last executing test programs:

17.141358307s ago: executing program 1 (id=602):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)={0x14, 0x39, 0x73fa7e54e7639a19, 0x0, 0x4000, {0x1, 0x7c}}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x9c, r5, 0x2, 0x70bd2b, 0x25dfdbff, {}, [@ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES={0x8, 0x3, 0x900}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES={0x8, 0x3, 0xe}, @ETHTOOL_A_COALESCE_HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x8080}, 0x4000800)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000001880)={&(0x7f0000000500)=@nl=@unspec, 0x80, &(0x7f0000000580)=[{&(0x7f0000000800)=""/4096, 0x1000}, {&(0x7f0000001800)=""/120, 0x78}], 0x2}, 0x2002)
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), r3)
sendmsg$IPVS_CMD_DEL_DAEMON(r3, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000002c0)={&(0x7f0000000680)={0x14c, r6, 0x800, 0x70bd2d, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x6}, @IPVS_CMD_ATTR_SERVICE={0x4c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x32}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x81}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x8, 0x29}}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x39}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@remote}]}, @IPVS_CMD_ATTR_DAEMON={0x20, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @empty}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x80}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @empty}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x5c}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'nq\x00'}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'ovf\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_DAEMON={0x64, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'batadv_slave_1\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xffff}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0xe0}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7fff}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'vlan0\x00'}]}]}, 0x14c}, 0x1, 0x0, 0x0, 0x40}, 0x4000)
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x3, {0x0, 0xff, 0x2}}, 0x18)
sendmsg$sock(r1, &(0x7f0000000200)={&(0x7f00000005c0)=@can, 0x80, &(0x7f0000000440)=[{&(0x7f0000000640)="d70843d0d3a7d851fa", 0x9}], 0x1}, 0x4000040)
r7 = syz_genetlink_get_family_id$l2tp(&(0x7f00000003c0), r3)
r8 = socket$l2tp6(0xa, 0x2, 0x73)
sendmsg$L2TP_CMD_SESSION_CREATE(r3, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x34, r7, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@L2TP_ATTR_DATA_SEQ={0x5, 0x4, 0x10}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x2}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp6=r8}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0xd7}]}, 0x34}}, 0xc000)

17.140953955s ago: executing program 1 (id=603):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0xfd45}}, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f0000000200)=[{&(0x7f0000000240)="580000001500add427323b472545b4560a117fff0b0082001b59000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000000000000002", 0x54}, {&(0x7f00000001c0)="ee641681", 0x4}], 0x2)
write$nci(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="60800290dd"], 0x5)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7}, 0x50)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r5=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x1, 0xb, 0x100005, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r5, 0xffffffffffffffff, 0x0, 0x2}, 0x50)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r4)
r6 = socket(0x40000000015, 0x5, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3800000010003704000000000300000000000000", @ANYRES32=0x0, @ANYBLOB="8b040400000000001800128008000100767469000c00028008000300050000db00"], 0x38}}, 0x0)
bind$inet6(r6, &(0x7f0000000140)={0xa, 0xfffd, 0x0, @empty}, 0x1c)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet_int(r6, 0x0, 0x13, &(0x7f0000000280)=0x400, 0x4)
setsockopt$inet6_int(r8, 0x29, 0x33, &(0x7f0000000000)=0x7, 0x4)
recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{0x0, 0x58}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x20, 0x4, &(0x7f00000007c0)=ANY=[@ANYBLOB="180200000000000000000000fdffffff850000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@deltclass={0x24, 0x29, 0x200, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {}, {0x4, 0xfff3}, {0x10, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
r10 = socket$inet6_icmp(0xa, 0x2, 0x3a)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000080)={'lo\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x3c, 0x24, 0xd0f, 0x70bd2c, 0x0, {0x60, 0x0, 0x0, r11, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x3, 0x7ffffffd}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x1400881c)

17.058378256s ago: executing program 1 (id=605):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0xfd45}}, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)
write$nci(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="60800290dd"], 0x5)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7}, 0x50)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r6=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x13, 0xb, 0x6, 0x2000002, 0x0, 0xffffffffffffffff, 0x0, '\x00', r6, 0xffffffffffffffff, 0x0, 0x2}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000d00)={0x3, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="185000000000000000000000c5fc40ba0a11caa8708e000000009500000000000000"], &(0x7f0000000b40)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[r4]}, 0x94)
r7 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
bind$nfc_llcp(r7, &(0x7f0000001040)={0x27, 0x0, 0xffffffffffffffff, 0x5, 0x64, 0x0, "d92984bd1ca44c226af5160e961711a077609475b78411e88509de050000000000f265e3f50327e422000000000000000000000200000000001900", 0x2000000007}, 0x60)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r8, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r8, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8)
bind$inet6(r8, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r8, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x70, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r8, 0x84, 0x77, &(0x7f00000001c0)={0x0, 0xffff}, 0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000240)={<r9=>0x0, 0xfff, 0x10}, &(0x7f0000000280)=0xc)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r8, 0x84, 0xa, &(0x7f00000002c0)={0xe, 0x9, 0x9, 0x1ff, 0xfc000000, 0x768a657e, 0x401, 0x9, r9}, 0x20)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000340), 0x12)
r10 = socket(0x1e, 0x6, 0x0)
setsockopt$packet_tx_ring(r10, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)={0x8, 'macsec0\x00', {'wlan1\x00'}})
socket(0x1e, 0x4, 0x0)

16.901314727s ago: executing program 0 (id=610):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000340), r0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0)
close(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r6)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0xfffffffffffffd2b, &(0x7f0000000180)={&(0x7f0000000400)=@newqdisc={0x24, 0x24, 0x20, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x3, 0xb}, {0xd, 0xffff}, {0x0, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70b925, 0x25dfdbff, {0x0, 0x0, 0x0, r9, {}, {0xb, 0xb}, {0x9, 0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0xffffffffffffffb9, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x33a34d5a, 0x2, 0xb, 0x1, 0xffffffff, 0xffff, 0x5, 0x5, 0x2}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x2001c061}, 0x4008000)
ioctl$SIOCSIFHWADDR(r6, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000002c0)={0x0, 0x1, &(0x7f0000000000)=""/243, &(0x7f0000000100)=""/133, &(0x7f00000001c0)=""/216, 0x3000})

16.771039678s ago: executing program 0 (id=612):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$NS_GET_OWNER_UID(r0, 0xb704, &(0x7f0000000280))
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r4=>0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x24, 0x4, 0x8, 0x101, 0x0, 0x0, {0x3, 0x0, 0x8}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x800}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x88}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000805}, 0x40040)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r4], 0x1c}}, 0x0)
write$nci(r1, &(0x7f0000001800)=ANY=[@ANYBLOB="7240082b0102020681055a03997713fa06070202267a"], 0x16)
write$nci(r1, &(0x7f0000000800)=ANY=[@ANYBLOB="400204b0b8b82bb5"], 0x7)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r6 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r6, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
r7 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r7, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x3}, 0x10)
bind$tipc(r6, 0x0, 0x0)
r8 = socket$igmp6(0xa, 0x3, 0x2)
r9 = socket$kcm(0x2, 0xa, 0x2)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$TUNGETFEATURES(r10, 0x800454cf, &(0x7f0000000080))
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r8, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
ioctl$TUNSETVNETHDRSZ(r10, 0x400454d8, &(0x7f0000000200)=0xb55)
write$tun(r0, &(0x7f0000000140)={@val={0x0, 0xc}, @void, @eth={@empty, @random="8bc6002500", @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@mpls_mc={0x8848, {[], @llc={@llc={0xd4, 0x8, "d3"}}}}}}}, 0x19)

16.660131923s ago: executing program 0 (id=615):
mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000140)={'nat\x00', 0x1e010000, 0x0, 0x0, [0x4, 0x5, 0x3, 0xd783, 0x9, 0x8000], 0x2, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}], 0x0, [{}, {}]}, 0x98)

16.597322571s ago: executing program 0 (id=617):
mmap(&(0x7f0000209000/0x3000)=nil, 0x3000, 0x1000008, 0x13, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmmsg(r2, &(0x7f0000009640)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000180)="1073eedab59a32", 0x7}, {&(0x7f0000000240)="02a2f97a177137003d9b418698b97c81bf1bde7a9b76365fd7b1bbae5f5e09cb9b4432ed011564c718321c92affddb69470547b1baefcdb5445c31a7d34e0b20bddd0e2357b50d72", 0x48}, {&(0x7f00000038c0)}], 0x3}}], 0x1, 0x8810)
recvmsg$unix(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001f00)=""/4096, 0x1000}], 0x1}, 0x12060)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r3)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_link_settings={0x4d, 0x400, 0xf, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, [0xfffffffd, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x4]}})
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='cubic', 0xb)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000080)={0x5, 0x545, 0x5f9, 0x5f, 0x7fff}, 0x14)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e22, 0x0, @private1, 0x9}}, 0x0, 0x0, 0x1e, 0x0, "f1f7882eade7f9ed59dd754ed3fa9513bc8d9662eaae6a87ea17d19cced73fca9d00b370eaefb2ecab4c20fb0d62c726cc3cb83d211da63fb4007c81ad7a2edac7859b8988028702e2027b84c554f86f"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x4c, 0x0, "01deaba05ccc4fa00711be66bd584ecd190428efc9e569f4b222158b227692cebc00924f2deea371bafa061b8f2959b4b696b22e4881f40a0d8f4c2fdea78893bc2c160df3e41db4153cfd9221d01c79"}, 0xd8)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000041f1ffffffffffff080000000000630afcff000000009500000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x90)
r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r7, &(0x7f0000000200)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=@newtfilter={0x68, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xe}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x38, 0x2, [@TCA_FLOWER_INDEV={0x14, 0x2, 'ip6gre0\x00'}, @TCA_FLOWER_KEY_ETH_DST={0xa}, @TCA_FLOWER_KEY_IPV6_SRC={0x14, 0xe, @mcast1}]}}]}, 0x68}}, 0x4000)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r9, &(0x7f00000002c0), 0x40000000000009f, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6)
ioctl$IOCTL_GET_NCIDEV_IDX(r5, 0x0, &(0x7f00000000c0))
sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[], 0xfd45}}, 0x0)

16.529536678s ago: executing program 0 (id=620):
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x28, 0x1, 0x0)
socket$kcm(0x2, 0x3, 0x2)
socket$inet6_sctp(0xa, 0x1, 0x84)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000100)={0x3ff, 0x0, 0xffffffff, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

16.421010309s ago: executing program 2 (id=621):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0xfd45}}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r4, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001500add427323b472545b4560a117fff0b0082001b59000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000000000000002", 0x54}, {&(0x7f00000001c0)="ee641681", 0x4}], 0x2)
write$nci(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="60800290dd"], 0x5)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7}, 0x50)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r7=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x1, 0xb, 0x100005, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r7, 0xffffffffffffffff, 0x0, 0x2}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000d00)={0x3, 0x3, &(0x7f0000000a80)=ANY=[@ANYBLOB="185000000000000000000001000000009500000000000000"], &(0x7f0000000b40)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[r5]}, 0x94)
r8 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
r9 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
bind$nfc_llcp(r8, &(0x7f0000001040)={0x27, 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x0, "d92984bd1ca44c226af5160e961711a077609475b78411e88509de050000000000f2170e65e3f50327e422000000000000000000000200000000001900", 0x3c}, 0x60)
listen(r8, 0x0)
close(r9)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)

16.351131469s ago: executing program 2 (id=622):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$EBT_SO_SET_COUNTERS(r0, 0x11e, 0x81, &(0x7f0000000140)={'nat\x00', 0x0, 0x0, 0x0, [0x4, 0x5, 0x3, 0xd783, 0x9, 0x8000], 0x2, &(0x7f00000000c0), 0x0, [{}, {}]}, 0x98)

16.350739101s ago: executing program 2 (id=623):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000001b40)={<r1=>0x0, 0x0, 0x1, [0x7fff, 0x3, 0xaf4, 0x3, 0x5f0], [0x9, 0x0, 0x5, 0x8, 0xfb5e, 0x30000, 0x5, 0xffffffffffffffff, 0x2, 0x9, 0x7f, 0x2, 0x5, 0x0, 0xb24, 0xf2d, 0x9, 0x7, 0x1ff, 0x1000000000000, 0x9, 0x7fffffffffffffff, 0x4, 0x4, 0xe, 0x6, 0x3, 0x8000000000000000, 0xe25747e, 0x7, 0x8000000000000000, 0x10, 0x1, 0xec, 0x4, 0xff, 0xffffffffffffff80, 0x5, 0x7, 0xfffffffffffff872, 0x5, 0x6, 0x10001, 0x8, 0xffffffffffffffff, 0x3, 0x500a, 0xf6, 0x21, 0xffffffffffffff81, 0xb87, 0x9, 0x6, 0x6, 0x6, 0xffffffffffff8000, 0x1, 0x80, 0x80000000, 0x7, 0xc, 0x7, 0xffffffffffff6e46, 0x3, 0x3, 0x7ff, 0x6, 0x902, 0x2, 0x8000, 0x2, 0x3, 0x1, 0xd4, 0x3ca, 0x1, 0x4, 0x2, 0x6, 0x8000000000000000, 0x2, 0x6, 0x3, 0x9, 0x9, 0x7, 0xfffffffffffffff7, 0x6, 0x6, 0x100000000, 0xfffffffffffffffb, 0xffffffffffffff80, 0x8001, 0x7, 0x8, 0x3, 0xf9f1, 0x4, 0x0, 0x2, 0xffffffffffffffff, 0x0, 0xd, 0x0, 0xfef, 0x0, 0x2, 0x3, 0x4, 0x7, 0xe3c, 0xb6c, 0x8, 0x4, 0x7fe000000000000, 0x1, 0xbe73, 0xfffffffffffffffb, 0x0, 0x9, 0xc]})
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000b40)={<r2=>r1})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0x4008af10, &(0x7f0000000740)={r2, 0x9, 0x4})

16.291490849s ago: executing program 2 (id=624):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x30}, [@func={0x85, 0x0, 0x1, 0xd4, 0x2}, @call={0x85, 0x0, 0x0, 0x76}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r4=>0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x24, 0x4, 0x8, 0x101, 0x0, 0x0, {0x3, 0x0, 0x8}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x800}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x88}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000805}, 0x40040)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r4], 0x1c}}, 0x0)
write$nci(r1, &(0x7f0000001800)=ANY=[@ANYBLOB="7240082b0102020681055a03997713fa06070202267a"], 0x16)
sendmsg$IEEE802154_LLSEC_ADD_DEV(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x4c, 0x0, 0x852dd6c070cd7e4d, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0xffffffff}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0xff}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0x2000000}}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0xfe}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x4c}, 0x4, 0x700000000000000}, 0x0)
r6 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000002c0), r2)
sendmsg$NLBL_CALIPSO_C_REMOVE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x24, r6, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x24}}, 0x40004)
write$nci(r1, &(0x7f0000000800)=ANY=[@ANYBLOB="400204b0b8b82bb5"], 0x7)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r7 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r7, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
r8 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r8, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r8, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x3}, 0x10)
bind$tipc(r7, 0x0, 0x0)
r9 = socket$igmp6(0xa, 0x3, 0x2)
r10 = socket$kcm(0x2, 0xa, 0x2)
r11 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$TUNGETFEATURES(r11, 0x800454cf, &(0x7f0000000080))
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r9, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
ioctl$TUNSETVNETHDRSZ(r11, 0x400454d8, &(0x7f0000000200)=0xb55)
write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="2084cab2e6160330f528799906000000f9d4aaf995fb2e0000"], 0x19)

16.187591963s ago: executing program 2 (id=625):
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x3, 0x3a)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
socket$alg(0x26, 0x5, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000003c0))
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000073010a000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x34)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73, 0x85}, 0x70)

16.187397448s ago: executing program 1 (id=626):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000002c0)={0x0, 0x1, &(0x7f0000000000)=""/243, &(0x7f0000000100)=""/133, &(0x7f00000001c0)=""/216, 0x3000})

16.114995226s ago: executing program 1 (id=627):
mmap(&(0x7f0000209000/0x3000)=nil, 0x3000, 0x1000008, 0x13, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmmsg(r2, &(0x7f0000009640)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000180)="1073eedab59a32", 0x7}, {&(0x7f0000000240)="02a2f97a177137003d9b418698b97c81bf1bde7a9b76365fd7b1bbae5f5e09cb9b4432ed011564c718321c92affddb69470547b1baefcdb5445c31a7d34e0b20bddd0e2357b50d72", 0x48}, {&(0x7f00000038c0)}], 0x3}}], 0x1, 0x8810)
recvmsg$unix(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001f00)=""/4096, 0x1000}], 0x1}, 0x12060)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r3)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_link_settings={0x4d, 0x400, 0xf, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, [0xfffffffd, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x4]}})
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='cubic', 0xb)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000080)={0x5, 0x545, 0x5f9, 0x5f, 0x7fff}, 0x14)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}}, 0x0, 0x0, 0x1a, 0x0, "f1f7882eade7f9ed59dd754ed3fa9513bc8d9662eaae6a87ea17d19cced73fca9d00b370eaefb2ecab4c20fb0d62c726cc3cb83d211da63fb4007c81ad7a2edac7859b8988028702e2027b84c554f86f"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x4c, 0x0, "01deaba05ccc4fa00711be66bd584ecd190428efc9e569f4b222158b227692cebc00924f2deea371bafa061b8f2959b4b696b22e4881f40a0d8f4c2fdea78893bc2c160df3e41db4153cfd9221d01c79"}, 0xd8)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x5, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x8}, @ldst={0x3, 0x0, 0x3, 0xa, 0x0, 0xfffffffffffffffc}]}, &(0x7f0000000100)='GPL\x00'}, 0x90)
r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6)
ioctl$IOCTL_GET_NCIDEV_IDX(r5, 0x0, &(0x7f00000000c0)=<r8=>0x0)
sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r8], 0xfd45}}, 0x0)
write$nci(r5, &(0x7f0000000480)=ANY=[@ANYBLOB="7105040902020766cb440484b907eb0101f8"], 0x12)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newtaction={0x18, 0x31, 0x10b, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)
close(0x3)
connect$netrom(0xffffffffffffffff, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48)
sendmsg$qrtr(0xffffffffffffffff, 0xfffffffffffffffe, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)

16.114831974s ago: executing program 2 (id=628):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="4000000010660c4e20ad2b00d5dbdf2500000400", @ANYRES32=0x0, @ANYBLOB="40600000000000000a0001000180c200000e00001400030062726964676530000000000000000000"], 0x40}, 0x1, 0x0, 0x0, 0x14}, 0x2008004)
r1 = socket$inet6(0xa, 0x5, 0x3a)
r2 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f000000d540)={'wpan0\x00'})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x38}, [@initr0]}, 0x0}, 0x94)
r4 = socket$inet6(0xa, 0x1, 0x0)
socket$key(0xf, 0x3, 0x2)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="021e00000200"/15], 0x10}}, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x4e, 0x0, 0x0)
bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20, 0x7, @local, 0x5}, 0x1c)
sendto$inet6(r1, 0x0, 0x0, 0x200000c1, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="0303000000000000000006000000080003de", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x4)

16.053623583s ago: executing program 1 (id=629):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000e00)={@in6={{0xa, 0x3, 0x0, @local, 0x40000000}}, 0x0, 0x0, 0x48, 0x0, "e541bd3d3aa6a2bf75e9671e8abcb31c134f3a9db8f52e7300fe6e079f35ac63186c3244fc3b3801e79f15ced9fd7e55d0345bce05c13ed90158fbdeb70322ea3188f81890e3db00"}, 0xd8)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x7c2)
syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x26, 0x28, 0x4000, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r4=>0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r4], 0x1c}}, 0x0)
write$nci(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="600608fc03090105040601b8"], 0xc)
r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$IOCTL_GET_NCIDEV_IDX(r5, 0x0, &(0x7f0000000580)=<r7=>0x0)
sendmsg$NFC_CMD_SE_IO(r6, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000005c0)={0x28, 0x0, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_SE_APDU={0x4}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f0000000040)=<r8=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000001c0)=<r9=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000340)=<r10=>0x0)
sendmsg$NFC_CMD_DISABLE_SE(r6, &(0x7f0000000480)={&(0x7f0000000300), 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x1c, r3, 0x309, 0x70bd26, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r10}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4894}, 0x40041)
sendmsg$NFC_CMD_DISABLE_SE(r2, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xa42200c}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x4c, 0x0, 0x101, 0x70bd29, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r8}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r9}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4045}, 0x40010)

15.641050833s ago: executing program 0 (id=630):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)=@newtaction={0x48, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0x34, 0x1, [@m_ctinfo={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}}, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x3, 0x3a)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
pipe(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
read(r1, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socket$alg(0x26, 0x5, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000003c0))
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000073010a000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xfd, 0xfd, 0xa, [@func={0x9, 0x0, 0x0, 0xc, 0x1}, @datasec={0x5, 0xa, 0x0, 0xf, 0x1, [{0x1, 0x627de2c3, 0x6}, {0x4, 0x4, 0x4}, {0x1, 0x2, 0x2}, {0x3, 0x4, 0x10001}, {0x3, 0x4, 0xe}, {0x2, 0xff, 0x4}, {0x5, 0x2, 0x4}, {0x3, 0x6, 0x3}, {0x2, 0xfffff000, 0x111c}, {0x4, 0x7, 0x7ff}], "fe"}, @union={0x5, 0x4, 0x0, 0x5, 0x0, 0x81, [{0xf, 0x0, 0x2}, {0x1, 0x1, 0x3}, {0xc, 0x5, 0xf}, {0xf, 0x0, 0x7fff}]}, @enum={0x1, 0x3, 0x0, 0x6, 0x4, [{0xf, 0x4}, {0x9, 0x4}, {0x3, 0xe}]}, @fwd={0x6}]}, {0x0, [0x30, 0x0, 0x5f, 0x5f, 0x5f, 0x30, 0x2e, 0x5f]}}, &(0x7f0000000040)=""/19, 0x122, 0x13, 0x0, 0xc22c, 0x10000, @value=r2}, 0x28)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r3}, 0x8)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1}, 0x50)

1.036914764s ago: executing program 32 (id=629):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000e00)={@in6={{0xa, 0x3, 0x0, @local, 0x40000000}}, 0x0, 0x0, 0x48, 0x0, "e541bd3d3aa6a2bf75e9671e8abcb31c134f3a9db8f52e7300fe6e079f35ac63186c3244fc3b3801e79f15ced9fd7e55d0345bce05c13ed90158fbdeb70322ea3188f81890e3db00"}, 0xd8)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x7c2)
syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x26, 0x28, 0x4000, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r4=>0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r4], 0x1c}}, 0x0)
write$nci(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="600608fc03090105040601b8"], 0xc)
r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$IOCTL_GET_NCIDEV_IDX(r5, 0x0, &(0x7f0000000580)=<r7=>0x0)
sendmsg$NFC_CMD_SE_IO(r6, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000005c0)={0x28, 0x0, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_SE_APDU={0x4}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f0000000040)=<r8=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000001c0)=<r9=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000340)=<r10=>0x0)
sendmsg$NFC_CMD_DISABLE_SE(r6, &(0x7f0000000480)={&(0x7f0000000300), 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x1c, r3, 0x309, 0x70bd26, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r10}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4894}, 0x40041)
sendmsg$NFC_CMD_DISABLE_SE(r2, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xa42200c}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x4c, 0x0, 0x101, 0x70bd29, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r8}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r9}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4045}, 0x40010)

990.457042ms ago: executing program 33 (id=628):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="4000000010660c4e20ad2b00d5dbdf2500000400", @ANYRES32=0x0, @ANYBLOB="40600000000000000a0001000180c200000e00001400030062726964676530000000000000000000"], 0x40}, 0x1, 0x0, 0x0, 0x14}, 0x2008004)
r1 = socket$inet6(0xa, 0x5, 0x3a)
r2 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f000000d540)={'wpan0\x00'})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x38}, [@initr0]}, 0x0}, 0x94)
r4 = socket$inet6(0xa, 0x1, 0x0)
socket$key(0xf, 0x3, 0x2)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="021e00000200"/15], 0x10}}, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x4e, 0x0, 0x0)
bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20, 0x7, @local, 0x5}, 0x1c)
sendto$inet6(r1, 0x0, 0x0, 0x200000c1, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="0303000000000000000006000000080003de", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x4)

0s ago: executing program 34 (id=630):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)=@newtaction={0x48, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0x34, 0x1, [@m_ctinfo={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}}, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x3, 0x3a)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
pipe(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
read(r1, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socket$alg(0x26, 0x5, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000003c0))
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000073010a000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xfd, 0xfd, 0xa, [@func={0x9, 0x0, 0x0, 0xc, 0x1}, @datasec={0x5, 0xa, 0x0, 0xf, 0x1, [{0x1, 0x627de2c3, 0x6}, {0x4, 0x4, 0x4}, {0x1, 0x2, 0x2}, {0x3, 0x4, 0x10001}, {0x3, 0x4, 0xe}, {0x2, 0xff, 0x4}, {0x5, 0x2, 0x4}, {0x3, 0x6, 0x3}, {0x2, 0xfffff000, 0x111c}, {0x4, 0x7, 0x7ff}], "fe"}, @union={0x5, 0x4, 0x0, 0x5, 0x0, 0x81, [{0xf, 0x0, 0x2}, {0x1, 0x1, 0x3}, {0xc, 0x5, 0xf}, {0xf, 0x0, 0x7fff}]}, @enum={0x1, 0x3, 0x0, 0x6, 0x4, [{0xf, 0x4}, {0x9, 0x4}, {0x3, 0xe}]}, @fwd={0x6}]}, {0x0, [0x30, 0x0, 0x5f, 0x5f, 0x5f, 0x30, 0x2e, 0x5f]}}, &(0x7f0000000040)=""/19, 0x122, 0x13, 0x0, 0xc22c, 0x10000, @value=r2}, 0x28)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r3}, 0x8)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1}, 0x50)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:32713' (ED25519) to the list of known hosts.
syzkaller login: [   48.517710][ T5839] cgroup: Unknown subsys name 'net'
[   48.608437][ T5839] cgroup: Unknown subsys name 'cpuset'
[   48.612700][ T5839] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.033093][ T5839] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   54.110517][ T5239] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   54.114166][ T5239] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   54.117048][ T5239] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   54.120295][ T5239] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   54.123190][ T5239] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   54.145849][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   54.150537][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   54.153818][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   54.157829][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   54.163899][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   54.204807][ T5239] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   54.208028][ T5239] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   54.210765][ T5239] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   54.213652][ T5239] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   54.217063][ T5239] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   54.459847][ T5847] chnl_net:caif_netlink_parms(): no params data found
[   54.502477][ T5851] chnl_net:caif_netlink_parms(): no params data found
[   54.515264][ T5854] chnl_net:caif_netlink_parms(): no params data found
[   54.584723][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.588406][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.591578][ T5847] bridge_slave_0: entered allmulticast mode
[   54.596460][ T5847] bridge_slave_0: entered promiscuous mode
[   54.620253][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.622561][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.625095][ T5847] bridge_slave_1: entered allmulticast mode
[   54.628282][ T5847] bridge_slave_1: entered promiscuous mode
[   54.670981][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.673325][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.675790][ T5851] bridge_slave_0: entered allmulticast mode
[   54.678477][ T5851] bridge_slave_0: entered promiscuous mode
[   54.681394][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.683824][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.687391][ T5854] bridge_slave_0: entered allmulticast mode
[   54.690060][ T5854] bridge_slave_0: entered promiscuous mode
[   54.701780][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.705487][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.707797][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.710203][ T5851] bridge_slave_1: entered allmulticast mode
[   54.712903][ T5851] bridge_slave_1: entered promiscuous mode
[   54.723000][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.725869][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.728360][ T5854] bridge_slave_1: entered allmulticast mode
[   54.731068][ T5854] bridge_slave_1: entered promiscuous mode
[   54.734808][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.776339][ T5847] team0: Port device team_slave_0 added
[   54.780113][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.784654][ T5847] team0: Port device team_slave_1 added
[   54.797801][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.802498][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.807203][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.849075][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.851424][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.861255][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.867975][ T5851] team0: Port device team_slave_0 added
[   54.877966][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.880231][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.889370][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.893841][ T5851] team0: Port device team_slave_1 added
[   54.904418][ T5854] team0: Port device team_slave_0 added
[   54.921216][ T5854] team0: Port device team_slave_1 added
[   54.944843][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.948124][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.957338][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.962036][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.964373][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.974826][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.990719][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.993642][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.004652][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.010724][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.013325][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.023428][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.044091][ T5847] hsr_slave_0: entered promiscuous mode
[   55.048805][ T5847] hsr_slave_1: entered promiscuous mode
[   55.111655][ T5854] hsr_slave_0: entered promiscuous mode
[   55.114752][ T5854] hsr_slave_1: entered promiscuous mode
[   55.118045][ T5854] debugfs: 'hsr0' already exists in 'hsr'
[   55.120006][ T5854] Cannot create hsr debugfs directory
[   55.129391][ T5851] hsr_slave_0: entered promiscuous mode
[   55.132336][ T5851] hsr_slave_1: entered promiscuous mode
[   55.134693][ T5851] debugfs: 'hsr0' already exists in 'hsr'
[   55.137347][ T5851] Cannot create hsr debugfs directory
[   55.430827][ T5847] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   55.441408][ T5847] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   55.447774][ T5847] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   55.462462][ T5847] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   55.501203][ T5854] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   55.511800][ T5854] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   55.529399][ T5854] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   55.548610][ T5854] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   55.566564][ T5851] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   55.571869][ T5851] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   55.578894][ T5851] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   55.588591][ T5851] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   55.656528][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.682744][ T5847] 8021q: adding VLAN 0 to HW filter on device team0
[   55.698305][   T32] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.700737][   T32] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.715039][   T32] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.718276][   T32] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.729446][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.750115][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[   55.758881][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.771312][   T51] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.773779][   T51] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.778235][   T51] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.780678][   T51] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.809587][ T5851] 8021q: adding VLAN 0 to HW filter on device team0
[   55.832620][   T51] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.835791][   T51] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.854876][   T51] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.857586][   T51] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.871742][ T5854] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   56.002073][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.041024][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.097495][ T5847] veth0_vlan: entered promiscuous mode
[   56.102816][ T5854] veth0_vlan: entered promiscuous mode
[   56.112201][ T5847] veth1_vlan: entered promiscuous mode
[   56.130446][ T5854] veth1_vlan: entered promiscuous mode
[   56.159520][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.169723][ T5847] veth0_macvtap: entered promiscuous mode
[   56.179484][ T5847] veth1_macvtap: entered promiscuous mode
[   56.186078][ T5239] Bluetooth: hci1: command tx timeout
[   56.186217][   T54] Bluetooth: hci0: command tx timeout
[   56.203822][ T5854] veth0_macvtap: entered promiscuous mode
[   56.210394][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.221253][ T5854] veth1_macvtap: entered promiscuous mode
[   56.229428][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.247610][ T5851] veth0_vlan: entered promiscuous mode
[   56.254007][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.258620][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.266506][   T54] Bluetooth: hci2: command tx timeout
[   56.268512][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.271150][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.277664][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.287295][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.291747][ T5851] veth1_vlan: entered promiscuous mode
[   56.316405][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.320211][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.339779][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.342870][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.355105][ T5851] veth0_macvtap: entered promiscuous mode
[   56.374320][ T5851] veth1_macvtap: entered promiscuous mode
[   56.375830][ T3582] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.379193][ T3582] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.411693][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.423686][ T3582] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.424409][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.431009][ T3582] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.449285][ T5857] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.452418][ T5857] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.467360][ T5857] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.486449][ T5857] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.491619][ T5847] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   56.499735][   T32] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.503786][   T32] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.535720][ T3582] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.538324][ T3582] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.576329][ T3582] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.578978][ T3582] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.611425][ T5912] syzkaller1: entered promiscuous mode
[   56.613356][ T5912] syzkaller1: entered allmulticast mode
[   56.628448][   T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.637993][   T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.910202][ T5925] syz.0.5 uses obsolete (PF_INET,SOCK_PACKET)
[   57.930154][ T5966] netlink: 'syz.0.13': attribute type 1 has an invalid length.
[   58.265426][   T54] Bluetooth: hci1: command tx timeout
[   58.275356][   T54] Bluetooth: hci0: command tx timeout
[   58.355827][   T54] Bluetooth: hci2: command tx timeout
[   58.799787][ T5992] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   58.942679][ T5999] netlink: 40 bytes leftover after parsing attributes in process `syz.2.21'.
[   58.944580][ T6005] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[   58.948213][ T5999] netlink: 1 bytes leftover after parsing attributes in process `syz.2.21'.
[   58.957265][ T5999] netlink: 4 bytes leftover after parsing attributes in process `syz.2.21'.
[   58.966235][ T5999] netlink: 40 bytes leftover after parsing attributes in process `syz.2.21'.
[   59.014788][ T6015] netlink: 48 bytes leftover after parsing attributes in process `syz.0.24'.
[   59.050114][ T6017] IPVS: length: 68 != 8
[   59.883479][ T6043] netlink: 'syz.0.30': attribute type 7 has an invalid length.
[   59.887112][ T6043] netlink: 'syz.0.30': attribute type 8 has an invalid length.
[   59.889765][ T6043] netlink: 'syz.0.30': attribute type 15 has an invalid length.
[   60.146181][ T6056] netlink: 'syz.2.33': attribute type 4 has an invalid length.
[   60.345337][ T5239] Bluetooth: hci1: command tx timeout
[   60.347770][   T54] Bluetooth: hci0: command tx timeout
[   60.425738][   T54] Bluetooth: hci2: command tx timeout
[   61.152617][ T6085] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   61.721144][ T6116] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   61.831873][ T6122] vcan0: tx drop: invalid sa for name 0x0000000000000003
[   62.220902][ T6163] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   62.228643][ T6171] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   62.425299][   T54] Bluetooth: hci0: command tx timeout
[   62.425395][ T5239] Bluetooth: hci1: command tx timeout
[   62.506803][ T5239] Bluetooth: hci2: command tx timeout
[   62.829193][ T6226] netlink: 36 bytes leftover after parsing attributes in process `syz.2.65'.
[   63.601676][ T6252] Bluetooth: MGMT ver 1.23
[   63.626680][ T6224] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   63.748145][ T6259] netlink: 8 bytes leftover after parsing attributes in process `syz.2.72'.
[   64.011162][ T6297] netlink: 4 bytes leftover after parsing attributes in process `syz.2.81'.
[   64.624533][ T5857] nci: nci_ntf_packet: unknown ntf opcode 0x127
[   65.426504][ T6345] netlink: 8 bytes leftover after parsing attributes in process `syz.2.88'.
[   65.469501][ T6358] netlink: 12 bytes leftover after parsing attributes in process `syz.1.91'.
[   65.480593][ T5875] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   65.484463][ T6358] netlink: 12 bytes leftover after parsing attributes in process `syz.1.91'.
[   65.484723][ T5875] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   65.492529][ T5875] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   65.499150][ T6358] Zero length message leads to an empty skb
[   65.503256][ T5875] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   66.679630][ T6410] syzkaller1: entered promiscuous mode
[   66.681476][ T6410] syzkaller1: entered allmulticast mode
[   66.786739][ T6415] netlink: 28 bytes leftover after parsing attributes in process `syz.1.108'.
[   66.908578][ T6417] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0
[   67.816112][ T6444] netlink: 8 bytes leftover after parsing attributes in process `syz.2.114'.
[   68.852700][ T6494] vcan0: tx drop: invalid sa for name 0x0000000000000003
[   68.892375][ T6502] netlink: 40 bytes leftover after parsing attributes in process `syz.0.128'.
[   68.907549][ T6502] netlink: 4 bytes leftover after parsing attributes in process `syz.0.128'.
[   68.919574][ T6502] batman_adv: batadv0: Adding interface: ipvlan2
[   68.921907][ T6502] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.930767][ T6502] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.934506][ T6502] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.938774][ T6502] batman_adv: batadv0: Not using interface ipvlan2 (retrying later): interface not active
[   69.971624][ T6554] netlink: 8 bytes leftover after parsing attributes in process `syz.1.134'.
[   69.976304][ T6551] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_rx_wq": -EINTR
[   70.163360][ T6574] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_tx_wq": -EINTR
[   70.911167][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[   70.918582][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[   71.031217][ T6595] netlink: 20 bytes leftover after parsing attributes in process `syz.1.143'.
[   71.264352][ T6630] vcan0: tx drop: invalid sa for name 0x0000000000000003
[   71.411350][ T6643] netlink: 4 bytes leftover after parsing attributes in process `syz.2.152'.
[   71.419796][ T6643] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   72.118852][ T6682] bridge_slave_0: left allmulticast mode
[   72.121357][ T6682] bridge_slave_0: left promiscuous mode
[   72.124684][ T6682] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.152017][ T6682] bridge_slave_1: left allmulticast mode
[   72.157739][ T6682] bridge_slave_1: left promiscuous mode
[   72.160229][ T6682] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.173601][ T6682] bond0: (slave bond_slave_0): Releasing backup interface
[   72.186933][ T6682] bond0: (slave bond_slave_1): Releasing backup interface
[   72.202939][ T6682] team0: Port device team_slave_0 removed
[   72.208446][ T6682] team0: Port device team_slave_1 removed
[   72.210857][ T6682] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   72.213388][ T6682] batman_adv: batadv0: Removing interface: batadv_slave_0
[   72.218862][ T6682] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   72.221775][ T6682] batman_adv: batadv0: Removing interface: batadv_slave_1
[   72.237745][ T6682] syz.1.157 (6682) used greatest stack depth: 19896 bytes left
[   72.340316][ T6701] syzkaller1: entered promiscuous mode
[   72.342311][ T6701] syzkaller1: entered allmulticast mode
[   72.466572][ T6706] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   72.466885][ T6710] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_tx_wq": -EINTR
[   72.910152][ T6747] vcan0: tx drop: invalid sa for name 0x0000000000000003
[   73.328199][ T6805] netlink: 32 bytes leftover after parsing attributes in process `syz.2.180'.
[   73.333541][ T6805] netlink: 'syz.2.180': attribute type 10 has an invalid length.
[   73.339350][ T6805] netlink: 20 bytes leftover after parsing attributes in process `syz.2.180'.
[   73.359339][ T6781] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   74.173925][ T6833] bond0: Unable to set up delay as MII monitoring is disabled
[   74.307547][ T6851] netlink: 60 bytes leftover after parsing attributes in process `syz.2.189'.
[   74.310899][ T6851] netlink: 'syz.2.189': attribute type 1 has an invalid length.
[   74.313613][ T6851] netlink: 'syz.2.189': attribute type 11 has an invalid length.
[   74.318589][ T6851] netlink: 224 bytes leftover after parsing attributes in process `syz.2.189'.
[   74.767832][ T6876] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   75.078139][ T6930] netlink: 8 bytes leftover after parsing attributes in process `syz.1.203'.
[   75.081194][ T6930] netlink: 'syz.1.203': attribute type 5 has an invalid length.
[   75.094383][ T6930] netlink: 4 bytes leftover after parsing attributes in process `syz.1.203'.
[   75.166504][ T6942] netlink: 12 bytes leftover after parsing attributes in process `syz.0.204'.
[   75.910420][ T6954] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[   77.165579][ T7028] netlink: 'syz.0.220': attribute type 1 has an invalid length.
[   77.482403][ T7068] netlink: 24 bytes leftover after parsing attributes in process `syz.1.229'.
[   77.669469][ T7094] netlink: 28 bytes leftover after parsing attributes in process `syz.0.233'.
[   77.673538][ T7094] netlink: 12 bytes leftover after parsing attributes in process `syz.0.233'.
[   78.374497][ T7105] netlink: 8 bytes leftover after parsing attributes in process `syz.1.234'.
[   79.258526][ T7126] vcan0: tx drop: invalid sa for name 0x0000000000000003
[   79.261711][ T7120] vcan0: tx drop: invalid sa for name 0x0000000000000003
[   79.312888][ T7136] syzkaller1: entered promiscuous mode
[   79.314847][ T7136] syzkaller1: entered allmulticast mode
[   79.349915][ T7140] netlink: 8 bytes leftover after parsing attributes in process `syz.0.245'.
[   79.353006][ T7140] netlink: 12 bytes leftover after parsing attributes in process `syz.0.245'.
[   79.362281][ T7140] netlink: 3 bytes leftover after parsing attributes in process `syz.0.245'.
[   79.372322][ T7140] batadv1: entered promiscuous mode
[   79.374569][ T7140] batadv1: entered allmulticast mode
[   79.549104][ T7146] syzkaller0: entered promiscuous mode
[   79.550928][ T7146] syzkaller0: entered allmulticast mode
[   79.727371][ T7169] netlink: 'syz.0.250': attribute type 10 has an invalid length.
[   79.782171][ T7170] netlink: 'syz.0.250': attribute type 10 has an invalid length.
[   80.392466][ T7169] 8021q: adding VLAN 0 to HW filter on device batadv0
[   80.396000][ T7169] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   80.398931][ T7170] batadv0: entered promiscuous mode
[   80.400669][ T7170] batadv0: entered allmulticast mode
[   80.417833][ T7170] bond0: (slave batadv0): Releasing backup interface
[   80.421498][ T7170] bridge0: port 3(batadv0) entered blocking state
[   80.424259][ T7170] bridge0: port 3(batadv0) entered disabled state
[   80.487030][ T7176] warning: `syz.1.254' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   80.617206][ T5857] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[   80.620917][ T5857] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[   80.718239][ T7199] __nla_validate_parse: 1 callbacks suppressed
[   80.718249][ T7199] netlink: 16 bytes leftover after parsing attributes in process `syz.1.260'.
[   80.795987][ T7209] vcan0: tx drop: invalid sa for name 0x0000000000000003
[   80.937261][ T7227] xt_l2tp: missing protocol rule (udp|l2tpip)
[   80.942379][ T7227] netlink: 28 bytes leftover after parsing attributes in process `syz.2.265'.
[   81.168042][   T10] cfg80211: failed to load regulatory.db
[   81.465276][   T54] Bluetooth: hci2: command 0x0405 tx timeout
[   81.663806][ T7213] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   81.666975][ T7213] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[   81.674760][ T7213] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   81.677817][ T7213] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[   81.683015][ T7213] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   81.685965][ T7213] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[   81.925643][   T10] IPVS: starting estimator thread 0...
[   82.012217][ T7293] netlink: 4 bytes leftover after parsing attributes in process `syz.2.275'.
[   82.025515][ T7279] IPVS: using max 79 ests per chain, 189600 per kthread
[   82.042145][ T7293] syzkaller0: entered promiscuous mode
[   82.044031][ T7293] syzkaller0: entered allmulticast mode
[   82.049656][ T7293] netlink: 4 bytes leftover after parsing attributes in process `syz.2.275'.
[   82.314050][ T7327] Unsupported ieee802154 address type: 0
[   82.982761][ T7386] block nbd0: Unsupported socket: shutdown callout must be supported.
[   83.224723][ T7416] tipc: MTU too low for tipc bearer
[   83.253852][ T7423] netlink: 24 bytes leftover after parsing attributes in process `syz.0.300'.
[   83.263417][ T7424] netlink: 24 bytes leftover after parsing attributes in process `syz.0.300'.
[   83.392802][ T7433] : entered promiscuous mode
[   83.414653][ T7451] block nbd0: Unsupported socket: shutdown callout must be supported.
[   83.846724][ T7506] macsec1: entered promiscuous mode
[   83.849056][ T7506] macsec0: entered promiscuous mode
[   83.851664][ T7506] macsec1: entered allmulticast mode
[   83.854031][ T7506] macsec0: entered allmulticast mode
[   83.857193][ T7506] veth1_macvtap: entered allmulticast mode
[   84.039234][ T7512] netlink: 'syz.2.318': attribute type 13 has an invalid length.
[   84.705305][ T7549] netlink: 28 bytes leftover after parsing attributes in process `syz.0.325'.
[   85.616009][ T7609] workqueue: Failed to create a rescuer kthread for wq "nfc11_nci_tx_wq": -EINTR
[   85.771145][ T7642] team0: Device lo is loopback device. Loopback devices can't be added as a team port
[   85.783293][ T7642] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   85.813430][ T7642] netlink: 28 bytes leftover after parsing attributes in process `syz.1.337'.
[   85.822700][ T7642] netlink: 'syz.1.337': attribute type 7 has an invalid length.
[   85.827400][ T7642] netlink: 'syz.1.337': attribute type 8 has an invalid length.
[   85.830813][ T7642] netlink: 4 bytes leftover after parsing attributes in process `syz.1.337'.
[   86.183901][ T7692] netlink: 8 bytes leftover after parsing attributes in process `syz.2.345'.
[   86.319470][ T7707] netlink: 12 bytes leftover after parsing attributes in process `syz.2.348'.
[   86.582146][ T7735] dvmrp1: tun_chr_ioctl cmd 1074025677
[   86.584147][ T7735] dvmrp1: linktype set to 773
[   86.667303][ T7743] netlink: 8 bytes leftover after parsing attributes in process `syz.2.356'.
[   87.024389][ T7783] netlink: 12 bytes leftover after parsing attributes in process `syz.0.365'.
[   87.570173][ T7792] netlink: 8 bytes leftover after parsing attributes in process `syz.2.367'.
[   87.573572][ T7792] netlink: 16 bytes leftover after parsing attributes in process `syz.2.367'.
[   87.577217][ T7792] netlink: 540 bytes leftover after parsing attributes in process `syz.2.367'.
[   87.618952][ T7800] netlink: 'syz.2.368': attribute type 11 has an invalid length.
[   87.744936][ T7812] netlink: 32 bytes leftover after parsing attributes in process `syz.2.371'.
[   87.754790][ T7813] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_tx_wq": -EINTR
[   88.168084][ T7863] syz.0.382 uses old SIOCAX25GETINFO
[   88.174921][ T5910] IPVS: starting estimator thread 0...
[   88.180235][ T7863] IPVS: ovf: FWM 3 0x00000003 - no destination available
[   88.183569][    C0] IPVS: ovf: FWM 3 0x00000003 - no destination available
[   88.190915][ T7863] vcan0: tx drop: invalid sa for name 0x0000000000000003
[   88.194684][ T7863] netlink: 'syz.0.382': attribute type 15 has an invalid length.
[   88.266171][ T7864] IPVS: using max 79 ests per chain, 189600 per kthread
[   88.289612][ T7879] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[   89.212591][ T7985] bridge0: entered allmulticast mode
[   89.219213][ T7985] pim6reg: entered allmulticast mode
[   90.083436][ T8092] netlink: 'syz.1.434': attribute type 16 has an invalid length.
[   90.286869][ T8113] IPVS: set_ctl: invalid protocol: 135 127.0.0.1:20002
[   90.389387][ T8128] block nbd0: Unsupported socket: shutdown callout must be supported.
[   90.689222][ T8172] bridge0: port 1(syz_tun) entered blocking state
[   90.691894][ T8172] bridge0: port 1(syz_tun) entered disabled state
[   90.696529][ T8172] syz_tun: entered allmulticast mode
[   90.699353][ T8172] syz_tun: entered promiscuous mode
[   90.702715][ T8172] bridge0: port 1(syz_tun) entered blocking state
[   90.705053][ T8172] bridge0: port 1(syz_tun) entered forwarding state
[   90.837802][ T8185] __nla_validate_parse: 8 callbacks suppressed
[   90.837812][ T8185] netlink: 12 bytes leftover after parsing attributes in process `syz.2.452'.
[   90.847166][ T8185] netlink: 24 bytes leftover after parsing attributes in process `syz.2.452'.
[   90.871863][ T8188] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check.
[   91.228571][ T8228] syzkaller1: entered promiscuous mode
[   91.230419][ T8228] syzkaller1: entered allmulticast mode
[   91.233292][ T8228] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 324
[   91.590741][ T8253] netlink: 'syz.1.468': attribute type 4 has an invalid length.
[   91.622146][ T8243] netlink: 'syz.1.468': attribute type 4 has an invalid length.
[   91.940222][ T8269] netlink: 'syz.0.473': attribute type 11 has an invalid length.
[   92.007908][ T8271] netlink: 'syz.0.474': attribute type 1 has an invalid length.
[   92.010533][ T8271] netlink: 4 bytes leftover after parsing attributes in process `syz.0.474'.
[   92.205102][ T8296] netlink: 12 bytes leftover after parsing attributes in process `syz.1.479'.
[   92.225424][ T8296] netlink: 36 bytes leftover after parsing attributes in process `syz.1.479'.
[   92.238808][ T8303] netlink: 28 bytes leftover after parsing attributes in process `syz.0.481'.
[   92.301689][ T8314] netlink: 32 bytes leftover after parsing attributes in process `syz.0.481'.
[   92.316695][ T8303] netlink: 34 bytes leftover after parsing attributes in process `syz.0.481'.
[   92.496858][ T8335] netlink: 12 bytes leftover after parsing attributes in process `syz.1.485'.
[   92.532139][ T8330] netlink: 16 bytes leftover after parsing attributes in process `syz.2.484'.
[   92.713107][ T8350] block nbd0: Unsupported socket: shutdown callout must be supported.
[   92.811847][ T8369] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[   92.870061][ T8377] nbd: must specify at least one socket
[   92.944180][ T8390] netlink: 'syz.1.495': attribute type 29 has an invalid length.
[   92.948050][ T8390] netlink: 'syz.1.495': attribute type 29 has an invalid length.
[   92.953468][ T8390] unsupported nla_type 58
[   93.266628][ T8414] block nbd0: Unsupported socket: shutdown callout must be supported.
[   95.285437][ T8559] geneve2: entered promiscuous mode
[   95.287265][ T8559] geneve2: entered allmulticast mode
[   95.908978][ T8636] netlink: 'syz.2.554': attribute type 2 has an invalid length.
[   96.398208][ T8660] __nla_validate_parse: 72 callbacks suppressed
[   96.398224][ T8660] netlink: 8 bytes leftover after parsing attributes in process `syz.0.559'.
[   96.482589][ T8670] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[   96.617318][ T8680] netlink: 'syz.1.564': attribute type 5 has an invalid length.
[   96.628821][ T8683] netlink: 8 bytes leftover after parsing attributes in process `syz.0.565'.
[   96.754228][ T8699] netlink: 8 bytes leftover after parsing attributes in process `syz.1.569'.
[   96.809036][ T8705] netlink: 'syz.1.570': attribute type 1 has an invalid length.
[   97.336902][ T8733] dvmrp1: tun_chr_ioctl cmd 1074025677
[   97.338940][ T8733] dvmrp1: linktype set to 773
[   97.680890][ T8752] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[   97.737793][ T8761] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_cmd_wq": -EINTR
[   97.796561][ T5857] nci: nci_ntf_packet: unsupported ntf opcode 0xf3d
[   98.518820][ T8768] netlink: 1041 bytes leftover after parsing attributes in process `syz.2.583'.
[   98.719706][ T8805] netlink: 20 bytes leftover after parsing attributes in process `syz.0.590'.
[   98.782291][ T8794] infiniband syz1: set down
[   98.784688][ T8794] infiniband syz1: added ipvlan0
[   98.827593][ T8794] RDS/IB: syz1: added
[   98.829459][ T8794] smc: adding ib device syz1 with port count 1
[   98.831795][ T8794] smc:    ib device syz1 port 1 has pnetid 
[   99.365052][ T8818] netlink: 136 bytes leftover after parsing attributes in process `syz.0.592'.
[   99.468592][ T8834] netlink: 16 bytes leftover after parsing attributes in process `syz.0.595'.
[   99.510566][ T8839] block nbd0: Unsupported socket: shutdown callout must be supported.
[   99.522213][ T8843] syzkaller0: entered promiscuous mode
[   99.524391][ T8843] syzkaller0: entered allmulticast mode
[   99.528608][ T8843] netlink: 28 bytes leftover after parsing attributes in process `syz.2.597'.
[   99.532058][ T8843] netlink: 8 bytes leftover after parsing attributes in process `syz.2.597'.
[   99.700647][ T8865] netlink: 16 bytes leftover after parsing attributes in process `syz.1.601'.
[   99.769832][ T8877] vcan0: tx drop: invalid sa for name 0x0000000000000003
[  100.018680][ T8912] tipc: Started in network mode
[  100.020571][ T8912] tipc: Node identity 2284801c9b5, cluster identity 4711
[  100.024298][ T8912] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  100.039277][ T8912] syzkaller0: entered promiscuous mode
[  100.041530][ T8912] syzkaller0: entered allmulticast mode
[  100.052579][ T8912] tipc: Resetting bearer <eth:syzkaller0>
[  100.061399][ T8911] tipc: Resetting bearer <eth:syzkaller0>
[  100.071274][ T8917] netlink: 'syz.2.611': attribute type 10 has an invalid length.
[  100.071471][ T8911] tipc: Disabling bearer <eth:syzkaller0>
[  100.088793][ T8917] team0: Port device dummy0 added
[  100.091830][ T8917] netlink: 'syz.2.611': attribute type 10 has an invalid length.
[  100.095020][ T8917] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  100.101791][ T8917] team0: Failed to send options change via netlink (err -105)
[  100.104439][ T8917] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  100.108033][ T8917] team0: Port device dummy0 removed
[  100.112525][ T8917] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  132.349643][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  193.789584][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  253.307174][   T34] INFO: task kworker/0:1:10 blocked for more than 143 seconds.
[  253.310462][   T34]       Not tainted syzkaller #0
SYZFAIL: failed to recv rpc
[  253.314126][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  253.320699][   T34] task:kworker/0:1     state:D stack:25416 pid:10    tgid:10    ppid:2      task_flags:0x4208060 flags:0x00004000
[  253.335246][   T34] Workqueue: events rfkill_sync_work
[  253.337271][   T34] Call Trace:
[  253.338436][   T34]  <TASK>
[  253.339459][   T34]  __schedule+0x1798/0x4cc0
[  253.340990][   T34]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  253.342790][   T34]  ? __pfx___schedule+0x10/0x10
[  253.344551][   T34]  ? schedule+0x91/0x360
[  253.355764][   T34]  schedule+0x165/0x360
[  253.357200][   T34]  schedule_preempt_disabled+0x13/0x30
[  253.359038][   T34]  __mutex_lock+0x7e6/0x1350
[  253.361498][   T34]  ? __mutex_lock+0x5bb/0x1350
[  253.363501][   T34]  ? nfc_rfkill_set_block+0x50/0x2e0
[  253.366001][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  253.368021][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.370191][   T34]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  253.372595][   T34]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  253.375651][   T34]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  253.377938][   T34]  nfc_rfkill_set_block+0x50/0x2e0
[  253.380002][   T34]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  253.382323][   T34]  rfkill_set_block+0x1d2/0x440
[  253.384325][   T34]  rfkill_sync_work+0x114/0x200
[  253.386732][   T34]  ? process_scheduled_works+0x9ef/0x17b0
[  253.389005][   T34]  process_scheduled_works+0xae1/0x17b0
[  253.391255][   T34]  ? __pfx_process_scheduled_works+0x10/0x10
[  253.393700][   T34]  worker_thread+0x8a0/0xda0
[  253.395895][   T34]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  253.398462][   T34]  ? __kthread_parkme+0x7b/0x200
[  253.400469][   T34]  kthread+0x711/0x8a0
[  253.402181][   T34]  ? __pfx_worker_thread+0x10/0x10
[  253.404266][   T34]  ? __pfx_kthread+0x10/0x10
[  253.406267][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  253.408429][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.410550][   T34]  ? __pfx_kthread+0x10/0x10
[  253.412429][   T34]  ret_from_fork+0x439/0x7d0
[  253.414324][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  253.416541][   T34]  ? __switch_to_asm+0x39/0x70
[  253.418449][   T34]  ? __switch_to_asm+0x33/0x70
[  253.420391][   T34]  ? __pfx_kthread+0x10/0x10
[  253.422270][   T34]  ret_from_fork_asm+0x1a/0x30
[  253.424266][   T34]  </TASK>
[  253.425726][   T34] INFO: task kworker/0:2:791 blocked for more than 143 seconds.
[  253.428783][   T34]       Not tainted syzkaller #0
[  253.430777][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  253.434238][   T34] task:kworker/0:2     state:D stack:25192 pid:791   tgid:791   ppid:2      task_flags:0x4208060 flags:0x00004000
[  253.440091][   T34] Workqueue: events rfkill_global_led_trigger_worker
[  253.442765][   T34] Call Trace:
[  253.444128][   T34]  <TASK>
[  253.445482][   T34]  __schedule+0x1798/0x4cc0
[  253.447362][   T34]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  253.449521][   T34]  ? __pfx___schedule+0x10/0x10
[  253.451508][   T34]  ? schedule+0x91/0x360
[  253.453210][   T34]  schedule+0x165/0x360
[  253.454935][   T34]  schedule_preempt_disabled+0x13/0x30
[  253.459025][   T34]  __mutex_lock+0x7e6/0x1350
[  253.460917][   T34]  ? __mutex_lock+0x5bb/0x1350
[  253.462874][   T34]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[  253.465546][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  253.467659][   T34]  ? process_scheduled_works+0x9ef/0x17b0
[  253.470041][   T34]  ? process_scheduled_works+0x9ef/0x17b0
[  253.472351][   T34]  rfkill_global_led_trigger_worker+0x27/0xd0
[  253.474788][   T34]  ? process_scheduled_works+0x9ef/0x17b0
[  253.477169][   T34]  process_scheduled_works+0xae1/0x17b0
[  253.479422][   T34]  ? __pfx_process_scheduled_works+0x10/0x10
[  253.481781][   T34]  worker_thread+0x8a0/0xda0
[  253.483628][   T34]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  253.486342][   T34]  ? __kthread_parkme+0x7b/0x200
[  253.488317][   T34]  kthread+0x711/0x8a0
[  253.489939][   T34]  ? __pfx_worker_thread+0x10/0x10
[  253.491947][   T34]  ? __pfx_kthread+0x10/0x10
[  253.493848][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  253.496072][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.498129][   T34]  ? __pfx_kthread+0x10/0x10
[  253.500051][   T34]  ret_from_fork+0x439/0x7d0
[  253.501931][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  253.504010][   T34]  ? __switch_to_asm+0x39/0x70
[  253.506157][   T34]  ? __switch_to_asm+0x33/0x70
[  253.508110][   T34]  ? __pfx_kthread+0x10/0x10
[  253.510007][   T34]  ret_from_fork_asm+0x1a/0x30
[  253.511987][   T34]  </TASK>
[  253.513324][   T34] INFO: task syz.2.628:8985 blocked for more than 143 seconds.
[  253.516457][   T34]       Not tainted syzkaller #0
[  253.518461][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  253.521927][   T34] task:syz.2.628       state:D stack:26920 pid:8985  tgid:8985  ppid:5851   task_flags:0x400040 flags:0x00004004
[  253.526812][   T34] Call Trace:
[  253.528148][   T34]  <TASK>
[  253.529379][   T34]  __schedule+0x1798/0x4cc0
[  253.531220][   T34]  ? validate_chain+0x897/0x2140
[  253.533185][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.535104][   T34]  ? __pfx___schedule+0x10/0x10
[  253.537173][   T34]  ? schedule+0x91/0x360
[  253.538900][   T34]  schedule+0x165/0x360
[  253.540619][   T34]  schedule_timeout+0x9a/0x270
[  253.542582][   T34]  ? __pfx_schedule_timeout+0x10/0x10
[  253.544785][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  253.547114][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.548998][   T34]  ? wait_for_completion+0x267/0x5d0
[  253.551050][   T34]  wait_for_completion+0x2bf/0x5d0
[  253.552794][   T34]  ? __pfx_wait_for_completion+0x10/0x10
[  253.554959][   T34]  ? __flush_work+0xd2/0xbc0
[  253.556709][   T34]  ? __flush_work+0xd2/0xbc0
[  253.558328][   T34]  __flush_work+0x9b9/0xbc0
[  253.560163][   T34]  ? __flush_work+0xd2/0xbc0
[  253.562051][   T34]  ? __pfx___flush_work+0x10/0x10
[  253.563990][   T34]  ? __pfx_wq_barrier_func+0x10/0x10
[  253.566328][   T34]  ? __pfx___cancel_work+0x10/0x10
[  253.568410][   T34]  ? nfc_genl_device_removed+0x23c/0x330
[  253.570687][   T34]  __cancel_work_sync+0xbe/0x110
[  253.572694][   T34]  rfkill_unregister+0x92/0x220
[  253.574585][   T34]  nfc_unregister_device+0x96/0x2a0
[  253.576682][   T34]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  253.578732][   T34]  virtual_ncidev_close+0x56/0x90
[  253.580736][   T34]  __fput+0x44c/0xa70
[  253.582038][   T34]  task_work_run+0x1d4/0x260
[  253.583864][   T34]  ? __pfx_task_work_run+0x10/0x10
[  253.585825][   T34]  ? exit_to_user_mode_loop+0x40/0x110
[  253.587649][   T34]  exit_to_user_mode_loop+0xec/0x110
[  253.589436][   T34]  do_syscall_64+0x2bd/0x3b0
[  253.590936][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.592615][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.594577][   T34]  ? exc_page_fault+0x9f/0xf0
[  253.596161][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.598128][   T34] RIP: 0033:0x7f401778ec29
[  253.599623][   T34] RSP: 002b:00007ffe2a0a06e8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  253.602271][   T34] RAX: 0000000000000000 RBX: 0000000000018937 RCX: 00007f401778ec29
[  253.605013][   T34] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  253.607887][   T34] RBP: 00007f40179d7da0 R08: 0000000000000001 R09: 000000142a0a09df
[  253.610496][   T34] R10: 0000001b31620000 R11: 0000000000000246 R12: 00007f40179d5fac
[  253.613097][   T34] R13: 00007f40179d5fa0 R14: ffffffffffffffff R15: 00007ffe2a0a0800
[  253.615872][   T34]  </TASK>
[  253.616971][   T34] INFO: task syz.1.629:9000 blocked for more than 143 seconds.
[  253.619483][   T34]       Not tainted syzkaller #0
[  253.621132][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  253.623962][   T34] task:syz.1.629       state:D stack:25472 pid:9000  tgid:8999  ppid:5847   task_flags:0x400040 flags:0x00004004
[  253.628222][   T34] Call Trace:
[  253.629490][   T34]  <TASK>
[  253.630509][   T34]  __schedule+0x1798/0x4cc0
[  253.632022][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.633652][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.635516][   T34]  ? __pfx___schedule+0x10/0x10
[  253.637154][   T34]  ? schedule+0x91/0x360
[  253.638580][   T34]  schedule+0x165/0x360
[  253.639972][   T34]  schedule_preempt_disabled+0x13/0x30
[  253.641788][   T34]  __mutex_lock+0x7e6/0x1350
[  253.643343][   T34]  ? __mutex_lock+0x5bb/0x1350
[  253.644947][   T34]  ? rfkill_register+0x37/0x8e0
[  253.646680][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  253.648361][   T34]  ? __init_waitqueue_head+0xa9/0x150
[  253.650249][   T34]  ? device_initialize+0x24b/0x440
[  253.651964][   T34]  rfkill_register+0x37/0x8e0
[  253.653532][   T34]  nfc_register_device+0x14a/0x320
[  253.655316][   T34]  nci_register_device+0x87f/0x9d0
[  253.657031][   T34]  ? __pfx_nci_register_device+0x10/0x10
[  253.658882][   T34]  ? __raw_spin_lock_init+0x45/0x100
[  253.660634][   T34]  ? __init_waitqueue_head+0xa9/0x150
[  253.662402][   T34]  virtual_ncidev_open+0x129/0x1a0
[  253.664076][   T34]  ? __pfx_virtual_ncidev_open+0x10/0x10
[  253.666038][   T34]  misc_open+0x2bc/0x330
[  253.667461][   T34]  chrdev_open+0x4cc/0x5e0
[  253.668939][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  253.670585][   T34]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  253.672653][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  253.674287][   T34]  do_dentry_open+0x953/0x13f0
[  253.675987][   T34]  vfs_open+0x3b/0x340
[  253.677360][   T34]  ? path_openat+0x2ecd/0x3830
[  253.678940][   T34]  path_openat+0x2ee5/0x3830
[  253.680503][   T34]  ? arch_stack_walk+0xfc/0x150
[  253.682119][   T34]  ? stack_depot_save_flags+0x40/0x860
[  253.683940][   T34]  ? __pfx_path_openat+0x10/0x10
[  253.685702][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.687694][   T34]  do_filp_open+0x1fa/0x410
[  253.689188][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.690806][   T34]  ? __pfx_do_filp_open+0x10/0x10
[  253.692484][   T34]  ? _raw_spin_unlock+0x28/0x50
[  253.694126][   T34]  ? alloc_fd+0x64c/0x6c0
[  253.695655][   T34]  do_sys_openat2+0x121/0x1c0
[  253.697205][   T34]  ? __se_sys_futex+0x36f/0x400
[  253.698821][   T34]  ? __pfx_do_sys_openat2+0x10/0x10
[  253.700535][   T34]  ? ksys_write+0x22a/0x250
[  253.702037][   T34]  ? rcu_is_watching+0x15/0xb0
[  253.703624][   T34]  __x64_sys_openat+0x138/0x170
[  253.705378][   T34]  do_syscall_64+0xfa/0x3b0
[  253.706887][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.708610][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.710623][   T34]  ? exc_page_fault+0x9f/0xf0
[  253.712165][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.714104][   T34] RIP: 0033:0x7f92c218ec29
[  253.715673][   T34] RSP: 002b:00007f92c2ffd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  253.718356][   T34] RAX: ffffffffffffffda RBX: 00007f92c23d5fa0 RCX: 00007f92c218ec29
[  253.720899][   T34] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  253.723475][   T34] RBP: 00007f92c2211e41 R08: 0000000000000000 R09: 0000000000000000
[  253.726222][   T34] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  253.728819][   T34] R13: 00007f92c23d6038 R14: 00007f92c23d5fa0 R15: 00007ffed2e3fae8
[  253.731428][   T34]  </TASK>
[  253.732542][   T34] INFO: task syz.1.629:9004 blocked for more than 143 seconds.
[  253.734999][   T34]       Not tainted syzkaller #0
[  253.736720][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  253.739519][   T34] task:syz.1.629       state:D stack:27848 pid:9004  tgid:8999  ppid:5847   task_flags:0x400140 flags:0x00004004
[  253.743355][   T34] Call Trace:
[  253.744460][   T34]  <TASK>
[  253.745574][   T34]  __schedule+0x1798/0x4cc0
[  253.747118][   T34]  ? kasan_save_free_info+0x46/0x50
[  253.748840][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.750461][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.752070][   T34]  ? __pfx___schedule+0x10/0x10
[  253.753661][   T34]  ? schedule+0x91/0x360
[  253.755065][   T34]  schedule+0x165/0x360
[  253.756606][   T34]  schedule_preempt_disabled+0x13/0x30
[  253.758402][   T34]  __mutex_lock+0x7e6/0x1350
[  253.759929][   T34]  ? __mutex_lock+0x5bb/0x1350
[  253.761529][   T34]  ? misc_open+0x51/0x330
[  253.762959][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  253.764642][   T34]  misc_open+0x51/0x330
[  253.766130][   T34]  chrdev_open+0x4cc/0x5e0
[  253.767631][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  253.769252][   T34]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  253.771640][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  253.773659][   T34]  do_dentry_open+0x953/0x13f0
[  253.775716][   T34]  vfs_open+0x3b/0x340
[  253.777373][   T34]  ? path_openat+0x2ecd/0x3830
[  253.779352][   T34]  path_openat+0x2ee5/0x3830
[  253.781239][   T34]  ? arch_stack_walk+0xfc/0x150
[  253.783258][   T34]  ? stack_depot_save_flags+0x40/0x860
[  253.785658][   T34]  ? __pfx_path_openat+0x10/0x10
[  253.787598][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.790047][   T34]  do_filp_open+0x1fa/0x410
[  253.791894][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.793877][   T34]  ? __pfx_do_filp_open+0x10/0x10
[  253.796010][   T34]  ? _raw_spin_unlock+0x28/0x50
[  253.797972][   T34]  ? alloc_fd+0x64c/0x6c0
[  253.799761][   T34]  do_sys_openat2+0x121/0x1c0
[  253.801673][   T34]  ? __se_sys_futex+0x36f/0x400
[  253.803672][   T34]  ? __pfx_do_sys_openat2+0x10/0x10
[  253.805919][   T34]  ? ksys_write+0x11e/0x250
[  253.807744][   T34]  ? __pfx___se_sys_futex+0x10/0x10
[  253.810009][   T34]  ? __pfx_ksys_write+0x10/0x10
[  253.812032][   T34]  __x64_sys_openat+0x138/0x170
[  253.814020][   T34]  do_syscall_64+0xfa/0x3b0
[  253.816028][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.818169][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.820647][   T34]  ? exc_page_fault+0x9f/0xf0
[  253.822589][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.824977][   T34] RIP: 0033:0x7f92c218ec29
[  253.826946][   T34] RSP: 002b:00007f92c2fdc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  253.830328][   T34] RAX: ffffffffffffffda RBX: 00007f92c23d6090 RCX: 00007f92c218ec29
[  253.833525][   T34] RDX: 0000000000000002 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  253.836873][   T34] RBP: 00007f92c2211e41 R08: 0000000000000000 R09: 0000000000000000
[  253.839895][   T34] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  253.843069][   T34] R13: 00007f92c23d6128 R14: 00007f92c23d6090 R15: 00007ffed2e3fae8
[  253.846530][   T34]  </TASK>
[  253.847855][   T34] INFO: task syz.0.630:9007 blocked for more than 143 seconds.
[  253.850946][   T34]       Not tainted syzkaller #0
[  253.852710][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  253.855695][   T34] task:syz.0.630       state:D stack:26344 pid:9007  tgid:9006  ppid:5854   task_flags:0x400140 flags:0x00004004
[  253.860162][   T34] Call Trace:
[  253.861564][   T34]  <TASK>
[  253.862801][   T34]  __schedule+0x1798/0x4cc0
[  253.864713][   T34]  ? kasan_save_free_info+0x46/0x50
[  253.867048][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.869078][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.871096][   T34]  ? __pfx___schedule+0x10/0x10
[  253.873111][   T34]  ? schedule+0x91/0x360
[  253.874886][   T34]  schedule+0x165/0x360
[  253.876697][   T34]  schedule_preempt_disabled+0x13/0x30
[  253.878941][   T34]  __mutex_lock+0x7e6/0x1350
[  253.880855][   T34]  ? __mutex_lock+0x5bb/0x1350
[  253.882839][   T34]  ? misc_open+0x51/0x330
[  253.884652][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  253.886852][   T34]  misc_open+0x51/0x330
[  253.888596][   T34]  chrdev_open+0x4cc/0x5e0
[  253.890461][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  253.892503][   T34]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  253.895238][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  253.897314][   T34]  do_dentry_open+0x953/0x13f0
[  253.899389][   T34]  vfs_open+0x3b/0x340
[  253.901032][   T34]  ? path_openat+0x2ecd/0x3830
[  253.902886][   T34]  path_openat+0x2ee5/0x3830
[  253.904460][   T34]  ? arch_stack_walk+0xfc/0x150
[  253.906250][   T34]  ? stack_depot_save_flags+0x40/0x860
[  253.908148][   T34]  ? __pfx_path_openat+0x10/0x10
[  253.909807][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.911826][   T34]  do_filp_open+0x1fa/0x410
[  253.913349][   T34]  ? __lock_acquire+0xab9/0xd20
[  253.914963][   T34]  ? __pfx_do_filp_open+0x10/0x10
[  253.916734][   T34]  ? _raw_spin_unlock+0x28/0x50
[  253.918373][   T34]  ? alloc_fd+0x64c/0x6c0
[  253.919817][   T34]  do_sys_openat2+0x121/0x1c0
[  253.921404][   T34]  ? __se_sys_futex+0x36f/0x400
[  253.923017][   T34]  ? __pfx_do_sys_openat2+0x10/0x10
[  253.924765][   T34]  ? __pfx___se_sys_futex+0x10/0x10
[  253.926564][   T34]  ? rcu_is_watching+0x15/0xb0
[  253.928140][   T34]  __x64_sys_openat+0x138/0x170
[  253.929759][   T34]  do_syscall_64+0xfa/0x3b0
[  253.931251][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.933065][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.935619][   T34]  ? exc_page_fault+0x9f/0xf0
[  253.937544][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.939871][   T34] RIP: 0033:0x7f6152f8ec29
[  253.941575][   T34] RSP: 002b:00007f6153de8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  253.944551][   T34] RAX: ffffffffffffffda RBX: 00007f61531d5fa0 RCX: 00007f6152f8ec29
[  253.947439][   T34] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  253.950167][   T34] RBP: 00007f6153011e41 R08: 0000000000000000 R09: 0000000000000000
[  253.952871][   T34] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  253.955674][   T34] R13: 00007f61531d6038 R14: 00007f61531d5fa0 R15: 00007ffc4d51c188
[  253.958436][   T34]  </TASK>
[  253.959549][   T34] 
[  253.959549][   T34] Showing all locks held in the system:
[  253.962158][   T34] 4 locks held by kworker/0:1/10:
[  253.963963][   T34]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  253.967958][   T34]  #1: ffffc900000d7bc0 ((work_completion)(&rfkill->sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  253.972230][   T34]  #2: ffffffff8f813d08 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_sync_work+0x2e/0x200
[  253.975807][   T34]  #3: ffff8880121a1100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[  253.979282][   T34] 1 lock held by khungtaskd/34:
[  253.981042][   T34]  #0: ffffffff8e13a0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  253.984752][   T34] 3 locks held by kworker/0:2/791:
[  253.986621][   T34]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  253.990415][   T34]  #1: ffffc90004acfbc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  253.995399][   T34]  #2: ffffffff8f813d08 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[  253.999272][   T34] 2 locks held by getty/5680:
[  254.000942][   T34]  #0: ffff8880238e90a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  254.004478][   T34]  #1: ffffc900029132f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  254.008119][   T34] 1 lock held by syz.2.628/8985:
[  254.009910][   T34]  #0: ffff8880121a1100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[  254.013255][   T34] 3 locks held by syz.1.629/9000:
[  254.015200][   T34]  #0: ffffffff8e9c2588 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  254.018205][   T34]  #1: ffff888125209100 (&dev->mutex){....}-{4:4}, at: nfc_register_device+0xa1/0x320
[  254.021916][   T34]  #2: ffffffff8f813d08 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[  254.026308][   T34] 1 lock held by syz.1.629/9004:
[  254.028520][   T34]  #0: ffffffff8e9c2588 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  254.031794][   T34] 1 lock held by syz.0.630/9007:
[  254.033480][   T34]  #0: ffffffff8e9c2588 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  254.036759][   T34] 1 lock held by syz-executor/9014:
[  254.038523][   T34]  #0: ffffffff8e9c2588 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  254.041278][   T34] 1 lock held by syz-executor/9015:
[  254.043010][   T34]  #0: ffffffff8e9c2588 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  254.046044][   T34] 1 lock held by syz-executor/9017:
[  254.047952][   T34]  #0: ffffffff8e9c2588 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  254.050913][   T34] 1 lock held by syz-executor/9019:
[  254.052702][   T34]  #0: ffffffff8e9c2588 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  254.056032][   T34] 1 lock held by syz-executor/9021:
[  254.057834][   T34]  #0: ffffffff8e9c2588 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  254.060812][   T34] 1 lock held by syz-executor/9023:
[  254.062804][   T34]  #0: ffffffff8e9c2588 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  254.065915][   T34] 1 lock held by syz-executor/9029:
[  254.067726][   T34]  #0: ffffffff8e9c2588 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  254.070579][   T34] 1 lock held by syz-executor/9031:
[  254.072374][   T34]  #0: ffffffff8e9c2588 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  254.075682][   T34] 1 lock held by syz-executor/9033:
[  254.077442][   T34]  #0: ffffffff8e9c2588 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  254.080302][   T34] 
[  254.081099][   T34] =============================================
[  254.081099][   T34] 
[  254.083989][   T34] NMI backtrace for cpu 0
[  254.084002][   T34] CPU: 0 UID: 0 PID: 34 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  254.084034][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  254.084041][   T34] Call Trace:
[  254.084048][   T34]  <TASK>
[  254.084054][   T34]  dump_stack_lvl+0x189/0x250
[  254.084075][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  254.084089][   T34]  ? __pfx__printk+0x10/0x10
[  254.084112][   T34]  nmi_cpu_backtrace+0x39e/0x3d0
[  254.084131][   T34]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  254.084148][   T34]  ? __pfx__printk+0x10/0x10
[  254.084165][   T34]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  254.084184][   T34]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  254.084202][   T34]  watchdog+0xf93/0xfe0
[  254.084242][   T34]  ? watchdog+0x1de/0xfe0
[  254.084258][   T34]  kthread+0x711/0x8a0
[  254.084276][   T34]  ? __pfx_watchdog+0x10/0x10
[  254.084318][   T34]  ? __pfx_kthread+0x10/0x10
[  254.084332][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  254.084348][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  254.084357][   T34]  ? __pfx_kthread+0x10/0x10
[  254.084369][   T34]  ret_from_fork+0x439/0x7d0
[  254.084382][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  254.084395][   T34]  ? __switch_to_asm+0x39/0x70
[  254.084408][   T34]  ? __switch_to_asm+0x33/0x70
[  254.084421][   T34]  ? __pfx_kthread+0x10/0x10
[  254.084436][   T34]  ret_from_fork_asm+0x1a/0x30
[  254.084459][   T34]  </TASK>
[  254.084484][   T34] Sending NMI from CPU 0 to CPUs 1:
[  254.138219][    C1] NMI backtrace for cpu 1
[  254.138230][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[  254.138238][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  254.138242][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  254.138254][    C1] Code: 53 e8 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d b3 f9 0d 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  254.138260][    C1] RSP: 0018:ffffc90000177de0 EFLAGS: 00000282
[  254.138267][    C1] RAX: f255dc9bc4a94c00 RBX: ffffffff819693f8 RCX: f255dc9bc4a94c00
[  254.138272][    C1] RDX: 0000000000000001 RSI: ffffffff8d9b9d06 RDI: ffffffff8be33c00
[  254.138276][    C1] RBP: ffffc90000177f20 R08: ffff888136632f9b R09: 1ffff11026cc65f3
[  254.138311][    C1] R10: dffffc0000000000 R11: ffffed1026cc65f4 R12: ffffffff8fa3a630
[  254.138318][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110200d6000
[  254.138322][    C1] FS:  0000000000000000(0000) GS:ffff8881a3c15000(0000) knlGS:0000000000000000
[  254.138328][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  254.138332][    C1] CR2: 00007ffeacf31348 CR3: 000000010f9b6000 CR4: 00000000000006f0
[  254.138358][    C1] Call Trace:
[  254.138362][    C1]  <TASK>
[  254.138365][    C1]  default_idle+0x13/0x20
[  254.138373][    C1]  default_idle_call+0x74/0xb0
[  254.138381][    C1]  do_idle+0x1e8/0x510
[  254.138389][    C1]  ? __pfx_do_idle+0x10/0x10
[  254.138398][    C1]  cpu_startup_entry+0x44/0x60
[  254.138404][    C1]  start_secondary+0x101/0x110
[  254.138414][    C1]  common_startup_64+0x13e/0x147
[  254.138424][    C1]  </TASK>
[  254.141305][   T34] Kernel panic - not syncing: hung_task: blocked tasks
[  254.198034][   T34] CPU: 0 UID: 0 PID: 34 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  254.201108][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  254.204698][   T34] Call Trace:
[  254.205847][   T34]  <TASK>
[  254.206865][   T34]  dump_stack_lvl+0x99/0x250
[  254.208458][   T34]  ? __asan_memcpy+0x40/0x70
[  254.210055][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  254.211837][   T34]  ? __pfx__printk+0x10/0x10
[  254.213425][   T34]  vpanic+0x281/0x750
[  254.214984][   T34]  ? __pfx_vpanic+0x10/0x10
[  254.216546][   T34]  ? __x2apic_send_IPI_mask+0x1e4/0x260
[  254.218473][   T34]  ? preempt_schedule+0xae/0xc0
[  254.220117][   T34]  ? preempt_schedule_common+0x83/0xd0
[  254.222003][   T34]  panic+0xb9/0xc0
[  254.223307][   T34]  ? __pfx_panic+0x10/0x10
[  254.224881][   T34]  ? preempt_schedule_thunk+0x16/0x30
[  254.226985][   T34]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  254.229113][   T34]  watchdog+0xfd2/0xfe0
[  254.230656][   T34]  ? watchdog+0x1de/0xfe0
[  254.232508][   T34]  kthread+0x711/0x8a0
[  254.234179][   T34]  ? __pfx_watchdog+0x10/0x10
[  254.235991][   T34]  ? __pfx_kthread+0x10/0x10
[  254.237554][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  254.239312][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  254.241035][   T34]  ? __pfx_kthread+0x10/0x10
[  254.242605][   T34]  ret_from_fork+0x439/0x7d0
[  254.244146][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  254.245862][   T34]  ? __switch_to_asm+0x39/0x70
[  254.247446][   T34]  ? __switch_to_asm+0x33/0x70
[  254.249054][   T34]  ? __pfx_kthread+0x10/0x10
[  254.250597][   T34]  ret_from_fork_asm+0x1a/0x30
[  254.252200][   T34]  </TASK>
[  254.253967][   T34] Kernel Offset: disabled
[  254.255516][   T34] Rebooting in 86400 seconds..

VM DIAGNOSIS:
14:46:45  Registers:
info registers vcpu 0

CPU#0
RAX=43bb490ce7b9e600 RBX=ffffffff819693f8 RCX=43bb490ce7b9e600 RDX=0000000000000001
RSI=ffffffff8d9b9d06 RDI=ffffffff8be33c00 RBP=ffffffff8de07eb8 RSP=ffffffff8de07d80
R8 =ffff88804b032f9b R9 =1ffff110096065f3 R10=dffffc0000000000 R11=ffffed10096065f4
R12=ffffffff8fa3a630 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a20
RIP=ffffffff8b7a33f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8615000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f76a381284a CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000001 XMM01=0000000000000000 00007f4fe1da7d20
XMM02=0000000500000007 90030ffe00000001 XMM03=0004c00312100004 b0031ffffffffe10
XMM04=0000000000000000 0000000000000016 XMM05=0000000000000000 000000000003bf12
XMM06=ff040fffffffffff ff04048000000007 XMM07=ffffffff00000000 018010000c014fd6
XMM08=00100004f0030fff fffffe1000000006 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffc90007700000 RBX=1ffff110211fc25a RCX=ffff88801d2f3980 RDX=0000000000010000
RSI=ffff888108fe0000 RDI=0000000000000017 RBP=0000000000000080 RSP=ffffc900001e0dc0
R8 =ffffffff8fa3a637 R9 =1ffffffff1f474c6 R10=dffffc0000000000 R11=ffffffff869a3af0
R12=dffffc0000000000 R13=ffff888108fe12d0 R14=ffff888108fe0000 R15=dffffc0000000000
RIP=ffffffff869a3b38 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c15000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffeacf31348 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000349002b8 0000000000000024 XMM01=0100000000000100 0000000000000000
XMM02=65626d6520002e74 736f686c61636f6c XMM03=0000000000000000 0000000000000000
XMM04=ffffffffffffff00 0000000000000000 XMM05=0100000000000000 00000000000002ff
XMM06=0100000000000000 00000000000002ff XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
