last executing test programs:

1.896542489s ago: executing program 2 (id=268):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r0, &(0x7f0000000f40)={{0x6, @rose}, [@default, @bcast, @netrom, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)

1.819577992s ago: executing program 2 (id=272):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0xe80, 0x10, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

1.680962193s ago: executing program 2 (id=278):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket(0x10, 0x800, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000540), r1)
sendmsg$TIPC_NL_BEARER_ENABLE(r1, 0x0, 0x8000)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff)
r2 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
ppoll(&(0x7f0000000500)=[{r4}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000100)={0x20000014})
sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48)
recvfrom(r0, &(0x7f0000000480)=""/110, 0x168f6f3d, 0x734, 0x0, 0xfffffffffffffecb)

771.247825ms ago: executing program 2 (id=300):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc0000001900010000000000000000002001000000ffffffffffffffeb000000ac1414aa00000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a900000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a000000000000000000000080400000000000000000080000000000000000000000000000000044000500ac1414aa000000000000000000000000000000003c"], 0xfc}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=@migrate={0x138, 0x21, 0x1, 0x0, 0xfffffffe, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x84}}, [@migrate={0xe8, 0x11, [{@in=@dev={0xac, 0x14, 0x14, 0xc}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@private2, @in6=@local, 0xff, 0x0, 0x0, 0x2, 0x2, 0xa}, {@in=@local, @in6=@local, @in6=@empty, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0xff, 0x4, 0x0, 0x3500, 0xa, 0x8}, {@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in6=@private2, @in=@rand_addr=0x64010102, @in6=@private2, 0x3c, 0x0, 0x0, 0x0, 0x8, 0x2}]}]}, 0x138}}, 0x0)

724.322249ms ago: executing program 2 (id=303):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="05000000050000000200000004"], 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000007200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r1}, 0x10)

650.768652ms ago: executing program 2 (id=305):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r0, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x3}, 0xa)
shutdown(r0, 0x1)

531.182015ms ago: executing program 0 (id=310):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x2, 0x0, "b86b2d", 0x74, 0x6})

530.557033ms ago: executing program 0 (id=312):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000001240)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000200)={0x34, r0, 0x1, 0x71bd25, 0x3, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x18, 0x11d, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xc0}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x9e}]}]}]}, 0x34}}, 0x0)

431.371326ms ago: executing program 0 (id=315):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x2, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000580)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000500)={r0, 0x0, 0x30, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

431.197942ms ago: executing program 1 (id=316):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x4, &(0x7f00000006c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@ldst={0x2, 0x0, 0x3}]}, 0x0, 0xd, 0x0, 0x0, 0x0, 0x7}, 0x94)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)

416.805586ms ago: executing program 0 (id=317):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x3, 0xc, &(0x7f0000000340)=@framed={{0x18, 0x2, 0x0, 0x0, 0x200}, [@call={0x85, 0x0, 0x0, 0x28}, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffffe}, {0x85, 0x0, 0x0, 0x9b}}]}, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000040)="e0995477d387ffffffff8dbb015d", 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)

340.07055ms ago: executing program 0 (id=318):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x19, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000006b011c000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

339.775547ms ago: executing program 0 (id=319):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f0000000480)=0x100000001, 0x4)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000200)='htcp\x00', 0x5)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, &(0x7f0000000340)='\x00', 0x1, 0x0, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100114, 0x0, 0xfffffffffffffd25)

339.391051ms ago: executing program 1 (id=320):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$int_out(r0, 0x5460, &(0x7f0000000080))

251.59767ms ago: executing program 1 (id=321):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
unshare(0x6a040000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38)
writev(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e24, @multicast1}, 0x10)
setsockopt$inet_udp_int(r1, 0x11, 0x67, &(0x7f0000000080)=0x48b5, 0x4)
sendto$inet(r1, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba42c9c60cf2154d1b659aa709e8980a522cfb72f23ad87fb7019706ccae98cfe7c4fd23e8297b8cabc46ede1ac3da78f1b488c6357e7edfcd417df6660af20a54ecdcb02f689ae15ee655d4b7b1ea733e88ee9f53669388dff487c1c49953f3bc142112bd4b582b29b35d43962ed245c2cd5d5df40a3e0ed6beaf3b641e84b0f0dfa121a9efe05269f9f4a0e9bcbf43c7a90a711f453668c730c3badedca687b71a9c27bab9e724cc4a4918713031596ea6fd01124f973f257ccd9665aee7df4a9d64f079d176abc00000000d7af3e2dd4396f72373fb0a787a6129ca41181f5087fb843212550b58e3707d5a0399de36c2503836cbe2133de4f574e9e05c96788b0de1bd13e390445433d96737b964fa8af2ac4b2f0f9390ca93d8d3d810044d024359e067c4553230ab748947d33f8fc115ce9a49e6571c45a05d786cbd49342c236537dbbeec666b07baab917252113a5b9a77283189b518f356debe42d80cf2d0687b9c64d0253a6a09286fded6e4f8557b8fb4f25ca4fb138af8945c74bbc98748eaaa030be5317646f195e6e085ac6ddb29542e3581961259987241f7e7061526a7afec8962e74215fea43703a4e543ee9d1a3c3f5f2a41977ece8fdadcf89ce331ce59bebae5f53513d0e10485d7ddbda60513bf339602510b3a23ea29a0d5d03a61e34d12942ea4a847c884b27b5344a456d02a55f8929cc567e7c792c01fab7a7b32780a14c361000609b817dd91507b04d875279527946fdb8fb92a512485e234d092c28f1d0a0498731ccc0eb10515d510e8945839307b46512ceca6f495fdd2c6ae5eb2ef3b2a40ebdc7edf0048e3fb5e3d97a9ea5113a6b70d20ad5c43f0df95d88c0f121a1884da21a21f0ba47420f8391a97921cc51871dbb272e43710fe71d5e342c3afd10608a8b02f00e8fbd8d570b6faace86c494ecea8913233391e7b7cec3d571bb3032181ed58e1b513e511f79ee562c8cde9b3b74c2e95dcde7fadb5a666bdc0c1684794620ce8cf0c0aee8e90b3ef6e7160d3f055cb4d1ced32e4edc15e7d102952d3237e6c02c591a95a182bf190c0124abc7f1225332ff1c5e1b94e4e9bf02c1a18bd7bfce20707f7298da322560bc1a4cf298d46f5bf8ff41da21e25aa17f65f9ee43ca890b5ef6a3ccf3efedf3ca60a9acef1352ad0c43e6cf375108cf0974ce89a99adba7e6a3f8949dc573440fafe0e3abdd0066057a2d868e8386080f18a421568d8e7a89536a4173861bd55245c8fcf7dcba18edce36d2e85b9630fbc218db9ebd16abb11ac06fdbf2bc3e6394d4c6e7ae71813d30772d487743a2856348fee09989ce03331e7848770fc91e62191c20fe5f4a73c5dae467dd612bdb63b1e50921d38271305d7412103d5a6214d6d534d1d530b9169f882b6926bbd338f0282a8bd9a44603934e5249e83f1d0947b39f82a7843d2b6f796d8abf7ff3e66cfd4519324d71cebbf6580dffc10d555e479e9acaa12c3c59e3732c181aa4223d0fcdac514e9d7c7963c2634964520286b028f60a4ae612b8e6049315139e884cbffd6836253094ad023329183496cf663366ad4d7f7f5f1bd2db9b0d33f106c041fba4494c7da404d45d8955e5459ca4a62862721ec1fa534fd95e262c5814426816e60000000000000000001aa4fb6f40ec24f42f6949cc28d2a0d4eb61cb1664627582d962523586539445b81e9759321652280ecb", 0xffe3, 0x0, 0x0, 0x0)
close(r0)

133.34375ms ago: executing program 1 (id=322):
r0 = socket(0x10, 0x3, 0x0)
sendto$inet6(r0, &(0x7f00000007c0)="7800000018002507b9199b02ffff48000203be04020406050a02040c5c000900580006080a0000000d0085a168d0bf46d32345653600648d270015000a00000849935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000407160016000a0000000000e000e218d1dd3b6ed538f2523250", 0x78, 0x0, 0x0, 0x0)

40.710582ms ago: executing program 1 (id=323):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14}, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=@newlink={0x54, 0x10, 0xffffff1f, 0x0, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_FILTERING={0x5, 0x7, 0x6}, @IFLA_BR_NF_CALL_ARPTABLES={0x5}, @IFLA_BR_VLAN_STATS_ENABLED={0x5, 0x29, 0x1}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x54}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000)

0s ago: executing program 1 (id=324):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{0x0}], 0x1}, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000000c0)={0x44, r4, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x4}, @NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r5}}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7fff}]}, 0x44}}, 0x20000000)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, r2, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24040090}, 0xc0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00"/11], 0x48)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:21938' (ED25519) to the list of known hosts.
syzkaller login: [   49.106788][ T5742] cgroup: Unknown subsys name 'net'
[   49.198991][ T5742] cgroup: Unknown subsys name 'cpuset'
[   49.208489][ T5742] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.535149][ T5742] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   60.282101][ T5837] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   60.287074][ T5839] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   60.290992][ T5839] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   60.291006][ T5837] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   60.296557][ T5837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   60.296635][ T5839] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   60.303804][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   60.306906][ T5839] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   60.306923][ T5837] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   60.312449][ T5839] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   60.376866][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   60.380004][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   60.382893][ T5839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   60.388426][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   60.391437][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   60.643012][ T5836] chnl_net:caif_netlink_parms(): no params data found
[   60.710610][ T5835] chnl_net:caif_netlink_parms(): no params data found
[   60.739864][ T5843] chnl_net:caif_netlink_parms(): no params data found
[   60.774114][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.777802][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.780565][ T5836] bridge_slave_0: entered allmulticast mode
[   60.783397][ T5836] bridge_slave_0: entered promiscuous mode
[   60.807918][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.810450][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.812872][ T5836] bridge_slave_1: entered allmulticast mode
[   60.816434][ T5836] bridge_slave_1: entered promiscuous mode
[   60.857138][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.884364][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   60.887599][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.890332][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.893214][ T5835] bridge_slave_0: entered allmulticast mode
[   60.899286][ T5835] bridge_slave_0: entered promiscuous mode
[   60.903704][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.906845][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.910076][ T5835] bridge_slave_1: entered allmulticast mode
[   60.913928][ T5835] bridge_slave_1: entered promiscuous mode
[   60.984097][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.987121][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.989550][ T5843] bridge_slave_0: entered allmulticast mode
[   60.992191][ T5843] bridge_slave_0: entered promiscuous mode
[   60.995755][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.998412][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.001427][ T5843] bridge_slave_1: entered allmulticast mode
[   61.005432][ T5843] bridge_slave_1: entered promiscuous mode
[   61.011036][ T5836] team0: Port device team_slave_0 added
[   61.030252][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.036313][ T5836] team0: Port device team_slave_1 added
[   61.058706][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.064797][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.070949][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.130782][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.133762][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.144612][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.152948][ T5835] team0: Port device team_slave_0 added
[   61.157191][ T5835] team0: Port device team_slave_1 added
[   61.169415][ T5843] team0: Port device team_slave_0 added
[   61.181535][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.183912][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.192992][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.203120][ T5843] team0: Port device team_slave_1 added
[   61.206432][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.208667][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.218299][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.235614][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.238420][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.248861][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.283116][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.285513][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.293465][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.301407][ T5836] hsr_slave_0: entered promiscuous mode
[   61.303860][ T5836] hsr_slave_1: entered promiscuous mode
[   61.316726][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.319197][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.328414][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.376380][ T5835] hsr_slave_0: entered promiscuous mode
[   61.378731][ T5835] hsr_slave_1: entered promiscuous mode
[   61.380890][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   61.383455][ T5835] Cannot create hsr debugfs directory
[   61.431628][ T5843] hsr_slave_0: entered promiscuous mode
[   61.434225][ T5843] hsr_slave_1: entered promiscuous mode
[   61.436674][ T5843] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   61.439070][ T5843] Cannot create hsr debugfs directory
[   61.623206][ T5836] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   61.631814][ T5836] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   61.652612][ T5836] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   61.663583][ T5836] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   61.691525][ T5835] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   61.700291][ T5835] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   61.720722][ T5835] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   61.726131][ T5835] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   61.819986][ T5843] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   61.827760][ T5843] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   61.840237][ T5843] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   61.856811][ T5843] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   61.898972][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.934725][ T5836] 8021q: adding VLAN 0 to HW filter on device team0
[   61.962992][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.966333][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.982407][ T4276] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.984920][ T4276] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.997395][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.038202][ T5835] 8021q: adding VLAN 0 to HW filter on device team0
[   62.064030][ T4276] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.067048][ T4276] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.072364][ T4276] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.075338][ T4276] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.097458][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.108904][ T5836] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   62.121530][ T5835] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   62.125448][ T5835] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   62.169903][ T5843] 8021q: adding VLAN 0 to HW filter on device team0
[   62.192523][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.195442][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.201557][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.204565][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.271485][ T5843] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   62.344351][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.355960][ T5839] Bluetooth: hci1: command tx timeout
[   62.356228][ T5209] Bluetooth: hci0: command tx timeout
[   62.379371][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.410446][ T5836] veth0_vlan: entered promiscuous mode
[   62.417099][ T5836] veth1_vlan: entered promiscuous mode
[   62.436501][ T5209] Bluetooth: hci2: command tx timeout
[   62.437977][ T5836] veth0_macvtap: entered promiscuous mode
[   62.449324][ T5836] veth1_macvtap: entered promiscuous mode
[   62.471873][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.478904][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.496221][ T5836] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.499583][ T5836] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.502807][ T5836] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.508859][ T5836] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.519850][ T5835] veth0_vlan: entered promiscuous mode
[   62.530508][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.557602][ T5835] veth1_vlan: entered promiscuous mode
[   62.616256][ T5843] veth0_vlan: entered promiscuous mode
[   62.633784][ T5843] veth1_vlan: entered promiscuous mode
[   62.638217][ T1087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.640792][ T1087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.650486][ T5835] veth0_macvtap: entered promiscuous mode
[   62.664391][ T5835] veth1_macvtap: entered promiscuous mode
[   62.706576][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.706895][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.712984][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.718505][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.722764][ T5835] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.726669][ T5835] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.729700][ T5835] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.732464][ T5835] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.741203][ T5843] veth0_macvtap: entered promiscuous mode
[   62.749485][ T5843] veth1_macvtap: entered promiscuous mode
[   62.781093][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.792731][ T5836] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   62.797383][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.806981][ T5843] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.809749][ T5843] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.812986][ T5843] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.817936][ T5843] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.918182][ T4276] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.927179][ T4276] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.007647][ T5903] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: invalid value (0)
[   63.011659][ T5903] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: allowed values 1 - 65535
[   63.029209][ T4276] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.032316][ T4276] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.103112][ T4276] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.119515][ T4276] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.176409][ T4276] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.179627][ T4276] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.343249][ T5917] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   63.418809][ T5920] netlink: 'syz.2.21': attribute type 1 has an invalid length.
[   63.726803][ T5946] netlink: 16 bytes leftover after parsing attributes in process `syz.2.33'.
[   63.742564][ T5946] netlink: 4 bytes leftover after parsing attributes in process `syz.2.33'.
[   64.095196][ T5968] warning: `syz.0.43' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   64.216390][ T5978] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[   64.258900][ T5980] netlink: 4 bytes leftover after parsing attributes in process `syz.0.49'.
[   64.296283][ T5980] bridge0: entered promiscuous mode
[   64.298808][ T5980] macsec1: entered allmulticast mode
[   64.301152][ T5980] bridge0: entered allmulticast mode
[   64.314968][ T5980] bridge0: left allmulticast mode
[   64.321156][ T5980] bridge0: left promiscuous mode
[   64.435254][ T5209] Bluetooth: hci0: command tx timeout
[   64.437882][ T5209] Bluetooth: hci1: command tx timeout
[   64.515497][ T5839] Bluetooth: hci2: command tx timeout
[   64.566595][ T6001] Zero length message leads to an empty skb
[   64.808917][ T6028] syz.2.71 uses obsolete (PF_INET,SOCK_PACKET)
[   65.110939][ T6056] netlink: 28 bytes leftover after parsing attributes in process `syz.2.85'.
[   65.113867][ T6056] netlink: 28 bytes leftover after parsing attributes in process `syz.2.85'.
[   65.120755][ T6056] netlink: 28 bytes leftover after parsing attributes in process `syz.2.85'.
[   65.133907][ T6056] netlink: 28 bytes leftover after parsing attributes in process `syz.2.85'.
[   65.293471][ T6068] netlink: 44 bytes leftover after parsing attributes in process `syz.1.92'.
[   65.297166][ T6068] netlink: 24 bytes leftover after parsing attributes in process `syz.1.92'.
[   65.543737][ T6090] netlink: 9280 bytes leftover after parsing attributes in process `syz.2.102'.
[   65.915003][ T6125] netlink: 'syz.2.118': attribute type 4 has an invalid length.
[   65.932210][ T6125] netlink: 'syz.2.118': attribute type 4 has an invalid length.
[   66.009506][ T6135] tipc: Started in network mode
[   66.011374][ T6135] tipc: Node identity , cluster identity 4711
[   66.013394][ T6135] tipc: Failed to obtain node identity
[   66.016214][ T6135] tipc: Enabling of bearer <eth:gre0> rejected, failed to enable media
[   66.519855][ T5839] Bluetooth: hci1: command tx timeout
[   66.519886][ T5209] Bluetooth: hci0: command tx timeout
[   66.605848][ T5209] Bluetooth: hci2: command tx timeout
[   66.612448][ T6199] bond0: invalid ARP target 0.0.0.0 specified for addition
[   66.619772][ T6199] bond0: option arp_ip_target: invalid value (0)
[   66.621739][ T6201] xt_cgroup: xt_cgroup: no path or classid specified
[   66.734237][ T6209] netlink: 'syz.2.160': attribute type 29 has an invalid length.
[   66.976289][ T6228] ICMPv6: NA: aa:aa:aa:aa:aa:00 advertised our address fe80::aa on syz_tun!
[   67.761571][ T6280] netlink: 'syz.2.193': attribute type 4 has an invalid length.
[   67.851533][ T6286] netlink: 'syz.1.196': attribute type 1 has an invalid length.
[   68.179088][ T6305] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   68.595729][ T5209] Bluetooth: hci1: command tx timeout
[   68.595767][ T5839] Bluetooth: hci0: command tx timeout
[   68.661258][ T6336] netlink: 'syz.0.213': attribute type 2 has an invalid length.
[   68.671902][ T6336] netlink: 'syz.0.213': attribute type 8 has an invalid length.
[   68.675241][ T5839] Bluetooth: hci2: command tx timeout
[   69.606237][ T6370] __nla_validate_parse: 12 callbacks suppressed
[   69.606249][ T6370] netlink: 8 bytes leftover after parsing attributes in process `syz.1.229'.
[   69.723673][ T6376] macvlan1: entered promiscuous mode
[   69.728507][ T6376] ipvlan0: entered promiscuous mode
[   69.731450][ T6376] ipvlan0: left promiscuous mode
[   69.737393][ T6376] macvlan1: left promiscuous mode
[   69.775690][ T6378] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   70.081689][ T6389] netlink: 'syz.0.238': attribute type 9 has an invalid length.
[   71.159074][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[   71.161895][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[   71.298510][ T6432] netlink: 16 bytes leftover after parsing attributes in process `syz.0.257'.
[   71.463143][ T6450] sit0: entered promiscuous mode
[   71.474507][ T6450] netlink: 9 bytes leftover after parsing attributes in process `syz.2.264'.
[   71.933712][ T6490] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode
[   71.937999][ T6490] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[   72.288688][ T6508] Bluetooth: MGMT ver 1.23
[   72.556378][ T6524] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   72.562856][ T6524] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   72.617778][ T6530] netlink: 24 bytes leftover after parsing attributes in process `syz.0.301'.
[   72.667938][ T6533] netlink: 'syz.0.302': attribute type 282 has an invalid length.
[   72.802436][ T6546] netlink: 24 bytes leftover after parsing attributes in process `syz.0.309'.
[   72.889402][ T6555] xt_TPROXY: Can be used only with -p tcp or -p udp
[   72.974426][ T6561] netlink: 20 bytes leftover after parsing attributes in process `syz.1.316'.
[   73.010773][ T6561] nbd: socks must be embedded in a SOCK_ITEM attr
[   73.017614][ T5842] block nbd64: NBD_DISCONNECT
[   73.326351][ T6585] netlink: 'syz.1.323': attribute type 1 has an invalid length.
[   73.363240][ T6585] bond1: (slave bridge1): making interface the new active one
[   73.368147][ T6585] bond1: (slave bridge1): Enslaving as an active interface with an up link
[   73.426781][ T6588] 
[   73.427721][ T6588] ======================================================
[   73.430135][ T6588] WARNING: possible circular locking dependency detected
[   73.432534][ T6588] 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 Not tainted
[   73.436047][ T6588] ------------------------------------------------------
[   73.438449][ T6588] syz.1.324/6588 is trying to acquire lock:
[   73.440395][ T6588] ffff88801fe27988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   73.443909][ T6588] 
[   73.443909][ T6588] but task is already holding lock:
[   73.446271][ T6588] ffff88801fe27a30 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_connect+0x94f/0x1930
[   73.449269][ T6588] 
[   73.449269][ T6588] which lock already depends on the new lock.
[   73.449269][ T6588] 
[   73.452721][ T6588] 
[   73.452721][ T6588] the existing dependency chain (in reverse order) is:
[   73.455583][ T6588] 
[   73.455583][ T6588] -> #2 (&nbd->config_lock){+.+.}-{4:4}:
[   73.458155][ T6588]        lock_acquire+0x120/0x360
[   73.459821][ T6588]        __mutex_lock+0x182/0xe80
[   73.461498][ T6588]        refcount_dec_and_mutex_lock+0x30/0xa0
[   73.463530][ T6588]        nbd_config_put+0x2c/0x790
[   73.465228][ T6588]        nbd_release+0xfe/0x140
[   73.466932][ T6588]        bdev_release+0x536/0x650
[   73.468732][ T6588]        blkdev_release+0x15/0x20
[   73.470548][ T6588]        __fput+0x44c/0xa70
[   73.472111][ T6588]        fput_close_sync+0x119/0x200
[   73.473948][ T6588]        __x64_sys_close+0x7f/0x110
[   73.475738][ T6588]        do_syscall_64+0xfa/0x3b0
[   73.477527][ T6588]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.479711][ T6588] 
[   73.479711][ T6588] -> #1 (&disk->open_mutex){+.+.}-{4:4}:
[   73.482390][ T6588]        lock_acquire+0x120/0x360
[   73.484128][ T6588]        __mutex_lock+0x182/0xe80
[   73.486096][ T6588]        __del_gendisk+0x129/0x9e0
[   73.487888][ T6588]        del_gendisk+0xe8/0x160
[   73.489587][ T6588]        nbd_dev_remove_work+0x47/0xe0
[   73.491413][ T6588]        process_scheduled_works+0xae1/0x17b0
[   73.493505][ T6588]        worker_thread+0x8a0/0xda0
[   73.495283][ T6588]        kthread+0x711/0x8a0
[   73.496808][ T6588]        ret_from_fork+0x3fc/0x770
[   73.498603][ T6588]        ret_from_fork_asm+0x1a/0x30
[   73.500516][ T6588] 
[   73.500516][ T6588] -> #0 (&set->update_nr_hwq_lock){++++}-{4:4}:
[   73.503438][ T6588]        validate_chain+0xb9b/0x2140
[   73.505255][ T6588]        __lock_acquire+0xab9/0xd20
[   73.507065][ T6588]        lock_acquire+0x120/0x360
[   73.508800][ T6588]        down_write+0x96/0x1f0
[   73.510412][ T6588]        blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   73.512484][ T6588]        nbd_start_device+0x16c/0xac0
[   73.514273][ T6588]        nbd_genl_connect+0x1250/0x1930
[   73.516100][ T6588]        genl_family_rcv_msg_doit+0x215/0x300
[   73.518113][ T6588]        genl_rcv_msg+0x60e/0x790
[   73.519921][ T6588]        netlink_rcv_skb+0x208/0x470
[   73.521709][ T6588]        genl_rcv+0x28/0x40
[   73.523228][ T6588]        netlink_unicast+0x75b/0x8d0
[   73.524921][ T6588]        netlink_sendmsg+0x805/0xb30
[   73.526651][ T6588]        __sock_sendmsg+0x21c/0x270
[   73.528312][ T6588]        ____sys_sendmsg+0x505/0x830
[   73.530017][ T6588]        ___sys_sendmsg+0x21f/0x2a0
[   73.531733][ T6588]        __x64_sys_sendmsg+0x19b/0x260
[   73.533518][ T6588]        do_syscall_64+0xfa/0x3b0
[   73.535203][ T6588]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.537324][ T6588] 
[   73.537324][ T6588] other info that might help us debug this:
[   73.537324][ T6588] 
[   73.540954][ T6588] Chain exists of:
[   73.540954][ T6588]   &set->update_nr_hwq_lock --> &disk->open_mutex --> &nbd->config_lock
[   73.540954][ T6588] 
[   73.545618][ T6588]  Possible unsafe locking scenario:
[   73.545618][ T6588] 
[   73.548187][ T6588]        CPU0                    CPU1
[   73.550318][ T6588]        ----                    ----
[   73.552210][ T6588]   lock(&nbd->config_lock);
[   73.553684][ T6588]                                lock(&disk->open_mutex);
[   73.555899][ T6588]                                lock(&nbd->config_lock);
[   73.558100][ T6588]   lock(&set->update_nr_hwq_lock);
[   73.559835][ T6588] 
[   73.559835][ T6588]  *** DEADLOCK ***
[   73.559835][ T6588] 
[   73.562604][ T6588] 3 locks held by syz.1.324/6588:
[   73.564260][ T6588]  #0: ffffffff8f576170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[   73.566851][ T6588]  #1: ffffffff8f575f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[   73.569820][ T6588]  #2: ffff88801fe27a30 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_connect+0x94f/0x1930
[   73.572943][ T6588] 
[   73.572943][ T6588] stack backtrace:
[   73.574872][ T6588] CPU: 1 UID: 0 PID: 6588 Comm: syz.1.324 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[   73.574883][ T6588] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   73.574889][ T6588] Call Trace:
[   73.574895][ T6588]  <TASK>
[   73.574899][ T6588]  dump_stack_lvl+0x189/0x250
[   73.574914][ T6588]  ? __pfx_dump_stack_lvl+0x10/0x10
[   73.574926][ T6588]  ? __pfx__printk+0x10/0x10
[   73.574936][ T6588]  ? print_lock_name+0xde/0x100
[   73.574945][ T6588]  print_circular_bug+0x2ee/0x310
[   73.574957][ T6588]  check_noncircular+0x134/0x160
[   73.574965][ T6588]  validate_chain+0xb9b/0x2140
[   73.574977][ T6588]  __lock_acquire+0xab9/0xd20
[   73.575011][ T6588]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   73.575023][ T6588]  lock_acquire+0x120/0x360
[   73.575032][ T6588]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   73.575043][ T6588]  ? __mutex_unlock_slowpath+0x1cd/0x700
[   73.575057][ T6588]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   73.575068][ T6588]  down_write+0x96/0x1f0
[   73.575075][ T6588]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   73.575084][ T6588]  ? __pfx_down_write+0x10/0x10
[   73.575092][ T6588]  blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   73.575103][ T6588]  ? nbd_add_socket+0x688/0x9a0
[   73.575114][ T6588]  ? nbd_add_socket+0x688/0x9a0
[   73.575125][ T6588]  nbd_start_device+0x16c/0xac0
[   73.575135][ T6588]  ? __nla_parse+0x40/0x60
[   73.575147][ T6588]  nbd_genl_connect+0x1250/0x1930
[   73.575157][ T6588]  ? __pfx_nbd_genl_connect+0x10/0x10
[   73.575169][ T6588]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[   73.575181][ T6588]  genl_family_rcv_msg_doit+0x215/0x300
[   73.575193][ T6588]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   73.575209][ T6588]  genl_rcv_msg+0x60e/0x790
[   73.575221][ T6588]  ? __pfx_genl_rcv_msg+0x10/0x10
[   73.575232][ T6588]  ? __pfx_nbd_genl_connect+0x10/0x10
[   73.575243][ T6588]  netlink_rcv_skb+0x208/0x470
[   73.575251][ T6588]  ? __pfx_genl_rcv_msg+0x10/0x10
[   73.575260][ T6588]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   73.575270][ T6588]  ? down_read+0x1ad/0x2e0
[   73.575276][ T6588]  genl_rcv+0x28/0x40
[   73.575286][ T6588]  netlink_unicast+0x75b/0x8d0
[   73.575295][ T6588]  netlink_sendmsg+0x805/0xb30
[   73.575305][ T6588]  ? __pfx_netlink_sendmsg+0x10/0x10
[   73.575314][ T6588]  ? aa_sock_msg_perm+0x94/0x160
[   73.575323][ T6588]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   73.575333][ T6588]  ? __pfx_netlink_sendmsg+0x10/0x10
[   73.575340][ T6588]  __sock_sendmsg+0x21c/0x270
[   73.575357][ T6588]  ____sys_sendmsg+0x505/0x830
[   73.575366][ T6588]  ? __pfx_____sys_sendmsg+0x10/0x10
[   73.575375][ T6588]  ? import_iovec+0x74/0xa0
[   73.575382][ T6588]  ___sys_sendmsg+0x21f/0x2a0
[   73.575390][ T6588]  ? __pfx____sys_sendmsg+0x10/0x10
[   73.575403][ T6588]  ? __fget_files+0x2a/0x420
[   73.575413][ T6588]  ? __fget_files+0x3a0/0x420
[   73.575423][ T6588]  __x64_sys_sendmsg+0x19b/0x260
[   73.575432][ T6588]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   73.575444][ T6588]  ? rcu_is_watching+0x15/0xb0
[   73.575458][ T6588]  ? do_syscall_64+0xbe/0x3b0
[   73.575465][ T6588]  do_syscall_64+0xfa/0x3b0
[   73.575471][ T6588]  ? lockdep_hardirqs_on+0x9c/0x150
[   73.575480][ T6588]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.575487][ T6588]  ? exc_page_fault+0x9f/0xf0
[   73.575497][ T6588]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.575503][ T6588] RIP: 0033:0x7f106838e929
[   73.575512][ T6588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.575518][ T6588] RSP: 002b:00007f10691ac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   73.575526][ T6588] RAX: ffffffffffffffda RBX: 00007f10685b5fa0 RCX: 00007f106838e929
[   73.575531][ T6588] RDX: 0000000020000000 RSI: 0000200000001ac0 RDI: 0000000000000006
[   73.575536][ T6588] RBP: 00007f1068410b39 R08: 0000000000000000 R09: 0000000000000000
[   73.575540][ T6588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   73.575544][ T6588] R13: 0000000000000000 R14: 00007f10685b5fa0 R15: 00007fff0195b868
[   73.575551][ T6588]  </TASK>
[   73.745015][ T6588] nbd1: detected capacity change from 0 to 63
[   73.747730][ T6589] block nbd1: NBD_DISCONNECT
[   73.749402][ T6589] block nbd1: Disconnected due to user request.
[   73.751688][ T6589] block nbd1: shutting down sockets
[   73.775092][    C0] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   73.779084][    C0] Buffer I/O error on dev nbd1, logical block 0, async page read
[   73.782401][    C0] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   73.786382][    C0] Buffer I/O error on dev nbd1, logical block 1, async page read
[   73.789706][    C0] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   73.793475][    C0] Buffer I/O error on dev nbd1, logical block 2, async page read
[   73.796935][    C0] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   73.800702][    C0] Buffer I/O error on dev nbd1, logical block 3, async page read
[   73.810044][ T5828] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   73.815848][ T5828] Buffer I/O error on dev nbd1, logical block 0, async page read
[   73.819395][ T5828] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   73.823373][ T5828] Buffer I/O error on dev nbd1, logical block 1, async page read
[   73.827458][ T5828] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   73.831199][ T5828] Buffer I/O error on dev nbd1, logical block 2, async page read
[   73.835149][ T5828] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   73.839299][ T5828] Buffer I/O error on dev nbd1, logical block 3, async page read
[   73.842867][ T5828] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   73.848050][ T5828] Buffer I/O error on dev nbd1, logical block 0, async page read
[   73.851605][ T5828] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   73.856691][ T5828] Buffer I/O error on dev nbd1, logical block 1, async page read
[   73.861672][ T5828] ldm_validate_partition_table(): Disk read failed.
[   73.865802][ T5828] Dev nbd1: unable to read RDB block 0
[   73.868545][ T5828]  nbd1: unable to read partition table
[   73.872488][ T5828] ldm_validate_partition_table(): Disk read failed.
[   73.875740][ T5828] Dev nbd1: unable to read RDB block 0
[   73.878503][ T5828]  nbd1: unable to read partition table
[   74.755213][ T5209] Bluetooth: hci2: command 0x0405 tx timeout
[   76.902673][ T5828] udevd (5828) used greatest stack depth: 20080 bytes left
[   81.406586][   T10] cfg80211: failed to load regulatory.db

VM DIAGNOSIS:
22:16:37  Registers:
info registers vcpu 0

CPU#0
RAX=64b4919647bee600 RBX=ffffffff81974d58 RCX=64b4919647bee600 RDX=0000000000000001
RSI=ffffffff8be28d20 RDI=ffffffff81974d58 RBP=ffffffff8de07ea8 RSP=ffffffff8de07d80
R8 =ffff88804b032f5b R9 =1ffff110096065eb R10=dffffc0000000000 R11=ffffed10096065ec
R12=ffffffff8fa10cf0 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a50
RIP=ffffffff8b66c4a3 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8650000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055556290e808 CR3=00000000115b0000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007ff2c6784478 00007ff2c6784450 XMM03=00007ff2c6784488 00007ff2c6784480
XMM04=00007ff2c72ed100 00007ff2c6784440 XMM05=00007ff2c6784458 00007ff2c67844a0
XMM06=00007ff2c6784498 00007ff2c6784490 XMM07=00007ff2c6784488 00007ff2c6784480
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007ff2c6611c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000039 RBX=0000000000000039 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000001309 RDI=000000000000130a RBP=00000000000003f8 RSP=ffffc90007196710
R8 =ffff888108a70237 R9 =1ffff1102114e046 R10=dffffc0000000000 R11=ffffffff85474610
R12=dffffc0000000000 R13=ffffffff99ac48f1 R14=ffffffff99dc9760 R15=0000000000000000
RIP=ffffffff8547468c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f10691ac6c0 ffffffff 00c00000
GS =0000 ffff8881a3c50000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000001ac0 CR3=0000000011d82000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffffffffffff ffffffffff000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=ffffffffffffffff ffffffffffffffff XMM03=ffffffffffffffff ffffffffffffffff
XMM04=00007f10690ed100 00007f1068584440 XMM05=00007f1068584458 00007f10685844a0
XMM06=00007f1068584498 00007f1068584490 XMM07=00007f1068584488 00007f1068584480
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f1068411c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
