last executing test programs: 1.795251154s ago: executing program 1 (id=93): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0xe, 0x4, 0x4, 0x20002, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) getsockopt$rose(0xffffffffffffffff, 0x104, 0x7, 0x0, 0x0) bind$rds(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$rds(r2, &(0x7f00000002c0)={&(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000640)}, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet_smc(0x2b, 0x1, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) ppoll(&(0x7f0000000500)=[{r3}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) close(0x4) write$cgroup_int(r1, &(0x7f0000000200), 0xffffffc1) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r5, 0x0) mmap(&(0x7f00007a6000/0x3000)=nil, 0x3000, 0x100000c, 0x22051, r1, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x2c, r7, 0x6a98047402e98331, 0x1000000, 0x0, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x50}, 0x4886) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r1) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0xba0c29e690d41d4b, 0x20000000ec071, 0xffffffffffffffff, 0x0) 1.347272956s ago: executing program 2 (id=109): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x2540, 0x0) ioctl$RFKILL_IOC_MAX_SIZE(r0, 0x2, &(0x7f0000000040)=0x5) 1.346833777s ago: executing program 2 (id=111): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xa}, [@call={0x85, 0x0, 0x0, 0x2c}, @call={0x85, 0x0, 0x0, 0x2a}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000140)="fea53898b8cf174215fbb62ae1a7", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 1.343202512s ago: executing program 2 (id=113): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000700)=@newlink={0x40, 0x10, 0x1, 0x70bd22, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x40338, 0x20240}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BATADV_ALGO_NAME={0xc, 0x1, 'BATMAN_V'}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0xc084}, 0x40000c4) 1.31096761s ago: executing program 2 (id=114): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000100)={0x8c, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x8c}}, 0x0) 1.258930699s ago: executing program 2 (id=116): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x3}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000000c0)={'wlan1\x00', &(0x7f0000000080)=@ethtool_stats}) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000100)=0x202) ioctl$PPPIOCSACTIVE(r3, 0x40107446, &(0x7f0000000080)={0x2, &(0x7f00000000c0)=[{0x40, 0x8, 0xfe, 0xff7ffeff}, {0x6, 0xa, 0xfe, 0x8001}]}) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_sctp(0xa, 0x4, 0x84) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000120000002400000008000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r5}, 0x18) r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r6}, 0x8) write$cgroup_int(r7, &(0x7f00000001c0)=0x8200000000000000, 0xfffffdef) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, 0x0, &(0x7f0000000080)='GPL\x00'}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, 0xffffffffffffffff, 0x0) r8 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r8, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f00000008c0)=[{&(0x7f0000000140)=""/60, 0x3c}, {&(0x7f0000000580)=""/54, 0x36}, {&(0x7f0000000600)=""/123, 0x7b}, {&(0x7f0000000700)=""/113, 0x71}, {&(0x7f0000000800)=""/133, 0x85}], 0x5, 0x0, 0x4}}], 0x48}, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f00000004c0)={0x3, 0x20a, 0x0, 0x6898, 0x0}, &(0x7f0000000880)=0x10) bpf$ITER_CREATE(0x21, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x8, 0x4000010, 0xffffffffffffffff, 0x54099000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000a40)=ANY=[@ANYBLOB="500000009078080050e439cc1c50f9e8f0e11a069a10956846f9b94ac998f72d61715c8c4129345ff7afa956de43ce83b4c1b2fd7eafbe4262b2a5cceb924593f577cf04736141ea2ae5370d3f14c75cba771a9ee982efac6d632b944c8a90dcdae6810ec259f0bfba1973a8b12f4d11dabc1360ae87f6b6c78d6b2a01b5e1bda3afbb5fd61a2267026b611444954d06525cf062794471ed32d643e410ddbbfe8148fd2aa4a46e3e10213183112f97bb1b30a99b250389e8521f3e7c634923eb202b35834e1ee935c200d7140066bac96fad1591ed9a628a164ae2760f51b981fc1829feb7d3ead8bdd9ce3b5d5deee864e3b6b82d", @ANYRES8=r9, @ANYBLOB="dfe9aaaaaaaaaaaaaa8000000000000000000000000000aaff000108000000000000000000000000005eba0000000000000000", @ANYRES32=0x41424344], 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) 987.141556ms ago: executing program 1 (id=127): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x4000000000000200, 0x4) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, 0x0, 0x4004) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'erspan0\x00', 0x0}) bind$packet(r0, &(0x7f0000000080)={0x11, 0x0, r1, 0x1, 0x4, 0x6, @remote}, 0x14) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r2, &(0x7f0000000140)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) sendto$inet6(r0, &(0x7f0000000280)="050350038f0b48030102", 0xa, 0x800, 0x0, 0x0) 911.051648ms ago: executing program 1 (id=129): sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB='p'], 0x70}, 0x1, 0x0, 0x0, 0x80}, 0x20000011) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10) sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0) 861.550848ms ago: executing program 1 (id=131): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000300)={0x18, 0x2, 0x2, 0x301, 0x0, 0x0, {0x1, 0x0, 0x5}, [@CTA_EXPECT_TUPLE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x800}, 0x8800) 799.344035ms ago: executing program 1 (id=132): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x22020600) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42073, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) 798.997648ms ago: executing program 1 (id=133): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) close(r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b"], 0x38}}, 0x0) socket$kcm(0xa, 0x3, 0x87) socket$kcm(0x1e, 0x2, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8080) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r3, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x4e22, @empty}, 0x10) r4 = accept(r2, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1) recvfrom(0xffffffffffffffff, &(0x7f0000000180)=""/60, 0x3c, 0x4102, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000001800010900000000ffdbdf2502180000ff0000080000000008000100ac141400feecd1c3ed910214"], 0x24}, 0x1, 0x0, 0x0, 0x40804}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x7c087000) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x21, &(0x7f00000000c0), 0x4) close(0xffffffffffffffff) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r6) 566.894874ms ago: executing program 4 (id=144): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0xcb1f, 0x4) bind$inet6(r0, &(0x7f0000f65000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0xfffffefffbfbbfbe, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty, 0x6}, 0x1c) 561.027465ms ago: executing program 4 (id=145): bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xa}, [@call={0x85, 0x0, 0x0, 0x2c}, @call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 529.770042ms ago: executing program 4 (id=146): vmsplice(0xffffffffffffffff, &(0x7f0000002440)=[{&(0x7f00000002c0)="62af263ea3c1befb3bd81deb2fc1cacaa4d2f3c7d8ed578a43f7c4bb44173641f1fd8524ba1d6678d41a89626989170aadb2c8de3262863630637e1f80b2b4b51ee58b9299e10879e5e7cf131a96d45102b25ddcd1a9c1396236f8a9e1be48f3df174a31122fc89187100d16d31e65e68a314119e411a442d36d25fa1a910a16926bbe70937af1a2daffcd5c3a62c21741d80998ec5bdc21609f993fe686eab92a3d9509e824ba65d8ca5a278c2daaa30bae078462870b37ea7868c8f4793a95dfe47a9c60ea83231e51dda3ae07e726e228a4b101565798f3c4d0633da550910f4615720e9ca37e6f3e77bb52ae52a1312724d2f1a641035db3e81b35e55ca077ae17a98a375b6c3f56395c052113c3f125304a41a735b325b05243c1b8a0b8e47ad70f831e640e4d68e32614faef764f07940dbd655c7c45a7a22630e1c3d77bd86fd2c51621f5196efd4844bc327210f9d34141daa5acc425005e38ccdbeba7eafd392b4f3eb9f297aa6dbc28320b48b3f878d9e45916396519eb2f5c4084d210892cc8bd34489e4e12d78c16e5abcf841243e65dddfd7cbe36ec49b51d4ad368a01bba176ecdd8d147bedd7464a07dc59ad833ab8d26639de4131d324c8c1c1401a6758e660e0c7f0c9bd612f5f3589acba3b06198c30d6beb86a76c18cffff86ea6ebc282411a12ea8959b84672e17f10146575abcf6064ff36821f10c23c2e555b4c8d0af9f368e7db70ba47218a5947a1ecd42e08e6dc08ec3f3d51c522caed9d102a44f6d8f5944fa3307b7234f27483b285ef16925815cd9c05fbeee24b369c18fd05d3e7f034e99462de5f6b45c54f137b4b86e88ae17906071194223638760200d6e185e111301f039780bd9ab2d62682da82b0b752ef85f36a2308ced8b395405d2d30c3c883754767ed379aefbb8e4ff465ac1c6e938a41cb04915a16ab25eed7c2e54cd151821e0620fc314472c57b51d003d07a287d256744b8c8f6ac08fb3c143670b3b8318218d6be5e2ee5b71ad03a7c327a272de129875f170b5f1ea10473c3dac826e96a845aa809905b02c8e3e2e1b451d00f437271af7689f93920db839aba8c8c632cc31c7043b3b7e358c4f5725b31db55aa4f260504f6a78c6ff74d59c480b6f4276433eec67beef368c238bba859d2f4f4c28a", 0x340}], 0x1, 0x9) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWSET={0x28, 0x9, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x50}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000050) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 414.847331ms ago: executing program 0 (id=148): unshare(0x2040400) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x3261e) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = socket$l2tp6(0xa, 0x2, 0x73) connect$l2tp6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x6, 0x4}, 0x20) 414.487454ms ago: executing program 4 (id=149): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x0, 0x0, 0x0}, 0x94) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x2c000010) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x80) socket$can_raw(0x1d, 0x3, 0x1) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x4000, 0x0, 0x0, 0x0, 0xa}, {}, {0x0, 0x0, 0xfffffffffffffffd}}, {{@in=@dev={0xac, 0x14, 0x14, 0x2e}, 0x0, 0x32}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0xe8) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) r3 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00000001c0), 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='cgroup.events\x00', 0x275a, 0x0) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="0203100802"], 0x10}}, 0x0) sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0) sendmsg$key(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x2, 0xa, 0x0, 0x0, 0x2}, 0x10}}, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$bt_BT_DEFER_SETUP(r4, 0x112, 0x7, &(0x7f00000002c0), 0x4) 393.206678ms ago: executing program 0 (id=151): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4) mmap$xdp(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2000007, 0x11, r0, 0x80000000) 372.320135ms ago: executing program 0 (id=152): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f000000aa40)={0x0, 0x0, &(0x7f000000aa00)={&(0x7f0000000040)=ANY=[@ANYBLOB="200000006a005fa62bbd7000fedbdf2502000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x20000800}, 0x20000004) 319.17382ms ago: executing program 4 (id=153): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95b76f5623", 0x7d}, {&(0x7f00000001c0)="66f7", 0x4}, {&(0x7f0000000300)='l3', 0x7fffef80}], 0x3}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000080)={0x2, 0x3, 0x7, 0x6, 0x99b, 0x7e36, 0x4, 0x4}, &(0x7f00000000c0)=0x20) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000240)='pmap_register\x00', r3, 0x0, 0xf69}, 0x18) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r4, &(0x7f0000005cc0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x54, 0x3, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x2}, [@CTA_FILTER={0x4}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0xc0}, 0x4000) 318.828892ms ago: executing program 0 (id=155): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, 0x0, 0x0) connect$inet(r1, 0x0, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r3, 0x4) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[], 0xe8}, 0x1, 0x0, 0x0, 0x40040000}, 0x0) 288.953608ms ago: executing program 0 (id=156): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xa}, [@call={0x85, 0x0, 0x0, 0x2c}, @call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 237.370429ms ago: executing program 0 (id=157): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000100)=0x11, 0x4) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x5, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x8}, @ldst={0x3, 0x0, 0x3, 0xa, 0x0, 0xfffffffffffffffc}]}, &(0x7f0000000100)='GPL\x00'}, 0x90) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r4], 0xfd45}}, 0x0) write$nci(r1, &(0x7f0000000480)=ANY=[@ANYBLOB="7105040902020766cb440484b907eb0101f8"], 0x12) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newtaction={0x18, 0x31, 0x10b, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) close(0x3) connect$netrom(0xffffffffffffffff, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48) r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) write$cgroup_pid(r8, &(0x7f0000000000), 0x2a979d) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0xe, 0x4, 0x4, 0xc, 0x0, 0xffffffffffffffff, 0x6}, 0x50) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r9, @ANYRES32=r0], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r10}, 0x10) r11 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7) sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x1c, r11, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}}, 0x0) write$nci(r6, &(0x7f0000001140)=@NCI_OP_NFCEE_MODE_SET_RSP={0x2, 0x1, 0x2, 0x1, 0x1, 0x1}, 0x4) 164.384989ms ago: executing program 3 (id=158): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) r1 = socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @random="0000fc00", @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x16, 0x7c, 0x0, @dev={0xac, 0x14, 0x14, 0x30}}}}}}, 0x0) sendmsg(r1, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x2a}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) 148.568703ms ago: executing program 3 (id=159): r0 = socket$packet(0x11, 0x2, 0x300) unshare(0x400) getsockname$packet(r0, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000500)=0xfffffffffffffde8) 130.282207ms ago: executing program 3 (id=160): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x4, 0xdd, 0xa}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) socket$packet(0x11, 0x2, 0x300) 130.071383ms ago: executing program 4 (id=161): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000600), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20040801}, 0x20000004) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000180)={'wpan1\x00'}) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r0, 0x0, 0x40001) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) r3 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r3, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000a80)={0x48, r2, 0x1, 0xfffffffe, 0x0, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r4}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r4}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xfb2e77a8993c191f}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffff}]}, 0x48}}, 0x20000000) 71.200978ms ago: executing program 3 (id=162): socket$inet_mptcp(0x2, 0x1, 0x106) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x6, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) r0 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r0, 0x0, 0xfe33) unshare(0x0) socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000340)={0x0, 0xcc}, 0x8) r2 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback, 0x7}], 0x1c) sendmmsg$inet6(r1, &(0x7f0000000640)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x2, @loopback, 0x3}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000300)="06", 0x1}], 0x1}}], 0x1, 0x3404c8d4) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES16=r1, @ANYRES16=r2], 0x1000f) 70.869122ms ago: executing program 3 (id=163): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_type(r0, &(0x7f0000000300), 0x2, 0x0) write$cgroup_type(r1, &(0x7f0000000280), 0x9) r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f00000001c0), 0x12) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='signal_deliver\x00', r3}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000711220000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8923, &(0x7f00000000c0)={'dummy0\x00', @random="0130210100ff"}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$packet(0x11, 0xabe4164fbe1373c5, 0x300) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000002000000000000000000001e95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7336b5d}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r5, 0x2000000, 0xd50, 0x0, &(0x7f00000002c0)="fef351f6b11f421a5b4e415288ca", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) socket(0x10, 0x3, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r6 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f00000004c0)={0x5, 0x40000}, 0x10) sendmsg$nl_route(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0000001200375f3fbd7000fcffffff07000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000a0001"], 0x2c}, 0x1, 0x0, 0x0, 0x40010}, 0x8884) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udp(0x2, 0x2, 0x0) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, 0x0, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) 46.466825ms ago: executing program 3 (id=164): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000007380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="f1e6ffff0424fcffffff1200000008000300", @ANYRES32=r2, @ANYBLOB="0c00118004000600040002000600bd000200000006001000fa0000000a0006"], 0x4c}, 0x1, 0x0, 0x0, 0x240000d0}, 0x8050) 0s ago: executing program 2 (id=165): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000140)={0x1d, r1, 0x2, {0x2, 0x0, 0x4}, 0x2}, 0x18) sendmmsg(r0, &(0x7f0000000080)=[{{&(0x7f0000000000)=@llc={0x1a, 0x334, 0xfb, 0x2, 0x9, 0xa0, @remote}, 0x80, 0x0}}], 0x1, 0x4000000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.69' (ED25519) to the list of known hosts. [ 29.409651][ T6538] cgroup: Unknown subsys name 'net' [ 29.568456][ T6538] cgroup: Unknown subsys name 'cpuset' [ 29.570349][ T6538] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 29.726716][ T6538] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 31.010646][ T6555] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 31.019247][ T6561] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 31.019360][ T6561] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 31.019897][ T6561] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 31.020521][ T6561] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 31.020916][ T6561] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 31.021533][ T6561] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 31.022142][ T6561] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 31.022301][ T6561] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 31.022655][ T6561] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 31.022833][ T6561] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 31.023081][ T6561] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 31.023458][ T6561] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 31.024263][ T6561] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 31.024537][ T6561] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 31.025392][ T6561] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 31.026413][ T6561] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 31.026592][ T6561] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 31.029394][ T6561] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 31.029616][ T6561] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 31.030875][ T6561] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 31.034314][ T52] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 31.041433][ T52] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 31.047290][ T52] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 31.047515][ T52] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 31.229801][ T6558] chnl_net:caif_netlink_parms(): no params data found [ 31.237110][ T6548] chnl_net:caif_netlink_parms(): no params data found [ 31.242251][ T6549] chnl_net:caif_netlink_parms(): no params data found [ 31.283831][ T6557] chnl_net:caif_netlink_parms(): no params data found [ 31.307503][ T6553] chnl_net:caif_netlink_parms(): no params data found [ 31.340024][ T6548] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.341624][ T6548] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.343058][ T6548] bridge_slave_0: entered allmulticast mode [ 31.344658][ T6548] bridge_slave_0: entered promiscuous mode [ 31.351653][ T6558] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.351724][ T6558] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.351802][ T6558] bridge_slave_0: entered allmulticast mode [ 31.352224][ T6558] bridge_slave_0: entered promiscuous mode [ 31.352916][ T6558] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.352936][ T6558] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.352979][ T6558] bridge_slave_1: entered allmulticast mode [ 31.353362][ T6558] bridge_slave_1: entered promiscuous mode [ 31.364658][ T6548] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.365912][ T6548] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.366589][ T6548] bridge_slave_1: entered allmulticast mode [ 31.368150][ T6548] bridge_slave_1: entered promiscuous mode [ 31.379646][ T6558] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 31.381196][ T6557] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.382374][ T6557] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.383688][ T6557] bridge_slave_0: entered allmulticast mode [ 31.385113][ T6557] bridge_slave_0: entered promiscuous mode [ 31.391750][ T6549] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.393020][ T6549] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.394278][ T6549] bridge_slave_0: entered allmulticast mode [ 31.395819][ T6549] bridge_slave_0: entered promiscuous mode [ 31.398004][ T6549] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.398670][ T6549] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.398757][ T6549] bridge_slave_1: entered allmulticast mode [ 31.399209][ T6549] bridge_slave_1: entered promiscuous mode [ 31.400465][ T6558] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 31.404095][ T6557] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.405209][ T6557] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.406261][ T6557] bridge_slave_1: entered allmulticast mode [ 31.406731][ T6557] bridge_slave_1: entered promiscuous mode [ 31.414382][ T6548] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 31.415257][ T6548] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 31.430770][ T6558] team0: Port device team_slave_0 added [ 31.443538][ T6549] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 31.444507][ T6549] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 31.445316][ T6558] team0: Port device team_slave_1 added [ 31.450628][ T6557] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 31.452170][ T6557] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 31.456696][ T6548] team0: Port device team_slave_0 added [ 31.471375][ T6553] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.472669][ T6553] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.474132][ T6553] bridge_slave_0: entered allmulticast mode [ 31.475698][ T6553] bridge_slave_0: entered promiscuous mode [ 31.479278][ T6548] team0: Port device team_slave_1 added [ 31.486411][ T6558] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.486709][ T6558] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.486728][ T6558] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.488163][ T6558] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.488170][ T6558] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.488179][ T6558] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.488969][ T6557] team0: Port device team_slave_0 added [ 31.489689][ T6557] team0: Port device team_slave_1 added [ 31.494566][ T6553] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.494637][ T6553] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.494693][ T6553] bridge_slave_1: entered allmulticast mode [ 31.495106][ T6553] bridge_slave_1: entered promiscuous mode [ 31.507447][ T6549] team0: Port device team_slave_0 added [ 31.508222][ T6549] team0: Port device team_slave_1 added [ 31.529899][ T6548] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.529925][ T6548] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.529940][ T6548] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.530506][ T6548] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.530513][ T6548] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.530523][ T6548] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.543871][ T6557] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.543897][ T6557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.543912][ T6557] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.544468][ T6557] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.544474][ T6557] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.544488][ T6557] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.553361][ T6553] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 31.554353][ T6553] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 31.561122][ T6549] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.561143][ T6549] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.561155][ T6549] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.562000][ T6549] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.562008][ T6549] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.562019][ T6549] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.574758][ T6558] hsr_slave_0: entered promiscuous mode [ 31.575094][ T6558] hsr_slave_1: entered promiscuous mode [ 31.586241][ T6548] hsr_slave_0: entered promiscuous mode [ 31.587666][ T6548] hsr_slave_1: entered promiscuous mode [ 31.588911][ T6548] debugfs: 'hsr0' already exists in 'hsr' [ 31.589909][ T6548] Cannot create hsr debugfs directory [ 31.593081][ T6557] hsr_slave_0: entered promiscuous mode [ 31.593407][ T6557] hsr_slave_1: entered promiscuous mode [ 31.593587][ T6557] debugfs: 'hsr0' already exists in 'hsr' [ 31.593596][ T6557] Cannot create hsr debugfs directory [ 31.595263][ T6553] team0: Port device team_slave_0 added [ 31.596846][ T6553] team0: Port device team_slave_1 added [ 31.626753][ T6549] hsr_slave_0: entered promiscuous mode [ 31.628301][ T6549] hsr_slave_1: entered promiscuous mode [ 31.628484][ T6549] debugfs: 'hsr0' already exists in 'hsr' [ 31.628495][ T6549] Cannot create hsr debugfs directory [ 31.633235][ T6553] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.634448][ T6553] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.638734][ T6553] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.655347][ T6553] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.655376][ T6553] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.655669][ T6553] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.693736][ T6553] hsr_slave_0: entered promiscuous mode [ 31.694040][ T6553] hsr_slave_1: entered promiscuous mode [ 31.694218][ T6553] debugfs: 'hsr0' already exists in 'hsr' [ 31.694228][ T6553] Cannot create hsr debugfs directory [ 31.789485][ T6557] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 31.793759][ T6557] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 31.796749][ T6557] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 31.801756][ T6557] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 31.820158][ T6557] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.820238][ T6557] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.820415][ T6557] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.820445][ T6557] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.826255][ T6553] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 31.830649][ T6553] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 31.836744][ T6553] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 31.839198][ T6553] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 31.856230][ T6558] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 31.859594][ T6558] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 31.868742][ T6558] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 31.874336][ T6553] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.874380][ T6553] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.874447][ T6553] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.874470][ T6553] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.879439][ T6558] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 31.899756][ T6548] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 31.902913][ T6557] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.909246][ T630] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.911147][ T630] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.914851][ T630] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.916377][ T630] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.933713][ T6549] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 31.935805][ T6548] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 31.940562][ T6557] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.943386][ T6549] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 31.945464][ T6549] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 31.948827][ T6549] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 31.950742][ T6548] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 31.953187][ T6548] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 31.968015][ T6553] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.972412][ T630] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.972458][ T630] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.991092][ T255] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.991134][ T255] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.013797][ T6558] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.021202][ T6553] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.028623][ T6549] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.034494][ T6549] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.040568][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.040606][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.055743][ T6549] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 32.056442][ T6549] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 32.059935][ T255] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.059974][ T255] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.060316][ T255] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.060336][ T255] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.060648][ T255] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.060662][ T255] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.066757][ T6558] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.086713][ T255] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.086761][ T255] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.097957][ T255] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.098132][ T255] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.124113][ T6548] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.134615][ T6557] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 32.150877][ T6548] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.155018][ T6558] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 32.158635][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.158679][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.170401][ T6549] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 32.173542][ T6548] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 32.175379][ T6548] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 32.204742][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.204787][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.216366][ T6549] veth0_vlan: entered promiscuous mode [ 32.226766][ T6549] veth1_vlan: entered promiscuous mode [ 32.236341][ T6553] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 32.263824][ T6549] veth0_macvtap: entered promiscuous mode [ 32.272133][ T6549] veth1_macvtap: entered promiscuous mode [ 32.275735][ T6558] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 32.289164][ T6553] veth0_vlan: entered promiscuous mode [ 32.291081][ T6553] veth1_vlan: entered promiscuous mode [ 32.303087][ T6557] veth0_vlan: entered promiscuous mode [ 32.309309][ T6548] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 32.318896][ T6557] veth1_vlan: entered promiscuous mode [ 32.325158][ T6549] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.331265][ T6549] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.350151][ T6553] veth0_macvtap: entered promiscuous mode [ 32.352417][ T6553] veth1_macvtap: entered promiscuous mode [ 32.353582][ T757] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.353806][ T757] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.353823][ T757] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.353836][ T757] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.357737][ T6553] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.358821][ T6553] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.361736][ T6557] veth0_macvtap: entered promiscuous mode [ 32.368644][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.371859][ T6558] veth0_vlan: entered promiscuous mode [ 32.379853][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.388454][ T6558] veth1_vlan: entered promiscuous mode [ 32.391335][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.392899][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.394825][ T6557] veth1_macvtap: entered promiscuous mode [ 32.396205][ T6548] veth0_vlan: entered promiscuous mode [ 32.414571][ T6548] veth1_vlan: entered promiscuous mode [ 32.422296][ T6548] veth0_macvtap: entered promiscuous mode [ 32.423651][ T6548] veth1_macvtap: entered promiscuous mode [ 32.433654][ T6557] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.436108][ T6557] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.441233][ T6548] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.442600][ T6548] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.456040][ T630] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.458535][ T630] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.461212][ T757] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.461274][ T757] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.461313][ T757] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.461340][ T757] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.468416][ T14] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.468480][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.468489][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.468577][ T14] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.468768][ T14] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.468788][ T14] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.480711][ T6558] veth0_macvtap: entered promiscuous mode [ 32.494912][ T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.496327][ T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.502374][ T6558] veth1_macvtap: entered promiscuous mode [ 32.507957][ T6558] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.520951][ T735] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.522313][ T735] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.532895][ T6558] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.545479][ T14] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.546574][ T14] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.546616][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.546629][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.546719][ T14] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.558188][ T735] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.564835][ T6549] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 32.573085][ T757] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.573245][ T757] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.594781][ T630] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.596670][ T630] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.618967][ T6664] Zero length message leads to an empty skb [ 32.629650][ T757] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.629710][ T757] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.639586][ T735] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.639616][ T735] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.697050][ T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.697116][ T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.771852][ T6683] netlink: 'syz.4.7': attribute type 1 has an invalid length. [ 32.771888][ T6683] netlink: 'syz.4.7': attribute type 2 has an invalid length. [ 32.811935][ T6691] netlink: 'syz.0.13': attribute type 10 has an invalid length. [ 32.813478][ T6691] netlink: 40 bytes leftover after parsing attributes in process `syz.0.13'. [ 32.852582][ T6691] team0: Port device geneve0 added [ 33.047489][ T6556] Bluetooth: hci2: command tx timeout [ 33.047639][ T52] Bluetooth: hci0: command tx timeout [ 33.126573][ T6730] warning: `syz.3.32' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 33.127219][ T52] Bluetooth: hci4: command tx timeout [ 33.127374][ T52] Bluetooth: hci3: command tx timeout [ 33.127430][ T52] Bluetooth: hci1: command tx timeout [ 33.151783][ T6732] pim6reg: entered allmulticast mode [ 33.152975][ T6732] pim6reg: left allmulticast mode [ 33.189550][ T6736] netlink: 64 bytes leftover after parsing attributes in process `syz.3.35'. [ 33.232135][ T6740] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 33.275547][ T6746] netlink: 4 bytes leftover after parsing attributes in process `syz.1.39'. [ 33.278847][ T6745] Bluetooth: MGMT ver 1.23 [ 33.319648][ T6748] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x7 [ 33.343109][ T6752] netlink: 'syz.3.43': attribute type 10 has an invalid length. [ 33.348589][ T6752] 8021q: adding VLAN 0 to HW filter on device team0 [ 33.351147][ T6752] bond0: (slave team0): Enslaving as an active interface with an up link [ 33.496643][ T6763] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 33.496675][ T6763] IPv6: NLM_F_CREATE should be set when creating new route [ 33.497182][ T6763] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 33.564685][ T6772] v: renamed from ip6_vti0 (while UP) [ 33.840364][ T6781] netlink: 64 bytes leftover after parsing attributes in process `syz.4.54'. [ 34.153092][ T6826] netlink: 19 bytes leftover after parsing attributes in process `syz.0.73'. [ 34.249298][ T6836] syzkaller0: entered promiscuous mode [ 34.249335][ T6836] syzkaller0: entered allmulticast mode [ 34.432536][ T24] IPVS: starting estimator thread 0... [ 34.436381][ T6850] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 34.517031][ T6858] IPVS: using max 70 ests per chain, 168000 per kthread [ 34.939385][ T6908] netlink: 'syz.4.110': attribute type 1 has an invalid length. [ 34.940868][ T6908] netlink: 24 bytes leftover after parsing attributes in process `syz.4.110'. [ 35.014779][ T6923] netlink: 'syz.4.112': attribute type 13 has an invalid length. [ 35.014816][ T6923] netlink: 'syz.4.112': attribute type 17 has an invalid length. [ 35.079207][ T6923] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 35.092068][ T6926] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.106210][ T6923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 35.127823][ T6556] Bluetooth: hci2: command tx timeout [ 35.127884][ T6556] Bluetooth: hci0: command tx timeout [ 35.143209][ T6911] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 35.182253][ T6947] veth0_to_bridge: entered promiscuous mode [ 35.182668][ T6946] veth0_to_bridge: left promiscuous mode [ 35.207154][ T52] Bluetooth: hci1: command tx timeout [ 35.207192][ T52] Bluetooth: hci3: command tx timeout [ 35.207219][ T52] Bluetooth: hci4: command tx timeout [ 35.261725][ T6951] netlink: 32 bytes leftover after parsing attributes in process `syz.0.122'. [ 35.561552][ T6982] syzkaller1: entered promiscuous mode [ 35.562714][ T6982] syzkaller1: entered allmulticast mode [ 35.943115][ T7022] netlink: 8 bytes leftover after parsing attributes in process `syz.0.152'. [ 35.988692][ T6926] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 36.080783][ T6926] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 36.154533][ T39] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x7 [ 36.158208][ T6926] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 36.226522][ T7054] !: renamed from dummy0 (while UP) [ 36.282500][ T735] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.285710][ T735] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.290505][ T735] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.293650][ T735] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.320819][ T7051] [ 36.321258][ T7051] ====================================================== [ 36.322319][ T7051] WARNING: possible circular locking dependency detected [ 36.323350][ T7051] 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 Not tainted [ 36.324504][ T7051] ------------------------------------------------------ [ 36.325641][ T7051] syz.4.161/7051 is trying to acquire lock: [ 36.326605][ T7051] ffff0000c18a3988 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_remove+0x34/0x5c [ 36.328124][ T7051] [ 36.328124][ T7051] but task is already holding lock: [ 36.329284][ T7051] ffff0000cb3e3b58 (&q->q_usage_counter(io)#33){++++}-{0:0}, at: nbd_start_device+0x158/0xa48 [ 36.330780][ T7051] [ 36.330780][ T7051] which lock already depends on the new lock. [ 36.330780][ T7051] [ 36.332376][ T7051] [ 36.332376][ T7051] the existing dependency chain (in reverse order) is: [ 36.333820][ T7051] [ 36.333820][ T7051] -> #2 (&q->q_usage_counter(io)#33){++++}-{0:0}: [ 36.335181][ T7051] blk_alloc_queue+0x48c/0x54c [ 36.336039][ T7051] __blk_mq_alloc_disk+0x124/0x304 [ 36.336974][ T7051] nbd_dev_add+0x398/0x820 [ 36.337831][ T7051] nbd_init+0x15c/0x174 [ 36.338541][ T7051] do_one_initcall+0x250/0x990 [ 36.339367][ T7051] do_initcall_level+0x128/0x1c4 [ 36.340266][ T7051] do_initcalls+0x70/0xd0 [ 36.341050][ T7051] do_basic_setup+0x78/0x8c [ 36.341784][ T7051] kernel_init_freeable+0x268/0x39c [ 36.342606][ T7051] kernel_init+0x24/0x1dc [ 36.343323][ T7051] ret_from_fork+0x10/0x20 [ 36.344103][ T7051] [ 36.344103][ T7051] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 36.345177][ T7051] fs_reclaim_acquire+0x8c/0x118 [ 36.346088][ T7051] kmem_cache_alloc_lru_noprof+0x5c/0x3ec [ 36.347106][ T7051] alloc_inode+0xb4/0x19c [ 36.347887][ T7051] iget_locked+0x168/0x7b0 [ 36.348715][ T7051] kernfs_get_inode+0x58/0x66c [ 36.349520][ T7051] kernfs_get_tree+0x494/0x73c [ 36.350302][ T7051] sysfs_get_tree+0x48/0x120 [ 36.351115][ T7051] vfs_get_tree+0x90/0x28c [ 36.351896][ T7051] do_new_mount+0x278/0x7f4 [ 36.352624][ T7051] path_mount+0x5b4/0xde0 [ 36.353351][ T7051] __arm64_sys_mount+0x3e8/0x468 [ 36.354113][ T7051] invoke_syscall+0x98/0x2b8 [ 36.354830][ T7051] el0_svc_common+0x130/0x23c [ 36.355575][ T7051] do_el0_svc+0x48/0x58 [ 36.356266][ T7051] el0_svc+0x58/0x180 [ 36.357002][ T7051] el0t_64_sync_handler+0x84/0x12c [ 36.357868][ T7051] el0t_64_sync+0x198/0x19c [ 36.358660][ T7051] [ 36.358660][ T7051] -> #0 (&root->kernfs_rwsem){++++}-{4:4}: [ 36.359940][ T7051] __lock_acquire+0x1774/0x30a4 [ 36.360750][ T7051] lock_acquire+0x14c/0x2e0 [ 36.361530][ T7051] down_write+0x50/0xc0 [ 36.362281][ T7051] kernfs_remove+0x34/0x5c [ 36.363109][ T7051] sysfs_remove_dir+0xa8/0xec [ 36.363877][ T7051] __kobject_del+0xe8/0x2d4 [ 36.364653][ T7051] kobject_del+0x48/0x68 [ 36.365361][ T7051] elevator_change_done+0xd8/0x554 [ 36.366242][ T7051] elevator_change+0x2b8/0x3cc [ 36.367058][ T7051] elevator_set_none+0x48/0xac [ 36.367875][ T7051] blk_mq_update_nr_hw_queues+0x610/0x149c [ 36.368858][ T7051] nbd_start_device+0x158/0xa48 [ 36.369740][ T7051] nbd_genl_connect+0xf88/0x158c [ 36.370545][ T7051] genl_family_rcv_msg_doit+0x1d8/0x2bc [ 36.371500][ T7051] genl_rcv_msg+0x450/0x624 [ 36.372292][ T7051] netlink_rcv_skb+0x220/0x3fc [ 36.373037][ T7051] genl_rcv+0x38/0x50 [ 36.373713][ T7051] netlink_unicast+0x694/0x8c4 [ 36.374530][ T7051] netlink_sendmsg+0x648/0x930 [ 36.375320][ T7051] ____sys_sendmsg+0x490/0x7b8 [ 36.376213][ T7051] ___sys_sendmsg+0x204/0x278 [ 36.376963][ T7051] __arm64_sys_sendmsg+0x184/0x238 [ 36.377776][ T7051] invoke_syscall+0x98/0x2b8 [ 36.378535][ T7051] el0_svc_common+0x130/0x23c [ 36.379329][ T7051] do_el0_svc+0x48/0x58 [ 36.380070][ T7051] el0_svc+0x58/0x180 [ 36.380769][ T7051] el0t_64_sync_handler+0x84/0x12c [ 36.381590][ T7051] el0t_64_sync+0x198/0x19c [ 36.382264][ T7051] [ 36.382264][ T7051] other info that might help us debug this: [ 36.382264][ T7051] [ 36.383753][ T7051] Chain exists of: [ 36.383753][ T7051] &root->kernfs_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#33 [ 36.383753][ T7051] [ 36.385850][ T7051] Possible unsafe locking scenario: [ 36.385850][ T7051] [ 36.387000][ T7051] CPU0 CPU1 [ 36.387804][ T7051] ---- ---- [ 36.388548][ T7051] lock(&q->q_usage_counter(io)#33); [ 36.389280][ T7051] lock(fs_reclaim); [ 36.390330][ T7051] lock(&q->q_usage_counter(io)#33); [ 36.391488][ T7051] lock(&root->kernfs_rwsem); [ 36.392228][ T7051] [ 36.392228][ T7051] *** DEADLOCK *** [ 36.392228][ T7051] [ 36.393419][ T7051] 6 locks held by syz.4.161/7051: [ 36.394096][ T7051] #0: ffff800092abd030 (cb_lock){++++}-{4:4}, at: genl_rcv+0x28/0x50 [ 36.395351][ T7051] #1: ffff800092abce48 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0xf4/0x624 [ 36.396727][ T7051] #2: ffff0000cb892988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x98/0x149c [ 36.398468][ T7051] #3: ffff0000cb8928d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0xa4/0x149c [ 36.400178][ T7051] #4: ffff0000cb3e3b58 (&q->q_usage_counter(io)#33){++++}-{0:0}, at: nbd_start_device+0x158/0xa48 [ 36.401795][ T7051] #5: ffff0000cb3e3b90 (&q->q_usage_counter(queue)){+.+.}-{0:0}, at: nbd_start_device+0x158/0xa48 [ 36.403540][ T7051] [ 36.403540][ T7051] stack backtrace: [ 36.404420][ T7051] CPU: 1 UID: 0 PID: 7051 Comm: syz.4.161 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT [ 36.406142][ T7051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 36.407571][ T7051] Call trace: [ 36.408042][ T7051] show_stack+0x2c/0x3c (C) [ 36.408748][ T7051] __dump_stack+0x30/0x40 [ 36.409378][ T7051] dump_stack_lvl+0xd8/0x12c [ 36.410070][ T7051] dump_stack+0x1c/0x28 [ 36.410730][ T7051] print_circular_bug+0x324/0x32c [ 36.411479][ T7051] check_noncircular+0x154/0x174 [ 36.412240][ T7051] __lock_acquire+0x1774/0x30a4 [ 36.412960][ T7051] lock_acquire+0x14c/0x2e0 [ 36.413669][ T7051] down_write+0x50/0xc0 [ 36.414306][ T7051] kernfs_remove+0x34/0x5c [ 36.414980][ T7051] sysfs_remove_dir+0xa8/0xec [ 36.415742][ T7051] __kobject_del+0xe8/0x2d4 [ 36.416401][ T7051] kobject_del+0x48/0x68 [ 36.417066][ T7051] elevator_change_done+0xd8/0x554 [ 36.417844][ T7051] elevator_change+0x2b8/0x3cc [ 36.418568][ T7051] elevator_set_none+0x48/0xac [ 36.419276][ T7051] blk_mq_update_nr_hw_queues+0x610/0x149c [ 36.420150][ T7051] nbd_start_device+0x158/0xa48 [ 36.420855][ T7051] nbd_genl_connect+0xf88/0x158c [ 36.421584][ T7051] genl_family_rcv_msg_doit+0x1d8/0x2bc [ 36.422511][ T7051] genl_rcv_msg+0x450/0x624 [ 36.423171][ T7051] netlink_rcv_skb+0x220/0x3fc [ 36.423915][ T7051] genl_rcv+0x38/0x50 [ 36.424488][ T7051] netlink_unicast+0x694/0x8c4 [ 36.425139][ T7051] netlink_sendmsg+0x648/0x930 [ 36.425913][ T7051] ____sys_sendmsg+0x490/0x7b8 [ 36.426657][ T7051] ___sys_sendmsg+0x204/0x278 [ 36.427418][ T7051] __arm64_sys_sendmsg+0x184/0x238 [ 36.428281][ T7051] invoke_syscall+0x98/0x2b8 [ 36.429024][ T7051] el0_svc_common+0x130/0x23c [ 36.429694][ T7051] do_el0_svc+0x48/0x58 [ 36.430443][ T7051] el0_svc+0x58/0x180 [ 36.431047][ T7051] el0t_64_sync_handler+0x84/0x12c [ 36.431886][ T7051] el0t_64_sync+0x198/0x19c [ 36.517141][ T7051] nbd0: detected capacity change from 0 to 127 [ 36.520296][ T52] block nbd0: Receive control failed (result -104) [ 36.524583][ T6556] block nbd0: Receive control failed (result -32) [ 37.207069][ T52] Bluetooth: hci2: command tx timeout [ 37.208189][ T6556] Bluetooth: hci0: command tx timeout [ 37.287239][ T6555] Bluetooth: hci1: command tx timeout [ 37.287295][ T52] Bluetooth: hci3: command tx timeout [ 37.287332][ T6556] Bluetooth: hci4: command tx timeout [ 39.287169][ T52] Bluetooth: hci2: command tx timeout [ 39.288123][ T6556] Bluetooth: hci0: command tx timeout [ 39.366906][ T6556] Bluetooth: hci4: command tx timeout [ 39.366931][ T6556] Bluetooth: hci3: command tx timeout [ 39.366949][ T6556] Bluetooth: hci1: command tx timeout