last executing test programs:

1.684182301s ago: executing program 0 (id=1014):
r0 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000740)={'ip6gre0\x00', &(0x7f00000006c0)={'ip6_vti0\x00', 0x0, 0x2f, 0x0, 0x3, 0x1ff, 0x8, @local, @private1={0xfc, 0x1, '\x00', 0x1}, 0x9, 0x1ffe1, 0x7, 0x2}})

1.601395448s ago: executing program 0 (id=1016):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r0)
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x30, r1, 0x60b, 0x70bd2d, 0x0, {}, [@IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0xdd}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x6}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x30}}, 0x0)

1.600926533s ago: executing program 0 (id=1018):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f00000000c0), 0x10)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r0], 0x448}}, 0x0)
sendmmsg$inet(r0, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0)

1.541222331s ago: executing program 0 (id=1021):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4000000000000007910900000000000620000000000000095000000000000009e574bffff1729aba9b39a58e3cd8757e44cf3611b8e327a0279acba1f7791408d1efa421239728e2e5cc319b58520609dfd4a1a021d000000000000efffff75c3d894d99aef659f8b0000c515d8c219fbd9da31fc3ce3e9a2653000aec385a84a3d3f466bba30ac1486a70037fb03adef1a427fb0f4cb3072182da7c30000000000000000000000000000000000000000000000000000297e9fed660213ecb576987ad0972f18fbb7c9ecc03901f028b15b30ecf3205f90c9684ddc80d13bf37afc00e5efd686e6fb5ef4ee00b66126f773434a5c0d2ad3526bc484a6b94396117615f78f97637d8f8838aa75efb657ddafb15b88d97e47731cc3f55ce4e6a42562e6fb1f0000003030249c350044b09c36d10549a5949ff21418f1517508fb13540a82b5030cd9bb1bb066ca833c1fef6cefa28543ee520e46a3e96aca0d5a5f8cb34ad9c54c3a9a698f835bb83bcfd81ac5cfa18ce0740717994b5152cd0fa735433e50dccee16a208245b4366d44bb7ebd169b9e3a66d0cb29291a50f642ae4cb007540c806cd1cf88fdcaa393d1e1a697649401a802b474e374c767cb1ce52fd917d6af3de547be8429540de37f868a7f25d47c4b710836436008d4e8c8b42aeee84629d06d75ef09e0260b41de1f750480e492b6822d6275b7ccda1141707069cdb21de7a98dc37efdd806cc3619ad0659998bdd90b008c1aed04ee682b8ffd25741abbd9c6482ca45b82b6b7f25f71280cd6ba8bbb1e32dfe84831d1fc132755ce9aaf1952cb6829e9d6f4cbd8a07dc0cebcad512b3e0f2daa622bc805d2e152e0765b20cd6c8e2f4fff81e1458a43f35d36b25225dc0fbaf3b8131f5a8ae73e8badc519350edf048d5f56617"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x48)
close(0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000300000000000000000000008500000041000000850000000500000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r0, 0x0, 0xe, 0x300, &(0x7f00000002c0)="f57b0bb7994307a7ac95a7c71016", 0x0, 0x0, 0x0, 0x0, 0x38, 0x0, &(0x7f0000000180)="b8"}, 0x3a)

1.463313147s ago: executing program 0 (id=1023):
r0 = socket$kcm(0x11, 0x2, 0x300)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0xe0ffffff00000000}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xe)
recvmmsg(r1, &(0x7f0000000000)=[{{0x0, 0x0, 0x0}, 0xa}], 0x40000f6, 0x102, 0x0)
shutdown(r1, 0x1)
ioctl$XFS_IOC_FD_TO_HANDLE(r1, 0xc038586a, &(0x7f0000000100)={r0, &(0x7f0000000380)='\x7f[g\xd8C\xc39\xfdo\x91\x06*|O\xb0g\\\xda\x91\xa9\xe2\x8c\x81\x8c\xd6\xff\xff\xff\x7f\x00\x00\x00\x00Y2\x02\x82r`n8u\xd8\xb9\x05Pj\x84u\xc6\xc2\xf9U\xcd\x8d\xec\xc8\xa1C\xc6P:\xc1\xdcp\xb8\xfd\xccw&\x9eC\xaa\x86j>\x80\\\x1153', 0x541600, &(0x7f00000001c0)={@align=0x5, {0xcd, 0x5, 0x8, 0x6f}}, 0xd1c1, 0x0, &(0x7f0000000240)=0x8000})
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000700)={'ip_vti0\x00', 0x0})
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x10448)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f00000001c0)={0x7, 0xc, 0x0, 0x1, 0x3, 0x9, 0x7, 0x1}, &(0x7f00000003c0)=0x20)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$XFS_IOC_ATTRLIST_BY_HANDLE(r0, 0x4058587a, 0x0)

1.171471258s ago: executing program 1 (id=1035):
r0 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0xfffffffd, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x80, 0x0}, 0x20000001)
sendmsg$inet(r0, &(0x7f0000002a80)={0x0, 0x0, &(0x7f0000002700)=[{&(0x7f00000006c0)="94", 0x1}], 0x1}, 0x40040d4)

603.671312ms ago: executing program 2 (id=1048):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={<r1=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000140)={r1, 0x718, 0x4, 0x0, 0xb, 0x9, 0x1, 0x0, {r1, @in6={{0xa, 0x4e23, 0x10, @local, 0x8000}}, 0xffffffff, 0x7ff, 0x40, 0x8, 0x7}}, &(0x7f0000000200)=0xb0)

464.363939ms ago: executing program 2 (id=1049):
syz_emit_ethernet(0x5e, &(0x7f00000010c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x28, 0x6, 0x0, @private0, @mcast2, {[], {{0x4e24, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x2, 0x0, 0x0, 0x0, {[@eol, @exp_smc={0xfe, 0x6}, @timestamp={0x8, 0xa, 0x3, 0xffffffff}]}}}}}}}}, 0x0)

404.498775ms ago: executing program 2 (id=1050):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWSETELEM={0x58, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x2c, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x2df31ab3}]}, {0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x80}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

404.293128ms ago: executing program 2 (id=1051):
syz_emit_ethernet(0x51, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "24a2e1", 0x6, 0x11, 0x1, @empty, @mcast2, {[], {0x0, 0xe22, 0x1b, 0x0, @opaque="2389c9816358f5fbe63966c2d8050f4bdb76cb"}}}}}}, 0x0)

332.476726ms ago: executing program 2 (id=1052):
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000009e40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002640)=ANY=[@ANYBLOB="1400000000000046"], 0x28}}], 0x1, 0x40000)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x400000000000284, 0xf00)

224.454356ms ago: executing program 1 (id=1053):
syz_emit_ethernet(0x4e, &(0x7f0000000340)={@local, @broadcast, @void, {@ipv6={0x86dd, @generic={0x5, 0x6, "b7a34d", 0x18, 0x0, 0x0, @rand_addr=' \x01\x00', @private0={0xfc, 0x0, '\x00', 0x1}, {[@routing={0x6, 0x2, 0x1, 0x7, 0x0, [@local]}]}}}}}, 0x0)

154.500052ms ago: executing program 1 (id=1054):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x40, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_OURS={0x14, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x40}}, 0x0)

154.25501ms ago: executing program 2 (id=1055):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1}, @ldst={0x2, 0x0, 0x3}]}, &(0x7f0000000100)='GPL\x00', 0x9}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r1, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
ioctl$TUNSETLINK(r0, 0x400454cd, 0x338)
connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
r2 = socket(0x8000000010, 0x2, 0x0)
write(r2, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r4, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e21, 0x5, @private2, 0x9}], 0x1c)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x1f, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e21, 0x1641, @private2, 0xfffffff9}}, 0xfff, 0x9}, &(0x7f0000000200)=0x90)
sendmmsg$inet(r3, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x4000095, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r5, 0x8955, &(0x7f0000000180)={{0x2, 0x4e22, @empty}, {0x20000010304, @local}, 0x6, {0x2, 0x4e20, @rand_addr=0x64010100}})
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110e22fff6)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x5, 0x3, 0x8, 0x6})
r6 = socket(0xa, 0x1, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r7, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000017c0)={0x3c, r8, 0x1, 0x70bd2c, 0x0, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x2}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r6}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r6}}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x55ebfcb85e78e904}, 0x4)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r8, 0x10, 0x70bd2a, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x4b71}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x6000000}, 0x4004005)

94.657918ms ago: executing program 1 (id=1056):
syz_emit_ethernet(0x46, &(0x7f0000000180)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x14}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x10, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, @mcast2, {[], @ni={0x8b, 0x0, 0x0, 0x3, 0xe, 0x81}}}}}}, 0x0)

94.324635ms ago: executing program 1 (id=1057):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
unshare(0x62040400)
socket(0x2b, 0x80801, 0x1)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f0000000400)=@newchain={0x70, 0x64, 0x300, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x7, 0xfff2}, {0xf}, {0xa, 0x1ffe4}}, [@filter_kind_options=@f_bpf={{0x8}, {0x1c, 0x2, [@TCA_BPF_FD={0x8, 0x6, r0}, @TCA_BPF_CLASSID={0x8, 0x3, {0x6, 0x9}}, @TCA_BPF_FD={0x8, 0x6, r0}]}}, @TCA_CHAIN={0x8, 0xb, 0xc7b}, @TCA_CHAIN={0x8, 0xb, 0x2}, @TCA_CHAIN={0x8, 0xb, 0x10}, @TCA_RATE={0x6, 0x5, {0x79, 0x68}}, @TCA_RATE={0x6, 0x5, {0xb9, 0x3}}]}, 0x70}, 0x1, 0x0, 0x0, 0x40}, 0x80)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=ANY=[@ANYBLOB="440000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001b000000000004"], 0x44}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)

4.85496ms ago: executing program 0 (id=1058):
r0 = socket$alg(0x26, 0x5, 0x0)
sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001180)=ANY=[@ANYBLOB="88000000", @ANYRES16=0x0, @ANYBLOB="000125bd7000fcdbdf25010000007400028014000180080001000000000008000100070000002c0001800800010005000000080001000100000008000100080000000800010004000000080001000100000014000180080001000600000008000100020000001c0001800800010001000000080001000800000008000100080000007c05c776fc187a910d0821cc0f91238e0af2fdbb667e82673f44f82a"], 0x88}, 0x1, 0x0, 0x0, 0x40}, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'authenc(michael_mic-generic,pcbc(fcrypt-generic))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000480), 0xb7)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="02000000040000000800000001", @ANYRES8=r1, @ANYRES64=r1], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x6, 0x10, &(0x7f0000000e40)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000300000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000008000000850000001c00000095"], &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r3, 0xfffff000, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x2ef8, 0x7000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000100)=r3, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1ff8d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002706870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a83984e68a6d80a5f5222ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0007000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1f6428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e1700000000000000000a034000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1ebbb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa5210b16eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r4, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
unshare(0x6020400)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_ro(r5, &(0x7f00000005c0)='cpu.stat\x00', 0x275a, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f00000001c0)={r6}, 0x8)
unshare(0x22020400)
close(r6)

0s ago: executing program 1 (id=1059):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newtaction={0x70, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_ctinfo={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x3f00}, @TCA_CTINFO_ACT={0x18, 0x3, {0xfa, 0x1, 0x0, 0x100}}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x20, 0x6, 0x10}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x200488c0}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:15786' (ED25519) to the list of known hosts.
syzkaller login: [   50.025975][ T5544] cgroup: Unknown subsys name 'net'
[   50.131315][ T5544] cgroup: Unknown subsys name 'cpuset'
[   50.135624][ T5544] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   51.683722][ T5544] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   56.015973][ T5002] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   56.021110][ T5002] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   56.024943][ T5002] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   56.032156][ T5002] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   56.035661][ T5002] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   56.085077][ T5002] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   56.090718][ T5002] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   56.094373][ T5002] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   56.098869][ T5002] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   56.102483][ T5002] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   56.131479][ T5002] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   56.136159][ T5002] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   56.140155][ T5002] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   56.144007][ T5002] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   56.147529][ T5002] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   56.663953][ T5607] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.666856][ T5607] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.669556][ T5607] bridge_slave_0: entered allmulticast mode
[   56.672759][ T5607] bridge_slave_0: entered promiscuous mode
[   56.697532][ T5607] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.700594][ T5607] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.703535][ T5607] bridge_slave_1: entered allmulticast mode
[   56.706424][ T5607] bridge_slave_1: entered promiscuous mode
[   56.759697][ T5619] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.762570][ T5619] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.765409][ T5619] bridge_slave_0: entered allmulticast mode
[   56.768701][ T5619] bridge_slave_0: entered promiscuous mode
[   56.772382][ T5619] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.775200][ T5619] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.778150][ T5619] bridge_slave_1: entered allmulticast mode
[   56.780865][ T5619] bridge_slave_1: entered promiscuous mode
[   56.793183][ T5607] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.811414][ T5607] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.820679][ T5613] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.823533][ T5613] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.825928][ T5613] bridge_slave_0: entered allmulticast mode
[   56.828756][ T5613] bridge_slave_0: entered promiscuous mode
[   56.857001][ T5619] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.863854][ T5619] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.868209][ T5613] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.871436][ T5613] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.874170][ T5613] bridge_slave_1: entered allmulticast mode
[   56.878829][ T5613] bridge_slave_1: entered promiscuous mode
[   56.895275][ T5607] team0: Port device team_slave_0 added
[   56.921613][ T5607] team0: Port device team_slave_1 added
[   56.937034][ T5619] team0: Port device team_slave_0 added
[   56.943394][ T5613] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.961847][ T5619] team0: Port device team_slave_1 added
[   56.978402][ T5613] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.005135][ T5619] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.008334][ T5619] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   57.018763][ T5619] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   57.037519][ T5607] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.040580][ T5607] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   57.051405][ T5607] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   57.057315][ T5607] batman_adv: batadv0: Adding interface: batadv_slave_1
[   57.060341][ T5607] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   57.070743][ T5607] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   57.075881][ T5619] batman_adv: batadv0: Adding interface: batadv_slave_1
[   57.078988][ T5619] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   57.089231][ T5619] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   57.122133][ T5613] team0: Port device team_slave_0 added
[   57.128214][ T5613] team0: Port device team_slave_1 added
[   57.185544][ T5607] hsr_slave_0: entered promiscuous mode
[   57.189292][ T5607] hsr_slave_1: entered promiscuous mode
[   57.218047][ T5619] hsr_slave_0: entered promiscuous mode
[   57.221057][ T5619] hsr_slave_1: entered promiscuous mode
[   57.223455][ T5619] debugfs: 'hsr0' already exists in 'hsr'
[   57.225392][ T5619] Cannot create hsr debugfs directory
[   57.228844][ T5613] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.231813][ T5613] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   57.242785][ T5613] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   57.250161][ T5613] batman_adv: batadv0: Adding interface: batadv_slave_1
[   57.253083][ T5613] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   57.263568][ T5613] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   57.359128][ T5613] hsr_slave_0: entered promiscuous mode
[   57.361646][ T5613] hsr_slave_1: entered promiscuous mode
[   57.363815][ T5613] debugfs: 'hsr0' already exists in 'hsr'
[   57.365917][ T5613] Cannot create hsr debugfs directory
[   57.576586][ T5619] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   57.582908][ T5619] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   57.587279][ T5619] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   57.596000][ T5619] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   57.599561][ T5619] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   57.604251][ T5619] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   57.614183][ T5619] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   57.619838][ T5619] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   57.655442][ T5607] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   57.662328][ T5607] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   57.668306][ T5607] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   57.673157][ T5607] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   57.680876][ T5607] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   57.686113][ T5607] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   57.698225][ T5607] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   57.703797][ T5607] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   57.766641][ T5613] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   57.771891][ T5613] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   57.775422][ T5613] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   57.782936][ T5613] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   57.799702][ T5613] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   57.804079][ T5613] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   57.810665][ T5613] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   57.815116][ T5613] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   57.904030][ T5619] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.950355][ T5607] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.971716][ T5619] 8021q: adding VLAN 0 to HW filter on device team0
[   57.995154][   T41] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.998645][   T41] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.010497][   T41] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.013540][   T41] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.021861][ T5607] 8021q: adding VLAN 0 to HW filter on device team0
[   58.043751][   T41] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.046797][   T41] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.069194][   T54] Bluetooth: hci0: command tx timeout
[   58.072241][   T41] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.075124][   T41] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.110792][ T5613] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.147853][   T54] Bluetooth: hci1: command tx timeout
[   58.154149][ T5613] 8021q: adding VLAN 0 to HW filter on device team0
[   58.181985][   T41] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.184849][   T41] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.198299][   T41] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.201197][   T41] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.228109][   T54] Bluetooth: hci2: command tx timeout
[   58.486781][ T5619] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.493481][ T5607] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.546644][ T5619] veth0_vlan: entered promiscuous mode
[   58.563011][ T5607] veth0_vlan: entered promiscuous mode
[   58.565641][ T5619] veth1_vlan: entered promiscuous mode
[   58.582976][ T5607] veth1_vlan: entered promiscuous mode
[   58.603684][ T5619] veth0_macvtap: entered promiscuous mode
[   58.619842][ T5619] veth1_macvtap: entered promiscuous mode
[   58.623893][ T5613] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.627547][ T5607] veth0_macvtap: entered promiscuous mode
[   58.635831][ T5607] veth1_macvtap: entered promiscuous mode
[   58.651194][ T5619] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.656479][ T5607] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.667235][ T5619] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.685298][ T5661] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.692167][ T5661] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.696850][ T5607] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.703591][ T5661] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.722970][ T5661] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.733491][ T5661] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.746979][ T5661] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.753494][ T5661] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.774791][ T5661] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.782899][ T5613] veth0_vlan: entered promiscuous mode
[   58.823878][ T5613] veth1_vlan: entered promiscuous mode
[   58.873607][   T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.878885][   T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.910258][   T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.915221][   T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.932579][ T5613] veth0_macvtap: entered promiscuous mode
[   58.945383][   T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.950875][ T5613] veth1_macvtap: entered promiscuous mode
[   58.952931][   T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.957626][   T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.961749][   T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.980174][ T5613] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.990250][ T5613] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.003838][ T5661] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.012808][ T5661] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.025396][ T5607] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   59.028362][ T5661] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.035605][ T5661] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.185549][ T1111] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.197276][ T1111] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.228525][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.232276][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.661150][ T5748] netlink: 12 bytes leftover after parsing attributes in process `syz.0.15'.
[   60.148787][   T54] Bluetooth: hci0: command tx timeout
[   60.228052][   T54] Bluetooth: hci1: command tx timeout
[   60.317897][   T54] Bluetooth: hci2: command tx timeout
[   60.792911][ T5778] IPVS: set_ctl: invalid protocol: 136 172.30.0.3:20005
[   60.906216][ T5784] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.28'.
[   61.316805][ T5810] Driver unsupported XDP return value 0 on prog  (id 5) dev N/A, expect packet loss!
[   62.228069][   T54] Bluetooth: hci0: command tx timeout
[   62.308059][   T54] Bluetooth: hci1: command tx timeout
[   62.387820][   T54] Bluetooth: hci2: command tx timeout
[   62.734017][ T5754] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   62.738343][ T5812] netlink: 'syz.0.40': attribute type 2 has an invalid length.
[   62.744168][ T5812] tipc: Started in network mode
[   62.746386][ T5812] tipc: Node identity 1340008, cluster identity 4711
[   62.750400][ T5812] tipc: Node number set to 20185096
[   62.906509][ T5822] syz.2.44 uses obsolete (PF_INET,SOCK_PACKET)
[   62.995719][ T5828] netlink: 4 bytes leftover after parsing attributes in process `syz.0.48'.
[   63.047171][ T5830] netlink: 24 bytes leftover after parsing attributes in process `syz.1.49'.
[   63.057616][ T5831] netlink: 4 bytes leftover after parsing attributes in process `syz.0.48'.
[   63.063351][ T5830] netlink: 'syz.1.49': attribute type 2 has an invalid length.
[   63.088460][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.139687][ T5831] bridge_slave_0 (unregistering): left allmulticast mode
[   63.147102][ T5831] bridge_slave_0 (unregistering): left promiscuous mode
[   63.158152][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.544243][ T5861] warning: `syz.1.60' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   64.319486][   T54] Bluetooth: hci0: command tx timeout
[   64.390988][   T54] Bluetooth: hci1: command tx timeout
[   64.469379][   T54] Bluetooth: hci2: command tx timeout
[   64.545978][ T5882] netlink: 36 bytes leftover after parsing attributes in process `syz.2.69'.
[   65.659501][ T5963] netlink: 'syz.0.104': attribute type 1 has an invalid length.
[   65.690078][ T5965] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[   66.025154][ T5979] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[   66.030087][ T5688] IPVS: starting estimator thread 0...
[   66.137783][ T5981] IPVS: using max 80 ests per chain, 192000 per kthread
[   66.519434][ T5991] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096
[   66.738619][ T5717] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   66.741804][ T6006] Zero length message leads to an empty skb
[   66.743614][ T5717] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   66.751670][ T5717] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   66.756578][ T5717] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   68.059759][ T5619] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[   68.066317][ T5619] CPU: 1 UID: 0 PID: 5619 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   68.066331][ T5619] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   68.066336][ T5619] Call Trace:
[   68.066341][ T5619]  <TASK>
[   68.066344][ T5619]  dump_stack_lvl+0xe8/0x150
[   68.066358][ T5619]  dump_header+0xd3/0x4c0
[   68.066371][ T5619]  oom_kill_process+0x3ab/0x970
[   68.066383][ T5619]  out_of_memory+0x106c/0x1410
[   68.066392][ T5619]  ? try_charge_memcg+0xbb9/0x1570
[   68.066404][ T5619]  ? __pfx___mutex_lock+0x10/0x10
[   68.066415][ T5619]  ? __pfx_out_of_memory+0x10/0x10
[   68.066423][ T5619]  ? do_raw_spin_unlock+0x4d/0x210
[   68.066438][ T5619]  try_charge_memcg+0xc77/0x1570
[   68.066456][ T5619]  ? __pfx_try_charge_memcg+0x10/0x10
[   68.066466][ T5619]  ? percpu_ref_tryget+0x15/0x180
[   68.066484][ T5619]  ? charge_memcg+0x23/0x2b0
[   68.066495][ T5619]  charge_memcg+0x1a2/0x2b0
[   68.066507][ T5619]  ? mem_cgroup_swapin_charge_folio+0x33/0x390
[   68.066517][ T5619]  mem_cgroup_swapin_charge_folio+0x262/0x390
[   68.066528][ T5619]  __swap_cache_prepare_and_add+0xdc/0x700
[   68.066539][ T5619]  ? page_rmappable_folio+0x9a/0x170
[   68.066549][ T5619]  swap_cache_alloc_folio+0xf1/0x240
[   68.066559][ T5619]  swap_cluster_readahead+0x355/0x670
[   68.066571][ T5619]  ? __pfx_swap_cluster_readahead+0x10/0x10
[   68.066584][ T5619]  ? get_vma_policy+0x27b/0x3c0
[   68.066597][ T5619]  swapin_readahead+0x196/0xc50
[   68.066607][ T5619]  ? swap_table_get+0x1e/0x260
[   68.066616][ T5619]  ? __pfx_swapin_readahead+0x10/0x10
[   68.066626][ T5619]  ? swap_table_get+0x1e/0x260
[   68.066633][ T5619]  ? swap_table_get+0x1e/0x260
[   68.066640][ T5619]  ? swap_table_get+0x1e/0x260
[   68.066648][ T5619]  ? swap_table_get+0x216/0x260
[   68.066656][ T5619]  ? swap_cache_get_folio+0x2e4/0x2f0
[   68.066692][ T5619]  do_swap_page+0x555/0x5120
[   68.066703][ T5619]  ? __pte_offset_map+0x29/0x240
[   68.066712][ T5619]  ? __pte_offset_map+0x29/0x240
[   68.066724][ T5619]  ? do_swap_page+0x128/0x5120
[   68.066732][ T5619]  ? __pfx_do_swap_page+0x10/0x10
[   68.066739][ T5619]  ? __pte_offset_map+0x1ae/0x240
[   68.066749][ T5619]  ? pte_offset_map_rw_nolock+0xea/0x160
[   68.066759][ T5619]  handle_mm_fault+0x12d2/0x3170
[   68.066773][ T5619]  ? handle_mm_fault+0xee/0x3170
[   68.066784][ T5619]  ? __pfx_handle_mm_fault+0x10/0x10
[   68.066797][ T5619]  ? lock_vma_under_rcu+0x45a/0x500
[   68.066818][ T5619]  do_user_addr_fault+0xa73/0x1340
[   68.066829][ T5619]  ? rcu_is_watching+0x15/0xb0
[   68.066838][ T5619]  ? trace_page_fault_user+0x84/0x1e0
[   68.066846][ T5619]  exc_page_fault+0x6a/0xc0
[   68.066858][ T5619]  asm_exc_page_fault+0x26/0x30
[   68.066865][ T5619] RIP: 0033:0x7f0e9455d60e
[   68.066875][ T5619] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   68.066882][ T5619] RSP: 002b:00007ffedb269038 EFLAGS: 00010246
[   68.066889][ T5619] RAX: 0000000000000000 RBX: 00005555895a0500 RCX: 00007f0e9455d60e
[   68.066894][ T5619] RDX: 00007ffedb269090 RSI: 0000000000000000 RDI: 0000000000000000
[   68.066899][ T5619] RBP: 00007ffedb2690fc R08: 0000000000000000 R09: 0000000000000000
[   68.066903][ T5619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001388
[   68.066907][ T5619] R13: 00000000000927c0 R14: 0000000000010878 R15: 00007ffedb269150
[   68.066919][ T5619]  </TASK>
[   68.066922][ T5619] memory: usage 307200kB, limit 307200kB, failcnt 1990
[   68.197119][ T5619] memory+swap: usage 307400kB, limit 9007199254740988kB, failcnt 0
[   68.204952][ T5619] kmem: usage 307192kB, limit 9007199254740988kB, failcnt 0
[   68.218414][ T5619] Memory cgroup stats for /syz0:
[   68.218579][ T5619] cache 0
[   68.221165][ T5619] rss 0
[   68.222063][ T5619] rss_huge 0
[   68.223106][ T5619] shmem 0
[   68.224029][ T5619] mapped_file 0
[   68.225117][ T5619] dirty 0
[   68.226054][ T5619] writeback 0
[   68.227095][ T5619] workingset_refault_anon 2
[   68.231066][ T5619] workingset_refault_file 0
[   68.232634][ T5619] swap 204800
[   68.233758][ T5619] swapcached 221184
[   68.235045][ T5619] pgpgin 3672
[   68.236182][ T5619] pgpgout 3670
[   68.237309][ T5619] pgfault 7823
[   68.239011][ T5619] pgmajfault 1
[   68.240210][ T5619] inactive_anon 0
[   68.241457][ T5619] active_anon 8192
[   68.242677][ T5619] inactive_file 0
[   68.244126][ T5619] active_file 0
[   68.245311][ T5619] unevictable 0
[   68.246430][ T5619] hierarchical_memory_limit 314572800
[   68.250160][ T5619] hierarchical_memsw_limit 9223372036854771712
[   68.252187][ T5619] total_cache 0
[   68.253383][ T5619] total_rss 0
[   68.256498][ T5619] total_rss_huge 0
[   68.260012][ T5619] total_shmem 0
[   68.261974][ T5619] total_mapped_file 0
[   68.263300][ T5619] total_dirty 0
[   68.266071][ T5619] total_writeback 0
[   68.267310][ T5619] total_workingset_refault_anon 2
[   68.273303][ T5619] total_workingset_refault_file 0
[   68.276545][ T5619] total_swap 204800
[   68.280082][ T5619] total_swapcached 221184
[   68.281783][ T5619] total_pgpgin 3672
[   68.283077][ T5619] total_pgpgout 3670
[   68.284313][ T5619] total_pgfault 7823
[   68.285514][ T5619] total_pgmajfault 1
[   68.286768][ T5619] total_inactive_anon 0
[   68.297257][ T5619] total_active_anon 8192
[   68.300437][ T5619] total_inactive_file 0
[   68.303747][ T5619] total_active_file 0
[   68.305023][ T5619] total_unevictable 0
[   68.310574][ T5619] anon_cost 0
[   68.311692][ T5619] file_cost 0
[   68.316037][ T5619] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.131,pid=6025,uid=0
[   68.331439][ T5619] Memory cgroup out of memory: Killed process 6025 (syz.0.131) total-vm:104472kB, anon-rss:1244kB, file-rss:23072kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000
[   68.483720][ T6085] netlink: 8 bytes leftover after parsing attributes in process `syz.1.154'.
[   68.496305][ T6085] netlink: 8 bytes leftover after parsing attributes in process `syz.1.154'.
[   68.832271][ T6112] netlink: 8 bytes leftover after parsing attributes in process `syz.0.168'.
[   68.838423][ T6112] netlink: 8 bytes leftover after parsing attributes in process `syz.0.168'.
[   68.851183][ T6114] netlink: 128 bytes leftover after parsing attributes in process `syz.1.169'.
[   69.211542][ T6135] netlink: 'syz.0.179': attribute type 3 has an invalid length.
[   69.227245][ T6135] netlink: 132 bytes leftover after parsing attributes in process `syz.0.179'.
[   69.259727][ T6139] netlink: 15672 bytes leftover after parsing attributes in process `syz.2.181'.
[   69.273141][ T6139] netlink: 28 bytes leftover after parsing attributes in process `syz.2.181'.
[   69.280443][ T6139] netlink: 28 bytes leftover after parsing attributes in process `syz.2.181'.
[   69.288734][ T6139] netlink: 24 bytes leftover after parsing attributes in process `syz.2.181'.
[   69.412924][ T6153] netlink: 'syz.2.188': attribute type 3 has an invalid length.
[   69.576613][ T5717] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[   69.589279][ T5717] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   69.654978][ T6173] netlink: 'syz.2.198': attribute type 39 has an invalid length.
[   69.812968][ T6185] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[   70.300312][ T6226] netlink: 'syz.2.220': attribute type 4 has an invalid length.
[   70.303831][ T6226] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[   70.897379][ T6274] netlink: 'syz.2.242': attribute type 1 has an invalid length.
[   70.902542][ T6274] netlink: 'syz.2.242': attribute type 1 has an invalid length.
[   70.907780][ T6274] netlink: 'syz.2.242': attribute type 1 has an invalid length.
[   70.915561][ T6274] netlink: 'syz.2.242': attribute type 1 has an invalid length.
[   70.921226][ T6274] netlink: 'syz.2.242': attribute type 1 has an invalid length.
[   70.924315][ T6274] netlink: 'syz.2.242': attribute type 1 has an invalid length.
[   70.933381][ T6276] xt_hashlimit: size too large, truncated to 1048576
[   71.106988][ T6290] bond1: Invalid ad_actor_system MAC address.
[   71.116142][ T6290] bond1: option ad_actor_system: invalid value (1)
[   71.129989][ T6290] bond1 (unregistering): Released all slaves
[   71.170272][ T6296] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   71.173250][ T6296] batman_adv: batadv0: Removing interface: batadv_slave_0
[   71.177844][ T6296] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   71.180925][ T6296] batman_adv: batadv0: Removing interface: batadv_slave_1
[   71.413100][ T6310] netem: unknown loss type 0
[   71.414841][ T6310] netem: change failed
[   72.477240][ T6383] xt_hashlimit: max too large, truncated to 1048576
[   72.723090][ T6400] Bluetooth: MGMT ver 1.23
[   72.889525][ T5717] nci: nci_rf_intf_activated_ntf_packet: unsupported rf_interface 0x25
[   73.351416][ T6443] trusted_key: syz.1.307 sent an empty control message without MSG_MORE.
[   73.659214][ T6405] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   74.781150][ T6486] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.784571][ T6486] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.791242][ T5002] Bluetooth: hci2: command 0x0401 tx timeout
[   74.794832][   T54] Bluetooth: hci2: Opcode 0x0401 failed: -110
[   74.884867][ T6486] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   74.898122][ T6486] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   74.975785][ T5717] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   74.981162][ T5717] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   74.985974][ T5717] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   74.988867][ T5717] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   76.630963][ T1381] ieee802154 phy0 wpan0: encryption failed: -22
[   76.634317][ T1381] ieee802154 phy1 wpan1: encryption failed: -22
[   76.787124][ T6454] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   76.988710][ T6528] __nla_validate_parse: 18 callbacks suppressed
[   76.988721][ T6528] netlink: 76 bytes leftover after parsing attributes in process `syz.2.336'.
[   76.994521][ T6528] syzkaller0: entered promiscuous mode
[   76.996297][ T6528] syzkaller0: entered allmulticast mode
[   77.041357][ T6534] netlink: 8 bytes leftover after parsing attributes in process `syz.1.338'.
[   77.044291][ T6534] netlink: 356 bytes leftover after parsing attributes in process `syz.1.338'.
[   77.114363][ T6538] netlink: 52 bytes leftover after parsing attributes in process `syz.2.340'.
[   77.229878][ T6546] tipc: Started in network mode
[   77.231576][ T6546] tipc: Node identity a6a035985009, cluster identity 4711
[   77.233997][ T6546] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   77.236607][ T6546] syzkaller0: entered promiscuous mode
[   77.239785][ T6546] syzkaller0: entered allmulticast mode
[   77.250900][ T6546] validate_nla: 48 callbacks suppressed
[   77.250914][ T6546] netlink: 'syz.2.343': attribute type 10 has an invalid length.
[   77.257318][ T6546] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   77.264915][ T6546] tipc: Resetting bearer <eth:syzkaller0>
[   77.271257][ T6545] tipc: Resetting bearer <eth:syzkaller0>
[   77.282817][ T6545] tipc: Disabling bearer <eth:syzkaller0>
[   77.600107][ T6553] netlink: 76 bytes leftover after parsing attributes in process `syz.2.346'.
[   77.765333][ T6563] netlink: 8 bytes leftover after parsing attributes in process `syz.2.350'.
[   78.055642][ T6579] netlink: 8 bytes leftover after parsing attributes in process `syz.0.358'.
[   78.669052][ T6597] netlink: 'syz.2.367': attribute type 6 has an invalid length.
[   78.678871][ T6597] IPv6: NLM_F_CREATE should be specified when creating new route
[   79.186087][ T6606] netlink: 8 bytes leftover after parsing attributes in process `syz.2.372'.
[   79.403479][ T6607] netlink: 28 bytes leftover after parsing attributes in process `syz.1.371'.
[   79.466323][ T6623] netlink: 'syz.2.378': attribute type 4 has an invalid length.
[   79.871026][ T6657] netlink: 12 bytes leftover after parsing attributes in process `syz.0.392'.
[   79.874279][ T6657] nbd: couldn't find a device at index 65546
[   79.994308][ T6663] netlink: 'syz.0.395': attribute type 1 has an invalid length.
[   80.013856][ T6663] bond1: entered promiscuous mode
[   80.016433][ T6663] 8021q: adding VLAN 0 to HW filter on device bond1
[   80.022635][ T6663] bond1: entered allmulticast mode
[   80.035120][ T6663] bond1: (slave bridge1): making interface the new active one
[   80.037405][ T6663] bridge1: entered promiscuous mode
[   80.039566][ T6663] bridge1: entered allmulticast mode
[   80.042881][ T6663] bond1: (slave bridge1): Enslaving as an active interface with an up link
[   80.096075][ T6668] sock: sock_timestamping_bind_phc: sock not bind to device
[   80.614140][ T6684] ieee802154 phy0 wpan0: encryption failed: -22
[   83.524367][ T6678] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   83.529533][ T6699] netlink: 'syz.2.408': attribute type 1 has an invalid length.
[   83.532726][ T6699] __nla_validate_parse: 1 callbacks suppressed
[   83.532740][ T6699] netlink: 96 bytes leftover after parsing attributes in process `syz.2.408'.
[   83.544277][ T6699] netlink: 'syz.2.408': attribute type 1 has an invalid length.
[   83.547498][ T6699] netlink: 638 bytes leftover after parsing attributes in process `syz.2.408'.
[   83.556139][ T6699] netlink: 1 bytes leftover after parsing attributes in process `syz.2.408'.
[   83.642264][ T6703] netdevsim netdevsim0 netdevsim0: left allmulticast mode
[   83.646319][ T6703] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   83.775220][ T6709] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   83.778261][ T6709] IPv6: NLM_F_CREATE should be set when creating new route
[   83.780614][ T6709] netlink: 12 bytes leftover after parsing attributes in process `syz.0.413'.
[   83.974682][ T6721] batman_adv: batadv0: Adding interface: ip6gretap1
[   83.980915][ T6721] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   83.993497][ T6721] batman_adv: batadv0: Interface activated: ip6gretap1
[   85.185769][ T6775] netlink: 292 bytes leftover after parsing attributes in process `syz.0.440'.
[   85.284671][ T6785] netlink: 12 bytes leftover after parsing attributes in process `syz.2.446'.
[   85.383647][ T6789] bond0: (slave dummy0): Releasing backup interface
[   85.398022][ T6789] bridge_slave_0: left allmulticast mode
[   85.402194][ T6789] bridge_slave_0: left promiscuous mode
[   85.405510][ T6789] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.420420][ T6789] bridge_slave_1: left allmulticast mode
[   85.424105][ T6789] bridge_slave_1: left promiscuous mode
[   85.426046][ T6789] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.441489][ T6797] netlink: 'syz.1.452': attribute type 1 has an invalid length.
[   85.452208][ T6789] bond0: (slave bond_slave_0): Releasing backup interface
[   85.461895][ T6789] bond0: (slave bond_slave_1): Releasing backup interface
[   85.481152][ T6789] team0: Port device team_slave_0 removed
[   85.490373][ T6799] netlink: 36 bytes leftover after parsing attributes in process `syz.0.453'.
[   85.495619][ T6789] team0: Port device team_slave_1 removed
[   85.502727][ T6789] batman_adv: batadv0: Removing interface: batadv_slave_0
[   85.506400][ T6789] batman_adv: batadv0: Removing interface: batadv_slave_1
[   85.511836][ T6789] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   85.566587][ T6800] gretap1: entered allmulticast mode
[   85.572516][ T6800] bond1: (slave gretap1): making interface the new active one
[   85.586828][ T6800] bond1: (slave gretap1): Enslaving as an active interface with an up link
[   86.041748][ T6844] x_tables: ip_tables: time.0 match: invalid size 24 (kernel) != (user) 40
[   86.232180][ T6853] netlink: 12 bytes leftover after parsing attributes in process `syz.1.474'.
[   86.327183][ T6854] netlink: 12 bytes leftover after parsing attributes in process `syz.1.474'.
[   86.345746][ T6854] netlink: 8 bytes leftover after parsing attributes in process `syz.1.474'.
[   86.355093][ T6854] ip6gretap0: entered promiscuous mode
[   86.359801][ T6854] syz_tun: entered promiscuous mode
[   86.870580][   T24] cfg80211: failed to load regulatory.db
[   87.324457][ T6857] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   87.706563][ T6922] netlink: 'syz.0.502': attribute type 1 has an invalid length.
[   87.710877][ T6922] netlink: 'syz.0.502': attribute type 1 has an invalid length.
[   87.776370][ T6932] IPVS: sync thread started: state = MASTER, mcast_ifn = macsec0, syncid = 3, id = 0
[   88.112336][ T6970] openvswitch: netlink: IP tunnel dst address not specified
[   88.230824][ T6985] netlink: 'syz.1.529': attribute type 29 has an invalid length.
[   88.247293][ T6985] netlink: 'syz.1.529': attribute type 29 has an invalid length.
[   88.252800][ T6985] unsupported nla_type 58
[   88.519929][ T6987] nbd0: detected capacity change from 0 to 63
[   88.528694][   T56] block nbd0: Receive control failed (result -32)
[   88.532067][ T7003] block nbd0: Receive control failed (result -32)
[   88.533383][ T5610] block nbd0: Send control failed (result -32)
[   88.537159][ T5610] block nbd0: Request send failed, requeueing
[   88.546073][  T855] block nbd0: Dead connection, failed to find a fallback
[   88.549687][  T855] block nbd0: shutting down sockets
[   88.552732][  T855] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   88.558087][  T855] Buffer I/O error on dev nbd0, logical block 0, async page read
[   88.563456][ T5610] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   88.569637][ T5610] Buffer I/O error on dev nbd0, logical block 1, async page read
[   88.573126][ T5610] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   88.576606][ T5610] Buffer I/O error on dev nbd0, logical block 2, async page read
[   88.587181][ T5610] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   88.587515][ T7007] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[   88.603867][ T5610] Buffer I/O error on dev nbd0, logical block 3, async page read
[   88.615751][ T5610] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   88.628752][ T5610] Buffer I/O error on dev nbd0, logical block 0, async page read
[   88.638836][ T5610] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   88.646459][ T5610] Buffer I/O error on dev nbd0, logical block 1, async page read
[   88.656855][ T5610] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   88.683303][ T5610] Buffer I/O error on dev nbd0, logical block 2, async page read
[   88.691185][ T5610] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   88.705654][ T5610] Buffer I/O error on dev nbd0, logical block 3, async page read
[   88.708806][ T5610] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   88.712395][ T5610] Buffer I/O error on dev nbd0, logical block 0, async page read
[   88.715057][ T5610] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   88.723176][ T5610] Buffer I/O error on dev nbd0, logical block 1, async page read
[   88.727946][ T7018] IPVS: Error binding to the multicast addr
[   88.734393][ T5610] ldm_validate_partition_table(): Disk read failed.
[   88.751896][ T7022] syzkaller0: entered promiscuous mode
[   88.753685][ T7022] syzkaller0: entered allmulticast mode
[   88.755490][ T5610] Dev nbd0: unable to read RDB block 0
[   88.758442][ T7021] netlink: 'syz.1.544': attribute type 1 has an invalid length.
[   88.766844][ T5610]  nbd0: unable to read partition table
[   88.796386][ T5610] ldm_validate_partition_table(): Disk read failed.
[   88.814790][ T5610] Dev nbd0: unable to read RDB block 0
[   88.824503][ T5610]  nbd0: unable to read partition table
[   88.960639][ T7030] 8021q: adding VLAN 0 to HW filter on device bond1
[   88.983525][ T7038] netlink: 'syz.0.553': attribute type 1 has an invalid length.
[   89.207156][ T7060] __nla_validate_parse: 5 callbacks suppressed
[   89.207197][ T7060] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.561'.
[   89.245540][ T7064] netlink: 'syz.0.563': attribute type 49 has an invalid length.
[   89.439444][ T7077] netlink: 'syz.2.570': attribute type 1 has an invalid length.
[   89.837018][ T7121] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   89.859473][ T7121] syzkaller0: entered promiscuous mode
[   89.861819][ T7121] syzkaller0: entered allmulticast mode
[   89.864039][ T7121] tipc: Resetting bearer <eth:syzkaller0>
[   89.875206][ T7120] tipc: Resetting bearer <eth:syzkaller0>
[   90.800376][ T7120] tipc: Disabling bearer <eth:syzkaller0>
[   90.894008][ T7140] vlan2: entered promiscuous mode
[   90.896116][ T7140] bridge0: entered promiscuous mode
[   90.929920][ T7142] syzkaller0: entered promiscuous mode
[   90.933844][ T7142] syzkaller0: entered allmulticast mode
[   91.143523][ T7153] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.149514][ T7153] 8021q: adding VLAN 0 to HW filter on device team0
[   91.157587][ T7153] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.210279][ T7153] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[   91.243782][ T7164] netlink: 8 bytes leftover after parsing attributes in process `syz.1.605'.
[   91.360705][ T7171] netlink: 168 bytes leftover after parsing attributes in process `syz.2.608'.
[   91.364045][ T7173] sock: sock_timestamping_bind_phc: sock not bind to device
[   91.453549][ T7181] openvswitch: netlink: Duplicate or invalid key (type 0).
[   91.455932][ T7181] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   91.475963][ T7183] syzkaller0: entered promiscuous mode
[   91.479941][ T7183] syzkaller0: entered allmulticast mode
[   91.524042][ T7187] tap0: tun_chr_ioctl cmd 1074025677
[   91.525874][ T7187] tap0: linktype set to 768
[   91.647160][ T7194] netlink: 20 bytes leftover after parsing attributes in process `syz.1.619'.
[   91.763087][ T7204] netlink: 'syz.0.620': attribute type 2 has an invalid length.
[   91.768785][ T7204] netlink: 'syz.0.620': attribute type 2 has an invalid length.
[   91.834089][ T7210] netlink: 'syz.1.625': attribute type 1 has an invalid length.
[   92.519617][ T7252] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   92.656901][ T7261] netlink: 'syz.1.648': attribute type 1 has an invalid length.
[   92.667603][ T7261] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   92.680446][ T7259] netlink: 20 bytes leftover after parsing attributes in process `syz.0.647'.
[   92.762786][ T7252] netlink: 4 bytes leftover after parsing attributes in process `syz.2.644'.
[   93.361254][ T7306] syzkaller0: entered promiscuous mode
[   93.366018][ T7306] syzkaller0: entered allmulticast mode
[   94.333588][ T7354] syzkaller0: entered promiscuous mode
[   94.335956][ T7354] syzkaller0: entered allmulticast mode
[   96.193827][ T7394] syzkaller0: entered promiscuous mode
[   96.196831][ T7394] syzkaller0: entered allmulticast mode
[   96.354042][ T7404] netlink: 60 bytes leftover after parsing attributes in process `syz.2.703'.
[   96.887149][ T7445] syzkaller0: entered promiscuous mode
[   96.889943][ T7445] syzkaller0: entered allmulticast mode
[   97.623341][ T7500] netlink: 168 bytes leftover after parsing attributes in process `syz.2.740'.
[   97.709846][ T7507] netlink: 24 bytes leftover after parsing attributes in process `syz.0.743'.
[   97.969335][ T7528] syzkaller0: entered promiscuous mode
[   97.978216][ T7528] syzkaller0: entered allmulticast mode
[   98.013147][ T7532] netlink: 56 bytes leftover after parsing attributes in process `syz.0.755'.
[   98.144504][ T7548] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   98.148725][ T7548] syzkaller0: entered promiscuous mode
[   98.150783][ T7548] syzkaller0: entered allmulticast mode
[   98.168955][ T7548] tipc: Resetting bearer <eth:syzkaller0>
[   98.172413][ T7547] tipc: Resetting bearer <eth:syzkaller0>
[   98.180700][ T7547] tipc: Disabling bearer <eth:syzkaller0>
[   98.661050][ T7592] batman_adv: batadv0: Adding interface: ipvlan2
[   98.663767][ T7592] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   98.675246][ T7592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   98.680296][ T7592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   98.684457][ T7592] batman_adv: batadv0: Not using interface ipvlan2 (retrying later): interface not active
[   99.141653][ T7637] af_packet: tpacket_rcv: packet too big, clamped from 36 to 4294967272. macoff=96
[   99.150687][ T7637] netlink: 4 bytes leftover after parsing attributes in process `syz.2.801'.
[   99.181651][ T7641] netlink: 296 bytes leftover after parsing attributes in process `syz.0.803'.
[   99.224364][ T7645] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   99.314715][ T7653] syzkaller1: entered promiscuous mode
[   99.319346][ T7653] syzkaller1: entered allmulticast mode
[   99.764035][ T7691] netlink: 'syz.2.827': attribute type 10 has an invalid length.
[   99.772012][ T7691] team0: Port device dummy0 added
[   99.858470][ T7699] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[   99.906248][ T7701] vlan2: entered promiscuous mode
[   99.908787][ T7701] dummy0: entered promiscuous mode
[   99.912395][ T7701] vlan2: entered allmulticast mode
[   99.914563][ T7701] dummy0: entered allmulticast mode
[   99.990823][ T7703] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  100.005002][ T7703] netlink: 12 bytes leftover after parsing attributes in process `syz.1.832'.
[  100.190581][ T7718] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  100.215820][ T7719] netlink: 72 bytes leftover after parsing attributes in process `syz.2.839'.
[  101.094749][ T7759] netlink: 8 bytes leftover after parsing attributes in process `syz.2.854'.
[  101.833442][ T7782] tipc: Started in network mode
[  101.837008][ T7782] tipc: Node identity 080211000001, cluster identity 4711
[  101.842564][ T7782] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  101.850715][ T7782] mac80211_hwsim hwsim5 syzkaller0: entered promiscuous mode
[  101.855386][ T7782] mac80211_hwsim hwsim5 syzkaller0: entered allmulticast mode
[  101.977558][ T7763] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  102.080159][ T7786] xt_TPROXY: Can be used only with -p tcp or -p udp
[  102.577140][ T7797] netlink: 4 bytes leftover after parsing attributes in process `syz.1.871'.
[  102.959976][   T24] tipc: Node number set to 134418688
[  103.096066][ T7816] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  103.247236][ T7827] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 3, id = 0
[  103.313013][ T7830] xt_connbytes: Forcing CT accounting to be enabled
[  103.597096][ T7854] macvlan2: entered promiscuous mode
[  103.599890][ T7854] macvlan2: entered allmulticast mode
[  103.601759][ T7854] gretap0: entered allmulticast mode
[  104.027228][ T7893] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge_slave_0, syncid = 3, id = 0
[  104.090144][ T7901] xt_hashlimit: size too large, truncated to 1048576
[  104.092339][ T7901] xt_hashlimit: max too large, truncated to 1048576
[  104.111326][ T7901] ipt_REJECT: TCP_RESET invalid for non-tcp
[  104.401185][ T7929] netlink: 'syz.2.932': attribute type 1 has an invalid length.
[  104.403623][ T7929] netlink: 'syz.2.932': attribute type 1 has an invalid length.
[  104.665374][ T7949] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  105.051132][ T7983] Bluetooth: MGMT ver 1.23
[  105.986144][   T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.992455][   T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.010682][ T8040] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  106.185210][ T8064] syzkaller0: entered promiscuous mode
[  106.186990][ T8064] syzkaller0: entered allmulticast mode
[  106.192368][ T8064] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  106.196113][ T8063] tipc: Resetting bearer <eth:syzkaller0>
[  106.214143][ T8063] tipc: Disabling bearer <eth:syzkaller0>
[  106.571237][ T8097] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1011'.
[  106.576796][ T8097] netlink: 'syz.0.1011': attribute type 8 has an invalid length.
[  106.580425][ T8097] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1011'.
[  106.674161][ T8109] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1017'.
[  106.747416][ T8117] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  106.754972][ T8117] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  106.762139][ T8117] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  106.954571][ T8137] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  106.958541][ T8137] syzkaller0: entered promiscuous mode
[  106.960844][ T8137] syzkaller0: entered allmulticast mode
[  106.982261][ T8140] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1031'.
[  106.994205][ T8137] tipc: Resetting bearer <eth:syzkaller0>
[  107.004739][ T8136] tipc: Resetting bearer <eth:syzkaller0>
[  107.027291][ T8136] tipc: Disabling bearer <eth:syzkaller0>
[  107.072116][ T8144] xt_HMARK: spi-set and port-set can't be combined
[  107.117949][   T54] Bluetooth: hci2: command 0x0401 tx timeout
[  107.240143][ T8155] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1038'.
[  107.243121][ T8155] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1038'.
[  107.246202][ T8155] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1038'.
[  108.144907][ T8188] netlink: 'syz.2.1055': attribute type 12 has an invalid length.
[  108.264060][ T8196] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1057'.
[  108.289160][ T8198] block nbd1: server does not support multiple connections per device.
[  108.300811][ T8198] block nbd1: shutting down sockets
[  108.317979][ T8204] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1059'.
[  108.377200][ T8210] 
[  108.378011][ T8210] ======================================================
[  108.380143][ T8210] WARNING: possible circular locking dependency detected
[  108.382291][ T8210] syzkaller #0 Not tainted
[  108.383859][ T8210] ------------------------------------------------------
[  108.386028][ T8210] syz.0.1058/8210 is trying to acquire lock:
[  108.387919][ T8210] ffffffff8ea85520 (fs_reclaim){+.+.}-{0:0}, at: kmem_cache_alloc_lru_noprof+0x45/0x640
[  108.390900][ T8210] 
[  108.390900][ T8210] but task is already holding lock:
[  108.393159][ T8210] ffff8881012d7980 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_iop_lookup+0x5f/0x320
[  108.396100][ T8210] 
[  108.396100][ T8210] which lock already depends on the new lock.
[  108.396100][ T8210] 
[  108.399293][ T8210] 
[  108.399293][ T8210] the existing dependency chain (in reverse order) is:
[  108.402088][ T8210] 
[  108.402088][ T8210] -> #9 (&root->kernfs_rwsem){++++}-{4:4}:
[  108.404493][ T8210]        down_write+0x96/0x200
[  108.405948][ T8210]        kernfs_add_one+0x41/0x5c0
[  108.407494][ T8210]        kernfs_create_dir_ns+0xde/0x130
[  108.409183][ T8210]        internal_create_group+0x425/0x1180
[  108.411025][ T8210]        cpuhp_invoke_callback+0x445/0x860
[  108.412736][ T8210]        cpuhp_issue_call+0x430/0x7a0
[  108.414341][ T8210]        __cpuhp_setup_state_cpuslocked+0x3d9/0x6b0
[  108.416311][ T8210]        __cpuhp_setup_state+0x3f/0x60
[  108.417939][ T8210]        do_one_initcall+0x250/0x870
[  108.419508][ T8210]        do_initcall_level+0x104/0x190
[  108.421203][ T8210]        do_initcalls+0x59/0xa0
[  108.422668][ T8210]        kernel_init_freeable+0x2a6/0x3e0
[  108.424383][ T8210]        kernel_init+0x1d/0x1d0
[  108.425866][ T8210]        ret_from_fork+0x514/0xb70
[  108.427415][ T8210]        ret_from_fork_asm+0x1a/0x30
[  108.429008][ T8210] 
[  108.429008][ T8210] -> #8 (cpuhp_state_mutex){+.+.}-{4:4}:
[  108.431947][ T8210] 
[  108.431947][ T8210] -> #7 (cpu_hotplug_lock){++++}-{0:0}:
[  108.434305][ T8210]        cpus_read_lock+0x42/0x160
[  108.435855][ T8210]        static_key_slow_inc+0x12/0x30
[  108.437519][ T8210]        setup_udp_tunnel_sock+0x2df/0x4f0
[  108.439311][ T8210]        l2tp_tunnel_register+0xe72/0x1570
[  108.441038][ T8210]        pppol2tp_connect+0x8b7/0x17c0
[  108.442757][ T8210]        __sys_connect+0x312/0x450
[  108.444331][ T8210]        __x64_sys_connect+0x7a/0x90
[  108.445894][ T8210]        do_syscall_64+0x15f/0xf80
[  108.447407][ T8210]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.449921][ T8210] 
[  108.449921][ T8210] -> #6 (sk_lock-AF_INET6){+.+.}-{0:0}:
[  108.452494][ T8210]        lock_sock_nested+0x41/0x100
[  108.454159][ T8210]        inet_shutdown+0x6a/0x390
[  108.455947][ T8210]        nbd_mark_nsock_dead+0x2e9/0x560
[  108.457773][ T8210]        sock_shutdown+0x15e/0x260
[  108.459681][ T8210]        nbd_clear_sock+0x24/0x170
[  108.461438][ T8210]        nbd_config_put+0x2dd/0x580
[  108.463058][ T8210]        nbd_genl_connect+0x19d5/0x1cf0
[  108.464746][ T8210]        genl_family_rcv_msg_doit+0x22a/0x330
[  108.466611][ T8210]        genl_rcv_msg+0x61c/0x7a0
[  108.468173][ T8210]        netlink_rcv_skb+0x232/0x4b0
[  108.469851][ T8210]        genl_rcv+0x28/0x40
[  108.471452][ T8210]        netlink_unicast+0x75c/0x8e0
[  108.473163][ T8210]        netlink_sendmsg+0x813/0xb40
[  108.474790][ T8210]        ____sys_sendmsg+0x972/0x9f0
[  108.476436][ T8210]        ___sys_sendmsg+0x2a5/0x360
[  108.478055][ T8210]        __x64_sys_sendmsg+0x1bd/0x2a0
[  108.479745][ T8210]        do_syscall_64+0x15f/0xf80
[  108.481328][ T8210]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.483252][ T8210] 
[  108.483252][ T8210] -> #5 (&nsock->tx_lock){+.+.}-{4:4}:
[  108.485498][ T8210]        __mutex_lock+0x1a3/0x1550
[  108.487195][ T8210]        nbd_queue_rq+0x37b/0x1100
[  108.488905][ T8210]        blk_mq_dispatch_rq_list+0xa70/0x1910
[  108.490800][ T8210]        __blk_mq_sched_dispatch_requests+0xdcc/0x1600
[  108.493013][ T8210]        blk_mq_sched_dispatch_requests+0xd7/0x190
[  108.495402][ T8210]        blk_mq_run_hw_queue+0x348/0x4f0
[  108.497274][ T8210]        blk_mq_dispatch_list+0xd16/0xe10
[  108.499115][ T8210]        blk_mq_flush_plug_list+0x48d/0x570
[  108.500945][ T8210]        __blk_flush_plug+0x3ed/0x4d0
[  108.502603][ T8210]        __submit_bio+0x28d/0x580
[  108.504357][ T8210]        submit_bio_noacct_nocheck+0x2f4/0xa40
[  108.506507][ T8210]        block_read_full_folio+0x599/0x830
[  108.508548][ T8210]        filemap_read_folio+0x137/0x3b0
[  108.510420][ T8210]        do_read_cache_folio+0x358/0x590
[  108.512351][ T8210]        read_part_sector+0xb6/0x2b0
[  108.514114][ T8210]        adfspart_check_ICS+0xb1/0x960
[  108.515740][ T8210]        bdev_disk_changed+0x817/0x1770
[  108.517439][ T8210]        blkdev_get_whole+0x380/0x510
[  108.519139][ T8210]        bdev_open+0x31e/0xd30
[  108.520854][ T8210]        blkdev_open+0x470/0x610
[  108.522624][ T8210]        do_dentry_open+0x785/0x14e0
[  108.524640][ T8210]        vfs_open+0x3b/0x340
[  108.526421][ T8210]        path_openat+0x2e08/0x3860
[  108.528226][ T8210]        do_file_open+0x23e/0x4a0
[  108.530102][ T8210]        do_sys_openat2+0x113/0x200
[  108.532115][ T8210]        __x64_sys_openat+0x138/0x170
[  108.534220][ T8210]        do_syscall_64+0x15f/0xf80
[  108.536229][ T8210]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.538672][ T8210] 
[  108.538672][ T8210] -> #4 (&cmd->lock){+.+.}-{4:4}:
[  108.541558][ T8210]        __mutex_lock+0x1a3/0x1550
[  108.543691][ T8210]        nbd_queue_rq+0xc6/0x1100
[  108.545576][ T8210]        blk_mq_dispatch_rq_list+0xa70/0x1910
[  108.547493][ T8210]        __blk_mq_sched_dispatch_requests+0xdcc/0x1600
[  108.549452][ T8210]        blk_mq_sched_dispatch_requests+0xd7/0x190
[  108.551563][ T8210]        blk_mq_run_hw_queue+0x348/0x4f0
[  108.553669][ T8210]        blk_mq_dispatch_list+0xd16/0xe10
[  108.555889][ T8210]        blk_mq_flush_plug_list+0x48d/0x570
[  108.557831][ T8210]        __blk_flush_plug+0x3ed/0x4d0
[  108.559742][ T8210]        __submit_bio+0x28d/0x580
[  108.561268][ T8210]        submit_bio_noacct_nocheck+0x2f4/0xa40
[  108.563175][ T8210]        block_read_full_folio+0x599/0x830
[  108.565326][ T8210]        filemap_read_folio+0x137/0x3b0
[  108.567435][ T8210]        do_read_cache_folio+0x358/0x590
[  108.569568][ T8210]        read_part_sector+0xb6/0x2b0
[  108.571596][ T8210]        adfspart_check_ICS+0xb1/0x960
[  108.573676][ T8210]        bdev_disk_changed+0x817/0x1770
[  108.575760][ T8210]        blkdev_get_whole+0x380/0x510
[  108.577439][ T8210]        bdev_open+0x31e/0xd30
[  108.579270][ T8210]        blkdev_open+0x470/0x610
[  108.581166][ T8210]        do_dentry_open+0x785/0x14e0
[  108.583285][ T8210]        vfs_open+0x3b/0x340
[  108.585043][ T8210]        path_openat+0x2e08/0x3860
[  108.587020][ T8210]        do_file_open+0x23e/0x4a0
[  108.588740][ T8210]        do_sys_openat2+0x113/0x200
[  108.590768][ T8210]        __x64_sys_openat+0x138/0x170
[  108.592871][ T8210]        do_syscall_64+0x15f/0xf80
[  108.594849][ T8210]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.597314][ T8210] 
[  108.597314][ T8210] -> #3 (set->srcu){.+.+}-{0:0}:
[  108.599720][ T8210]        __synchronize_srcu+0xca/0x300
[  108.601902][ T8210]        elevator_switch+0x1e8/0x7a0
[  108.603949][ T8210]        elevator_change+0x2cc/0x450
[  108.605990][ T8210]        elevator_set_default+0x36c/0x430
[  108.608272][ T8210]        blk_register_queue+0x3e9/0x4e0
[  108.610466][ T8210]        __add_disk+0x677/0xd50
[  108.612347][ T8210]        add_disk_fwnode+0xfb/0x480
[  108.614361][ T8210]        nbd_dev_add+0x72c/0xb50
[  108.616248][ T8210]        nbd_init+0x168/0x1f0
[  108.617919][ T8210]        do_one_initcall+0x250/0x870
[  108.619438][ T8210]        do_initcall_level+0x104/0x190
[  108.620983][ T8210]        do_initcalls+0x59/0xa0
[  108.622349][ T8210]        kernel_init_freeable+0x2a6/0x3e0
[  108.624165][ T8210]        kernel_init+0x1d/0x1d0
[  108.625607][ T8210]        ret_from_fork+0x514/0xb70
[  108.627290][ T8210]        ret_from_fork_asm+0x1a/0x30
[  108.629161][ T8210] 
[  108.629161][ T8210] -> #2 (&q->elevator_lock){+.+.}-{4:4}:
[  108.632120][ T8210]        __mutex_lock+0x1a3/0x1550
[  108.633897][ T8210]        elevator_change+0x1b3/0x450
[  108.635588][ T8210]        elevator_set_none+0xb5/0x140
[  108.637259][ T8210]        blk_mq_update_nr_hw_queues+0x5e7/0x1a60
[  108.639211][ T8210]        nbd_start_device+0x17f/0xb10
[  108.640827][ T8210]        nbd_genl_connect+0x165b/0x1cf0
[  108.642524][ T8210]        genl_family_rcv_msg_doit+0x22a/0x330
[  108.644466][ T8210]        genl_rcv_msg+0x61c/0x7a0
[  108.645984][ T8210]        netlink_rcv_skb+0x232/0x4b0
[  108.647579][ T8210]        genl_rcv+0x28/0x40
[  108.649038][ T8210]        netlink_unicast+0x75c/0x8e0
[  108.650711][ T8210]        netlink_sendmsg+0x813/0xb40
[  108.652418][ T8210]        ____sys_sendmsg+0x972/0x9f0
[  108.654130][ T8210]        ___sys_sendmsg+0x2a5/0x360
[  108.656200][ T8210]        __x64_sys_sendmsg+0x1bd/0x2a0
[  108.658285][ T8210]        do_syscall_64+0x15f/0xf80
[  108.660368][ T8210]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.662849][ T8210] 
[  108.662849][ T8210] -> #1 (&q->q_usage_counter(io)#49){++++}-{0:0}:
[  108.666262][ T8210]        blk_alloc_queue+0x546/0x680
[  108.668366][ T8210]        __blk_mq_alloc_disk+0x197/0x390
[  108.670649][ T8210]        nbd_dev_add+0x499/0xb50
[  108.672684][ T8210]        nbd_init+0x168/0x1f0
[  108.674618][ T8210]        do_one_initcall+0x250/0x870
[  108.676747][ T8210]        do_initcall_level+0x104/0x190
[  108.678960][ T8210]        do_initcalls+0x59/0xa0
[  108.680966][ T8210]        kernel_init_freeable+0x2a6/0x3e0
[  108.683210][ T8210]        kernel_init+0x1d/0x1d0
[  108.685113][ T8210]        ret_from_fork+0x514/0xb70
[  108.687089][ T8210]        ret_from_fork_asm+0x1a/0x30
[  108.689124][ T8210] 
[  108.689124][ T8210] -> #0 (fs_reclaim){+.+.}-{0:0}:
[  108.691947][ T8210]        __lock_acquire+0x15a5/0x2cf0
[  108.694044][ T8210]        lock_acquire+0x106/0x350
[  108.696010][ T8210]        fs_reclaim_acquire+0x71/0x100
[  108.698085][ T8210]        kmem_cache_alloc_lru_noprof+0x45/0x640
[  108.700567][ T8210]        alloc_inode+0xb8/0x1b0
[  108.702501][ T8210]        iget_locked+0x131/0x6a0
[  108.704367][ T8210]        kernfs_get_inode+0x4f/0x780
[  108.706266][ T8210]        kernfs_iop_lookup+0x1fe/0x320
[  108.708230][ T8210]        path_openat+0x11ac/0x3860
[  108.709985][ T8210]        do_file_open+0x23e/0x4a0
[  108.711864][ T8210]        do_sys_openat2+0x113/0x200
[  108.713711][ T8210]        __x64_sys_openat+0x138/0x170
[  108.715497][ T8210]        do_syscall_64+0x15f/0xf80
[  108.717104][ T8210]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.719061][ T8210] 
[  108.719061][ T8210] other info that might help us debug this:
[  108.719061][ T8210] 
[  108.722608][ T8210] Chain exists of:
[  108.722608][ T8210]   fs_reclaim --> cpuhp_state_mutex --> &root->kernfs_rwsem
[  108.722608][ T8210] 
[  108.726721][ T8210]  Possible unsafe locking scenario:
[  108.726721][ T8210] 
[  108.729018][ T8210]        CPU0                    CPU1
[  108.730642][ T8210]        ----                    ----
[  108.732627][ T8210]   rlock(&root->kernfs_rwsem);
[  108.734405][ T8210]                                lock(cpuhp_state_mutex);
[  108.737194][ T8210]                                lock(&root->kernfs_rwsem);
[  108.740175][ T8210]   lock(fs_reclaim);
[  108.741821][ T8210] 
[  108.741821][ T8210]  *** DEADLOCK ***
[  108.741821][ T8210] 
[  108.745046][ T8210] 3 locks held by syz.0.1058/8210:
[  108.746949][ T8210]  #0: ffff88810b942410 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  108.750530][ T8210]  #1: ffff88811c539df0 (&type->i_mutex_dir_key#6){++++}-{4:4}, at: path_openat+0xb4c/0x3860
[  108.754354][ T8210]  #2: ffff8881012d7980 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_iop_lookup+0x5f/0x320
[  108.758237][ T8210] 
[  108.758237][ T8210] stack backtrace:
[  108.760350][ T8210] CPU: 1 UID: 0 PID: 8210 Comm: syz.0.1058 Not tainted syzkaller #0 PREEMPT(full) 
[  108.760361][ T8210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  108.760366][ T8210] Call Trace:
[  108.760371][ T8210]  <TASK>
[  108.760376][ T8210]  dump_stack_lvl+0xe8/0x150
[  108.760388][ T8210]  print_circular_bug+0x2e1/0x300
[  108.760400][ T8210]  check_noncircular+0x12e/0x150
[  108.760411][ T8210]  __lock_acquire+0x15a5/0x2cf0
[  108.760421][ T8210]  ? check_path+0x21/0x40
[  108.760430][ T8210]  ? check_noncircular+0xda/0x150
[  108.760440][ T8210]  ? kmem_cache_alloc_lru_noprof+0x45/0x640
[  108.760451][ T8210]  lock_acquire+0x106/0x350
[  108.760458][ T8210]  ? kmem_cache_alloc_lru_noprof+0x45/0x640
[  108.760469][ T8210]  ? find_inode_fast+0xd2/0x550
[  108.760480][ T8210]  ? alloc_inode+0xb8/0x1b0
[  108.760488][ T8210]  fs_reclaim_acquire+0x71/0x100
[  108.760499][ T8210]  ? kmem_cache_alloc_lru_noprof+0x45/0x640
[  108.760509][ T8210]  kmem_cache_alloc_lru_noprof+0x45/0x640
[  108.760519][ T8210]  alloc_inode+0xb8/0x1b0
[  108.760526][ T8210]  iget_locked+0x131/0x6a0
[  108.760536][ T8210]  kernfs_get_inode+0x4f/0x780
[  108.760545][ T8210]  kernfs_iop_lookup+0x1fe/0x320
[  108.760556][ T8210]  path_openat+0x11ac/0x3860
[  108.760568][ T8210]  ? __pfx_stack_trace_save+0x10/0x10
[  108.760581][ T8210]  ? __pfx_path_openat+0x10/0x10
[  108.760590][ T8210]  ? __x64_sys_openat+0x138/0x170
[  108.760601][ T8210]  do_file_open+0x23e/0x4a0
[  108.760612][ T8210]  ? __pfx_do_file_open+0x10/0x10
[  108.760625][ T8210]  ? _raw_spin_unlock+0x28/0x50
[  108.760640][ T8210]  ? alloc_fd+0x64b/0x6c0
[  108.760654][ T8210]  do_sys_openat2+0x113/0x200
[  108.760667][ T8210]  ? __se_sys_futex+0x3a8/0x450
[  108.760679][ T8210]  ? __pfx_do_sys_openat2+0x10/0x10
[  108.760692][ T8210]  ? rcu_is_watching+0x15/0xb0
[  108.760706][ T8210]  __x64_sys_openat+0x138/0x170
[  108.760722][ T8210]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.760733][ T8210]  do_syscall_64+0x15f/0xf80
[  108.760743][ T8210]  ? trace_irq_disable+0x3b/0x140
[  108.760761][ T8210]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.760771][ T8210] RIP: 0033:0x7f0e9459cdd9
[  108.760783][ T8210] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  108.760820][ T8210] RSP: 002b:00007f0e954d4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  108.760833][ T8210] RAX: ffffffffffffffda RBX: 00007f0e94816090 RCX: 00007f0e9459cdd9
[  108.760844][ T8210] RDX: 000000000000275a RSI: 00002000000005c0 RDI: 0000000000000008
[  108.760851][ T8210] RBP: 00007f0e94632d69 R08: 0000000000000000 R09: 0000000000000000
[  108.760858][ T8210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  108.760865][ T8210] R13: 00007f0e94816128 R14: 00007f0e94816090 R15: 00007ffedb268d58
[  108.760877][ T8210]  </TASK>
