last executing test programs:

795.314622ms ago: executing program 1 (id=770):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0xc, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x1c, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c"], 0xfdef)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

598.31425ms ago: executing program 2 (id=774):
syz_emit_ethernet(0x4e, &(0x7f0000000340)={@local, @link_local={0x3}, @void, {@ipv4={0x800, @tcp={{0xb, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@ssrr={0x89, 0x7, 0xc9, [@broadcast]}, @timestamp={0x44, 0xc, 0x5, 0x0, 0x0, [0x0, 0x0]}, @timestamp={0x44, 0x4}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)

475.542957ms ago: executing program 2 (id=776):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={0x18, 0x1418, 0x1, 0x2, 0x3, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x18}, 0x1, 0x0, 0x0, 0x8}, 0x0)

475.251762ms ago: executing program 0 (id=777):
socket$kcm(0x21, 0x3, 0xa)

395.079906ms ago: executing program 1 (id=778):
r0 = socket$kcm(0x2d, 0x2, 0x0)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2d, 0xf00, 0x0, 0x80}, 0x2, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x48d0}, 0x44044)

394.843363ms ago: executing program 0 (id=779):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x16, 0x5, &(0x7f0000000940)=@framed={{0x18, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfffffff7}, [@map_fd={0x18, 0x6, 0x1, 0x0, r0}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

394.613104ms ago: executing program 2 (id=780):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000008000000000000d000000911176000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400003}, 0x94)

309.427397ms ago: executing program 0 (id=781):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha224)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4$alg(r0, 0x0, 0x0, 0x800)
sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@getqdisc={0x40, 0x26, 0x10, 0x70bd26, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xffff, 0x8}, {0x8, 0xffe0}, {0xb, 0x3}}, [{0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x2400c000}, 0x4040090)

309.182518ms ago: executing program 1 (id=782):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
close(r0)
socket$xdp(0x2c, 0x3, 0x0)
getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, 0x0, 0x0)

308.926613ms ago: executing program 2 (id=783):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$nfc_llcp(r0, &(0x7f0000001040)={0x27, 0x0, 0xffffffffffffffff, 0x5, 0x0, 0xbc, "d92984bd1ca44c11a077609475b78411e88509ea050000000000f2170e65e3f50327e422000000000000000000000200000000001900", 0x13}, 0x60)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$nfc_llcp(r1, &(0x7f0000001040)={0x27, 0x0, 0xffffffffffffffff, 0x5, 0x0, 0xbc, "d92984bd1ca44c11a077609475b78411e88509ea050000000000f2170e65e3f50327e422000000000000000000000200000000001900", 0x13}, 0x60)

199.49168ms ago: executing program 1 (id=784):
r0 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, &(0x7f0000000000)={0x3, "d76600"}, 0x4)

199.299604ms ago: executing program 0 (id=785):
unshare(0x400)
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b52710aeee835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5bc6d3fd0500000022eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe326c2ed0a432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xf, 0x4, 0x4, 0x12}, 0x50)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r1, r0, 0x26}, 0x10)

106.771211ms ago: executing program 1 (id=786):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffaf}, 0x94)
unshare(0x400)
pread64(r0, 0x0, 0x0, 0x4)

106.534151ms ago: executing program 0 (id=787):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000000500040000000000050005000a00000014000780050015000000000008001240"], 0x60}}, 0x0)

106.35101ms ago: executing program 2 (id=788):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000002340)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4509c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a900d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a3c0db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848022e8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0000000000000000000000000001545f0ec539c3b58facd2f62dc3307a6c91d6b"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000180)={@cgroup=r0, r0, 0x2f, 0x2c, 0x4}, 0x20)

507.9µs ago: executing program 2 (id=789):
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
getsockopt$llc_int(r0, 0x10c, 0x3, &(0x7f0000001b00), &(0x7f0000000000)=0x4)

328.317µs ago: executing program 0 (id=790):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
getsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

0s ago: executing program 1 (id=791):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="2c020000", @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000700000000001400020077673000000000000000000000000000fc010880080100801400040002004e207f0000010000000000000000c40009801c000080060001000200000008000200ac141432050003000000000058000080060001000200000008000200640101020500030003000000060001000a00000014000200ff0200000000000000000000000000010500030003000000060001000200000008000200ac141481050003000300007218647c8781a39040021d4be87e73c100ff0100000000000000000000000000010500030000000000060001000a00000014000200fe8000000000000000000000000000bb0500030001000000240001000000000000000000000000000000000000000000000000000000000000000000060005"], 0x22c}, 0x1, 0x0, 0x0, 0xc811}, 0x40000)
r2 = socket$inet6(0xa, 0x1, 0x8010000000000084)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a0b040000000000000000020000002400048020000180070001006374000014000280080002400000000f08000140000000020900010073797a30000000000900020073797a320000000014000000110001"], 0x78}}, 0x400c084)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0xb, @empty}, 0x1c)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x39}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty, 0xfffffffe}}, 0x80000, 0x0, 0x0, 0x0, 0xb3550aa4ba878396}, 0x9c)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f0000000d00)=@nat={'nat\x00', 0x19, 0x1, 0x21e, [0x200000002300, 0x0, 0x0, 0x2000000024be, 0x2000000024ee], 0x20, 0x0, &(0x7f0000002300)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000006b0000000016636169663000000000000000e3ff00007665746831000000000000000000000073797a5f74756e0039da0000f8ff0000000076657468310000000000000000001000aaaaaaaaaa3d000000ff00000180c2000003ff00ffffff00ae000000560100008e0100006f776e6572000000000000000000000000000000001800"/198, @ANYRES32, @ANYRES32, @ANYRES32=0xee00, @ANYRES32, @ANYBLOB="02040000000000004e464c4f4700000000000000000000000000000000000000000000000000000050000000000000000100000007000300000000005cae641872319dfae5a988272763a36abcf1f74cfd4bf988531a30a528c1c044813d8205fd8b1fdf1c2ccd79b5fb7f9e096fbd1c7eeee4b6646c0b2fc39d3fe20000000072656469726563740000000000000000000000000000000000000000000000000800000000000000feffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff000000"]}, 0x295)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newtaction={0x18, 0x30, 0xffff, 0x70bd29, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)
getsockname$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs, &(0x7f0000000080)=0x6e)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
syz_emit_ethernet(0x1f, &(0x7f0000000240)={@local, @local, @void, {@llc_tr={0x11, {@snap={0xaa, 0xab, 'c', "f876a7", 0x6c0c, "ee145e4c67651dcaac"}}}}}, 0x0)
close(0x4)
unshare(0x6a040000)
socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000080)={0x84, @private=0xa010101, 0x15, 0x3, 'sh\x00', 0x2e, 0x5, 0x72}, 0x2c)
unshare(0x2000000)
r5 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e20, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@loopback, 0x4e20, 0x10000, 0x2, 0x2}}, 0x44)
unshare(0x2010100)
sendmsg$sock(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r6, &(0x7f0000000040)={0x0, 0xa1, &(0x7f00000011c0)=[{&(0x7f0000000080)="5c00000013006bec9e3be35c6e17aa31076b876c0d000000ba090000160af3653c001ac00400020208000200030001002c000000eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0000300000000000000ffffc6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x2000c090)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:58105' (ED25519) to the list of known hosts.
syzkaller login: [   57.545602][ T5546] cgroup: Unknown subsys name 'net'
[   57.653899][ T5546] cgroup: Unknown subsys name 'cpuset'
[   57.658441][ T5546] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.994300][ T5546] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   70.073298][ T5639] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   70.077744][ T5639] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   70.085183][ T5639] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   70.089639][ T5639] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   70.095380][ T5639] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   70.165001][ T5639] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   70.177122][ T4998] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   70.182581][ T4998] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   70.187056][ T4998] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   70.199226][ T5644] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   70.202417][ T5646] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   70.206010][ T5644] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   70.206675][ T5646] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   70.212830][ T5644] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   70.218565][ T5646] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   70.983231][ T5637] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.987150][ T5637] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.990010][ T5637] bridge_slave_0: entered allmulticast mode
[   70.993143][ T5637] bridge_slave_0: entered promiscuous mode
[   71.021942][ T5637] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.024881][ T5637] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.027923][ T5637] bridge_slave_1: entered allmulticast mode
[   71.032332][ T5637] bridge_slave_1: entered promiscuous mode
[   71.069804][ T5643] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.073023][ T5643] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.075337][ T5643] bridge_slave_0: entered allmulticast mode
[   71.078280][ T5643] bridge_slave_0: entered promiscuous mode
[   71.100142][ T5643] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.102679][ T5643] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.105041][ T5643] bridge_slave_1: entered allmulticast mode
[   71.107848][ T5643] bridge_slave_1: entered promiscuous mode
[   71.115406][ T5637] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.156345][ T5637] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.166824][ T5641] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.170107][ T5641] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.173575][ T5641] bridge_slave_0: entered allmulticast mode
[   71.177395][ T5641] bridge_slave_0: entered promiscuous mode
[   71.201211][ T5641] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.204512][ T5641] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.207152][ T5641] bridge_slave_1: entered allmulticast mode
[   71.209809][ T5641] bridge_slave_1: entered promiscuous mode
[   71.214937][ T5643] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.220240][ T5637] team0: Port device team_slave_0 added
[   71.224604][ T5637] team0: Port device team_slave_1 added
[   71.236091][ T5643] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.284659][ T5637] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.287578][ T5637] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.297766][ T5637] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.303379][ T5637] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.305622][ T5637] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.315578][ T5637] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.323300][ T5641] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.347447][ T5641] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.352198][ T5643] team0: Port device team_slave_0 added
[   71.356376][ T5643] team0: Port device team_slave_1 added
[   71.393613][ T5641] team0: Port device team_slave_0 added
[   71.404566][ T5643] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.407016][ T5643] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.415815][ T5643] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.430302][ T5641] team0: Port device team_slave_1 added
[   71.444835][ T5643] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.447440][ T5643] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.457254][ T5643] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.466741][ T5637] hsr_slave_0: entered promiscuous mode
[   71.470137][ T5637] hsr_slave_1: entered promiscuous mode
[   71.483016][ T5641] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.485920][ T5641] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.496255][ T5641] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.526819][ T5641] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.529451][ T5641] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.538990][ T5641] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.591185][ T5643] hsr_slave_0: entered promiscuous mode
[   71.594149][ T5643] hsr_slave_1: entered promiscuous mode
[   71.597010][ T5643] debugfs: 'hsr0' already exists in 'hsr'
[   71.599418][ T5643] Cannot create hsr debugfs directory
[   71.641076][ T5641] hsr_slave_0: entered promiscuous mode
[   71.643291][ T5641] hsr_slave_1: entered promiscuous mode
[   71.645308][ T5641] debugfs: 'hsr0' already exists in 'hsr'
[   71.647087][ T5641] Cannot create hsr debugfs directory
[   71.877305][ T5637] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   71.884384][ T5637] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   71.888986][ T5637] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   71.896076][ T5637] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   71.910260][ T5637] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   71.915460][ T5637] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   71.928525][ T5637] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   71.932954][ T5637] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   71.966259][ T5643] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   71.976432][ T5643] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   71.979963][ T5643] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   71.986094][ T5643] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   71.989746][ T5643] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   71.995386][ T5643] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   72.000336][ T5643] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   72.008332][ T5643] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   72.073493][ T5641] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   72.078700][ T5641] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   72.082342][ T5641] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   72.086644][ T5641] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   72.097867][ T5641] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   72.105411][ T5641] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   72.109218][ T5641] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   72.115240][ T5641] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   72.121184][ T5639] Bluetooth: hci0: command tx timeout
[   72.220436][ T5637] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.238602][ T5643] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.267999][ T5643] 8021q: adding VLAN 0 to HW filter on device team0
[   72.272450][ T5637] 8021q: adding VLAN 0 to HW filter on device team0
[   72.281363][ T5646] Bluetooth: hci1: command tx timeout
[   72.283495][ T5639] Bluetooth: hci2: command tx timeout
[   72.288693][ T1111] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.292082][ T1111] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.300365][ T1111] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.303263][ T1111] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.314572][ T5641] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.324039][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.326995][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.338250][ T1111] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.341029][ T1111] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.382674][ T5641] 8021q: adding VLAN 0 to HW filter on device team0
[   72.398633][ T1111] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.401716][ T1111] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.425724][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.428492][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.492713][ T5641] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   72.715130][ T5643] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.770000][ T5643] veth0_vlan: entered promiscuous mode
[   72.781203][ T5643] veth1_vlan: entered promiscuous mode
[   72.812791][ T5637] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.817398][ T5643] veth0_macvtap: entered promiscuous mode
[   72.832778][ T5643] veth1_macvtap: entered promiscuous mode
[   72.864317][ T5641] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.875686][ T5643] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.892426][ T5643] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.923617][ T5672] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.929940][ T5672] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.939622][ T5637] veth0_vlan: entered promiscuous mode
[   72.944653][ T5672] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.949005][ T5672] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.986620][ T5641] veth0_vlan: entered promiscuous mode
[   72.994270][ T5637] veth1_vlan: entered promiscuous mode
[   73.038259][ T5641] veth1_vlan: entered promiscuous mode
[   73.076195][ T5637] veth0_macvtap: entered promiscuous mode
[   73.087302][ T5637] veth1_macvtap: entered promiscuous mode
[   73.131495][ T5637] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.131931][   T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.143945][   T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.158327][ T5637] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.172216][ T5641] veth0_macvtap: entered promiscuous mode
[   73.190294][ T5641] veth1_macvtap: entered promiscuous mode
[   73.208919][ T5672] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.224388][ T5672] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.228402][ T1111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.234398][ T1111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.235710][ T5672] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.243280][ T5672] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.265193][ T5641] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.303751][ T5641] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.362397][ T5643] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   73.368128][ T5672] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.384903][ T5672] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.400054][ T5672] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.416546][ T5672] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.461120][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.472499][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.561123][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.568707][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.597005][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.605351][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.638627][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.648078][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.731698][ T5751] netlink: 12 bytes leftover after parsing attributes in process `syz.0.13'.
[   73.747122][ T5754] netlink: 10 bytes leftover after parsing attributes in process `syz.2.15'.
[   73.762031][ T5751] netlink: 92 bytes leftover after parsing attributes in process `syz.0.13'.
[   74.203812][ T5639] Bluetooth: hci0: command tx timeout
[   74.360908][ T5639] Bluetooth: hci2: command tx timeout
[   74.362056][ T5646] Bluetooth: hci1: command tx timeout
[   74.730419][ T5783] Illegal XDP return value 1577687538 on prog  (id 3) dev N/A, expect packet loss!
[   75.030079][ T5801] netlink: 1319 bytes leftover after parsing attributes in process `syz.0.39'.
[   75.139413][ T5807] openvswitch: netlink: nsh attribute has 4 unknown bytes.
[   75.144067][ T5807] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   75.495793][ T5830] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   76.160987][ T5888] xt_limit: Overflow, try lower: 28676/2147483648
[   76.280721][ T5646] Bluetooth: hci0: command tx timeout
[   76.440765][ T5646] Bluetooth: hci2: command tx timeout
[   76.443041][ T5639] Bluetooth: hci1: command tx timeout
[   76.464747][ T5902] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.73'.
[   76.551059][ T5904] syz.2.74 uses obsolete (PF_INET,SOCK_PACKET)
[   76.904984][ T5921] netlink: 'syz.0.82': attribute type 2 has an invalid length.
[   77.474897][ T5947] netlink: 424 bytes leftover after parsing attributes in process `syz.1.92'.
[   77.488735][ T1378] ieee802154 phy0 wpan0: encryption failed: -22
[   77.492788][ T1378] ieee802154 phy1 wpan1: encryption failed: -22
[   77.496288][ T5947] netlink: 'syz.1.92': attribute type 1 has an invalid length.
[   77.989182][ T5969] Zero length message leads to an empty skb
[   78.360949][ T5646] Bluetooth: hci0: command tx timeout
[   78.521627][ T5646] Bluetooth: hci1: command tx timeout
[   78.521720][ T5639] Bluetooth: hci2: command tx timeout
[   80.063771][ T6046] xt_TPROXY: Can be used only with -p tcp or -p udp
[   80.093734][ T6048] netlink: 16 bytes leftover after parsing attributes in process `syz.1.141'.
[   80.905902][ T6109] xt_TPROXY: Can be used only with -p tcp or -p udp
[   81.447343][ T6129] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 32, id = 0
[   81.656016][ T6138] netlink: 4 bytes leftover after parsing attributes in process `syz.1.176'.
[   81.661732][ T6139] nicvf0: tun_chr_ioctl cmd 1074812117
[   81.773150][ T6143] openvswitch: netlink: IP tunnel TTL not specified.
[   81.858686][ T6147] netlink: 212916 bytes leftover after parsing attributes in process `syz.2.181'.
[   82.094839][ T6161] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   82.157589][ T6168] netlink: 'syz.0.189': attribute type 3 has an invalid length.
[   82.436424][ T6185] tun0: tun_chr_ioctl cmd 1074812118
[   82.438649][ T6185] tun0: tun_chr_ioctl cmd 1074033169
[   82.754968][ T6213] netlink: 156 bytes leftover after parsing attributes in process `syz.1.208'.
[   82.998569][ T6234] netlink: 8 bytes leftover after parsing attributes in process `syz.1.219'.
[   83.030009][ T6237] netlink: 'syz.1.220': attribute type 3 has an invalid length.
[   83.191978][ T6245] syz.0.222 (6245) used greatest stack depth: 20160 bytes left
[   83.955887][ T6278] syzkaller0: entered promiscuous mode
[   83.958186][ T6278] syzkaller0: entered allmulticast mode
[   84.383054][ T6297] IPv6: addrconf: prefix option has invalid lifetime
[   84.433184][ T6300] netlink: 8 bytes leftover after parsing attributes in process `syz.1.246'.
[   85.067423][ T6360] netlink: 44 bytes leftover after parsing attributes in process `syz.2.275'.
[   85.081594][ T6360] netlink: 43 bytes leftover after parsing attributes in process `syz.2.275'.
[   85.101206][ T6360] netlink: 'syz.2.275': attribute type 6 has an invalid length.
[   85.118803][ T6360] netlink: 'syz.2.275': attribute type 5 has an invalid length.
[   85.123090][ T6360] netlink: 43 bytes leftover after parsing attributes in process `syz.2.275'.
[   85.722643][ T6391] netlink: 16 bytes leftover after parsing attributes in process `syz.0.288'.
[   85.747595][ T6389] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.752369][ T6389] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.936488][ T6389] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   85.951901][ T6389] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   86.171061][ T5712] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   86.179387][ T5712] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   86.185373][ T5712] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   86.188349][ T5712] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   86.855410][ T6467] syzkaller0: entered promiscuous mode
[   86.863168][ T6467] syzkaller0: entered allmulticast mode
[   86.907468][ T6474] netlink: 44 bytes leftover after parsing attributes in process `syz.0.318'.
[   87.426487][ T6510] netlink: 24 bytes leftover after parsing attributes in process `syz.1.336'.
[   87.522393][ T6510] netlink: 16 bytes leftover after parsing attributes in process `syz.1.336'.
[   87.528860][ T6510] netlink: 4 bytes leftover after parsing attributes in process `syz.1.336'.
[   87.732927][   T10] cfg80211: failed to load regulatory.db
[   88.204920][ T6539] xt_hashlimit: size too large, truncated to 1048576
[   88.470451][ T6551] netlink: 28 bytes leftover after parsing attributes in process `syz.1.350'.
[   88.474899][ T6551] netlink: 28 bytes leftover after parsing attributes in process `syz.1.350'.
[   88.519060][ T6549] IPVS: set_ctl: invalid protocol: 46 127.0.0.1:20001
[   88.939245][ T6559] netlink: 'syz.0.353': attribute type 2 has an invalid length.
[   88.947281][ T6559] netlink: 'syz.0.353': attribute type 2 has an invalid length.
[   88.977908][ T6559] macsec1: entered promiscuous mode
[   89.528029][ T6582] Bluetooth: MGMT ver 1.23
[   89.712199][ T6597] veth0: entered promiscuous mode
[   89.724538][ T6597] bridge_slave_0 (unregistering): left allmulticast mode
[   89.737195][ T6597] bridge_slave_0 (unregistering): left promiscuous mode
[   89.742907][ T6597] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.783001][ T6602] netlink: 12 bytes leftover after parsing attributes in process `syz.2.373'.
[   89.865331][ T6596] veth0: left promiscuous mode
[   90.070834][ T6602] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.074253][ T6602] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.187132][ T6602] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   90.205207][ T6602] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   90.365060][   T13] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   90.369231][   T13] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   90.376868][   T13] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   90.382586][   T13] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   90.607614][ T6635] netlink: 156 bytes leftover after parsing attributes in process `syz.0.387'.
[   90.704385][ T6637] netlink: 4 bytes leftover after parsing attributes in process `syz.2.388'.
[   90.853435][ T6644] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[   90.869364][ T6644] bond1: (slave lo): Enslaving as an active interface with an up link
[   90.874107][ T6644] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[   91.027283][ T6654] netlink: 'syz.2.394': attribute type 39 has an invalid length.
[   91.642768][ T6676] openvswitch: netlink: EtherType 50a is less than min 600
[   91.960600][ T5646] Bluetooth: hci2: command 0x0405 tx timeout
[   92.173683][ T6701] netlink: 148 bytes leftover after parsing attributes in process `syz.0.415'.
[   92.968409][ T6743] smbdirect: ib_dev[syz1]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000
[   92.980427][ T6743] smbdirect: ib_dev[syz1]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6
[   92.994588][ T6743] smbdirect: ib_dev[syz1]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008
[   93.009280][ T6743] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   93.028671][ T6743] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   95.568947][ T6832] syzkaller0: entered promiscuous mode
[   95.574852][ T6832] syzkaller0: entered allmulticast mode
[   95.632496][ T6832] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[   95.836600][ T6850] netlink: 'syz.0.482': attribute type 1 has an invalid length.
[   95.869011][ T6850] 8021q: adding VLAN 0 to HW filter on device bond2
[   95.882977][ T6850] bond2: (slave ip6gretap1): making interface the new active one
[   95.886839][ T6850] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link
[   95.935659][ T6854] netlink: 24 bytes leftover after parsing attributes in process `syz.2.484'.
[   96.000252][ T6858] netlink: 'syz.2.486': attribute type 21 has an invalid length.
[   96.005409][ T6858] netlink: 156 bytes leftover after parsing attributes in process `syz.2.486'.
[   96.145106][ T6864] warning: `syz.2.489' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   96.215770][ T6864] netlink: 36 bytes leftover after parsing attributes in process `syz.2.489'.
[   96.221221][ T6864] netlink: 36 bytes leftover after parsing attributes in process `syz.2.489'.
[   96.224324][ T6870] netlink: 8 bytes leftover after parsing attributes in process `syz.1.491'.
[   96.308113][ T6873] trusted_key: syz.2.493 sent an empty control message without MSG_MORE.
[   96.347969][ T6873] netlink: 208240 bytes leftover after parsing attributes in process `syz.2.493'.
[   96.488494][ T6882] netlink: 204 bytes leftover after parsing attributes in process `syz.1.497'.
[   96.534816][ T6884] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   96.686123][ T6897] netlink: 52 bytes leftover after parsing attributes in process `syz.2.504'.
[   96.731150][ T6415] IPVS: starting estimator thread 0...
[   96.736929][ T6902] netlink: 'syz.2.506': attribute type 1 has an invalid length.
[   96.840840][ T6901] IPVS: using max 81 ests per chain, 194400 per kthread
[   96.949504][ T6920] netlink: 52 bytes leftover after parsing attributes in process `syz.1.515'.
[   96.957391][ T6919] syzkaller0: entered promiscuous mode
[   96.959294][ T6919] syzkaller0: entered allmulticast mode
[   96.979710][ T6919] tipc: Started in network mode
[   96.982007][ T6919] tipc: Node identity 5e9d838b5c2f, cluster identity 4711
[   96.985956][ T6919] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   96.992863][ T6919] tipc: Resetting bearer <eth:syzkaller0>
[   96.997661][ T6919] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   97.003274][ T6917] tipc: Resetting bearer <eth:syzkaller0>
[   97.031488][ T6917] tipc: Disabling bearer <eth:syzkaller0>
[   97.074237][ T6925] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[   97.142081][ T6927] netlink: 8 bytes leftover after parsing attributes in process `syz.0.518'.
[   97.527219][ T6950] syzkaller0: entered promiscuous mode
[   97.530226][ T6950] syzkaller0: entered allmulticast mode
[   97.785695][ T6972] tipc: Enabling <eth:lo> not permitted
[   97.787649][ T6972] tipc: Enabling of bearer <eth:lo> rejected, failed to enable media
[   98.000146][ T6993] syzkaller0: entered promiscuous mode
[   98.003108][ T6993] syzkaller0: entered allmulticast mode
[   99.221634][ T7064] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   99.227978][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  100.142447][ T7126] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  100.617860][ T7149] xt_hashlimit: size too large, truncated to 1048576
[  101.109615][ T7154] infiniband syz0: set down
[  101.113496][ T7154] infiniband syz0: added bridge_slave_1
[  101.145383][ T7154] smbdirect: ib_dev[syz0]: added: IB_CA max_fast_reg_page_list_len=512 device_cap_flags=0x1c001223c76 kernel_cap_flags=0x14 page_size_cap=0xfffff000
[  101.161093][ T7154] smbdirect: ib_dev[syz0]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=32 max_cqe=32767 max_qp_wr=1048576 max_send_sge=32 max_recv_sge=32
[  101.170636][ T7154] smbdirect: ib_dev[syz0]PORT[1]: iwarp=0 ib=0 roce=1 v1=0 v2=1 core_cap_flags=0x803005
[  101.217844][ T7154] RDS/IB: syz0: added
[  101.225868][ T7154] smc: adding ib device syz0 with port count 1
[  101.228211][ T7154] smc:    ib device syz0 port 1 has no pnetid
[  101.854031][ T7170] nr0: tun_chr_ioctl cmd 1074025677
[  101.855955][ T7170] nr0: linktype set to 774
[  101.893077][ T7173] __nla_validate_parse: 6 callbacks suppressed
[  101.893089][ T7173] netlink: 48 bytes leftover after parsing attributes in process `syz.1.616'.
[  102.000130][ T7180] netlink: 'syz.0.623': attribute type 12 has an invalid length.
[  102.095518][ T7191] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.625'.
[  102.112174][ T7192] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  102.115135][ T7192] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  102.119088][ T7196] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  102.123502][ T7196] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  102.126939][ T7196] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  102.130298][ T7196] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  102.133714][ T7196] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  102.137048][ T7196] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  102.140277][ T7196] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  102.143726][ T7196] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  102.272026][ T7197] block nbd0: server does not support multiple connections per device.
[  102.276791][ T7197] block nbd0: shutting down sockets
[  102.834801][ T7218] netlink: 'syz.0.633': attribute type 1 has an invalid length.
[  102.881544][ T7222] netlink: 4 bytes leftover after parsing attributes in process `syz.0.635'.
[  102.939712][ T7224] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  102.945872][ T7224] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  103.037456][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.041503][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.053766][ T7227] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  103.125864][ T7233] netlink: 268 bytes leftover after parsing attributes in process `syz.2.640'.
[  103.129773][ T7233] netlink: 136 bytes leftover after parsing attributes in process `syz.2.640'.
[  103.135984][ T7233] netlink: 24 bytes leftover after parsing attributes in process `syz.2.640'.
[  103.353043][ T7243] netlink: 4 bytes leftover after parsing attributes in process `syz.2.645'.
[  105.396524][ T7251] syzkaller0: entered promiscuous mode
[  105.398464][ T7251] syzkaller0: entered allmulticast mode
[  105.675642][ T7272] netlink: 'syz.2.657': attribute type 1 has an invalid length.
[  106.076262][ T7298] netlink: 'syz.0.665': attribute type 3 has an invalid length.
[  106.179350][ T7305] netlink: 'syz.2.668': attribute type 8 has an invalid length.
[  106.182471][ T7305] netlink: 4 bytes leftover after parsing attributes in process `syz.2.668'.
[  106.190019][ T7305] bond0: entered promiscuous mode
[  106.193290][ T7305] bond_slave_0: entered promiscuous mode
[  106.195583][ T7305] bond_slave_1: entered promiscuous mode
[  106.198490][ T7305] gretap0: entered promiscuous mode
[  106.201210][ T7305] team0: entered promiscuous mode
[  106.203164][ T7305] team_slave_0: entered promiscuous mode
[  106.205239][ T7305] team_slave_1: entered promiscuous mode
[  106.211248][ T7305] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network
[  106.215107][ T7305] hsr1: Slave B (gretap0) is not up; please bring it up to get a fully working HSR network
[  106.219147][ T7305] hsr1: Interlink (team0) is not up; please bring it up to get a fully working HSR network
[  106.223887][ T7305] hsr1: entered promiscuous mode
[  106.458619][ T7317] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.671'.
[  106.552620][ T7321] syzkaller1: tun_chr_ioctl cmd 1074025677
[  106.556561][ T7321] syzkaller1: linktype set to 270
[  108.880995][ T7464] bridge1: entered promiscuous mode
[  108.883348][ T7464] bridge1: entered allmulticast mode
[  108.975795][ T7471] netlink: 4 bytes leftover after parsing attributes in process `syz.0.739'.
[  109.002313][ T7471] netlink: 4 bytes leftover after parsing attributes in process `syz.0.739'.
[  109.005600][   T13] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  109.014267][   T13] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  109.022809][   T13] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  109.030805][   T13] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  109.220872][ T7471] nbd0: detected capacity change from 0 to 63
[  109.232802][   T55] block nbd0: Receive control failed (result -104)
[  109.236232][ T7482] block nbd0: Receive control failed (result -32)
[  109.342843][ T7490] geneve2: entered promiscuous mode
[  109.350433][ T7490] geneve2: entered allmulticast mode
[  109.381464][ T7494] netlink: 204 bytes leftover after parsing attributes in process `syz.1.749'.
[  109.385169][ T7494] netlink: 16 bytes leftover after parsing attributes in process `syz.1.749'.
[  109.450015][ T7498] syzkaller0: entered promiscuous mode
[  109.453033][ T7498] syzkaller0: entered allmulticast mode
[  109.475905][ T7498] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  109.486916][ T7497] tipc: Resetting bearer <eth:syzkaller0>
[  109.519468][ T7497] tipc: Disabling bearer <eth:syzkaller0>
[  109.816334][ T7520] netlink: 'syz.0.761': attribute type 2 has an invalid length.
[  110.017930][ T7536] net_ratelimit: 784 callbacks suppressed
[  110.017943][ T7536] openvswitch: netlink: VXLAN extension 307 out of range max 1
[  110.819069][ T7592] 
[  110.820115][ T7592] ======================================================
[  110.822911][ T7592] WARNING: possible circular locking dependency detected
[  110.825603][ T7592] syzkaller #0 Not tainted
[  110.827436][ T7592] ------------------------------------------------------
[  110.830152][ T7592] syz.2.789/7592 is trying to acquire lock:
[  110.832483][ T7592] ffffffff8ea85520 (fs_reclaim){+.+.}-{0:0}, at: prepare_alloc_pages+0x152/0x650
[  110.835928][ T7592] 
[  110.835928][ T7592] but task is already holding lock:
[  110.838793][ T7592] ffff8881b9783438 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x36/0x340
[  110.842442][ T7592] 
[  110.842442][ T7592] which lock already depends on the new lock.
[  110.842442][ T7592] 
[  110.846532][ T7592] 
[  110.846532][ T7592] the existing dependency chain (in reverse order) is:
[  110.850151][ T7592] 
[  110.850151][ T7592] -> #7 (&mm->mmap_lock){++++}-{4:4}:
[  110.853110][ T7592]        __might_fault+0xcb/0x130
[  110.855048][ T7592]        _copy_from_user+0x28/0xb0
[  110.857034][ T7592]        csum_and_copy_from_iter_full+0x1e7/0x1f00
[  110.859524][ T7592]        ip_generic_getfrag+0x149/0x2d0
[  110.861680][ T7592]        __ip6_append_data+0x39cd/0x3f60
[  110.863902][ T7592]        ip6_append_data+0x10f/0x280
[  110.866036][ T7592]        rawv6_sendmsg+0x12d3/0x18e0
[  110.868127][ T7592]        ____sys_sendmsg+0x80a/0x9f0
[  110.870255][ T7592]        ___sys_sendmsg+0x2a5/0x360
[  110.872418][ T7592]        __x64_sys_sendmsg+0x1bd/0x2a0
[  110.874554][ T7592]        do_syscall_64+0x15f/0xf80
[  110.876621][ T7592]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.879048][ T7592] 
[  110.879048][ T7592] -> #6 (sk_lock-AF_INET6){+.+.}-{0:0}:
[  110.881979][ T7592]        lock_sock_nested+0x41/0x100
[  110.884026][ T7592]        inet_shutdown+0x6a/0x390
[  110.885968][ T7592]        nbd_mark_nsock_dead+0x2e9/0x560
[  110.888102][ T7592]        sock_shutdown+0x15e/0x260
[  110.890015][ T7592]        nbd_clear_sock+0x24/0x170
[  110.892009][ T7592]        nbd_config_put+0x2dd/0x580
[  110.894067][ T7592]        nbd_genl_connect+0x19d5/0x1cf0
[  110.896149][ T7592]        genl_family_rcv_msg_doit+0x22a/0x330
[  110.898489][ T7592]        genl_rcv_msg+0x61c/0x7a0
[  110.900431][ T7592]        netlink_rcv_skb+0x232/0x4b0
[  110.902466][ T7592]        genl_rcv+0x28/0x40
[  110.904257][ T7592]        netlink_unicast+0x75c/0x8e0
[  110.906361][ T7592]        netlink_sendmsg+0x813/0xb40
[  110.908532][ T7592]        ____sys_sendmsg+0x972/0x9f0
[  110.910673][ T7592]        ___sys_sendmsg+0x2a5/0x360
[  110.912756][ T7592]        __x64_sys_sendmsg+0x1bd/0x2a0
[  110.914991][ T7592]        do_syscall_64+0x15f/0xf80
[  110.917145][ T7592]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.919722][ T7592] 
[  110.919722][ T7592] -> #5 (&nsock->tx_lock){+.+.}-{4:4}:
[  110.922730][ T7592]        __mutex_lock+0x1a3/0x1550
[  110.924794][ T7592]        nbd_queue_rq+0x37b/0x1100
[  110.926852][ T7592]        blk_mq_dispatch_rq_list+0xa70/0x1910
[  110.929231][ T7592]        __blk_mq_sched_dispatch_requests+0xdcc/0x1600
[  110.931845][ T7592]        blk_mq_sched_dispatch_requests+0xd7/0x190
[  110.934452][ T7592]        blk_mq_run_hw_queue+0x348/0x4f0
[  110.936751][ T7592]        blk_mq_dispatch_list+0xd16/0xe10
[  110.938989][ T7592]        blk_mq_flush_plug_list+0x48d/0x570
[  110.941395][ T7592]        __blk_flush_plug+0x3ed/0x4d0
[  110.943579][ T7592]        __submit_bio+0x28d/0x580
[  110.945503][ T7592]        submit_bio_noacct_nocheck+0x2f4/0xa40
[  110.947867][ T7592]        block_read_full_folio+0x599/0x830
[  110.950221][ T7592]        filemap_read_folio+0x137/0x3b0
[  110.952467][ T7592]        do_read_cache_folio+0x358/0x590
[  110.954761][ T7592]        read_part_sector+0xb6/0x2b0
[  110.956904][ T7592]        adfspart_check_ICS+0xb1/0x960
[  110.959122][ T7592]        bdev_disk_changed+0x817/0x1770
[  110.961379][ T7592]        blkdev_get_whole+0x380/0x510
[  110.963546][ T7592]        bdev_open+0x31e/0xd30
[  110.965519][ T7592]        blkdev_open+0x470/0x610
[  110.967479][ T7592]        do_dentry_open+0x785/0x14e0
[  110.969598][ T7592]        vfs_open+0x3b/0x340
[  110.971407][ T7592]        path_openat+0x2e08/0x3860
[  110.973410][ T7592]        do_file_open+0x23e/0x4a0
[  110.975431][ T7592]        do_sys_openat2+0x113/0x200
[  110.977491][ T7592]        __x64_sys_openat+0x138/0x170
[  110.979674][ T7592]        do_syscall_64+0x15f/0xf80
[  110.981774][ T7592]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.984314][ T7592] 
[  110.984314][ T7592] -> #4 (&cmd->lock){+.+.}-{4:4}:
[  110.986703][ T7592]        __mutex_lock+0x1a3/0x1550
[  110.988472][ T7592]        nbd_queue_rq+0xc6/0x1100
[  110.990192][ T7592]        blk_mq_dispatch_rq_list+0xa70/0x1910
[  110.992695][ T7592]        __blk_mq_sched_dispatch_requests+0xdcc/0x1600
[  110.995341][ T7592]        blk_mq_sched_dispatch_requests+0xd7/0x190
[  110.997900][ T7592]        blk_mq_run_hw_queue+0x348/0x4f0
[  111.000134][ T7592]        blk_mq_dispatch_list+0xd16/0xe10
[  111.002474][ T7592]        blk_mq_flush_plug_list+0x48d/0x570
[  111.004850][ T7592]        __blk_flush_plug+0x3ed/0x4d0
[  111.007011][ T7592]        __submit_bio+0x28d/0x580
[  111.009051][ T7592]        submit_bio_noacct_nocheck+0x2f4/0xa40
[  111.011663][ T7592]        block_read_full_folio+0x599/0x830
[  111.013897][ T7592]        filemap_read_folio+0x137/0x3b0
[  111.015915][ T7592]        do_read_cache_folio+0x358/0x590
[  111.018155][ T7592]        read_part_sector+0xb6/0x2b0
[  111.020265][ T7592]        adfspart_check_ICS+0xb1/0x960
[  111.022449][ T7592]        bdev_disk_changed+0x817/0x1770
[  111.024663][ T7592]        blkdev_get_whole+0x380/0x510
[  111.026817][ T7592]        bdev_open+0x31e/0xd30
[  111.028736][ T7592]        blkdev_open+0x470/0x610
[  111.030690][ T7592]        do_dentry_open+0x785/0x14e0
[  111.032781][ T7592]        vfs_open+0x3b/0x340
[  111.034536][ T7592]        path_openat+0x2e08/0x3860
[  111.036473][ T7592]        do_file_open+0x23e/0x4a0
[  111.038232][ T7592]        do_sys_openat2+0x113/0x200
[  111.040144][ T7592]        __x64_sys_openat+0x138/0x170
[  111.041961][ T7592]        do_syscall_64+0x15f/0xf80
[  111.043580][ T7592]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.045638][ T7592] 
[  111.045638][ T7592] -> #3 (set->srcu){.+.+}-{0:0}:
[  111.047829][ T7592]        __synchronize_srcu+0xca/0x300
[  111.049507][ T7592]        elevator_switch+0x1e8/0x7a0
[  111.051284][ T7592]        elevator_change+0x2cc/0x450
[  111.052998][ T7592]        elevator_set_default+0x36c/0x430
[  111.054863][ T7592]        blk_register_queue+0x3e9/0x4e0
[  111.056618][ T7592]        __add_disk+0x677/0xd50
[  111.058119][ T7592]        add_disk_fwnode+0xfb/0x480
[  111.059740][ T7592]        nbd_dev_add+0x72c/0xb50
[  111.061353][ T7592]        nbd_init+0x168/0x1f0
[  111.063406][ T7592]        do_one_initcall+0x250/0x870
[  111.065047][ T7592]        do_initcall_level+0x104/0x190
[  111.067081][ T7592]        do_initcalls+0x59/0xa0
[  111.068671][ T7592]        kernel_init_freeable+0x2a6/0x3e0
[  111.071011][ T7592]        kernel_init+0x1d/0x1d0
[  111.072513][ T7592]        ret_from_fork+0x514/0xb70
[  111.074516][ T7592]        ret_from_fork_asm+0x1a/0x30
[  111.076498][ T7592] 
[  111.076498][ T7592] -> #2 (&q->elevator_lock){+.+.}-{4:4}:
[  111.079585][ T7592]        __mutex_lock+0x1a3/0x1550
[  111.081585][ T7592]        elevator_change+0x1b3/0x450
[  111.083671][ T7592]        elevator_set_none+0xb5/0x140
[  111.085816][ T7592]        blk_mq_update_nr_hw_queues+0x5e7/0x1a60
[  111.088318][ T7592]        nbd_start_device+0x17f/0xb10
[  111.090465][ T7592]        nbd_genl_connect+0x165b/0x1cf0
[  111.092696][ T7592]        genl_family_rcv_msg_doit+0x22a/0x330
[  111.095066][ T7592]        genl_rcv_msg+0x61c/0x7a0
[  111.097093][ T7592]        netlink_rcv_skb+0x232/0x4b0
[  111.099217][ T7592]        genl_rcv+0x28/0x40
[  111.101010][ T7592]        netlink_unicast+0x75c/0x8e0
[  111.103059][ T7592]        netlink_sendmsg+0x813/0xb40
[  111.105116][ T7592]        ____sys_sendmsg+0x972/0x9f0
[  111.107134][ T7592]        ___sys_sendmsg+0x2a5/0x360
[  111.109236][ T7592]        __x64_sys_sendmsg+0x1bd/0x2a0
[  111.111450][ T7592]        do_syscall_64+0x15f/0xf80
[  111.113533][ T7592]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.116108][ T7592] 
[  111.116108][ T7592] -> #1 (&q->q_usage_counter(io)#49){++++}-{0:0}:
[  111.119513][ T7592]        blk_alloc_queue+0x546/0x680
[  111.121681][ T7592]        __blk_mq_alloc_disk+0x197/0x390
[  111.124011][ T7592]        nbd_dev_add+0x499/0xb50
[  111.126092][ T7592]        nbd_init+0x168/0x1f0
[  111.128048][ T7592]        do_one_initcall+0x250/0x870
[  111.130166][ T7592]        do_initcall_level+0x104/0x190
[  111.132351][ T7592]        do_initcalls+0x59/0xa0
[  111.134293][ T7592]        kernel_init_freeable+0x2a6/0x3e0
[  111.136527][ T7592]        kernel_init+0x1d/0x1d0
[  111.138428][ T7592]        ret_from_fork+0x514/0xb70
[  111.140591][ T7592]        ret_from_fork_asm+0x1a/0x30
[  111.142766][ T7592] 
[  111.142766][ T7592] -> #0 (fs_reclaim){+.+.}-{0:0}:
[  111.145665][ T7592]        __lock_acquire+0x15a5/0x2cf0
[  111.147816][ T7592]        lock_acquire+0x106/0x350
[  111.149881][ T7592]        fs_reclaim_acquire+0x71/0x100
[  111.152037][ T7592]        prepare_alloc_pages+0x152/0x650
[  111.154309][ T7592]        __alloc_frozen_pages_noprof+0x12f/0x380
[  111.156882][ T7592]        alloc_pages_mpol+0x235/0x490
[  111.159077][ T7592]        folio_alloc_mpol_noprof+0x39/0x160
[  111.161481][ T7592]        vma_alloc_folio_noprof+0xe1/0x1e0
[  111.163870][ T7592]        do_pte_missing+0x159d/0x33f0
[  111.166038][ T7592]        handle_mm_fault+0x1bd7/0x3170
[  111.168287][ T7592]        do_user_addr_fault+0x75b/0x1340
[  111.170536][ T7592]        exc_page_fault+0x6a/0xc0
[  111.172584][ T7592]        asm_exc_page_fault+0x26/0x30
[  111.174732][ T7592]        rep_movs_alternative+0x11/0x90
[  111.176983][ T7592]        _copy_to_user+0x8a/0xb0
[  111.178962][ T7592]        llc_ui_getsockopt+0x3cf/0x4c0
[  111.181187][ T7592]        do_sock_getsockopt+0x51d/0x7e0
[  111.183277][ T7592]        __x64_sys_getsockopt+0x1a4/0x240
[  111.185473][ T7592]        do_syscall_64+0x15f/0xf80
[  111.187517][ T7592]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.190004][ T7592] 
[  111.190004][ T7592] other info that might help us debug this:
[  111.190004][ T7592] 
[  111.194045][ T7592] Chain exists of:
[  111.194045][ T7592]   fs_reclaim --> sk_lock-AF_INET6 --> &mm->mmap_lock
[  111.194045][ T7592] 
[  111.198969][ T7592]  Possible unsafe locking scenario:
[  111.198969][ T7592] 
[  111.201909][ T7592]        CPU0                    CPU1
[  111.204105][ T7592]        ----                    ----
[  111.206280][ T7592]   rlock(&mm->mmap_lock);
[  111.208014][ T7592]                                lock(sk_lock-AF_INET6);
[  111.210663][ T7592]                                lock(&mm->mmap_lock);
[  111.213279][ T7592]   lock(fs_reclaim);
[  111.214775][ T7592] 
[  111.214775][ T7592]  *** DEADLOCK ***
[  111.214775][ T7592] 
[  111.217886][ T7592] 2 locks held by syz.2.789/7592:
[  111.219865][ T7592]  #0: ffff8881a66de260 (sk_lock-AF_LLC){+.+.}-{0:0}, at: llc_ui_getsockopt+0xb1/0x4c0
[  111.223635][ T7592]  #1: ffff8881b9783438 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x36/0x340
[  111.227252][ T7592] 
[  111.227252][ T7592] stack backtrace:
[  111.229115][ T7592] CPU: 1 UID: 0 PID: 7592 Comm: syz.2.789 Not tainted syzkaller #0 PREEMPT(full) 
[  111.229132][ T7592] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  111.229142][ T7592] Call Trace:
[  111.229149][ T7592]  <TASK>
[  111.229157][ T7592]  dump_stack_lvl+0xe8/0x150
[  111.229175][ T7592]  print_circular_bug+0x2e1/0x300
[  111.229195][ T7592]  check_noncircular+0x12e/0x150
[  111.229217][ T7592]  __lock_acquire+0x15a5/0x2cf0
[  111.229232][ T7592]  ? ima_match_policy+0x112/0x21e0
[  111.229249][ T7592]  ? ima_match_policy+0x2146/0x21e0
[  111.229261][ T7592]  ? prepare_alloc_pages+0x152/0x650
[  111.229280][ T7592]  lock_acquire+0x106/0x350
[  111.229293][ T7592]  ? prepare_alloc_pages+0x152/0x650
[  111.229312][ T7592]  fs_reclaim_acquire+0x71/0x100
[  111.229323][ T7592]  ? prepare_alloc_pages+0x152/0x650
[  111.229333][ T7592]  prepare_alloc_pages+0x152/0x650
[  111.229344][ T7592]  __alloc_frozen_pages_noprof+0x12f/0x380
[  111.229362][ T7592]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  111.229378][ T7592]  ? __pfx_policy_nodemask+0x10/0x10
[  111.229392][ T7592]  ? __lock_acquire+0x6b5/0x2cf0
[  111.229399][ T7592]  ? __lock_acquire+0x6b5/0x2cf0
[  111.229407][ T7592]  alloc_pages_mpol+0x235/0x490
[  111.229418][ T7592]  folio_alloc_mpol_noprof+0x39/0x160
[  111.229431][ T7592]  vma_alloc_folio_noprof+0xe1/0x1e0
[  111.229442][ T7592]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  111.229453][ T7592]  ? __pte_offset_map+0x29/0x240
[  111.229463][ T7592]  ? __pte_offset_map+0x29/0x240
[  111.229472][ T7592]  do_pte_missing+0x159d/0x33f0
[  111.229486][ T7592]  ? handle_mm_fault+0xee/0x3170
[  111.229495][ T7592]  handle_mm_fault+0x1bd7/0x3170
[  111.229507][ T7592]  ? handle_mm_fault+0xee/0x3170
[  111.229516][ T7592]  ? __pfx_handle_mm_fault+0x10/0x10
[  111.229527][ T7592]  ? lock_mm_and_find_vma+0xa7/0x340
[  111.229538][ T7592]  do_user_addr_fault+0x75b/0x1340
[  111.229548][ T7592]  exc_page_fault+0x6a/0xc0
[  111.229591][ T7592]  asm_exc_page_fault+0x26/0x30
[  111.229604][ T7592] RIP: 0010:rep_movs_alternative+0x11/0x90
[  111.229619][ T7592] Code: e9 54 54 04 00 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 2e 0f 1f
[  111.229629][ T7592] RSP: 0018:ffffc900066bfbe8 EFLAGS: 00010202
[  111.229641][ T7592] RAX: ffffffff84b21801 RBX: 0000000000000004 RCX: 0000000000000004
[  111.229650][ T7592] RDX: 0000000000000000 RSI: ffffc900066bfc60 RDI: 0000200000001b00
[  111.229660][ T7592] RBP: ffffc900066bfcd0 R08: 0000000000000003 R09: 0000000000000004
[  111.229667][ T7592] R10: dffffc0000000000 R11: fffff52000cd7f8c R12: 0000200000001b04
[  111.229672][ T7592] R13: 00007ffffffff000 R14: ffffc900066bfc60 R15: 0000200000001b00
[  111.229679][ T7592]  ? _copy_from_user+0xa1/0xb0
[  111.229704][ T7592]  _copy_to_user+0x8a/0xb0
[  111.229721][ T7592]  llc_ui_getsockopt+0x3cf/0x4c0
[  111.229735][ T7592]  ? __pfx_llc_ui_getsockopt+0x10/0x10
[  111.229746][ T7592]  ? __pfx_llc_ui_getsockopt+0x10/0x10
[  111.229755][ T7592]  do_sock_getsockopt+0x51d/0x7e0
[  111.229768][ T7592]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  111.229779][ T7592]  ? __fget_files+0x3a0/0x420
[  111.229790][ T7592]  ? __fget_files+0x2a/0x420
[  111.229806][ T7592]  __x64_sys_getsockopt+0x1a4/0x240
[  111.229821][ T7592]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.229830][ T7592]  do_syscall_64+0x15f/0xf80
[  111.229848][ T7592]  ? trace_irq_disable+0x3b/0x140
[  111.229862][ T7592]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.229870][ T7592] RIP: 0033:0x7fca2439cdd9
[  111.229881][ T7592] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  111.229887][ T7592] RSP: 002b:00007fca251f2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  111.229895][ T7592] RAX: ffffffffffffffda RBX: 00007fca24615fa0 RCX: 00007fca2439cdd9
[  111.229900][ T7592] RDX: 0000000000000003 RSI: 000000000000010c RDI: 0000000000000004
[  111.229906][ T7592] RBP: 00007fca24432d69 R08: 0000200000000000 R09: 0000000000000000
[  111.229911][ T7592] R10: 0000200000001b00 R11: 0000000000000246 R12: 0000000000000000
[  111.229916][ T7592] R13: 00007fca24616038 R14: 00007fca24615fa0 R15: 00007ffffbc02b68
[  111.229924][ T7592]  </TASK>
