[   82.542094][ T6316] netlink: 12 bytes leftover after parsing attributes in process `syz.2.193'.
[   82.545641][ T6316] netlink: 8 bytes leftover after parsing attributes in process `syz.2.193'.
[   82.757524][ T6327] lo: entered promiscuous mode
[   82.769161][ T6327] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   82.879585][ T6335] netlink: 12 bytes leftover after parsing attributes in process `syz.2.202'.
[   82.914330][ T6335] vlan3: entered promiscuous mode
[   82.916627][ T6335] bridge0: entered promiscuous mode
[   83.737626][ T6342] netlink: 'syz.1.205': attribute type 7 has an invalid length.
[   83.741185][ T6342] netlink: 'syz.1.205': attribute type 8 has an invalid length.
[   83.831571][ T6346] bridge_slave_0: left allmulticast mode
[   83.854202][ T6346] bridge_slave_0: left promiscuous mode
[   83.861181][ T6346] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.870999][ T6346] bridge_slave_1: left allmulticast mode
[   83.873412][ T6346] bridge_slave_1: left promiscuous mode
[   83.877150][ T6346] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.891799][ T6346] bond0: (slave bond_slave_0): Releasing backup interface
[   83.900578][ T6346] bond0: (slave bond_slave_1): Releasing backup interface
[   83.914986][ T6346] team0: Failed to send options change via netlink (err -105)
[   83.920360][ T6346] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[   83.925222][ T6346] team0: Port device team_slave_0 removed
[   83.932839][ T6346] team0: Failed to send options change via netlink (err -105)
[   83.937642][ T6346] team0: Failed to send port change of device team_slave_1 via netlink (err -105)
[   83.941730][ T6346] team0: Port device team_slave_1 removed
[   83.944923][ T6346] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   83.948388][ T6346] batman_adv: batadv0: Removing interface: batadv_slave_0
[   83.953277][ T6346] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   83.957817][ T6346] batman_adv: batadv0: Removing interface: batadv_slave_1
[   83.962703][ T6346] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   83.977764][ T6349] team0: Failed to send options change via netlink (err -105)
[   83.980772][ T6349] team0: Mode changed to "activebackup"
[   84.306199][ T6369] netlink: 8 bytes leftover after parsing attributes in process `syz.0.216'.
[   84.310726][ T6369] netlink: 8 bytes leftover after parsing attributes in process `syz.0.216'.
[   85.062701][ T6396] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.363175][ T6411] __nla_validate_parse: 1 callbacks suppressed
[   85.363192][ T6411] netlink: 28 bytes leftover after parsing attributes in process `syz.1.233'.
[   85.420399][ T6411] netlink: 36 bytes leftover after parsing attributes in process `syz.1.233'.
[   85.750930][ T6427] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   85.754560][ T6427] syzkaller0: entered promiscuous mode
[   85.757546][ T6427] syzkaller0: entered allmulticast mode
[   85.814541][ T6427] tipc: Resetting bearer <eth:syzkaller0>
[   85.837590][ T6426] tipc: Resetting bearer <eth:syzkaller0>
[   85.867454][ T6426] tipc: Disabling bearer <eth:syzkaller0>
[   85.904226][ T6437] netlink: 8 bytes leftover after parsing attributes in process `syz.0.244'.
[   86.047892][ T6443] netlink: 8 bytes leftover after parsing attributes in process `syz.2.247'.
[   86.181644][ T6451] netlink: 8 bytes leftover after parsing attributes in process `syz.1.251'.
[   86.624857][ T6484] netlink: 8 bytes leftover after parsing attributes in process `syz.1.267'.
[   86.630427][ T6484] netlink: 24 bytes leftover after parsing attributes in process `syz.1.267'.
[   86.704518][  T975] cfg80211: failed to load regulatory.db
[   86.781428][ T6493] netlink: 108 bytes leftover after parsing attributes in process `syz.0.270'.
[   86.798451][ T6493] netlink: 108 bytes leftover after parsing attributes in process `syz.0.270'.
[   87.012537][ T6506] bond1: entered promiscuous mode
[   87.014557][ T6506] bond1: entered allmulticast mode
[   87.017769][ T6506] 8021q: adding VLAN 0 to HW filter on device bond1
[   87.029072][ T6516] netlink: 8 bytes leftover after parsing attributes in process `syz.2.278'.
[   87.693472][ T6565] bridge_slave_0: left allmulticast mode
[   87.695310][ T6565] bridge_slave_0: left promiscuous mode
[   87.706573][ T6565] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.711185][ T6565] bridge_slave_1: left allmulticast mode
[   87.712996][ T6565] bridge_slave_1: left promiscuous mode
[   87.714844][ T6565] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.754903][ T6565] bond0: (slave bond_slave_0): Releasing backup interface
[   87.761731][ T6565] bond0: (slave bond_slave_1): Releasing backup interface
[   87.779076][ T6565] team0: Port device team_slave_0 removed
[   87.802084][ T6565] team0: Port device team_slave_1 removed
[   87.804989][ T6565] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   87.810640][ T6565] batman_adv: batadv0: Removing interface: batadv_slave_0
[   87.814873][ T6565] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   87.821646][ T6565] batman_adv: batadv0: Removing interface: batadv_slave_1
[   87.830925][ T6565] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   88.412462][ T6604] lo speed is unknown, defaulting to 1000
[   88.433084][ T6610] netlink: 'syz.0.315': attribute type 4 has an invalid length.
[   88.496536][ T6610] netlink: 'syz.0.315': attribute type 4 has an invalid length.
[   89.009293][ T6641] Illegal XDP return value 104257983 on prog  (id 51) dev N/A, expect packet loss!
[   89.064124][ T6645] netlink: 'syz.2.334': attribute type 3 has an invalid length.
[   89.309475][ T6658] netlink: 'syz.1.341': attribute type 7 has an invalid length.
[   89.334891][ T6661] tipc: Started in network mode
[   89.337174][ T6661] tipc: Node identity e6205f6ec8dd, cluster identity 4711
[   89.346185][ T6661] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   89.351911][ T6661] syzkaller0: entered promiscuous mode
[   89.354069][ T6661] syzkaller0: entered allmulticast mode
[   89.396285][ T6661] tipc: Resetting bearer <eth:syzkaller0>
[   89.398372][ T6661] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   89.401517][ T6661] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   89.405093][ T6664] syzkaller1: entered promiscuous mode
[   89.407415][ T6664] syzkaller1: entered allmulticast mode
[   89.412925][ T6660] tipc: Resetting bearer <eth:syzkaller0>
[   89.423291][ T6660] tipc: Disabling bearer <eth:syzkaller0>
[   89.586570][ T6676] netlink: 'syz.1.349': attribute type 3 has an invalid length.
[   89.590421][ T6674] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   89.593581][ T6674] syzkaller0: entered promiscuous mode
[   89.595708][ T6674] syzkaller0: entered allmulticast mode
[   89.637033][ T6674] tipc: Resetting bearer <eth:syzkaller0>
[   89.646409][ T6678] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   89.649614][ T6678] syzkaller0: entered promiscuous mode
[   89.651620][ T6678] syzkaller0: entered allmulticast mode
[   89.663774][ T6670] tipc: Resetting bearer <eth:syzkaller0>
[   89.685615][ T6670] tipc: Disabling bearer <eth:syzkaller0>
[   89.697383][ T6678] tipc: Resetting bearer <eth:syzkaller0>
[   89.703233][ T6677] tipc: Resetting bearer <eth:syzkaller0>
[   89.720370][ T6677] tipc: Disabling bearer <eth:syzkaller0>
[   90.580115][ T6737] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   90.605358][ T6737] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   90.670427][ T6749] __nla_validate_parse: 5 callbacks suppressed
[   90.670439][ T6749] netlink: 32 bytes leftover after parsing attributes in process `syz.1.378'.
[   90.727860][ T6751] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   90.777018][ T6751] syzkaller0: entered promiscuous mode
[   90.779281][ T6751] syzkaller0: entered allmulticast mode
[   90.783495][ T6751] tipc: Resetting bearer <eth:syzkaller0>
[   90.802861][ T6750] tipc: Resetting bearer <eth:syzkaller0>
[   90.858360][ T6749] netlink: 4 bytes leftover after parsing attributes in process `syz.1.378'.
[   91.776066][  T794] tipc: Node number set to 788356974
[   91.924904][ T6750] tipc: Disabling bearer <eth:syzkaller0>
[   91.933216][ T6749] veth1_macvtap: left promiscuous mode
[   92.327370][ T6796] netlink: 'syz.0.390': attribute type 10 has an invalid length.
[   92.449719][ T6808] openvswitch: netlink: Tunnel attr 214 out of range max 16
[   92.890425][ T6837] sctp: [Deprecated]: syz.1.408 (pid 6837) Use of int in maxseg socket option.
[   92.890425][ T6837] Use struct sctp_assoc_value instead
[   92.975558][ T6844] netlink: 23432 bytes leftover after parsing attributes in process `syz.1.412'.
[   93.087014][ T6850] netlink: 'syz.0.414': attribute type 1 has an invalid length.
[   93.181732][ T6857] bond2: (slave bridge1): making interface the new active one
[   93.187649][ T6857] bond2: (slave bridge1): Enslaving as an active interface with an up link
[   93.591066][ T6881] netlink: 'syz.0.428': attribute type 23 has an invalid length.
[   94.092745][ T6903] macsec1: entered promiscuous mode
[   94.094964][ T6903] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[   94.098049][ T6903] macsec1: entered allmulticast mode
[   94.100273][ T6903] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
[   94.103855][ T6905] netlink: 76 bytes leftover after parsing attributes in process `syz.0.437'.
[   94.284498][ T6913] netlink: 'syz.0.441': attribute type 21 has an invalid length.
[   94.937929][ T6949] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   94.941435][ T6949] syzkaller0: entered promiscuous mode
[   94.943419][ T6949] syzkaller0: entered allmulticast mode
[   94.995258][ T6956] netlink: 24 bytes leftover after parsing attributes in process `syz.2.463'.
[   95.002002][ T6956] netlink: 'syz.2.463': attribute type 3 has an invalid length.
[   95.009183][ T6949] tipc: Resetting bearer <eth:syzkaller0>
[   95.022977][ T6948] tipc: Resetting bearer <eth:syzkaller0>
[   95.061585][ T6948] tipc: Disabling bearer <eth:syzkaller0>
[   95.224592][ T6975] TCP: tcp_parse_options: Illegal window scaling value 128 > 14 received
[   95.396927][ T6983] lo speed is unknown, defaulting to 1000
[   95.592821][ T6992] netlink: 'syz.0.475': attribute type 1 has an invalid length.
[   95.884211][ T7003] netlink: 'syz.0.480': attribute type 1 has an invalid length.
[   95.887751][ T7003] netlink: 144 bytes leftover after parsing attributes in process `syz.0.480'.
[   95.891412][ T7003] netlink: 28 bytes leftover after parsing attributes in process `syz.0.480'.
[   96.365333][ T7034] netlink: 'syz.2.495': attribute type 4 has an invalid length.
[   96.496447][    C0] vcan0: j1939_tp_rxtimer: 0xffff88810fbdb000: rx timeout, send abort
[   96.856345][ T5234] Bluetooth: hci2: command 0x0405 tx timeout
[   96.997118][    C0] vcan0: j1939_tp_rxtimer: 0xffff88810fbd9000: rx timeout, send abort
[   97.000641][    C0] vcan0: j1939_tp_rxtimer: 0xffff88810fbdb000: abort rx timeout. Force session deactivation
[   97.161252][ T7057] netlink: 12 bytes leftover after parsing attributes in process `syz.0.505'.
[   97.184863][ T7058] lo speed is unknown, defaulting to 1000
[   97.333390][ T7058] netlink: 8 bytes leftover after parsing attributes in process `syz.2.506'.
[   97.337042][ T7058] netlink: 4 bytes leftover after parsing attributes in process `syz.2.506'.
[   97.500498][    C0] vcan0: j1939_tp_rxtimer: 0xffff88810fbd9000: abort rx timeout. Force session deactivation
[   98.395184][ T7104] syzkaller1: entered promiscuous mode
[   98.397466][ T7104] syzkaller1: entered allmulticast mode
[   98.488020][ T7108] veth0: entered promiscuous mode
[   98.490520][ T7108] veth0: left promiscuous mode
[   98.690574][ T7120] netlink: 36 bytes leftover after parsing attributes in process `syz.1.532'.
[   98.708794][ T7121] netlink: 'syz.2.531': attribute type 10 has an invalid length.
[   98.715960][ T7121] netlink: 40 bytes leftover after parsing attributes in process `syz.2.531'.
[   98.740282][ T7121] dummy0: entered promiscuous mode
[   98.757248][ T7121] bridge0: port 1(dummy0) entered blocking state
[   98.772302][ T7121] bridge0: port 1(dummy0) entered disabled state
[   98.778140][ T7121] dummy0: entered allmulticast mode
[   98.788649][ T7121] bridge0: port 1(dummy0) entered blocking state
[   98.791226][ T7121] bridge0: port 1(dummy0) entered forwarding state
[   99.006766][ T7136] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   99.014002][ T5922] lo speed is unknown, defaulting to 1000
[   99.016936][ T5922] syz2: Port: 1 Link ACTIVE
[   99.354862][ T7155] netlink: 'syz.0.547': attribute type 1 has an invalid length.
[   99.358324][ T7155] netlink: 'syz.0.547': attribute type 2 has an invalid length.
[   99.361870][ T7155] netlink: 'syz.0.547': attribute type 3 has an invalid length.
[   99.364915][ T7155] netlink: 208 bytes leftover after parsing attributes in process `syz.0.547'.
[   99.396691][ T7157] netlink: 8 bytes leftover after parsing attributes in process `syz.2.548'.
[   99.400372][ T7157] netlink: 16 bytes leftover after parsing attributes in process `syz.2.548'.
[   99.408212][ T7159] Bluetooth: MGMT ver 1.23
[  100.163363][ T7197] infiniband syz!: set active
[  100.165522][ T7197] infiniband syz!: added team_slave_0
[  100.205743][ T7197] RDS/IB: syz!: added
[  100.682158][   T24] hid-generic 0005:0007:0008.0001: unknown main item tag 0x0
[  100.772360][ T7212] gtp0: entered promiscuous mode
[  100.774458][ T7212] gtp0: entered allmulticast mode
[  100.780710][   T24] hid-generic 0005:0007:0008.0001: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa
[  101.260366][ T7248] __nla_validate_parse: 3 callbacks suppressed
[  101.260384][ T7248] netlink: 16 bytes leftover after parsing attributes in process `syz.0.583'.
[  101.361670][ T7256] netlink: 8 bytes leftover after parsing attributes in process `syz.1.588'.
[  101.628472][ T7275] netlink: 12 bytes leftover after parsing attributes in process `syz.2.597'.
[  101.669937][ T7275] vlan3: entered allmulticast mode
[  101.672146][ T7275] bridge0: entered allmulticast mode
[  101.674160][ T7275] bridge1: port 1(vlan3) entered blocking state
[  101.680629][ T7275] bridge1: port 1(vlan3) entered disabled state
[  101.684403][ T7275] vlan3: entered promiscuous mode
[  101.776778][ T7284] netlink: 12 bytes leftover after parsing attributes in process `syz.0.601'.
[  101.989945][ T7297] netlink: 8 bytes leftover after parsing attributes in process `syz.2.607'.
[  102.120144][ T7303] netlink: 'syz.1.610': attribute type 32 has an invalid length.
[  102.358315][ T7315] netlink: 4 bytes leftover after parsing attributes in process `syz.1.616'.
[  102.362792][ T7315] netlink: 4 bytes leftover after parsing attributes in process `syz.1.616'.
[  102.429533][ T7317] netlink: 'syz.1.617': attribute type 1 has an invalid length.
[  102.450385][ T7317] bond1: entered promiscuous mode
[  102.452700][ T7317] 8021q: adding VLAN 0 to HW filter on device bond1
[  102.489235][ T7317] 8021q: adding VLAN 0 to HW filter on device bond2
[  102.494009][ T7317] bond1: (slave bond2): making interface the new active one
[  102.496700][ T7317] bond2: entered promiscuous mode
[  102.499386][ T7317] bond1: (slave bond2): Enslaving as an active interface with an up link
[  103.327789][ T7335] netlink: 'syz.0.625': attribute type 1 has an invalid length.
[  103.331059][ T7335] netlink: 172 bytes leftover after parsing attributes in process `syz.0.625'.
[  103.345705][ T7335] netlink: 4 bytes leftover after parsing attributes in process `syz.0.625'.
[  103.435048][ T7339] netlink: 48 bytes leftover after parsing attributes in process `syz.2.627'.
[  104.139761][ T7381] lo speed is unknown, defaulting to 1000
[  104.504690][ T7402] tap0: tun_chr_ioctl cmd 1074025677
[  104.512237][ T7402] tap0: linktype set to 270
[  104.674987][ T7413] lo: entered promiscuous mode
[  104.686187][ T7413] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  104.709388][   T48] lo speed is unknown, defaulting to 1000
[  104.711742][   T48] syz2: Port: 1 Link DOWN
[  104.830252][ T7426] netlink: 'syz.1.665': attribute type 13 has an invalid length.
[  105.103648][   T13] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  105.109081][   T13] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  105.120364][ T7448] block nbd0: not configured, cannot reconfigure
[  105.127001][  T975] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  105.468615][  T975] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  105.607082][ T7484] lo speed is unknown, defaulting to 1000
[  105.816103][  T975] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  106.889734][ T7508] trusted_key: syz.2.700 sent an empty control message without MSG_MORE.
[  107.758875][ T7534] tipc: Started in network mode
[  107.760602][ T7534] tipc: Node identity 0e2deb95d7f, cluster identity 4711
[  107.763262][ T7534] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  107.793136][ T7534] sch_tbf: burst 9 is lower than device syzkaller0 mtu (1514) !
[  107.802236][ T7534] tipc: Resetting bearer <eth:syzkaller0>
[  108.065622][ T7559] warning: `syz.0.723' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  108.079852][ T7530] tipc: Disabling bearer <eth:syzkaller0>
[  108.427495][ T7572] pimreg3: entered allmulticast mode
[  108.646987][ T7589] lo: entered allmulticast mode
[  108.651148][ T7589] syz_tun: entered allmulticast mode
[  108.655063][ T7587] lo: left allmulticast mode
[  108.936547][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  108.966865][ T7608] 
[  108.967885][ T7608] =====================================
[  108.970011][ T7608] WARNING: bad unlock balance detected!
[  108.972184][ T7608] syzkaller #0 Not tainted
[  108.974078][ T7608] -------------------------------------
[  108.977286][ T7608] syz.0.745/7608 is trying to release lock (&sighand->siglock) at:
[  108.980335][ T7608] [<ffffffff8182c4b3>] copy_process+0x2793/0x3c00
[  108.982957][ T7608] but there are no more locks to release!
[  108.985126][ T7608] 
[  108.985126][ T7608] other info that might help us debug this:
[  108.988359][ T7608] 1 lock held by syz.0.745/7608:
[  108.990319][ T7608]  #0: ffffffff8e171810 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: copy_process+0x212a/0x3c00
[  108.994120][ T7608] 
[  108.994120][ T7608] stack backtrace:
[  108.996448][ T7608] CPU: 1 UID: 0 PID: 7608 Comm: syz.0.745 Not tainted syzkaller #0 PREEMPT(full) 
[  108.996464][ T7608] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  108.996473][ T7608] Call Trace:
[  108.996491][ T7608]  <TASK>
[  108.996498][ T7608]  dump_stack_lvl+0x189/0x250
[  108.996520][ T7608]  ? __pfx_dump_stack_lvl+0x10/0x10
[  108.996533][ T7608]  ? __pfx__printk+0x10/0x10
[  108.996553][ T7608]  ? copy_process+0x2793/0x3c00
[  108.996565][ T7608]  print_unlock_imbalance_bug+0xdc/0xf0
[  108.996579][ T7608]  lock_release+0x269/0x3e0
[  108.996598][ T7608]  ? copy_process+0x2793/0x3c00
[  108.996610][ T7608]  _raw_spin_unlock+0x16/0x50
[  108.996636][ T7608]  copy_process+0x2793/0x3c00
[  108.996653][ T7608]  ? copy_process+0x97f/0x3c00
[  108.996667][ T7608]  ? __pfx_copy_process+0x10/0x10
[  108.996682][ T7608]  kernel_clone+0x21e/0x840
[  108.996697][ T7608]  ? __pfx_kernel_clone+0x10/0x10
[  108.996712][ T7608]  ? __lock_acquire+0xab9/0xd20
[  108.996730][ T7608]  __se_sys_clone3+0x256/0x2d0
[  108.996743][ T7608]  ? __might_fault+0xb0/0x130
[  108.996760][ T7608]  ? __pfx___se_sys_clone3+0x10/0x10
[  108.996779][ T7608]  ? _copy_to_user+0x8a/0xb0
[  108.996800][ T7608]  ? do_user_addr_fault+0xc8a/0x1390
[  108.996820][ T7608]  ? do_syscall_64+0xbe/0x3b0
[  108.996835][ T7608]  do_syscall_64+0xfa/0x3b0
[  108.996847][ T7608]  ? lockdep_hardirqs_on+0x9c/0x150
[  108.996865][ T7608]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.996877][ T7608]  ? exc_page_fault+0x9f/0xf0
[  108.996894][ T7608]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.996906][ T7608] RIP: 0033:0x7f0caf7c3489
[  108.996920][ T7608] Code: d7 08 00 48 8d 3d bc d7 08 00 e8 f2 28 f6 ff 66 90 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7
[  108.996930][ T7608] RSP: 002b:00007ffc3812db08 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3
[  108.996944][ T7608] RAX: ffffffffffffffda RBX: 00007f0caf745880 RCX: 00007f0caf7c3489
[  108.996953][ T7608] RDX: 00007f0caf745880 RSI: 0000000000000058 RDI: 00007ffc3812db50
[  108.996961][ T7608] RBP: 00007f0cb05996c0 R08: 00007f0cb05996c0 R09: 00007ffc3812dc37
[  108.996969][ T7608] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffa8
[  108.996977][ T7608] R13: 000000000000000b R14: 00007ffc3812db50 R15: 00007ffc3812dc38
[  108.996992][ T7608]  </TASK>
[  109.112123][ T7611] syz_tun (unregistering): left allmulticast mode
[  114.223656][ T5884] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.291223][ T5884] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.361637][ T5884] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.421764][ T5884] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.506366][ T5884] bridge_slave_1: left allmulticast mode
[  114.509840][ T5884] bridge_slave_1: left promiscuous mode
[  114.511727][ T5884] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.518793][ T5884] bridge_slave_0: left allmulticast mode
[  114.520683][ T5884] bridge_slave_0: left promiscuous mode
[  114.523022][ T5884] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.650906][ T5884] bond2 (unregistering): (slave bridge1): Releasing active interface
[  114.692300][ T5884] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  114.697245][ T5884] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  114.700916][ T5884] bond0 (unregistering): Released all slaves
[  114.779868][ T5884] bond1 (unregistering): Released all slaves
[  114.786517][ T5884] bond2 (unregistering): Released all slaves
[  114.864328][ T5884] tipc: Left network mode
[  115.139017][ T5884] hsr_slave_0: left promiscuous mode
[  115.141779][ T5884] hsr_slave_1: left promiscuous mode
[  115.146298][ T5884] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  115.149048][ T5884] batman_adv: batadv0: Removing interface: batadv_slave_0
[  115.152447][ T5884] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  115.154956][ T5884] batman_adv: batadv0: Removing interface: batadv_slave_1
[  115.168805][ T5884] veth1_macvtap: left promiscuous mode
[  115.171082][ T5884] veth0_macvtap: left promiscuous mode
[  115.173393][ T5884] veth1_vlan: left promiscuous mode
[  115.175544][ T5884] veth0_vlan: left promiscuous mode
[  115.319004][ T5884] team0 (unregistering): Port device team_slave_1 removed
[  115.344456][ T5884] team0 (unregistering): Port device team_slave_0 removed

VM DIAGNOSIS:
14:14:12  Registers:
info registers vcpu 0

CPU#0
RAX=ffffffff81b44e7b RBX=1ffff11026cc7f69 RCX=ffff88801c2c9cc0 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=ffffc900000d7978 RSP=ffffc900000d7800
R8 =ffffffff8fa2ee37 R9 =1ffffffff1f45dc6 R10=dffffc0000000000 R11=fffffbfff1f45dc7
R12=ffff88813663fb48 R13=dffffc0000000000 R14=ffff88804b03b1c0 R15=0000000000000001
RIP=ffffffff81b44e63 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b863d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f4e6ab056c0 CR3=000000002835a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007f8d8d412e7b
XMM06=0000000000000000 00007f8d8d412e75 XMM07=0000000000000000 00007f8d8d412e89
XMM08=0000000000000000 00007f8d8d412f0f XMM09=0000000000000000 00007f8d8d412fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000002d RBX=000000000000002d RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900083af2d0
R8 =ffff888108198237 R9 =1ffff11021033046 R10=dffffc0000000000 R11=ffffffff854fac30
R12=dffffc0000000000 R13=ffffffff99ad78f8 R14=ffffffff99dcc480 R15=0000000000000000
RIP=ffffffff854facac RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555561dd1500 ffffffff 00c00000
GS =0000 ffff8881a3c3d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000555561de4588 CR3=0000000038e3c000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=00ff000000000000 ff00000000000000 XMM05=0000000000000030 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=ffffffffffffff00 ffffffffffffffff XMM09=313030302e383030 303a373030303a35
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
