last executing test programs:

342.494549ms ago: executing program 2 (id=2331):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000240)=@newsa={0x148, 0x10, 0x1, 0x0, 0x0, {{@in=@private, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {@in=@dev, 0x0, 0x32}, @in=@empty, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_aead={0x4c, 0x12, {{'seqiv(ccm(blowfish-asm))\x00'}, 0x0, 0x40}}, @sec_ctx={0xc, 0x8, {0x8}}]}, 0x148}}, 0x0)

342.289209ms ago: executing program 1 (id=2332):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x400448de, &(0x7f00000000c0)={'wlan0\x00', 0x1})

256.189695ms ago: executing program 0 (id=2334):
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f0000000200)="d80000002c0081064e81f782db44b904021d080005000300e8fe55a1180005000600142603600e120900210000000401a8001600a400014006000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbaceadaafc9136e30a3f36d90116d58017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809f6e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4ed", 0xd8}], 0x1}, 0x0)

255.936374ms ago: executing program 1 (id=2335):
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r0, &(0x7f0000003c40)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@alg={0xe0, 0x10, 0x1, 0x70bd26, 0x25dfdbff, {{'sha3-256\x00'}, '\x00', '\x00', 0x2000, 0x4000}}, 0xe0}, 0x1, 0x0, 0x0, 0x2000c010}, 0x4000080)

255.806705ms ago: executing program 2 (id=2336):
r0 = socket(0x10, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0xffffffffffffff87)

255.69782ms ago: executing program 2 (id=2337):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), r0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000003c0)={0x54, r1, 0x111, 0x70bd27, 0x25dfdbfc, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x18, 0x3, 0x2}}, {0x8, 0xb, 0x9}, {0x6, 0x16, 0x2}, {0x5, 0x12, 0x1}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000800}, 0x20000)

194.511631ms ago: executing program 1 (id=2338):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$xdp(0x2c, 0x3, 0x0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f00000002c0)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r4=>0x0})
r5 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r5, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r5, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r7=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r5, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4)
bind$xdp(r5, &(0x7f0000000100)={0x2c, 0x0, r7}, 0x10)
bind$xdp(r2, &(0x7f0000000240)={0x2c, 0x1, r4, 0x0, r5}, 0x60)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xe, 0xb}}}, 0x24}}, 0x800)

194.314354ms ago: executing program 0 (id=2339):
r0 = socket$igmp(0x2, 0x3, 0x2)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4000004, 0x32, 0xffffffffffffffff, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000000)={@remote, @local, 0x0, "30a47ddacd92b91948edfc1219b5a8dee1db5ac45f22dc62a97af67dd1a76755"}, 0x3c)
ioctl$SIOCGETSGCNT(r0, 0x89e1, &(0x7f0000000140)={@loopback, @remote})

192.906092ms ago: executing program 2 (id=2340):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, 0x0, &(0x7f0000000140))
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r4, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e67}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r3, @ANYBLOB="a787000000ff000000000b00000404000180"], 0x18}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000fc0)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB], 0x20)
r5 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, 0x0, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000180)={@local, 0x10000, 0x0, 0x1, 0x1, 0x0, 0x2}, 0x20)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x9, @loopback}, 0x1c)
r6 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r6, 0x0, 0xc8, &(0x7f0000000240), 0x4)
setsockopt$MRT_ADD_VIF(r6, 0x0, 0xca, 0x0, 0x0)

137.859454ms ago: executing program 0 (id=2341):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x3, 0xc, 0x0, 0x0, 0xb, 0x0, 0x0, 0x41000}, 0x94)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c00000015000504e1ff4319918e00352d"], 0x2c}}, 0x60040050)

85.383213ms ago: executing program 0 (id=2342):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r0)
sendmsg$IEEE802154_START_REQ(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0xffff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x18000}, 0x0)

74.934286ms ago: executing program 1 (id=2343):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000000)={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x5a, {0x2, 0x4e23, @empty}, 'wlan0\x00'})

72.49117ms ago: executing program 2 (id=2344):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0xd, 0x7)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000000bc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=""/204, 0xcc}, 0x2}], 0x1, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000100)=0x1ef9, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

3.464668ms ago: executing program 0 (id=2345):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x3c, r1, 0x1, 0x0, 0x0, {0x3d}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xfffffffffffffda0, 0x82}}]}, 0x3c}}, 0x0)

3.187541ms ago: executing program 1 (id=2346):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240), 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000000)={0x6, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000060000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007000000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000c500000095"], &(0x7f0000000140)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100}, 0x94)

3.045564ms ago: executing program 0 (id=2347):
socket$alg(0x26, 0x5, 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb4, 0x7f}, 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
socket$igmp(0x2, 0x3, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c000200060000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}}, 0x0)

1.761976ms ago: executing program 1 (id=2348):
socket$kcm(0x10, 0x2, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000000c0)={0x30, r1, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x4}, @NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}]}, 0x30}}, 0x20000000)

0s ago: executing program 2 (id=2349):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x6, 0x4, 0x4, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="17fa00000000090000000400000000001c110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000000700000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x40, 0x20}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000140), 0x1003, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r0], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:10926' (ED25519) to the list of known hosts.
syzkaller login: [   50.326365][ T5737] cgroup: Unknown subsys name 'net'
[   50.405399][ T5737] cgroup: Unknown subsys name 'cpuset'
[   50.411191][ T5737] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   52.158694][ T5737] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   57.038513][ T5809] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   57.041604][ T5809] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   57.047953][ T5809] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   57.050963][ T5809] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   57.055337][ T5809] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   57.059290][ T5809] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   57.074245][ T5812] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   57.081416][ T5812] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   57.085555][ T5812] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   57.089089][ T5812] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   57.101285][ T5809] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   57.107932][ T5201] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   57.111586][ T5201] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   57.114590][ T5201] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   57.117936][ T5201] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   57.416543][ T5807] chnl_net:caif_netlink_parms(): no params data found
[   57.460489][ T5813] chnl_net:caif_netlink_parms(): no params data found
[   57.565093][ T5805] chnl_net:caif_netlink_parms(): no params data found
[   57.667135][ T5807] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.670309][ T5807] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.672756][ T5807] bridge_slave_0: entered allmulticast mode
[   57.675538][ T5807] bridge_slave_0: entered promiscuous mode
[   57.679806][ T5813] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.682607][ T5813] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.685317][ T5813] bridge_slave_0: entered allmulticast mode
[   57.688352][ T5813] bridge_slave_0: entered promiscuous mode
[   57.702422][ T5807] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.705218][ T5807] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.708363][ T5807] bridge_slave_1: entered allmulticast mode
[   57.712076][ T5807] bridge_slave_1: entered promiscuous mode
[   57.715767][ T5813] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.718912][ T5813] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.721601][ T5813] bridge_slave_1: entered allmulticast mode
[   57.725323][ T5813] bridge_slave_1: entered promiscuous mode
[   57.782926][ T5813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.789313][ T5813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.855061][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.858832][ T5805] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.861754][ T5805] bridge_slave_0: entered allmulticast mode
[   57.865067][ T5805] bridge_slave_0: entered promiscuous mode
[   57.870868][ T5807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.875852][ T5813] team0: Port device team_slave_0 added
[   57.879895][ T5807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.883664][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.886759][ T5805] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.891275][ T5805] bridge_slave_1: entered allmulticast mode
[   57.894668][ T5805] bridge_slave_1: entered promiscuous mode
[   57.899107][ T5813] team0: Port device team_slave_1 added
[   57.941330][ T5805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.946146][ T5805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.969141][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.971817][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.981251][ T5813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.007142][ T5807] team0: Port device team_slave_0 added
[   58.012374][ T5805] team0: Port device team_slave_0 added
[   58.015395][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.018749][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.029737][ T5813] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.035430][ T5807] team0: Port device team_slave_1 added
[   58.047004][ T5805] team0: Port device team_slave_1 added
[   58.064327][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.066662][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.078289][ T5807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.100454][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.103004][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.112049][ T5805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.116070][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.119389][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.128973][ T5807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.144158][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.147604][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.158276][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.181312][ T5813] hsr_slave_0: entered promiscuous mode
[   58.184506][ T5813] hsr_slave_1: entered promiscuous mode
[   58.257788][ T5807] hsr_slave_0: entered promiscuous mode
[   58.260362][ T5807] hsr_slave_1: entered promiscuous mode
[   58.263198][ T5807] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   58.266612][ T5807] Cannot create hsr debugfs directory
[   58.279563][ T5805] hsr_slave_0: entered promiscuous mode
[   58.282073][ T5805] hsr_slave_1: entered promiscuous mode
[   58.284720][ T5805] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   58.287510][ T5805] Cannot create hsr debugfs directory
[   58.568835][ T5813] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   58.579260][ T5813] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   58.586179][ T5813] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   58.599215][ T5813] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   58.649280][ T5807] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   58.671441][ T5807] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   58.678823][ T5807] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   58.689295][ T5807] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   58.732956][ T5805] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   58.740254][ T5805] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   58.745999][ T5805] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   58.752848][ T5805] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   58.841484][ T5813] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.861971][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.879123][ T5813] 8021q: adding VLAN 0 to HW filter on device team0
[   58.885414][ T5807] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.894040][ T1086] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.896521][ T1086] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.904778][ T5805] 8021q: adding VLAN 0 to HW filter on device team0
[   58.914052][ T3977] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.916644][ T3977] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.922995][ T3977] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.925957][ T3977] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.940765][ T3977] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.943712][ T3977] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.953184][ T5807] 8021q: adding VLAN 0 to HW filter on device team0
[   58.972561][ T3977] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.975068][ T3977] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.980995][ T3977] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.983396][ T3977] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.016227][ T5805] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   59.022813][ T5805] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   59.082606][ T5201] Bluetooth: hci1: command tx timeout
[   59.158595][ T5201] Bluetooth: hci2: command tx timeout
[   59.161468][ T5201] Bluetooth: hci0: command tx timeout
[   59.279058][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.291519][ T5813] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.329565][ T5807] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.372177][ T5805] veth0_vlan: entered promiscuous mode
[   59.386685][ T5813] veth0_vlan: entered promiscuous mode
[   59.401455][ T5805] veth1_vlan: entered promiscuous mode
[   59.406115][ T5813] veth1_vlan: entered promiscuous mode
[   59.445302][ T5807] veth0_vlan: entered promiscuous mode
[   59.469391][ T5807] veth1_vlan: entered promiscuous mode
[   59.475337][ T5813] veth0_macvtap: entered promiscuous mode
[   59.486038][ T5805] veth0_macvtap: entered promiscuous mode
[   59.503234][ T5813] veth1_macvtap: entered promiscuous mode
[   59.512014][ T5805] veth1_macvtap: entered promiscuous mode
[   59.541776][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.553431][ T5807] veth0_macvtap: entered promiscuous mode
[   59.560000][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.572319][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.577820][ T5807] veth1_macvtap: entered promiscuous mode
[   59.585686][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.599203][ T5805] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.603354][ T5805] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.609851][ T5805] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.613410][ T5805] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.636126][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.645520][ T5813] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.650814][ T5813] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.655108][ T5813] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.659923][ T5813] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.671748][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.688410][ T5807] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.691248][ T5807] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.694148][ T5807] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.697084][ T5807] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.811384][ T1091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.814687][ T1091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.874781][   T28] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.887004][   T28] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.918925][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.926016][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.941992][ T1091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.948042][ T1091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.976754][ T1225] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.984321][ T1225] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.024250][ T5805] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   60.037790][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.042432][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.136884][ T5876] syz_tun: entered promiscuous mode
[   60.143148][ T5876] batadv_slave_0: entered promiscuous mode
[   60.148649][ T5876] hsr1: entered allmulticast mode
[   60.150742][ T5876] syz_tun: entered allmulticast mode
[   60.152522][ T5876] batadv_slave_0: entered allmulticast mode
[   60.296804][ T5887] netlink: 60 bytes leftover after parsing attributes in process `syz.2.6'.
[   60.302125][ T5887] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6'.
[   60.305320][ T5887] netlink: 60 bytes leftover after parsing attributes in process `syz.2.6'.
[   60.490816][ T5904] netlink: 'syz.0.14': attribute type 2 has an invalid length.
[   61.159000][ T5201] Bluetooth: hci1: command tx timeout
[   61.239094][ T5812] Bluetooth: hci2: command tx timeout
[   61.242513][ T5201] Bluetooth: hci0: command tx timeout
[   61.440696][ T5938] syz.2.25 uses obsolete (PF_INET,SOCK_PACKET)
[   61.445656][ T5938] veth0: entered promiscuous mode
[   61.474075][ T5940] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[   61.496012][ T5940] team0: Port device gretap1 added
[   61.502490][ T5937] veth0: left promiscuous mode
[   61.544772][ T5940] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.564479][ T5940] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.591804][ T5942] netlink: 4 bytes leftover after parsing attributes in process `syz.0.27'.
[   61.657709][ T5947] netlink: 16 bytes leftover after parsing attributes in process `syz.2.29'.
[   61.880343][ T5960] netlink: 4 bytes leftover after parsing attributes in process `syz.1.34'.
[   61.976861][ T5966] netlink: 'syz.1.36': attribute type 2 has an invalid length.
[   61.981482][ T5966] netlink: 'syz.1.36': attribute type 1 has an invalid length.
[   62.549071][ T5998] netlink: 248 bytes leftover after parsing attributes in process `syz.1.52'.
[   63.010753][ T6027] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   63.092061][ T6034] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   63.237484][ T5201] Bluetooth: hci1: command tx timeout
[   63.308655][ T6047] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   63.320912][ T5201] Bluetooth: hci0: command tx timeout
[   63.323349][ T5201] Bluetooth: hci2: command tx timeout
[   63.433706][ T6050] netlink: 'syz.2.73': attribute type 10 has an invalid length.
[   63.437804][ T6050] netlink: 32 bytes leftover after parsing attributes in process `syz.2.73'.
[   63.566765][ T6057] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   63.708933][ T6068] netlink: 12 bytes leftover after parsing attributes in process `syz.2.79'.
[   63.729468][ T6068] bridge1: port 1(ip6gretap1) entered blocking state
[   63.731930][ T6068] bridge1: port 1(ip6gretap1) entered disabled state
[   63.734566][ T6068] ip6gretap1: entered allmulticast mode
[   63.739268][ T6068] ip6gretap1: entered promiscuous mode
[   63.762049][ T6068] veth3: entered promiscuous mode
[   63.763970][ T6068] bridge1: port 2(veth3) entered blocking state
[   63.766019][ T6068] bridge1: port 2(veth3) entered disabled state
[   63.768580][ T6068] veth3: entered allmulticast mode
[   64.575137][ T6080] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   64.584809][ T6080] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   64.635100][ T6080] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   64.640580][ T6080] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   64.643740][ T6080] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   64.648101][ T6080] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   64.779320][ T6085] netlink: 'syz.1.84': attribute type 12 has an invalid length.
[   64.782731][ T6085] netlink: 9472 bytes leftover after parsing attributes in process `syz.1.84'.
[   64.910831][ T6085] openvswitch: netlink: Missing key (keys=40, expected=200000)
[   65.104063][ T6099] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[   65.314429][ T6116] netlink: 28 bytes leftover after parsing attributes in process `syz.2.96'.
[   65.320058][ T6116] netlink: 28 bytes leftover after parsing attributes in process `syz.2.96'.
[   65.320084][ T5201] Bluetooth: hci1: command tx timeout
[   65.398021][ T5812] Bluetooth: hci0: command tx timeout
[   65.400940][ T5201] Bluetooth: hci2: command tx timeout
[   65.443371][ T6123] netlink: 12 bytes leftover after parsing attributes in process `syz.2.99'.
[   65.460811][    T9] IPVS: starting estimator thread 0...
[   65.496345][ T6126] netlink: 68 bytes leftover after parsing attributes in process `syz.2.100'.
[   65.535809][ T6128] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   65.547292][ T6124] IPVS: using max 77 ests per chain, 184800 per kthread
[   65.693521][ T6141] bridge_slave_0: left allmulticast mode
[   65.696081][ T6141] bridge_slave_0: left promiscuous mode
[   65.699746][ T6141] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.707941][ T6141] bridge_slave_1: left allmulticast mode
[   65.710265][ T6141] bridge_slave_1: left promiscuous mode
[   65.712525][ T6141] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.724991][ T6141] bond0: (slave bond_slave_0): Releasing backup interface
[   65.744212][ T6141] bond0: (slave bond_slave_1): Releasing backup interface
[   65.758287][ T6141] team0: Port device team_slave_0 removed
[   65.765496][ T6141] team0: Port device team_slave_1 removed
[   65.768713][ T6141] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   65.771453][ T6141] batman_adv: batadv0: Removing interface: batadv_slave_0
[   65.775735][ T6141] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   65.778732][ T6141] batman_adv: batadv0: Removing interface: batadv_slave_1
[   65.789355][ T6141] ip6gretap1: left allmulticast mode
[   65.791253][ T6141] ip6gretap1: left promiscuous mode
[   65.793245][ T6141] bridge1: port 1(ip6gretap1) entered disabled state
[   65.802176][ T6141] veth3: left allmulticast mode
[   65.804515][ T6141] bridge1: port 2(veth3) entered disabled state
[   65.908697][ T6141] syz.2.107 (6141) used greatest stack depth: 19928 bytes left
[   65.977403][ T6158] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   66.251499][ T6175] netlink: 16 bytes leftover after parsing attributes in process `syz.0.120'.
[   66.264058][ T6175] netlink: 12 bytes leftover after parsing attributes in process `syz.0.120'.
[   66.549568][ T6186] netlink: 28 bytes leftover after parsing attributes in process `syz.0.126'.
[   66.971522][ T6203] vcan0: tx drop: invalid da for name 0x0000000000000002
[   67.201609][ T6211] xt_TCPMSS: Only works on TCP SYN packets
[   67.573974][ T6229] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[   67.583472][ T6229] syzkaller0: entered promiscuous mode
[   67.588907][ T6229] syzkaller0: entered allmulticast mode
[   68.446283][ T6246] netlink: 348 bytes leftover after parsing attributes in process `syz.0.152'.
[   68.602962][ T6264] sctp: [Deprecated]: syz.1.156 (pid 6264) Use of int in max_burst socket option deprecated.
[   68.602962][ T6264] Use struct sctp_assoc_value instead
[   68.756157][   T10] IPVS: starting estimator thread 0...
[   68.858794][ T6277] IPVS: using max 80 ests per chain, 192000 per kthread
[   68.869925][ T6285] syzkaller1: entered promiscuous mode
[   68.872329][ T6285] syzkaller1: entered allmulticast mode
[   69.039992][ T6300] ipvlan2: entered promiscuous mode
[   69.043185][ T6300] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[   69.046695][ T6300] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[   69.115034][ T6303] netlink: 'syz.2.179': attribute type 16 has an invalid length.
[   69.121217][ T6303] netlink: 'syz.2.179': attribute type 3 has an invalid length.
[   69.129284][ T6303] netlink: 64066 bytes leftover after parsing attributes in process `syz.2.179'.
[   69.560260][ T6338] netlink: 12 bytes leftover after parsing attributes in process `syz.0.190'.
[   70.075554][ T6375] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   70.080290][ T6375] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   70.083983][ T6375] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   70.094075][ T6375] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   70.098270][ T6375] geneve2: entered promiscuous mode
[   70.316489][ T6386] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   70.370172][ T6390] __nla_validate_parse: 2 callbacks suppressed
[   70.370183][ T6390] netlink: 32 bytes leftover after parsing attributes in process `syz.1.215'.
[   70.379385][ T5279] IPVS: starting estimator thread 0...
[   70.418242][ T6395] netlink: 4 bytes leftover after parsing attributes in process `syz.1.217'.
[   70.423600][ T6397] netlink: 36 bytes leftover after parsing attributes in process `syz.0.218'.
[   70.487810][ T6393] IPVS: using max 41 ests per chain, 98400 per kthread
[   70.601431][ T6411] netlink: 132 bytes leftover after parsing attributes in process `syz.1.225'.
[   70.835669][ T6432] netlink: 24 bytes leftover after parsing attributes in process `syz.2.234'.
[   71.017594][ T6443] warning: `syz.1.239' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   71.402794][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   71.405592][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   71.925232][ T6503] netlink: 20 bytes leftover after parsing attributes in process `syz.0.265'.
[   72.651490][ T6552] netlink: 'syz.2.287': attribute type 29 has an invalid length.
[   72.668190][ T6552] netlink: 8 bytes leftover after parsing attributes in process `syz.2.287'.
[   72.851356][ T6570] netlink: 4 bytes leftover after parsing attributes in process `syz.1.296'.
[   72.944717][ T6570] team0 (unregistering): Port device team_slave_0 removed
[   72.953086][ T6570] team0 (unregistering): Port device team_slave_1 removed
[   72.961751][ T6570] team0 (unregistering): Port device gretap1 removed
[   72.981505][ T6580] netlink: 4 bytes leftover after parsing attributes in process `syz.2.301'.
[   73.258373][ T6603] bridge_slave_0: default FDB implementation only supports local addresses
[   73.615031][ T6640] SET target dimension over the limit!
[   73.711478][ T6651] netlink: 'syz.2.335': attribute type 1 has an invalid length.
[   73.715017][ T6651] netlink: 220 bytes leftover after parsing attributes in process `syz.2.335'.
[   73.721195][ T6651] netlink: 'syz.2.335': attribute type 1 has an invalid length.
[   74.192928][ T6679] sctp: [Deprecated]: syz.2.350 (pid 6679) Use of int in max_burst socket option deprecated.
[   74.192928][ T6679] Use struct sctp_assoc_value instead
[   74.922236][ T6719] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   75.669909][ T6731] __nla_validate_parse: 3 callbacks suppressed
[   75.669921][ T6731] netlink: 8 bytes leftover after parsing attributes in process `syz.2.369'.
[   75.930246][ T6739] netlink: 100 bytes leftover after parsing attributes in process `syz.0.374'.
[   76.090389][ T6751] netlink: 4 bytes leftover after parsing attributes in process `syz.0.379'.
[   76.689985][ T6806] ip6gre1: entered promiscuous mode
[   76.801895][ T6820] netlink: 68 bytes leftover after parsing attributes in process `syz.0.410'.
[   76.807085][ T6819] bridge_slave_0: left allmulticast mode
[   76.816014][ T6819] bridge_slave_0: left promiscuous mode
[   76.823781][ T6819] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.827661][ T6819] bridge_slave_1: left allmulticast mode
[   76.833290][ T6819] bridge_slave_1: left promiscuous mode
[   76.835946][ T6819] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.845098][ T6819] bond0: (slave bond_slave_0): Releasing backup interface
[   76.867394][ T6819] bond0: (slave bond_slave_1): Releasing backup interface
[   76.875346][ T6819] batman_adv: batadv0: Removing interface: batadv_slave_0
[   76.882545][ T6819] batman_adv: batadv0: Removing interface: batadv_slave_1
[   76.889713][ T6827] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   77.489258][ T6884] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[   77.685266][ T6909] netlink: 6 bytes leftover after parsing attributes in process `syz.0.451'.
[   77.830771][ T6913] xt_CT: No such helper "snmp"
[   77.844469][ T6913] netlink: 'syz.0.453': attribute type 5 has an invalid length.
[   78.090313][ T6944] (unnamed net_device) (uninitialized): option lacp_rate: invalid value (64)
[   78.195821][ T6956] netlink: 52 bytes leftover after parsing attributes in process `syz.2.473'.
[   78.252804][ T6960] netlink: 'syz.2.475': attribute type 39 has an invalid length.
[   78.259367][ T6962] netlink: 348 bytes leftover after parsing attributes in process `syz.1.474'.
[   78.298985][ T6965] netlink: 12 bytes leftover after parsing attributes in process `syz.1.476'.
[   78.324049][ T6968] netlink: 16 bytes leftover after parsing attributes in process `syz.0.477'.
[   78.326994][ T6968] netlink: 92 bytes leftover after parsing attributes in process `syz.0.477'.
[   78.521350][ T6980] 8021q: adding VLAN 0 to HW filter on device team1
[   78.523819][ T6980] Zero length message leads to an empty skb
[   78.660693][ T6993] batadv1: entered promiscuous mode
[   79.404636][ T7058] syzkaller1: entered promiscuous mode
[   79.406477][ T7058] syzkaller1: entered allmulticast mode
[   79.631832][ T7074] tipc: Started in network mode
[   79.633673][ T7074] tipc: Node identity , cluster identity 4711
[   79.635597][ T7074] tipc: Failed to set node id, please configure manually
[   79.641169][ T7074] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[   80.131281][ T7101] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   80.134477][ T7101] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   80.137757][ T7101] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   80.140969][ T7101] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   80.150828][ T7101] netdevsim netdevsim2 netdevsim0: left promiscuous mode
[   80.188848][ T7101] veth3: left promiscuous mode
[   80.273368][ T7113] ipvlan2: entered promiscuous mode
[   80.275337][ T7113] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[   80.278312][ T7113] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[   80.773930][ T7149] vlan2: entered allmulticast mode
[   80.775718][ T7149] hsr0: entered allmulticast mode
[   80.779803][ T7149] hsr_slave_0: entered allmulticast mode
[   80.782067][ T7149] hsr_slave_1: entered allmulticast mode
[   80.784609][ T7153] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[   81.545272][ T7203] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT
[   81.638901][  T790] cfg80211: failed to load regulatory.db
[   81.957974][ T7218] Bluetooth: MGMT ver 1.23
[   82.371012][ T7257] __nla_validate_parse: 6 callbacks suppressed
[   82.371025][ T7257] netlink: 8 bytes leftover after parsing attributes in process `syz.1.607'.
[   82.469565][ T7270] netlink: 'syz.0.616': attribute type 29 has an invalid length.
[   82.472165][ T7270] netlink: 8 bytes leftover after parsing attributes in process `syz.0.616'.
[   82.538690][ T7278] netlink: 56 bytes leftover after parsing attributes in process `syz.0.619'.
[   82.578163][ T7281] xt_CT: No such helper "syz0"
[   82.802410][ T7302] netlink: 12 bytes leftover after parsing attributes in process `syz.1.630'.
[   82.846179][ T7307] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.852908][ T7307] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.855920][ T7307] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.858806][ T7307] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.861841][ T7307] geneve2: entered promiscuous mode
[   82.960253][ T7313] netlink: 4 bytes leftover after parsing attributes in process `syz.2.637'.
[   83.563869][ T7341] netlink: 'syz.0.648': attribute type 29 has an invalid length.
[   83.570089][ T7341] netlink: 'syz.0.648': attribute type 29 has an invalid length.
[   83.573490][ T7341] netlink: 'syz.0.648': attribute type 29 has an invalid length.
[   83.576864][ T7341] netlink: 'syz.0.648': attribute type 29 has an invalid length.
[   83.581557][ T7341] netlink: 'syz.0.648': attribute type 29 has an invalid length.
[   83.584867][ T7341] netlink: 'syz.0.648': attribute type 29 has an invalid length.
[   83.588946][ T7341] netlink: 'syz.0.648': attribute type 29 has an invalid length.
[   83.591725][ T7341] netlink: 'syz.0.648': attribute type 29 has an invalid length.
[   83.595029][ T7341] netlink: 'syz.0.648': attribute type 29 has an invalid length.
[   83.599040][ T7341] netlink: 'syz.0.648': attribute type 29 has an invalid length.
[   83.786279][ T7346] netlink: 8 bytes leftover after parsing attributes in process `syz.2.650'.
[   84.095083][ T7371] netlink: 209588 bytes leftover after parsing attributes in process `syz.2.663'.
[   84.183795][ T7381] tipc: Started in network mode
[   84.186463][ T7381] tipc: Node identity , cluster identity 4711
[   84.192203][ T7381] tipc: Failed to obtain node identity
[   84.194756][ T7381] tipc: Enabling of bearer <eth:gre0> rejected, failed to enable media
[   84.706737][ T7413] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   84.741419][ T7415] tipc: Invalid UDP bearer configuration
[   84.741472][ T7415] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[   84.749015][ T7417] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[   84.962094][ T7430] netlink: 232 bytes leftover after parsing attributes in process `syz.1.690'.
[   84.965390][ T7430] netlink: 8 bytes leftover after parsing attributes in process `syz.1.690'.
[   85.027818][ T7434] netlink: 20 bytes leftover after parsing attributes in process `syz.1.692'.
[   85.168610][ T7442] 8021q: adding VLAN 0 to HW filter on device bond1
[   85.227786][ T7442] bond1: (slave gretap1): Enslaving as an active interface with an up link
[   85.252964][ T7442] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.259245][ T7442] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.317399][   T55] Bluetooth: hci0: command 0x0c1a tx timeout
[   87.317500][ T5201] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[   87.456046][ T7525] syz.2.734: vmalloc error: size 6291456, failed to allocated page array size 12288, mode:0x404dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_RETRY_MAYFAIL), nodemask=(null),cpuset=/,mems_allowed=0-1
[   87.464815][ T7525] CPU: 0 UID: 0 PID: 7525 Comm: syz.2.734 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[   87.464837][ T7525] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   87.464844][ T7525] Call Trace:
[   87.464850][ T7525]  <TASK>
[   87.464856][ T7525]  dump_stack_lvl+0x189/0x250
[   87.464883][ T7525]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.464901][ T7525]  ? __pfx__printk+0x10/0x10
[   87.464915][ T7525]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[   87.464928][ T7525]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[   87.464941][ T7525]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[   87.464955][ T7525]  warn_alloc+0x214/0x310
[   87.464973][ T7525]  ? __pfx_warn_alloc+0x10/0x10
[   87.464992][ T7525]  ? __get_vm_area_node+0x28f/0x300
[   87.465005][ T7525]  ? veth_dev_init+0x363/0x570
[   87.465022][ T7525]  __vmalloc_node_range_noprof+0x67e/0x12f0
[   87.465055][ T7525]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   87.465066][ T7525]  ? __kasan_kmalloc_large+0x1c/0xa0
[   87.465081][ T7525]  ? rcu_is_watching+0x15/0xb0
[   87.465100][ T7525]  ? veth_dev_init+0x363/0x570
[   87.465113][ T7525]  ? veth_dev_init+0x363/0x570
[   87.465124][ T7525]  __kvmalloc_node_noprof+0x3b8/0x5f0
[   87.465137][ T7525]  ? veth_dev_init+0x363/0x570
[   87.465156][ T7525]  veth_dev_init+0x363/0x570
[   87.465175][ T7525]  register_netdevice+0x6bf/0x1ae0
[   87.465198][ T7525]  ? snprintf+0xda/0x120
[   87.465216][ T7525]  ? __pfx_register_netdevice+0x10/0x10
[   87.465231][ T7525]  ? __pfx_snprintf+0x10/0x10
[   87.465244][ T7525]  ? __asan_memset+0x22/0x50
[   87.465261][ T7525]  ? dev_addr_mod+0x2ce/0x3d0
[   87.465279][ T7525]  veth_newlink+0x5cc/0xa50
[   87.465295][ T7525]  ? __pfx_veth_newlink+0x10/0x10
[   87.465311][ T7525]  ? __pfx_css_rstat_updated+0x10/0x10
[   87.465373][ T7525]  ? validate_linkmsg+0x765/0x950
[   87.465397][ T7525]  ? __pfx_veth_newlink+0x10/0x10
[   87.465412][ T7525]  rtnl_newlink_create+0x310/0xb00
[   87.465431][ T7525]  ? __pfx_aa_get_newest_label+0x10/0x10
[   87.465450][ T7525]  ? __pfx_rtnl_newlink_create+0x10/0x10
[   87.465461][ T7525]  ? rtnl_newlink+0x8db/0x1c70
[   87.465474][ T7525]  ? __pfx___mutex_lock+0x10/0x10
[   87.465500][ T7525]  ? ns_capable+0x8a/0xf0
[   87.465521][ T7525]  rtnl_newlink+0x16d6/0x1c70
[   87.465544][ T7525]  ? __pfx_rtnl_newlink+0x10/0x10
[   87.465561][ T7525]  ? __lock_acquire+0xab9/0xd20
[   87.465670][ T7525]  ? __lock_acquire+0xab9/0xd20
[   87.465706][ T7525]  ? __pfx_rtnl_newlink+0x10/0x10
[   87.465717][ T7525]  rtnetlink_rcv_msg+0x7cf/0xb70
[   87.465732][ T7525]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[   87.465742][ T7525]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   87.465765][ T7525]  netlink_rcv_skb+0x208/0x470
[   87.465780][ T7525]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   87.465792][ T7525]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   87.465814][ T7525]  ? netlink_deliver_tap+0x2e/0x1b0
[   87.465826][ T7525]  ? netlink_deliver_tap+0x2e/0x1b0
[   87.465842][ T7525]  netlink_unicast+0x75b/0x8d0
[   87.465861][ T7525]  netlink_sendmsg+0x805/0xb30
[   87.465881][ T7525]  ? __pfx_netlink_sendmsg+0x10/0x10
[   87.465896][ T7525]  ? aa_sock_msg_perm+0x94/0x160
[   87.465912][ T7525]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   87.465927][ T7525]  ? __pfx_netlink_sendmsg+0x10/0x10
[   87.465941][ T7525]  __sock_sendmsg+0x21c/0x270
[   87.465961][ T7525]  ____sys_sendmsg+0x505/0x830
[   87.465980][ T7525]  ? __pfx_____sys_sendmsg+0x10/0x10
[   87.466000][ T7525]  ? import_iovec+0x74/0xa0
[   87.466014][ T7525]  ___sys_sendmsg+0x21f/0x2a0
[   87.466030][ T7525]  ? __pfx____sys_sendmsg+0x10/0x10
[   87.466069][ T7525]  ? __fget_files+0x2a/0x420
[   87.466081][ T7525]  ? __fget_files+0x3a0/0x420
[   87.466101][ T7525]  __x64_sys_sendmsg+0x19b/0x260
[   87.466117][ T7525]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   87.466138][ T7525]  ? rcu_is_watching+0x15/0xb0
[   87.466160][ T7525]  ? do_syscall_64+0xbe/0x3b0
[   87.466174][ T7525]  do_syscall_64+0xfa/0x3b0
[   87.466183][ T7525]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.466200][ T7525]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.466211][ T7525]  ? exc_page_fault+0x9f/0xf0
[   87.466228][ T7525]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.466239][ T7525] RIP: 0033:0x7f43c0b8e929
[   87.466253][ T7525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.466263][ T7525] RSP: 002b:00007f43c1989038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   87.466277][ T7525] RAX: ffffffffffffffda RBX: 00007f43c0db5fa0 RCX: 00007f43c0b8e929
[   87.466286][ T7525] RDX: 0000000000000002 RSI: 00002000000000c0 RDI: 0000000000000003
[   87.466293][ T7525] RBP: 00007f43c0c10b39 R08: 0000000000000000 R09: 0000000000000000
[   87.466300][ T7525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.466307][ T7525] R13: 0000000000000000 R14: 00007f43c0db5fa0 R15: 00007ffea9f10b78
[   87.466326][ T7525]  </TASK>
[   87.466331][ T7525] Mem-Info:
[   87.664825][ T7525] active_anon:4459 inactive_anon:0 isolated_anon:0
[   87.664825][ T7525]  active_file:975 inactive_file:38211 isolated_file:0
[   87.664825][ T7525]  unevictable:1768 dirty:275 writeback:0
[   87.664825][ T7525]  slab_reclaimable:9168 slab_unreclaimable:55792
[   87.664825][ T7525]  mapped:19058 shmem:2444 pagetables:872
[   87.664825][ T7525]  sec_pagetables:0 bounce:0
[   87.664825][ T7525]  kernel_misc_reclaimable:0
[   87.664825][ T7525]  free:295123 free_pcp:21104 free_cma:0
[   87.682539][ T7525] Node 0 active_anon:11008kB inactive_anon:0kB active_file:2920kB inactive_file:23332kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:37956kB dirty:748kB writeback:0kB shmem:4768kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:4464kB pagetables:1496kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   87.695473][ T7525] Node 1 active_anon:6828kB inactive_anon:0kB active_file:980kB inactive_file:129512kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:38276kB dirty:352kB writeback:0kB shmem:5008kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:7152kB pagetables:1992kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   87.708563][ T7525] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   87.720309][ T7525] lowmem_reserve[]: 0 815 815 815 815
[   87.722595][ T7525] Node 0 DMA32 free:388328kB boost:0kB min:33716kB low:42144kB high:50572kB reserved_highatomic:0KB free_highatomic:0KB active_anon:11008kB inactive_anon:0kB active_file:2920kB inactive_file:23332kB unevictable:3536kB writepending:748kB present:1556484kB managed:834740kB mlocked:0kB bounce:0kB free_pcp:38708kB local_pcp:19380kB free_cma:0kB
[   87.735643][ T7525] lowmem_reserve[]: 0 0 0 0 0
[   87.737748][ T7525] Node 1 DMA32 free:458492kB boost:0kB min:19168kB low:23960kB high:28752kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:116kB local_pcp:0kB free_cma:0kB
[   87.750300][ T7525] lowmem_reserve[]: 0 0 854 854 854
[   87.752540][ T7525] Node 1 Normal free:318312kB boost:0kB min:36576kB low:45720kB high:54864kB reserved_highatomic:0KB free_highatomic:0KB active_anon:6828kB inactive_anon:0kB active_file:980kB inactive_file:129512kB unevictable:3536kB writepending:352kB present:1048576kB managed:875016kB mlocked:0kB bounce:0kB free_pcp:45504kB local_pcp:20000kB free_cma:0kB
[   87.766273][ T7525] lowmem_reserve[]: 0 0 0 0 0
[   87.769819][ T7525] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   87.777758][ T7525] Node 0 DMA32: 21*4kB (UME) 12*8kB (M) 9*16kB (ME) 35*32kB (UME) 85*64kB (UME) 62*128kB (UME) 13*256kB (UM) 7*512kB (UM) 6*1024kB (M) 2*2048kB (UE) 87*4096kB (UM) = 388324kB
[   87.784937][ T7525] Node 1 DMA32: 3*4kB (UM) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 2*128kB (UM) 3*256kB (UM) 3*512kB (UM) 3*1024kB (UM) 3*2048kB (UM) 109*4096kB (M) = 458492kB
[   87.792186][ T7525] Node 1 Normal: 34*4kB (U) 2*8kB (UM) 245*16kB (UM) 214*32kB (U) 19*64kB (U) 8*128kB (M) 16*256kB (M) 14*512kB (UME) 11*1024kB (UME) 2*2048kB (UE) 68*4096kB (UM) = 318312kB
[   87.847388][ T7525] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   87.851290][ T7525] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   87.855112][ T7525] 41630 total pagecache pages
[   87.857095][ T7525] 0 pages in swap cache
[   87.859194][ T7525] Free swap  = 124996kB
[   87.861058][ T7525] Total swap = 124996kB
[   87.862805][ T7525] 786301 pages RAM
[   87.864397][ T7525] 0 pages HighMem/MovableOnly
[   87.866356][ T7525] 240368 pages reserved
[   87.868495][ T7525] 0 pages cma reserved
[   87.887655][ T7547] __nla_validate_parse: 7 callbacks suppressed
[   87.887673][ T7547] netlink: 224 bytes leftover after parsing attributes in process `syz.1.740'.
[   87.957436][ T5201] Bluetooth: hci2: command 0x0405 tx timeout
[   88.832832][ T7552] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   88.836684][ T7552] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   88.841007][ T7552] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   88.844709][ T7552] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   88.864185][ T7552] geneve2: left promiscuous mode
[   88.895492][ T7556] team_slave_0: entered promiscuous mode
[   88.898125][ T7556] team_slave_1: entered promiscuous mode
[   88.928296][ T7556] vlan0: entered promiscuous mode
[   88.930531][ T7556] team0: entered promiscuous mode
[   89.022417][ T7564] netlink: 16 bytes leftover after parsing attributes in process `syz.1.746'.
[   89.127414][ T7574] netlink: 8 bytes leftover after parsing attributes in process `syz.0.753'.
[   89.130301][ T7574] netlink: 4 bytes leftover after parsing attributes in process `syz.0.753'.
[   89.259153][ T7586] validate_nla: 14 callbacks suppressed
[   89.259183][ T7586] netlink: 'syz.2.759': attribute type 2 has an invalid length.
[   89.684261][ T7630] netlink: 28 bytes leftover after parsing attributes in process `syz.1.781'.
[   89.688284][ T7630] netlink: 28 bytes leftover after parsing attributes in process `syz.1.781'.
[   90.360038][ T7655] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[   90.629855][ T7671] netlink: 16 bytes leftover after parsing attributes in process `syz.0.800'.
[   90.634017][ T7671] netlink: 4 bytes leftover after parsing attributes in process `syz.0.800'.
[   90.733376][ T7685] netlink: 8 bytes leftover after parsing attributes in process `syz.2.808'.
[   90.869229][ T7702] ip6t_REJECT: ECHOREPLY is not supported
[   91.546182][ T7753] netlink: 16 bytes leftover after parsing attributes in process `syz.1.837'.
[   91.602684][ T7758] netlink: 'syz.2.839': attribute type 13 has an invalid length.
[   91.650150][ T7763] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   91.652709][ T7763] IPv6: NLM_F_CREATE should be set when creating new route
[   91.654962][ T7763] IPv6: NLM_F_CREATE should be set when creating new route
[   93.306175][ T7913] __nla_validate_parse: 6 callbacks suppressed
[   93.306185][ T7913] netlink: 8 bytes leftover after parsing attributes in process `syz.2.908'.
[   93.340073][ T7916] netlink: 'syz.2.911': attribute type 10 has an invalid length.
[   93.419332][ T7923] netlink: 2 bytes leftover after parsing attributes in process `syz.2.914'.
[   93.466795][ T7927] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.916'.
[   93.548322][ T7933] Cannot find del_set index 1 as target
[   93.954009][ T7969] netlink: 56 bytes leftover after parsing attributes in process `syz.2.933'.
[   94.097961][ T7983] xt_CT: No such helper "syz0"
[   94.294198][ T8011] netlink: 12 bytes leftover after parsing attributes in process `syz.1.955'.
[   94.351165][ T8019] netlink: 12 bytes leftover after parsing attributes in process `syz.2.959'.
[   94.452445][ T8031] netlink: 'syz.0.966': attribute type 35 has an invalid length.
[   94.489460][ T8034] bridge: RTM_NEWNEIGH with invalid ether address
[   94.945598][ T8067] openvswitch: netlink: Flow actions attr not present in new flow.
[   95.238443][ T8074] xt_cgroup: invalid path, errno=-2
[   95.544723][ T8082] netlink: 'syz.2.988': attribute type 13 has an invalid length.
[   95.547587][ T8082] netlink: 'syz.2.988': attribute type 17 has an invalid length.
[   95.550350][ T8082] netlink: 'syz.2.988': attribute type 5 has an invalid length.
[   96.163823][ T8102] tipc: Started in network mode
[   96.172744][ T8102] tipc: Node identity , cluster identity 4711
[   96.176990][ T8102] tipc: Failed to obtain node identity
[   96.182386][ T8102] tipc: Enabling of bearer <eth:gre0> rejected, failed to enable media
[   96.491895][ T8125] xt_ecn: cannot match TCP bits for non-tcp packets
[   96.507427][ T8126] syz.0.1008 (8126) used obsolete PPPIOCDETACH ioctl
[   96.770245][ T8151] vlan0: entered promiscuous mode
[   96.772696][ T8151] bond0: entered promiscuous mode
[   96.774959][ T8151] bond_slave_0: entered promiscuous mode
[   96.777735][ T8151] bond_slave_1: entered promiscuous mode
[   96.901570][ T8159] netlink: 'syz.0.1020': attribute type 4 has an invalid length.
[   96.954410][ T8164] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   97.727285][ T8196] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1037'.
[   97.731378][ T8196] netlink: 'syz.1.1037': attribute type 1 has an invalid length.
[   98.074198][ T8208] netlink: 452 bytes leftover after parsing attributes in process `syz.2.1043'.
[   98.312124][ T8233] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1054'.
[   98.316518][ T8234] netlink: 'syz.0.1053': attribute type 7 has an invalid length.
[   98.425140][ T8245] netlink: 212280 bytes leftover after parsing attributes in process `syz.0.1059'.
[   98.678428][ T8258] bridge_slave_0: left allmulticast mode
[   98.680489][ T8258] bridge_slave_0: left promiscuous mode
[   98.696882][ T8258] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.703210][ T8258] bridge_slave_1: left allmulticast mode
[   98.705152][ T8258] bridge_slave_1: left promiscuous mode
[   98.709950][ T8258] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.727465][ T8258] bond0: (slave bond_slave_0): Releasing backup interface
[   98.730749][ T8258] bond_slave_0: left promiscuous mode
[   98.750912][ T8258] bond0: (slave bond_slave_1): Releasing backup interface
[   98.762768][ T8258] bond_slave_1: left promiscuous mode
[   98.777517][ T8258] team_slave_0: left promiscuous mode
[   98.786283][ T8271] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1070'.
[   98.790822][ T8271] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1070'.
[   98.791144][ T8258] team0: Port device team_slave_0 removed
[   98.801703][ T8258] team_slave_1: left promiscuous mode
[   98.810059][ T8258] team0: Port device team_slave_1 removed
[   98.813164][ T8258] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   98.816121][ T8258] batman_adv: batadv0: Removing interface: batadv_slave_0
[   98.822294][ T8258] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   98.825378][ T8258] batman_adv: batadv0: Removing interface: batadv_slave_1
[   98.836571][ T8258] bond1: (slave gretap1): Releasing backup interface
[   99.040205][ T8282] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1075'.
[   99.135160][ T8289] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1078'.
[   99.139007][ T8289] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1078'.
[   99.332681][ T8301] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1084'.
[   99.474458][ T8311] bridge0: entered allmulticast mode
[  100.158890][ T8359] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1112'.
[  100.200475][ T8359] bridge2: port 1(veth5) entered blocking state
[  100.213334][ T8359] bridge2: port 1(veth5) entered disabled state
[  100.215595][ T8359] veth5: entered allmulticast mode
[  100.221362][ T8359] veth5: entered promiscuous mode
[  100.233469][ T8359] bridge2: port 2(veth0_to_bond) entered blocking state
[  100.236307][ T8359] bridge2: port 2(veth0_to_bond) entered disabled state
[  100.247528][ T8359] veth0_to_bond: entered allmulticast mode
[  100.251968][ T8359] veth0_to_bond: entered promiscuous mode
[  100.280341][ T8359] vlan2: entered allmulticast mode
[  100.282038][ T8359] veth1: entered allmulticast mode
[  100.283830][ T8359] bridge2: port 3(vlan2) entered blocking state
[  100.289717][ T8359] bridge2: port 3(vlan2) entered disabled state
[  100.293135][ T8359] vlan2: entered promiscuous mode
[  100.295018][ T8359] veth1: entered promiscuous mode
[  100.882346][ T8416] netlink: 'syz.0.1140': attribute type 1 has an invalid length.
[  100.885388][ T8416] netlink: 'syz.0.1140': attribute type 11 has an invalid length.
[  100.890513][ T8416] netlink: 220 bytes leftover after parsing attributes in process `syz.0.1140'.
[  101.021710][ T8430] netlink: 'syz.2.1147': attribute type 30 has an invalid length.
[  101.204140][ T8444] tipc: Started in network mode
[  101.210297][ T8444] tipc: Node identity 00000000000000008, cluster identity 4711
[  101.394122][ T8456] netlink: 'syz.1.1160': attribute type 3 has an invalid length.
[  102.124733][ T8491] netlink: 'syz.2.1174': attribute type 1 has an invalid length.
[  102.179447][ T8497] netlink: 'syz.2.1177': attribute type 2 has an invalid length.
[  102.613356][ T8536] netlink: 'syz.0.1196': attribute type 3 has an invalid length.
[  102.624083][   T33] audit: type=1800 audit(1751815800.119:2): pid=8540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1197" name=620AF8FF0C20 dev="tmpfs" ino=2132 res=0 errno=0
[  103.208181][ T8580] netlink: 'syz.0.1215': attribute type 6 has an invalid length.
[  103.587425][ T8600] netlink: zone id is out of range
[  103.589819][ T8600] netlink: zone id is out of range
[  103.592087][ T8600] netlink: zone id is out of range
[  103.593996][ T8600] netlink: zone id is out of range
[  103.595950][ T8600] netlink: zone id is out of range
[  103.601081][ T8600] netlink: zone id is out of range
[  103.603502][ T8600] netlink: zone id is out of range
[  103.606734][ T8600] netlink: zone id is out of range
[  103.612729][ T8600] netlink: zone id is out of range
[  103.614700][ T8600] netlink: zone id is out of range
[  103.776404][ T8614] __nla_validate_parse: 7 callbacks suppressed
[  103.776416][ T8614] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1231'.
[  103.811201][ T8616] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1232'.
[  103.824288][ T8616] netlink: 'syz.0.1232': attribute type 4 has an invalid length.
[  103.828773][ T8616] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1232'.
[  103.923684][ T8626] netlink: 'syz.0.1237': attribute type 12 has an invalid length.
[  103.936678][ T8626] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1237'.
[  104.154888][ T8652] xt_recent: hitcount (4294967292) is larger than allowed maximum (65535)
[  104.173518][ T8654] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1251'.
[  104.331733][ T8664] ip6gre1: entered promiscuous mode
[  104.610055][ T8684] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1261'.
[  104.613545][ T8684] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1261'.
[  104.789934][ T8695] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1265'.
[  105.248784][ T8710] pim6reg: entered allmulticast mode
[  105.252432][ T8710] pim6reg: left allmulticast mode
[  105.323322][ T8712] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1272'.
[  105.329503][ T8712] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1272'.
[  105.556388][ T8722] syzkaller0: entered promiscuous mode
[  105.558952][ T8722] syzkaller0: entered allmulticast mode
[  105.846262][ T8737] IPVS: persistence engine module ip_vs_pe_ not found
[  105.886873][ T8740] syzkaller0: entered promiscuous mode
[  105.894485][ T8740] syzkaller0: entered allmulticast mode
[  106.685460][ T8747] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[  107.582859][ T8834] tipc: Started in network mode
[  107.584980][ T8834] tipc: Node identity 4, cluster identity 4711
[  107.587103][ T8834] tipc: Node number set to 4
[  109.675320][ T8944] bridge_slave_0: invalid flags given to default FDB implementation
[  110.501536][ T8976] mac80211_hwsim hwsim5 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  110.904569][ T9006] __nla_validate_parse: 4 callbacks suppressed
[  110.904585][ T9006] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1398'.
[  111.059483][ T9016] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1404'.
[  111.180077][ T9030] validate_nla: 2 callbacks suppressed
[  111.180087][ T9030] netlink: 'syz.2.1409': attribute type 1 has an invalid length.
[  111.184933][ T9030] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1409'.
[  111.553173][ T9070] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1428'.
[  111.556825][ T9070] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1428'.
[  111.862374][ T9099] net_ratelimit: 4 callbacks suppressed
[  111.862388][ T9099] openvswitch: netlink: IP tunnel dst address not specified
[  112.789518][ T9157] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1466'.
[  112.815138][ T9159] netlink: 'syz.0.1467': attribute type 1 has an invalid length.
[  112.891849][ T9166] netlink: 'syz.0.1470': attribute type 1 has an invalid length.
[  112.938977][ T9170] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1472'.
[  112.942068][ T9170] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1472'.
[  112.945218][ T9170] netlink: 'syz.0.1472': attribute type 14 has an invalid length.
[  112.948714][ T9170] netlink: 'syz.0.1472': attribute type 11 has an invalid length.
[  113.052273][ T9176] xt_CT: No such helper "snmp_trap"
[  113.081635][ T9179] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1476'.
[  113.085042][ T9179] netlink: 7 bytes leftover after parsing attributes in process `syz.0.1476'.
[  113.289975][ T9191] veth0: entered promiscuous mode
[  113.293221][ T9190] veth0: left promiscuous mode
[  113.629858][ T5812] Bluetooth: hci2: link tx timeout
[  113.632354][ T5812] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  113.636920][ T5812] Bluetooth: hci2: link tx timeout
[  113.642517][ T5812] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  113.677957][ T9213] netlink: 'syz.1.1492': attribute type 30 has an invalid length.
[  113.913250][ T2204] hid-generic 0005:16BF:5505.0001: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  114.172031][ T9263] pim6reg1: entered promiscuous mode
[  114.173913][ T9263] pim6reg1: entered allmulticast mode
[  115.721571][ T5201] Bluetooth: hci2: command 0x0405 tx timeout
[  115.936666][ T9346] Illegal XDP return value 4294967274 on prog  (id 231) dev N/A, expect packet loss!
[  116.153766][ T9356] __nla_validate_parse: 6 callbacks suppressed
[  116.153781][ T9356] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.1557'.
[  116.220646][ T9358] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1558'.
[  116.224247][ T9358] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1558'.
[  116.443892][ T9361] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1559'.
[  116.551957][ T9366] netlink: 'syz.2.1561': attribute type 1 has an invalid length.
[  116.555692][ T9366] netlink: 228 bytes leftover after parsing attributes in process `syz.2.1561'.
[  117.060662][ T9389] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.218997][ T9389] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.275399][ T9389] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.318190][ T9389] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.379811][ T9389] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.452221][ T9389] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.472010][ T9389] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.485155][ T9389] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.762835][ T9411] netlink: 87 bytes leftover after parsing attributes in process `syz.2.1579'.
[  117.799740][ T5201] Bluetooth: hci2: command 0x0405 tx timeout
[  117.830232][ T9420] x_tables: arp_tables: .0 target: invalid size 8 (kernel) != (user) 0
[  117.911490][ T9426] netlink: 388 bytes leftover after parsing attributes in process `syz.1.1586'.
[  117.981039][ T9432] netlink: 248 bytes leftover after parsing attributes in process `syz.1.1589'.
[  118.348734][ T9467] netlink: 288 bytes leftover after parsing attributes in process `syz.2.1606'.
[  118.379245][ T9469] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1607'.
[  121.185643][ T9532] __nla_validate_parse: 1 callbacks suppressed
[  121.185662][ T9532] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1636'.
[  121.559814][ T9572] netlink: 'syz.1.1655': attribute type 3 has an invalid length.
[  121.562563][ T9572] netlink: 'syz.1.1655': attribute type 1 has an invalid length.
[  121.565223][ T9572] netlink: 192 bytes leftover after parsing attributes in process `syz.1.1655'.
[  121.569473][ T9572] NCSI netlink: No device for ifindex 0
[  122.706663][ T9597] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1666'.
[  122.735508][ T9597] sch_tbf: burst 88 is lower than device veth3 mtu (1514) !
[  122.816396][    C1] vxcan1: j1939_tp_rxtimer: 0xffff8880288f9000: rx timeout, send abort
[  122.821533][    C1] vxcan1: j1939_xtp_rx_abort_one: 0xffff8880288f9000: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  122.937669][ T9603] netlink: 'syz.2.1669': attribute type 4 has an invalid length.
[  123.093330][ T9625] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.1679'.
[  123.130157][ T9629] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  123.183238][ T9633] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1683'.
[  123.252103][ T9645] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  123.726263][ T9677] netlink: zone id is out of range
[  123.732814][ T9677] netlink: zone id is out of range
[  123.734790][ T9677] netlink: zone id is out of range
[  123.736684][ T9677] netlink: zone id is out of range
[  123.739239][ T9677] netlink: zone id is out of range
[  123.741390][ T9677] netlink: zone id is out of range
[  123.743449][ T9677] netlink: zone id is out of range
[  123.746205][ T9677] netlink: zone id is out of range
[  123.838225][ T9680] netlink: 'syz.1.1702': attribute type 1 has an invalid length.
[  123.843333][ T9680] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1702'.
[  123.949917][ T9688] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1705'.
[  123.953402][ T9688] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[  124.098439][ T9690] netlink: 1 bytes leftover after parsing attributes in process `syz.2.1706'.
[  124.243688][ T9695] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1708'.
[  124.281144][ T9697] bond0: option lp_interval: invalid value (18446744073709551604)
[  124.283990][ T9697] bond0: option lp_interval: allowed values 1 - 2147483647
[  124.525037][ T9710] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1714'.
[  124.548665][ T9712] x_tables: duplicate underflow at hook 1
[  124.591544][ T9714] ipt_rpfilter: unknown options
[  124.992081][ T9752] trusted_key: syz.1.1734 sent an empty control message without MSG_MORE.
[  125.031282][ T9756] xt_CT: No such helper "netbios-ns"
[  126.132215][ T5201] Bluetooth: hci2: command 0x0405 tx timeout
[  127.768762][ T9843] __nla_validate_parse: 5 callbacks suppressed
[  127.768781][ T9843] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1771'.
[  127.894888][ T9855] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1778'.
[  127.914909][ T9855] batadv_slave_1: entered promiscuous mode
[  127.936987][ T9860] xt_hashlimit: size too large, truncated to 1048576
[  128.011514][ T9864] : renamed from bridge_slave_0
[  128.215299][ T9873] dvmrp8: entered allmulticast mode
[  128.249534][ T9870] dvmrp8: left allmulticast mode
[  128.464789][ T9887] netlink: 'syz.0.1790': attribute type 2 has an invalid length.
[  129.173137][ T9908] netlink: 'syz.2.1799': attribute type 1 has an invalid length.
[  129.381345][ T9919] x_tables: ip6_tables: icmp6 match: only valid for protocol 58
[  129.599989][ T9936] netlink: 'syz.2.1812': attribute type 2 has an invalid length.
[  129.602591][ T9936] netlink: 'syz.2.1812': attribute type 1 has an invalid length.
[  129.606200][ T9936] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1812'.
[  129.663529][ T9937] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1812'.
[  130.356358][ T9956] netlink: 'syz.0.1820': attribute type 21 has an invalid length.
[  130.362434][ T9956] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1820'.
[  130.957532][ T9990] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1835'.
[  130.988438][ T9994] dvmrp8: entered allmulticast mode
[  131.197448][T10009] delete_channel: no stack
[  131.320383][T10016] net_ratelimit: 7 callbacks suppressed
[  131.320402][T10016] A link change request failed with some changes committed already. Interface veth1_to_batadv may have been left with an inconsistent configuration, please check.
[  131.360994][T10019] pim6reg1: entered promiscuous mode
[  131.363344][T10019] pim6reg1: entered allmulticast mode
[  131.598392][T10025] netlink: 'syz.0.1852': attribute type 1 has an invalid length.
[  131.601919][T10025] nbd: error processing sock list
[  131.604706][T10025] block nbd0: shutting down sockets
[  131.865533][T10056] netlink: 'syz.2.1867': attribute type 2 has an invalid length.
[  131.871553][T10056] netlink: 119 bytes leftover after parsing attributes in process `syz.2.1867'.
[  132.299993][T10089] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1880'.
[  132.463319][T10099] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  132.536878][T10103] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1886'.
[  132.841597][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  133.278392][T10132] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1899'.
[  133.301748][T10132] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1899'.
[  133.672344][T10168] syzkaller1: entered promiscuous mode
[  133.674951][T10168] syzkaller1: entered allmulticast mode
[  134.160206][T10201] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[  134.206319][T10201] tipc: Resetting bearer <eth:syzkaller0>
[  134.227690][T10200] tipc: Resetting bearer <eth:syzkaller0>
[  134.436062][T10197] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1928'.
[  134.444444][T10197] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1928'.
[  135.198395][T10200] tipc: Disabling bearer <eth:syzkaller0>
[  135.414994][T10236] sctp: [Deprecated]: syz.1.1941 (pid 10236) Use of int in max_burst socket option.
[  135.414994][T10236] Use struct sctp_assoc_value instead
[  135.487024][T10238] netlink: 16410 bytes leftover after parsing attributes in process `syz.2.1942'.
[  135.563006][T10251] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1950'.
[  135.720138][T10267] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  135.851279][T10280] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1963'.
[  135.993340][T10289] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1965'.
[  136.434417][T10312] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1976'.
[  136.546760][T10320] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  136.783192][T10331] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  136.814710][T10335] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1986'.
[  137.005321][T10354] netlink: 'syz.2.1995': attribute type 10 has an invalid length.
[  137.518599][T10399] netlink: 'syz.2.2017': attribute type 1 has an invalid length.
[  137.523263][T10401] netlink: 'syz.0.2018': attribute type 1 has an invalid length.
[  137.824083][T10435] syzkaller1: entered promiscuous mode
[  137.828846][T10435] syzkaller1: entered allmulticast mode
[  138.503916][T10460] dummy0: mtu less than device minimum
[  138.908512][T10486] __nla_validate_parse: 5 callbacks suppressed
[  138.908530][T10486] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2053'.
[  138.927682][T10486] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2053'.
[  139.134093][T10500] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2063'.
[  139.138400][T10500] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2063'.
[  139.151538][T10503] sit0: entered promiscuous mode
[  139.155272][T10503] netlink: 'syz.0.2065': attribute type 1 has an invalid length.
[  139.161670][T10503] netlink: 1 bytes leftover after parsing attributes in process `syz.0.2065'.
[  139.439991][T10528] openvswitch: netlink: Missing key (keys=40, expected=80)
[  139.515752][T10534] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2080'.
[  139.540599][T10536] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2081'.
[  139.589942][T10540] sctp: [Deprecated]: syz.0.2083 (pid 10540) Use of int in max_burst socket option.
[  139.589942][T10540] Use struct sctp_assoc_value instead
[  139.622200][T10542] netlink: 'syz.1.2084': attribute type 3 has an invalid length.
[  139.658757][T10546] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[  140.406240][T10600] ip6t_srh: unknown srh match flags  4000
[  140.982550][T10641] netlink: 26 bytes leftover after parsing attributes in process `syz.2.2125'.
[  141.140817][T10649] netlink: 'syz.2.2129': attribute type 6 has an invalid length.
[  141.906253][T10691] tun0: tun_chr_ioctl cmd 1074025675
[  141.909959][T10691] tun0: persist enabled
[  141.913595][T10691] tun0: tun_chr_ioctl cmd 1074025675
[  141.916739][T10691] tun0: persist enabled
[  142.066454][T10708] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  142.081456][T10711] x_tables: ip6_tables: socket match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT
[  142.266124][T10726] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  142.381815][T10732] netlink: 'syz.1.2167': attribute type 12 has an invalid length.
[  142.384940][T10732] netlink: 9472 bytes leftover after parsing attributes in process `syz.1.2167'.
[  142.406964][T10739] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2170'.
[  142.453233][T10739] x9: renamed from bridge_slave_0
[  142.572896][T10752] netlink: 'syz.2.2176': attribute type 11 has an invalid length.
[  142.604493][T10755] set match dimension is over the limit!
[  143.948298][T10832] __nla_validate_parse: 4 callbacks suppressed
[  143.948310][T10832] netlink: 65051 bytes leftover after parsing attributes in process `syz.0.2211'.
[  143.992911][T10834] nbd: must specify at least one socket
[  144.275399][T10858] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  144.296225][T10860] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2224'.
[  144.301665][T10860] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2224'.
[  144.331002][T10863] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2226'.
[  144.699430][T10894] ip6tnl2: entered promiscuous mode
[  144.701301][T10894] ip6tnl2: entered allmulticast mode
[  145.176816][T10930] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2256'.
[  145.181916][T10930] netlink: 'syz.0.2256': attribute type 29 has an invalid length.
[  145.508398][T10960] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2268'.
[  145.512361][T10960] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  145.572827][T10966] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2270'.
[  145.731246][T10976] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2275'.
[  145.742049][T10976] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  145.745276][T10976] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  145.748254][T10976] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  145.751136][T10976] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  145.759777][T10976] netdevsim netdevsim2 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  145.762824][T10976] netdevsim netdevsim2 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  145.765959][T10976] netdevsim netdevsim2 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  145.768786][T10976] netdevsim netdevsim2 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  145.856091][T10978] lo speed is unknown, defaulting to 1000
[  145.862739][T10978] lo speed is unknown, defaulting to 1000
[  145.865486][T10978] lo speed is unknown, defaulting to 1000
[  145.876993][T10980] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  145.980240][ T5873] lo speed is unknown, defaulting to 1000
[  145.982690][T10978] infiniband syz0: set down
[  145.984688][T10978] infiniband syz0: added lo
[  146.015933][T10978] RDS/IB: syz0: added
[  146.019911][T10978] smc: adding ib device syz0 with port count 1
[  146.023174][T10978] smc:    ib device syz0 port 1 has pnetid SYZ2 (user defined)
[  146.030310][ T5873] lo speed is unknown, defaulting to 1000
[  146.035123][T10978] lo speed is unknown, defaulting to 1000
[  146.146515][T10996] netlink: 'syz.2.2284': attribute type 8 has an invalid length.
[  146.165222][T10978] lo speed is unknown, defaulting to 1000
[  146.255997][T11004] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2288'.
[  146.267628][T11004] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2288'.
[  146.276902][T10978] lo speed is unknown, defaulting to 1000
[  146.334997][T11008] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  146.337726][T11008] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  146.340248][T11008] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  146.342803][T11008] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  146.529205][T11027] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  146.531678][T11027] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  146.545197][T11027] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  146.557276][T11031] netlink: 'syz.2.2301': attribute type 1 has an invalid length.
[  146.612278][   T33] audit: type=1804 audit(1751815844.109:3): pid=11035 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2303" name="memory.events" dev="tmpfs" ino=3934 res=1 errno=0
[  146.628786][   T33] audit: type=1800 audit(1751815844.109:4): pid=11035 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2303" name="memory.events" dev="tmpfs" ino=3934 res=0 errno=0
[  146.905020][T11071] netlink: 'syz.1.2321': attribute type 11 has an invalid length.
[  146.971969][T11081] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  147.115913][T11097] netlink: 'syz.0.2334': attribute type 1 has an invalid length.
[  147.152244][T11103] netlink: 'syz.2.2337': attribute type 3 has an invalid length.
[  147.423168][T11126] vlan0: entered promiscuous mode
[  147.424807][T11126] bridge0: entered promiscuous mode
[  147.467588][T11127] 
[  147.468447][T11127] ======================================================
[  147.470663][T11127] WARNING: possible circular locking dependency detected
[  147.472929][T11127] 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 Not tainted
[  147.476448][T11127] ------------------------------------------------------
[  147.478791][T11127] syz.1.2348/11127 is trying to acquire lock:
[  147.480705][T11127] ffff88801fe01988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  147.484654][T11127] 
[  147.484654][T11127] but task is already holding lock:
[  147.487662][T11127] ffff88801fe01a30 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_connect+0x94f/0x1930
[  147.490967][T11127] 
[  147.490967][T11127] which lock already depends on the new lock.
[  147.490967][T11127] 
[  147.494417][T11127] 
[  147.494417][T11127] the existing dependency chain (in reverse order) is:
[  147.497293][T11127] 
[  147.497293][T11127] -> #2 (&nbd->config_lock){+.+.}-{4:4}:
[  147.499806][T11127]        lock_acquire+0x120/0x360
[  147.501492][T11127]        __mutex_lock+0x182/0xe80
[  147.503214][T11127]        refcount_dec_and_mutex_lock+0x30/0xa0
[  147.505189][T11127]        nbd_config_put+0x2c/0x790
[  147.506852][T11127]        nbd_release+0xfe/0x140
[  147.508373][T11127]        bdev_release+0x536/0x650
[  147.509974][T11127]        blkdev_release+0x15/0x20
[  147.511559][T11127]        __fput+0x44c/0xa70
[  147.513187][T11127]        fput_close_sync+0x119/0x200
[  147.515338][T11127]        __x64_sys_close+0x7f/0x110
[  147.516976][T11127]        do_syscall_64+0xfa/0x3b0
[  147.518594][T11127]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.520632][T11127] 
[  147.520632][T11127] -> #1 (&disk->open_mutex){+.+.}-{4:4}:
[  147.523180][T11127]        lock_acquire+0x120/0x360
[  147.524750][T11127]        __mutex_lock+0x182/0xe80
[  147.526304][T11127]        __del_gendisk+0x129/0x9e0
[  147.527913][T11127]        del_gendisk+0xe8/0x160
[  147.529546][T11127]        nbd_dev_remove_work+0x47/0xe0
[  147.531429][T11127]        process_scheduled_works+0xae1/0x17b0
[  147.533532][T11127]        worker_thread+0x8a0/0xda0
[  147.535161][T11127]        kthread+0x711/0x8a0
[  147.536968][T11127]        ret_from_fork+0x3fc/0x770
[  147.539009][T11127]        ret_from_fork_asm+0x1a/0x30
[  147.540664][T11127] 
[  147.540664][T11127] -> #0 (&set->update_nr_hwq_lock){++++}-{4:4}:
[  147.543335][T11127]        validate_chain+0xb9b/0x2140
[  147.545278][T11127]        __lock_acquire+0xab9/0xd20
[  147.547400][T11127]        lock_acquire+0x120/0x360
[  147.549302][T11127]        down_write+0x96/0x1f0
[  147.551103][T11127]        blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  147.553654][T11127]        nbd_start_device+0x16c/0xac0
[  147.555871][T11127]        nbd_genl_connect+0x1250/0x1930
[  147.558089][T11127]        genl_family_rcv_msg_doit+0x215/0x300
[  147.560090][T11127]        genl_rcv_msg+0x60e/0x790
[  147.561699][T11127]        netlink_rcv_skb+0x208/0x470
[  147.563441][T11127]        genl_rcv+0x28/0x40
[  147.564900][T11127]        netlink_unicast+0x75b/0x8d0
[  147.566632][T11127]        netlink_sendmsg+0x805/0xb30
[  147.568280][T11127]        __sock_sendmsg+0x21c/0x270
[  147.569922][T11127]        ____sys_sendmsg+0x505/0x830
[  147.571558][T11127]        ___sys_sendmsg+0x21f/0x2a0
[  147.573267][T11127]        __x64_sys_sendmsg+0x19b/0x260
[  147.574993][T11127]        do_syscall_64+0xfa/0x3b0
[  147.576536][T11127]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.578536][T11127] 
[  147.578536][T11127] other info that might help us debug this:
[  147.578536][T11127] 
[  147.581629][T11127] Chain exists of:
[  147.581629][T11127]   &set->update_nr_hwq_lock --> &disk->open_mutex --> &nbd->config_lock
[  147.581629][T11127] 
[  147.586732][T11127]  Possible unsafe locking scenario:
[  147.586732][T11127] 
[  147.589041][T11127]        CPU0                    CPU1
[  147.590725][T11127]        ----                    ----
[  147.592405][T11127]   lock(&nbd->config_lock);
[  147.593894][T11127]                                lock(&disk->open_mutex);
[  147.596076][T11127]                                lock(&nbd->config_lock);
[  147.598310][T11127]   lock(&set->update_nr_hwq_lock);
[  147.599994][T11127] 
[  147.599994][T11127]  *** DEADLOCK ***
[  147.599994][T11127] 
[  147.602565][T11127] 3 locks held by syz.1.2348/11127:
[  147.604270][T11127]  #0: ffffffff8f576170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  147.606801][T11127]  #1: ffffffff8f575f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  147.609572][T11127]  #2: ffff88801fe01a30 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_connect+0x94f/0x1930
[  147.612719][T11127] 
[  147.612719][T11127] stack backtrace:
[  147.614584][T11127] CPU: 1 UID: 0 PID: 11127 Comm: syz.1.2348 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  147.614597][T11127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  147.614603][T11127] Call Trace:
[  147.614627][T11127]  <TASK>
[  147.614634][T11127]  dump_stack_lvl+0x189/0x250
[  147.614653][T11127]  ? __pfx_dump_stack_lvl+0x10/0x10
[  147.614665][T11127]  ? __pfx__printk+0x10/0x10
[  147.614675][T11127]  ? print_lock_name+0xde/0x100
[  147.614685][T11127]  print_circular_bug+0x2ee/0x310
[  147.614695][T11127]  check_noncircular+0x134/0x160
[  147.614706][T11127]  validate_chain+0xb9b/0x2140
[  147.614713][T11127]  ? __lock_acquire+0xab9/0xd20
[  147.614730][T11127]  __lock_acquire+0xab9/0xd20
[  147.614742][T11127]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  147.614755][T11127]  lock_acquire+0x120/0x360
[  147.614763][T11127]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  147.614774][T11127]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  147.614786][T11127]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  147.614796][T11127]  down_write+0x96/0x1f0
[  147.614803][T11127]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  147.614814][T11127]  ? __pfx_down_write+0x10/0x10
[  147.614822][T11127]  blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  147.614833][T11127]  ? nbd_add_socket+0x688/0x9a0
[  147.614850][T11127]  ? nbd_add_socket+0x688/0x9a0
[  147.614861][T11127]  nbd_start_device+0x16c/0xac0
[  147.614872][T11127]  ? __nla_parse+0x40/0x60
[  147.614883][T11127]  nbd_genl_connect+0x1250/0x1930
[  147.614894][T11127]  ? __pfx_nbd_genl_connect+0x10/0x10
[  147.614905][T11127]  ? __nla_parse+0x40/0x60
[  147.614915][T11127]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  147.614931][T11127]  genl_family_rcv_msg_doit+0x215/0x300
[  147.614943][T11127]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  147.614956][T11127]  genl_rcv_msg+0x60e/0x790
[  147.614967][T11127]  ? __pfx_genl_rcv_msg+0x10/0x10
[  147.614976][T11127]  ? __pfx_nbd_genl_connect+0x10/0x10
[  147.614987][T11127]  netlink_rcv_skb+0x208/0x470
[  147.614995][T11127]  ? __pfx_genl_rcv_msg+0x10/0x10
[  147.615004][T11127]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  147.615014][T11127]  ? down_read+0x1ad/0x2e0
[  147.615021][T11127]  genl_rcv+0x28/0x40
[  147.615030][T11127]  netlink_unicast+0x75b/0x8d0
[  147.615038][T11127]  netlink_sendmsg+0x805/0xb30
[  147.615047][T11127]  ? __pfx_netlink_sendmsg+0x10/0x10
[  147.615055][T11127]  ? aa_sock_msg_perm+0x94/0x160
[  147.615066][T11127]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  147.615076][T11127]  ? __pfx_netlink_sendmsg+0x10/0x10
[  147.615083][T11127]  __sock_sendmsg+0x21c/0x270
[  147.615094][T11127]  ____sys_sendmsg+0x505/0x830
[  147.615103][T11127]  ? __pfx_____sys_sendmsg+0x10/0x10
[  147.615113][T11127]  ? import_iovec+0x74/0xa0
[  147.615120][T11127]  ___sys_sendmsg+0x21f/0x2a0
[  147.615128][T11127]  ? __pfx____sys_sendmsg+0x10/0x10
[  147.615142][T11127]  ? __fget_files+0x2a/0x420
[  147.615150][T11127]  ? __fget_files+0x3a0/0x420
[  147.615159][T11127]  __x64_sys_sendmsg+0x19b/0x260
[  147.615167][T11127]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  147.615177][T11127]  ? rcu_is_watching+0x15/0xb0
[  147.615189][T11127]  ? do_syscall_64+0xbe/0x3b0
[  147.615196][T11127]  do_syscall_64+0xfa/0x3b0
[  147.615202][T11127]  ? lockdep_hardirqs_on+0x9c/0x150
[  147.615211][T11127]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.615218][T11127]  ? exc_page_fault+0x9f/0xf0
[  147.615228][T11127]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.615235][T11127] RIP: 0033:0x7f6ebb78e929
[  147.615244][T11127] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  147.615251][T11127] RSP: 002b:00007f6ebc53a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  147.615259][T11127] RAX: ffffffffffffffda RBX: 00007f6ebb9b5fa0 RCX: 00007f6ebb78e929
[  147.615264][T11127] RDX: 0000000020000000 RSI: 0000200000001ac0 RDI: 0000000000000006
[  147.615268][T11127] RBP: 00007f6ebb810b39 R08: 0000000000000000 R09: 0000000000000000
[  147.615273][T11127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  147.615277][T11127] R13: 0000000000000000 R14: 00007f6ebb9b5fa0 R15: 00007ffd1efa3598
[  147.615285][T11127]  </TASK>
[  147.789483][   T57] block nbd0: Receive control failed (result -32)

VM DIAGNOSIS:
15:30:45  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=ffff88804b03b1c0 RCX=ffff888021755640 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=ffffc900228c7800 RSP=ffffc900228c76a0
R8 =ffffffff8fa10cf7 R9 =1ffffffff1f4219e R10=dffffc0000000000 R11=fffffbfff1f4219f
R12=1ffff11026cc7f5d R13=dffffc0000000000 R14=0000000000000001 R15=ffff88813663fae8
RIP=ffffffff81b4d912 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8650000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f43c18e56c0 CR3=000000000df38000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=0000000000000000 0000000000000000 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f43c0c11c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000038 RBX=0000000000000038 RCX=0000000000000000 RDX=00000000000003f8
RSI=00000000000012dd RDI=00000000000012de RBP=00000000000003f8 RSP=ffffc90003df6710
R8 =ffff888108cb0237 R9 =1ffff11021196046 R10=dffffc0000000000 R11=ffffffff85474610
R12=dffffc0000000000 R13=ffffffff99ac48ff R14=ffffffff99dc9760 R15=0000000000000000
RIP=ffffffff8547468c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f6ebc53a6c0 ffffffff 00c00000
GS =0000 ffff8881a3c50000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055558b2e65c8 CR3=00000000357c0000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=0000000000000000 0000000000000000 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f437ba11c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
