last executing test programs:

1.418834556s ago: executing program 0 (id=627):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000004000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000340)="5c00000013006bcd9e3fe3e24e48aa31086b8703140000001f03000800010000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f60a61c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r1}, 0x10)

1.318097529s ago: executing program 1 (id=629):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newtaction={0x68, 0x30, 0x301, 0x0, 0x0, {}, [{0x54, 0x1, [@m_tunnel_key={0x50, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x1, 0x0, 0x0, 0x8}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1.268843043s ago: executing program 0 (id=631):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000007, 0x12, r0, 0x3000)
r1 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r1, 0x114, 0x3f, &(0x7f0000000040), 0x4)

1.268518355s ago: executing program 1 (id=633):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010400000000000000000500fffe0900010073797a30000000002c000000030a01020000000000000000050000000900010073797a30000000000900030073797a3200000000e4040000060a010400000000000000000500000008000b40000000000900010073797a300000000008000940000000020c0005800800014000000000c4000740ab487b1b512f33a8dbd67a8b35f2405127f309901ea13e31d5810f85eae8f528c938c24abb1b1abbda2e7fa6e0758629bb09ed64a8ba5b2ef3c3591fd06d7e10d93c0857ecac854ac51ad69639d98adb2c1464e444cc1a6a2e7ee244622433b51f58606b063f4938101a7e764c957eba2e913b2ac10435471fa769740a1275cb467e5264b71bc8727fc12e9aba46e4a8abf3dda91e0da608d6a0a35573d5524fb25451cc23051887de4df85c8e771260c4943e78905aa1e7493027366ed1bea0d80304804800018008000100667764003c000280080001"], 0x558}}, 0x40)

1.165198744s ago: executing program 0 (id=634):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0xc054)
socket$netlink(0x10, 0x3, 0x8)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan0\x00'})
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @null, @bpq0, 0x3, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]})
bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2000c000)
setsockopt$inet_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0xc, 0x0, 0x0)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r3, 0x890b, &(0x7f00000007c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6, @bcast, @bpq0, 0x5, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]})

1.160395327s ago: executing program 1 (id=636):
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x54}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a)
sendfile(r0, r1, 0x0, 0xffffffff000)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
shutdown(r0, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000380)={{{@in6=@remote, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@empty}, 0x0, @in=@loopback}}, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newsa={0x13c, 0x10, 0x100, 0x70bd29, 0x0, {{@in=@remote, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x4e24, 0x0, 0x2, 0x0, 0x20, 0x2f, 0x0, r3}, {@in=@multicast1, 0x0, 0x32}, @in6=@loopback={0x100000000000000}, {0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x8, 0x80000, 0x81}, {0x0, 0x5, 0x4, 0x4000006}, {0x0, 0xfffffff9, 0x80000}, 0x0, 0x0, 0x2, 0x1, 0x81, 0x68}, [@algo_aead={0x4c, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x0, 0x80}}]}, 0x13c}, 0x1, 0x0, 0x0, 0x612fc0b6c779297b}, 0x20000080)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
shutdown(0xffffffffffffffff, 0x1)

1.110174701s ago: executing program 0 (id=637):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@newtaction={0x74, 0x30, 0x200, 0x0, 0x0, {}, [{0x60, 0x1, [@m_mpls={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0xfffffffc}, 0x1}}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8848}, @TCA_MPLS_TTL={0x5, 0x7, 0x7}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xe, 0x3}, {}, {0x5, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x40004)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84)

1.001075487s ago: executing program 0 (id=638):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'wp256\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendto$unix(r1, &(0x7f0000000000)="96e1825a8935527e2e610c701cea2bb564c4f3345c6a44b804bc2842519c666846c34acc07959ab1775837fe47f7d71eb72ae94e20ca5d34dcc577b4bebc0efe60e6fcb7f0aa9cb21196ab6f65d5e43b36c44f8887a13103f665e9fd646b65e2f4a9ba21d5214c4a6c936bc78f2f59c7a1bf221a1171c6cd4881942dd7acb7803ad6a8f4b8841bc19b805d9ab9765bd220c0b6ac8b051815481268175ff7409d4b1bf71b36818e8bf3c1", 0xfffffffffffffd2e, 0x20044801, 0x0, 0x0)

747.325547ms ago: executing program 2 (id=641):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x8, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000091106a000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)

651.498662ms ago: executing program 2 (id=642):
r0 = socket$inet6_icmp(0xa, 0x2, 0x3a)
bind$inet6(r0, &(0x7f0000000240)={0xa, 0x2, 0x1000, @empty}, 0x1c)
syz_emit_ethernet(0x3e, &(0x7f0000000400)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x29}, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, "fbddf0", 0x8, 0x3a, 0xff, @remote, @mcast2, {[], @echo_reply={0x81, 0x0, 0x0, 0x2, 0x8}}}}}}, 0x0)
recvfrom(r0, 0x0, 0x0, 0x40000040, 0x0, 0x0)

610.997145ms ago: executing program 2 (id=643):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0xa, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000007b0164000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x86, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)

490.999244ms ago: executing program 2 (id=644):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x4, 0x1, 0x4}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='rss_stat\x00', r2}, 0x18)
syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e21, 0x5, @loopback, 0xa}}, 0x0, 0x0, 0x22, 0x0, "bb353738cb473fc7c9f1cf53b6a7b4e23602a3c364ca41d6e5615445244740bd4c0b42a21d7214bf92594925208a0e2f964e654dc534a6324d4993fcf19b2df3ee818a118a7c49462189316d556d2ccd"}, 0xd8)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
listen(r3, 0x8)
getpeername$unix(r3, &(0x7f0000000440), &(0x7f00000004c0)=0x6e)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_tcp_int(r0, 0x6, 0x11, &(0x7f0000000180)=0xfff, 0x4)
sendto$inet6(r0, &(0x7f00000000c0)="e9", 0x1, 0x20008045, &(0x7f00000001c0)={0xa, 0x2, 0x1000, @empty}, 0x1c)
r4 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_mtu(r4, 0x29, 0x17, &(0x7f0000000040), 0x4)
socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r4, 0x0, 0x0, 0x2400ed80, &(0x7f0000000080)={0xa, 0x4621, 0x0, @local}, 0x1c)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000400)=r2, 0x4)
writev(r4, &(0x7f0000001180)=[{&(0x7f0000001240)="06367d6d", 0x4}], 0x1)

425.049897ms ago: executing program 0 (id=645):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socket(0xa, 0x3, 0x3a)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x4501c3, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7bedcb5d07081196f37538e486dd6372ce22667f2b00dbf6e97158cf474fec87891f6d76745b686158bbcfe8875afdef00010000000029"], 0x66)

367.835507ms ago: executing program 2 (id=646):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000000)=0x84, 0xfde1)
sendto$inet6(r0, 0x0, 0x0, 0x8c612f044f7ba963, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1, 0x80000001}, 0x1a)
sendto$inet6(r0, &(0x7f0000001cc0)="2501d77b330b7e73d6b1d1b8a473ff7420b4b43ce0861f000000714fa228ee1f5b48", 0xfffffffffffffccd, 0x81, 0x0, 0x18)

260.48262ms ago: executing program 2 (id=647):
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e0000001ac1414aa0000000002000000ac1414aa"], 0x18)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10)

149.966381ms ago: executing program 1 (id=648):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r1 = socket$inet6(0xa, 0x2, 0x0)
readv(r0, &(0x7f0000000540)=[{&(0x7f0000000440)=""/254, 0xfe}], 0x1)
sendmmsg$inet6(r1, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfffffffc}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)="aa", 0x1}], 0x1}}], 0x2, 0x2000c8c0)
syz_emit_ethernet(0x46, &(0x7f0000000040)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "82dc05", 0x10, 0x11, 0xff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @empty}, {[], {0x4e22, 0x5e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x2, 0x4, 0x100}}}}}}}}, 0x0)
sendmmsg$inet6(r1, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000140)="93503ddb3c8568f7252b980756003df3fcaae0af56041e0625fd9f19c9f6748188c92727ce44457fa133c41a2d87dfebd07504b4385fc804a26c20196fe3bb252e44ea42", 0x44}], 0x1}}], 0x1, 0x40)

282.659µs ago: executing program 1 (id=649):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000ac0)={0x30, 0x3e, 0x107, 0xfffffffe, 0xfffffffc, {0x1, 0x7c}, [@nested={0x8, 0x142, 0x0, 0x1, [@typed={0x4, 0x8}]}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x17}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)

0s ago: executing program 1 (id=650):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:25171' (ED25519) to the list of known hosts.
syzkaller login: [   57.299620][ T5819] cgroup: Unknown subsys name 'net'
[   57.426020][ T5819] cgroup: Unknown subsys name 'cpuset'
[   57.432036][ T5819] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   59.359971][ T5819] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   66.406405][ T5852] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   69.325318][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   69.328715][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   69.331610][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   69.335499][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   69.341635][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   69.411971][ T5221] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   69.415143][ T5221] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   69.418548][ T5221] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   69.421911][ T5221] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   69.437306][ T5873] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   69.440837][ T5873] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   69.453733][ T5873] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   69.462285][ T5873] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   69.465158][ T5873] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   69.473348][ T5880] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   69.631033][ T5871] chnl_net:caif_netlink_parms(): no params data found
[   69.770701][ T5871] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.774482][ T5871] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.777622][ T5871] bridge_slave_0: entered allmulticast mode
[   69.782089][ T5871] bridge_slave_0: entered promiscuous mode
[   69.825871][ T5871] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.829294][ T5871] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.832417][ T5871] bridge_slave_1: entered allmulticast mode
[   69.835702][ T5871] bridge_slave_1: entered promiscuous mode
[   69.877755][ T5875] chnl_net:caif_netlink_parms(): no params data found
[   69.891579][ T5871] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   69.905157][ T5871] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   69.969774][ T5871] team0: Port device team_slave_0 added
[   70.014851][ T5871] team0: Port device team_slave_1 added
[   70.074568][ T5875] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.077958][ T5875] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.080876][ T5875] bridge_slave_0: entered allmulticast mode
[   70.087608][ T5875] bridge_slave_0: entered promiscuous mode
[   70.091118][ T5875] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.093926][ T5875] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.097099][ T5875] bridge_slave_1: entered allmulticast mode
[   70.100962][ T5875] bridge_slave_1: entered promiscuous mode
[   70.106483][ T5871] batman_adv: batadv0: Adding interface: batadv_slave_0
[   70.109197][ T5871] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.118284][ T5871] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   70.127010][ T5871] batman_adv: batadv0: Adding interface: batadv_slave_1
[   70.130052][ T5871] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.141852][ T5871] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   70.157064][ T5877] chnl_net:caif_netlink_parms(): no params data found
[   70.185093][ T5875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   70.193294][ T5875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   70.244047][ T5875] team0: Port device team_slave_0 added
[   70.263847][ T5875] team0: Port device team_slave_1 added
[   70.335930][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_0
[   70.338738][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.349028][ T5875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   70.359497][ T5871] hsr_slave_0: entered promiscuous mode
[   70.366583][ T5871] hsr_slave_1: entered promiscuous mode
[   70.377814][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_1
[   70.380602][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.391705][ T5875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   70.462504][ T5877] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.465522][ T5877] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.468302][ T5877] bridge_slave_0: entered allmulticast mode
[   70.473238][ T5877] bridge_slave_0: entered promiscuous mode
[   70.482782][ T5877] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.485520][ T5877] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.488286][ T5877] bridge_slave_1: entered allmulticast mode
[   70.492599][ T5877] bridge_slave_1: entered promiscuous mode
[   70.544594][ T5875] hsr_slave_0: entered promiscuous mode
[   70.548149][ T5875] hsr_slave_1: entered promiscuous mode
[   70.551076][ T5875] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   70.556390][ T5875] Cannot create hsr debugfs directory
[   70.576518][ T5877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   70.583639][ T5877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   70.657764][ T5877] team0: Port device team_slave_0 added
[   70.694797][ T5877] team0: Port device team_slave_1 added
[   70.742943][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_0
[   70.745462][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.757321][ T5877] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   70.785380][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_1
[   70.788596][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.799195][ T5877] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   70.858968][ T5871] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   70.867984][ T5871] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   70.879018][ T5877] hsr_slave_0: entered promiscuous mode
[   70.881951][ T5877] hsr_slave_1: entered promiscuous mode
[   70.884294][ T5877] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   70.886704][ T5877] Cannot create hsr debugfs directory
[   70.888939][ T5871] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   70.897464][ T5871] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   70.977287][ T5875] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   70.995410][ T5875] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   71.004416][ T5875] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   71.012692][ T5875] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   71.127691][ T5877] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   71.132697][ T5877] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   71.138405][ T5877] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   71.144269][ T5877] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   71.215856][ T5871] 8021q: adding VLAN 0 to HW filter on device bond0
[   71.244433][ T5875] 8021q: adding VLAN 0 to HW filter on device bond0
[   71.264806][ T5877] 8021q: adding VLAN 0 to HW filter on device bond0
[   71.268350][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[   71.270938][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[   71.279514][ T5871] 8021q: adding VLAN 0 to HW filter on device team0
[   71.294059][ T5875] 8021q: adding VLAN 0 to HW filter on device team0
[   71.304531][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.306941][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.313240][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.316919][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.327389][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.329878][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.335752][ T5877] 8021q: adding VLAN 0 to HW filter on device team0
[   71.349832][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.352287][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.357385][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.360242][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.387314][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.389618][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.416540][ T5875] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   71.432750][ T5880] Bluetooth: hci0: command tx timeout
[   71.503606][   T54] Bluetooth: hci1: command tx timeout
[   71.505871][ T5880] Bluetooth: hci2: command tx timeout
[   71.606243][ T5875] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.612384][ T5877] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.620268][ T5871] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.686550][ T5877] veth0_vlan: entered promiscuous mode
[   71.699771][ T5875] veth0_vlan: entered promiscuous mode
[   71.710243][ T5877] veth1_vlan: entered promiscuous mode
[   71.717711][ T5871] veth0_vlan: entered promiscuous mode
[   71.725993][ T5875] veth1_vlan: entered promiscuous mode
[   71.749830][ T5871] veth1_vlan: entered promiscuous mode
[   71.774324][ T5877] veth0_macvtap: entered promiscuous mode
[   71.781164][ T5877] veth1_macvtap: entered promiscuous mode
[   71.803729][ T5875] veth0_macvtap: entered promiscuous mode
[   71.818731][ T5871] veth0_macvtap: entered promiscuous mode
[   71.825545][ T5875] veth1_macvtap: entered promiscuous mode
[   71.835176][ T5871] veth1_macvtap: entered promiscuous mode
[   71.841096][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_0
[   71.857468][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_1
[   71.868788][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_0
[   71.875837][ T5877] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   71.879638][ T5877] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   71.883283][ T5877] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   71.886684][ T5877] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   71.908338][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_1
[   71.917509][ T5871] batman_adv: batadv0: Interface activated: batadv_slave_0
[   71.926328][ T5875] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   71.930453][ T5875] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   71.935380][ T5875] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   71.938672][ T5875] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   71.956903][ T5871] batman_adv: batadv0: Interface activated: batadv_slave_1
[   71.966755][ T5871] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   71.970886][ T5871] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   71.976107][ T5871] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   71.979552][ T5871] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.072408][ T4356] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.080673][ T4356] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.112319][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.115615][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.168387][ T3980] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.172070][ T3980] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.210355][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.224097][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.240959][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.255031][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.276088][ T4356] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.279268][ T4356] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.296801][ T5999] openvswitch: netlink: Key type 30 is not supported
[   73.502659][ T5880] Bluetooth: hci0: command tx timeout
[   73.555240][ T6016] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.48'.
[   73.586077][ T6018] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   73.591715][   T54] Bluetooth: hci1: command tx timeout
[   73.594361][ T5880] Bluetooth: hci2: command tx timeout
[   74.473829][ T6053] syz.0.67 uses obsolete (PF_INET,SOCK_PACKET)
[   74.577826][ T6058] netlink: 12 bytes leftover after parsing attributes in process `syz.2.69'.
[   75.058459][ T6080] warning: `syz.2.81' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   75.244464][ T6090] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   75.265345][ T6090] xt_TPROXY: Can be used only with -p tcp or -p udp
[   75.380320][ T6099] netlink: 'syz.0.88': attribute type 1 has an invalid length.
[   75.512144][ T6105] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   75.515772][ T6105] IPv6: NLM_F_CREATE should be set when creating new route
[   75.517782][ T6107] netlink: 4388 bytes leftover after parsing attributes in process `syz.1.93'.
[   75.519208][ T6105] IPv6: NLM_F_CREATE should be set when creating new route
[   75.526171][ T6105] IPv6: NLM_F_CREATE should be set when creating new route
[   75.583513][ T5880] Bluetooth: hci0: command tx timeout
[   75.585463][ T6105] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   75.585545][ T6105] Zero length message leads to an empty skb
[   75.662011][   T54] Bluetooth: hci1: command tx timeout
[   75.664468][ T5880] Bluetooth: hci2: command tx timeout
[   76.142429][ T6139] netlink: 36 bytes leftover after parsing attributes in process `syz.1.104'.
[   76.156037][ T6139] netlink: 76 bytes leftover after parsing attributes in process `syz.1.104'.
[   76.169231][ T6142] netlink: 'syz.2.102': attribute type 2 has an invalid length.
[   76.396697][ T6159] netlink: 16 bytes leftover after parsing attributes in process `syz.1.110'.
[   76.777236][ T6181] netlink: 12 bytes leftover after parsing attributes in process `syz.2.121'.
[   76.787870][ T6181] netlink: 'syz.2.121': attribute type 1 has an invalid length.
[   76.848294][ T6186] netlink: 20 bytes leftover after parsing attributes in process `syz.2.121'.
[   76.852096][ T6186] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[   76.965679][ T6190] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   77.133786][ T6200] netlink: 36 bytes leftover after parsing attributes in process `syz.2.130'.
[   77.285570][ T6211] netlink: 'syz.0.136': attribute type 3 has an invalid length.
[   77.665195][ T5880] Bluetooth: hci0: command tx timeout
[   77.741950][ T5880] Bluetooth: hci2: command tx timeout
[   77.744186][ T5880] Bluetooth: hci1: command tx timeout
[   78.061152][ T6261] netlink: 48 bytes leftover after parsing attributes in process `syz.0.157'.
[   78.680476][ T6303] xt_CT: You must specify a L4 protocol and not use inversions on it
[   79.060769][ T6326] netlink: 'syz.0.186': attribute type 3 has an invalid length.
[   79.128376][ T6328] pim6reg1: entered allmulticast mode
[   79.264879][ T6336] netlink: 8 bytes leftover after parsing attributes in process `syz.2.191'.
[   79.291246][ T6336] netlink: 12 bytes leftover after parsing attributes in process `syz.2.191'.
[   79.535794][ T6349] netlink: 8 bytes leftover after parsing attributes in process `syz.0.197'.
[   80.125015][ T6382] netlink: 8 bytes leftover after parsing attributes in process `syz.2.214'.
[   80.426547][ T6398] netlink: 'syz.2.221': attribute type 1 has an invalid length.
[   80.431027][ T6398] netlink: 224 bytes leftover after parsing attributes in process `syz.2.221'.
[   80.498056][ T6402] netlink: 20 bytes leftover after parsing attributes in process `syz.0.224'.
[   83.895376][ T6541] IPv6: syztnl1: Disabled Multicast RS
[   84.725243][ T6584] batadv1: entered allmulticast mode
[   84.729215][ T6584] 8021q: adding VLAN 0 to HW filter on device batadv1
[   84.817977][ T6588] tipc: Started in network mode
[   84.819967][ T6588] tipc: Node identity aa398a1d8e81, cluster identity 4711
[   84.823653][ T6588] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   84.875810][ T6588] syzkaller0: entered promiscuous mode
[   84.878983][ T6588] syzkaller0: entered allmulticast mode
[   84.885598][ T6588] tipc: Resetting bearer <eth:syzkaller0>
[   84.901648][ T6587] tipc: Resetting bearer <eth:syzkaller0>
[   85.904515][ T5920] tipc: Node number set to 616073757
[   86.109676][ T6587] tipc: Disabling bearer <eth:syzkaller0>
[   86.596628][ T6642] bridge: RTM_NEWNEIGH with invalid ether address
[   86.624814][ T1270] cfg80211: failed to load regulatory.db
[   86.677080][ T6646] xt_CT: No such helper "snmp"
[   86.937146][ T6669] netlink: 24 bytes leftover after parsing attributes in process `syz.2.344'.
[   87.061196][ T6683] netlink: 4 bytes leftover after parsing attributes in process `syz.2.351'.
[   87.317634][ T6703] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[   87.390783][ T6709] netlink: 'syz.1.363': attribute type 12 has an invalid length.
[   87.394021][ T6709] netlink: 9472 bytes leftover after parsing attributes in process `syz.1.363'.
[   87.839514][ T6734] netlink: 12 bytes leftover after parsing attributes in process `syz.1.376'.
[   87.863558][ T6734] netlink: 'syz.1.376': attribute type 1 has an invalid length.
[   87.867573][ T6734] netlink: 'syz.1.376': attribute type 1 has an invalid length.
[   88.127212][ T6748] netlink: 8 bytes leftover after parsing attributes in process `syz.1.383'.
[   88.224191][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802cf44400: rx timeout, send abort
[   88.290496][ T6758] netlink: 'syz.2.388': attribute type 1 has an invalid length.
[   88.412635][   T55] block nbd0: Receive control failed (result -32)
[   88.438927][ T6766] tipc: Started in network mode
[   88.440735][ T6766] tipc: Node identity 5255463b756, cluster identity 4711
[   88.445017][ T6766] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   88.453007][ T6766] syzkaller0: entered promiscuous mode
[   88.454868][ T6766] syzkaller0: entered allmulticast mode
[   88.483339][ T6766] tipc: Resetting bearer <eth:syzkaller0>
[   88.494156][ T6765] tipc: Resetting bearer <eth:syzkaller0>
[   88.508104][ T6765] tipc: Disabling bearer <eth:syzkaller0>
[   88.728025][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802cf44400: abort rx timeout. Force session deactivation
[   89.074161][ T6792] xt_CT: No such helper "snmp"
[   89.234790][ T6797] Driver unsupported XDP return value 0 on prog  (id 63) dev N/A, expect packet loss!
[   89.244326][ T6799] netlink: 32 bytes leftover after parsing attributes in process `syz.0.406'.
[   89.365993][ T6806] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   89.370516][ T6806] batadv_slave_0: entered promiscuous mode
[   89.597607][ T6815] netlink: 32 bytes leftover after parsing attributes in process `syz.0.414'.
[   89.611799][ T6815] netlink: 7 bytes leftover after parsing attributes in process `syz.0.414'.
[   90.098197][ T6852] syzkaller0: entered promiscuous mode
[   90.100924][ T6852] syzkaller0: entered allmulticast mode
[   91.570114][ T6899] netlink: 8 bytes leftover after parsing attributes in process `syz.2.452'.
[   91.573905][ T6899] netlink: 'syz.2.452': attribute type 29 has an invalid length.
[   91.576758][ T6899] netlink: 4 bytes leftover after parsing attributes in process `syz.2.452'.
[   91.664317][ T6907] netlink: 'syz.1.456': attribute type 1 has an invalid length.
[   91.697617][ T6907] nbd: socks must be embedded in a SOCK_ITEM attr
[   91.707941][ T6907] block nbd1: shutting down sockets
[   92.260295][ T6952] xt_hashlimit: size too large, truncated to 1048576
[   92.460328][ T6965] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on
[   92.530819][ T6969] __nla_validate_parse: 5 callbacks suppressed
[   92.530830][ T6969] netlink: 1041 bytes leftover after parsing attributes in process `syz.2.483'.
[   93.027480][ T7003] netlink: 8 bytes leftover after parsing attributes in process `syz.2.500'.
[   93.560141][ T7044] netlink: 4 bytes leftover after parsing attributes in process `syz.2.509'.
[   93.889718][ T7063] SET target dimension over the limit!
[   94.657877][ T7122] netlink: 'syz.1.536': attribute type 7 has an invalid length.
[   94.660462][ T7122] netlink: 'syz.1.536': attribute type 3 has an invalid length.
[   94.664863][ T7122] netlink: 224 bytes leftover after parsing attributes in process `syz.1.536'.
[   95.622091][ T7193] pimreg: entered allmulticast mode
[   95.625652][ T7195] netlink: 'syz.0.567': attribute type 1 has an invalid length.
[   95.630270][ T7195] netlink: 224 bytes leftover after parsing attributes in process `syz.0.567'.
[   95.637584][ T7193] pimreg: left allmulticast mode
[   96.055059][ T7231] netlink: 6032 bytes leftover after parsing attributes in process `syz.1.586'.
[   96.420422][ T7267] netlink: 'syz.0.604': attribute type 2 has an invalid length.
[   96.426577][ T7267] netlink: 119 bytes leftover after parsing attributes in process `syz.0.604'.
[   96.748910][ T7290] tipc: Started in network mode
[   96.751445][ T7290] tipc: Node identity b6244f8f29bc, cluster identity 4711
[   96.757016][ T7290] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   96.805026][ T7290] syzkaller0: entered promiscuous mode
[   96.807716][ T7290] syzkaller0: entered allmulticast mode
[   96.812341][ T7290] tipc: Resetting bearer <eth:syzkaller0>
[   96.836720][ T7289] tipc: Resetting bearer <eth:syzkaller0>
[   97.831567][ T5920] tipc: Node number set to 2677559183
[   97.849861][ T7289] tipc: Disabling bearer <eth:syzkaller0>
[   97.913167][ T7311] team0: No ports can be present during mode change
[   98.055349][ T7323] netlink: 'syz.0.627': attribute type 10 has an invalid length.
[   98.059695][ T7323] netlink: 40 bytes leftover after parsing attributes in process `syz.0.627'.
[   98.071108][ T7323] batadv0: entered promiscuous mode
[   98.074692][ T7323] bridge0: port 3(batadv0) entered blocking state
[   98.078306][ T7323] bridge0: port 3(batadv0) entered disabled state
[   98.084614][ T7323] batadv0: entered allmulticast mode
[   98.093732][ T7323] bridge0: port 3(batadv0) entered blocking state
[   98.096914][ T7323] bridge0: port 3(batadv0) entered forwarding state
[   98.172110][ T7331] netlink: 16 bytes leftover after parsing attributes in process `syz.2.632'.
[   98.220439][ T7335] netlink: 12 bytes leftover after parsing attributes in process `syz.1.633'.
[   98.224959][ T7335] netlink: 48 bytes leftover after parsing attributes in process `syz.1.633'.
[   98.306001][ T7341] Cannot find map_set index 0 as target
[   98.326976][   T13] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[   98.331122][   T13] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[   98.385401][ T7341] RDS: rds_bind could not find a transport for fc00::1, load rds_tcp or rds_rdma?
[   98.387543][ T7344] openvswitch: netlink: Multiple metadata blocks provided
[   99.476189][ T7376] netlink: 20 bytes leftover after parsing attributes in process `syz.1.650'.
[   99.697601][   T32] 
[   99.698880][   T32] ======================================================
[   99.702047][   T32] WARNING: possible circular locking dependency detected
[   99.704790][   T32] 6.16.0-rc5-syzkaller-00159-g47c84997c686-dirty #0 Not tainted
[   99.708917][   T32] ------------------------------------------------------
[   99.711801][   T32] kworker/u9:1/32 is trying to acquire lock:
[   99.714245][   T32] ffff888032b37358 (&disk->open_mutex){+.+.}-{4:4}, at: __del_gendisk+0x129/0x9e0
[   99.719226][   T32] 
[   99.719226][   T32] but task is already holding lock:
[   99.722489][   T32] ffff8880350eb988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: del_gendisk+0xe0/0x160
[   99.726640][   T32] 
[   99.726640][   T32] which lock already depends on the new lock.
[   99.726640][   T32] 
[   99.731490][   T32] 
[   99.731490][   T32] the existing dependency chain (in reverse order) is:
[   99.735669][   T32] 
[   99.735669][   T32] -> #2 (&set->update_nr_hwq_lock){++++}-{4:4}:
[   99.739231][   T32]        lock_acquire+0x120/0x360
[   99.741633][   T32]        down_write+0x96/0x1f0
[   99.744243][   T32]        blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   99.747159][   T32]        nbd_start_device+0x16c/0xac0
[   99.749482][   T32]        nbd_genl_connect+0x1250/0x1930
[   99.751716][   T32]        genl_family_rcv_msg_doit+0x215/0x300
[   99.754481][   T32]        genl_rcv_msg+0x60e/0x790
[   99.757038][   T32]        netlink_rcv_skb+0x208/0x470
[   99.759658][   T32]        genl_rcv+0x28/0x40
[   99.761682][   T32]        netlink_unicast+0x75c/0x8e0
[   99.763860][   T32]        netlink_sendmsg+0x805/0xb30
[   99.766118][   T32]        __sock_sendmsg+0x21c/0x270
[   99.768805][   T32]        ____sys_sendmsg+0x505/0x830
[   99.771278][   T32]        ___sys_sendmsg+0x21f/0x2a0
[   99.773536][   T32]        __x64_sys_sendmsg+0x19b/0x260
[   99.775634][   T32]        do_syscall_64+0xfa/0x3b0
[   99.777603][   T32]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.780490][   T32] 
[   99.780490][   T32] -> #1 (&nbd->config_lock){+.+.}-{4:4}:
[   99.783401][   T32]        lock_acquire+0x120/0x360
[   99.784963][   T32]        __mutex_lock+0x182/0xe80
[   99.786609][   T32]        refcount_dec_and_mutex_lock+0x30/0xa0
[   99.789129][   T32]        nbd_config_put+0x2c/0x790
[   99.791288][   T32]        nbd_release+0xfe/0x140
[   99.793317][   T32]        bdev_release+0x536/0x650
[   99.795316][   T32]        blkdev_release+0x15/0x20
[   99.797263][   T32]        __fput+0x44c/0xa70
[   99.798888][   T32]        fput_close_sync+0x119/0x200
[   99.801088][   T32]        __x64_sys_close+0x7f/0x110
[   99.803140][   T32]        do_syscall_64+0xfa/0x3b0
[   99.805613][   T32]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.808299][   T32] 
[   99.808299][   T32] -> #0 (&disk->open_mutex){+.+.}-{4:4}:
[   99.810945][   T32]        validate_chain+0xb9b/0x2140
[   99.812847][   T32]        __lock_acquire+0xab9/0xd20
[   99.814825][   T32]        lock_acquire+0x120/0x360
[   99.816830][   T32]        __mutex_lock+0x182/0xe80
[   99.818437][   T32]        __del_gendisk+0x129/0x9e0
[   99.820179][   T32]        del_gendisk+0xe8/0x160
[   99.822140][   T32]        nbd_dev_remove_work+0x47/0xe0
[   99.824195][   T32]        process_scheduled_works+0xae1/0x17b0
[   99.827096][   T32]        worker_thread+0x8a0/0xda0
[   99.829288][   T32]        kthread+0x711/0x8a0
[   99.831175][   T32]        ret_from_fork+0x3fc/0x770
[   99.833265][   T32]        ret_from_fork_asm+0x1a/0x30
[   99.835618][   T32] 
[   99.835618][   T32] other info that might help us debug this:
[   99.835618][   T32] 
[   99.840361][   T32] Chain exists of:
[   99.840361][   T32]   &disk->open_mutex --> &nbd->config_lock --> &set->update_nr_hwq_lock
[   99.840361][   T32] 
[   99.845896][   T32]  Possible unsafe locking scenario:
[   99.845896][   T32] 
[   99.848976][   T32]        CPU0                    CPU1
[   99.850861][   T32]        ----                    ----
[   99.852907][   T32]   rlock(&set->update_nr_hwq_lock);
[   99.855056][   T32]                                lock(&nbd->config_lock);
[   99.858179][   T32]                                lock(&set->update_nr_hwq_lock);
[   99.861435][   T32]   lock(&disk->open_mutex);
[   99.863332][   T32] 
[   99.863332][   T32]  *** DEADLOCK ***
[   99.863332][   T32] 
[   99.866789][   T32] 3 locks held by kworker/u9:1/32:
[   99.869076][   T32]  #0: ffff88810549e948 ((wq_completion)nbd-del){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[   99.873520][   T32]  #1: ffffc9000065fbc0 ((work_completion)(&nbd->remove_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[   99.877568][   T32]  #2: ffff8880350eb988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: del_gendisk+0xe0/0x160
[   99.881300][   T32] 
[   99.881300][   T32] stack backtrace:
[   99.883797][   T32] CPU: 0 UID: 0 PID: 32 Comm: kworker/u9:1 Not tainted 6.16.0-rc5-syzkaller-00159-g47c84997c686-dirty #0 PREEMPT(full) 
[   99.883817][   T32] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   99.883828][   T32] Workqueue: nbd-del nbd_dev_remove_work
[   99.883848][   T32] Call Trace:
[   99.883856][   T32]  <TASK>
[   99.883863][   T32]  dump_stack_lvl+0x189/0x250
[   99.883883][   T32]  ? __pfx_dump_stack_lvl+0x10/0x10
[   99.883899][   T32]  ? __pfx__printk+0x10/0x10
[   99.883918][   T32]  ? print_lock_name+0xde/0x100
[   99.883937][   T32]  print_circular_bug+0x2ee/0x310
[   99.883956][   T32]  check_noncircular+0x134/0x160
[   99.883972][   T32]  validate_chain+0xb9b/0x2140
[   99.883991][   T32]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   99.884011][   T32]  ? arch_stack_walk+0x11c/0x150
[   99.884030][   T32]  __lock_acquire+0xab9/0xd20
[   99.884046][   T32]  ? __del_gendisk+0x129/0x9e0
[   99.884060][   T32]  lock_acquire+0x120/0x360
[   99.884070][   T32]  ? __del_gendisk+0x129/0x9e0
[   99.884086][   T32]  ? check_path+0x21/0x40
[   99.884103][   T32]  __mutex_lock+0x182/0xe80
[   99.884117][   T32]  ? __del_gendisk+0x129/0x9e0
[   99.884133][   T32]  ? __del_gendisk+0x129/0x9e0
[   99.884147][   T32]  ? __pfx___mutex_lock+0x10/0x10
[   99.884160][   T32]  ? __pfx___might_resched+0x10/0x10
[   99.884172][   T32]  ? __lock_acquire+0xab9/0xd20
[   99.884180][   T32]  ? disk_del_events+0xb5/0x210
[   99.884190][   T32]  ? __del_gendisk+0xc1/0x9e0
[   99.884199][   T32]  __del_gendisk+0x129/0x9e0
[   99.884208][   T32]  ? del_gendisk+0xe0/0x160
[   99.884218][   T32]  ? __pfx___del_gendisk+0x10/0x10
[   99.884228][   T32]  ? down_read+0x1ad/0x2e0
[   99.884237][   T32]  del_gendisk+0xe8/0x160
[   99.884246][   T32]  nbd_dev_remove_work+0x47/0xe0
[   99.884255][   T32]  ? process_scheduled_works+0x9ef/0x17b0
[   99.884266][   T32]  process_scheduled_works+0xae1/0x17b0
[   99.884280][   T32]  ? __pfx_process_scheduled_works+0x10/0x10
[   99.884293][   T32]  worker_thread+0x8a0/0xda0
[   99.884307][   T32]  kthread+0x711/0x8a0
[   99.884320][   T32]  ? __pfx_worker_thread+0x10/0x10
[   99.884330][   T32]  ? __pfx_kthread+0x10/0x10
[   99.884342][   T32]  ? _raw_spin_unlock_irq+0x23/0x50
[   99.884353][   T32]  ? lockdep_hardirqs_on+0x9c/0x150
[   99.884366][   T32]  ? __pfx_kthread+0x10/0x10
[   99.884377][   T32]  ret_from_fork+0x3fc/0x770
[   99.884387][   T32]  ? __pfx_ret_from_fork+0x10/0x10
[   99.884397][   T32]  ? __switch_to_asm+0x39/0x70
[   99.884408][   T32]  ? __switch_to_asm+0x33/0x70
[   99.884419][   T32]  ? __pfx_kthread+0x10/0x10
[   99.884430][   T32]  ret_from_fork_asm+0x1a/0x30
[   99.884470][   T32]  </TASK>

VM DIAGNOSIS:
00:06:49  Registers:
info registers vcpu 0

CPU#0
RAX=000000000000002d RBX=000000000000002d RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000065ee10
R8 =ffff8880206e8237 R9 =1ffff110040dd046 R10=dffffc0000000000 R11=ffffffff85478780
R12=dffffc0000000000 R13=ffffffff99af98a2 R14=ffffffff99dfe6e0 R15=0000000000000000
RIP=ffffffff854787fc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32f1aff8 CR3=000000010eba6000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=0000000000000000 0000000000000000 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f0b31a11c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=1ffff92000533e52 RBX=ffffc9000299f290 RCX=0c30b9b572618500 RDX=dffffc0000000000
RSI=ffffffff81852a7c RDI=ffffc9000299f248 RBP=dffffc0000000000 RSP=ffffc9000299f178
R8 =ffffc9000299f310 R9 =000000000000000a R10=ffffc9000299f298 R11=ffffffff81ad03a0
R12=ffff888021f40000 R13=0000000000000000 R14=ffffc9000299f248 R15=ffffc9000299f248
RIP=ffffffff8172aa76 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f2bf1bf66c0 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32f11ff8 CR3=00000001258e4000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff81cf2113 ffffffff81686f4f
XMM02=00007f0b31b85478 ffffffff81686f4f XMM03=00007f0b31b85488 00007f0b31b85480
XMM04=00007f0b326ed100 00007f0b31b85440 XMM05=00007f0b31b85458 00007f0b31b854a0
XMM06=00007f0b31b85498 00007f0b31b85490 XMM07=00007f0b31b85488 00007f0b31b85480
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f0b31a11c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
