last executing test programs:

23.061241614s ago: executing program 2 (id=1921):
r0 = socket$netlink(0x10, 0x3, 0xb)
bind$netlink(r0, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000}, 0xc)
close(r0)

23.022484895s ago: executing program 2 (id=1923):
r0 = socket(0x1e, 0x4, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000440)={0x0, 0x204, 0x2a8a, 0x68}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0xb, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r1}, 0x18)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ppoll(&(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x40000000000, 0x3, 0x4, 0x0, 0x0, 0x3}, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
unshare(0x68040200)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e22, 0xfffffffe, @empty, 0x7}, 0x1c)
listen(r3, 0x0)
syz_emit_ethernet(0x62, &(0x7f0000000380)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x2c, 0x6, 0x1, @local, @local, {[], {{0x4e23, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2}, {"80c2955b8add6416140484a5cfe0ce6c84e1810852dd1e23"}}}}}}}, 0x0)

22.525904952s ago: executing program 1 (id=1935):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x1, 0xfffffffd}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r0, 0x20, &(0x7f0000000100)={0x0, 0x0, <r1=>0x0, 0x0}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001840)=r1, 0x4)

22.525575603s ago: executing program 1 (id=1936):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'veth1_to_bridge\x00', 0x200}, 0x18)
setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f00000002c0)={0x2, 'veth1_virt_wifi\x00'}, 0x18)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYRES32=r2], 0x6c}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@RTM_NEWNSID={0x54, 0x58, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@NETNSA_NSID={0x8, 0x1, 0x3}, @NETNSA_PID={0x8}, @NETNSA_FD={0x8}, @NETNSA_FD={0x7}, @NETNSA_NSID={0x8}, @NETNSA_NSID={0x8, 0x1, 0x4}, @NETNSA_PID, @NETNSA_NSID={0x8, 0x1, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0xc880}, 0x20040001)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0xb, 0x2, 0x0, {}, [{0x8, 0x1, 0x2}]}, 0x20}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0000006800e97800000000000000000a000000000000000400040030db918bc8ccf0be2dd96793159ba6a59ac3d6bdbeea02dc4f60f807c9b1f96d01fd76e189f2aad75bddc1cb9f51a262dd6585b4d25b1b99de9a1b38b6989dc6ea"], 0x1c}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4a, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

22.317199338s ago: executing program 1 (id=1937):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x3, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="180200008000000000000000000000008500000053000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000004000000850000000600000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

22.14647755s ago: executing program 1 (id=1938):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x3e, &(0x7f0000000700)={@broadcast, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x67, 0x0, @rand_addr, @broadcast}, @time_exceeded={0x21, 0x0, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @rand_addr=0xe0000000}}}}}}, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="380000000314010028bd7000f6dbdf250900020073797a31001800000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x884}, 0x810)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x2, 0x4, 0x1, 0x9}, 0x50)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x3, 0x7, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018100000", @ANYRES32=r4, @ANYBLOB="000000000000000018100000", @ANYRES32=r5, @ANYBLOB="000000000000000095"], &(0x7f0000000a00)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r7 = socket(0x10, 0x3, 0x0)
r8 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'lo\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0x5}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_ECN_PROB={0x8, 0x9, 0x50}, @TCA_FQ_PIE_ECN={0x8, 0xa, 0x1}]}}]}, 0x44}}, 0x400c4)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x9, 0x42, 0x8}, 0x48)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000040)={r6, r10}, 0xc)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0xd}}, &(0x7f00000000c0)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r11}, 0x10)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x3}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x23}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}]}], {0x14, 0x10}}, 0xa4}}, 0x4)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000180)={r6, r10}, 0xc)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r13=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x403, 0x70bd25, 0x3f, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r13}]}, 0x3c}, 0x1, 0x300000000000000, 0x0, 0xc004}, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="20000000021401002abd700001dcdf2508000100000000000500540041"], 0x20}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810)
syz_emit_ethernet(0x3e, &(0x7f0000000340)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x2c, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @multicast2}}}}}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000001000)={0x50, 0x0, 0x1, 0x201, 0x0, 0x0, {0xa, 0x0, 0x1}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}]}]}, 0x50}}, 0x40c0800)
r14 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000000070000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r14, 0x2000012, 0x8ff, 0xb8, &(0x7f00000004c0)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

22.103266167s ago: executing program 2 (id=1939):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)={0x1, 0x0, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x1, @can={{}, 0x8, 0x0, 0x0, 0x0, "a5976ac6acd41fd8"}}, 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="01000000080000000200000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="020000e001"], 0x48}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000)
sendmsg$can_bcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001100)={0x2, 0x930, 0x0, {0x0, 0x2710}, {0x0, 0x2710}, {}, 0x1, @canfd={{0x0, 0x0, 0x0, 0x1}, 0x35, 0x1, 0x0, 0x0, "c075bfebcd0ba27d0241591616a6b1cb67d98ec29b60126a252d15082816668e112528aec50cd3705b13923c6b01ee331a6f97344bf7669085864df306abfaa0"}}, 0x80}}, 0x11)

21.965081398s ago: executing program 2 (id=1940):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)={0x2c, r0, 0x203, 0x70fd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_CONFIG={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4e008}, 0x4000)

21.665313074s ago: executing program 2 (id=1941):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x6, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

21.664809739s ago: executing program 1 (id=1942):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010076657468305f746f5f68737200000000140001"], 0xfc}}, 0x40)

21.586950728s ago: executing program 2 (id=1943):
socket$inet6_sctp(0xa, 0x5, 0x84)
openat$nci(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x22}, 0x94)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket(0x1f, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r2=>0x0}, &(0x7f0000000000)=0x8)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f00000003c0)={r2, 0xcb}, 0x8)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000100)={r2, 0x35, "1619b699284dbc88c3c648a89677988dae6c8a7afa817ab0f63ca0a3afed9a56f4b80a0e79dc3fab5dfafa68c88a80daf69cfa9449"}, &(0x7f0000000280)=0x3d)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x2000000}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "c4915c7f49541ce8", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "b60ea450caa50003"}, 0x38)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r4, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r5 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r5, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg(r5, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0)
r6 = socket$unix(0x1, 0x2, 0x0)
sendmsg$unix(r6, &(0x7f0000000840)={&(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000440)=ANY=[], 0xa, 0x8800}, 0x4000080)
close(r4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ppoll(&(0x7f0000000500)=[{r3}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x0, 0x0, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

21.586783548s ago: executing program 1 (id=1944):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r0, &(0x7f00000002c0)={0x6, 0x0, 0x3, 0x1}, 0x8)

15.533863322s ago: executing program 0 (id=2001):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000780)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x7}}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x7}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x80)

15.533747332s ago: executing program 0 (id=2002):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r0)
sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000780)={0x2c, r1, 0x913, 0x70bd2a, 0x25dfdbff, {}, [@IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0x200}}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x14)

15.466497894s ago: executing program 0 (id=2003):
r0 = socket(0x2000000000000021, 0x2, 0x10000000000002)
ioctl$sock_ipv6_tunnel_SIOCDELPRL(r0, 0x89f6, &(0x7f0000000080)={'sit0\x00', 0x0})

15.466238528s ago: executing program 0 (id=2004):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001880)=@newtaction={0x8c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x78, 0x1, [@m_police={0x74, 0x1, 0x0, 0x0, {{0xb}, {0x48, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1000, 0x0, 0xfffffffd, 0x0, 0x4000000, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x10000000}}, @TCA_POLICE_RESULT={0x8, 0x5, 0x8}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0)

15.396323637s ago: executing program 0 (id=2005):
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000640)=@newqdisc={0xc8, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000001}]}]}]}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x16, 0x5, 0x1, 0x5, 0x0, 0xffffffff, 0x7fffffff}}, {0x4}}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

15.266283461s ago: executing program 0 (id=2006):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000006110080000000000630a0200010000009500000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x90)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0xfd45}}, 0x0)
write$nci(r1, &(0x7f0000000480)=ANY=[@ANYBLOB="7105040902020766cb440484b907"], 0x12)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newtaction={0x18, 0x31, 0x10b, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)
close(0x3)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000880), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r5, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000940)={0x1c, r6, 0x781, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_PHY={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x200040c0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'wpan1\x00', <r7=>0x0})
sendmsg$NL802154_CMD_SET_ACKREQ_DEFAULT(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000005c0)={&(0x7f00000003c0)={0x1c, r6, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040000}, 0x4000000)
r8 = epoll_create1(0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, 0xffffffffffffffff, &(0x7f0000000100))
shutdown(0xffffffffffffffff, 0x0)
epoll_wait(r8, &(0x7f0000000000)=[{}], 0x1, 0x101)
epoll_ctl$EPOLL_CTL_MOD(r8, 0x3, 0xffffffffffffffff, &(0x7f0000000140)={0x2000200b})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
write$cgroup_pid(r9, &(0x7f0000000000), 0x2a979d)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0xe, 0x4, 0x4, 0xc, 0x0, 0xffffffffffffffff, 0x6}, 0x50)

5.988371708s ago: executing program 32 (id=1944):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r0, &(0x7f00000002c0)={0x6, 0x0, 0x3, 0x1}, 0x8)

5.96898829s ago: executing program 33 (id=1943):
socket$inet6_sctp(0xa, 0x5, 0x84)
openat$nci(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x22}, 0x94)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket(0x1f, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r2=>0x0}, &(0x7f0000000000)=0x8)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f00000003c0)={r2, 0xcb}, 0x8)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000100)={r2, 0x35, "1619b699284dbc88c3c648a89677988dae6c8a7afa817ab0f63ca0a3afed9a56f4b80a0e79dc3fab5dfafa68c88a80daf69cfa9449"}, &(0x7f0000000280)=0x3d)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x2000000}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "c4915c7f49541ce8", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "b60ea450caa50003"}, 0x38)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r4, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r5 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r5, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg(r5, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0)
r6 = socket$unix(0x1, 0x2, 0x0)
sendmsg$unix(r6, &(0x7f0000000840)={&(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000440)=ANY=[], 0xa, 0x8800}, 0x4000080)
close(r4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ppoll(&(0x7f0000000500)=[{r3}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x0, 0x0, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

0s ago: executing program 34 (id=2006):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000006110080000000000630a0200010000009500000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x90)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0xfd45}}, 0x0)
write$nci(r1, &(0x7f0000000480)=ANY=[@ANYBLOB="7105040902020766cb440484b907"], 0x12)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newtaction={0x18, 0x31, 0x10b, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)
close(0x3)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000880), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r5, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000940)={0x1c, r6, 0x781, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_PHY={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x200040c0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'wpan1\x00', <r7=>0x0})
sendmsg$NL802154_CMD_SET_ACKREQ_DEFAULT(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000005c0)={&(0x7f00000003c0)={0x1c, r6, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040000}, 0x4000000)
r8 = epoll_create1(0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, 0xffffffffffffffff, &(0x7f0000000100))
shutdown(0xffffffffffffffff, 0x0)
epoll_wait(r8, &(0x7f0000000000)=[{}], 0x1, 0x101)
epoll_ctl$EPOLL_CTL_MOD(r8, 0x3, 0xffffffffffffffff, &(0x7f0000000140)={0x2000200b})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
write$cgroup_pid(r9, &(0x7f0000000000), 0x2a979d)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0xe, 0x4, 0x4, 0xc, 0x0, 0xffffffffffffffff, 0x6}, 0x50)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:63127' (ED25519) to the list of known hosts.
syzkaller login: [   56.738040][ T5818] cgroup: Unknown subsys name 'net'
[   56.849233][ T5818] cgroup: Unknown subsys name 'cpuset'
[   56.855868][ T5818] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   59.019685][ T5818] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   64.279068][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   64.282680][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   64.286408][ T5856] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   64.289229][ T5856] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   64.293151][ T5856] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   64.295812][ T5856] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   64.319903][ T5858] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   64.323819][ T5858] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   64.326871][ T5858] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   64.329895][ T5858] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   64.352400][ T5853] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   64.358064][ T5853] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   64.361609][ T5853] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   64.365657][ T5853] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   64.369221][ T5853] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   64.643763][ T5850] chnl_net:caif_netlink_parms(): no params data found
[   64.703503][ T5854] chnl_net:caif_netlink_parms(): no params data found
[   64.786591][ T5859] chnl_net:caif_netlink_parms(): no params data found
[   64.792377][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.796157][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.799294][ T5850] bridge_slave_0: entered allmulticast mode
[   64.802757][ T5850] bridge_slave_0: entered promiscuous mode
[   64.821922][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.825523][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.828427][ T5850] bridge_slave_1: entered allmulticast mode
[   64.831694][ T5850] bridge_slave_1: entered promiscuous mode
[   64.906582][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.910416][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.913289][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.917624][ T5854] bridge_slave_0: entered allmulticast mode
[   64.921574][ T5854] bridge_slave_0: entered promiscuous mode
[   64.934947][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.952873][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.956147][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.959049][ T5854] bridge_slave_1: entered allmulticast mode
[   64.962310][ T5854] bridge_slave_1: entered promiscuous mode
[   65.025401][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.042579][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.045737][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.048790][ T5859] bridge_slave_0: entered allmulticast mode
[   65.052612][ T5859] bridge_slave_0: entered promiscuous mode
[   65.058669][ T5850] team0: Port device team_slave_0 added
[   65.063444][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.070402][ T5850] team0: Port device team_slave_1 added
[   65.073267][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.077084][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.080036][ T5859] bridge_slave_1: entered allmulticast mode
[   65.083891][ T5859] bridge_slave_1: entered promiscuous mode
[   65.154768][ T5854] team0: Port device team_slave_0 added
[   65.159129][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.162717][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   65.173177][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.193083][ T5854] team0: Port device team_slave_1 added
[   65.211033][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.213818][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   65.224300][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.231516][ T5859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.251821][ T5859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.268671][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.271358][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   65.280225][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.286273][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.288500][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   65.297113][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.316644][ T5859] team0: Port device team_slave_0 added
[   65.320763][ T5859] team0: Port device team_slave_1 added
[   65.370678][ T5850] hsr_slave_0: entered promiscuous mode
[   65.373555][ T5850] hsr_slave_1: entered promiscuous mode
[   65.388514][ T5854] hsr_slave_0: entered promiscuous mode
[   65.391091][ T5854] hsr_slave_1: entered promiscuous mode
[   65.393591][ T5854] debugfs: 'hsr0' already exists in 'hsr'
[   65.396194][ T5854] Cannot create hsr debugfs directory
[   65.398554][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.400781][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   65.409461][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.415589][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.418299][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   65.428412][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.536568][ T5859] hsr_slave_0: entered promiscuous mode
[   65.539743][ T5859] hsr_slave_1: entered promiscuous mode
[   65.542641][ T5859] debugfs: 'hsr0' already exists in 'hsr'
[   65.545320][ T5859] Cannot create hsr debugfs directory
[   65.739241][ T5854] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   65.750501][ T5854] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   65.760171][ T5854] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   65.772468][ T5854] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   65.811886][ T5850] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   65.825871][ T5850] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   65.848586][ T5850] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   65.854007][ T5850] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   65.892114][ T5859] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   65.911256][ T5859] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   65.917602][ T5859] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   65.923543][ T5859] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   66.000773][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.028438][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.041101][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[   66.057271][ T1093] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.059761][ T1093] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.073124][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[   66.086689][ T1093] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.089181][ T1093] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.092594][ T1093] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.095033][ T1093] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.111323][ T1093] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.113977][ T1093] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.133739][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.176328][ T5859] 8021q: adding VLAN 0 to HW filter on device team0
[   66.192402][ T5854] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   66.203518][ T1093] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.206470][ T1093] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.226588][ T1093] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.229437][ T1093] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.352169][ T5853] Bluetooth: hci0: command tx timeout
[   66.354362][ T5853] Bluetooth: hci1: command tx timeout
[   66.388411][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.420180][ T5854] veth0_vlan: entered promiscuous mode
[   66.434581][ T5853] Bluetooth: hci2: command tx timeout
[   66.442710][ T5854] veth1_vlan: entered promiscuous mode
[   66.451843][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.511180][ T5850] veth0_vlan: entered promiscuous mode
[   66.518104][ T5854] veth0_macvtap: entered promiscuous mode
[   66.528681][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.533916][ T5854] veth1_macvtap: entered promiscuous mode
[   66.546952][ T5850] veth1_vlan: entered promiscuous mode
[   66.581078][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.595941][ T5850] veth0_macvtap: entered promiscuous mode
[   66.609960][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.622065][ T5859] veth0_vlan: entered promiscuous mode
[   66.633431][ T5850] veth1_macvtap: entered promiscuous mode
[   66.638161][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.647680][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.651625][ T5859] veth1_vlan: entered promiscuous mode
[   66.658287][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.670027][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.688810][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.722311][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.752899][ T5745] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.762652][ T5745] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.780298][ T5859] veth0_macvtap: entered promiscuous mode
[   66.787089][ T5745] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.794325][ T5745] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.814166][ T5859] veth1_macvtap: entered promiscuous mode
[   66.846060][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.852353][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.889767][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.927229][ T1093] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.930307][ T1093] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.933703][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.947624][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.950780][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.963771][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.986957][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.005649][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.019881][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.027241][ T5854] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   67.049453][ T1582] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.060351][ T1582] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.129764][ T1093] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.132889][ T1093] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.219962][ T1093] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.223122][ T1093] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.367738][ T5931] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8'.
[   67.387873][ T5931] Zero length message leads to an empty skb
[   67.395156][ T5931] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8'.
[   67.417232][ T5933] openvswitch: netlink: Key type 186 is out of range max 32
[   67.574025][ T5944] netlink: 8 bytes leftover after parsing attributes in process `syz.1.14'.
[   67.578274][ T5944] netlink: 26 bytes leftover after parsing attributes in process `syz.1.14'.
[   67.751246][ T5952] netlink: 220 bytes leftover after parsing attributes in process `syz.2.18'.
[   67.938091][ T5967] netlink: 'syz.1.25': attribute type 16 has an invalid length.
[   67.948589][ T5967] netlink: 64138 bytes leftover after parsing attributes in process `syz.1.25'.
[   68.269735][ T5982] syz.1.30 uses obsolete (PF_INET,SOCK_PACKET)
[   68.288910][ T5982] netlink: 'syz.1.30': attribute type 10 has an invalid length.
[   68.302403][ T5982] 8021q: adding VLAN 0 to HW filter on device team0
[   68.309314][ T5982] bond0: (slave team0): Enslaving as an active interface with an up link
[   68.437908][ T5853] Bluetooth: hci1: command tx timeout
[   68.440071][ T5853] Bluetooth: hci0: command tx timeout
[   68.522442][ T5858] Bluetooth: hci2: command tx timeout
[   68.643845][ T5993] netlink: 'syz.0.35': attribute type 2 has an invalid length.
[   68.959091][ T6003] netlink: 24 bytes leftover after parsing attributes in process `syz.1.39'.
[   69.070986][ T6010] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   69.293753][ T6024] syzkaller1: entered promiscuous mode
[   69.303505][ T6024] syzkaller1: entered allmulticast mode
[   69.696499][ T6058] warning: `syz.1.66' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   69.719059][ T6060] netlink: 'syz.0.67': attribute type 1 has an invalid length.
[   69.721457][ T6060] netlink: 224 bytes leftover after parsing attributes in process `syz.0.67'.
[   69.736100][ T6060] netlink: 4 bytes leftover after parsing attributes in process `syz.0.67'.
[   69.839850][ T6064] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   69.937169][ T6064] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   69.990759][ T6064] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.050610][ T6064] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.126851][ T5881] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   70.138308][ T5881] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   70.152575][ T5881] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   70.166129][ T5881] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   70.287074][ T6083] netlink: 8 bytes leftover after parsing attributes in process `syz.1.77'.
[   70.378243][ T6089] netlink: 'syz.2.80': attribute type 1 has an invalid length.
[   70.514653][ T5858] Bluetooth: hci0: command tx timeout
[   70.516277][ T5853] Bluetooth: hci1: command tx timeout
[   70.585158][ T5853] Bluetooth: hci2: command tx timeout
[   70.673891][ T6114] netlink: 'syz.1.93': attribute type 8 has an invalid length.
[   70.776317][ T6124] netlink: 'syz.2.97': attribute type 3 has an invalid length.
[   71.310018][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   71.312867][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   72.591134][ T5853] Bluetooth: hci1: command tx timeout
[   72.593349][ T5853] Bluetooth: hci0: command tx timeout
[   72.665313][ T5858] Bluetooth: hci2: command tx timeout
[   73.168004][ T6205] openvswitch: netlink: Missing key (keys=40, expected=200000)
[   73.552167][ T6234] sock: sock_set_timeout: `syz.2.141' (pid 6234) tries to set negative timeout
[   74.167463][ T6273] __nla_validate_parse: 4 callbacks suppressed
[   74.167474][ T6273] netlink: 24 bytes leftover after parsing attributes in process `syz.2.153'.
[   74.737714][ T6308] netlink: 'syz.0.169': attribute type 32 has an invalid length.
[   74.924863][ T6324] netlink: 4 bytes leftover after parsing attributes in process `syz.1.176'.
[   75.166592][ T6346] netlink: 'syz.0.187': attribute type 1 has an invalid length.
[   75.169644][ T6346] netlink: 'syz.0.187': attribute type 3 has an invalid length.
[   75.180675][ T6346] netlink: 224 bytes leftover after parsing attributes in process `syz.0.187'.
[   75.469950][ T6372] netlink: 172 bytes leftover after parsing attributes in process `syz.1.199'.
[   75.472947][ T6372] netlink: 172 bytes leftover after parsing attributes in process `syz.1.199'.
[   75.701563][ T6395] netlink: 'syz.2.210': attribute type 11 has an invalid length.
[   75.704141][ T6395] netlink: 140 bytes leftover after parsing attributes in process `syz.2.210'.
[   75.789975][    T9] IPVS: starting estimator thread 0...
[   75.874752][ T6404] IPVS: using max 63 ests per chain, 151200 per kthread
[   75.875295][ T6408] netlink: 24 bytes leftover after parsing attributes in process `syz.1.217'.
[   75.908342][ T6408] netlink: 16 bytes leftover after parsing attributes in process `syz.1.217'.
[   76.167446][ T6435] netlink: 8 bytes leftover after parsing attributes in process `syz.1.229'.
[   76.266526][ T6442] netlink: 4 bytes leftover after parsing attributes in process `syz.1.232'.
[   76.321406][ T6444] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0
[   77.379791][ T6500] nbd: socks must be embedded in a SOCK_ITEM attr
[   77.387537][ T5851] block nbd64: NBD_DISCONNECT
[   77.483856][ T6500] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   78.456316][ T6568] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   78.799733][ T6595] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode
[   78.803839][ T6595] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[   78.813031][ T6597] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   78.949292][ T6611] netlink: 'syz.0.309': attribute type 83 has an invalid length.
[   78.963683][ T6613] syzkaller1: entered promiscuous mode
[   78.966997][ T6613] syzkaller1: entered allmulticast mode
[   79.549683][ T6653] __nla_validate_parse: 4 callbacks suppressed
[   79.549697][ T6653] netlink: 12 bytes leftover after parsing attributes in process `syz.0.327'.
[   80.444315][ T6719] syzkaller1: entered promiscuous mode
[   80.446740][ T6719] syzkaller1: entered allmulticast mode
[   80.639512][ T6730] netlink: 'syz.1.356': attribute type 11 has an invalid length.
[   80.654616][ T6730] netlink: 224 bytes leftover after parsing attributes in process `syz.1.356'.
[   80.912028][   T13] nci: nci_ntf_packet: unsupported ntf opcode 0xf3d
[   81.718386][ T6783] veth0_to_bridge: entered promiscuous mode
[   81.722111][ T6780] veth0_to_bridge: left promiscuous mode
[   81.842725][ T6797] netlink: 664 bytes leftover after parsing attributes in process `syz.2.387'.
[   81.845959][ T6797] netlink: 664 bytes leftover after parsing attributes in process `syz.2.387'.
[   82.399593][ T6835] Driver unsupported XDP return value 0 on prog  (id 51) dev N/A, expect packet loss!
[   83.006157][ T6873] netlink: 4 bytes leftover after parsing attributes in process `syz.0.422'.
[   84.780819][ T6952] macsec1: entered promiscuous mode
[   84.783395][ T6952] macsec1: entered allmulticast mode
[   85.015370][ T6973] netlink: 8 bytes leftover after parsing attributes in process `syz.0.465'.
[   85.068449][ T6978] syz_tun: refused to change device tx_queue_len
[   85.099875][ T6982] netlink: 27 bytes leftover after parsing attributes in process `syz.1.470'.
[   85.473238][ T7017] netlink: 'syz.2.487': attribute type 4 has an invalid length.
[   85.629920][ T7029] netlink: 4 bytes leftover after parsing attributes in process `syz.2.493'.
[   86.272003][ T7060] netlink: 12 bytes leftover after parsing attributes in process `syz.1.506'.
[   86.335368][ T7062] netlink: 8 bytes leftover after parsing attributes in process `syz.1.507'.
[   86.359673][ T7064] trusted_key: syz.0.508 sent an empty control message without MSG_MORE.
[   86.407021][ T7066] netlink: 232 bytes leftover after parsing attributes in process `syz.1.509'.
[   86.670189][   T24] cfg80211: failed to load regulatory.db
[   86.973299][ T7110] netlink: 'syz.1.530': attribute type 1 has an invalid length.
[   87.820211][ T7142] syzkaller0: entered promiscuous mode
[   87.822443][ T7142] syzkaller0: entered allmulticast mode
[   88.105409][ T7153] netlink: 240 bytes leftover after parsing attributes in process `syz.1.546'.
[   88.108095][ T7153] netlink: 48 bytes leftover after parsing attributes in process `syz.1.546'.
[   88.179665][ T7161] netlink: 508 bytes leftover after parsing attributes in process `syz.0.549'.
[   88.240865][ T7165] netlink: 12 bytes leftover after parsing attributes in process `syz.2.548'.
[   88.292928][   T12] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   88.296054][   T12] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   88.305725][   T12] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   88.328454][   T12] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   89.338892][ T7235] syzkaller1: entered promiscuous mode
[   89.341221][ T7235] syzkaller1: entered allmulticast mode
[   90.468937][ T7319] __nla_validate_parse: 5 callbacks suppressed
[   90.468955][ T7319] netlink: 52 bytes leftover after parsing attributes in process `syz.0.623'.
[   90.598806][ T7337] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[   91.159355][ T5853] Bluetooth: hci2: command 0x0405 tx timeout
[   92.269112][ T7453] netlink: 'syz.1.687': attribute type 13 has an invalid length.
[   92.276912][ T7453] netlink: 16 bytes leftover after parsing attributes in process `syz.1.687'.
[   92.280600][ T7453] (unnamed net_device) (uninitialized): option fail_over_mac: invalid value (6)
[   92.559647][   T12] nci: nci_add_new_protocol: the target found does not have the desired protocol
[   92.591032][ T7479] syzkaller0: entered promiscuous mode
[   92.593358][ T7479] syzkaller0: entered allmulticast mode
[   94.023112][ T7521] netlink: 'syz.2.718': attribute type 3 has an invalid length.
[   94.085185][ T7525] dvmrp8: entered allmulticast mode
[   94.111204][ T7529] netlink: 12 bytes leftover after parsing attributes in process `syz.0.721'.
[   94.128760][ T7530] sock: sock_set_timeout: `syz.2.720' (pid 7530) tries to set negative timeout
[   94.157703][ T7529] bridge1: port 1(ipvlan2) entered blocking state
[   94.160726][ T7529] bridge1: port 1(ipvlan2) entered disabled state
[   94.163557][ T7529] ipvlan2: entered allmulticast mode
[   94.166191][ T7529] macvlan1: entered allmulticast mode
[   94.168663][ T7529] veth1_vlan: entered allmulticast mode
[   94.173401][ T7529] ipvlan2: left allmulticast mode
[   94.175628][ T7529] macvlan1: left allmulticast mode
[   94.178151][ T7529] veth1_vlan: left allmulticast mode
[   94.517840][ T7556] netlink: 'syz.0.733': attribute type 12 has an invalid length.
[   94.771395][ T7574] netlink: 'syz.1.740': attribute type 4 has an invalid length.
[   94.826348][ T7576] Bluetooth: MGMT ver 1.23
[   95.554571][ T7638] netlink: 40 bytes leftover after parsing attributes in process `syz.1.766'.
[   95.626898][ T5858] Bluetooth: hci2: command 0x0405 tx timeout
[   95.749167][ T7659] netlink: 16 bytes leftover after parsing attributes in process `syz.0.777'.
[   95.807965][ T7665] netlink: 8 bytes leftover after parsing attributes in process `syz.0.780'.
[   95.817355][ T7665] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[   95.821076][ T7665] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[   95.893272][ T7675] bridge_slave_0: left allmulticast mode
[   95.897958][ T7675] bridge_slave_0: left promiscuous mode
[   95.901385][ T7675] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.909909][ T7675] bridge_slave_1: left allmulticast mode
[   95.912169][ T7675] bridge_slave_1: left promiscuous mode
[   95.914699][ T7675] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.927957][ T7675] bond0: (slave bond_slave_0): Releasing backup interface
[   95.934584][ T7675] bond0: (slave bond_slave_1): Releasing backup interface
[   95.949345][ T7675] team0: Port device team_slave_0 removed
[   95.958132][ T7675] team0: Port device team_slave_1 removed
[   95.961613][ T7675] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   95.965124][ T7675] batman_adv: batadv0: Removing interface: batadv_slave_0
[   95.969914][ T7675] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   95.973310][ T7675] batman_adv: batadv0: Removing interface: batadv_slave_1
[   95.978664][ T7675] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   96.032002][ T7679] netlink: 24 bytes leftover after parsing attributes in process `syz.1.786'.
[   96.291088][ T7699] netlink: 4 bytes leftover after parsing attributes in process `syz.2.795'.
[   96.603822][ T7716] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[   96.742624][ T7723] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   96.748303][ T7723] batadv_slave_0: entered promiscuous mode
[   96.850957][ T7735] netlink: 16 bytes leftover after parsing attributes in process `syz.2.811'.
[   97.062190][ T7751] A link change request failed with some changes committed already. Interface veth1_to_batadv may have been left with an inconsistent configuration, please check.
[   97.323383][ T7766] syz_tun: entered allmulticast mode
[   97.333490][ T7766] dvmrp8: entered allmulticast mode
[   97.399615][ T7767] netlink: 'syz.2.825': attribute type 23 has an invalid length.
[   97.424313][ T7765] syz_tun: left allmulticast mode
[   97.426589][ T7765] dvmrp8: left allmulticast mode
[   97.801509][ T7778] netlink: 'syz.2.830': attribute type 4 has an invalid length.
[   97.975898][ T7789] IPVS: set_ctl: invalid protocol: 59 224.0.0.1:20004
[   99.009441][ T7871] bridge2: port 1(macvlan3) entered blocking state
[   99.012325][ T7871] bridge2: port 1(macvlan3) entered disabled state
[   99.016234][ T7871] macvlan3: entered allmulticast mode
[   99.021338][ T7871] macvlan3: entered promiscuous mode
[   99.174345][ T7881] netlink: 'syz.2.877': attribute type 1 has an invalid length.
[   99.177719][ T7881] netlink: 15 bytes leftover after parsing attributes in process `syz.2.877'.
[   99.275125][ T7890] sctp: [Deprecated]: syz.1.882 (pid 7890) Use of struct sctp_assoc_value in delayed_ack socket option.
[   99.275125][ T7890] Use struct sctp_sack_info instead
[   99.383356][ T7897] (unnamed net_device) (uninitialized): peer notification delay (9) is not a multiple of miimon (100), value rounded to 0 ms
[   99.524216][ T7909] netlink: 12 bytes leftover after parsing attributes in process `syz.1.891'.
[  100.472745][   T13] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  100.484530][   T13] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  100.487546][   T13] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  100.500094][   T13] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  100.602539][ T7971] netlink: 24 bytes leftover after parsing attributes in process `syz.2.920'.
[  102.066188][ T8032] syz_tun: entered allmulticast mode
[  102.070058][ T8031] syz_tun: left allmulticast mode
[  102.262267][ T8050] netlink: 20 bytes leftover after parsing attributes in process `syz.0.958'.
[  102.441402][ T8064] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode
[  102.448860][ T8064] macsec2: entered allmulticast mode
[  102.451226][ T8064] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  102.806732][ T8097] netlink: 12 bytes leftover after parsing attributes in process `syz.2.981'.
[  102.810840][ T8097] netlink: 20 bytes leftover after parsing attributes in process `syz.2.981'.
[  102.882877][ T8101] netlink: 20 bytes leftover after parsing attributes in process `syz.2.981'.
[  102.889257][ T8101] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  103.297376][ T8134] netlink: 12 bytes leftover after parsing attributes in process `syz.1.999'.
[  103.428539][ T8149] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1005'.
[  103.472354][ T8151] syzkaller0: entered promiscuous mode
[  103.474304][ T8151] syzkaller0: entered allmulticast mode
[  103.740679][ T8167] netlink: 'syz.2.1013': attribute type 1 has an invalid length.
[  105.910379][ T8197] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1023'.
[  106.050320][ T8209] netlink: 'syz.1.1030': attribute type 21 has an invalid length.
[  106.054192][ T8209] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1030'.
[  106.059905][ T8209] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1030'.
[  106.119022][ T8215] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1032'.
[  106.282925][ T8226] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1037'.
[  106.289278][ T8226] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1037'.
[  106.463063][ T8236] netlink: 'syz.0.1042': attribute type 32 has an invalid length.
[  106.466034][ T8236] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1042'.
[  106.474752][ T8236] (unnamed net_device) (uninitialized): Setting coupled_control to off (0)
[  106.673138][ T8250] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  106.940177][ T8264] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1055'.
[  107.013363][ T8270] Bluetooth: MGMT ver 1.23
[  107.015857][ T8270] Bluetooth: hci1: too big key_count value 32778
[  108.409139][ T8321] (unnamed net_device) (uninitialized): ARP target 9.0.0.0 is already present
[  108.412084][ T8321] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (9)
[  108.801781][ T8351] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1097'.
[  109.535854][ T8392] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1113'.
[  109.648999][ T8398] netlink: 'syz.0.1116': attribute type 1 has an invalid length.
[  109.899603][ T5915] hid-generic 0005:16C0:5502.0001: item fetching failed at offset 0/3
[  109.904083][ T5915] hid-generic 0005:16C0:5502.0001: probe with driver hid-generic failed with error -22
[  110.734842][ T8488] tap0: tun_chr_ioctl cmd 1074025677
[  110.736731][ T8488] tap0: linktype set to 825
[  111.046783][ T8512] netlink: 'syz.2.1170': attribute type 1 has an invalid length.
[  111.130237][ T8516] __nla_validate_parse: 6 callbacks suppressed
[  111.130253][ T8516] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1172'.
[  111.656566][ T8539] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1182'.
[  112.114019][    C1] vcan0: j1939_tp_rxtimer: 0xffff88811229a800: rx timeout, send abort
[  112.118867][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811229a800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  112.124850][    C1] vcan0: j1939_tp_rxtimer: 0xffff88811229b800: rx timeout, send abort
[  112.131642][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811229b800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  112.155111][ T8577] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1198'.
[  112.412829][ T8594] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x7
[  113.236915][ T8647] af_packet: tpacket_rcv: packet too big, clamped from 595 to 4294967272. macoff=96
[  113.309710][ T5881] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x7
[  113.343749][ T8664] macvlan1: entered allmulticast mode
[  113.350167][ T8664] veth1_vlan: entered allmulticast mode
[  113.384206][ T8670] netlink: 'syz.0.1236': attribute type 2 has an invalid length.
[  113.391241][ T8670] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1236'.
[  113.398565][ T8670] netlink: 'syz.0.1236': attribute type 2 has an invalid length.
[  113.400993][ T8670] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1236'.
[  113.463783][ T8673] netlink: 'syz.0.1238': attribute type 1 has an invalid length.
[  113.542094][ T8673] bond2: (slave vxcan1): The slave device specified does not support setting the MAC address
[  113.549256][ T8673] bond2: (slave vxcan1): Error -95 calling set_mac_address
[  113.580481][ T8683] gretap2: entered promiscuous mode
[  113.589293][ T8683] bond2: (slave gretap2): making interface the new active one
[  113.596295][ T8683] bond2: (slave gretap2): Enslaving as an active interface with an up link
[  113.640336][ T8673] macvlan4: entered promiscuous mode
[  113.642379][ T8673] macvlan4: entered allmulticast mode
[  113.646096][ T8673] bond2: entered promiscuous mode
[  113.648955][ T8673] 8021q: adding VLAN 0 to HW filter on device macvlan4
[  113.655509][ T8673] bond2: (slave macvlan4): the slave hw address is in use by the bond; giving it the hw address of gretap2
[  113.661795][ T8673] bond2: left promiscuous mode
[  113.931958][ T8710] bridge3: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms)
[  114.042254][ T8718] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1259'.
[  114.062256][ T8718] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  114.232675][ T8733] bridge_slave_0: left allmulticast mode
[  114.236376][ T8733] bridge_slave_0: left promiscuous mode
[  114.238872][ T8733] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.247600][ T8733] bridge_slave_1: left allmulticast mode
[  114.249717][ T8733] bridge_slave_1: left promiscuous mode
[  114.252040][ T8733] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.262989][ T8733] bond0: (slave bond_slave_0): Releasing backup interface
[  114.273108][ T8733] bond0: (slave bond_slave_1): Releasing backup interface
[  114.292383][ T8733] team0: Port device team_slave_0 removed
[  114.302631][ T8733] team0: Port device team_slave_1 removed
[  114.307294][ T8733] batman_adv: batadv0: Removing interface: batadv_slave_0
[  114.312023][ T8733] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  114.316642][ T8733] batman_adv: batadv0: Removing interface: batadv_slave_1
[  114.321680][ T8733] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  114.394076][ T8733] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  114.554529][ T8746] syzkaller1: entered promiscuous mode
[  114.556800][ T8746] syzkaller1: entered allmulticast mode
[  114.693538][ T8753] netdevsim netdevsim0: Direct firmware load for .
[  114.693538][ T8753]  failed with error -2
[  114.716189][ T8753] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[  114.716189][ T8753] 
[  114.820248][ T8759] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1276'.
[  114.991707][ T8770] netlink: 'syz.2.1281': attribute type 1 has an invalid length.
[  115.412033][ T8789] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1290'.
[  115.548368][ T8799] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1295'.
[  115.551431][ T8799] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1295'.
[  116.127246][ T8843] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  116.297373][ T5853] Bluetooth: hci2: link tx timeout
[  116.300301][ T5853] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  116.899381][ T8866] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.903620][ T8866] bridge0: port 1(bridge_slave_0) entered disabled state
[  117.189667][ T8880] xt_l2tp: missing protocol rule (udp|l2tpip)
[  117.361500][ T8891] __nla_validate_parse: 1 callbacks suppressed
[  117.361518][ T8891] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1334'.
[  117.388670][ T8888] netlink: 34 bytes leftover after parsing attributes in process `syz.1.1334'.
[  117.483900][ T8900] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  117.489154][ T8898] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1337'.
[  117.514762][ T8898] batadv0: entered promiscuous mode
[  117.518071][ T8898] 8021q: adding VLAN 0 to HW filter on device macvlan4
[  117.521798][ T8898] batadv0: left promiscuous mode
[  117.702955][ T8905] bridge1: entered allmulticast mode
[  117.787571][ T8914] !: renamed from dummy0 (while UP)
[  118.179600][ T8944] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1357'.
[  118.183198][ T8944] netlink: 236 bytes leftover after parsing attributes in process `syz.1.1357'.
[  118.244802][ T8944] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1357'.
[  118.356658][ T5858] Bluetooth: hci2: command 0x0405 tx timeout
[  118.399572][ T8959] netlink: 'syz.1.1364': attribute type 4 has an invalid length.
[  118.415223][ T8959] netlink: 'syz.1.1364': attribute type 4 has an invalid length.
[  118.662681][ T8985] netlink: 566 bytes leftover after parsing attributes in process `syz.1.1375'.
[  119.223681][ T9015] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1389'.
[  119.786495][ T9051] tipc: Started in network mode
[  119.794805][ T9051] tipc: Node identity b2b8043d02dd, cluster identity 4711
[  119.797862][ T9051] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  119.809288][ T9050] tipc: Resetting bearer <eth:syzkaller0>
[  119.836230][ T9063] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1412'.
[  119.981774][ T9069] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1415'.
[  120.935748][  T791] tipc: Node number set to 2959410237
[  121.001563][ T9050] tipc: Disabling bearer <eth:syzkaller0>
[  121.821115][ T9127] netlink: zone id is out of range
[  121.823138][ T9127] netlink: get zone limit has 8 unknown bytes
[  122.180478][ T9154] netlink: 'syz.0.1452': attribute type 2 has an invalid length.
[  122.213899][ T9157] netlink: 'syz.2.1450': attribute type 83 has an invalid length.
[  122.497929][ T9169] __nla_validate_parse: 4 callbacks suppressed
[  122.497947][ T9169] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1459'.
[  122.622395][ T9175] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1462'.
[  122.661690][ T9175] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1462'.
[  123.287294][ T9235] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1488'.
[  123.323498][ T9237] TCP: tcp_parse_options: Illegal window scaling value 104 > 14 received
[  123.469682][ T9247] netlink: 'syz.2.1493': attribute type 22 has an invalid length.
[  123.488556][ T9249] netlink: 240 bytes leftover after parsing attributes in process `syz.1.1495'.
[  123.754078][ T9279] netlink: 248 bytes leftover after parsing attributes in process `syz.0.1510'.
[  123.972240][ T9304] 8021q: adding VLAN 0 to HW filter on device bond4
[  123.994153][ T9304] macvlan4: entered promiscuous mode
[  123.996884][ T9304] macvlan4: entered allmulticast mode
[  124.000108][ T9304] bond4: entered promiscuous mode
[  124.003162][ T9304] 8021q: adding VLAN 0 to HW filter on device macvlan4
[  124.014339][ T9304] bond4: left promiscuous mode
[  124.184895][ T9320] syzkaller0: entered promiscuous mode
[  124.186972][ T9320] syzkaller0: entered allmulticast mode
[  124.250487][ T9325] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1526'.
[  124.253956][ T9325] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1526'.
[  124.258531][ T9325] netlink: 'syz.0.1526': attribute type 19 has an invalid length.
[  124.531429][ T9339] erspan0: entered promiscuous mode
[  124.538502][ T9339] netlink: 'syz.0.1532': attribute type 2 has an invalid length.
[  125.066994][ T9357] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1538'.
[  125.072596][ T9357] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1538'.
[  125.402238][ T9371] (unnamed net_device) (uninitialized): option arp_interval: invalid value (18446744073709551615)
[  125.409338][ T9371] (unnamed net_device) (uninitialized): option arp_interval: allowed values 0 - 2147483647
[  125.505066][ T9382] dvmrp0: entered allmulticast mode
[  125.533759][ T5881] nci: nci_ntf_packet: unknown ntf opcode 0x127
[  125.733282][ T9390] netlink: 'syz.0.1552': attribute type 5 has an invalid length.
[  125.737492][ T9390] netlink: 'syz.0.1552': attribute type 5 has an invalid length.
[  126.104613][ T5858] Bluetooth: hci2: command 0x0405 tx timeout
[  127.886462][ T9424] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.888991][ T9424] bridge0: port 2(bridge_slave_1) entered forwarding state
[  127.892448][ T9424] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.895913][ T9424] bridge0: port 1(bridge_slave_0) entered forwarding state
[  127.906400][ T9424] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  128.181118][ T9455] __nla_validate_parse: 2 callbacks suppressed
[  128.181134][ T9455] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1582'.
[  128.190052][ T9455] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1582'.
[  128.444172][ T9467] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  128.454288][ T9467] syzkaller0: entered promiscuous mode
[  128.459256][ T9467] syzkaller0: entered allmulticast mode
[  128.489180][ T9467] tipc: Resetting bearer <eth:syzkaller0>
[  128.501533][ T9466] tipc: Resetting bearer <eth:syzkaller0>
[  128.535321][ T9466] tipc: Disabling bearer <eth:syzkaller0>
[  128.690752][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.693894][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.882625][ T9564] netlink: 216 bytes leftover after parsing attributes in process `syz.1.1622'.
[  129.896881][ T9564] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1622'.
[  129.906920][ T9564] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1622'.
[  130.227631][ T9591] bridge2: the hash_elasticity option has been deprecated and is always 16
[  130.231054][ T9591] bridge2: entered allmulticast mode
[  130.485822][ T9611] delete_channel: no stack
[  130.688427][ T9630] netlink: 'syz.1.1652': attribute type 3 has an invalid length.
[  130.691616][ T9630] netlink: 'syz.1.1652': attribute type 1 has an invalid length.
[  130.694898][ T9630] netlink: 60387 bytes leftover after parsing attributes in process `syz.1.1652'.
[  131.082502][ T9666] syzkaller0: entered promiscuous mode
[  131.084531][ T9666] syzkaller0: entered allmulticast mode
[  131.087378][ T9671] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1674'.
[  132.567580][ T9703] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1689'.
[  132.692473][ T9716] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1695'.
[  132.760433][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  132.763600][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[  132.821285][ T9730] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1701'.
[  133.096367][ T9755] !: entered promiscuous mode
[  133.098271][ T9755] macvtap1: entered promiscuous mode
[  133.100664][ T9755] macvtap1: entered allmulticast mode
[  133.102646][ T9755] !: entered allmulticast mode
[  133.121381][ T9755] macvtap1: left promiscuous mode
[  133.123487][ T9755] macvtap1: left allmulticast mode
[  133.125805][ T9755] !: left allmulticast mode
[  133.139281][ T9758] netlink: 'syz.0.1709': attribute type 16 has an invalid length.
[  133.142103][ T9758] netlink: 'syz.0.1709': attribute type 17 has an invalid length.
[  133.163817][ T9758] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  133.899709][ T9803] __nla_validate_parse: 3 callbacks suppressed
[  133.899726][ T9803] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1731'.
[  134.157524][ T9824] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1743'.
[  134.161144][ T9824] netlink: 'syz.2.1743': attribute type 1 has an invalid length.
[  134.373588][ T5881] nci: nci_rsp_packet: unknown rsp opcode 0x73a
[  134.450065][ T9849] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1752'.
[  134.571456][ T9861] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not bonding slave
[  134.575478][ T9861] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1)
[  134.938127][ T9894] netlink: 'syz.1.1774': attribute type 5 has an invalid length.
[  135.062657][ T9903] netlink: 'syz.0.1777': attribute type 2 has an invalid length.
[  135.076987][ T9903] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1777'.
[  135.140807][ T9906] syzkaller0: entered promiscuous mode
[  135.142986][ T9906] syzkaller0: entered allmulticast mode
[  136.558055][ T9928] netlink: 11382 bytes leftover after parsing attributes in process `syz.0.1787'.
[  136.600078][ T9931] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1788'.
[  136.643703][ T9941] netlink: 'syz.0.1791': attribute type 2 has an invalid length.
[  136.648427][ T9941] netlink: 119 bytes leftover after parsing attributes in process `syz.0.1791'.
[  137.020033][ T9969] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1805'.
[  137.108990][ T9975] netlink: 'syz.1.1808': attribute type 1 has an invalid length.
[  137.369415][ T9995] netlink: 23432 bytes leftover after parsing attributes in process `syz.0.1818'.
[  137.514282][T10005] rdma_op ffff888118d379f0 conn xmit_rdma 0000000000000000
[  137.967003][T10027] netlink: 45 bytes leftover after parsing attributes in process `syz.0.1834'.
[  138.125810][T10031] veth7: entered promiscuous mode
[  138.246473][T10039] netlink: 'syz.0.1840': attribute type 7 has an invalid length.
[  138.576934][T10071] tipc: Started in network mode
[  138.578954][T10071] tipc: Node identity 4, cluster identity 4711
[  138.581293][T10071] tipc: Node number set to 4
[  138.977360][T10104] netlink: 'syz.1.1863': attribute type 1 has an invalid length.
[  139.299397][T10123] netlink: 'syz.1.1872': attribute type 25 has an invalid length.
[  139.302739][T10123] netlink: 'syz.1.1872': attribute type 7 has an invalid length.
[  139.713074][T10146] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  139.757310][T10154] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  139.898838][T10165] __nla_validate_parse: 3 callbacks suppressed
[  139.898856][T10165] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1891'.
[  139.937822][T10165] netlink: 'syz.1.1891': attribute type 2 has an invalid length.
[  140.095039][T10181] syzkaller1: entered promiscuous mode
[  140.097289][T10181] syzkaller1: entered allmulticast mode
[  140.243769][T10187] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1901'.
[  140.264825][T10195] IPVS: Unknown mcast interface: vcan0
[  140.478142][T10214] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1914'.
[  140.484975][T10214] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1914'.
[  140.503006][T10216] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1915'.
[  140.533831][T10218] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1916'.
[  140.538880][T10218] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1916'.
[  140.618709][T10222] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1918'.
[  141.200389][T10258] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1933'.
[  141.220697][T10258] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1933'.
[  141.428122][T10266] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  141.433207][T10266] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.513490][T10266] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  141.518565][T10266] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.583096][T10270] lo speed is unknown, defaulting to 1000
[  141.586424][T10270] lo speed is unknown, defaulting to 1000
[  141.591399][T10270] lo speed is unknown, defaulting to 1000
[  141.611142][T10270] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  141.626437][T10270] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  141.659969][T10266] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  141.664150][T10266] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.786699][T10270] lo speed is unknown, defaulting to 1000
[  141.978983][T10266] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  141.984361][T10266] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.017675][T10270] lo speed is unknown, defaulting to 1000
[  142.021983][T10270] lo speed is unknown, defaulting to 1000
[  142.027578][T10270] lo speed is unknown, defaulting to 1000
[  142.201254][ T5881] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  142.204378][ T5881] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  142.251445][ T5881] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  142.255048][ T5881] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  142.349468][   T13] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  142.356765][   T13] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  142.380370][   T13] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  142.391364][   T13] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  143.057628][T10326] pim6reg1: entered promiscuous mode
[  143.059773][T10326] pim6reg1: entered allmulticast mode
[  143.066590][T10288] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  143.070065][T10288] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  143.093812][T10288] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  143.109962][T10288] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  143.338226][T10338] nbd: illegal input index 65508
[  143.461231][T10342] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  143.624175][T10350] dummy0: entered promiscuous mode
[  143.629791][T10350] hsr1: Slave B (batadv_slave_0) is not up; please bring it up to get a fully working HSR network
[  143.634524][T10350] hsr1: entered allmulticast mode
[  143.636701][T10350] dummy0: entered allmulticast mode
[  143.638813][T10350] batadv_slave_0: entered allmulticast mode
[  146.108244][T10372] openvswitch: netlink: Tunnel attr 214 out of range max 16
[  146.145790][T10374] netlink: 'syz.0.1970': attribute type 1 has an invalid length.
[  146.176888][T10374] bond6: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  146.182521][   T13] bond6: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  146.183802][T10374] 8021q: adding VLAN 0 to HW filter on device bond6
[  146.295416][   T13] bond6: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  147.322570][T10393] __nla_validate_parse: 3 callbacks suppressed
[  147.322584][T10393] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1978'.
[  147.666422][T10411] 8021q: adding VLAN 0 to HW filter on device bond7
[  147.680868][T10411] 8021q: adding VLAN 0 to HW filter on device macvlan4
[  147.686979][T10411] bond7: (slave macvlan4): Enslaving as a backup interface with a down link
[  148.008174][T10430] tipc: Started in network mode
[  148.010159][T10430] tipc: Node identity d21c1f608bea, cluster identity 4711
[  148.012603][T10430] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  148.016145][T10430] syzkaller0: entered promiscuous mode
[  148.018331][T10430] syzkaller0: entered allmulticast mode
[  148.032749][T10430] tipc: Resetting bearer <eth:syzkaller0>
[  148.037528][T10429] tipc: Resetting bearer <eth:syzkaller0>
[  148.046070][T10429] tipc: Disabling bearer <eth:syzkaller0>
[  182.344770][ T5855] page_pool_release_retry() stalled pool shutdown: id 41, 1 inflight 60 sec
[  194.188295][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  194.190781][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[  255.628593][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  255.631001][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[  302.344938][   T34] INFO: task kworker/0:0:9 blocked for more than 143 seconds.
[  302.347898][   T34]       Not tainted syzkaller #0
[  302.351178][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  302.357360][   T34] task:kworker/0:0     state:D stack:24688 pid:9     tgid:9     ppid:2      task_flags:0x4208060 flags:0x00004000
[  302.362026][   T34] Workqueue: events rfkill_global_led_trigger_worker
[  302.365147][   T34] Call Trace:
[  302.366525][   T34]  <TASK>
[  302.367700][   T34]  __schedule+0x1798/0x4cc0
[  302.369528][   T34]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  302.372111][   T34]  ? __pfx___schedule+0x10/0x10
[  302.373961][   T34]  ? schedule+0x91/0x360
[  302.376249][   T34]  schedule+0x165/0x360
[  302.377952][   T34]  schedule_preempt_disabled+0x13/0x30
[  302.380021][   T34]  __mutex_lock+0x7e6/0x1350
[  302.381851][   T34]  ? __mutex_lock+0x5bb/0x1350
[  302.383704][   T34]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[  302.386574][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  302.388558][   T34]  ? process_scheduled_works+0x9ef/0x17b0
[  302.390760][   T34]  ? process_scheduled_works+0x9ef/0x17b0
[  302.393056][   T34]  rfkill_global_led_trigger_worker+0x27/0xd0
[  302.395769][   T34]  ? process_scheduled_works+0x9ef/0x17b0
[  302.398018][   T34]  process_scheduled_works+0xae1/0x17b0
[  302.400190][   T34]  ? __pfx_process_scheduled_works+0x10/0x10
[  302.402579][   T34]  worker_thread+0x8a0/0xda0
[  302.405851][   T34]  kthread+0x711/0x8a0
[  302.407513][   T34]  ? __pfx_worker_thread+0x10/0x10
[  302.409538][   T34]  ? __pfx_kthread+0x10/0x10
[  302.411380][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  302.413454][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  302.416461][   T34]  ? __pfx_kthread+0x10/0x10
[  302.418271][   T34]  ret_from_fork+0x439/0x7d0
[  302.422378][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  302.423967][   T34]  ? __switch_to_asm+0x39/0x70
[  302.426169][   T34]  ? __switch_to_asm+0x33/0x70
[  302.428047][   T34]  ? __pfx_kthread+0x10/0x10
[  302.429481][   T34]  ret_from_fork_asm+0x1a/0x30
[  302.431111][   T34]  </TASK>
[  302.432274][   T34] INFO: task syz.2.1943:10282 blocked for more than 143 seconds.
[  302.435120][   T34]       Not tainted syzkaller #0
[  302.436989][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  302.440003][   T34] task:syz.2.1943      state:D stack:25096 pid:10282 tgid:10282 ppid:5854   task_flags:0x400040 flags:0x00004004
[  302.445015][   T34] Call Trace:
[  302.446178][   T34]  <TASK>
[  302.447357][   T34]  __schedule+0x1798/0x4cc0
[  302.449117][   T34]  ? __lock_acquire+0xab9/0xd20
[  302.450984][   T34]  ? __lock_acquire+0xab9/0xd20
[  302.452890][   T34]  ? __pfx___schedule+0x10/0x10
[  302.455369][   T34]  ? schedule+0x91/0x360
[  302.457126][   T34]  schedule+0x165/0x360
[  302.458747][   T34]  schedule_preempt_disabled+0x13/0x30
[  302.460890][   T34]  __mutex_lock+0x7e6/0x1350
[  302.462740][   T34]  ? __mutex_lock+0x5bb/0x1350
[  302.464870][   T34]  ? rfkill_unregister+0xc8/0x220
[  302.466881][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  302.468889][   T34]  ? __pfx_device_del+0x10/0x10
[  302.470780][   T34]  rfkill_unregister+0xc8/0x220
[  302.472698][   T34]  nfc_unregister_device+0x96/0x2a0
[  302.474861][   T34]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  302.477128][   T34]  virtual_ncidev_close+0x56/0x90
[  302.479017][   T34]  __fput+0x44c/0xa70
[  302.480617][   T34]  task_work_run+0x1d4/0x260
[  302.482378][   T34]  ? __pfx_task_work_run+0x10/0x10
[  302.484364][   T34]  ? exit_to_user_mode_loop+0x40/0x110
[  302.486660][   T34]  exit_to_user_mode_loop+0xec/0x110
[  302.488760][   T34]  do_syscall_64+0x2bd/0x3b0
[  302.490607][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  302.492654][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.495117][   T34]  ? exc_page_fault+0x9f/0xf0
[  302.496994][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.499308][   T34] RIP: 0033:0x7ff7b498ec29
[  302.501067][   T34] RSP: 002b:00007ffe60ca33a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  302.504196][   T34] RAX: 0000000000000000 RBX: 00007ff7b4bd7da0 RCX: 00007ff7b498ec29
[  302.507408][   T34] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  302.510516][   T34] RBP: 00007ff7b4bd7da0 R08: 0000000000010e4c R09: 0000001b60ca369f
[  302.513596][   T34] R10: 00007ff7b4bd7cb0 R11: 0000000000000246 R12: 0000000000022e28
[  302.516805][   T34] R13: 00007ffe60ca34a0 R14: ffffffffffffffff R15: 00007ffe60ca34c0
[  302.519931][   T34]  </TASK>
[  302.521197][   T34] INFO: task syz.1.1944:10288 blocked for more than 143 seconds.
[  302.524182][   T34]       Not tainted syzkaller #0
[  302.526950][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  302.530247][   T34] task:syz.1.1944      state:D stack:24664 pid:10288 tgid:10287 ppid:5859   task_flags:0x400040 flags:0x00004006
[  302.535413][   T34] Call Trace:
[  302.536705][   T34]  <TASK>
[  302.537917][   T34]  __schedule+0x1798/0x4cc0
[  302.539714][   T34]  ? __lock_acquire+0xab9/0xd20
[  302.541623][   T34]  ? __lock_acquire+0xab9/0xd20
[  302.543474][   T34]  ? __pfx___schedule+0x10/0x10
[  302.545467][   T34]  ? schedule+0x91/0x360
[  302.547083][   T34]  schedule+0x165/0x360
[  302.548797][   T34]  schedule_preempt_disabled+0x13/0x30
[  302.550976][   T34]  __mutex_lock+0x7e6/0x1350
[  302.552822][   T34]  ? __mutex_lock+0x5bb/0x1350
[  302.554776][   T34]  ? nfc_rfkill_set_block+0x50/0x2e0
[  302.556811][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  302.558774][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  302.560794][   T34]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  302.563055][   T34]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  302.565685][   T34]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  302.567966][   T34]  nfc_rfkill_set_block+0x50/0x2e0
[  302.569968][   T34]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  302.572158][   T34]  rfkill_set_block+0x1d2/0x440
[  302.574059][   T34]  rfkill_fop_write+0x44b/0x570
[  302.576081][   T34]  ? __pfx_rfkill_fop_write+0x10/0x10
[  302.578262][   T34]  ? security_file_permission+0x60/0x290
[  302.580456][   T34]  ? rw_verify_area+0x255/0x4d0
[  302.582293][   T34]  ? __lock_acquire+0xab9/0xd20
[  302.584182][   T34]  ? __pfx_rfkill_fop_write+0x10/0x10
[  302.586452][   T34]  vfs_write+0x27e/0xb30
[  302.588142][   T34]  ? __pfx_vfs_write+0x10/0x10
[  302.590048][   T34]  ? __fget_files+0x2a/0x420
[  302.591895][   T34]  ? __fget_files+0x2a/0x420
[  302.593749][   T34]  ? __fget_files+0x3a0/0x420
[  302.595726][   T34]  ? __fget_files+0x2a/0x420
[  302.597600][   T34]  ksys_write+0x145/0x250
[  302.599281][   T34]  ? __pfx_ksys_write+0x10/0x10
[  302.601191][   T34]  ? rcu_is_watching+0x15/0xb0
[  302.603080][   T34]  ? do_syscall_64+0xbe/0x3b0
[  302.605091][   T34]  do_syscall_64+0xfa/0x3b0
[  302.606896][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  302.608938][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.611362][   T34]  ? exc_page_fault+0x9f/0xf0
[  302.613235][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.615649][   T34] RIP: 0033:0x7fa5f398ec29
[  302.617449][   T34] RSP: 002b:00007fa5f477a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  302.620712][   T34] RAX: ffffffffffffffda RBX: 00007fa5f3bd5fa0 RCX: 00007fa5f398ec29
[  302.623822][   T34] RDX: 0000000000000008 RSI: 00002000000002c0 RDI: 0000000000000003
[  302.627108][   T34] RBP: 00007fa5f3a11e41 R08: 0000000000000000 R09: 0000000000000000
[  302.630204][   T34] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  302.633251][   T34] R13: 00007fa5f3bd6038 R14: 00007fa5f3bd5fa0 R15: 00007ffe57c4a028
[  302.636479][   T34]  </TASK>
[  302.637774][   T34] INFO: task syz.0.2006:10451 blocked for more than 143 seconds.
[  302.640752][   T34]       Not tainted syzkaller #0
[  302.642711][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  302.647474][   T34] task:syz.0.2006      state:D stack:25864 pid:10451 tgid:10450 ppid:5850   task_flags:0x400140 flags:0x00004004
[  302.652462][   T34] Call Trace:
[  302.653811][   T34]  <TASK>
[  302.655092][   T34]  __schedule+0x1798/0x4cc0
[  302.656887][   T34]  ? __lock_acquire+0xab9/0xd20
[  302.658874][   T34]  ? __lock_acquire+0xab9/0xd20
[  302.660742][   T34]  ? __pfx___schedule+0x10/0x10
[  302.662677][   T34]  ? schedule+0x91/0x360
[  302.664390][   T34]  schedule+0x165/0x360
[  302.667182][   T34]  schedule_preempt_disabled+0x13/0x30
[  302.669353][   T34]  __mutex_lock+0x7e6/0x1350
[  302.671188][   T34]  ? __mutex_lock+0x5bb/0x1350
[  302.673101][   T34]  ? rfkill_register+0x37/0x8e0
[  302.675146][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  302.677156][   T34]  ? __init_waitqueue_head+0xa9/0x150
[  302.679214][   T34]  ? device_initialize+0x24b/0x440
[  302.681164][   T34]  rfkill_register+0x37/0x8e0
[  302.682987][   T34]  nfc_register_device+0x14a/0x320
[  302.685279][   T34]  nci_register_device+0x87f/0x9d0
[  302.687372][   T34]  ? __pfx_nci_register_device+0x10/0x10
[  302.689563][   T34]  ? __raw_spin_lock_init+0x45/0x100
[  302.691643][   T34]  ? __init_waitqueue_head+0xa9/0x150
[  302.693772][   T34]  virtual_ncidev_open+0x129/0x1a0
[  302.695904][   T34]  ? __pfx_virtual_ncidev_open+0x10/0x10
[  302.698123][   T34]  misc_open+0x2bc/0x330
[  302.699794][   T34]  chrdev_open+0x4cc/0x5e0
[  302.701584][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  302.703547][   T34]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  302.706156][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  302.708064][   T34]  do_dentry_open+0x953/0x13f0
[  302.709896][   T34]  vfs_open+0x3b/0x340
[  302.711451][   T34]  ? path_openat+0x2ecd/0x3830
[  302.713331][   T34]  path_openat+0x2ee5/0x3830
[  302.715260][   T34]  ? arch_stack_walk+0xfc/0x150
[  302.717236][   T34]  ? stack_depot_save_flags+0x40/0x860
[  302.719377][   T34]  ? __pfx_path_openat+0x10/0x10
[  302.721250][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.723635][   T34]  do_filp_open+0x1fa/0x410
[  302.725569][   T34]  ? __lock_acquire+0xab9/0xd20
[  302.727525][   T34]  ? __pfx_do_filp_open+0x10/0x10
[  302.729530][   T34]  ? _raw_spin_unlock+0x28/0x50
[  302.731487][   T34]  ? alloc_fd+0x64c/0x6c0
[  302.733194][   T34]  do_sys_openat2+0x121/0x1c0
[  302.735153][   T34]  ? __se_sys_futex+0x36f/0x400
[  302.737116][   T34]  ? __pfx_do_sys_openat2+0x10/0x10
[  302.739108][   T34]  ? rcu_is_watching+0x15/0xb0
[  302.740906][   T34]  __x64_sys_openat+0x138/0x170
[  302.742822][   T34]  do_syscall_64+0xfa/0x3b0
[  302.744773][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  302.746848][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.749247][   T34]  ? exc_page_fault+0x9f/0xf0
[  302.751103][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.753374][   T34] RIP: 0033:0x7f06f5d8ec29
[  302.755660][   T34] RSP: 002b:00007f06f6c65038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  302.758877][   T34] RAX: ffffffffffffffda RBX: 00007f06f5fd5fa0 RCX: 00007f06f5d8ec29
[  302.761896][   T34] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  302.765040][   T34] RBP: 00007f06f5e11e41 R08: 0000000000000000 R09: 0000000000000000
[  302.768143][   T34] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  302.771225][   T34] R13: 00007f06f5fd6038 R14: 00007f06f5fd5fa0 R15: 00007ffdd8e501e8
[  302.774358][   T34]  </TASK>
[  302.775719][   T34] INFO: task syz.0.2006:10456 blocked for more than 143 seconds.
[  302.778729][   T34]       Not tainted syzkaller #0
[  302.780682][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  302.784060][   T34] task:syz.0.2006      state:D stack:27016 pid:10456 tgid:10450 ppid:5850   task_flags:0x400140 flags:0x00004004
[  302.792821][   T34] Call Trace:
[  302.794193][   T34]  <TASK>
[  302.795573][   T34]  __schedule+0x1798/0x4cc0
[  302.797511][   T34]  ? __lock_acquire+0xab9/0xd20
[  302.799469][   T34]  ? __lock_acquire+0xab9/0xd20
[  302.801397][   T34]  ? __pfx___schedule+0x10/0x10
[  302.803339][   T34]  ? schedule+0x91/0x360
[  302.805225][   T34]  schedule+0x165/0x360
[  302.806910][   T34]  schedule_preempt_disabled+0x13/0x30
[  302.809051][   T34]  __mutex_lock+0x7e6/0x1350
[  302.810878][   T34]  ? __mutex_lock+0x5bb/0x1350
[  302.812761][   T34]  ? misc_open+0x51/0x330
[  302.814559][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  302.816588][   T34]  misc_open+0x51/0x330
[  302.818187][   T34]  chrdev_open+0x4cc/0x5e0
[  302.819954][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  302.821977][   T34]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  302.824765][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  302.826755][   T34]  do_dentry_open+0x953/0x13f0
[  302.828623][   T34]  vfs_open+0x3b/0x340
[  302.830211][   T34]  ? path_openat+0x2ecd/0x3830
[  302.832013][   T34]  path_openat+0x2ee5/0x3830
[  302.833857][   T34]  ? arch_stack_walk+0xfc/0x150
[  302.835921][   T34]  ? stack_depot_save_flags+0x40/0x860
[  302.838120][   T34]  ? __pfx_path_openat+0x10/0x10
[  302.840069][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.842466][   T34]  do_filp_open+0x1fa/0x410
[  302.844246][   T34]  ? __lock_acquire+0xab9/0xd20
[  302.846324][   T34]  ? __pfx_do_filp_open+0x10/0x10
[  302.848268][   T34]  ? _raw_spin_unlock+0x28/0x50
[  302.850173][   T34]  ? alloc_fd+0x64c/0x6c0
[  302.851859][   T34]  do_sys_openat2+0x121/0x1c0
[  302.853634][   T34]  ? __se_sys_futex+0x36f/0x400
[  302.855666][   T34]  ? __pfx_do_sys_openat2+0x10/0x10
[  302.857790][   T34]  ? rcu_is_watching+0x15/0xb0
[  302.859659][   T34]  __x64_sys_openat+0x138/0x170
[  302.861538][   T34]  do_syscall_64+0xfa/0x3b0
[  302.863314][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  302.865958][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.868389][   T34]  ? exc_page_fault+0x9f/0xf0
[  302.870247][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.872600][   T34] RIP: 0033:0x7f06f5d8ec29
[  302.874379][   T34] RSP: 002b:00007f06f6c44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  302.877776][   T34] RAX: ffffffffffffffda RBX: 00007f06f5fd6090 RCX: 00007f06f5d8ec29
[  302.880869][   T34] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  302.883951][   T34] RBP: 00007f06f5e11e41 R08: 0000000000000000 R09: 0000000000000000
[  302.887090][   T34] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  302.890131][   T34] R13: 00007f06f5fd6128 R14: 00007f06f5fd6090 R15: 00007ffdd8e501e8
[  302.893214][   T34]  </TASK>
[  302.894594][   T34] INFO: task syz-executor:10461 blocked for more than 143 seconds.
[  302.897707][   T34]       Not tainted syzkaller #0
[  302.899672][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  302.902981][   T34] task:syz-executor    state:D stack:27240 pid:10461 tgid:10461 ppid:1      task_flags:0x400040 flags:0x00004000
[  302.907919][   T34] Call Trace:
[  302.909310][   T34]  <TASK>
[  302.910509][   T34]  __schedule+0x1798/0x4cc0
[  302.912315][   T34]  ? kasan_save_free_info+0x46/0x50
[  302.914383][   T34]  ? __lock_acquire+0xab9/0xd20
[  302.916473][   T34]  ? __lock_acquire+0xab9/0xd20
[  302.918439][   T34]  ? __pfx___schedule+0x10/0x10
[  302.920406][   T34]  ? schedule+0x91/0x360
[  302.922044][   T34]  schedule+0x165/0x360
[  302.923714][   T34]  schedule_preempt_disabled+0x13/0x30
[  302.925993][   T34]  __mutex_lock+0x7e6/0x1350
[  302.927849][   T34]  ? __mutex_lock+0x5bb/0x1350
[  302.929737][   T34]  ? misc_open+0x51/0x330
[  302.931417][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  302.933385][   T34]  misc_open+0x51/0x330
[  302.935050][   T34]  chrdev_open+0x4cc/0x5e0
[  302.936795][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  302.938717][   T34]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  302.941132][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  302.943100][   T34]  do_dentry_open+0x953/0x13f0
[  302.945312][   T34]  vfs_open+0x3b/0x340
[  302.946963][   T34]  ? path_openat+0x2ecd/0x3830
[  302.948873][   T34]  path_openat+0x2ee5/0x3830
[  302.950710][   T34]  ? __pfx_css_rstat_updated+0x10/0x10
[  302.952849][   T34]  ? count_memcg_event_mm+0x21/0x260
[  302.955062][   T34]  ? __pfx_path_openat+0x10/0x10
[  302.957039][   T34]  ? __pfx___up_read+0x10/0x10
[  302.958931][   T34]  ? do_user_addr_fault+0xbc1/0x1390
[  302.961069][   T34]  do_filp_open+0x1fa/0x410
[  302.962886][   T34]  ? __lock_acquire+0xab9/0xd20
[  302.964947][   T34]  ? __pfx_do_filp_open+0x10/0x10
[  302.966924][   T34]  ? _raw_spin_unlock+0x28/0x50
[  302.968822][   T34]  ? alloc_fd+0x64c/0x6c0
[  302.970566][   T34]  do_sys_openat2+0x121/0x1c0
[  302.972409][   T34]  ? __pfx_do_sys_openat2+0x10/0x10
[  302.975075][   T34]  ? fd_install+0x97/0x540
[  302.976859][   T34]  ? fd_install+0x30d/0x540
[  302.978711][   T34]  __x64_sys_openat+0x138/0x170
[  302.980639][   T34]  do_syscall_64+0xfa/0x3b0
[  302.982402][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  302.984386][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.987755][   T34]  ? exc_page_fault+0x9f/0xf0
[  302.989645][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.991975][   T34] RIP: 0033:0x7f53d538d511
[  302.993802][   T34] RSP: 002b:00007ffd9984ee70 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  302.997227][   T34] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f53d538d511
[  303.000367][   T34] RDX: 0000000000000002 RSI: 00007f53d541284a RDI: 00000000ffffff9c
[  303.003400][   T34] RBP: 00007f53d541284a R08: 0000000000000000 R09: 00007f53d610d6c0
[  303.006567][   T34] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008
[  303.009630][   T34] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[  303.012714][   T34]  </TASK>
[  303.013967][   T34] INFO: task syz-executor:10462 blocked for more than 144 seconds.
[  303.017452][   T34]       Not tainted syzkaller #0
[  303.019348][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  303.022571][   T34] task:syz-executor    state:D stack:27632 pid:10462 tgid:10462 ppid:1      task_flags:0x400040 flags:0x00004000
[  303.027393][   T34] Call Trace:
[  303.028743][   T34]  <TASK>
[  303.029949][   T34]  __schedule+0x1798/0x4cc0
[  303.031790][   T34]  ? kasan_save_free_info+0x46/0x50
[  303.033874][   T34]  ? __lock_acquire+0xab9/0xd20
[  303.035945][   T34]  ? __lock_acquire+0xab9/0xd20
[  303.037915][   T34]  ? __pfx___schedule+0x10/0x10
[  303.039786][   T34]  ? schedule+0x91/0x360
[  303.041433][   T34]  schedule+0x165/0x360
[  303.043041][   T34]  schedule_preempt_disabled+0x13/0x30
[  303.045334][   T34]  __mutex_lock+0x7e6/0x1350
[  303.047195][   T34]  ? __mutex_lock+0x5bb/0x1350
[  303.049095][   T34]  ? misc_open+0x51/0x330
[  303.050803][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  303.052804][   T34]  misc_open+0x51/0x330
[  303.054607][   T34]  chrdev_open+0x4cc/0x5e0
[  303.056429][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  303.058399][   T34]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  303.060878][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  303.062866][   T34]  do_dentry_open+0x953/0x13f0
[  303.064906][   T34]  vfs_open+0x3b/0x340
[  303.066555][   T34]  ? path_openat+0x2ecd/0x3830
[  303.068470][   T34]  path_openat+0x2ee5/0x3830
[  303.070343][   T34]  ? __pfx_css_rstat_updated+0x10/0x10
[  303.072499][   T34]  ? count_memcg_event_mm+0x21/0x260
[  303.074719][   T34]  ? __pfx_path_openat+0x10/0x10
[  303.076744][   T34]  ? __pfx___up_read+0x10/0x10
[  303.078665][   T34]  ? do_user_addr_fault+0xbc1/0x1390
[  303.080635][   T34]  do_filp_open+0x1fa/0x410
[  303.082401][   T34]  ? __lock_acquire+0xab9/0xd20
[  303.084276][   T34]  ? __pfx_do_filp_open+0x10/0x10
[  303.086727][   T34]  ? _raw_spin_unlock+0x28/0x50
[  303.088721][   T34]  ? alloc_fd+0x64c/0x6c0
[  303.090457][   T34]  do_sys_openat2+0x121/0x1c0
[  303.092348][   T34]  ? __pfx_do_sys_openat2+0x10/0x10
[  303.094503][   T34]  ? fd_install+0x97/0x540
[  303.096291][   T34]  ? fd_install+0x30d/0x540
[  303.098115][   T34]  __x64_sys_openat+0x138/0x170
[  303.100042][   T34]  do_syscall_64+0xfa/0x3b0
[  303.101856][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  303.103926][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  303.106492][   T34]  ? exc_page_fault+0x9f/0xf0
[  303.108399][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  303.110742][   T34] RIP: 0033:0x7f130098d511
[  303.112565][   T34] RSP: 002b:00007ffe04a2be50 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  303.115935][   T34] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f130098d511
[  303.119113][   T34] RDX: 0000000000000002 RSI: 00007f1300a1284a RDI: 00000000ffffff9c
[  303.122220][   T34] RBP: 00007f1300a1284a R08: 0000000000000000 R09: 00007f130170d6c0
[  303.125648][   T34] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008
[  303.128779][   T34] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[  303.131863][   T34]  </TASK>
[  303.133136][   T34] 
[  303.133136][   T34] Showing all locks held in the system:
[  303.136324][   T34] 3 locks held by kworker/0:0/9:
[  303.138327][   T34]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  303.142598][   T34]  #1: ffffc900000c7bc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  303.147962][   T34]  #2: ffffffff8f809188 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[  303.152396][   T34] 1 lock held by khungtaskd/34:
[  303.154339][   T34]  #0: ffffffff8e13a0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  303.158348][   T34] 2 locks held by getty/5672:
[  303.160220][   T34]  #0: ffff8880231d30a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  303.164031][   T34]  #1: ffffc900029062f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  303.168142][   T34] 2 locks held by syz.2.1943/10282:
[  303.170119][   T34]  #0: ffff88810ce12100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[  303.173809][   T34]  #1: ffffffff8f809188 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[  303.177902][   T34] 2 locks held by syz.1.1944/10288:
[  303.179953][   T34]  #0: ffffffff8f809188 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x191/0x570
[  303.183873][   T34]  #1: ffff88810ce12100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[  303.187639][   T34] 3 locks held by syz.0.2006/10451:
[  303.189636][   T34]  #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  303.192898][   T34]  #1: ffff88802b7d6100 (&dev->mutex){....}-{4:4}, at: nfc_register_device+0xa1/0x320
[  303.196663][   T34]  #2: ffffffff8f809188 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[  303.200503][   T34] 1 lock held by syz.0.2006/10456:
[  303.202484][   T34]  #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  303.205948][   T34] 1 lock held by syz-executor/10461:
[  303.208028][   T34]  #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  303.211329][   T34] 1 lock held by syz-executor/10462:
[  303.213355][   T34]  #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  303.216756][   T34] 1 lock held by syz-executor/10464:
[  303.218820][   T34]  #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  303.222013][   T34] 1 lock held by syz-executor/10467:
[  303.224077][   T34]  #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  303.227555][   T34] 1 lock held by syz-executor/10468:
[  303.229654][   T34]  #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  303.232954][   T34] 1 lock held by syz-executor/10475:
[  303.235172][   T34]  #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  303.238518][   T34] 1 lock held by syz-executor/10481:
[  303.240575][   T34]  #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  303.243911][   T34] 1 lock held by syz-executor/10483:
[  303.246278][   T34]  #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  303.249586][   T34] 1 lock held by syz-executor/10485:
[  303.251689][   T34]  #0: ffffffff8e9c2648 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  303.255123][   T34] 
[  303.256100][   T34] =============================================
[  303.256100][   T34] 
[  303.259497][   T34] NMI backtrace for cpu 0
[  303.259525][   T34] CPU: 0 UID: 0 PID: 34 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  303.259540][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  303.259547][   T34] Call Trace:
[  303.259555][   T34]  <TASK>
[  303.259562][   T34]  dump_stack_lvl+0x189/0x250
[  303.259582][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  303.259597][   T34]  ? __pfx__printk+0x10/0x10
[  303.259620][   T34]  nmi_cpu_backtrace+0x39e/0x3d0
[  303.259641][   T34]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  303.259658][   T34]  ? __pfx__printk+0x10/0x10
[  303.259677][   T34]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  303.259697][   T34]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  303.259713][   T34]  watchdog+0xf93/0xfe0
[  303.259729][   T34]  ? watchdog+0x1de/0xfe0
[  303.259746][   T34]  kthread+0x711/0x8a0
[  303.259763][   T34]  ? __pfx_watchdog+0x10/0x10
[  303.259778][   T34]  ? __pfx_kthread+0x10/0x10
[  303.259794][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  303.259810][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  303.259827][   T34]  ? __pfx_kthread+0x10/0x10
[  303.259841][   T34]  ret_from_fork+0x439/0x7d0
[  303.259856][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  303.259872][   T34]  ? __switch_to_asm+0x39/0x70
[  303.259886][   T34]  ? __switch_to_asm+0x33/0x70
[  303.259900][   T34]  ? __pfx_kthread+0x10/0x10
[  303.259914][   T34]  ret_from_fork_asm+0x1a/0x30
[  303.259941][   T34]  </TASK>
[  303.259947][   T34] Sending NMI from CPU 0 to CPUs 1:
[  303.318098][    C1] NMI backtrace for cpu 1
[  303.318109][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[  303.318118][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  303.318123][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  303.318139][    C1] Code: 53 e8 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d b3 39 15 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  303.318145][    C1] RSP: 0018:ffffc90000177de0 EFLAGS: 00000282
[  303.318152][    C1] RAX: d48a3bc6a5a70700 RBX: ffffffff819683f8 RCX: d48a3bc6a5a70700
[  303.318157][    C1] RDX: 0000000000000001 RSI: ffffffff8d9b051c RDI: ffffffff8be33f00
[  303.318162][    C1] RBP: ffffc90000177f20 R08: ffff888136632f9b R09: 1ffff11026cc65f3
[  303.318167][    C1] R10: dffffc0000000000 R11: ffffed1026cc65f4 R12: ffffffff8fa2ee30
[  303.318172][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110200d5000
[  303.318178][    C1] FS:  0000000000000000(0000) GS:ffff8881a3c3d000(0000) knlGS:0000000000000000
[  303.318184][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  303.318189][    C1] CR2: 00007f7a50087e20 CR3: 000000000df36000 CR4: 00000000000006f0
[  303.318213][    C1] Call Trace:
[  303.318219][    C1]  <TASK>
[  303.318223][    C1]  default_idle+0x13/0x20
[  303.318269][    C1]  default_idle_call+0x74/0xb0
[  303.318280][    C1]  do_idle+0x1e8/0x510
[  303.318296][    C1]  ? __pfx_do_idle+0x10/0x10
[  303.318309][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  303.318327][    C1]  cpu_startup_entry+0x44/0x60
[  303.318340][    C1]  start_secondary+0x101/0x110
[  303.318354][    C1]  common_startup_64+0x13e/0x147
[  303.318370][    C1]  </TASK>
[  303.320859][   T34] Kernel panic - not syncing: hung_task: blocked tasks
[  303.387369][   T34] CPU: 0 UID: 0 PID: 34 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  303.390807][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  303.394576][   T34] Call Trace:
[  303.395868][   T34]  <TASK>
[  303.397093][   T34]  dump_stack_lvl+0x99/0x250
[  303.398953][   T34]  ? __asan_memcpy+0x40/0x70
[  303.400802][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  303.402873][   T34]  ? __pfx__printk+0x10/0x10
[  303.404725][   T34]  vpanic+0x281/0x750
[  303.406347][   T34]  ? __pfx_vpanic+0x10/0x10
[  303.408134][   T34]  ? __x2apic_send_IPI_mask+0x1e4/0x260
[  303.410329][   T34]  ? preempt_schedule+0xae/0xc0
[  303.412258][   T34]  ? preempt_schedule_common+0x83/0xd0
[  303.414442][   T34]  panic+0xb9/0xc0
[  303.415953][   T34]  ? __pfx_panic+0x10/0x10
[  303.417738][   T34]  ? preempt_schedule_thunk+0x16/0x30
[  303.419813][   T34]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  303.422117][   T34]  watchdog+0xfd2/0xfe0
[  303.423763][   T34]  ? watchdog+0x1de/0xfe0
[  303.425503][   T34]  kthread+0x711/0x8a0
[  303.427143][   T34]  ? __pfx_watchdog+0x10/0x10
[  303.429030][   T34]  ? __pfx_kthread+0x10/0x10
[  303.430886][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  303.432950][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  303.434962][   T34]  ? __pfx_kthread+0x10/0x10
[  303.436796][   T34]  ret_from_fork+0x439/0x7d0
[  303.438625][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  303.440633][   T34]  ? __switch_to_asm+0x39/0x70
[  303.442505][   T34]  ? __switch_to_asm+0x33/0x70
[  303.444421][   T34]  ? __pfx_kthread+0x10/0x10
[  303.446253][   T34]  ret_from_fork_asm+0x1a/0x30
[  303.448155][   T34]  </TASK>
[  303.450208][   T34] Kernel Offset: disabled
[  303.451983][   T34] Rebooting in 86400 seconds..

VM DIAGNOSIS:
06:30:31  Registers:
info registers vcpu 0

CPU#0
RAX=ffffffff96323978 RBX=00000000000003dd RCX=000000000000005a RDX=0000000000000008
RSI=00000000000003dd RDI=ffff888106969cc0 RBP=ffffffff93476040 RSP=ffffc9000329f258
R8 =ffffc9000329f220 R9 =0000000000000020 R10=dffffc0000000000 R11=ffffffff819dced0
R12=ffffffff9629c598 R13=ffffffff962ff6a8 R14=ffff88810696a828 R15=0000000000000059
RIP=ffffffff819db3d7 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f7a50091800 ffffffff 00c00000
GS =0000 ffff8880b863d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000562fd2dbe000 CR3=000000010f020000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000068f6b0
R8 =ffff888106d98237 R9 =1ffff11020db3046 R10=dffffc0000000000 R11=ffffffff854fac30
R12=dffffc0000000000 R13=ffffffff99ad78d2 R14=ffffffff99dcc480 R15=0000000000000000
RIP=ffffffff854facac RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c3d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ff73a08d5e5 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000001 XMM01=0000000000000000 00007ff73c3a7d20
XMM02=0000000500000007 ffffffff00000001 XMM03=ffffffff89a7c167 ffffffff89e0e147
XMM04=0000000000000000 0000000000000016 XMM05=0000000000000000 000000000003bf12
XMM06=ffffffff895a37cb ffffffff00000007 XMM07=ffffffff00000000 ffffffff89d79886
XMM08=ffffffff89e0df97 ffffffff00000006 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
