last executing test programs:

1.203449837s ago: executing program 2 (id=304):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x1c, 0x37, 0x107, 0x0, 0x7, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0x4, 0x2}]}, 0x1c}}, 0x4010)

1.153357831s ago: executing program 2 (id=307):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_DEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x14, 0x2, 0x9, 0x5, 0x0, 0x0, {0x0, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x20010010)

1.101231613s ago: executing program 2 (id=309):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r0, &(0x7f0000002d40)={0x1f, @any, 0xe}, 0xa)
getpeername$packet(r0, 0x0, &(0x7f00000043c0))

395.981422ms ago: executing program 1 (id=335):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$sock_int(r0, 0x1, 0x33, 0x0, &(0x7f00000001c0))

395.670873ms ago: executing program 1 (id=337):
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='blkio.bfq.io_queued_recursive\x00', 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0, 0x0, 0x4}, 0x18)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000040)={0x5c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0)
r3 = accept4(r1, &(0x7f00000000c0)=@hci, &(0x7f0000000140)=0x80, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a09040000000000000000020000000900010073797a30000000000900020073797a32000000002c000480280001800b00010064796e7365740000180002800900010073797a32000000000800034000000000140000001100010000000000000000000000000aed2ab0be3f89185dbb5775cdfeac"], 0x80}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r4, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r6, 0xf21, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x4000)
r8 = socket$l2tp(0x2, 0x2, 0x73)
getsockname$l2tp(r8, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x0)
sendmsg$NL80211_CMD_ABORT_SCAN(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="000400e07f78d8b6cb8039e86300", @ANYRES16=r6, @ANYBLOB="20002abd7000fcdbdf2572000000"], 0x14}, 0x1, 0x0, 0x0, 0x40844}, 0x1001)
r9 = socket$xdp(0x2c, 0x3, 0x0)
sendmsg$AUDIT_ADD_RULE(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000500)={&(0x7f00000006c0)={0x438, 0x3f3, 0x400, 0x70bd25, 0x25dfdbfb, {0x4, 0x3, 0x3d, [0x1000, 0x9, 0xa90, 0x9, 0x8, 0x8, 0x3, 0x6, 0x717, 0x7, 0x5, 0xac0, 0x1, 0x1, 0x6, 0x1, 0x0, 0x0, 0x1, 0x7fff, 0x2, 0x3, 0x5, 0x8, 0x6, 0x9, 0xffffffff, 0x4, 0xd, 0xf, 0x1, 0xffffff3c, 0x3, 0x5, 0x5, 0xf, 0x2, 0x1675, 0x80000001, 0xfe9, 0x3, 0x401, 0x92, 0x7, 0x4, 0xe, 0xd16e, 0x2, 0xfffffb2f, 0xffff, 0x9, 0x0, 0x7, 0x5, 0x5, 0x7, 0x9, 0x9, 0x4, 0x9, 0x200, 0xffffffff, 0x5, 0x1], [0xfe, 0x1, 0x5, 0x8, 0x10000, 0x10200000, 0x0, 0x8, 0x10001, 0xb, 0x101, 0x7, 0x834, 0x7, 0x5, 0x7eea, 0x3, 0x6, 0x9b85, 0x6, 0x0, 0x0, 0xfffff800, 0x1, 0x6, 0x200, 0x8001, 0x7, 0x0, 0xfffff001, 0xfffffab2, 0x0, 0xa1, 0x200, 0x3, 0x59, 0x3, 0x68a1, 0x4, 0xfffffff8, 0x1000, 0x400, 0x80000000, 0xc8, 0x4, 0x8, 0x88b8, 0x3e, 0x40, 0x8001, 0x0, 0x18cc, 0x1fa, 0xe6, 0x200, 0x0, 0x6, 0xb1, 0x6, 0x6, 0xc4, 0x9ac, 0xfff, 0x401], [0x5, 0x6ed3, 0x9, 0xfff, 0x2, 0x4, 0x3, 0x5, 0x2, 0x3, 0xd, 0x0, 0x2, 0x6, 0x5, 0x2, 0x7fffffff, 0x1, 0x13, 0x8001, 0x4, 0x7e29d6c4, 0xfffffff8, 0x1000, 0x0, 0x6, 0x45, 0x9, 0x3ff, 0x80000001, 0xc, 0x27f0, 0x2, 0x5, 0x6, 0xdb5, 0x12, 0x5, 0x8, 0x2, 0x6, 0x8, 0x7ff, 0x8, 0x8001, 0x1, 0x0, 0x3ff, 0x100, 0x44f7, 0x8, 0xff, 0x6, 0x9, 0x4, 0x7, 0xa, 0x8000, 0x7fffffff, 0x5, 0xffff, 0xffff, 0x3, 0x100], [0x1, 0x9, 0xffff, 0xe, 0x6, 0xd, 0xfffffc00, 0x6, 0x7, 0x6, 0x3, 0x67c, 0x5, 0xb1, 0xfb, 0x10001, 0x2, 0x6, 0x2, 0x6, 0x3, 0x4, 0x2, 0xfff, 0x1000, 0xfffffffa, 0xf2dd, 0x3, 0x3, 0x1ff, 0xc2cf, 0x9, 0x3, 0x1, 0xff, 0x100, 0x4, 0x0, 0x7, 0x8001, 0x2c46, 0x2, 0x100, 0x5, 0x9, 0x6, 0x0, 0x4, 0x2, 0xfffffffa, 0x10001, 0x1, 0xfffffff2, 0x19cdc, 0x9, 0x8, 0x1, 0xffffffff, 0x1000000, 0x8, 0x1, 0x3, 0xf0, 0x3], 0x15, ['$/%{\x92+%#]#^\x00', 'wlan0\x00', '/\x00', '\x00']}, ["", "", "", "", "", "", "", "", ""]}, 0x438}, 0x1, 0x0, 0x0, 0x4000}, 0xa0)
setsockopt$XDP_TX_RING(r9, 0x11b, 0x3, &(0x7f00000001c0)=0x200000, 0x4)
bind$xdp(r9, 0x0, 0x0)
setsockopt$XDP_UMEM_REG(r9, 0x11b, 0x4, &(0x7f0000000240)={0x0, 0x1228000, 0x1000, 0x2, 0x1}, 0x20)

233.511181ms ago: executing program 2 (id=341):
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0xc, &(0x7f0000000200)=0x5, 0x4)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x18, 0x3a, 0x609, 0x3, 0xfffffffd, {0xa}, [@generic='I']}, 0x18}}, 0x0)

233.405123ms ago: executing program 0 (id=342):
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00')
ioctl$BTRFS_IOC_RM_DEV(r0, 0x40305839, &(0x7f0000000a00)={{r0}, "43034353bc9f685fc5d678c047a4a5292e3237ca30cb0f3a9420c9fba0ec4682958baa9e0e94da65970a1c631b5f0139cf3987ad6efa4f483175bc44153da819970a879c6f3ada010c83640ed4e74958a739e85472f4c4c77469644ceadcdc5c688787fd96c27af4ce68d4a65843bd76785c6e519ee90f9a6920bf477c4891a82b124921220cbe3b082be08d48c6ed9eb46a9dc47e23779e961a3f99ea4191028fc46a22e8aad0c413261138ed0b5e2056e522c88a23ad104748d91912d3a9d239ce3ef5ce9c223039b540070954e9505d511ad49ed448daf48cab80390481984f69d19168efdba082cd2a7655d6b0139b0df978c71cd3782f409d56bf0fe9a685e0f79624ac8eb9850ec36fdf31c73234e61c34de1be1c48b7bc738125753deb1f50a00415fb76765ea1155af266b7f6f3ecc7c7754a7209684c4384e6a0884561230064b245748e9fa9f40e206d6c0008730bc1c1bc1a5649e2c4252cab52fe3b883b9a0f3f8deb174325b2a1734809c927458120698ade675a545a0082dc1a3daa41ae2923d0531d18f8231909d20edb1475df9c0684bcbd764711d9df0fcc98375d8afb5b613b79af337615b069f10f2d445fc76905d8fa1a120b65a0d62c4bef582e7292ee61629555dfaece502e533d2789773100c9ddcc1080e9574db85ffc46167537683ecc535c0684b4f64ae228bc16b6236a85e74f61886ea3aba3c6e4faf1dbd2722af34655cbe76df53958323fa8a59e1543cf60721caa411cb9c824798756d3631c61d45bf5018d09f7a2884e3672fefa55c0d7222ef614598f80518d4067061a18ef791d1dc153131417515b13afd314a49370ab130756c19c344daec5c857a867cdd5e73e7f7f4e4611a83b484af2d8cfe7a70d248719ac90c463182edec6c2fb702d9c0a4a141fdfb2a88121532da6f7bee16a4bfd9aa342a744eb798d4c274ce2fe5395966f69736b1d8e8cc737d2b7d1be6dd133eb76e2697ef6a07766a5ec66348fa6373d085be3310936bf6c39807d670d2a68c9510142f55f48455ae19377d690acefb34294622c44384def20d9d2b5f2001f94ddf291945746b3c264acf6face324e50b919f5f36dad3cacd6e6a894d773068481821d478f196ac8a1b097cfe1176b4f46e1db657e56cbd482abe729e7fc4d2b11f094cbaedd342cf72738683c8f8a075e1a6f27edff0d9e891e22b4d51e0c6bcb612390b395ec9b6b6590ca6eae2f7a8a0ffe079b8083d4a0601441571cb3ad6a5da6c1ac4143c17937710d01ff9b3f00908d8c2a9d6950d02b47b3b282aad26980f2b30d4366d7ac3691a2ef8aa959aaabc5b306ad2597a2613fb7237040e95d950ba6b78dbc4522fa0af7711f448be54019bf002719f2450d36ba9e80291357360634df225a9fcf5699658a26243ac82c15b8d4fb5eca179f09cee87a8bef8fdacbcfa74f93bf2a9a79063c17c08995ed2fe5e41eafb99b6eb7090623e3147d04f94e21d0302b1e398c0e74863156a2e4cf34c0f65a7b927f8cb840ca7ea907a6ee218bf39e24134f0f33206ca13366041940d265009eb2ee66a9f0ab3335ab14ff5a19b9d18fc98c547880cc7bf19513a353395933f1df3ad602e718ff3c344234678ee263e6f1023470466899bda51ce5e4f82f403e273a0ea32bf813f4ce90f21acc91a38379cfa454c183d5cdf670d25dd6ad168b7c4fb74cc5e6e17af5eef96478df04de0f703716e592ff8f2f7f4d36eef28095151aa1082bf828e12ca9a331ddeefddcfdb52ad2b4e89448f309ee8756224ff1878e37f3a177c0d78d7f71013252377616fa9d6d547ed9e562eae85a4c7e8776770c58e6d77ff3376c0f5c16966b8545a5f1a336bf4d60eb606035f284e14c69ab8b909938dd4f8257f5da1e8d16513c0f1a561d55208db14d69d33259d9e2befde605014340018f26079860879627754ba9e924dc3efbec4fa1186d075666a87662113bfb8750fd83a26b227ca421d5a266fac72a4258462e0fb7b2ce5ac6e692d82c2c6c8383bbae39d884c23c4c47555f924b22b60f621f2db8d009da303c919c847962ddefa13f1a0195e3b33881f11d0a15faf5617b8af3e684f50cb3a53e13b18e23a93059ecc630f98832c3f9cc8617a307b7373971aa35ddcf474fce083578ed556fbb0dc9e5ccebcaccf9fc382931278e5ad16b73432287be57f9e9d746a1b0ed9558378a7e819fd808b3aa608203c9f62bfbe88785be6c4da06dca42dcac31c6d850b82166951524df711bc044e12abf6d1817be7dbeaf19dbe068db18d93e87e1101d8c09298a71fd891d5976fc311903c9977c45fd8c8f375fc2d3f2b2ef58bf4378f148ff3a4d378174e1f26085b22cee03e252e73c28c71fc4552f1f3b9198fb6fed1c2133a65c7eda35a21b5c891db6e9cfc78abae9d2caff25bbf982f665ebaa870e87d289eb59f9b8f6151545dedf74c4d27d4aff17b507bcd71fe12efa3195bdbf5b757758f3a4b77283f7e6cd56d566c2bb3918d860eb23db3933ab1bbbf5ca63b5026f72dab99dac9a4a613b2da18eac33a398d158763bef75f70e7fc5c75a7cb7ab56b325f95a1e6d9743dd2487b6c7b5709258add8b5019a2fc22f0d18822ac79c5b3b8d5b8f7dbf611a6b1143c21ffdfb4764d10899f84892a28034a5872f7ee1015141f76368762dbd61d68308746375f8f9640019a25dd3a11c4b3596d86c83e8047cf5c47739623cb9aab3e9273b741b89a12d00829ba96301bf35f9bc7164428a031edeab4c746c1f4a38c9c05e8b0d891b7cc03aa35e9c9aacecf158381241114806a91ee0d5c1f2523b5b9f7b8f38e083c05bca2200ac96dc63272004e9ef20fd577ea7ae4a3387306fa5656229c03e4f968ce39ef07b7a89051f4f577d65651fb64ac6265be9aa8dcb238343cedcafaf7c562225fd1840dc5ccb90322766d1634993360570ec7feb40cb3101bca80a58640d0bac91308437014df7c14da356427a6ecca491e6f9588ec2c7f896e39b099591086b04d0d568eb399f0bb8c841611931cb2fd6fd73ebb7f8b9b73d48fb3b294e052953b315a951019a043b7ebca3c4821d7c540facf4c2bb4534aa3445decfd270b8f03a9d71dc2a8e4c50439c956161e1ad4b067b197db3b86b8b4022f2ee27a7e9d4658c3cd641e34ad088969674f3cc7bcc6256221922fed4c749a0d41c095c0e3995056b43744ad9b8b6ba6565c2cc4fd43d8a9abeb60e5c2db0fee542869de33fd32ef72d7bc6a918763f187538a830280e326448dca9fa31403054357234592cc1d55504d9ab55cdaa369958626b476bdbf7c5913f38db214f1be91020b327346b1e05a90026b67915abbf1fd69103935e87699dd3f920da161441764598005fbd92ff22f287ca6809be5497322b42cc300e76e7877d42949a10c79cf8a7b22e46b34b4624a0550de07ef48547abac7d30e79d6028c70aa6942c8558d61c4d3e831cb586ed72e18fd5c1a15e4d81d1c35b5bd143ec188983c524a52f69ba844fdb3b20909d32997cdc822a5646adc597463c0f354aa55943d9eca6b01751902cd8ad8bb8e19f82cccbc696989332be3af34fc9547abfbee54267d775e85e65b2d5ecc0947b2772aeb7b41db3edd3025f5f2d57b0edda51b69191bbe8bfdc06ccb2bb1f55a104bc3b4298470d44531a1b1f1400a094453a9ebe3e06f522847be402b85aecc13422ca423c7357c7cefd5acb9b7dab1e724076b755323bf375918f0de79c78dd2b76963f35ca8c3c7bf3e9fa3b6e12b63646a717a92abac968286b1d0c6b4277b9a4a975fd6a5ad30e18aeae32040687265d0d1848d30190e43cdcf167f8db57ea04be0ce696f4257abe3427eb9b785ee619c52aef573266a886b298c4371ae2e7c141c5263dd6fa898171b3b6e3194a446fe27807bb685b700188acff8d10cf5ed0d8007db138dd93b5afc9dd60470e1639b712aa8669094c32f8c8652be3d2b7100281d7d9495795a97c3dff5a844ce6a2c2c1aa92356bc7b767db8bf3a9a438aaea4d3806afa53ba86922e4c4424485cc05dc26b44059528cbf208a6774eb6dfdf1492393d9c17268a97ead7700fb2d61e3b9378f09e5bafec089b2b8f971b78ac6b5dfda6ae423ad9fb162306912c76cc6c6936b4cc08598b5cf4f3037ce1c03f0dda1018d1600c3f452d2ad9a7b52eae3b55f1d9b0e0a3283cca3db142d3daf62a8c758b9a294779b645b05dcd478c42ad24e5cec8c25da6bd7271e9df0195e13737f86996da964b6b11fabce88258c5b628cc3368ebcb7c8350f0d17c9af5250516c8cf31407ed32704a5fb5d7da05750485c687452ad238bc7f645dc9efa61f88b3f8c3faeb1f8e44a9b907fc5c3ad527270732f3ebd574a75e8ff7b6e6537f54fbf0e8e3316efda3eab14e4f0d7c74d6e3f82e0145588106be9da5d1c74297cc72bf4783078d7ffee9ded2349a53305910998c2837254e864f31e2287dcc19a7d6fb6cdcf80a5dede163a6c3d36e2c5861b89a46eaf0504ad0c7d16ddf02bf6f1d90bf9feaa0b7d9cfefd47d08aac22ee4a6241191f4d6acbdcf6eceae1d2d2028b6e559fb550e1f4a5ee9866da456c7eb034c2f34238572f0d3e3085b1f03509cca9958701fc4a73539c4d446c065bc9e2a4ff1861471c31c6223882ccf0258dcd79634975b560a4905843e26ac6a99346e2de740e4deaa6925a7afdc98025b9b89fc02035efa1457f7b343d3a4c0feeff66f6c719db8528bc49bffcdae000b64fdf1cc755d993b9a77da4c26d8cb8700545c68e4ca1bfd30fb70ad2fe57ce2881cc5b1b6e5126e7705abcc0b8e553252ebc893b5f045e51acdb19944ace5182269f111d1a3533de0c38ec8db309dc44a1c5734846fd5d9e18b07df7ebdbb546f115dc5ef4423351f131c5739e4eed6136dfa022c99c1323144db427af9e3e5c2be67967a3b637413beca8c2081d664af22ac9058bbeeb0d843d09111245a36a245e77fccd3d4e7b359f6ba6521e5a6cbd99b2ef135df13d76d07d0e847ae16ce2b4050c58a775460b6ed86631074516667d590771b2809d55d32b1ed895531e1ee10b25eec4939b0360a2064076a40a8780611ec7f261132e5f7dca1e7284085795408d1385ed7fe4a5cb18c29108cde9b7cbe844d929838a231899e772a381403685446273a564ce6c35aa294ea02b91f61e093ef9191c2d4cf8b722b17093b16d6a3b34444ff9e22ca1dd429d40c2f655ddcf7564aa1cde88a652c5a8589b522ff88938203b09b2fca155be384af4c8d12a32e705ad1d2c4e4e3a9d1a151956ae0f19f9c88ab11137975a5ab53047f5ee69ebbb8c1a2b605e738584a29ad501c0f949aa6a9c0247f17b40f3d8ccbef3c9cc2602d2eb5bf84c7d5bd2480f3478b7975cfa90faf03bbea007baa6682bce23cd245ac372523cf758b939030ad185bc1d0f5753a7268bee39056345130353e0d44d5e46f4a1d933e553f7768071b41d08631a1165b5af7ca4e9d17a3c67ac57aea2d530b6b3a21c279708e71ed6464d01409da47dbadbce0583609105ea631eab93924c1937bf496afe2a4e0758ca521753f8e03e9998618a3304329f70f9a8358416b96c0b42a2287cbd435390a2131d33a8081d5199834a13de7d195ee118bd442af7f34ac1bcce9fad8d61ccc124ed99830dec1d77e90f061ff04043d5e0ea6f1e581a378d2bcbe128ac3756e6070b8321ee6a27634deb278e60e73b9a75083f470808b4b3c4e8661ca91ebed4d028c0683623dc8cbdc01baac0a9451319d960"})

233.018254ms ago: executing program 0 (id=343):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r0, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_MIN_SECURITY_LEVEL(r1, 0x110, 0x4, &(0x7f0000000180)=0x4, 0x4)

143.4596ms ago: executing program 0 (id=344):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000005e00010200"/19, @ANYRES32=0x0, @ANYBLOB='\x00\x00\a\x00'], 0x1c}}, 0x0)

143.148772ms ago: executing program 2 (id=345):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x68, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xf}, {}, {0x7, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x38, 0x2, [@TCA_FLOW_EMATCHES={0x34, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x7}}, @TCA_EMATCH_TREE_LIST={0x28, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x24, 0x1, 0x0, 0x0, {{0x9, 0x9, 0x40}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x3}, @TCA_EM_IPT_MATCH_DATA={0x4}, @TCA_EM_IPT_MATCH_NAME={0xb}]}}]}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014)

115.527568ms ago: executing program 0 (id=346):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0xb, &(0x7f0000002e00)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002120207b1a00fe00000000bfa10000000000000701000078ffffffb702000008000000b70300000000000085000000c700000095"], &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x41100}, 0x94)

113.846256ms ago: executing program 1 (id=347):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x8408, &(0x7f0000000680)=[{&(0x7f0000000180)="5c00000014006b03c84e21008bf32c19021800f80200000044000200ac14140e05251e6182949a36c23d3b48dfd8cdbf9367b498fa51f60a64c9f4d4938037e786a6d0bdd77f6f60c1504bb9189d9193e9bd1c1b7800000000000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

48.323884ms ago: executing program 0 (id=348):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r1, &(0x7f0000000200)=0x8000, 0x12)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x64ed68c0c0d7fca1, 0x0)

48.121881ms ago: executing program 1 (id=349):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="30000000190001002cbd7000000000001c140000fe03dd"], 0x30}}, 0x0)

47.895848ms ago: executing program 2 (id=350):
unshare(0x8040600)
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f0000000080)=0x1, 0x4)

413.759µs ago: executing program 1 (id=351):
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000140)="cb", 0x1}], 0x1, 0x0, 0xe0}}], 0x1, 0x0)
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x14, 0x4, 0x8, 0x6, 0x0, 0x1}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r0, &(0x7f0000000140), 0x0}, 0x20)

133.08µs ago: executing program 0 (id=352):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000007bec5590fe2245bf90b093cc59a642e7f3face2b8b7ddd66d0dcbb4a0a8c1df8541f3d9ae95e3590e1f021c5c26f23074463ce36e19a2f4d882348687fd63747c0efa0cd544f5d480496d78f8d2610c37a0b118b95c5d337b9b051ee09cdc2d92206e9a41307f88264321913bf10ebee1f4d149024148ffefa017da57a8c0ab66aa56d5457a66fb0bd2b31246e29e11cc7df7d8c259ecb5259218e8d5f95116ded65821b52c233f18868fedd82a2e4725e193e5e883135ac8234193ef1964f9"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
socketpair(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a4000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000440)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000005140)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01000000000000000000010000000c00020000000000000000001c0007800c00018008000100", @ANYRES32=r1], 0x3c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@ipv4_delroute={0x2c, 0x19, 0xa428a332fa3ee95f, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x1}, [@RTA_DST={0x8, 0x1, @dev}, @RTA_GATEWAY={0x8, 0x5, @private=0xa010102}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$FS_IOC_GETFSLABEL(r5, 0x400452c9, &(0x7f0000000100))

0s ago: executing program 1 (id=353):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
connect$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x9, 0x4}, 0x20)

kernel console output (not intermixed with test programs):

syzkaller login: [   47.389784][ T5765] sftp-server (5765) used greatest stack depth: 20568 bytes left
Warning: Permanently added '[localhost]:17023' (ED25519) to the list of known hosts.
[   49.735385][ T5815] cgroup: Unknown subsys name 'net'
[   49.904921][ T5815] cgroup: Unknown subsys name 'cpuset'
[   49.910833][ T5815] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   51.761025][ T5815] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   55.857454][ T5833] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   55.861787][ T5837] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   55.865976][ T5837] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   55.866001][ T5833] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   55.871410][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   55.873459][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   55.878139][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   55.878526][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   55.884002][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   55.885309][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   55.897955][ T5221] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   55.903190][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   55.907241][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   55.910402][   T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   55.913950][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   56.179828][ T5840] chnl_net:caif_netlink_parms(): no params data found
[   56.267207][ T5831] chnl_net:caif_netlink_parms(): no params data found
[   56.316947][ T5830] chnl_net:caif_netlink_parms(): no params data found
[   56.324891][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.327867][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.332503][ T5840] bridge_slave_0: entered allmulticast mode
[   56.336646][ T5840] bridge_slave_0: entered promiscuous mode
[   56.388713][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.392286][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.395463][ T5840] bridge_slave_1: entered allmulticast mode
[   56.399408][ T5840] bridge_slave_1: entered promiscuous mode
[   56.472842][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.494468][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.498191][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.500524][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.503402][ T5831] bridge_slave_0: entered allmulticast mode
[   56.506547][ T5831] bridge_slave_0: entered promiscuous mode
[   56.516885][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.519229][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.521859][ T5830] bridge_slave_0: entered allmulticast mode
[   56.524576][ T5830] bridge_slave_0: entered promiscuous mode
[   56.544700][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.547880][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.551620][ T5831] bridge_slave_1: entered allmulticast mode
[   56.555578][ T5831] bridge_slave_1: entered promiscuous mode
[   56.559105][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.562285][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.564712][ T5830] bridge_slave_1: entered allmulticast mode
[   56.567957][ T5830] bridge_slave_1: entered promiscuous mode
[   56.580405][ T5840] team0: Port device team_slave_0 added
[   56.605518][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.611952][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.616472][ T5840] team0: Port device team_slave_1 added
[   56.659254][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.663836][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.666200][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.675722][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.691653][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.696019][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.698996][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.710833][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.717740][ T5830] team0: Port device team_slave_0 added
[   56.736318][ T5830] team0: Port device team_slave_1 added
[   56.747752][ T5831] team0: Port device team_slave_0 added
[   56.767554][ T5831] team0: Port device team_slave_1 added
[   56.807862][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.812149][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.823851][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.839283][ T5840] hsr_slave_0: entered promiscuous mode
[   56.842123][ T5840] hsr_slave_1: entered promiscuous mode
[   56.845142][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.847439][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.856416][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.861397][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.864704][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.876190][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.900961][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.903834][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.915493][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.963829][ T5830] hsr_slave_0: entered promiscuous mode
[   56.966754][ T5830] hsr_slave_1: entered promiscuous mode
[   56.969018][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   56.971726][ T5830] Cannot create hsr debugfs directory
[   57.036249][ T5831] hsr_slave_0: entered promiscuous mode
[   57.038662][ T5831] hsr_slave_1: entered promiscuous mode
[   57.041881][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   57.044462][ T5831] Cannot create hsr debugfs directory
[   57.186007][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   57.202754][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   57.236284][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   57.256577][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   57.295305][ T5830] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   57.315808][ T5830] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   57.335908][ T5830] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   57.353000][ T5830] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   57.381354][ T5831] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   57.386309][ T5831] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   57.400211][ T5831] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   57.407058][ T5831] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   57.462100][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.507894][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[   57.537284][  T365] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.540489][  T365] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.567949][ T1087] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.571194][ T1087] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.594886][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.632478][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.643653][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[   57.662736][  T365] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.665156][  T365] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.678792][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[   57.685307][   T29] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.687900][   T29] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.699936][   T29] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.702703][   T29] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.717988][   T29] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.720335][   T29] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.738211][ T5831] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   57.742265][ T5831] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   57.846110][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.874700][ T5831] veth0_vlan: entered promiscuous mode
[   57.885267][ T5831] veth1_vlan: entered promiscuous mode
[   57.897173][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.917956][ T5831] veth0_macvtap: entered promiscuous mode
[   57.925302][ T5831] veth1_macvtap: entered promiscuous mode
[   57.931575][ T5837] Bluetooth: hci1: command tx timeout
[   57.931636][   T55] Bluetooth: hci2: command tx timeout
[   57.933789][ T5837] Bluetooth: hci0: command tx timeout
[   57.955301][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.964320][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.975151][ T5831] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.978161][ T5831] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.982550][ T5831] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.985521][ T5831] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.995749][ T5840] veth0_vlan: entered promiscuous mode
[   57.998818][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.006489][ T5840] veth1_vlan: entered promiscuous mode
[   58.057197][ T1087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.060481][ T1087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.079382][ T5840] veth0_macvtap: entered promiscuous mode
[   58.088567][ T5840] veth1_macvtap: entered promiscuous mode
[   58.088752][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.095289][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.115413][ T5830] veth0_vlan: entered promiscuous mode
[   58.124474][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.135903][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.136234][ T5831] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   58.138758][ T5830] veth1_vlan: entered promiscuous mode
[   58.155710][ T5840] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.165420][ T5840] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.175698][ T5840] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.178970][ T5840] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.233744][ T5830] veth0_macvtap: entered promiscuous mode
[   58.237969][ T5830] veth1_macvtap: entered promiscuous mode
[   58.275747][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.299524][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.300763][ T4359] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.307760][ T4359] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.315710][ T5830] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.319750][ T5830] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.323374][ T5830] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.326403][ T5830] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.353434][  T365] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.361489][  T365] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.397015][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.399627][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.420147][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.424741][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.705546][ T5929] netlink: 'syz.2.16': attribute type 1 has an invalid length.
[   58.717682][ T5929] netlink: 4 bytes leftover after parsing attributes in process `syz.2.16'.
[   59.558351][ T5980] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   59.718335][ T5993] netlink: 'syz.2.45': attribute type 23 has an invalid length.
[   59.777628][ T5999] xt_l2tp: v2 sid > 0xffff: 4294901760
[   59.823666][ T6004] netlink: 28 bytes leftover after parsing attributes in process `syz.0.51'.
[   59.827118][ T6004] netem: change failed
[   59.964855][ T6016] netlink: 4 bytes leftover after parsing attributes in process `syz.2.56'.
[   60.011346][ T5221] Bluetooth: hci2: command tx timeout
[   60.013268][ T5221] Bluetooth: hci1: command tx timeout
[   60.015067][ T5221] Bluetooth: hci0: command tx timeout
[   60.686214][ T6043] netlink: 20 bytes leftover after parsing attributes in process `syz.0.65'.
[   60.723181][ T6045] netlink: 56 bytes leftover after parsing attributes in process `syz.0.67'.
[   60.766574][ T6049] netlink: 8 bytes leftover after parsing attributes in process `syz.0.68'.
[   60.769893][ T6049] netlink: 12 bytes leftover after parsing attributes in process `syz.0.68'.
[   60.983059][ T6070] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   61.431494][ T6115] netlink: 24 bytes leftover after parsing attributes in process `syz.2.82'.
[   61.438211][ T6115] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[   61.449555][ T6115] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[   61.452698][ T6115] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[   61.456130][ T6115] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[   62.091461][ T5837] Bluetooth: hci0: command tx timeout
[   62.093464][ T5837] Bluetooth: hci1: command tx timeout
[   62.095845][ T5221] Bluetooth: hci2: command tx timeout
[   62.733281][ T6221] netlink: 'syz.2.106': attribute type 21 has an invalid length.
[   62.736355][ T6221] netlink: 'syz.2.106': attribute type 22 has an invalid length.
[   62.739201][ T6221] netlink: 'syz.2.106': attribute type 23 has an invalid length.
[   62.745670][ T6221] netlink: 'syz.2.106': attribute type 25 has an invalid length.
[   62.748452][ T6221] netlink: 96 bytes leftover after parsing attributes in process `syz.2.106'.
[   62.950895][ T6245] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   63.073209][ T6256] netlink: 4 bytes leftover after parsing attributes in process `syz.2.114'.
[   63.076963][    C0] Unknown status report in ack skb
[   63.235387][ T6270] x_tables: ip6_tables: sctp match: only valid for protocol 132
[   63.299416][ T6277] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   64.034662][ T6322] __nla_validate_parse: 2 callbacks suppressed
[   64.034675][ T6322] netlink: 8 bytes leftover after parsing attributes in process `syz.1.140'.
[   64.170875][ T5837] Bluetooth: hci0: command tx timeout
[   64.172968][ T5837] Bluetooth: hci1: command tx timeout
[   64.174998][ T5221] Bluetooth: hci2: command tx timeout
[   64.317213][ T6350] tipc: Started in network mode
[   64.319100][ T6350] tipc: Node identity 8ed619cb862c, cluster identity 4711
[   64.321667][ T6350] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   64.324367][ T6350] syzkaller0: entered promiscuous mode
[   64.326164][ T6350] syzkaller0: entered allmulticast mode
[   64.346794][ T6350] tipc: Resetting bearer <eth:syzkaller0>
[   64.349931][ T6349] tipc: Resetting bearer <eth:syzkaller0>
[   64.356238][ T6349] tipc: Disabling bearer <eth:syzkaller0>
[   64.453859][ T6356] netlink: 'syz.0.156': attribute type 4 has an invalid length.
[   64.486900][ T6356] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.489768][ T6356] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.555910][ T6356] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   64.567094][ T6356] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   64.574263][ T6363] netlink: 20 bytes leftover after parsing attributes in process `syz.2.159'.
[   64.682006][ T6356] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   64.684899][ T6356] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   64.687628][ T6356] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   64.690372][ T6356] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   64.883353][   T10] cfg80211: failed to load regulatory.db
[   65.079398][ T6356] syz.0.156 (6356) used greatest stack depth: 20120 bytes left
[   65.207374][ T6381] sctp: [Deprecated]: syz.2.166 (pid 6381) Use of int in maxseg socket option.
[   65.207374][ T6381] Use struct sctp_assoc_value instead
[   65.420170][ T6395] tun0: tun_chr_ioctl cmd 1074025681
[   65.496578][ T6401] rdma_op ffff888107c0b1f0 conn xmit_rdma 0000000000000000
[   65.544634][ T6403] tipc: Started in network mode
[   65.546491][ T6403] tipc: Node identity 6248ed892461, cluster identity 4711
[   65.549212][ T6403] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   65.553844][ T6403] syzkaller0: entered promiscuous mode
[   65.555692][ T6403] syzkaller0: entered allmulticast mode
[   65.565152][ T6403] tipc: Resetting bearer <eth:syzkaller0>
[   65.568525][ T6402] tipc: Resetting bearer <eth:syzkaller0>
[   65.581591][ T6402] tipc: Disabling bearer <eth:syzkaller0>
[   65.710478][ T6417] netlink: 16 bytes leftover after parsing attributes in process `syz.1.182'.
[   65.715775][ T6417] netlink: 8 bytes leftover after parsing attributes in process `syz.1.182'.
[   65.767694][ T6423] netlink: 8 bytes leftover after parsing attributes in process `syz.2.184'.
[   65.795434][ T6425] syz.1.186 uses obsolete (PF_INET,SOCK_PACKET)
[   65.835725][ T6427] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   65.927945][ T6435] netlink: 8 bytes leftover after parsing attributes in process `syz.2.190'.
[   65.932819][ T6435] openvswitch: netlink: Invalid MD length 0 for MD type 0
[   65.936454][ T6435] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   66.292073][ T6467] warning: `syz.1.205' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   66.297761][ T6467] batman_adv: batadv0: Adding interface: dummy0
[   66.299891][ T6467] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.310893][ T6467] batman_adv: batadv0: Interface activated: dummy0
[   66.458290][ T6477] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[   66.598523][ T6491] netlink: 'syz.2.217': attribute type 30 has an invalid length.
[   66.635514][ T6495] netlink: 24 bytes leftover after parsing attributes in process `syz.2.219'.
[   67.008039][ T6506] netlink: 24 bytes leftover after parsing attributes in process `syz.0.224'.
[   67.087740][ T6510] netlink: 4 bytes leftover after parsing attributes in process `syz.0.226'.
[   67.393399][ T6519] netlink: 4 bytes leftover after parsing attributes in process `syz.0.230'.
[   67.397643][ T6519] Zero length message leads to an empty skb
[   67.609660][ T6531] netlink: 'syz.2.236': attribute type 39 has an invalid length.
[   67.799158][ T6538] Bluetooth: MGMT ver 1.23
[   67.909905][    C0] vcan0: j1939_tp_rxtimer: 0xffff888030a8fc00: rx timeout, send abort
[   67.914898][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888030a8fc00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   67.978419][ T6554] xt_socket: unknown flags 0x8
[   68.181328][ T5221] Bluetooth: hci2: command 0x0405 tx timeout
[   68.197580][ T6566] block nbd1: not configured, cannot reconfigure
[   68.569762][ T6586] IPv6: syztnl1: Disabled Multicast RS
[   68.928961][ T6595] bridge: RTM_NEWNEIGH with invalid ether address
[   69.177185][ T6607] netlink: 'syz.1.269': attribute type 4 has an invalid length.
[   69.217294][ T6609] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   69.476393][ T6621] __nla_validate_parse: 1 callbacks suppressed
[   69.476411][ T6621] netlink: 52 bytes leftover after parsing attributes in process `syz.1.275'.
[   69.491994][ T6621] netlink: 'syz.1.275': attribute type 1 has an invalid length.
[   69.500070][ T6623] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[   69.575181][ T6627] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.278'.
[   69.797247][ T6637] netlink: 'syz.2.284': attribute type 10 has an invalid length.
[   69.799717][ T6637] netlink: 40 bytes leftover after parsing attributes in process `syz.2.284'.
[   69.816464][ T6637] veth0_vlan: entered allmulticast mode
[   69.841795][ T6637] bridge0: port 3(veth0_vlan) entered blocking state
[   69.846544][ T6637] bridge0: port 3(veth0_vlan) entered disabled state
[   69.852551][ T6637] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[   69.924081][ T6647] netlink: 8 bytes leftover after parsing attributes in process `syz.2.288'.
[   69.927870][ T6647] netlink: 8 bytes leftover after parsing attributes in process `syz.2.288'.
[   70.251583][ T5221] Bluetooth: hci2: command 0x0405 tx timeout
[   70.475818][ T6710] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[   70.478801][   T24] IPVS: starting estimator thread 0...
[   70.571020][ T6713] IPVS: using max 79 ests per chain, 189600 per kthread
[   70.684779][ T6733] netlink: 172 bytes leftover after parsing attributes in process `syz.1.326'.
[   70.744203][ T6737] netlink: 44 bytes leftover after parsing attributes in process `syz.0.328'.
[   70.771946][ T6737] team0: Port device team_slave_0 removed
[   70.894014][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[   70.896447][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[   71.282149][ T6778] netlink: 'syz.1.347': attribute type 2 has an invalid length.
[   71.313312][ T6782] netlink: 20 bytes leftover after parsing attributes in process `syz.1.349'.
[   71.442750][ T6788] 
[   71.443643][ T6788] ======================================================
[   71.446057][ T6788] WARNING: possible circular locking dependency detected
[   71.448522][ T6788] 6.16.0-rc5-syzkaller-00159-g47c84997c686-dirty #0 Not tainted
[   71.452031][ T6788] ------------------------------------------------------
[   71.454288][ T6788] syz.0.352/6788 is trying to acquire lock:
[   71.456323][ T6788] ffff8880217a4988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   71.460158][ T6788] 
[   71.460158][ T6788] but task is already holding lock:
[   71.462613][ T6788] ffff8880217a4a30 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_connect+0x94f/0x1930
[   71.465992][ T6788] 
[   71.465992][ T6788] which lock already depends on the new lock.
[   71.465992][ T6788] 
[   71.469484][ T6788] 
[   71.469484][ T6788] the existing dependency chain (in reverse order) is:
[   71.472419][ T6788] 
[   71.472419][ T6788] -> #2 (&nbd->config_lock){+.+.}-{4:4}:
[   71.475421][ T6788]        lock_acquire+0x120/0x360
[   71.477407][ T6788]        __mutex_lock+0x182/0xe80
[   71.479281][ T6788]        refcount_dec_and_mutex_lock+0x30/0xa0
[   71.481291][ T6788]        nbd_config_put+0x2c/0x790
[   71.483087][ T6788]        nbd_release+0xfe/0x140
[   71.484615][ T6788]        bdev_release+0x536/0x650
[   71.486292][ T6788]        blkdev_release+0x15/0x20
[   71.487933][ T6788]        __fput+0x44c/0xa70
[   71.489398][ T6788]        fput_close_sync+0x119/0x200
[   71.491078][ T6788]        __x64_sys_close+0x7f/0x110
[   71.492947][ T6788]        do_syscall_64+0xfa/0x3b0
[   71.494700][ T6788]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.496841][ T6788] 
[   71.496841][ T6788] -> #1 (&disk->open_mutex){+.+.}-{4:4}:
[   71.499396][ T6788]        lock_acquire+0x120/0x360
[   71.501175][ T6788]        __mutex_lock+0x182/0xe80
[   71.503149][ T6788]        __del_gendisk+0x129/0x9e0
[   71.505215][ T6788]        del_gendisk+0xe8/0x160
[   71.507035][ T6788]        nbd_dev_remove_work+0x47/0xe0
[   71.509266][ T6788]        process_scheduled_works+0xae1/0x17b0
[   71.511295][ T6788]        worker_thread+0x8a0/0xda0
[   71.513581][ T6788]        kthread+0x711/0x8a0
[   71.515119][ T6788]        ret_from_fork+0x3fc/0x770
[   71.516794][ T6788]        ret_from_fork_asm+0x1a/0x30
[   71.518741][ T6788] 
[   71.518741][ T6788] -> #0 (&set->update_nr_hwq_lock){++++}-{4:4}:
[   71.522049][ T6788]        validate_chain+0xb9b/0x2140
[   71.524097][ T6788]        __lock_acquire+0xab9/0xd20
[   71.525841][ T6788]        lock_acquire+0x120/0x360
[   71.527603][ T6788]        down_write+0x96/0x1f0
[   71.529317][ T6788]        blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   71.531441][ T6788]        nbd_start_device+0x16c/0xac0
[   71.533476][ T6788]        nbd_genl_connect+0x1250/0x1930
[   71.535479][ T6788]        genl_family_rcv_msg_doit+0x215/0x300
[   71.537678][ T6788]        genl_rcv_msg+0x60e/0x790
[   71.539373][ T6788]        netlink_rcv_skb+0x208/0x470
[   71.541172][ T6788]        genl_rcv+0x28/0x40
[   71.542865][ T6788]        netlink_unicast+0x75c/0x8e0
[   71.545040][ T6788]        netlink_sendmsg+0x805/0xb30
[   71.547180][ T6788]        __sock_sendmsg+0x21c/0x270
[   71.548857][ T6788]        ____sys_sendmsg+0x505/0x830
[   71.550657][ T6788]        ___sys_sendmsg+0x21f/0x2a0
[   71.552468][ T6788]        __x64_sys_sendmsg+0x19b/0x260
[   71.554277][ T6788]        do_syscall_64+0xfa/0x3b0
[   71.555922][ T6788]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.558480][ T6788] 
[   71.558480][ T6788] other info that might help us debug this:
[   71.558480][ T6788] 
[   71.561906][ T6788] Chain exists of:
[   71.561906][ T6788]   &set->update_nr_hwq_lock --> &disk->open_mutex --> &nbd->config_lock
[   71.561906][ T6788] 
[   71.566277][ T6788]  Possible unsafe locking scenario:
[   71.566277][ T6788] 
[   71.568690][ T6788]        CPU0                    CPU1
[   71.570442][ T6788]        ----                    ----
[   71.572195][ T6788]   lock(&nbd->config_lock);
[   71.573657][ T6788]                                lock(&disk->open_mutex);
[   71.575875][ T6788]                                lock(&nbd->config_lock);
[   71.578585][ T6788]   lock(&set->update_nr_hwq_lock);
[   71.580262][ T6788] 
[   71.580262][ T6788]  *** DEADLOCK ***
[   71.580262][ T6788] 
[   71.582842][ T6788] 3 locks held by syz.0.352/6788:
[   71.584497][ T6788]  #0: ffffffff8f583b70 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[   71.587199][ T6788]  #1: ffffffff8f583988 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[   71.590097][ T6788]  #2: ffff8880217a4a30 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_connect+0x94f/0x1930
[   71.593405][ T6788] 
[   71.593405][ T6788] stack backtrace:
[   71.595350][ T6788] CPU: 0 UID: 0 PID: 6788 Comm: syz.0.352 Not tainted 6.16.0-rc5-syzkaller-00159-g47c84997c686-dirty #0 PREEMPT(full) 
[   71.595367][ T6788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   71.595375][ T6788] Call Trace:
[   71.595389][ T6788]  <TASK>
[   71.595396][ T6788]  dump_stack_lvl+0x189/0x250
[   71.595420][ T6788]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.595437][ T6788]  ? __pfx__printk+0x10/0x10
[   71.595456][ T6788]  ? print_lock_name+0xde/0x100
[   71.595475][ T6788]  print_circular_bug+0x2ee/0x310
[   71.595493][ T6788]  check_noncircular+0x134/0x160
[   71.595507][ T6788]  validate_chain+0xb9b/0x2140
[   71.595520][ T6788]  __lock_acquire+0xab9/0xd20
[   71.595529][ T6788]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   71.595538][ T6788]  lock_acquire+0x120/0x360
[   71.595544][ T6788]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   71.595553][ T6788]  ? __mutex_unlock_slowpath+0x1cd/0x700
[   71.595561][ T6788]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   71.595572][ T6788]  down_write+0x96/0x1f0
[   71.595579][ T6788]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   71.595587][ T6788]  ? __pfx_down_write+0x10/0x10
[   71.595596][ T6788]  blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   71.595604][ T6788]  ? nbd_add_socket+0x688/0x9a0
[   71.595612][ T6788]  ? nbd_add_socket+0x688/0x9a0
[   71.595620][ T6788]  nbd_start_device+0x16c/0xac0
Connection to localhost closed by remote host.
[   71.595628][ T6788]  ? __nla_parse+0x40/0x60
[   71.595637][ T6788]  nbd_genl_connect+0x1250/0x1930
[   71.595648][ T6788]  ? __pfx_nbd_genl_connect+0x10/0x10
[   71.595656][ T6788]  ? __nla_parse+0x40/0x60
[   71.595663][ T6788]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[   71.595676][ T6788]  genl_family_rcv_msg_doit+0x215/0x300
[   71.595688][ T6788]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   71.595703][ T6788]  genl_rcv_msg+0x60e/0x790
[   71.595715][ T6788]  ? __pfx_genl_rcv_msg+0x10/0x10
[   71.595725][ T6788]  ? __pfx_nbd_genl_connect+0x10/0x10
[   71.595735][ T6788]  netlink_rcv_skb+0x208/0x470
[   71.595744][ T6788]  ? __pfx_genl_rcv_msg+0x10/0x10
[   71.595755][ T6788]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   71.595767][ T6788]  ? down_read+0x1ad/0x2e0
[   71.595774][ T6788]  genl_rcv+0x28/0x40
[   71.595785][ T6788]  netlink_unicast+0x75c/0x8e0
[   71.595794][ T6788]  netlink_sendmsg+0x805/0xb30
[   71.595804][ T6788]  ? __pfx_netlink_sendmsg+0x10/0x10
[   71.595813][ T6788]  ? aa_sock_msg_perm+0x94/0x160
[   71.595824][ T6788]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   71.595836][ T6788]  ? __pfx_netlink_sendmsg+0x10/0x10
[   71.595844][ T6788]  __sock_sendmsg+0x21c/0x270
[   71.595852][ T6788]  ____sys_sendmsg+0x505/0x830
[   71.595862][ T6788]  ? __pfx_____sys_sendmsg+0x10/0x10
[   71.595874][ T6788]  ? import_iovec+0x74/0xa0
[   71.595883][ T6788]  ___sys_sendmsg+0x21f/0x2a0
[   71.595892][ T6788]  ? __pfx____sys_sendmsg+0x10/0x10
[   71.595906][ T6788]  ? __fget_files+0x2a/0x420
[   71.595917][ T6788]  ? __fget_files+0x3a0/0x420
[   71.595929][ T6788]  __x64_sys_sendmsg+0x19b/0x260
[   71.595939][ T6788]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   71.595951][ T6788]  ? rcu_is_watching+0x15/0xb0
[   71.595963][ T6788]  ? do_syscall_64+0xbe/0x3b0
[   71.595971][ T6788]  do_syscall_64+0xfa/0x3b0
[   71.595978][ T6788]  ? lockdep_hardirqs_on+0x9c/0x150
[   71.595989][ T6788]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.596024][ T6788]  ? exc_page_fault+0x9f/0xf0
[   71.596036][ T6788]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.596044][ T6788] RIP: 0033:0x7f9e2858e929
[   71.596054][ T6788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   71.596062][ T6788] RSP: 002b:00007f9e294a3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   71.596071][ T6788] RAX: ffffffffffffffda RBX: 00007f9e287b5fa0 RCX: 00007f9e2858e929
[   71.596078][ T6788] RDX: 0000000000000000 RSI: 0000200000001ac0 RDI: 0000000000000007
[   71.596083][ T6788] RBP: 00007f9e28610b39 R08: 0000000000000000 R09: 0000000000000000
[   71.596088][ T6788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   71.596092][ T6788] R13: 0000000000000000 R14: 00007f9e287b5fa0 R15: 00007ffe011cfa08
[   71.596101][ T6788]  </TASK>
[   71.618926][ T6800] infiniband syz2: set active
[   71.760694][ T6800] infiniband syz2: added bond_slave_1
[   71.762979][ T6800] syz2: rxe_create_cq: returned err = -12
[   71.764916][ T6800] infiniband syz2: Couldn't create ib_mad CQ
[   71.766857][ T6800] infiniband syz2: Couldn't open port 1
[   71.778608][ T6800] RDS/IB: syz2: added
[   71.779966][ T6800] smc: adding ib device syz2 with port count 1
[   71.783448][ T6800] smc:    ib device syz2 port 1 has pnetid 
[   71.985427][   T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   71.989327][   T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[   72.026543][   T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.031505][   T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[   72.084883][   T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.089277][   T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[   72.144878][   T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.149251][   T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[   72.223972][   T12] bridge_slave_1: left allmulticast mode
[   72.225788][   T12] bridge_slave_1: left promiscuous mode
[   72.227710][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.231486][   T12] bridge_slave_0: left allmulticast mode
[   72.233365][   T12] bridge_slave_0: left promiscuous mode
[   72.235454][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.333132][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   72.337141][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   72.341109][   T12] bond0 (unregistering): Released all slaves
[   72.381406][   T12] tipc: Left network mode
[   72.566984][   T12] hsr_slave_0: left promiscuous mode
[   72.569217][   T12] hsr_slave_1: left promiscuous mode
[   72.571269][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   72.573631][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[   72.576214][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   72.578627][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[   72.588177][   T12] veth1_macvtap: left promiscuous mode
[   72.590037][   T12] veth0_macvtap: left promiscuous mode
[   72.591914][   T12] veth1_vlan: left promiscuous mode
[   72.683420][   T12] team0 (unregistering): Port device team_slave_1 removed
[   72.697793][   T12] team0 (unregistering): Port device team_slave_0 removed
[   72.999932][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.053733][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.096613][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.154912][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.263075][   T12] bridge_slave_1: left allmulticast mode
[   73.265349][   T12] bridge_slave_1: left promiscuous mode
[   73.267702][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.271582][   T12] bridge_slave_0: left allmulticast mode
[   73.273859][   T12] bridge_slave_0: left promiscuous mode
[   73.276236][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.361481][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   73.365910][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   73.370071][   T12] bond0 (unregistering): Released all slaves
[   73.376419][ T5883] syz2: Port: 1 Link DOWN
[   73.622665][   T12] hsr_slave_0: left promiscuous mode
[   73.625511][   T12] hsr_slave_1: left promiscuous mode
[   73.628029][   T12] batman_adv: batadv0: Interface deactivated: dummy0
[   73.630946][   T12] batman_adv: batadv0: Removing interface: dummy0
[   73.634177][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   73.637287][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[   73.651089][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   73.653508][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[   73.658226][   T12] veth1_macvtap: left promiscuous mode
[   73.659976][   T12] veth0_macvtap: left promiscuous mode
[   73.662103][   T12] veth1_vlan: left promiscuous mode
[   73.663840][   T12] veth0_vlan: left promiscuous mode
[   73.742925][   T12] team0 (unregistering): Port device team_slave_1 removed
[   73.758171][   T12] team0 (unregistering): Port device team_slave_0 removed
[   73.772793][ T4870] smc: removing ib device syz2
[   74.067623][   T12] IPVS: stop unused estimator thread 0...

VM DIAGNOSIS:
11:55:20  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000073 RBX=0000000000000073 RCX=0000000000000000 RDX=00000000000003f8
RSI=00000000000023a2 RDI=00000000000023a3 RBP=00000000000003f8 RSP=ffffc90006ed6710
R8 =ffff888106e38237 R9 =1ffff11020dc7046 R10=dffffc0000000000 R11=ffffffff85478780
R12=dffffc0000000000 R13=ffffffff99af98a3 R14=ffffffff99dfe6e0 R15=0000000000000000
RIP=ffffffff854787fc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f9e294a36c0 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c3034ba CR3=0000000124530000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=0000000000000000 0000000000000000 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f90fa011c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffffffffffff RBX=0000000000000000 RCX=0000000000000c5d RDX=0000000000040000
RSI=00000000000000ff RDI=ffffed1023c0e880 RBP=0000000000000009 RSP=ffffc90006e67188
R8 =dffffc0000000000 R9 =0000000000000000 R10=ffffed1023c00000 R11=fffffbfff1f43e7f
R12=ffffea0004780000 R13=0000000000000200 R14=ffff88811e000000 R15=0000000000000000
RIP=ffffffff8b6f5d76 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f280f5f66c0 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f280f5f5dc0 CR3=000000012452c000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f2811985478 00007f2811985450 XMM03=00007f2811985488 00007f2811985480
XMM04=00007f28124ed100 00007f2811985440 XMM05=00007f2811985458 00007f28119854a0
XMM06=00007f2811985498 00007f2811985490 XMM07=00007f2811985488 00007f2811985480
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 00007f2811811c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
