last executing test programs:

17.59101211s ago: executing program 0 (id=9):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f0000000100)=0xfffffff7, 0x4)
sendmmsg$inet6(r2, &(0x7f0000001700)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @local}, 0x1c, 0x0, 0x0, &(0x7f0000001800)=[@pktinfo={{0x24, 0x29, 0x32, {@mcast1={0xff, 0x11}}}}, @dstopts={{0x18}}], 0x40, 0x7ffffff7}}], 0x1, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x1, 0x0, 0x2}}}}}}, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket(0x2, 0x80805, 0x0)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r8, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000200)={<r9=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010101}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r8, 0x84, 0x7a, &(0x7f0000000340)={<r10=>r9, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
getsockopt$inet_sctp6_SCTP_RTOINFO(r7, 0x84, 0x0, &(0x7f0000000100)={r10, 0x4, 0x7, 0xfffffff7}, &(0x7f0000000180)=0x10)
r11 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r12, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)=@newtfilter={0x4c, 0x2c, 0x100, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, r12, {0x2}, {0x5, 0x1}, {0xb, 0xffff}}, [@TCA_CHAIN={0x8, 0xb, 0x1}, @TCA_RATE={0x6, 0x5, {0x0, 0xcd}}, @TCA_CHAIN={0x8, 0xb, 0xb7c}, @TCA_CHAIN={0x8, 0xb, 0x238f}, @TCA_RATE={0x6, 0x5, {0x9, 0xfa}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x1}, 0x8080)
sendmsg$nl_route_sched(r6, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r12, {0x0, 0xfff1}, {}, {0x9, 0xffff}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x3}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0xf, 0x1, 0x0, 0x0, {{0x3, 0x8, 0x2}}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x14004880}, 0x2000d8d0)
r13 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x2, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b7050000000000007910a800000000005d0a0000000000009500000000000000"], &(0x7f00000002c0)='GPL\x00', 0x5, 0xb0, &(0x7f0000000600)=""/176, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000080), 0x10}, 0x94)
sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="59445af0a491c1a129cc015e712dd34ed66e19cd638a353bde7a9dffd0519ed42f4815cb50cf3c83379310f1680b2477cc28c457fcc2e24fe1f8447199c19bd157e7cca2ebcea9b611b74c20aafea903c07bbebdaf7f86bc8f49a792144f1bb51bdff2362d255678ad2b88cb62aa38914d4cda855911420c14adcdbbccb56b01255a955824687a5bfe29161e7b89acc360dcb32b7ed2e1f6140649ef3019fe8f337920413bd5ac2e06c283e7d3cbb87ea1049d2e0fc04a16caa23c9542da152b0efe5c56d64689745c60eb86bd305dbca82a9e04d971857eaaacd10256b6e3961f3b3d2e6f72b242df081ae0b952231c5f2b45798559a8", @ANYRES16=r13, @ANYBLOB="010028bd7000fedbdf250200000008000100", @ANYRES32=r1, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)
r14 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r14, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001a00010000000000000000000a800000000000000000000014000200000000000000000000000000000000000f0001"], 0x44}}, 0x0)
write$nci(r0, &(0x7f0000000240)=@NCI_OP_CORE_CONN_CREDITS_NTF={0x0, 0x1, 0x3, 0x6, 0x9, {0x4, [{0x3, 0x2a}, {0x2, 0x5}, {0x1, 0xc6}, {0x1, 0xee}]}}, 0xc)

17.473557701s ago: executing program 0 (id=11):
bpf$PROG_LOAD(0x5, 0x0, 0x2ff40ebc4192ef4a)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
unshare(0x400)
r2 = socket(0x2b, 0x80801, 0x1)
bind$ax25(r2, &(0x7f0000000600)={{0x3, @null, 0x5}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @null]}, 0x48)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="2f7ee623166ceb00dd"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x240}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r6, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000100)=0x8)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000240)=<r8=>0x0)
sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r8], 0x1c}, 0x1, 0x0, 0x0, 0xc040}, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4e21, 0x9, @empty, 0x9}, 0x1c)
socket$xdp(0x2c, 0x3, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), r9)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_WIPHY(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=ANY=[@ANYBLOB="50001400", @ANYRES16=r10, @ANYBLOB="20002fbd7000fbdbdf2502000000080069000600000005003d00040000000800400000020000080062000800000005003e000300000014000200"/74], 0x50}, 0x1, 0x0, 0x0, 0x48890}, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000fbaec0b88d9a65836bee2f", @ANYRES16=r10, @ANYRES32=r1, @ANYRESDEC=r0, @ANYBLOB], 0x28}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x87)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x275a, 0x0)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000780)=ANY=[@ANYRES8=r0], 0x24}, 0x1, 0x0, 0x0, 0x7d278f9d665751e3}, 0x20040000)
openat$cgroup_ro(r1, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700)

16.724725781s ago: executing program 2 (id=13):
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000001c0), 0x40680, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99bbb7fd98cd824498949714ffaac8a6f770600dcca"], 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sk_skb}, 0x94)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0)
r4 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r4, &(0x7f0000000200)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r5, {0xe, 0x3}, {}, {0x8, 0x8}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_HASH={0x8, 0x2, 0xfffffff9}]}}]}, 0x38}}, 0x4080)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0x486, 0x3, 0x9, 0x20, r3, 0xd112, '\x00', r5, 0xffffffffffffffff, 0x1, 0x3, 0x5, 0xb}, 0x50)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r1, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000000)=[0x0], ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x5, 0x7, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xf8, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000180), &(0x7f0000000240), 0x8, 0xc6, 0x8, 0x8, &(0x7f0000000280)}}, 0x10)
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000340)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@bloom_filter={0x1e, 0x7f, 0x66, 0x4, 0x125, 0xffffffffffffffff, 0x4, '\x00', r6, r7, 0x1, 0x4, 0x1, 0x2}, 0x50)
sendmsg$NFNL_MSG_CTHELPER_NEW(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20008040}, 0xc000001)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f0000000e80)=@gcm_256={{0x303, 0x36}, "437e509e2d2800", "8b3de2aabceef2a0640000d5a66fd32f419e59f3000000000400", "7d939a3c"}, 0x38)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r8, 0x0, 0x15, 0x0, 0x0)
ioctl$PTP_SYS_OFFSET_PRECISE(r0, 0xc0403d08, &(0x7f0000000200))

16.724596827s ago: executing program 2 (id=14):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x400, 0x125, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x8000)
socket$rds(0x15, 0x5, 0x0)
write$nci(r0, &(0x7f0000000040)=ANY=[@ANYRES64=r1], 0x5)

16.531757821s ago: executing program 0 (id=16):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_TX_TS(r0, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x40, r3, 0x20, 0x70bd26, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_TSID={0x5, 0xd2, 0xe}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x40814)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000003c0)={0x54, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x54}}, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$IPSET_CMD_FLUSH(r2, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="48000000040601010000000000000000050000010900020073797a31000000000900020073797a31000400000900020073797a3100000000050044e407dc00000005000100070000000034a86fe4a6b3e174ab92629085ad2283864978097995845906ee87c269ca52a169a7"], 0x48}, 0x1, 0x0, 0x0, 0x101}, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4)
sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r5, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r4)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r4, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x48, r6, 0x200, 0x70bd25, 0x25dfdbfd, {}, [@IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x2}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x5}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x4}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x2}]}, 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x44000)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000040)=@newpolicy={0xc4, 0x13, 0x1, 0x0, 0x0, {{@in=@loopback, @in6=@ipv4={'\x00', '\xff\xff', @multicast2}, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x1000, 0x0, 0x0, 0x0, 0x8}}, [@sec_ctx={0xc, 0x10, {0x8}}]}, 0xc4}}, 0x0)
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000480)={&(0x7f0000000700)={0x4c, r3, 0x400, 0x70bd27, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x1, 0x2d}}}}, [@NL80211_ATTR_NAN_FUNC={0x2c, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID={0x5}, @NL80211_NAN_FUNC_TX_MATCH_FILTER={0x8, 0xe, 0x0, 0x1, [{0x4}]}, @NL80211_NAN_FUNC_FOLLOW_UP_DEST={0xa, 0x8, @device_b}, @NL80211_NAN_FUNC_SERVICE_ID={0xa, 0x2, "ef85185e2d46"}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20004001}, 0x20008080)
write$nci(r0, &(0x7f0000000000)=@NCI_OP_RF_DEACTIVATE_NTF={0x1, 0x1, 0x3, 0x6, 0x1, {0x5, 0x2}}, 0x5)

16.531649146s ago: executing program 2 (id=17):
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000040), 0x10)
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x6}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c0000000000000000", @ANYRES32=r0], 0x30}}, 0x0)
ioctl$BTRFS_IOC_GET_FEATURES(0xffffffffffffffff, 0x80189439, &(0x7f0000000080))

16.473347664s ago: executing program 1 (id=18):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0))
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x14, r2, 0x10, 0x123, 0x234}, 0x14}}, 0x0)
socket$caif_seqpacket(0x25, 0x5, 0x83f)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x4}, @exit, @initr0, @exit, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @exit], &(0x7f00000000c0)='GPL\x00'}, 0x78)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r3, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, &(0x7f0000001680)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
write$nci(r0, &(0x7f0000000900)=ANY=[@ANYBLOB="7f3d010661"], 0x5)

16.473123446s ago: executing program 2 (id=19):
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x40043d14, &(0x7f0000000040))

16.414858088s ago: executing program 2 (id=20):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r3, &(0x7f0000001c00)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8)
bind$bt_sco(r3, &(0x7f0000002240), 0x8)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r4, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
write$nci(r0, &(0x7f0000000900)=ANY=[@ANYBLOB="7f3d010661"], 0x5)

15.624698567s ago: executing program 1 (id=21):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x6, &(0x7f0000000780)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca7193009c29d5206003547d7cc5cfc905b5afb43f31cb17e0620bcfa476f019a09b67d8b0e3913890a13d584deefe33906755258ffb61190cbddf66baa0d2d3d10e50ba14746b427047abb879357b2d3281bf041f73fa1c2902ce6878"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f0000000300)=""/203, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffeb8, 0x0, 0x0, 0x10, 0x80}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='hugepage_update\x00', r0}, 0x18)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2, 0x13, 0xffffffffffffffff, 0x0)
r2 = socket(0x200000000000011, 0x2, 0xd)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4)

15.624047881s ago: executing program 0 (id=22):
r0 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48050}, 0x40004)
write(r2, &(0x7f0000000080)="dc072677762b943803dc47c7e4a3de742708c97739163d63d919f3a974ec479914c89ed5f4579a2d93b86834b436e4aaa4c410a30420972dcdba95800915c28d917d8a3baf647902498ad27c293bdfe186412a571910b31cf88c2a5b660e448ea5b1397e878cbd2e41e1cbafd4d2e48ab02c1ccd9587f9f67ab41851b282f0b3fc4ff277feeb95adc7b2588e4e0eab2750177600676b2fdd756035e2389d84f8a6b08f8bf1f51d9dd97a92e51fd3c6beee2d3a21e0babd9f63", 0xb9)
r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$BTRFS_IOC_GET_FEATURES(r3, 0x40103d02, &(0x7f0000000040))

15.623856798s ago: executing program 2 (id=23):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socket$inet6_sctp(0xa, 0x0, 0x84)
socket(0x18, 0x800, 0x3)
write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
clock_gettime(0x7, &(0x7f0000000000))
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x25dddbfd, {0x0, 0x0, 0x0, r8, {0x0, 0xffff}, {0xffff, 0xffff}, {0x1, 0xd}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd2a, 0x8000, {0x0, 0x0, 0x0, r8, {0x0, 0xa}, {}, {0xa}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_STATE={0x6, 0x5b, 0x4}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x22044028}, 0x800)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0)
write$nci(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="61e7054b0502818102cea102"], 0xc)

15.521673918s ago: executing program 1 (id=24):
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000009feffff720a00fef8ffffff71a400fe0000000071105200000000001d300200000000004704000001ed030407000000c00000001d440000000000006b0a00fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x1ff)
r2 = openat$cgroup_int(r1, &(0x7f0000001180)='hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz0\x00', 0x200002, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[@ANYBLOB='P'], 0x27)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bond0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c00000010000304000700000000000000000400", @ANYRES32=r4, @ANYBLOB="60bc010004a701003c00128009000100626f6e64000000002c000280050015000100000005001b005400000008000f000300000008000500050000000500110007000000"], 0x5c}, 0x1, 0x0, 0x0, 0x11}, 0x4000044)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1400000000000000000000000200000000100000000000001c00000000000000100100000d"], 0x38}, 0x0)
ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x43403d05, &(0x7f0000000040))
r5 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
ioctl$FS_IOC_SETVERSION(r5, 0x40087602, &(0x7f0000000140)=0x1c00000000)

15.521338526s ago: executing program 0 (id=25):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x900, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=r2, @ANYBLOB="0524060000000001300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f"], 0x6c}}, 0x0)

15.490260545s ago: executing program 1 (id=26):
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x20002, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000280)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x32, 0x1}, 0x9c)
shutdown(r2, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000100)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3d}}, @in6={0xa, 0x4e22, 0x1, @loopback, 0x68}], 0x2c)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000000)={0x10003, 0xfffffffc, 0xd7c4, 0x3}, 0x10)
write(r3, &(0x7f0000000040)="240000001e005f0b000000fffffffff8071900001d6a9666cdcddd7cb8e9760000000000", 0x24)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000c000000480005800800010065756800070002"], 0x5c}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r6=>0x0})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x64, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x0, 0x0, 0xfff}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x4}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="7000000010000100000000180000000000000000", @ANYRES32=r6, @ANYBLOB="000000002f95abbe480012800e0001006970366772657461700000003400028008000300", @ANYRES32=r6, @ANYBLOB="14000600fe80000000000000000000000000000014000700ff05"], 0x70}}, 0x0)
ioctl$PTP_PIN_GETFUNC(r0, 0xc0603d06, &(0x7f0000000080)={'\x00', 0x9, 0x1, 0x4})

15.423764557s ago: executing program 0 (id=27):
r0 = syz_init_net_socket$ax25(0x3, 0x5, 0xc5)
ioctl$SIOCAX25DELUID(r0, 0x89e2, &(0x7f0000000080)={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r2, &(0x7f0000000040)=[{{&(0x7f00000003c0)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000000)="7f", 0x1}], 0x1}}], 0x1, 0x0)
listen(r2, 0xfff)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r2, 0x29, 0x37, &(0x7f00000000c0)={0x5c}, 0x8)
accept(r2, 0xfffffffffffffffd, &(0x7f0000000680))
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0xffffffffffffffff, 0x68e6}, 0xc)
bpf$BPF_MAP_FREEZE(0x16, &(0x7f00000001c0)=r4, 0x4)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_VENDOR(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000006700000008000300", @ANYRES32=r9, @ANYBLOB="0800c300741300000800c40001000004"], 0x30}, 0x1, 0x0, 0x0, 0x44043}, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f00000000c0)=<r10=>0x0)
sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r10], 0x1c}}, 0x0)
write$nci(r3, &(0x7f0000001800)=ANY=[@ANYBLOB="7240082b0102020681055a03997713fa06070202267a"], 0x16)
write$nci(r3, 0x0, 0x7)

15.351994829s ago: executing program 1 (id=28):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000180)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000000)="38000000019703", 0x7)

15.351638903s ago: executing program 1 (id=29):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000022780)=@newlink={0x38, 0x10, 0x49920d862a92153b, 0xc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90c1, 0x5c81}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD1={0x8, 0x2, @udp=r5}]}}}]}, 0x38}}, 0x48010)
close(r5)
write$nci(r0, &(0x7f0000001800)=ANY=[@ANYBLOB="7240082b0102020681055a03997713fa06070202267a"], 0x16)
r6 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r6, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8)
bind$inet6(r6, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r6, &(0x7f0000003c40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002180)=""/132, 0x84}, 0x6}], 0x1, 0x2b, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4)
sendto$inet6(r6, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
write$nci(r0, &(0x7f0000000240)=@NCI_OP_CORE_SET_CONFIG_RSP={0x0, 0x0, 0x2, 0x2, 0x4, {0x1, 0x2, "cd42"}}, 0x7)
ioctl$VHOST_VDPA_GET_VQS_COUNT(r6, 0x8004af80, &(0x7f0000000040))

60.627048ms ago: executing program 32 (id=27):
r0 = syz_init_net_socket$ax25(0x3, 0x5, 0xc5)
ioctl$SIOCAX25DELUID(r0, 0x89e2, &(0x7f0000000080)={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r2, &(0x7f0000000040)=[{{&(0x7f00000003c0)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000000)="7f", 0x1}], 0x1}}], 0x1, 0x0)
listen(r2, 0xfff)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r2, 0x29, 0x37, &(0x7f00000000c0)={0x5c}, 0x8)
accept(r2, 0xfffffffffffffffd, &(0x7f0000000680))
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0xffffffffffffffff, 0x68e6}, 0xc)
bpf$BPF_MAP_FREEZE(0x16, &(0x7f00000001c0)=r4, 0x4)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_VENDOR(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000006700000008000300", @ANYRES32=r9, @ANYBLOB="0800c300741300000800c40001000004"], 0x30}, 0x1, 0x0, 0x0, 0x44043}, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f00000000c0)=<r10=>0x0)
sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r10], 0x1c}}, 0x0)
write$nci(r3, &(0x7f0000001800)=ANY=[@ANYBLOB="7240082b0102020681055a03997713fa06070202267a"], 0x16)
write$nci(r3, 0x0, 0x7)

15.198253ms ago: executing program 33 (id=29):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000022780)=@newlink={0x38, 0x10, 0x49920d862a92153b, 0xc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90c1, 0x5c81}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD1={0x8, 0x2, @udp=r5}]}}}]}, 0x38}}, 0x48010)
close(r5)
write$nci(r0, &(0x7f0000001800)=ANY=[@ANYBLOB="7240082b0102020681055a03997713fa06070202267a"], 0x16)
r6 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r6, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8)
bind$inet6(r6, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r6, &(0x7f0000003c40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002180)=""/132, 0x84}, 0x6}], 0x1, 0x2b, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4)
sendto$inet6(r6, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
write$nci(r0, &(0x7f0000000240)=@NCI_OP_CORE_SET_CONFIG_RSP={0x0, 0x0, 0x2, 0x2, 0x4, {0x1, 0x2, "cd42"}}, 0x7)
ioctl$VHOST_VDPA_GET_VQS_COUNT(r6, 0x8004af80, &(0x7f0000000040))

0s ago: executing program 34 (id=23):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socket$inet6_sctp(0xa, 0x0, 0x84)
socket(0x18, 0x800, 0x3)
write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
clock_gettime(0x7, &(0x7f0000000000))
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x25dddbfd, {0x0, 0x0, 0x0, r8, {0x0, 0xffff}, {0xffff, 0xffff}, {0x1, 0xd}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd2a, 0x8000, {0x0, 0x0, 0x0, r8, {0x0, 0xa}, {}, {0xa}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_STATE={0x6, 0x5b, 0x4}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x22044028}, 0x800)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0)
write$nci(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="61e7054b0502818102cea102"], 0xc)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:60348' (ED25519) to the list of known hosts.
syzkaller login: [   40.870218][ T5777] cgroup: Unknown subsys name 'net'
[   40.956404][ T5777] cgroup: Unknown subsys name 'cpuset'
[   40.960785][ T5777] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   42.304066][ T5777] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   46.052491][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   46.056150][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   46.060758][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   46.064895][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   46.072885][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   46.134387][ T5235] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   46.137270][ T5235] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   46.140090][ T5235] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   46.155516][ T5850] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   46.158482][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   46.161031][ T5860] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   46.164286][ T5860] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   46.171024][ T5850] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   46.182681][ T5850] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   46.188016][ T5235] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   46.277637][ T5848] chnl_net:caif_netlink_parms(): no params data found
[   46.366993][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.369846][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.373768][ T5848] bridge_slave_0: entered allmulticast mode
[   46.377706][ T5848] bridge_slave_0: entered promiscuous mode
[   46.384367][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.386939][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.389609][ T5848] bridge_slave_1: entered allmulticast mode
[   46.392851][ T5848] bridge_slave_1: entered promiscuous mode
[   46.432726][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   46.454662][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   46.532669][ T5848] team0: Port device team_slave_0 added
[   46.541364][ T5848] team0: Port device team_slave_1 added
[   46.568839][ T5856] chnl_net:caif_netlink_parms(): no params data found
[   46.575497][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0
[   46.577943][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.587745][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   46.597825][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1
[   46.600474][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.610802][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   46.620401][ T5854] chnl_net:caif_netlink_parms(): no params data found
[   46.706586][ T5848] hsr_slave_0: entered promiscuous mode
[   46.709363][ T5848] hsr_slave_1: entered promiscuous mode
[   46.746167][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.749301][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.753494][ T5854] bridge_slave_0: entered allmulticast mode
[   46.757388][ T5854] bridge_slave_0: entered promiscuous mode
[   46.761314][ T5856] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.764436][ T5856] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.766964][ T5856] bridge_slave_0: entered allmulticast mode
[   46.769727][ T5856] bridge_slave_0: entered promiscuous mode
[   46.772985][ T5856] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.775458][ T5856] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.778529][ T5856] bridge_slave_1: entered allmulticast mode
[   46.782525][ T5856] bridge_slave_1: entered promiscuous mode
[   46.798015][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.800931][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.803459][ T5854] bridge_slave_1: entered allmulticast mode
[   46.806283][ T5854] bridge_slave_1: entered promiscuous mode
[   46.849389][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   46.864974][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   46.873643][ T5856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   46.887669][ T5856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   46.907109][ T5854] team0: Port device team_slave_0 added
[   46.920512][ T5854] team0: Port device team_slave_1 added
[   46.940429][ T5856] team0: Port device team_slave_0 added
[   46.951287][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[   46.953710][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.963105][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   46.972083][ T5856] team0: Port device team_slave_1 added
[   46.974766][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[   46.977265][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.986658][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.020683][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_0
[   47.023281][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.031980][ T5856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.037118][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.039426][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.048882][ T5856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.082053][ T5854] hsr_slave_0: entered promiscuous mode
[   47.084380][ T5854] hsr_slave_1: entered promiscuous mode
[   47.086541][ T5854] debugfs: 'hsr0' already exists in 'hsr'
[   47.088485][ T5854] Cannot create hsr debugfs directory
[   47.111716][ T5856] hsr_slave_0: entered promiscuous mode
[   47.115132][ T5856] hsr_slave_1: entered promiscuous mode
[   47.117337][ T5856] debugfs: 'hsr0' already exists in 'hsr'
[   47.119236][ T5856] Cannot create hsr debugfs directory
[   47.149069][ T5848] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   47.174046][ T5848] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   47.181540][ T5848] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   47.192937][ T5848] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   47.314599][ T5856] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   47.322858][ T5856] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   47.329452][ T5856] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   47.337955][ T5856] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   47.381244][ T5854] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   47.386122][ T5854] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   47.391247][ T5854] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   47.399673][ T5854] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   47.415638][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.440660][ T5848] 8021q: adding VLAN 0 to HW filter on device team0
[   47.450596][ T1088] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.453117][ T1088] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.467442][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.469859][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.488532][ T5856] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.512979][ T5856] 8021q: adding VLAN 0 to HW filter on device team0
[   47.527476][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.530453][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.536646][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.548187][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.551254][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.583470][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[   47.605318][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.607692][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.613158][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.615881][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.728770][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[   47.769735][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0
[   47.790420][ T5854] veth0_vlan: entered promiscuous mode
[   47.801685][ T5854] veth1_vlan: entered promiscuous mode
[   47.823084][ T5856] 8021q: adding VLAN 0 to HW filter on device batadv0
[   47.855657][ T5848] veth0_vlan: entered promiscuous mode
[   47.858731][ T5854] veth0_macvtap: entered promiscuous mode
[   47.873843][ T5854] veth1_macvtap: entered promiscuous mode
[   47.879248][ T5848] veth1_vlan: entered promiscuous mode
[   47.895177][ T5856] veth0_vlan: entered promiscuous mode
[   47.898543][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[   47.907987][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[   47.918122][ T5856] veth1_vlan: entered promiscuous mode
[   47.935526][ T5848] veth0_macvtap: entered promiscuous mode
[   47.939075][ T5873] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   47.948281][ T5873] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   47.957221][ T5848] veth1_macvtap: entered promiscuous mode
[   47.960824][ T5873] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   47.963976][ T5873] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   47.986112][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0
[   47.999902][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.004147][ T5856] veth0_macvtap: entered promiscuous mode
[   48.024192][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.028080][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.030593][ T5856] veth1_macvtap: entered promiscuous mode
[   48.036429][ T5873] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.044362][ T5873] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.047707][ T5873] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.050635][ T5873] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   48.074871][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.078670][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.083200][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.085592][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.104757][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.107957][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.111362][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.130546][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   48.142743][ T5235] Bluetooth: hci0: command tx timeout
[   48.151370][ T5854] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   48.159541][ T1088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.162433][ T1088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.200203][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.203706][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.223020][ T5235] Bluetooth: hci1: command tx timeout
[   48.225099][ T5857] Bluetooth: hci2: command tx timeout
[   48.234539][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.237127][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.271684][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.287502][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.521359][ T5949] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9'.
[   49.443291][ T5958] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   49.519106][ T5982] netlink: 'syz.1.15': attribute type 9 has an invalid length.
[   49.566005][ T5983] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16'.
[   50.222042][ T5235] Bluetooth: hci0: command tx timeout
[   50.301948][ T5235] Bluetooth: hci1: command tx timeout
[   50.302043][ T5857] Bluetooth: hci2: command tx timeout
[   50.541699][ T6024] netlink: 28 bytes leftover after parsing attributes in process `syz.0.25'.
[   50.542005][ T6022] bond0: Unable to set down delay as MII monitoring is disabled
[   50.545977][ T6024] netlink: 8 bytes leftover after parsing attributes in process `syz.0.25'.
[   50.609989][ T6028] netlink: 8 bytes leftover after parsing attributes in process `syz.1.26'.
[   50.618331][ T6028] netlink: 'syz.1.26': attribute type 3 has an invalid length.
[   50.698516][   T12] nci: nci_ntf_packet: unknown ntf opcode 0x127
[   52.302058][ T5857] Bluetooth: hci0: command tx timeout
[   52.381941][ T5857] Bluetooth: hci1: command tx timeout
[   52.391928][ T5857] Bluetooth: hci2: command tx timeout
[   52.622204][ T6005] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[   52.624410][ T6005] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[   53.425066][ T6005] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   53.427058][ T6005] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[   53.432756][ T6005] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   53.435140][ T6005] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[   70.945155][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   70.947709][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   81.195330][   T10] cfg80211: failed to load regulatory.db
[  132.383489][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  132.385970][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[  193.824328][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  193.826728][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[  204.702166][   T34] INFO: task kworker/0:6:5915 blocked for more than 143 seconds.
[  204.705339][   T34]       Not tainted syzkaller #0
[  204.707721][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  204.711254][   T34] task:kworker/0:6     state:D stack:25000 pid:5915  tgid:5915  ppid:2      task_flags:0x4208060 flags:0x00004000
[  204.717863][   T34] Workqueue: events rfkill_global_led_trigger_worker
[  204.720530][   T34] Call Trace:
[  204.740014][   T34]  <TASK>
[  204.741221][   T34]  __schedule+0x1798/0x4cc0
[  204.745993][   T34]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  204.747755][   T34]  ? __pfx___schedule+0x10/0x10
[  204.749351][   T34]  ? schedule+0x91/0x360
[  204.750721][   T34]  schedule+0x165/0x360
[  204.752172][   T34]  schedule_preempt_disabled+0x13/0x30
[  204.754230][   T34]  __mutex_lock+0x7e6/0x1350
[  204.755726][   T34]  ? __mutex_lock+0x5bb/0x1350
[  204.757296][   T34]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[  204.759269][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  204.760901][   T34]  ? process_scheduled_works+0x9ef/0x17b0
[  204.763537][   T34]  ? process_scheduled_works+0x9ef/0x17b0
[  204.765362][   T34]  rfkill_global_led_trigger_worker+0x27/0xd0
[  204.767317][   T34]  ? process_scheduled_works+0x9ef/0x17b0
[  204.769145][   T34]  process_scheduled_works+0xae1/0x17b0
[  204.770922][   T34]  ? __pfx_process_scheduled_works+0x10/0x10
[  204.773586][   T34]  worker_thread+0x8a0/0xda0
[  204.775235][   T34]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  204.777339][   T34]  ? __kthread_parkme+0x7b/0x200
[  204.778983][   T34]  kthread+0x711/0x8a0
[  204.780355][   T34]  ? __pfx_worker_thread+0x10/0x10
[  204.782949][   T34]  ? __pfx_kthread+0x10/0x10
[  204.784488][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  204.786213][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  204.787902][   T34]  ? __pfx_kthread+0x10/0x10
[  204.789397][   T34]  ret_from_fork+0x439/0x7d0
[  204.790922][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  204.792686][   T34]  ? __switch_to_asm+0x39/0x70
[  204.794270][   T34]  ? __switch_to_asm+0x33/0x70
[  204.795834][   T34]  ? __pfx_kthread+0x10/0x10
[  204.797366][   T34]  ret_from_fork_asm+0x1a/0x30
[  204.798934][   T34]  </TASK>
[  204.799957][   T34] INFO: task syz.2.23:6004 blocked for more than 143 seconds.
[  204.803204][   T34]       Not tainted syzkaller #0
[  204.804818][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  204.807748][   T34] task:syz.2.23        state:D stack:25096 pid:6004  tgid:6004  ppid:5854   task_flags:0x400040 flags:0x00004006
[  204.811491][   T34] Call Trace:
[  204.812754][   T34]  <TASK>
[  204.813804][   T34]  __schedule+0x1798/0x4cc0
[  204.815374][   T34]  ? __lock_acquire+0xab9/0xd20
[  204.816988][   T34]  ? __lock_acquire+0xab9/0xd20
[  204.818571][   T34]  ? __pfx___schedule+0x10/0x10
[  204.820188][   T34]  ? schedule+0x91/0x360
[  204.821594][   T34]  schedule+0x165/0x360
[  204.823811][   T34]  schedule_preempt_disabled+0x13/0x30
[  204.825599][   T34]  __mutex_lock+0x7e6/0x1350
[  204.827146][   T34]  ? __mutex_lock+0x5bb/0x1350
[  204.828724][   T34]  ? rfkill_unregister+0xc8/0x220
[  204.830357][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  204.833042][   T34]  ? __pfx_device_del+0x10/0x10
[  204.834655][   T34]  rfkill_unregister+0xc8/0x220
[  204.836269][   T34]  nfc_unregister_device+0x96/0x2a0
[  204.837965][   T34]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  204.839802][   T34]  virtual_ncidev_close+0x56/0x90
[  204.841483][   T34]  __fput+0x44c/0xa70
[  204.843679][   T34]  task_work_run+0x1d4/0x260
[  204.845630][   T34]  ? __pfx_task_work_run+0x10/0x10
[  204.847720][   T34]  ? exit_to_user_mode_loop+0x40/0x110
[  204.849861][   T34]  exit_to_user_mode_loop+0xec/0x110
[  204.851661][   T34]  do_syscall_64+0x2bd/0x3b0
[  204.853475][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.855513][   T34]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  204.857526][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.859487][   T34] RIP: 0033:0x7f74e818eba9
[  204.860973][   T34] RSP: 002b:00007fff4d6a80f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  204.864115][   T34] RAX: 0000000000000000 RBX: 00007f74e83d7da0 RCX: 00007f74e818eba9
[  204.867033][   T34] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  204.869854][   T34] RBP: 00007f74e83d7da0 R08: 0000000000000154 R09: 000000124d6a83ef
[  204.872897][   T34] R10: 00007f74e83d7cb0 R11: 0000000000000246 R12: 000000000000c7c2
[  204.875826][   T34] R13: 00007f74e83d6180 R14: ffffffffffffffff R15: 00007fff4d6a8210
[  204.878909][   T34]  </TASK>
[  204.880188][   T34] INFO: task syz.2.23:6005 blocked for more than 143 seconds.
[  204.883975][   T34]       Not tainted syzkaller #0
[  204.885916][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  204.889185][   T34] task:syz.2.23        state:D stack:23992 pid:6005  tgid:6004  ppid:5854   task_flags:0x400140 flags:0x00004006
[  204.894064][   T34] Call Trace:
[  204.895396][   T34]  <TASK>
[  204.896585][   T34]  __schedule+0x1798/0x4cc0
[  204.898408][   T34]  ? __lock_acquire+0xab9/0xd20
[  204.900340][   T34]  ? __lock_acquire+0xab9/0xd20
[  204.902595][   T34]  ? __pfx___schedule+0x10/0x10
[  204.904536][   T34]  ? schedule+0x91/0x360
[  204.906229][   T34]  schedule+0x165/0x360
[  204.907908][   T34]  schedule_preempt_disabled+0x13/0x30
[  204.910078][   T34]  __mutex_lock+0x7e6/0x1350
[  204.912250][   T34]  ? __mutex_lock+0x5bb/0x1350
[  204.914146][   T34]  ? nfc_rfkill_set_block+0x50/0x2e0
[  204.916139][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  204.917932][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  204.919726][   T34]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  204.921668][   T34]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  204.923968][   T34]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  204.925804][   T34]  nfc_rfkill_set_block+0x50/0x2e0
[  204.927466][   T34]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  204.929308][   T34]  rfkill_set_block+0x1d2/0x440
[  204.930900][   T34]  rfkill_fop_write+0x44b/0x570
[  204.932712][   T34]  ? __pfx_rfkill_fop_write+0x10/0x10
[  204.934460][   T34]  ? security_kernfs_init_security+0x290/0x290
[  204.936455][   T34]  ? rw_verify_area+0x255/0x4d0
[  204.938060][   T34]  ? __lock_acquire+0xab9/0xd20
[  204.939645][   T34]  ? __pfx_rfkill_fop_write+0x10/0x10
[  204.941412][   T34]  vfs_write+0x27e/0xb30
[  204.943049][   T34]  ? __pfx_vfs_write+0x10/0x10
[  204.944622][   T34]  ? __fget_files+0x2a/0x420
[  204.946151][   T34]  ? __fget_files+0x2a/0x420
[  204.947660][   T34]  ? __fget_files+0x3a0/0x420
[  204.949189][   T34]  ? __fget_files+0x2a/0x420
[  204.950699][   T34]  ksys_write+0x145/0x250
[  204.952600][   T34]  ? __pfx_ksys_write+0x10/0x10
[  204.954207][   T34]  ? rcu_is_watching+0x15/0xb0
[  204.955774][   T34]  ? do_syscall_64+0xbe/0x3b0
[  204.957324][   T34]  do_syscall_64+0xfa/0x3b0
[  204.958814][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  204.960522][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.962958][   T34]  ? exc_page_fault+0x9f/0xf0
[  204.964507][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.966434][   T34] RIP: 0033:0x7f74e818eba9
[  204.967918][   T34] RSP: 002b:00007f74e8f7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  204.970596][   T34] RAX: ffffffffffffffda RBX: 00007f74e83d5fa0 RCX: 00007f74e818eba9
[  204.973387][   T34] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 0000000000000004
[  204.975991][   T34] RBP: 00007f74e8211e19 R08: 0000000000000000 R09: 0000000000000000
[  204.978562][   T34] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  204.981132][   T34] R13: 00007f74e83d6038 R14: 00007f74e83d5fa0 R15: 00007fff4d6a7f98
[  204.983856][   T34]  </TASK>
[  204.984923][   T34] INFO: task syz.0.27:6035 blocked for more than 143 seconds.
[  204.987351][   T34]       Not tainted syzkaller #0
[  204.989096][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  204.992357][   T34] task:syz.0.27        state:D stack:26472 pid:6035  tgid:6029  ppid:5856   task_flags:0x400140 flags:0x00004004
[  204.996508][   T34] Call Trace:
[  204.997856][   T34]  <TASK>
[  204.998930][   T34]  __schedule+0x1798/0x4cc0
[  205.000559][   T34]  ? __lock_acquire+0xab9/0xd20
[  205.002487][   T34]  ? __lock_acquire+0xab9/0xd20
[  205.004240][   T34]  ? __pfx___schedule+0x10/0x10
[  205.005983][   T34]  ? schedule+0x91/0x360
[  205.007642][   T34]  schedule+0x165/0x360
[  205.009111][   T34]  schedule_preempt_disabled+0x13/0x30
[  205.010992][   T34]  __mutex_lock+0x7e6/0x1350
[  205.012899][   T34]  ? __mutex_lock+0x5bb/0x1350
[  205.014551][   T34]  ? rfkill_register+0x37/0x8e0
[  205.016348][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  205.018172][   T34]  ? __init_waitqueue_head+0xa9/0x150
[  205.020078][   T34]  ? device_initialize+0x24b/0x440
[  205.022132][   T34]  rfkill_register+0x37/0x8e0
[  205.023799][   T34]  nfc_register_device+0x14a/0x320
[  205.025628][   T34]  nci_register_device+0x87f/0x9d0
[  205.027456][   T34]  ? __pfx_nci_register_device+0x10/0x10
[  205.029453][   T34]  ? __raw_spin_lock_init+0x45/0x100
[  205.031445][   T34]  ? __init_waitqueue_head+0xa9/0x150
[  205.033502][   T34]  virtual_ncidev_open+0x129/0x1a0
[  205.035171][   T34]  ? __pfx_virtual_ncidev_open+0x10/0x10
[  205.036988][   T34]  misc_open+0x2bc/0x330
[  205.038370][   T34]  chrdev_open+0x4cc/0x5e0
[  205.039817][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  205.041424][   T34]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  205.043726][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  205.045360][   T34]  do_dentry_open+0x953/0x13f0
[  205.046927][   T34]  vfs_open+0x3b/0x340
[  205.048274][   T34]  ? path_openat+0x2ecd/0x3830
[  205.049858][   T34]  path_openat+0x2ee5/0x3830
[  205.051364][   T34]  ? arch_stack_walk+0xfc/0x150
[  205.053188][   T34]  ? stack_depot_save_flags+0x40/0x860
[  205.054971][   T34]  ? __pfx_path_openat+0x10/0x10
[  205.056570][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.058551][   T34]  do_filp_open+0x1fa/0x410
[  205.060063][   T34]  ? __lock_acquire+0xab9/0xd20
[  205.061659][   T34]  ? __pfx_do_filp_open+0x10/0x10
[  205.063569][   T34]  ? _raw_spin_unlock+0x28/0x50
[  205.065164][   T34]  ? alloc_fd+0x64c/0x6c0
[  205.066585][   T34]  do_sys_openat2+0x121/0x1c0
[  205.068184][   T34]  ? __se_sys_futex+0x36f/0x400
[  205.069823][   T34]  ? __pfx_do_sys_openat2+0x10/0x10
[  205.071587][   T34]  ? 0xffffffff81000000
[  205.074042][   T34]  ? rcu_is_watching+0x15/0xb0
[  205.075798][   T34]  __x64_sys_openat+0x138/0x170
[  205.077427][   T34]  do_syscall_64+0xfa/0x3b0
[  205.079040][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.080870][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.083157][   T34]  ? exc_page_fault+0x9f/0xf0
[  205.084702][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.086901][   T34] RIP: 0033:0x7f63ecd8eba9
[  205.088468][   T34] RSP: 002b:00007f63edc25038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  205.091199][   T34] RAX: ffffffffffffffda RBX: 00007f63ecfd6090 RCX: 00007f63ecd8eba9
[  205.093989][   T34] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  205.096787][   T34] RBP: 00007f63ece11e19 R08: 0000000000000000 R09: 0000000000000000
[  205.099422][   T34] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  205.102182][   T34] R13: 00007f63ecfd6128 R14: 00007f63ecfd6090 R15: 00007ffc703e5b08
[  205.104796][   T34]  </TASK>
[  205.105946][   T34] INFO: task syz.1.29:6040 blocked for more than 143 seconds.
[  205.108618][   T34]       Not tainted syzkaller #0
[  205.110305][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  205.114486][   T34] task:syz.1.29        state:D stack:28328 pid:6040  tgid:6037  ppid:5848   task_flags:0x400040 flags:0x00004004
[  205.118510][   T34] Call Trace:
[  205.119626][   T34]  <TASK>
[  205.120632][   T34]  __schedule+0x1798/0x4cc0
[  205.122295][   T34]  ? kasan_save_free_info+0x46/0x50
[  205.124117][   T34]  ? __lock_acquire+0xab9/0xd20
[  205.125850][   T34]  ? __lock_acquire+0xab9/0xd20
[  205.127518][   T34]  ? __pfx___schedule+0x10/0x10
[  205.129213][   T34]  ? schedule+0x91/0x360
[  205.130729][   T34]  schedule+0x165/0x360
[  205.132295][   T34]  schedule_preempt_disabled+0x13/0x30
[  205.134499][   T34]  __mutex_lock+0x7e6/0x1350
[  205.136218][   T34]  ? __mutex_lock+0x5bb/0x1350
[  205.137905][   T34]  ? misc_open+0x51/0x330
[  205.139397][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  205.141075][   T34]  misc_open+0x51/0x330
[  205.142556][   T34]  chrdev_open+0x4cc/0x5e0
[  205.144100][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  205.145836][   T34]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  205.147912][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  205.149542][   T34]  do_dentry_open+0x953/0x13f0
[  205.151122][   T34]  vfs_open+0x3b/0x340
[  205.152545][   T34]  ? path_openat+0x2ecd/0x3830
[  205.154132][   T34]  path_openat+0x2ee5/0x3830
[  205.155618][   T34]  ? arch_stack_walk+0xfc/0x150
[  205.157222][   T34]  ? stack_depot_save_flags+0x40/0x860
[  205.159015][   T34]  ? __pfx_path_openat+0x10/0x10
[  205.160639][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.162702][   T34]  do_filp_open+0x1fa/0x410
[  205.164216][   T34]  ? __lock_acquire+0xab9/0xd20
[  205.165818][   T34]  ? __pfx_do_filp_open+0x10/0x10
[  205.167477][   T34]  ? _raw_spin_unlock+0x28/0x50
[  205.169089][   T34]  ? alloc_fd+0x64c/0x6c0
[  205.170524][   T34]  do_sys_openat2+0x121/0x1c0
[  205.172178][   T34]  ? __pfx_do_sys_openat2+0x10/0x10
[  205.173906][   T34]  ? exc_page_fault+0x76/0xf0
[  205.175399][   T34]  ? do_user_addr_fault+0xc8a/0x1390
[  205.177328][   T34]  __x64_sys_openat+0x138/0x170
[  205.178978][   T34]  do_syscall_64+0xfa/0x3b0
[  205.180771][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.183283][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.185786][   T34]  ? exc_page_fault+0x9f/0xf0
[  205.187727][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.190153][   T34] RIP: 0033:0x7fd7da98eba9
[  205.192057][   T34] RSP: 002b:00007fd7db8a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  205.195434][   T34] RAX: ffffffffffffffda RBX: 00007fd7dabd5fa0 RCX: 00007fd7da98eba9
[  205.198641][   T34] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  205.202043][   T34] RBP: 00007fd7daa11e19 R08: 0000000000000000 R09: 0000000000000000
[  205.205131][   T34] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  205.208032][   T34] R13: 00007fd7dabd6038 R14: 00007fd7dabd5fa0 R15: 00007ffe3154e1a8
[  205.210842][   T34]  </TASK>
[  205.212112][   T34] 
[  205.212112][   T34] Showing all locks held in the system:
[  205.214899][   T34] 1 lock held by khungtaskd/34:
[  205.216655][   T34]  #0: ffffffff8e13a0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  205.219854][   T34] 2 locks held by getty/5671:
[  205.221412][   T34]  #0: ffff8880207380a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  205.224570][   T34]  #1: ffffc900029062f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  205.227794][   T34] 3 locks held by kworker/0:6/5915:
[  205.229456][   T34]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  205.232998][   T34]  #1: ffffc900033dfbc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  205.237209][   T34]  #2: ffffffff8f812948 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[  205.240728][   T34] 2 locks held by syz.2.23/6004:
[  205.242394][   T34]  #0: ffff8881108bc100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[  205.245467][   T34]  #1: ffffffff8f812948 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[  205.248620][   T34] 2 locks held by syz.2.23/6005:
[  205.250219][   T34]  #0: ffffffff8f812948 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x191/0x570
[  205.253460][   T34]  #1: ffff8881108bc100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[  205.256519][   T34] 3 locks held by syz.0.27/6035:
[  205.258106][   T34]  #0: ffffffff8e9c2608 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  205.260805][   T34]  #1: ffff888123d55100 (&dev->mutex){....}-{4:4}, at: nfc_register_device+0xa1/0x320
[  205.263950][   T34]  #2: ffffffff8f812948 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[  205.267146][   T34] 1 lock held by syz.1.29/6040:
[  205.268749][   T34]  #0: ffffffff8e9c2608 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  205.271557][   T34] 1 lock held by syz-executor/6079:
[  205.273286][   T34]  #0: ffffffff8e9c2608 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  205.275991][   T34] 1 lock held by syz-executor/6080:
[  205.277685][   T34]  #0: ffffffff8e9c2608 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  205.280358][   T34] 1 lock held by syz-executor/6081:
[  205.282162][   T34]  #0: ffffffff8e9c2608 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  205.285069][   T34] 1 lock held by syz-executor/6098:
[  205.286994][   T34]  #0: ffffffff8e9c2608 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  205.290043][   T34] 1 lock held by syz-executor/6101:
[  205.291865][   T34]  #0: ffffffff8e9c2608 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  205.294944][   T34] 1 lock held by syz-executor/6102:
[  205.296858][   T34]  #0: ffffffff8e9c2608 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  205.299967][   T34] 1 lock held by syz-executor/6104:
[  205.301987][   T34]  #0: ffffffff8e9c2608 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  205.304935][   T34] 1 lock held by syz-executor/6107:
[  205.306696][   T34]  #0: ffffffff8e9c2608 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  205.309939][   T34] 1 lock held by syz-executor/6108:
[  205.312087][   T34]  #0: ffffffff8e9c2608 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  205.315414][   T34] 
[  205.316416][   T34] =============================================
[  205.316416][   T34] 
[  205.319451][   T34] NMI backtrace for cpu 0
[  205.319459][   T34] CPU: 0 UID: 0 PID: 34 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  205.319468][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  205.319473][   T34] Call Trace:
[  205.319477][   T34]  <TASK>
[  205.319480][   T34]  dump_stack_lvl+0x189/0x250
[  205.319492][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  205.319501][   T34]  ? __pfx__printk+0x10/0x10
[  205.319514][   T34]  nmi_cpu_backtrace+0x39e/0x3d0
[  205.319527][   T34]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  205.319539][   T34]  ? __pfx__printk+0x10/0x10
[  205.319550][   T34]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  205.319563][   T34]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  205.319575][   T34]  watchdog+0xf93/0xfe0
[  205.319588][   T34]  ? watchdog+0x1de/0xfe0
[  205.319600][   T34]  kthread+0x711/0x8a0
[  205.319610][   T34]  ? __pfx_watchdog+0x10/0x10
[  205.319620][   T34]  ? __pfx_kthread+0x10/0x10
[  205.319629][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  205.319637][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.319645][   T34]  ? __pfx_kthread+0x10/0x10
[  205.319653][   T34]  ret_from_fork+0x439/0x7d0
[  205.319662][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  205.319671][   T34]  ? __switch_to_asm+0x39/0x70
[  205.319680][   T34]  ? __switch_to_asm+0x33/0x70
[  205.319689][   T34]  ? __pfx_kthread+0x10/0x10
[  205.319698][   T34]  ret_from_fork_asm+0x1a/0x30
[  205.319712][   T34]  </TASK>
[  205.319714][   T34] Sending NMI from CPU 0 to CPUs 1:
[  205.370665][    C1] NMI backtrace for cpu 1
[  205.370682][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[  205.370694][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  205.370701][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  205.370720][    C1] Code: 53 e8 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d b3 39 0d 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  205.370730][    C1] RSP: 0018:ffffc90000177de0 EFLAGS: 00000282
[  205.370742][    C1] RAX: 54edbc6528f5c900 RBX: ffffffff819693f8 RCX: 54edbc6528f5c900
[  205.370750][    C1] RDX: 0000000000000001 RSI: ffffffff8d9ba61b RDI: ffffffff8be33c00
[  205.370758][    C1] RBP: ffffc90000177f20 R08: ffff888136632f9b R09: 1ffff11026cc65f3
[  205.370764][    C1] R10: dffffc0000000000 R11: ffffed1026cc65f4 R12: ffffffff8fa38d30
[  205.370773][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff1102001f000
[  205.370780][    C1] FS:  0000000000000000(0000) GS:ffff8881a3c13000(0000) knlGS:0000000000000000
[  205.370789][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  205.370796][    C1] CR2: 000055e5590a45c8 CR3: 00000000276fe000 CR4: 00000000000006f0
[  205.370831][    C1] Call Trace:
[  205.370838][    C1]  <TASK>
[  205.370842][    C1]  default_idle+0x13/0x20
[  205.370857][    C1]  default_idle_call+0x74/0xb0
[  205.370873][    C1]  do_idle+0x1e8/0x510
[  205.370931][    C1]  ? __pfx_do_idle+0x10/0x10
[  205.370940][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  205.370952][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.370964][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  205.370975][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  205.370989][    C1]  cpu_startup_entry+0x44/0x60
[  205.370999][    C1]  start_secondary+0x101/0x110
[  205.371023][    C1]  common_startup_64+0x13e/0x147
[  205.371042][    C1]  </TASK>
[  205.371625][   T34] Kernel panic - not syncing: hung_task: blocked tasks
[  205.438020][   T34] CPU: 0 UID: 0 PID: 34 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  205.440955][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  205.444177][   T34] Call Trace:
[  205.445258][   T34]  <TASK>
[  205.446207][   T34]  dump_stack_lvl+0x99/0x250
[  205.447714][   T34]  ? __asan_memcpy+0x40/0x70
[  205.449200][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  205.450853][   T34]  ? __pfx__printk+0x10/0x10
[  205.452459][   T34]  vpanic+0x281/0x750
[  205.454016][   T34]  ? __pfx_vpanic+0x10/0x10
[  205.455456][   T34]  ? __x2apic_send_IPI_mask+0x1e4/0x260
[  205.457263][   T34]  ? preempt_schedule+0xae/0xc0
[  205.458831][   T34]  ? preempt_schedule_common+0x83/0xd0
[  205.460552][   T34]  panic+0xb9/0xc0
[  205.461761][   T34]  ? __pfx_panic+0x10/0x10
[  205.463201][   T34]  ? preempt_schedule_thunk+0x16/0x30
[  205.464890][   T34]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  205.466805][   T34]  watchdog+0xfd2/0xfe0
[  205.468181][   T34]  ? watchdog+0x1de/0xfe0
[  205.469808][   T34]  kthread+0x711/0x8a0
[  205.471365][   T34]  ? __pfx_watchdog+0x10/0x10
[  205.473205][   T34]  ? __pfx_kthread+0x10/0x10
[  205.474792][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  205.476463][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.478196][   T34]  ? __pfx_kthread+0x10/0x10
[  205.479951][   T34]  ret_from_fork+0x439/0x7d0
[  205.481681][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  205.483434][   T34]  ? __switch_to_asm+0x39/0x70
[  205.485255][   T34]  ? __switch_to_asm+0x33/0x70
[  205.487204][   T34]  ? __pfx_kthread+0x10/0x10
[  205.489041][   T34]  ret_from_fork_asm+0x1a/0x30
[  205.490983][   T34]  </TASK>
[  205.493042][   T34] Kernel Offset: disabled
[  205.494554][   T34] Rebooting in 86400 seconds..

VM DIAGNOSIS:
15:56:59  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000023 RBX=0000000000000023 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000068f6b0
R8 =ffff888020ea8237 R9 =1ffff110041d5046 R10=dffffc0000000000 R11=ffffffff854f95c0
R12=dffffc0000000000 R13=ffffffff99b028f4 R14=ffffffff99df7420 R15=0000000000000000
RIP=ffffffff854f963c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8613000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffc00d5a078 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000ffff00000000 00000000000000ff XMM01=0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a
XMM02=ff00000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000ffff00000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000001 RBX=0000000000000000 RCX=ded4177eea334000 RDX=0000000000000000
RSI=ffffffff8d9ce0fc RDI=ffffffff8be33c00 RBP=ffffffff822abfe9 RSP=ffffc90002f9f450
R8 =0000000000000000 R9 =0000000000000000 R10=dffffc0000000000 R11=fffff9400016becf
R12=0000000000000002 R13=ffffffff8e13a0e0 R14=0000000000000000 R15=0000000000000246
RIP=ffffffff8b7b1197 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c13000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f9eb8307d60 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00007f9eb77a76c3 00007f9eb77a76c3 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 00ff000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000ff0000 XMM05=0000000000000000 000000000003bf12
XMM06=041081c4d0f20800 0108000600000007 XMM07=1000000400000000 0806060168e00008
XMM08=0060030010005003 0010004000000006 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
