last executing test programs:

1.284224283s ago: executing program 1 (id=716):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r0, 0x84, 0x1c, 0x0, &(0x7f0000001b80))

1.181128037s ago: executing program 1 (id=718):
sendmsg$SMC_PNETID_DEL(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x0, 0x1, 0x0, 0x0, {0x2, 0x2, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="97eb000014006bcd9e", 0xeb97}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600)

1.091286598s ago: executing program 1 (id=720):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
write$tun(r0, &(0x7f0000000e00)=ANY=[@ANYBLOB="000088f80180c2000001aaaaaaaaaaaa88a8a00081"], 0x72)

998.540646ms ago: executing program 2 (id=722):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000f00)=ANY=[@ANYBLOB="300000001800dd8d0000000000000000020000000000000900000000060015000a0000000c001680"], 0x30}}, 0x0)

966.853424ms ago: executing program 2 (id=723):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, 0x0, 0x0)

962.800631ms ago: executing program 1 (id=724):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8)
sendto$inet6(r0, &(0x7f0000000580)="81", 0x1, 0xc001, &(0x7f0000000280)={0xa, 0x0, 0x0, @loopback, 0x81}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, 0x0, 0x0)

828.320834ms ago: executing program 2 (id=726):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r0, &(0x7f0000000f40)={{0x6, @rose}, [@default, @bcast, @netrom, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}, 0x48)
sendto(r0, 0x0, 0x0, 0x80, &(0x7f0000001080)=@ll={0x11, 0xf7, 0x0, 0x1, 0xf8, 0x6, @random="84aeaba1eed7"}, 0x80)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000dcf3490000000000000007850000080000000e00000095000000000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001b40)={r1, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r2)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="0000000000004a641c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff0000000001000000000000d7", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800a000100767863616e0000000400028008000a00", @ANYRES32=r5, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x1, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x40, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x500}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x40}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket(0x1, 0x803, 0x0)
getsockname$packet(r10, 0x0, &(0x7f00000002c0))
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8}, @IFLA_MASTER={0x8}]}, 0x4c}}, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000052c0)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, 0x0}, 0x2046}, {{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000540)=""/130, 0x82}, {&(0x7f0000006080)=""/4074, 0xfea}, {&(0x7f0000000240)=""/103, 0x67}, {&(0x7f0000000040)=""/113, 0x71}, {&(0x7f0000000140)=""/55, 0x37}, {&(0x7f0000000340)=""/107, 0x6b}, {&(0x7f00000003c0)=""/100, 0x64}, {&(0x7f0000000440)=""/188, 0xbc}, {&(0x7f00000001c0)=""/54, 0x36}], 0x9}, 0x4db}, {{0x0, 0x0, 0x0}, 0x20008}, {{0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000780)=""/146, 0x92}, {&(0x7f0000000840)=""/158, 0x9e}, {&(0x7f0000000900)=""/220, 0xdc}, {&(0x7f0000000a00)=""/11, 0xb}, {&(0x7f0000000a40)=""/80, 0x50}, {&(0x7f0000000b40)=""/97, 0x61}, {&(0x7f0000000bc0)=""/123, 0x7b}, {&(0x7f0000002e00)=""/4096, 0x1000}, {&(0x7f0000000c40)=""/171, 0xab}], 0x9, &(0x7f0000003e00)=""/4096, 0x1000}, 0x9}, {{&(0x7f0000000dc0)=@generic, 0x80, &(0x7f0000001400)=[{&(0x7f0000000e40)=""/223, 0xdf}, {&(0x7f0000000fc0)=""/166, 0xa6}, {&(0x7f0000001100)=""/212, 0xd4}, {&(0x7f0000001200)=""/108, 0x6c}, {&(0x7f0000001280)=""/134, 0x86}, {&(0x7f0000001340)=""/95, 0x5f}, {&(0x7f00000013c0)=""/57, 0x39}], 0x7, &(0x7f0000001480)=""/175, 0xaf}, 0x9}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f00000015c0)=""/27, 0x1b}, {&(0x7f0000001640)=""/96, 0x60}, {&(0x7f00000016c0)=""/218, 0xda}], 0x3, &(0x7f0000001800)=""/222, 0xde}, 0x4}, {{&(0x7f0000001900)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000001980)=[{&(0x7f0000002a40)=""/143, 0x8f}], 0x1, &(0x7f0000004e00)=""/181, 0xb5}, 0xb68d}, {{&(0x7f0000004ec0)=@generic, 0x80, &(0x7f0000005180)=[{&(0x7f0000004f40)=""/179, 0xb3}, {&(0x7f0000005000)=""/240, 0xf0}, {&(0x7f0000005100)=""/124, 0x7c}, {&(0x7f00000019c0)=""/21, 0x15}], 0x4, &(0x7f00000051c0)=""/247, 0xf7}, 0x6}], 0xc, 0x40002000, 0x0)
socket$igmp(0x2, 0x3, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r11 = socket$inet_udplite(0x2, 0x2, 0x88)
sendmmsg$inet(r11, &(0x7f00000000c0)=[{{&(0x7f0000000180)={0x2, 0x4e21, @broadcast}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="08746100839de29f80cbd1fea21bd790ddffb5bf4221aec44908bc5bda64216408fc2465294b8765ddfa4818d2296b6305fe098a9c32f7fec2f9b654eec757858e9271455a5d88ba59ac017c93ebca88ab351859ad0935722d4b157ed7774b3bdee295afa5796ec4ec77f76c7d9e24777847c773d4f4bd86369366a1c9f4f8bd42fd8acb410bb8a7140da53378dbdf60d31f0102ddb8e5b71817"], 0x70}}], 0x1, 0x4000004)

696.847288ms ago: executing program 0 (id=730):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r4, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x46}, 0x48)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x240000c4}, 0xc000)
read(r0, &(0x7f0000000240)=""/28, 0x1c)

680.379671ms ago: executing program 2 (id=731):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000002c0)={0x64, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x37}]}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x64}}, 0x0)

567.273283ms ago: executing program 2 (id=732):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2a, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x12, 0xf, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x4}, 0x50)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20050800)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0e000000040000000400000009"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0xf, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r2, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

566.424375ms ago: executing program 0 (id=733):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)

499.54614ms ago: executing program 2 (id=734):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1, 0x0, 0x178}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r3, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)

441.114808ms ago: executing program 0 (id=735):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=@newtaction={0x6c, 0x30, 0xb, 0x5, 0x0, {}, [{0x58, 0x1, [@m_ct={0x54, 0x1, 0x0, 0x0, {{0x7}, {0x2c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xf16a, 0x0, 0x0, 0x0, 0x8}}, @TCA_CT_MARK={0x8, 0x5, 0x9}, @TCA_CT_MARK_MASK={0x8, 0x6, 0x8000}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x8890}, 0x0)

440.869611ms ago: executing program 0 (id=736):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xa, 0x3, &(0x7f0000000b40)=ANY=[@ANYBLOB="850000002200000007000000000000089500000000000000e26c9bd1a6361b80cdd64bdf00000000000869045aac0000659f55df08f9b90788ff7f00000010000029c21ebbcde61d8ab5920aef6c3e007fe61241638962cf0b89ef506cfd3f1d4163d3cfca3733b30070a7cf53021a95fdaf3c7220a0e23db436659a8c54328a702688f92b6b71569d65e33d46f8d8ae24ba69c657afac04379cb536008c219991704f11c51b1d076f03b0f917c766f3a7598bbc00feb3bc8e88f79df517b37b56bcbc290080000000000000e675458a43b8a8935bf9cf0be7d0aeaac41405e341cd0ba0d6fd562489dad595712a4051bb6cf826ab757193fc09d305f95c55d5746419000000000000007b61803bd430ef06000000000000001e93f640f159320c8b088f4d6497682eb312d4967aff9e4c14c66c90000054ed82c7cba4c81f91d6dfed18767bf0df584b4b6c4204df411f921e3aa02a67dd324b8176020e9c024751e539c05727f82c92046bfe64babb6d7ba86526b7886a0c2481c5812812a6fa3fca3758cbd8c32b25c28be225bd1f16297baa065f5bf96330fad0aaa4388c06c0eb2ecdf829af9577fcd868cc269b740000b7ad193c5e5850df01aff96877d73a63246ce6f0467167626329ab910b7a13d9ec9a64e7f6b56aeab8c38f69a213c96e2d2ad7978c9d721c270f27e7025d576535198742d403ec43572d7d0baf00e882617b260627805ca44200335ea4363066944d0aa6feb9705b09ba40d4642519281151f875cbf13a582f90ad719f0eccf02a473dd508a16138904933689ea6050041206473075eaeff2b69c2f2bf6f691c3560e068743a08e9771280da61fd8fdc3f7a35ea352e35753c59ebc1bd27ab6603e6afb1b3f057fbb7ed3aabe702b3c6301d3f5c295d1d69d1541d0e64631c95d6c0999e27e8d1a58f6a00f19102d2bfaf53f25a45637b1c577ae50c4c5669b13a4ed999dd10d2f091dcda39d9abc40c64a20c14ff0b1bf4d23fe07ae90fa0eba9c64bf89b26e7d8d70710b04f9ece5969023acadbb4582272e5b3a0429a5645b0c824ad36f7cc8be12b3874d5a19349b0ede845e9dddcab4a78b08ed60104002aabb17eb1840bc8e0ed1dd8b9b7eeaf32a185d80250a7f2252775905eeeb756eadafe20bbc616bc44b347abc8caf722b2c3b06884c1d3690f23b06fa4541bb2a81073b452764f04bd39008b65ee222cf697ac21b087548e9708dffaff2859e973b1e88668c8022cc6dac8548167e5798ec9c7d288a7fa7749f07513187cd8f060abbbc5e37dd1ba3aab927be1b409be733b7408534e5b0951e9ecfd0a1c77e3a29be47e896aecac0bc4093330124615056e3ce0ce6ac91b1242d3bb2e787a186dc2ec284d60e9d8a03884a22eeaa1efa497ee88c6cb565b164a260afb5157e392b1ebb1a4d4f992011ecbac4a0a7ff5bdcef7994a422bb2761edd2d8f20f5f879a88f89d48b8314f862585e4b7a9d6a6681f40e8b82cc6555dce2db951d164cc9a70e640ac8974faa2587a6e3af3b9458f7d4b4077b3002536b10ea24d73307a33090c4c270909a5322eac32cb175e68fa83457b21465c08c02dcefccc0c714c2862ddbe567755f05c1e671328d160d3752345ca1db6e74c720e42afca982ba6befd96c5575f1dd8f87ff6606301c0000000000000000000000000000000000000004d0d54b4caf78018766cdb971e8b168d4763c1f00000003d4e1d842caf457797f93db93e4f38a9dbd79f6bf5dc40b55fdbf9b856665061b2e2924f27eb2d2b5a181ccfd9eeb11dec165b6f12433f00bb06124041ffdcdcdc91f3b3b76635a689c9249cf69bcae654bfa81e75b7c7002b883c56026d83520395b7d511f607cf2f899c7b1c75e2192f775d72247167285857588ace1115fbebfee3c16b84cf7036d41c493a63c09f2ce46c1f5995c2d7fe58c15e64bb4cb7e7f336cc22fa1ea1363bce375bd3d579be1dddb08ed5147b629e4b3f0e65783ee5e20d9270802f2a7500738d95216743bc36a04ba8d486fb26252d684b84fa24639089064ca7b93057c041f12d544dab4d24a4f952b4f265a69ba279929959991b7ac63786055b3c029a0e8b6e42ad33cba2661957cff0700000000000029bb61462623a58556cd62844d4d23cc738ee5b36c71d2c010b089251d5806000b1ade92dd9f441468967c052aecd9de81b4b55d06670597991f37ddc4fa19a6369d5bf76c474633a337f676ad255869881da5cadcf49ce9188129cc978977f87b32bd4945717075cbb4d3e01e67ff087644f52fcf0a3c732b0586cb87972c43d2616bf4e521dc310fbf1760243d51a197d3ecfd74bd625e9f496175513f3e97854ea76e26e96a8639a297871485a8609f8ca842b3321932c4d9e224a0cec5946cec9e359fd3687415cad5fb8c678136f36d9f781fade9f2469477748f4dfa0f56c326c89bb5d07f35aaf95303b5a620fc84e1c73557b2277831f8f633f0d293c0e3f4f93149887271e645f50a4e57010a9b76457f6ad73231a905206bbb1b95248aed85a9df9dea64cc1fd1f06a98530000000000000045fcc1fb138fce0faec0a423e860d5b308d7849381b294106af25f15fec047d5b844a99f36e342165df728e381b48c20e0900f8d265157467d3494f2b93c7f3c817688cec2d226f50edb115c2e075f3c663a4b4169bc6fd7d4fbce205f2a1ae263ae0db900fa0a13cf796e0d7a9dad86953c13ed6241206d682e194c64c491de6a531e9bd45abe705f07000a82ccd41a2c1b23bac44b7371a3a0aeab3647c56f0680cd30ca260189dffed79c2cfae39d8160d3fac695b75654a4a5695b9edec673e75d97950fd4d80bdf8e2d83a3232768b1231b09ef4d995a783eb8f731523e9f6c2ee9119d567acd471bc391bd4f07600d5b04b71c1f1fd7e219b8df5123e4c529db3ce74353e8a39e2d21ce0954334951d509cdce531fb14230fa3b7331a943e7223b0ac8725a0d45a213fa249a8801959480ecdc5999c9df72debe8510d0620fce7be7086d5b72e857243f0a7883d9749b1f40936b51631e0060a0d9901d730000000000000000"], &(0x7f0000014ff5)='GPL\x00', 0x2, 0x103a, &(0x7f0000014000)=""/4096, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2a3}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0x3a, 0x0, &(0x7f0000000200)="e460cdfbef2408002900119386dd6a00000000072feb3014cd3ec8a755c1e1380081ffad000400e8d50000000100000bb500000500242c106558", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

358.793314ms ago: executing program 0 (id=737):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000ac0)={'wpan0\x00', <r3=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_KEY(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000fcdbdf25180000001c003080180001800c0003800600010001deffff070001000000000008000300", @ANYRES32=r3], 0x38}, 0x1, 0x0, 0x0, 0x24004415}, 0x20000000)

358.394656ms ago: executing program 0 (id=738):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x18, &(0x7f0000000540)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x86}}, {{0x5, 0x0, 0x5, 0x9, 0x0, 0x1, 0x2000}}, [@printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffff0}}, @jmp={0x5, 0x0, 0x4, 0x0, 0x0, 0xfffffffffffffff4, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x2a}}}, &(0x7f0000000000)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0x4f}, 0x94)

318.96µs ago: executing program 1 (id=739):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1c}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x9}]}, @NFT_MSG_NEWSETELEM={0x2c, 0x1e, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc0}}, 0x0)

0s ago: executing program 1 (id=740):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000300)={0x3c, r1, 0x1, 0xfffffffe, 0x0, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xfb2e77a8993c191f}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffff}]}, 0x3c}}, 0x20000000)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:63943' (ED25519) to the list of known hosts.
syzkaller login: [   57.161096][ T5787] cgroup: Unknown subsys name 'net'
[   57.315210][ T5787] cgroup: Unknown subsys name 'cpuset'
[   57.321401][ T5787] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   59.355739][ T5787] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   68.676479][ T5849] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   72.037961][ T5871] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   72.050819][ T5871] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   72.053831][ T5871] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   72.057921][ T5871] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   72.070419][ T5871] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   72.196359][ T5218] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   72.201598][ T5218] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   72.205114][ T5218] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   72.209106][ T5218] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   72.220043][ T5218] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   72.259478][ T5871] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   72.264881][ T5871] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   72.268130][ T5871] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   72.279142][ T5871] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   72.282303][ T5871] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   72.546503][ T5869] chnl_net:caif_netlink_parms(): no params data found
[   72.709466][ T5872] chnl_net:caif_netlink_parms(): no params data found
[   72.729110][ T5869] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.733398][ T5869] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.736288][ T5869] bridge_slave_0: entered allmulticast mode
[   72.741015][ T5869] bridge_slave_0: entered promiscuous mode
[   72.747385][ T5869] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.750916][ T5869] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.753696][ T5869] bridge_slave_1: entered allmulticast mode
[   72.757425][ T5869] bridge_slave_1: entered promiscuous mode
[   72.830307][ T5869] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   72.855303][ T5869] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   72.859237][ T5874] chnl_net:caif_netlink_parms(): no params data found
[   72.931949][ T5869] team0: Port device team_slave_0 added
[   72.972991][ T5869] team0: Port device team_slave_1 added
[   73.014645][ T5872] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.016910][ T5872] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.019057][ T5872] bridge_slave_0: entered allmulticast mode
[   73.023114][ T5872] bridge_slave_0: entered promiscuous mode
[   73.073225][ T5869] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.075721][ T5869] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.084278][ T5869] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.089030][ T5872] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.092646][ T5872] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.095431][ T5872] bridge_slave_1: entered allmulticast mode
[   73.099249][ T5872] bridge_slave_1: entered promiscuous mode
[   73.116852][ T5874] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.119243][ T5874] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.123404][ T5874] bridge_slave_0: entered allmulticast mode
[   73.126695][ T5874] bridge_slave_0: entered promiscuous mode
[   73.130960][ T5874] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.133358][ T5874] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.135971][ T5874] bridge_slave_1: entered allmulticast mode
[   73.138947][ T5874] bridge_slave_1: entered promiscuous mode
[   73.142103][ T5869] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.144189][ T5869] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.152469][ T5869] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.184512][ T5872] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.223280][ T5874] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.229223][ T5872] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.237138][ T5874] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.298841][ T5872] team0: Port device team_slave_0 added
[   73.314006][ T5874] team0: Port device team_slave_0 added
[   73.318685][ T5872] team0: Port device team_slave_1 added
[   73.340336][ T5869] hsr_slave_0: entered promiscuous mode
[   73.343447][ T5869] hsr_slave_1: entered promiscuous mode
[   73.347561][ T5874] team0: Port device team_slave_1 added
[   73.403172][ T5872] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.405325][ T5872] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.412946][ T5872] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.416724][ T5874] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.418959][ T5874] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.427952][ T5874] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.451242][ T5872] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.453525][ T5872] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.461892][ T5872] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.467158][ T5874] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.471099][ T5874] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.480995][ T5874] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.588787][ T5874] hsr_slave_0: entered promiscuous mode
[   73.593999][ T5874] hsr_slave_1: entered promiscuous mode
[   73.596738][ T5874] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   73.599952][ T5874] Cannot create hsr debugfs directory
[   73.610728][ T5872] hsr_slave_0: entered promiscuous mode
[   73.613608][ T5872] hsr_slave_1: entered promiscuous mode
[   73.616273][ T5872] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   73.619026][ T5872] Cannot create hsr debugfs directory
[   73.872051][ T5869] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   73.886199][ T5869] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   73.902620][ T5869] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   73.912295][ T5869] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   73.965193][ T5872] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   73.983686][ T5872] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   74.009391][ T5872] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   74.019290][ T5872] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   74.111059][ T5871] Bluetooth: hci0: command tx timeout
[   74.126259][ T5869] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.133501][ T5874] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   74.141209][ T5874] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   74.152816][ T5874] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   74.162474][ T5874] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   74.184114][ T5869] 8021q: adding VLAN 0 to HW filter on device team0
[   74.208031][ T1088] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.211070][ T1088] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.235592][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.238288][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.270791][ T5871] Bluetooth: hci1: command tx timeout
[   74.282531][ T5872] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.328978][ T5872] 8021q: adding VLAN 0 to HW filter on device team0
[   74.346330][ T5869] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   74.350467][ T5871] Bluetooth: hci2: command tx timeout
[   74.357273][ T1088] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.360210][ T1088] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.372906][   T65] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.375223][   T65] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.431971][ T5874] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.456285][ T5874] 8021q: adding VLAN 0 to HW filter on device team0
[   74.465117][   T34] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.467320][   T34] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.482357][   T34] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.484644][   T34] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.597154][ T5869] 8021q: adding VLAN 0 to HW filter on device batadv0
[   74.635705][ T5872] 8021q: adding VLAN 0 to HW filter on device batadv0
[   74.683029][ T5869] veth0_vlan: entered promiscuous mode
[   74.710603][ T5869] veth1_vlan: entered promiscuous mode
[   74.716820][ T5872] veth0_vlan: entered promiscuous mode
[   74.723324][ T5874] 8021q: adding VLAN 0 to HW filter on device batadv0
[   74.731489][ T5872] veth1_vlan: entered promiscuous mode
[   74.786241][ T5874] veth0_vlan: entered promiscuous mode
[   74.792710][ T5869] veth0_macvtap: entered promiscuous mode
[   74.801153][ T5869] veth1_macvtap: entered promiscuous mode
[   74.819379][ T5874] veth1_vlan: entered promiscuous mode
[   74.828263][ T5872] veth0_macvtap: entered promiscuous mode
[   74.851773][ T5872] veth1_macvtap: entered promiscuous mode
[   74.861697][ T5869] batman_adv: batadv0: Interface activated: batadv_slave_0
[   74.878219][ T5869] batman_adv: batadv0: Interface activated: batadv_slave_1
[   74.903213][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   74.910978][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_0
[   74.915986][ T5877] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   74.931939][ T5877] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   74.935308][ T5877] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   74.942847][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_1
[   74.947691][ T5874] veth0_macvtap: entered promiscuous mode
[   74.967268][ T5874] veth1_macvtap: entered promiscuous mode
[   74.991411][ T5676] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   74.998063][ T5676] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.003742][ T5676] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.006918][ T5676] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.054367][ T5874] batman_adv: batadv0: Interface activated: batadv_slave_0
[   75.094085][ T5874] batman_adv: batadv0: Interface activated: batadv_slave_1
[   75.126871][ T1091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.132031][ T1091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.157485][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   75.175866][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.184395][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.187707][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.201653][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.205499][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.249823][ T1087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.257800][ T1087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.349361][ T1087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.357103][ T1087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.431342][   T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.434351][   T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.512723][ T1087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.523127][ T1087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.523403][ T5936] netlink: 'syz.1.18': attribute type 21 has an invalid length.
[   75.544885][ T5936] netlink: 8 bytes leftover after parsing attributes in process `syz.1.18'.
[   76.195989][ T5871] Bluetooth: hci0: command tx timeout
[   76.275530][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   76.278617][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   76.350085][ T5871] Bluetooth: hci1: command tx timeout
[   76.430184][ T5871] Bluetooth: hci2: command tx timeout
[   76.840498][ T6004] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   76.943470][ T6010] netlink: 4 bytes leftover after parsing attributes in process `syz.1.52'.
[   77.286835][ T6023] netlink: 104 bytes leftover after parsing attributes in process `syz.2.58'.
[   77.349310][ T6026] netlink: 8 bytes leftover after parsing attributes in process `syz.2.59'.
[   78.271785][ T5871] Bluetooth: hci0: command tx timeout
[   78.435136][ T5871] Bluetooth: hci1: command tx timeout
[   78.466689][ T6077] syz_tun: entered allmulticast mode
[   78.476139][ T6076] syz_tun: left allmulticast mode
[   78.511251][ T5871] Bluetooth: hci2: command tx timeout
[   79.005351][ T6086] Zero length message leads to an empty skb
[   80.069310][ T6128] syz.0.105 uses obsolete (PF_INET,SOCK_PACKET)
[   80.313836][ T6140] Illegal XDP return value 4294967294 on prog  (id 13) dev N/A, expect packet loss!
[   80.350194][ T5871] Bluetooth: hci0: command tx timeout
[   80.388010][ T6145] netlink: 16 bytes leftover after parsing attributes in process `syz.2.111'.
[   80.510821][ T5871] Bluetooth: hci1: command tx timeout
[   80.590013][ T5871] Bluetooth: hci2: command tx timeout
[   81.061475][ T6189] netlink: 12 bytes leftover after parsing attributes in process `syz.0.132'.
[   81.356252][ T6203] netlink: 32 bytes leftover after parsing attributes in process `syz.1.135'.
[   81.803829][ T6225] (unnamed net_device) (uninitialized): option miimon: invalid value (18446744073709551607)
[   81.808093][ T6225] (unnamed net_device) (uninitialized): option miimon: allowed values 0 - 2147483647
[   81.915463][ T6228] tipc: Started in network mode
[   81.917598][ T6228] tipc: Node identity 0eaeb9c4d0d, cluster identity 4711
[   81.926161][ T6228] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   81.933876][ T6228] syzkaller0: entered promiscuous mode
[   81.936045][ T6228] syzkaller0: entered allmulticast mode
[   81.983239][ T6228] tipc: Resetting bearer <eth:syzkaller0>
[   82.008495][ T6227] tipc: Resetting bearer <eth:syzkaller0>
[   82.018644][ T6227] tipc: Disabling bearer <eth:syzkaller0>
[   82.067543][ T6238] netlink: 240 bytes leftover after parsing attributes in process `syz.1.151'.
[   82.554506][ T6252] netlink: 28 bytes leftover after parsing attributes in process `syz.0.158'.
[   82.943772][ T6286] netlink: 156 bytes leftover after parsing attributes in process `syz.0.171'.
[   82.952606][ T6287] netlink: 'syz.2.170': attribute type 1 has an invalid length.
[   83.025713][ T6291] warning: `syz.0.173' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   83.789244][ T6344] tipc: Started in network mode
[   83.794423][ T6344] tipc: Node identity 36f75ef33984, cluster identity 4711
[   83.798354][ T6344] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   83.815700][ T6344] syzkaller0: entered promiscuous mode
[   83.817577][ T6344] syzkaller0: entered allmulticast mode
[   83.903677][ T6344] tipc: Resetting bearer <eth:syzkaller0>
[   83.925973][ T6343] tipc: Resetting bearer <eth:syzkaller0>
[   83.944712][ T6343] tipc: Disabling bearer <eth:syzkaller0>
[   84.155371][ T6372] sctp: [Deprecated]: syz.2.211 (pid 6372) Use of struct sctp_assoc_value in delayed_ack socket option.
[   84.155371][ T6372] Use struct sctp_sack_info instead
[   84.397049][ T6388] team0: Port device vxlan0 added
[   84.399054][   T12] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   84.403609][   T12] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   84.413920][   T12] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   84.418997][   T12] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   84.625449][ T6401] netlink: 'syz.0.218': attribute type 1 has an invalid length.
[   84.633151][ T6401] netlink: 'syz.0.218': attribute type 1 has an invalid length.
[   84.897524][ T6417] netlink: 28 bytes leftover after parsing attributes in process `syz.1.223'.
[   85.583393][ T6461] netlink: 20 bytes leftover after parsing attributes in process `syz.0.239'.
[   85.681667][ T6138] block nbd64: NBD_DISCONNECT
[   86.529276][  T973] cfg80211: failed to load regulatory.db
[   86.674287][ T6537] bridge1: entered allmulticast mode
[   86.881847][ T6553] netlink: 4 bytes leftover after parsing attributes in process `syz.0.277'.
[   86.999152][ T6559] netlink: 'syz.0.280': attribute type 142 has an invalid length.
[   87.238541][ T6569] netlink: 'syz.1.285': attribute type 4 has an invalid length.
[   87.438162][ T6569] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.442092][ T6569] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.683900][ T6569] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   87.714624][ T6569] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   88.079358][   T12] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[   88.083447][   T12] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   88.117501][   T12] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[   88.127569][   T12] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   88.148813][   T12] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[   88.152598][   T12] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   88.204198][   T12] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[   88.207334][   T12] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   88.307082][ T6633] netlink: 14 bytes leftover after parsing attributes in process `syz.0.289'.
[   88.603539][ T6633] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   88.608641][ T6633] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   88.612909][ T6633] bond0 (unregistering): Released all slaves
[   88.872101][ T6664] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   88.879027][ T6664] batman_adv: batadv0: Removing interface: batadv_slave_0
[   88.887062][ T6664] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   88.891875][ T6664] batman_adv: batadv0: Removing interface: batadv_slave_1
[   89.244137][ T6683] tipc: Failed to remove unknown binding: 66,1,1/0:2167254219/2167254221
[   89.247633][ T6683] tipc: Failed to remove unknown binding: 66,1,1/0:2167254219/2167254221
[   89.324662][ T6686] netlink: 20 bytes leftover after parsing attributes in process `syz.2.307'.
[   89.343253][ T6688] netlink: 'syz.0.308': attribute type 15 has an invalid length.
[   89.345967][ T6688] netlink: 666 bytes leftover after parsing attributes in process `syz.0.308'.
[   89.485273][ T6696] netlink: 8 bytes leftover after parsing attributes in process `syz.2.311'.
[   89.488192][ T6696] netlink: 12 bytes leftover after parsing attributes in process `syz.2.311'.
[   89.491610][ T6696] netlink: 'syz.2.311': attribute type 20 has an invalid length.
[   89.811334][ T6722] vcan0: tx drop: invalid da for name 0x0000000000000003
[   89.875934][ T6724] netlink: 324 bytes leftover after parsing attributes in process `syz.0.323'.
[   89.883388][ T6724] netlink: 36 bytes leftover after parsing attributes in process `syz.0.323'.
[   89.886841][ T6724] netlink: 8 bytes leftover after parsing attributes in process `syz.0.323'.
[   90.103453][ T6737] netlink: 16 bytes leftover after parsing attributes in process `syz.0.329'.
[   90.169887][ T6739] netlink: 'syz.0.330': attribute type 3 has an invalid length.
[   90.524676][ T6761] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[   90.661529][   T96] IPVS: starting estimator thread 0...
[   90.664231][ T6773] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold
[   90.750776][ T6774] IPVS: using max 51 ests per chain, 122400 per kthread
[   90.792592][ T6780] syzkaller1: entered promiscuous mode
[   90.794787][ T6780] syzkaller1: entered allmulticast mode
[   91.052326][    C1] vcan0: j1939_tp_rxtimer: 0xffff888117a84000: rx timeout, send abort
[   91.057137][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888117a84000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   91.060725][ T6792] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.065450][ T6792] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.139368][ T6798] Bluetooth: MGMT ver 1.23
[   91.224746][ T6792] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   91.237125][ T6792] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   91.373583][   T12] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   91.377365][   T12] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   91.394303][   T12] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   91.399379][   T12] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   91.403605][ T6811] tun0: tun_chr_ioctl cmd 1074025677
[   91.405533][ T6811] tun0: linktype set to 768
[   92.048370][ T6853] netlink: 'syz.0.385': attribute type 8 has an invalid length.
[   92.393878][ T6881] __nla_validate_parse: 3 callbacks suppressed
[   92.393898][ T6881] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.399'.
[   92.671338][ T6892] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   93.406911][ T6925] netlink: 'syz.0.417': attribute type 1 has an invalid length.
[   94.439068][ T6998] sctp: [Deprecated]: syz.1.447 (pid 6998) Use of int in max_burst socket option.
[   94.439068][ T6998] Use struct sctp_assoc_value instead
[   94.559136][ T7009] netlink: 8 bytes leftover after parsing attributes in process `syz.2.455'.
[   94.698004][ T7020] netlink: 12 bytes leftover after parsing attributes in process `syz.1.461'.
[   94.767507][ T7028] netlink: 8 bytes leftover after parsing attributes in process `syz.0.464'.
[   94.829490][ T7034] netlink: 'syz.2.468': attribute type 28 has an invalid length.
[   94.879519][ T7040] netlink: 116 bytes leftover after parsing attributes in process `syz.2.470'.
[   95.027164][ T7047] netlink: 36 bytes leftover after parsing attributes in process `syz.1.473'.
[   95.086203][ T7051] netlink: 8 bytes leftover after parsing attributes in process `syz.2.475'.
[   95.099268][ T7051] team0: entered promiscuous mode
[   95.107084][ T7051] team_slave_0: entered promiscuous mode
[   95.109594][ T7051] team_slave_1: entered promiscuous mode
[   95.118024][ T7051] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   95.122894][ T7051] bridge0: port 3(macvlan2) entered blocking state
[   95.125762][ T7051] bridge0: port 3(macvlan2) entered disabled state
[   95.128694][ T7051] macvlan2: entered allmulticast mode
[   95.131456][ T7051] team0: entered allmulticast mode
[   95.133499][ T7051] team_slave_0: entered allmulticast mode
[   95.135688][ T7051] team_slave_1: entered allmulticast mode
[   95.142197][ T7051] macvlan2: entered promiscuous mode
[   95.149382][ T7051] bridge0: port 3(macvlan2) entered blocking state
[   95.151738][ T7051] bridge0: port 3(macvlan2) entered forwarding state
[   95.421636][ T7079] netlink: 4 bytes leftover after parsing attributes in process `syz.0.489'.
[   95.787028][ T7112] netlink: 20 bytes leftover after parsing attributes in process `syz.0.505'.
[   96.182734][ T7149] netlink: 132 bytes leftover after parsing attributes in process `syz.1.523'.
[   96.413570][ T7158] netlink: 'syz.0.525': attribute type 1 has an invalid length.
[   96.919130][ T7181] syzkaller0: entered promiscuous mode
[   96.921635][ T7181] syzkaller0: entered allmulticast mode
[   97.193113][ T7187] netlink: 'syz.0.539': attribute type 1 has an invalid length.
[   98.382221][ T7193] __nla_validate_parse: 3 callbacks suppressed
[   98.382240][ T7193] netlink: 212924 bytes leftover after parsing attributes in process `syz.0.542'.
[   98.618740][ T7213] netlink: 47 bytes leftover after parsing attributes in process `syz.1.553'.
[   98.625969][ T7215] netlink: 100 bytes leftover after parsing attributes in process `syz.2.552'.
[   98.786261][ T7230] netlink: 'syz.1.560': attribute type 3 has an invalid length.
[   99.098089][ T7258] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[   99.098623][ T7257] IPVS: stopping master sync thread 7258 ...
[   99.426080][ T7280] Cannot find add_set index 0 as target
[   99.506925][ T7288] netlink: 'syz.1.586': attribute type 1 has an invalid length.
[   99.674915][ T7301] netlink: 8 bytes leftover after parsing attributes in process `syz.0.592'.
[   99.678441][ T7301] netlink: 4 bytes leftover after parsing attributes in process `syz.0.592'.
[   99.684537][ T7301] netlink: 'syz.0.592': attribute type 13 has an invalid length.
[   99.730076][ T7305] netlink: 'syz.2.594': attribute type 4 has an invalid length.
[   99.852701][ T7317] netlink: 28 bytes leftover after parsing attributes in process `syz.0.600'.
[  100.258586][ T7352] netlink: 'syz.0.617': attribute type 5 has an invalid length.
[  100.270633][ T7354] netlink: 36 bytes leftover after parsing attributes in process `syz.1.618'.
[  100.572571][ T7377] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  100.576221][ T7377] syzkaller0: entered promiscuous mode
[  100.578576][ T7377] syzkaller0: entered allmulticast mode
[  100.598622][ T7377] tipc: Resetting bearer <eth:syzkaller0>
[  100.610005][ T7376] tipc: Resetting bearer <eth:syzkaller0>
[  100.628453][ T7376] tipc: Disabling bearer <eth:syzkaller0>
[  100.802574][ T7385] vxcan2: entered promiscuous mode
[  101.360862][ T7410] netlink: 212280 bytes leftover after parsing attributes in process `syz.0.643'.
[  101.543292][ T7426] netlink: 28 bytes leftover after parsing attributes in process `syz.2.649'.
[  101.557719][ T7426] netlink: 8 bytes leftover after parsing attributes in process `syz.2.649'.
[  102.269008][ T7453] netlink: 'syz.2.662': attribute type 25 has an invalid length.
[  102.720544][   T24] IPVS: starting estimator thread 0...
[  102.723335][ T7476] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[  102.810223][ T7479] IPVS: using max 44 ests per chain, 105600 per kthread
[  103.662562][ T7532] __nla_validate_parse: 1 callbacks suppressed
[  103.662572][ T7532] netlink: 4 bytes leftover after parsing attributes in process `syz.1.697'.
[  103.862244][ T7550] x_tables: duplicate entry at hook 3
[  104.192593][ T7568] netlink: 8 bytes leftover after parsing attributes in process `syz.1.712'.
[  104.219118][ T7542] netlink: 156 bytes leftover after parsing attributes in process `syz.0.703'.
[  104.568053][ T7589] netlink: 8 bytes leftover after parsing attributes in process `syz.2.722'.
[  104.729007][ T7598] netlink: 'syz.2.726': attribute type 1 has an invalid length.
[  104.768673][ T7598] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  104.773480][ T7598] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  104.822260][ T7603] gretap1: entered promiscuous mode
[  104.828099][ T7603] bond1: (slave gretap1): making interface the new active one
[  104.840900][ T7603] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  104.868172][ T7606] netlink: 'syz.0.729': attribute type 6 has an invalid length.
[  104.948089][ T7608] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  104.952399][ T7608] syzkaller0: entered promiscuous mode
[  104.954770][ T7608] syzkaller0: entered allmulticast mode
[  104.962563][ T7607] tipc: Resetting bearer <eth:syzkaller0>
[  104.978769][ T7607] tipc: Disabling bearer <eth:syzkaller0>
[  105.077476][ T7616] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  105.082753][ T7616] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  105.210966][ T7623] netlink: 'syz.0.737': attribute type 1 has an invalid length.
[  105.650927][ T7629] 
[  105.651979][ T7629] ======================================================
[  105.654744][ T7629] WARNING: possible circular locking dependency detected
[  105.657508][ T7629] 6.16.0-rc6-syzkaller-01646-g56613001dfc9-dirty #0 Not tainted
[  105.661329][ T7629] ------------------------------------------------------
[  105.664058][ T7629] syz.1.740/7629 is trying to acquire lock:
[  105.666275][ T7629] ffff88801fc30988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  105.670508][ T7629] 
[  105.670508][ T7629] but task is already holding lock:
[  105.673243][ T7629] ffff88801fc30a30 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_connect+0x93e/0x18f0
[  105.676769][ T7629] 
[  105.676769][ T7629] which lock already depends on the new lock.
[  105.676769][ T7629] 
[  105.680609][ T7629] 
[  105.680609][ T7629] the existing dependency chain (in reverse order) is:
[  105.684036][ T7629] 
[  105.684036][ T7629] -> #2 (&nbd->config_lock){+.+.}-{4:4}:
[  105.687062][ T7629]        lock_acquire+0x120/0x360
[  105.689036][ T7629]        __mutex_lock+0x182/0xe80
[  105.690974][ T7629]        refcount_dec_and_mutex_lock+0x30/0xa0
[  105.693332][ T7629]        nbd_config_put+0x2c/0x790
[  105.695281][ T7629]        nbd_release+0xfe/0x140
[  105.697190][ T7629]        bdev_release+0x536/0x650
[  105.699145][ T7629]        blkdev_release+0x15/0x20
[  105.701029][ T7629]        __fput+0x44c/0xa70
[  105.702746][ T7629]        fput_close_sync+0x119/0x200
[  105.704882][ T7629]        __x64_sys_close+0x7f/0x110
[  105.706831][ T7629]        do_syscall_64+0xfa/0x3b0
[  105.708742][ T7629]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.711065][ T7629] 
[  105.711065][ T7629] -> #1 (&disk->open_mutex){+.+.}-{4:4}:
[  105.713618][ T7629]        lock_acquire+0x120/0x360
[  105.715161][ T7629]        __mutex_lock+0x182/0xe80
[  105.716744][ T7629]        __del_gendisk+0x129/0x9e0
[  105.718512][ T7629]        del_gendisk+0xe8/0x160
[  105.720083][ T7629]        nbd_dev_remove_work+0x47/0xe0
[  105.721862][ T7629]        process_scheduled_works+0xae1/0x17b0
[  105.723782][ T7629]        worker_thread+0x8a0/0xda0
[  105.725708][ T7629]        kthread+0x711/0x8a0
[  105.727316][ T7629]        ret_from_fork+0x3fc/0x770
[  105.728858][ T7629]        ret_from_fork_asm+0x1a/0x30
[  105.730410][ T7629] 
[  105.730410][ T7629] -> #0 (&set->update_nr_hwq_lock){++++}-{4:4}:
[  105.732979][ T7629]        validate_chain+0xb9b/0x2140
[  105.734557][ T7629]        __lock_acquire+0xab9/0xd20
[  105.736261][ T7629]        lock_acquire+0x120/0x360
[  105.738046][ T7629]        down_write+0x96/0x1f0
[  105.739820][ T7629]        blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  105.742173][ T7629]        nbd_start_device+0x16c/0xac0
[  105.743716][ T7629]        nbd_genl_connect+0x135b/0x18f0
[  105.745348][ T7629]        genl_family_rcv_msg_doit+0x215/0x300
[  105.747312][ T7629]        genl_rcv_msg+0x60e/0x790
[  105.749248][ T7629]        netlink_rcv_skb+0x208/0x470
[  105.751231][ T7629]        genl_rcv+0x28/0x40
[  105.752950][ T7629]        netlink_unicast+0x82f/0x9e0
[  105.754965][ T7629]        netlink_sendmsg+0x805/0xb30
[  105.756966][ T7629]        __sock_sendmsg+0x21c/0x270
[  105.758938][ T7629]        ____sys_sendmsg+0x505/0x830
[  105.760911][ T7629]        ___sys_sendmsg+0x21f/0x2a0
[  105.762878][ T7629]        __x64_sys_sendmsg+0x19b/0x260
[  105.764934][ T7629]        do_syscall_64+0xfa/0x3b0
[  105.766870][ T7629]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.769286][ T7629] 
[  105.769286][ T7629] other info that might help us debug this:
[  105.769286][ T7629] 
[  105.773082][ T7629] Chain exists of:
[  105.773082][ T7629]   &set->update_nr_hwq_lock --> &disk->open_mutex --> &nbd->config_lock
[  105.773082][ T7629] 
[  105.778349][ T7629]  Possible unsafe locking scenario:
[  105.778349][ T7629] 
[  105.781203][ T7629]        CPU0                    CPU1
[  105.783235][ T7629]        ----                    ----
[  105.785240][ T7629]   lock(&nbd->config_lock);
[  105.787009][ T7629]                                lock(&disk->open_mutex);
[  105.789670][ T7629]                                lock(&nbd->config_lock);
[  105.792315][ T7629]   lock(&set->update_nr_hwq_lock);
[  105.794285][ T7629] 
[  105.794285][ T7629]  *** DEADLOCK ***
[  105.794285][ T7629] 
[  105.797287][ T7629] 3 locks held by syz.1.740/7629:
[  105.799190][ T7629]  #0: ffffffff8f583e30 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  105.802215][ T7629]  #1: ffffffff8f583c48 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  105.805599][ T7629]  #2: ffff88801fc30a30 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_connect+0x93e/0x18f0
[  105.809303][ T7629] 
[  105.809303][ T7629] stack backtrace:
[  105.811518][ T7629] CPU: 1 UID: 0 PID: 7629 Comm: syz.1.740 Not tainted 6.16.0-rc6-syzkaller-01646-g56613001dfc9-dirty #0 PREEMPT(full) 
[  105.811540][ T7629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  105.811550][ T7629] Call Trace:
[  105.811557][ T7629]  <TASK>
[  105.811565][ T7629]  dump_stack_lvl+0x189/0x250
[  105.811589][ T7629]  ? __pfx_dump_stack_lvl+0x10/0x10
[  105.811605][ T7629]  ? __pfx__printk+0x10/0x10
[  105.811626][ T7629]  ? print_lock_name+0xde/0x100
[  105.811647][ T7629]  print_circular_bug+0x2ee/0x310
[  105.811668][ T7629]  check_noncircular+0x134/0x160
[  105.811688][ T7629]  validate_chain+0xb9b/0x2140
[  105.811712][ T7629]  __lock_acquire+0xab9/0xd20
[  105.811728][ T7629]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  105.811746][ T7629]  lock_acquire+0x120/0x360
[  105.811758][ T7629]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  105.811778][ T7629]  ? kernfs_add_one+0xf0/0x520
[  105.811794][ T7629]  down_write+0x96/0x1f0
[  105.811809][ T7629]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  105.811827][ T7629]  ? __pfx_down_write+0x10/0x10
[  105.811879][ T7629]  ? kernfs_add_one+0xf0/0x520
[  105.811894][ T7629]  blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  105.811915][ T7629]  ? sysfs_add_file_mode_ns+0x238/0x300
[  105.811934][ T7629]  ? sysfs_add_file_mode_ns+0x259/0x300
[  105.811955][ T7629]  nbd_start_device+0x16c/0xac0
[  105.811974][ T7629]  ? __nla_parse+0x40/0x60
[  105.811990][ T7629]  ? device_create_file+0xf4/0x1c0
[  105.812010][ T7629]  nbd_genl_connect+0x135b/0x18f0
[  105.812030][ T7629]  ? __pfx_nbd_genl_connect+0x10/0x10
[  105.812050][ T7629]  ? __nla_parse+0x40/0x60
[  105.812065][ T7629]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  105.812087][ T7629]  genl_family_rcv_msg_doit+0x215/0x300
[  105.812107][ T7629]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  105.812130][ T7629]  ? stack_trace_save+0x9c/0xe0
[  105.812150][ T7629]  genl_rcv_msg+0x60e/0x790
[  105.812168][ T7629]  ? __pfx_genl_rcv_msg+0x10/0x10
[  105.812184][ T7629]  ? __pfx_nbd_genl_connect+0x10/0x10
[  105.812205][ T7629]  netlink_rcv_skb+0x208/0x470
[  105.812217][ T7629]  ? __lock_acquire+0xab9/0xd20
[  105.812230][ T7629]  ? __pfx_genl_rcv_msg+0x10/0x10
[  105.812247][ T7629]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  105.812266][ T7629]  ? down_read+0x1ad/0x2e0
[  105.812281][ T7629]  genl_rcv+0x28/0x40
[  105.812296][ T7629]  netlink_unicast+0x82f/0x9e0
[  105.812318][ T7629]  ? __pfx_netlink_unicast+0x10/0x10
[  105.812337][ T7629]  ? netlink_sendmsg+0x642/0xb30
[  105.812350][ T7629]  ? skb_put+0x11b/0x210
[  105.812366][ T7629]  netlink_sendmsg+0x805/0xb30
[  105.812382][ T7629]  ? __pfx_netlink_sendmsg+0x10/0x10
[  105.812396][ T7629]  ? aa_sock_msg_perm+0x94/0x160
[  105.812411][ T7629]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  105.812424][ T7629]  ? __pfx_netlink_sendmsg+0x10/0x10
[  105.812437][ T7629]  __sock_sendmsg+0x21c/0x270
[  105.812458][ T7629]  ____sys_sendmsg+0x505/0x830
[  105.812475][ T7629]  ? __pfx_____sys_sendmsg+0x10/0x10
[  105.812494][ T7629]  ? import_iovec+0x74/0xa0
[  105.812513][ T7629]  ___sys_sendmsg+0x21f/0x2a0
[  105.812529][ T7629]  ? __pfx____sys_sendmsg+0x10/0x10
[  105.812557][ T7629]  ? __fget_files+0x2a/0x420
[  105.812568][ T7629]  ? __fget_files+0x3a0/0x420
[  105.812583][ T7629]  __x64_sys_sendmsg+0x19b/0x260
[  105.812599][ T7629]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  105.812618][ T7629]  ? rcu_is_watching+0x15/0xb0
[  105.812635][ T7629]  ? do_syscall_64+0xbe/0x3b0
[  105.812651][ T7629]  do_syscall_64+0xfa/0x3b0
[  105.812664][ T7629]  ? lockdep_hardirqs_on+0x9c/0x150
[  105.812677][ T7629]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.812690][ T7629]  ? exc_page_fault+0x9f/0xf0
[  105.812703][ T7629]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.812717][ T7629] RIP: 0033:0x7fb495f8e9a9
[  105.812731][ T7629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  105.812744][ T7629] RSP: 002b:00007fb496e2b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  105.812760][ T7629] RAX: ffffffffffffffda RBX: 00007fb4961b5fa0 RCX: 00007fb495f8e9a9
[  105.812771][ T7629] RDX: 0000000020000000 RSI: 0000200000001ac0 RDI: 0000000000000004
[  105.812781][ T7629] RBP: 00007fb496010d69 R08: 0000000000000000 R09: 0000000000000000
[  105.812790][ T7629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  105.812799][ T7629] R13: 0000000000000000 R14: 00007fb4961b5fa0 R15: 00007ffc0dd0db28
[  105.812813][ T7629]  </TASK>
[  106.023842][ T7616] syz.2.734 (7616) used greatest stack depth: 19800 bytes left
[  106.200437][ T7629] nbd0: detected capacity change from 0 to 127
[  106.216361][   T56] block nbd0: Receive control failed (result -104)

VM DIAGNOSIS:
08:19:42  Registers:
info registers vcpu 0

CPU#0
RAX=fcb3181248ab1100 RBX=ffffffff81976a48 RCX=fcb3181248ab1100 RDX=0000000000000001
RSI=ffffffff8be28c20 RDI=ffffffff81976a48 RBP=ffffffff8de07ea8 RSP=ffffffff8de07d80
R8 =ffff88804b032f5b R9 =1ffff110096065eb R10=dffffc0000000000 R11=ffffed10096065ec
R12=ffffffff8fa22cf0 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a50
RIP=ffffffff8b7024f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8615000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32c1fffc CR3=000000010c09a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff8133a4fe ffffffff8133a4fe
XMM02=00000008000003b7 ffffffff8133a4fe XMM03=0000001600000085 00000000000004b7
XMM04=9500000016000000 8500000000000004 XMM05=b700000008000003 b7fffffff8000002
XMM06=07000000000000a2 bf00000000fff88a XMM07=7b05e70000000008 b700000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007fa60ba11ec1
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000074 RBX=0000000000000074 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000001158 RDI=0000000000001159 RBP=00000000000003f8 RSP=ffffc900069fe690
R8 =ffff888108bd8237 R9 =1ffff1102117b046 R10=dffffc0000000000 R11=ffffffff85463620
R12=dffffc0000000000 R13=ffffffff99aff8ce R14=ffffffff99e044c0 R15=0000000000000000
RIP=ffffffff8546369c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fb496e2b6c0 ffffffff 00c00000
GS =0000 ffff8881a3c15000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000001ac0 CR3=000000010be3e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=0000000000000000 0000000000000000 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f2d32411ec1
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
