last executing test programs:

3.030398336s ago: executing program 2 (id=238):
r0 = socket$inet(0xa, 0x801, 0x100)
listen(r0, 0x81)

2.94934373s ago: executing program 2 (id=240):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee9, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$l2tp6(0xa, 0x2, 0x73)
connect$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x73fe, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x9, 0x2}, 0x20)

2.478453547s ago: executing program 2 (id=246):
r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r0, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10)
connect$llc(r0, &(0x7f0000000240)={0x1a, 0x20, 0x0, 0x9, 0x2, 0x0, @random='\x00\x00\x00\x00\x00\a'}, 0x10)
r1 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r1, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10)

2.350539348s ago: executing program 2 (id=248):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0xa00, &(0x7f00000001c0)=[{&(0x7f0000000300)="d8000000190081054e81f782db4cb904021d0800fe007c05e8fe55a1040012000a0014260c600e12100005007f370401a8001000200002400400027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x0)

2.231186723s ago: executing program 2 (id=251):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000000)={0xfbfc, 0x0, 0x0, 0x90f0}, 0x8)
sendto$inet6(r0, &(0x7f0000000300)="81", 0x1, 0x10, &(0x7f0000000280)={0xa, 0x0, 0x80000000, @private0={0xfc, 0x0, '\x00', 0x1}, 0x81}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x4e, 0x0, 0x0)

1.559865969s ago: executing program 1 (id=269):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002e80)=@delchain={0x1d8, 0x65, 0x20, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0xe}, {0x0, 0xb}}, [@filter_kind_options=@f_flow={{0x9}, {0x19c, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x8065738cbab9bcb1}, @TCA_FLOW_EMATCHES={0x170, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x154, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x9c, 0x2, 0x0, 0x0, {{0x4, 0x0, 0x7}, "645809825d93df900fa8fae387fbed6313a639f20b0238ccdd4da9fde2f0be34e659ba729925eff5ebd76dec200e0c6b209649b549944fb335b53ad7e5b0f72af98dbb05ee1778a3e952122289a807cd7b48f87fa52a56b8fa1ed950478a7e526d5afbe8006f3724cd7d7553d2825013cfb6f6c75b881ba76a73fc329b963abb903b4ac42a8121e56f0f0797ef"}}, @TCF_EM_NBYTE={0x18, 0x3, 0x0, 0x0, {{0x7, 0x2, 0x4}, {0x4, 0x5, 0x6, "ebe6c48aa9"}}}, @TCF_EM_CONTAINER={0x80, 0x3, 0x0, 0x0, {{0x4, 0x0, 0xb}, "d0fa3d16cd50d147bab4e8cc66b89a2f2ddd8d0b788aa8b69311701d1c85ab32acb6397660ea603b182034545dd0bd1327d2665d5a78a956ac2ec9921388b37854565074bc2cf7610bacd71b29b6291a2dbc80bf91fea392ac67adb245b0a25f26f1ee3e931815552be72cdd91a079b7c6ea14bf"}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x1, 0x3, 0x81}, {0x10, 0xe, 0x6, 0xd4c}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0xc, 0x1, 0x0, 0x0, {{0x1}}}]}]}, @TCA_FLOW_XOR={0x8, 0x7, 0xffffff7b}, @TCA_FLOW_PERTURB={0x8}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x7fff}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}, @filter_kind_options=@f_bpf={{0x8}, {0x4}}]}, 0x1d8}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

1.488603436s ago: executing program 1 (id=272):
r0 = socket$caif_stream(0x25, 0x1, 0x5)
recvmmsg(r0, &(0x7f0000004600)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x10100, 0x0)

1.43794792s ago: executing program 1 (id=273):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt(r0, 0x84, 0x80, &(0x7f0000000040)='\x00\x00\x00\x00\t\x00\x00\x00', 0x8)

1.436500251s ago: executing program 1 (id=275):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000180)={'ip6gre0\x00', &(0x7f0000000080)={'ip6gre0\x00', <r1=>0x0, 0x2f, 0xe8, 0xa8, 0x6, 0x53, @mcast1, @private2, 0x20, 0x8000, 0x0, 0x4}})
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-160\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
r4 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x34004811)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r5, 0x0, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080fffffffe0000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0)
recvmsg(r3, &(0x7f0000000c00)={0x0, 0x0, 0x0}, 0x2000)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000001c0), 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x8100, 0x0, {0xffe0, 0x10}, {0xd}, {0xe, 0x10}}, [@TCA_RATE={0x6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c800}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x30, 0x24, 0xd0f, 0x0, 0x25dfdbfb, {0x60, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8}}]}, 0x30}}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000200)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x6, '\x00', r1, 0xffffffffffffffff, 0x4, 0x1, 0x1}, 0x50)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000840)=ANY=[@ANYBLOB="3c0000001800ef0100000000000000000a00000000000000000000000c00090008000000", @ANYRES32=r8, @ANYBLOB="1400050000000000000000000000e3"], 0x3c}, 0x1, 0x11}, 0x0)

1.146864724s ago: executing program 2 (id=278):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x23, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB="a007f054286bf7d567c2c754d87acedc729065d86bd89cecadd557e7a8685b3013765445af4f8ed90cd9b8992631c742fa933278bb1086e515a6aebd0d1d08d2e5ffe3cedee8afedc9706dde047723286502e60e9ce54128b3165495515170a014add77a08db010435d3d32db666ad2ea9e0ec4d480410cd4d6a5d0052a6eccbba54b40246bad59c69410b3c40a467e51e55131f458a10f89f35e8", @ANYRES8, @ANYRES16], 0x7c}}, 0x0)
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='nr0\x00', 0x10)
sendmmsg$inet(r0, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2000000}}], 0xfdef, 0x0)
unshare(0x68040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, r0, 0xfffff000)
socket$alg(0x26, 0x5, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x149a40, 0x0)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002d00010000000000fcdbdf250401f2800800180004ac0f"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'caif0\x00', 0x6bf1c2d5adba8c32})
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000140)={0x1f, 0xffff, 0x3}, 0x6)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000013b80)=ANY=[@ANYBLOB="280000001b1401"], 0x28}, 0x1, 0x0, 0x0, 0xc0}, 0x10)
write(r3, &(0x7f00000000c0)="510003000000", 0x6)
r4 = socket$kcm(0x2, 0x5, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="1f0000001e0010002abd7000fddbdf2500006466eee0228583d7adb506681034571de4d1208dea343805c8bbd8f628c2dced39ce987cdef5f562dbcce751d2365d885f98cc44ba05de5542b300"/89], 0x14}}, 0x800)
r5 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r5, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r5, 0x8)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000080)=ANY=[], 0x10448)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x30, r6, 0x0)
r7 = accept4(r5, 0x0, 0x0, 0x80000)
setsockopt(r7, 0x84, 0x81, &(0x7f00000001c0)="020000000980ffff", 0x8)
write$tun(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="0000000002034a94030008000400ffffffffffffaaaaaaaaaabb080045f0002c00000000002f9078ac1e0001e0000001000065580018907804e700000000000086ddffff000000009821d9f02f84492bbbd4be4a7a07f75f9811bc6daea61f4c3e087df6270fbaebe2e58bf3bdde78b12eb4751b464bae68804e044ea798"], 0x48)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000080)={'syzkaller1\x00', @link_local})
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)

289.774955ms ago: executing program 0 (id=279):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000001000000000000018020000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="12000000070000000400000002"], 0x48)
socketpair(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000005c0)={r0, &(0x7f0000000480), &(0x7f0000000580)=@tcp=r2}, 0x99)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f0000000280)="aa", &(0x7f0000000400)=@udp=r1}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000240)={r0, &(0x7f0000000600), &(0x7f0000000340)=@udp=r1, 0x1}, 0x20)

218.810663ms ago: executing program 0 (id=280):
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e20, @remote}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0xffff, 0x2, 0x10, {0x2, 0x4e21, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x20000000)
sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="1800000000000000100100000100000051d833483cc75dd6900000000000000004000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319e2e66d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0)

218.477279ms ago: executing program 0 (id=281):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000004c0)={r0, 0x0, 0x0, 0x4}, 0x20)

147.639098ms ago: executing program 0 (id=282):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=@ipv6_getnexthop={0x20, 0x6a, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@NHA_ID={0x8, 0x1, 0x800001}]}, 0x20}, 0x1, 0x0, 0x0, 0x4010}, 0x0)

130.899971ms ago: executing program 1 (id=283):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0_to_hsr\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd2b, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0x8}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0xfffffffffffffe65, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xfff, 0x40, 0x172}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000084}, 0x3000c81c)

79.858753ms ago: executing program 0 (id=284):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x1, 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="61108d000000000095"], &(0x7f0000000200)='GPL\x00'}, 0x94)

318.047µs ago: executing program 0 (id=285):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x90}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_VERDICT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)={0x14, 0x3, 0x3, 0x101}, 0x14}, 0x1, 0x0, 0x0, 0x20004000}, 0x4)

0s ago: executing program 1 (id=286):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000000c0)={0x44, r4, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x4}, @NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r5}}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7fff}]}, 0x44}}, 0x20000000)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, r2, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24040090}, 0xc0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r7, 0x8983, &(0x7f0000001640)={0x0, 'veth0_to_hsr\x00', {0x3}, 0x4})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f00000002c0)=ANY=[@ANYRES32=r6, @ANYBLOB="a769ed16d431d963eff6c2d0f9113babb7ce9c9a317adc5c255123c8c3280fb83d7ef6e4571bc229479c5d4ca1cdbc9823e0e294d603260f4c32ea85c3a4dd6ec71e005b8576568eeb12745cf1951e0e6186"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NLBL_MGMT_C_ADD(r1, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)={0x58, 0x0, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @empty}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @remote}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @empty}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x2}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast2}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x3}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0xa}]}, 0x58}, 0x1, 0x0, 0x0, 0x20004010}, 0x400c000)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000080)={0x0, 'wlan0\x00', {0x1}, 0x10})

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:16818' (ED25519) to the list of known hosts.
syzkaller login: [   50.404642][ T5752] cgroup: Unknown subsys name 'net'
[   50.554263][ T5752] cgroup: Unknown subsys name 'cpuset'
[   50.561038][ T5752] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   52.564839][ T5752] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   57.862896][ T5824] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   57.866354][ T5824] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   57.869673][ T5824] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   57.873237][ T5824] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   57.879196][ T5824] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   57.966255][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   57.970093][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   57.973428][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   57.977449][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   57.981604][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   58.030753][ T5824] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   58.036159][ T5824] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   58.040127][ T5824] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   58.050197][ T5217] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   58.053873][ T5217] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   58.247974][ T5822] chnl_net:caif_netlink_parms(): no params data found
[   58.392147][ T5828] chnl_net:caif_netlink_parms(): no params data found
[   58.406253][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.410398][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.413453][ T5822] bridge_slave_0: entered allmulticast mode
[   58.417355][ T5822] bridge_slave_0: entered promiscuous mode
[   58.425366][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.428086][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.431230][ T5822] bridge_slave_1: entered allmulticast mode
[   58.434732][ T5822] bridge_slave_1: entered promiscuous mode
[   58.508534][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.514303][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.560548][ T5822] team0: Port device team_slave_0 added
[   58.565247][ T5830] chnl_net:caif_netlink_parms(): no params data found
[   58.581381][ T5822] team0: Port device team_slave_1 added
[   58.624349][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.626619][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.630968][ T5828] bridge_slave_0: entered allmulticast mode
[   58.634174][ T5828] bridge_slave_0: entered promiscuous mode
[   58.658195][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.660632][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.668347][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.673851][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.675914][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.684072][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.688116][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.692101][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.694596][ T5828] bridge_slave_1: entered allmulticast mode
[   58.697988][ T5828] bridge_slave_1: entered promiscuous mode
[   58.739697][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.758189][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.811987][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.814923][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.817727][ T5830] bridge_slave_0: entered allmulticast mode
[   58.822063][ T5830] bridge_slave_0: entered promiscuous mode
[   58.828552][ T5828] team0: Port device team_slave_0 added
[   58.834763][ T5828] team0: Port device team_slave_1 added
[   58.864020][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.866992][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.870492][ T5830] bridge_slave_1: entered allmulticast mode
[   58.874268][ T5830] bridge_slave_1: entered promiscuous mode
[   58.891888][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.894697][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.905418][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.916628][ T5822] hsr_slave_0: entered promiscuous mode
[   58.920362][ T5822] hsr_slave_1: entered promiscuous mode
[   58.937704][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.942511][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.952913][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.004570][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.034522][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.090079][ T5828] hsr_slave_0: entered promiscuous mode
[   59.093329][ T5828] hsr_slave_1: entered promiscuous mode
[   59.096141][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   59.100380][ T5828] Cannot create hsr debugfs directory
[   59.111089][ T5830] team0: Port device team_slave_0 added
[   59.116134][ T5830] team0: Port device team_slave_1 added
[   59.196422][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[   59.199331][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.210821][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.256741][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.259554][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.269385][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.408187][ T5830] hsr_slave_0: entered promiscuous mode
[   59.411662][ T5830] hsr_slave_1: entered promiscuous mode
[   59.414460][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   59.417393][ T5830] Cannot create hsr debugfs directory
[   59.501265][ T5822] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   59.509316][ T5822] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   59.527051][ T5822] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   59.547464][ T5822] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   59.636065][ T5828] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   59.645841][ T5828] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   59.662747][ T5828] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   59.670457][ T5828] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   59.732560][ T5830] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   59.737480][ T5830] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   59.744774][ T5830] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   59.751079][ T5830] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   59.893370][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.903336][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.929159][   T55] Bluetooth: hci0: command tx timeout
[   59.936990][ T5828] 8021q: adding VLAN 0 to HW filter on device team0
[   59.943668][ T5822] 8021q: adding VLAN 0 to HW filter on device team0
[   59.953403][   T32] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.956339][   T32] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.964208][   T32] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.967001][   T32] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.983656][   T32] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.986511][   T32] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.993998][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.009599][   T55] Bluetooth: hci1: command tx timeout
[   60.013480][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.016336][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.056694][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[   60.077631][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.080058][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.089799][   T55] Bluetooth: hci2: command tx timeout
[   60.110287][   T32] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.113113][   T32] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.291120][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.343477][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.375357][ T5822] veth0_vlan: entered promiscuous mode
[   60.394957][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.405621][ T5822] veth1_vlan: entered promiscuous mode
[   60.436353][ T5828] veth0_vlan: entered promiscuous mode
[   60.458259][ T5828] veth1_vlan: entered promiscuous mode
[   60.468062][ T5822] veth0_macvtap: entered promiscuous mode
[   60.486470][ T5822] veth1_macvtap: entered promiscuous mode
[   60.505330][ T5830] veth0_vlan: entered promiscuous mode
[   60.525668][ T5830] veth1_vlan: entered promiscuous mode
[   60.536082][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.546118][ T5828] veth0_macvtap: entered promiscuous mode
[   60.553066][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.565217][ T5828] veth1_macvtap: entered promiscuous mode
[   60.571365][ T5822] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.574947][ T5822] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.578266][ T5822] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.582442][ T5822] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   60.627685][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.632308][ T5830] veth0_macvtap: entered promiscuous mode
[   60.653224][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.660685][ T5830] veth1_macvtap: entered promiscuous mode
[   60.675480][ T5828] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.680216][ T5828] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.683718][ T5828] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.687149][ T5828] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   60.725854][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.731697][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.735787][ T5830] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.738399][ T5830] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.742149][ T5830] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.744955][ T5830] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   60.768433][   T32] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.772589][   T32] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.830961][   T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.837265][   T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.888921][   T32] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.891709][   T32] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.913418][ T5822] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   60.938082][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.943007][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.943861][   T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.954279][   T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.000744][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.003690][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.097088][ T5895] tipc: Started in network mode
[   61.100223][ T5895] tipc: Node identity ff010000000000000000000000000001, cluster identity 4711
[   61.103011][ T5895] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[   61.247296][ T5908] syz.2.9 uses obsolete (PF_INET,SOCK_PACKET)
[   61.403562][ T5919] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   61.418128][ T5920] netlink: 'syz.0.15': attribute type 2 has an invalid length.
[   61.537093][ T5927] netlink: 20 bytes leftover after parsing attributes in process `syz.0.19'.
[   62.010041][   T55] Bluetooth: hci0: command tx timeout
[   62.090847][   T55] Bluetooth: hci1: command tx timeout
[   62.169308][   T55] Bluetooth: hci2: command tx timeout
[   62.825104][ T5968] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   63.132167][ T5985] ip6erspan0: entered allmulticast mode
[   63.424773][ T6008] netlink: 'syz.1.51': attribute type 10 has an invalid length.
[   63.436188][ T6008] batman_adv: batadv0: Adding interface: team0
[   63.439834][ T6008] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.447496][ T6008] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[   63.458397][ T6008] netlink: 'syz.1.51': attribute type 10 has an invalid length.
[   63.461296][ T6008] netlink: 2 bytes leftover after parsing attributes in process `syz.1.51'.
[   63.464901][ T6008] team0: entered promiscuous mode
[   63.467006][ T6008] team_slave_0: entered promiscuous mode
[   63.470793][ T6008] team_slave_1: entered promiscuous mode
[   63.475020][ T6008] 8021q: adding VLAN 0 to HW filter on device team0
[   63.477651][ T6008] batman_adv: batadv0: Interface activated: team0
[   63.480853][ T6008] batman_adv: batadv0: Interface deactivated: team0
[   63.483088][ T6008] batman_adv: batadv0: Removing interface: team0
[   63.486624][ T6008] bridge0: port 3(team0) entered blocking state
[   63.489213][ T6008] bridge0: port 3(team0) entered disabled state
[   63.491882][ T6008] team0: entered allmulticast mode
[   63.494048][ T6008] team_slave_0: entered allmulticast mode
[   63.495900][ T6008] team_slave_1: entered allmulticast mode
[   63.502565][ T6008] bridge0: port 3(team0) entered blocking state
[   63.505324][ T6008] bridge0: port 3(team0) entered forwarding state
[   63.516112][ T6010] netlink: 4 bytes leftover after parsing attributes in process `syz.2.52'.
[   63.591886][ T6012] netlink: 4 bytes leftover after parsing attributes in process `syz.1.53'.
[   63.907197][ T6018] netlink: 28 bytes leftover after parsing attributes in process `syz.2.56'.
[   64.089418][   T55] Bluetooth: hci0: command tx timeout
[   64.172620][   T55] Bluetooth: hci1: command tx timeout
[   64.253824][   T55] Bluetooth: hci2: command tx timeout
[   64.333239][ T6039] netlink: 8 bytes leftover after parsing attributes in process `syz.0.66'.
[   64.362828][ T6039] netlink: 16 bytes leftover after parsing attributes in process `syz.0.66'.
[   64.498121][ T6051] netlink: 72 bytes leftover after parsing attributes in process `syz.0.71'.
[   64.944390][ T6075] xt_CT: You must specify a L4 protocol and not use inversions on it
[   65.107777][ T6083] syz.0.87: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[   65.131819][ T6083] CPU: 0 UID: 0 PID: 6083 Comm: syz.0.87 Not tainted 6.16.0-rc5-syzkaller-00159-g47c84997c686-dirty #0 PREEMPT(full) 
[   65.131849][ T6083] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   65.131856][ T6083] Call Trace:
[   65.131861][ T6083]  <TASK>
[   65.131865][ T6083]  dump_stack_lvl+0x189/0x250
[   65.131886][ T6083]  ? __pfx_dump_stack_lvl+0x10/0x10
[   65.131897][ T6083]  ? __pfx__printk+0x10/0x10
[   65.131909][ T6083]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[   65.131922][ T6083]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[   65.131933][ T6083]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[   65.131945][ T6083]  warn_alloc+0x214/0x310
[   65.131959][ T6083]  ? stack_depot_save_flags+0x429/0x900
[   65.131974][ T6083]  ? __pfx_warn_alloc+0x10/0x10
[   65.131987][ T6083]  ? kasan_save_track+0x4f/0x80
[   65.131998][ T6083]  ? xskq_create+0x56/0x170
[   65.132010][ T6083]  ? xsk_init_queue+0xb0/0x110
[   65.132020][ T6083]  ? xsk_setsockopt+0x43f/0x710
[   65.132029][ T6083]  ? do_sock_setsockopt+0x25a/0x3e0
[   65.132043][ T6083]  ? __x64_sys_setsockopt+0x18b/0x220
[   65.132052][ T6083]  ? do_syscall_64+0xfa/0x3b0
[   65.132061][ T6083]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.132072][ T6083]  __vmalloc_node_range_noprof+0x125/0x12f0
[   65.132096][ T6083]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   65.132138][ T6083]  ? __kasan_kmalloc+0x93/0xb0
[   65.132151][ T6083]  vmalloc_user_noprof+0xad/0xf0
[   65.132162][ T6083]  ? xskq_create+0xbf/0x170
[   65.132175][ T6083]  xskq_create+0xbf/0x170
[   65.132190][ T6083]  xsk_init_queue+0xb0/0x110
[   65.132203][ T6083]  xsk_setsockopt+0x43f/0x710
[   65.132215][ T6083]  ? __pfx_xsk_setsockopt+0x10/0x10
[   65.132226][ T6083]  ? __lock_acquire+0xab9/0xd20
[   65.132239][ T6083]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[   65.132251][ T6083]  ? __pfx_xsk_setsockopt+0x10/0x10
[   65.132263][ T6083]  do_sock_setsockopt+0x25a/0x3e0
[   65.132274][ T6083]  ? __pfx_do_sock_setsockopt+0x10/0x10
[   65.132286][ T6083]  ? __fget_files+0x2a/0x420
[   65.132301][ T6083]  __x64_sys_setsockopt+0x18b/0x220
[   65.132313][ T6083]  do_syscall_64+0xfa/0x3b0
[   65.132320][ T6083]  ? lockdep_hardirqs_on+0x9c/0x150
[   65.132333][ T6083]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.132340][ T6083]  ? exc_page_fault+0x9f/0xf0
[   65.132353][ T6083]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.132360][ T6083] RIP: 0033:0x7f7c2298e929
[   65.132370][ T6083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   65.132377][ T6083] RSP: 002b:00007f7c23727038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   65.132389][ T6083] RAX: ffffffffffffffda RBX: 00007f7c22bb5fa0 RCX: 00007f7c2298e929
[   65.132395][ T6083] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000008
[   65.132400][ T6083] RBP: 00007f7c22a10b39 R08: 0000000000000004 R09: 0000000000000000
[   65.132405][ T6083] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[   65.132412][ T6083] R13: 0000000000000000 R14: 00007f7c22bb5fa0 R15: 00007ffc018a1d38
[   65.132430][ T6083]  </TASK>
[   65.132465][ T6083] Mem-Info:
[   65.235643][ T6083] active_anon:5644 inactive_anon:0 isolated_anon:0
[   65.235643][ T6083]  active_file:860 inactive_file:38204 isolated_file:0
[   65.235643][ T6083]  unevictable:1768 dirty:1445 writeback:0
[   65.235643][ T6083]  slab_reclaimable:9070 slab_unreclaimable:52902
[   65.235643][ T6083]  mapped:18032 shmem:2436 pagetables:914
[   65.235643][ T6083]  sec_pagetables:0 bounce:0
[   65.235643][ T6083]  kernel_misc_reclaimable:0
[   65.235643][ T6083]  free:300701 free_pcp:23427 free_cma:0
[   65.258434][ T6083] Node 0 active_anon:13928kB inactive_anon:0kB active_file:2672kB inactive_file:16684kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:37388kB dirty:1460kB writeback:0kB shmem:4852kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:8276kB pagetables:2560kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   65.263577][ T6096] netlink: 596 bytes leftover after parsing attributes in process `syz.1.93'.
[   65.296084][ T6083] Node 1 active_anon:8716kB inactive_anon:0kB active_file:768kB inactive_file:136132kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:34808kB dirty:4320kB writeback:0kB shmem:4892kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:3012kB pagetables:1164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   65.309254][ T6094] Zero length message leads to an empty skb
[   65.312705][ T6083] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   65.317203][ T6094] nbd: must specify at least one socket
[   65.325469][ T6083] lowmem_reserve[]: 0 812 812 812 812
[   65.328139][ T6083] Node 0 DMA32 free:375768kB boost:0kB min:33656kB low:42068kB high:50480kB reserved_highatomic:0KB free_highatomic:0KB active_anon:13996kB inactive_anon:0kB active_file:2672kB inactive_file:16684kB unevictable:3536kB writepending:1460kB present:1556484kB managed:831872kB mlocked:0kB bounce:0kB free_pcp:33972kB local_pcp:15216kB free_cma:0kB
[   65.364962][ T6097] Bluetooth: MGMT ver 1.23
[   65.387541][ T6090] Bluetooth: hci0: Opcode 0x0c03 failed: -112
[   65.391151][ T6083] lowmem_reserve[]: 0 0 0 0 0
[   65.396269][ T6083] Node 1 DMA32 free:458616kB boost:0kB min:19192kB low:23988kB high:28784kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   65.407256][ T6083] lowmem_reserve[]: 0 0 854 854 854
[   65.413726][ T6083] Node 1 Normal free:352292kB boost:0kB min:36616kB low:45768kB high:54920kB reserved_highatomic:0KB free_highatomic:0KB active_anon:8648kB inactive_anon:0kB active_file:768kB inactive_file:136132kB unevictable:3536kB writepending:4320kB present:1048576kB managed:875016kB mlocked:0kB bounce:0kB free_pcp:60740kB local_pcp:19152kB free_cma:0kB
[   65.425650][ T6083] lowmem_reserve[]: 0 0 0 0 0
[   65.427152][ T6083] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   65.431468][ T6083] Node 0 DMA32: 269*4kB (UME) 130*8kB (UM) 66*16kB (UM) 83*32kB (UME) 11*64kB (UME) 1*128kB (U) 1*256kB (U) 2*512kB (UM) 1*1024kB (U) 3*2048kB (UME) 88*4096kB (M) = 375556kB
[   65.437113][ T6083] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[   65.442849][ T6083] Node 1 Normal: 565*4kB (UM) 116*8kB (UME) 125*16kB (UM) 318*32kB (UME) 56*64kB (UME) 14*128kB (UME) 10*256kB (UME) 6*512kB (UME) 4*1024kB (M) 5*2048kB (ME) 76*4096kB (UM) = 352004kB
[   65.464554][ T6083] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   65.468655][ T6083] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   65.471904][ T6083] 41517 total pagecache pages
[   65.473544][ T6083] 0 pages in swap cache
[   65.475018][ T6083] Free swap  = 124996kB
[   65.476450][ T6083] Total swap = 124996kB
[   65.477866][ T6083] 786301 pages RAM
[   65.480499][ T6083] 0 pages HighMem/MovableOnly
[   65.482150][ T6083] 241085 pages reserved
[   65.483566][ T6083] 0 pages cma reserved
[   65.683725][ T6112] (unnamed net_device) (uninitialized): up delay (1024) is not a multiple of miimon (100), value rounded to 1000 ms
[   65.688613][ T6112] (unnamed net_device) (uninitialized): down delay (4) is not a multiple of miimon (100), value rounded to 0 ms
[   65.846133][ T6121] netlink: 12 bytes leftover after parsing attributes in process `syz.2.104'.
[   65.891095][ T6123] netlink: 'syz.0.105': attribute type 16 has an invalid length.
[   65.897026][ T6123] netlink: 'syz.0.105': attribute type 3 has an invalid length.
[   65.916939][   T33] audit: type=1800 audit(1752523636.951:2): pid=6124 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.104" name="memory.events" dev="tmpfs" ino=195 res=0 errno=0
[   66.250641][ T5217] Bluetooth: hci1: command tx timeout
[   66.330357][ T5217] Bluetooth: hci2: command tx timeout
[   66.656221][ T6154] dvmrp8: entered allmulticast mode
[   66.664297][ T6153] dvmrp8: left allmulticast mode
[   67.449009][   T55] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[   68.017366][ T6199] __nla_validate_parse: 1 callbacks suppressed
[   68.017377][ T6199] netlink: 16 bytes leftover after parsing attributes in process `syz.2.135'.
[   68.585885][ T6237] netlink: 1 bytes leftover after parsing attributes in process `syz.1.150'.
[   68.702565][ T6246] erspan0: entered promiscuous mode
[   68.706432][ T6246] batman_adv: batadv0: Adding interface: macvlan2
[   68.708545][ T6246] batman_adv: batadv0: The MTU of interface macvlan2 is too small (1450) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.716846][ T6246] batman_adv: batadv0: Interface activated: macvlan2
[   68.738167][ T6247] syz.1.154 (6247) used greatest stack depth: 19960 bytes left
[   68.968107][ T6260] netlink: 212924 bytes leftover after parsing attributes in process `syz.1.161'.
[   69.070056][ T6266] netlink: 'syz.0.164': attribute type 11 has an invalid length.
[   69.602752][ T6299] netlink: 16 bytes leftover after parsing attributes in process `syz.2.180'.
[   70.577959][ T6360] netlink: 'syz.0.206': attribute type 1 has an invalid length.
[   70.584912][ T6360] netlink: 136 bytes leftover after parsing attributes in process `syz.0.206'.
[   70.588343][ T6360] netlink: 'syz.0.206': attribute type 2 has an invalid length.
[   70.592936][ T6360] netlink: 'syz.0.206': attribute type 1 has an invalid length.
[   70.751827][    T9] IPVS: starting estimator thread 0...
[   70.838927][ T6371] IPVS: using max 43 ests per chain, 103200 per kthread
[   71.054772][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   71.058231][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   71.134898][ T6388] netlink: 8 bytes leftover after parsing attributes in process `syz.0.219'.
[   71.213110][ T6394] xt_CT: You must specify a L4 protocol and not use inversions on it
[   71.890054][ T6428] wireguard0: entered promiscuous mode
[   71.908978][ T6428] wireguard0: entered allmulticast mode
[   71.934743][ T6436] netlink: 104 bytes leftover after parsing attributes in process `syz.0.241'.
[   72.423305][ T6452] netlink: 24 bytes leftover after parsing attributes in process `syz.0.249'.
[   72.462591][ T6454] netlink: 172 bytes leftover after parsing attributes in process `syz.2.248'.
[   72.770163][ T6471] netlink: 4 bytes leftover after parsing attributes in process `syz.1.257'.
[   72.820787][ T6473] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[   73.247081][ T6500] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[   73.403281][ T6509] netlink: 'syz.1.275': attribute type 16 has an invalid length.
[   73.406386][ T6509] netlink: 'syz.1.275': attribute type 17 has an invalid length.
[   73.474413][ T6509] bridge0: port 3(team0) entered disabled state
[   73.477256][ T6509] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.481519][ T6509] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.504811][ T6512] netlink: 312 bytes leftover after parsing attributes in process `syz.0.276'.
[   73.510756][ T6513] IPv6: NLM_F_REPLACE set, but no existing node found!
[   73.663473][ T6509] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   73.672288][ T6509] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   73.940196][ T6518] netlink: 248 bytes leftover after parsing attributes in process `syz.2.278'.
[   74.521490][ T6509] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   74.525018][ T6509] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   74.528408][ T6509] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   74.544458][ T6509] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   74.611160][ T6510] netlink: 4 bytes leftover after parsing attributes in process `syz.1.275'.
[   74.711726][ T6535] netlink: 20 bytes leftover after parsing attributes in process `syz.1.283'.
[   74.835761][ T6543] 
[   74.836785][ T6543] ======================================================
[   74.839087][ T6543] WARNING: possible circular locking dependency detected
[   74.841867][ T6543] 6.16.0-rc5-syzkaller-00159-g47c84997c686-dirty #0 Not tainted
[   74.845921][ T6543] ------------------------------------------------------
[   74.848673][ T6543] syz.1.286/6543 is trying to acquire lock:
[   74.851007][ T6543] ffff88801ab79188 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   74.855166][ T6543] 
[   74.855166][ T6543] but task is already holding lock:
[   74.858046][ T6543] ffff88801ab79230 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_connect+0x94f/0x1930
[   74.861814][ T6543] 
[   74.861814][ T6543] which lock already depends on the new lock.
[   74.861814][ T6543] 
[   74.865767][ T6543] 
[   74.865767][ T6543] the existing dependency chain (in reverse order) is:
[   74.869156][ T6543] 
[   74.869156][ T6543] -> #2 (&nbd->config_lock){+.+.}-{4:4}:
[   74.872166][ T6543]        lock_acquire+0x120/0x360
[   74.874126][ T6543]        __mutex_lock+0x182/0xe80
[   74.876053][ T6543]        refcount_dec_and_mutex_lock+0x30/0xa0
[   74.878420][ T6543]        nbd_config_put+0x2c/0x790
[   74.880370][ T6543]        nbd_release+0xfe/0x140
[   74.882307][ T6543]        bdev_release+0x536/0x650
[   74.884308][ T6543]        blkdev_release+0x15/0x20
[   74.886330][ T6543]        __fput+0x44c/0xa70
[   74.888158][ T6543]        fput_close_sync+0x119/0x200
[   74.890296][ T6543]        __x64_sys_close+0x7f/0x110
[   74.892354][ T6543]        do_syscall_64+0xfa/0x3b0
[   74.894369][ T6543]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.897004][ T6543] 
[   74.897004][ T6543] -> #1 (&disk->open_mutex){+.+.}-{4:4}:
[   74.900102][ T6543]        lock_acquire+0x120/0x360
[   74.902062][ T6543]        __mutex_lock+0x182/0xe80
[   74.903999][ T6543]        __del_gendisk+0x129/0x9e0
[   74.905961][ T6543]        del_gendisk+0xe8/0x160
[   74.907867][ T6543]        nbd_dev_remove_work+0x47/0xe0
[   74.909921][ T6543]        process_scheduled_works+0xae1/0x17b0
[   74.912200][ T6543]        worker_thread+0x8a0/0xda0
[   74.914161][ T6543]        kthread+0x711/0x8a0
[   74.915946][ T6543]        ret_from_fork+0x3fc/0x770
[   74.917923][ T6543]        ret_from_fork_asm+0x1a/0x30
[   74.919955][ T6543] 
[   74.919955][ T6543] -> #0 (&set->update_nr_hwq_lock){++++}-{4:4}:
[   74.923145][ T6543]        validate_chain+0xb9b/0x2140
[   74.925229][ T6543]        __lock_acquire+0xab9/0xd20
[   74.927327][ T6543]        lock_acquire+0x120/0x360
[   74.929382][ T6543]        down_write+0x96/0x1f0
[   74.931195][ T6543]        blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   74.933662][ T6543]        nbd_start_device+0x16c/0xac0
[   74.935795][ T6543]        nbd_genl_connect+0x1250/0x1930
[   74.938085][ T6543]        genl_family_rcv_msg_doit+0x215/0x300
[   74.940545][ T6543]        genl_rcv_msg+0x60e/0x790
[   74.942549][ T6543]        netlink_rcv_skb+0x208/0x470
[   74.944572][ T6543]        genl_rcv+0x28/0x40
[   74.946301][ T6543]        netlink_unicast+0x75c/0x8e0
[   74.948300][ T6543]        netlink_sendmsg+0x805/0xb30
[   74.950299][ T6543]        __sock_sendmsg+0x21c/0x270
[   74.952342][ T6543]        ____sys_sendmsg+0x505/0x830
[   74.954431][ T6543]        ___sys_sendmsg+0x21f/0x2a0
[   74.956456][ T6543]        __x64_sys_sendmsg+0x19b/0x260
[   74.958607][ T6543]        do_syscall_64+0xfa/0x3b0
[   74.960499][ T6543]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.962947][ T6543] 
[   74.962947][ T6543] other info that might help us debug this:
[   74.962947][ T6543] 
[   74.966864][ T6543] Chain exists of:
[   74.966864][ T6543]   &set->update_nr_hwq_lock --> &disk->open_mutex --> &nbd->config_lock
[   74.966864][ T6543] 
[   74.972180][ T6543]  Possible unsafe locking scenario:
[   74.972180][ T6543] 
[   74.975042][ T6543]        CPU0                    CPU1
[   74.977137][ T6543]        ----                    ----
[   74.979295][ T6543]   lock(&nbd->config_lock);
[   74.981157][ T6543]                                lock(&disk->open_mutex);
[   74.983887][ T6543]                                lock(&nbd->config_lock);
[   74.986620][ T6543]   lock(&set->update_nr_hwq_lock);
[   74.988619][ T6543] 
[   74.988619][ T6543]  *** DEADLOCK ***
[   74.988619][ T6543] 
[   74.991715][ T6543] 3 locks held by syz.1.286/6543:
[   74.993642][ T6543]  #0: ffffffff8f583b70 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[   74.996824][ T6543]  #1: ffffffff8f583988 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[   75.000347][ T6543]  #2: ffff88801ab79230 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_connect+0x94f/0x1930
[   75.004302][ T6543] 
[   75.004302][ T6543] stack backtrace:
[   75.006515][ T6543] CPU: 1 UID: 0 PID: 6543 Comm: syz.1.286 Not tainted 6.16.0-rc5-syzkaller-00159-g47c84997c686-dirty #0 PREEMPT(full) 
[   75.006540][ T6543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   75.006550][ T6543] Call Trace:
[   75.006558][ T6543]  <TASK>
[   75.006566][ T6543]  dump_stack_lvl+0x189/0x250
[   75.006590][ T6543]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.006607][ T6543]  ? __pfx__printk+0x10/0x10
[   75.006627][ T6543]  ? print_lock_name+0xde/0x100
[   75.006648][ T6543]  print_circular_bug+0x2ee/0x310
[   75.006668][ T6543]  check_noncircular+0x134/0x160
[   75.006687][ T6543]  validate_chain+0xb9b/0x2140
[   75.006712][ T6543]  __lock_acquire+0xab9/0xd20
[   75.006729][ T6543]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   75.006745][ T6543]  lock_acquire+0x120/0x360
[   75.006758][ T6543]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   75.006775][ T6543]  ? __mutex_unlock_slowpath+0x1cd/0x700
[   75.006790][ T6543]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   75.006811][ T6543]  down_write+0x96/0x1f0
[   75.006826][ T6543]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   75.006842][ T6543]  ? __pfx_down_write+0x10/0x10
[   75.006860][ T6543]  blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   75.006878][ T6543]  ? nbd_add_socket+0x688/0x9a0
[   75.006893][ T6543]  ? nbd_add_socket+0x688/0x9a0
[   75.006909][ T6543]  nbd_start_device+0x16c/0xac0
[   75.006924][ T6543]  ? __nla_parse+0x40/0x60
[   75.006939][ T6543]  nbd_genl_connect+0x1250/0x1930
[   75.006956][ T6543]  ? __pfx_nbd_genl_connect+0x10/0x10
[   75.006975][ T6543]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[   75.007001][ T6543]  genl_family_rcv_msg_doit+0x215/0x300
[   75.007025][ T6543]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   75.007052][ T6543]  genl_rcv_msg+0x60e/0x790
[   75.007074][ T6543]  ? __pfx_genl_rcv_msg+0x10/0x10
[   75.007093][ T6543]  ? __pfx_nbd_genl_connect+0x10/0x10
[   75.007111][ T6543]  netlink_rcv_skb+0x208/0x470
[   75.007126][ T6543]  ? __pfx_genl_rcv_msg+0x10/0x10
[   75.007146][ T6543]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   75.007165][ T6543]  ? down_read+0x1ad/0x2e0
[   75.007202][ T6543]  genl_rcv+0x28/0x40
[   75.007222][ T6543]  netlink_unicast+0x75c/0x8e0
[   75.007240][ T6543]  netlink_sendmsg+0x805/0xb30
[   75.007297][ T6543]  ? __pfx_netlink_sendmsg+0x10/0x10
[   75.007315][ T6543]  ? aa_sock_msg_perm+0x94/0x160
[   75.007339][ T6543]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   75.007360][ T6543]  ? __pfx_netlink_sendmsg+0x10/0x10
[   75.007378][ T6543]  __sock_sendmsg+0x21c/0x270
[   75.007392][ T6543]  ____sys_sendmsg+0x505/0x830
[   75.007412][ T6543]  ? __pfx_____sys_sendmsg+0x10/0x10
[   75.007432][ T6543]  ? import_iovec+0x74/0xa0
[   75.007449][ T6543]  ___sys_sendmsg+0x21f/0x2a0
[   75.007466][ T6543]  ? __pfx____sys_sendmsg+0x10/0x10
[   75.007494][ T6543]  ? __fget_files+0x2a/0x420
[   75.007512][ T6543]  ? __fget_files+0x3a0/0x420
[   75.007541][ T6543]  __x64_sys_sendmsg+0x19b/0x260
[   75.007562][ T6543]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   75.007584][ T6543]  ? rcu_is_watching+0x15/0xb0
[   75.007606][ T6543]  ? do_syscall_64+0xbe/0x3b0
[   75.007621][ T6543]  do_syscall_64+0xfa/0x3b0
[   75.007634][ T6543]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.007656][ T6543]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.007670][ T6543]  ? exc_page_fault+0x9f/0xf0
[   75.007692][ T6543]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.007706][ T6543] RIP: 0033:0x7f2b0078e929
[   75.007721][ T6543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.007735][ T6543] RSP: 002b:00007f2afe5f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   75.007751][ T6543] RAX: ffffffffffffffda RBX: 00007f2b009b5fa0 RCX: 00007f2b0078e929
[   75.007763][ T6543] RDX: 0000000020000000 RSI: 0000200000001ac0 RDI: 0000000000000007
[   75.007773][ T6543] RBP: 00007f2b00810b39 R08: 0000000000000000 R09: 0000000000000000
[   75.007783][ T6543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.007792][ T6543] R13: 0000000000000000 R14: 00007f2b009b5fa0 R15: 00007fffcdd399d8
[   75.007806][ T6543]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[   75.227040][ T6543] nbd1: detected capacity change from 0 to 63
[   75.229894][ T6553] block nbd1: NBD_DISCONNECT
[   75.231904][ T6553] block nbd1: Disconnected due to user request.
[   75.235452][ T5826] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   75.239117][ T5826] Buffer I/O error on dev nbd1, logical block 0, async page read
[   75.242313][ T5826] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   75.245850][ T5826] Buffer I/O error on dev nbd1, logical block 1, async page read
[   75.252404][ T5826] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   75.255950][ T5826] Buffer I/O error on dev nbd1, logical block 2, async page read
[   75.259202][ T5826] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   75.262746][ T5826] Buffer I/O error on dev nbd1, logical block 3, async page read
[   75.265789][ T5826] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   75.270489][ T5826] Buffer I/O error on dev nbd1, logical block 0, async page read
[   75.273635][ T5826] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   75.277050][ T5826] Buffer I/O error on dev nbd1, logical block 1, async page read
[   75.278983][ T6553] block nbd1: shutting down sockets
[   75.280316][ T5826] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   75.285738][ T5826] Buffer I/O error on dev nbd1, logical block 2, async page read
[   75.315774][   T61] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   75.319529][   T61] Buffer I/O error on dev nbd1, logical block 3, async page read
[   75.322621][ T5826] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   75.338788][ T5826] Buffer I/O error on dev nbd1, logical block 0, async page read
[   75.341507][ T5826] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   75.349479][ T5826] Buffer I/O error on dev nbd1, logical block 1, async page read
[   75.354638][ T5826] ldm_validate_partition_table(): Disk read failed.
[   75.357308][ T5826] Dev nbd1: unable to read RDB block 0
[   75.362940][ T5826]  nbd1: unable to read partition table
[   75.383851][ T5826] ldm_validate_partition_table(): Disk read failed.
[   75.386545][ T5826] Dev nbd1: unable to read RDB block 0
[   75.404086][ T5826]  nbd1: unable to read partition table
[   75.775375][ T5863] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.844481][ T5863] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.882726][ T5863] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.943627][ T5863] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.031797][ T5863] bridge_slave_1: left allmulticast mode
[   76.038755][ T5863] bridge_slave_1: left promiscuous mode
[   76.040581][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.046427][ T5863] bridge_slave_0: left allmulticast mode
[   76.048302][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.088302][ T5863] batman_adv: batadv0: Interface deactivated: macvlan2
[   76.095625][ T5863] batman_adv: batadv0: Removing interface: macvlan2
[   76.167203][ T5863] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   76.172620][ T5863] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   76.176194][ T5863] bond0 (unregistering): Released all slaves
[   76.180705][ T5863] bond1 (unregistering): Released all slaves
[   76.230181][ T5863] tipc: Left network mode
[   76.388639][ T5863] hsr_slave_0: left promiscuous mode
[   76.390906][ T5863] hsr_slave_1: left promiscuous mode
[   76.392973][ T5863] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   76.395404][ T5863] batman_adv: batadv0: Removing interface: batadv_slave_0
[   76.398324][ T5863] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   76.403981][ T5863] batman_adv: batadv0: Removing interface: batadv_slave_1
[   76.411747][ T5863] veth1_macvtap: left promiscuous mode
[   76.414016][ T5863] veth0_macvtap: left promiscuous mode
[   76.416306][ T5863] veth1_vlan: left promiscuous mode
[   76.418436][ T5863] veth0_vlan: left promiscuous mode
[   76.523715][ T5863] team0 (unregistering): Port device team_slave_1 removed
[   76.535615][ T5863] team0 (unregistering): Port device team_slave_0 removed
[   76.875687][ T5863] IPVS: stop unused estimator thread 0...
[   76.955909][ T5863] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.002596][ T5863] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.062820][ T5863] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.106692][ T5863] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.170578][ T5863] bridge_slave_1: left allmulticast mode
[   77.180395][ T5863] bridge_slave_1: left promiscuous mode
[   77.184411][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.189843][ T5863] bridge_slave_0: left allmulticast mode
[   77.191966][ T5863] bridge_slave_0: left promiscuous mode
[   77.194237][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.256813][ T5863] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   77.260893][ T5863] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   77.264460][ T5863] bond0 (unregistering): Released all slaves
[   77.269711][ T5863] bond1 (unregistering): Released all slaves
[   77.433789][ T5863] hsr_slave_0: left promiscuous mode
[   77.435963][ T5863] hsr_slave_1: left promiscuous mode
[   77.438023][ T5863] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   77.444106][ T5863] batman_adv: batadv0: Removing interface: batadv_slave_0
[   77.447231][ T5863] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   77.450155][ T5863] batman_adv: batadv0: Removing interface: batadv_slave_1
[   77.455271][ T5863] veth1_macvtap: left promiscuous mode
[   77.457176][ T5863] veth0_macvtap: left promiscuous mode
[   77.459939][ T5863] veth1_vlan: left promiscuous mode
[   77.462016][ T5863] veth0_vlan: left promiscuous mode
[   77.561112][ T5863] team0 (unregistering): Port device team_slave_1 removed
[   77.577519][ T5863] team0 (unregistering): Port device team_slave_0 removed
[   81.290210][   T10] cfg80211: failed to load regulatory.db

VM DIAGNOSIS:
20:07:26  Registers:
info registers vcpu 0

CPU#0
RAX=1ffff92000e6fe5e RBX=0000000000000004 RCX=0000000000000001 RDX=0000000000000000
RSI=0000000000000013 RDI=ffffc9000737f2d0 RBP=ffffc9000737f4f8 RSP=ffffc9000737f228
R8 =0000000000000000 R9 =0000000000000000 R10=ffffc9000737f1d8 R11=ffffffff81ad03a0
R12=0000000000000013 R13=dffffc0000000000 R14=ffffc9000737f2d0 R15=ffffc9000737f2f0
RIP=ffffffff81ad0f72 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f7f6e65c6c0 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f7c236e56c0 CR3=0000000021442000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffff00 ffffffffffffffff
XMM02=ffffffffffffffff ffffffffffffff00 XMM03=ffffffffffffff00 ffffffffffffff00
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f7c22a11c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000074 RBX=0000000000000074 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000001335 RDI=0000000000001336 RBP=00000000000003f8 RSP=ffffc900077ce710
R8 =ffff888021630237 R9 =1ffff110042c6046 R10=dffffc0000000000 R11=ffffffff85478780
R12=dffffc0000000000 R13=ffffffff99af98d2 R14=ffffffff99dfe6e0 R15=0000000000000000
RIP=ffffffff854787fc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f2afe5f66c0 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fd55f28f1d0 CR3=00000000296cc000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=0000000000000000 0000000000000000 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f2b00811c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
