last executing test programs:

2.930357279s ago: executing program 1 (id=566):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000001080)=0x8)

2.929598157s ago: executing program 1 (id=567):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x24, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x6c}}, 0x0)

2.870301247s ago: executing program 1 (id=568):
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f0000001040)={&(0x7f00000002c0)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000a00)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x20000}, 0x0)

2.87011425s ago: executing program 1 (id=569):
r0 = socket$isdn_base(0x22, 0x2, 0x10)
ioctl$IMGETVERSION(r0, 0x80044942, &(0x7f0000000040))

2.800271664s ago: executing program 1 (id=570):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TUNSETDEBUG(r0, 0x400454c9, &(0x7f00000001c0)=0x7)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
socket$unix(0x1, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

966.904577ms ago: executing program 2 (id=610):
syz_emit_ethernet(0x52, &(0x7f0000000040)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd318", 0x1c, 0x6, 0x0, @private1={0xfc, 0x1, '\x00', 0x2}, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x2, 0x0, 0x0, 0x0, {[@generic={0xfe, 0x6, "a874e400"}, @generic={0x1, 0x2}]}}}}}}}}, 0x0)

966.710913ms ago: executing program 2 (id=611):
syz_emit_ethernet(0xa2, &(0x7f00000008c0)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x6c, 0x11, 0x0, @remote, @local, {[@hopopts={0x2c}], {0x4e20, 0xe22, 0x64, 0x0, @wg=@response={0x2, 0x1, 0x100004, "628e0960f6d6d3f6ee6d6b84b345dccac643e7df3e526ff07833b291322d4a74", "882ed6741e7632daeaec0c95f2ad1cd6", {"8fb3d9fd3efe8e4ea8b5ec7448ddd6a3", "215990e1b896120966af96b22cf049f0"}}}}}}}}, 0x0)

907.087437ms ago: executing program 2 (id=612):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000500)=@newae={0x64, 0x1e, 0x1, 0x70bd29, 0x25dfdbfb, {{@in6=@local, 0x4d4, 0x2, 0x33}, @in=@empty, 0x7, 0x3500}, [@lifetime_val={0x24, 0x9, {0x1, 0x9c, 0x5, 0x7f}}]}, 0x64}, 0x1, 0x0, 0x0, 0x8000}, 0x48040)

906.857094ms ago: executing program 2 (id=613):
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$cgroup_devices(r1, &(0x7f0000000080)=ANY=[@ANYBLOB='b *:* m'], 0x47)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r4 = openat$cgroup_devices(r3, &(0x7f00000001c0)='devices.deny\x00', 0x2, 0x0)
splice(r0, 0x0, r4, 0x0, 0x47, 0x0)

480.059008ms ago: executing program 0 (id=619):
syz_emit_ethernet(0x6e, &(0x7f0000000000)={@local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00cd04", 0x38, 0x3a, 0x0, @private1, @mcast2, {[], @time_exceed={0x3, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "0bae2b", 0x0, 0x2f, 0x0, @empty, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [@fragment={0x87}]}}}}}}}, 0x0)

420.781711ms ago: executing program 0 (id=620):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000280)='x', 0x1)
setsockopt$inet_buf(r0, 0x0, 0x29, 0x0, 0x0)

401.210805ms ago: executing program 1 (id=621):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000980)={r0, 0x0, 0x34, 0x0, &(0x7f00000008c0)="0000000000000010cf7b24ff8906ac446f053e1047e7fb1a42bbb12621532b18c17e9ec2b2a1b6bd5aac3a54b0f8f39a200eef0a", 0x0, 0x20000002, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

323.60251ms ago: executing program 0 (id=622):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x2b, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x200, @mcast1}}}, 0x108)
getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xf9)

323.24178ms ago: executing program 0 (id=623):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@cgroup=r0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

241.127451ms ago: executing program 0 (id=624):
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="10007d80", @ANYRES32=r0, @ANYRESDEC], 0x2c}, 0x1, 0x0, 0x0, 0x440c0}, 0x0)

240.753241ms ago: executing program 0 (id=625):
unshare(0x20400)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1004c}, 0x90)

283.707µs ago: executing program 2 (id=626):
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@del={0xe0, 0x11, 0x1, 0x70bd27, 0x25dfdbfb, {{'lrw-camellia-asm\x00'}, '\x00', '\x00', 0x2000, 0x200}}, 0xe0}, 0x1, 0x0, 0x0, 0x20040810}, 0x850)

0s ago: executing program 2 (id=627):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000380000003800000004000000000000000000000200000000010000000000000e030000000000000002000000000000040200000002000000000000110300000000000000002e5f"], 0x0, 0x54}, 0x20)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:28082' (ED25519) to the list of known hosts.
syzkaller login: [   50.535942][ T5764] cgroup: Unknown subsys name 'net'
[   50.604170][ T5764] cgroup: Unknown subsys name 'cpuset'
[   50.609822][ T5764] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   52.310213][ T5764] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   57.055405][ T5826] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   57.058540][ T5826] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   57.062619][ T5826] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   57.065392][ T5826] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   57.070818][ T5826] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   57.074102][ T5828] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   57.076856][ T5828] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   57.103368][ T5826] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   57.108779][ T5826] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   57.113423][ T5826] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   57.115312][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   57.118913][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   57.121831][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   57.125697][ T5220] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   57.129550][ T5826] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   57.334419][ T5822] chnl_net:caif_netlink_parms(): no params data found
[   57.473675][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.475904][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.478315][ T5822] bridge_slave_0: entered allmulticast mode
[   57.483910][ T5822] bridge_slave_0: entered promiscuous mode
[   57.488253][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.491171][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.493655][ T5822] bridge_slave_1: entered allmulticast mode
[   57.496358][ T5822] bridge_slave_1: entered promiscuous mode
[   57.499858][ T5832] chnl_net:caif_netlink_parms(): no params data found
[   57.536709][ T5827] chnl_net:caif_netlink_parms(): no params data found
[   57.546343][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.561458][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.621026][ T5822] team0: Port device team_slave_0 added
[   57.634437][ T5822] team0: Port device team_slave_1 added
[   57.664224][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.666634][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.668822][ T5832] bridge_slave_0: entered allmulticast mode
[   57.671762][ T5832] bridge_slave_0: entered promiscuous mode
[   57.709015][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.711548][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.713779][ T5832] bridge_slave_1: entered allmulticast mode
[   57.716510][ T5832] bridge_slave_1: entered promiscuous mode
[   57.738038][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.740037][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.747197][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   57.752091][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1
[   57.754855][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.763149][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   57.767276][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.772586][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.775631][ T5827] bridge_slave_0: entered allmulticast mode
[   57.779504][ T5827] bridge_slave_0: entered promiscuous mode
[   57.797485][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.804980][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.807895][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.813382][ T5827] bridge_slave_1: entered allmulticast mode
[   57.817075][ T5827] bridge_slave_1: entered promiscuous mode
[   57.834925][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.875988][ T5822] hsr_slave_0: entered promiscuous mode
[   57.878384][ T5822] hsr_slave_1: entered promiscuous mode
[   57.906230][ T5832] team0: Port device team_slave_0 added
[   57.914563][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.919352][ T5832] team0: Port device team_slave_1 added
[   57.934013][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.992945][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.995412][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.004114][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.029001][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.031848][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.039743][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.046779][ T5827] team0: Port device team_slave_0 added
[   58.061655][ T5827] team0: Port device team_slave_1 added
[   58.130993][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.133764][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.146432][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.156869][ T5832] hsr_slave_0: entered promiscuous mode
[   58.160074][ T5832] hsr_slave_1: entered promiscuous mode
[   58.162868][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   58.165764][ T5832] Cannot create hsr debugfs directory
[   58.175745][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.178482][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.188840][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.289593][ T5827] hsr_slave_0: entered promiscuous mode
[   58.293076][ T5827] hsr_slave_1: entered promiscuous mode
[   58.295236][ T5827] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   58.297578][ T5827] Cannot create hsr debugfs directory
[   58.406965][ T5822] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   58.428443][ T5822] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   58.442297][ T5822] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   58.449847][ T5822] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   58.556290][ T5832] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   58.564708][ T5832] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   58.578588][ T5832] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   58.588057][ T5832] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   58.648860][ T5827] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   58.682453][ T5827] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   58.703740][ T5827] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   58.713014][ T5827] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   58.807561][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.847115][ T5822] 8021q: adding VLAN 0 to HW filter on device team0
[   58.873268][ T4668] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.876428][ T4668] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.885968][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.906610][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.908903][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.918548][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.939408][ T5832] 8021q: adding VLAN 0 to HW filter on device team0
[   58.969491][   T32] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.971835][   T32] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.983759][   T32] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.985951][   T32] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.996370][ T5827] 8021q: adding VLAN 0 to HW filter on device team0
[   59.024671][ T4668] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.027532][ T4668] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.047823][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.050168][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.111090][ T5826] Bluetooth: hci0: command tx timeout
[   59.162116][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.193447][ T5826] Bluetooth: hci2: command tx timeout
[   59.193972][ T5828] Bluetooth: hci1: command tx timeout
[   59.262764][ T5822] veth0_vlan: entered promiscuous mode
[   59.269958][ T5822] veth1_vlan: entered promiscuous mode
[   59.297802][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.334182][ T5822] veth0_macvtap: entered promiscuous mode
[   59.344332][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.350126][ T5822] veth1_macvtap: entered promiscuous mode
[   59.383426][ T5832] veth0_vlan: entered promiscuous mode
[   59.403268][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.411961][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.419177][ T5832] veth1_vlan: entered promiscuous mode
[   59.425558][ T5822] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.428363][ T5822] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.434534][ T5822] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.437171][ T5822] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.456949][ T5827] veth0_vlan: entered promiscuous mode
[   59.481308][ T5827] veth1_vlan: entered promiscuous mode
[   59.508203][ T5832] veth0_macvtap: entered promiscuous mode
[   59.522466][ T5832] veth1_macvtap: entered promiscuous mode
[   59.555817][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.557138][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.558891][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.584568][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.589299][ T5827] veth0_macvtap: entered promiscuous mode
[   59.607543][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.609208][ T5832] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.610057][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.616314][ T5832] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.619641][ T5832] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.623265][ T5832] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.629790][ T5827] veth1_macvtap: entered promiscuous mode
[   59.665740][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.692040][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.701452][ T5822] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   59.712023][ T5827] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.714700][ T5827] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.717331][ T5827] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.722349][ T5827] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.773395][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.779911][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.809230][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.815027][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.820269][ T4668] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.824719][ T4668] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.864430][ T4664] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.867105][ T4664] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.953365][ T5898] warning: `syz.1.2' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   60.047376][ T5906] netlink: 52 bytes leftover after parsing attributes in process `syz.0.8'.
[   60.089872][ T5904] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7'.
[   60.117722][ T5909] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10'.
[   60.131543][ T5909] netlink: 52 bytes leftover after parsing attributes in process `syz.0.10'.
[   60.306418][ T5917] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13'.
[   60.463622][ T5924] openvswitch: netlink: IP tunnel dst address not specified
[   60.588770][ T5930] Zero length message leads to an empty skb
[   60.664665][ T5935] syz.0.18 uses obsolete (PF_INET,SOCK_PACKET)
[   60.841331][ T5950] team0: Device gtp0 is of different type
[   60.894524][ T5955] netlink: 'syz.2.28': attribute type 22 has an invalid length.
[   61.200719][ T5828] Bluetooth: hci0: command tx timeout
[   61.270877][ T5828] Bluetooth: hci2: command tx timeout
[   61.270899][ T5826] Bluetooth: hci1: command tx timeout
[   61.279233][ T5981] netlink: 8 bytes leftover after parsing attributes in process `syz.0.40'.
[   61.283030][ T5981] netlink: 7 bytes leftover after parsing attributes in process `syz.0.40'.
[   61.321469][ T5983] netlink: 44 bytes leftover after parsing attributes in process `syz.2.41'.
[   61.324567][ T5983] netlink: 15 bytes leftover after parsing attributes in process `syz.2.41'.
[   61.327446][ T5983] netlink: 'syz.2.41': attribute type 4 has an invalid length.
[   61.442523][ T5993] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   62.445930][ T6003] netlink: 'syz.0.51': attribute type 2 has an invalid length.
[   62.490205][ T6007] netlink: 44 bytes leftover after parsing attributes in process `syz.0.53'.
[   62.500929][ T6007] netlink: 'syz.0.53': attribute type 5 has an invalid length.
[   62.865113][ T6030] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   63.273021][ T5826] Bluetooth: hci0: command tx timeout
[   63.353490][ T5826] Bluetooth: hci1: command tx timeout
[   63.355861][ T5826] Bluetooth: hci2: command tx timeout
[   63.567545][ T6084] openvswitch: netlink: Either Ethernet header or EtherType is required.
[   64.656048][ T6133] bridge_slave_0: left allmulticast mode
[   64.657875][ T6133] bridge_slave_0: left promiscuous mode
[   64.660682][ T6133] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.687828][ T6133] bridge_slave_1: left allmulticast mode
[   64.689682][ T6133] bridge_slave_1: left promiscuous mode
[   64.695387][ T6133] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.707584][ T6133] bond0: (slave bond_slave_0): Releasing backup interface
[   64.713086][ T6141] netlink: 'syz.2.114': attribute type 1 has an invalid length.
[   64.722009][ T6133] bond0: (slave bond_slave_1): Releasing backup interface
[   64.742844][ T6133] team0: Failed to send options change via netlink (err -105)
[   64.746213][ T6133] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[   64.764515][ T6133] team0: Port device team_slave_0 removed
[   64.770257][ T6133] team0: Failed to send options change via netlink (err -105)
[   64.776746][ T6133] team0: Failed to send port change of device team_slave_1 via netlink (err -105)
[   64.784023][ T6133] team0: Port device team_slave_1 removed
[   64.787981][ T6133] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   64.794519][ T6133] batman_adv: batadv0: Removing interface: batadv_slave_0
[   64.802069][ T6133] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   64.804413][ T6133] batman_adv: batadv0: Removing interface: batadv_slave_1
[   64.875891][ T6147] netlink: 'syz.1.116': attribute type 1 has an invalid length.
[   65.109109][ T6162] sctp: [Deprecated]: syz.0.122 (pid 6162) Use of int in max_burst socket option.
[   65.109109][ T6162] Use struct sctp_assoc_value instead
[   65.182793][ T6163] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[   65.350553][ T5828] Bluetooth: hci0: command tx timeout
[   65.359582][ T6179] Bluetooth: MGMT ver 1.23
[   65.431179][ T5828] Bluetooth: hci2: command tx timeout
[   65.432073][ T5826] Bluetooth: hci1: command tx timeout
[   65.485880][ T6185] IPVS: lc: UDP 224.0.0.2:0 - no destination available
[   65.488348][ T5876] IPVS: starting estimator thread 0...
[   65.580519][ T6193] IPVS: using max 62 ests per chain, 148800 per kthread
[   65.668469][ T6211] Illegal XDP return value 4294967282 on prog  (id 22) dev N/A, expect packet loss!
[   68.072840][ T6276] __nla_validate_parse: 11 callbacks suppressed
[   68.072852][ T6276] netlink: 24 bytes leftover after parsing attributes in process `syz.2.170'.
[   68.077682][ T6276] netlink: 24 bytes leftover after parsing attributes in process `syz.2.170'.
[   68.159408][ T6294] netlink: 8 bytes leftover after parsing attributes in process `syz.2.177'.
[   68.245873][ T6300] netlink: 4 bytes leftover after parsing attributes in process `syz.2.180'.
[   68.260811][ T6300] netlink: 4 bytes leftover after parsing attributes in process `syz.2.180'.
[   69.333062][ T6336] netlink: 8 bytes leftover after parsing attributes in process `syz.2.197'.
[   69.476080][ T6344] netlink: 84 bytes leftover after parsing attributes in process `syz.0.201'.
[   69.479772][ T6344] netem: invalid attributes len -16
[   69.483920][ T6344] netem: change failed
[   69.774083][ T6365] netlink: 8 bytes leftover after parsing attributes in process `syz.1.210'.
[   70.095021][ T6370] netlink: 8 bytes leftover after parsing attributes in process `syz.1.212'.
[   70.336072][ T6406] netlink: 16 bytes leftover after parsing attributes in process `syz.0.218'.
[   70.967437][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[   70.969566][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[   71.093037][   T47] cfg80211: failed to load regulatory.db
[   72.276408][ T6492] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   72.615701][ T6512] netlink: 'syz.1.264': attribute type 9 has an invalid length.
[   72.619018][ T6512] netlink: 'syz.1.264': attribute type 7 has an invalid length.
[   72.626750][ T6512] netlink: 'syz.1.264': attribute type 8 has an invalid length.
[   72.643596][ T6515] netlink: 'syz.2.266': attribute type 1 has an invalid length.
[   72.804723][ T6525] unknown channel width for channel at 909000KHz?
[   73.058242][ T6545] ip6gre1: entered allmulticast mode
[   74.018979][ T6589] syzkaller1: entered promiscuous mode
[   74.023585][ T6589] syzkaller1: entered allmulticast mode
[   74.027772][ T6592] netlink: 'syz.1.302': attribute type 12 has an invalid length.
[   74.053648][ T6594] netlink: 'syz.0.303': attribute type 2 has an invalid length.
[   74.228466][ T6608] __nla_validate_parse: 5 callbacks suppressed
[   74.228513][ T6608] netlink: 8 bytes leftover after parsing attributes in process `syz.2.311'.
[   74.236912][ T6608] netlink: 4 bytes leftover after parsing attributes in process `syz.2.311'.
[   74.240270][ T6608] netlink: 'syz.2.311': attribute type 14 has an invalid length.
[   74.245772][ T6608] netlink: 'syz.2.311': attribute type 13 has an invalid length.
[   74.519122][ T6638] netlink: 8 bytes leftover after parsing attributes in process `syz.1.324'.
[   74.966484][ T6675] netlink: 8 bytes leftover after parsing attributes in process `syz.0.339'.
[   75.426285][ T6691] netlink: 8 bytes leftover after parsing attributes in process `syz.0.346'.
[   75.833095][ T6714] netlink: 60 bytes leftover after parsing attributes in process `syz.0.357'.
[   76.020119][ T6730] tipc: Trying to set illegal importance in message
[   76.061905][ T6727] nbd0: detected capacity change from 0 to 127
[   76.219545][ T6736] syzkaller1: entered promiscuous mode
[   76.224826][ T6736] syzkaller1: entered allmulticast mode
[   76.455002][ T6748] netlink: 'syz.2.371': attribute type 2 has an invalid length.
[   76.459228][ T6748] netlink: 'syz.2.371': attribute type 1 has an invalid length.
[   76.463467][ T6748] netlink: 8 bytes leftover after parsing attributes in process `syz.2.371'.
[   76.525425][ T6749] netlink: 24 bytes leftover after parsing attributes in process `syz.2.371'.
[   76.826455][   T55] block nbd0: Receive control failed (result -104)
[   77.278229][ T6777] netlink: 224 bytes leftover after parsing attributes in process `syz.0.383'.
[   77.362638][ T6781] netlink: 17 bytes leftover after parsing attributes in process `syz.0.385'.
[   77.670569][ T5826] Bluetooth: hci0: command tx timeout
[   78.334949][ T6850] bridge1: entered allmulticast mode
[   79.250498][ T6902] af_packet: tpacket_rcv: packet too big, clamped from 584 to 4294967272. macoff=96
[   79.589189][ T6924] validate_nla: 1 callbacks suppressed
[   79.589220][ T6924] netlink: 'syz.2.452': attribute type 2 has an invalid length.
[   79.611830][ T6924] __nla_validate_parse: 1 callbacks suppressed
[   79.611842][ T6924] netlink: 24 bytes leftover after parsing attributes in process `syz.2.452'.
[   80.109328][ T6958] ip6gretap0: entered promiscuous mode
[   80.120058][ T6958] ip6gretap0: left promiscuous mode
[   80.364540][ T6978] x_tables: unsorted entry at hook 3
[   80.603141][ T7004] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048)
[   80.699852][ T7012] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   80.779108][ T7016] syz.2.496 uses old SIOCAX25GETINFO
[   80.845135][ T7018] ip6t_srh: unknown srh invflags 4449
[   80.968941][ T7022] netlink: 'syz.2.498': attribute type 1 has an invalid length.
[   80.972182][ T7022] netlink: 'syz.2.498': attribute type 1 has an invalid length.
[   81.332182][ T7034] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.503775][ T7034] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.532702][ T7039] netlink: 'syz.0.506': attribute type 39 has an invalid length.
[   81.588122][ T7034] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.704746][ T7034] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.773785][ T7049] netlink: 8 bytes leftover after parsing attributes in process `syz.2.511'.
[   81.807684][ T7034] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.812403][ T7049] netlink: 12 bytes leftover after parsing attributes in process `syz.2.511'.
[   81.826863][ T7034] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.853023][ T7034] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.862220][ T7034] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   81.896118][ T7059] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.513'.
[   82.038667][ T7071] netlink: 32 bytes leftover after parsing attributes in process `syz.1.521'.
[   82.053866][ T7071] netlink: 152 bytes leftover after parsing attributes in process `syz.1.521'.
[   82.059602][ T7071] netlink: 152 bytes leftover after parsing attributes in process `syz.1.521'.
[   82.757343][ T7130] netlink: 8 bytes leftover after parsing attributes in process `syz.1.546'.
[   83.176458][ T7147] bond0: option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-rr(0)
[   83.897105][ T7185] delete_channel: no stack
[   83.948917][ T7188] tipc: Started in network mode
[   83.953077][ T7188] tipc: Node identity 1287fccff487, cluster identity 4711
[   83.956163][ T7188] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   83.960100][ T7188] syzkaller0: entered promiscuous mode
[   83.964475][ T7188] syzkaller0: entered allmulticast mode
[   83.968534][   T13] syzkaller0: tun_net_xmit 70
[   83.976239][ T7188] tipc: Resetting bearer <eth:syzkaller0>
[   83.980166][ T7188] syzkaller0: tun_net_xmit 90
[   83.985222][ T7187] tipc: Resetting bearer <eth:syzkaller0>
[   83.997647][ T7187] tipc: Disabling bearer <eth:syzkaller0>
[   84.339078][ T7193] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[   84.692054][ T7207] netlink: 28 bytes leftover after parsing attributes in process `syz.2.576'.
[   84.789949][ T7211] netlink: 1 bytes leftover after parsing attributes in process `syz.2.578'.
[   85.305447][ T7238] openvswitch: netlink: Missing key (keys=40, expected=80)
[   85.432422][ T7252] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   85.434906][ T7252] IPv6: NLM_F_CREATE should be set when creating new route
[   85.437279][ T7252] IPv6: NLM_F_CREATE should be set when creating new route
[   85.439558][ T7252] IPv6: NLM_F_CREATE should be set when creating new route
[   85.445891][ T7252] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   85.662977][ T7268] netlink: 'syz.2.606': attribute type 4 has an invalid length.
[   86.831035][ T4664] 
[   86.832052][ T4664] ======================================================
[   86.834954][ T4664] WARNING: possible circular locking dependency detected
[   86.837746][ T4664] 6.16.0-rc5-syzkaller-00159-g47c84997c686-dirty #0 Not tainted
[   86.841941][ T4664] ------------------------------------------------------
[   86.844678][ T4664] kworker/u10:4/4664 is trying to acquire lock:
[   86.847119][ T4664] ffff8880216ae358 (&disk->open_mutex){+.+.}-{4:4}, at: __del_gendisk+0x129/0x9e0
[   86.850717][ T4664] 
[   86.850717][ T4664] but task is already holding lock:
[   86.853491][ T4664] ffff8880216b5988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: del_gendisk+0xe0/0x160
[   86.857138][ T4664] 
[   86.857138][ T4664] which lock already depends on the new lock.
[   86.857138][ T4664] 
[   86.861281][ T4664] 
[   86.861281][ T4664] the existing dependency chain (in reverse order) is:
[   86.864696][ T4664] 
[   86.864696][ T4664] -> #2 (&set->update_nr_hwq_lock){++++}-{4:4}:
[   86.867943][ T4664]        lock_acquire+0x120/0x360
[   86.869944][ T4664]        down_write+0x96/0x1f0
[   86.871989][ T4664]        blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   86.874036][ T4664]        nbd_start_device+0x16c/0xac0
[   86.875755][ T4664]        nbd_genl_connect+0x1250/0x1930
[   86.877604][ T4664]        genl_family_rcv_msg_doit+0x215/0x300
[   86.879502][ T4664]        genl_rcv_msg+0x60e/0x790
[   86.881075][ T4664]        netlink_rcv_skb+0x208/0x470
[   86.882881][ T4664]        genl_rcv+0x28/0x40
[   86.884482][ T4664]        netlink_unicast+0x75c/0x8e0
[   86.886164][ T4664]        netlink_sendmsg+0x805/0xb30
[   86.887831][ T4664]        __sock_sendmsg+0x21c/0x270
[   86.889550][ T4664]        ____sys_sendmsg+0x505/0x830
[   86.891180][ T4664]        ___sys_sendmsg+0x21f/0x2a0
[   86.892918][ T4664]        __x64_sys_sendmsg+0x19b/0x260
[   86.895128][ T4664]        do_syscall_64+0xfa/0x3b0
[   86.897109][ T4664]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.899801][ T4664] 
[   86.899801][ T4664] -> #1 (&nbd->config_lock){+.+.}-{4:4}:
[   86.902809][ T4664]        lock_acquire+0x120/0x360
[   86.905011][ T4664]        __mutex_lock+0x182/0xe80
[   86.906967][ T4664]        refcount_dec_and_mutex_lock+0x30/0xa0
[   86.909360][ T4664]        nbd_config_put+0x2c/0x790
[   86.911571][ T4664]        nbd_release+0xfe/0x140
[   86.913457][ T4664]        bdev_release+0x536/0x650
[   86.915613][ T4664]        blkdev_release+0x15/0x20
[   86.917663][ T4664]        __fput+0x44c/0xa70
[   86.919425][ T4664]        fput_close_sync+0x119/0x200
[   86.921633][ T4664]        __x64_sys_close+0x7f/0x110
[   86.923594][ T4664]        do_syscall_64+0xfa/0x3b0
[   86.925546][ T4664]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.928351][ T4664] 
[   86.928351][ T4664] -> #0 (&disk->open_mutex){+.+.}-{4:4}:
[   86.931276][ T4664]        validate_chain+0xb9b/0x2140
[   86.933631][ T4664]        __lock_acquire+0xab9/0xd20
[   86.935915][ T4664]        lock_acquire+0x120/0x360
[   86.937940][ T4664]        __mutex_lock+0x182/0xe80
[   86.939953][ T4664]        __del_gendisk+0x129/0x9e0
[   86.942040][ T4664]        del_gendisk+0xe8/0x160
[   86.943970][ T4664]        nbd_dev_remove_work+0x47/0xe0
[   86.946165][ T4664]        process_scheduled_works+0xae1/0x17b0
[   86.948932][ T4664]        worker_thread+0x8a0/0xda0
[   86.950909][ T4664]        kthread+0x711/0x8a0
[   86.953100][ T4664]        ret_from_fork+0x3fc/0x770
[   86.955350][ T4664]        ret_from_fork_asm+0x1a/0x30
[   86.957427][ T4664] 
[   86.957427][ T4664] other info that might help us debug this:
[   86.957427][ T4664] 
[   86.961381][ T4664] Chain exists of:
[   86.961381][ T4664]   &disk->open_mutex --> &nbd->config_lock --> &set->update_nr_hwq_lock
[   86.961381][ T4664] 
[   86.967423][ T4664]  Possible unsafe locking scenario:
[   86.967423][ T4664] 
[   86.970385][ T4664]        CPU0                    CPU1
[   86.972816][ T4664]        ----                    ----
[   86.975150][ T4664]   rlock(&set->update_nr_hwq_lock);
[   86.977221][ T4664]                                lock(&nbd->config_lock);
[   86.980171][ T4664]                                lock(&set->update_nr_hwq_lock);
[   86.983368][ T4664]   lock(&disk->open_mutex);
[   86.985142][ T4664] 
[   86.985142][ T4664]  *** DEADLOCK ***
[   86.985142][ T4664] 
[   86.988565][ T4664] 3 locks held by kworker/u10:4/4664:
[   86.990862][ T4664]  #0: ffff888021698148 ((wq_completion)nbd-del){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[   86.995322][ T4664]  #1: ffffc90008b97bc0 ((work_completion)(&nbd->remove_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[   87.000342][ T4664]  #2: ffff8880216b5988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: del_gendisk+0xe0/0x160
[   87.003907][ T4664] 
[   87.003907][ T4664] stack backtrace:
[   87.005834][ T4664] CPU: 1 UID: 0 PID: 4664 Comm: kworker/u10:4 Not tainted 6.16.0-rc5-syzkaller-00159-g47c84997c686-dirty #0 PREEMPT(full) 
[   87.005851][ T4664] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   87.005861][ T4664] Workqueue: nbd-del nbd_dev_remove_work
[   87.005880][ T4664] Call Trace:
[   87.005888][ T4664]  <TASK>
[   87.005896][ T4664]  dump_stack_lvl+0x189/0x250
[   87.005915][ T4664]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.005925][ T4664]  ? __pfx__printk+0x10/0x10
[   87.005943][ T4664]  ? print_lock_name+0xde/0x100
[   87.005960][ T4664]  print_circular_bug+0x2ee/0x310
[   87.005979][ T4664]  check_noncircular+0x134/0x160
[   87.005997][ T4664]  validate_chain+0xb9b/0x2140
[   87.006012][ T4664]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   87.006024][ T4664]  ? arch_stack_walk+0x11c/0x150
[   87.006036][ T4664]  __lock_acquire+0xab9/0xd20
[   87.006045][ T4664]  ? __del_gendisk+0x129/0x9e0
[   87.006053][ T4664]  lock_acquire+0x120/0x360
[   87.006061][ T4664]  ? __del_gendisk+0x129/0x9e0
[   87.006069][ T4664]  ? check_path+0x21/0x40
[   87.006078][ T4664]  __mutex_lock+0x182/0xe80
[   87.006086][ T4664]  ? __del_gendisk+0x129/0x9e0
[   87.006095][ T4664]  ? __del_gendisk+0x129/0x9e0
[   87.006102][ T4664]  ? __pfx___mutex_lock+0x10/0x10
[   87.006109][ T4664]  ? __pfx___might_resched+0x10/0x10
[   87.006121][ T4664]  ? __lock_acquire+0xab9/0xd20
[   87.006128][ T4664]  ? disk_del_events+0xb5/0x210
[   87.006137][ T4664]  ? __del_gendisk+0xc1/0x9e0
[   87.006144][ T4664]  __del_gendisk+0x129/0x9e0
[   87.006152][ T4664]  ? del_gendisk+0xe0/0x160
[   87.006160][ T4664]  ? __pfx___del_gendisk+0x10/0x10
[   87.006168][ T4664]  ? down_read+0x1ad/0x2e0
[   87.006202][ T4664]  del_gendisk+0xe8/0x160
[   87.006213][ T4664]  nbd_dev_remove_work+0x47/0xe0
[   87.006221][ T4664]  ? process_scheduled_works+0x9ef/0x17b0
[   87.006230][ T4664]  process_scheduled_works+0xae1/0x17b0
[   87.006243][ T4664]  ? __pfx_process_scheduled_works+0x10/0x10
[   87.006254][ T4664]  worker_thread+0x8a0/0xda0
[   87.006267][ T4664]  kthread+0x711/0x8a0
[   87.006278][ T4664]  ? __pfx_worker_thread+0x10/0x10
[   87.006286][ T4664]  ? __pfx_kthread+0x10/0x10
[   87.006296][ T4664]  ? _raw_spin_unlock_irq+0x23/0x50
[   87.006306][ T4664]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.006317][ T4664]  ? __pfx_kthread+0x10/0x10
[   87.006326][ T4664]  ret_from_fork+0x3fc/0x770
[   87.006335][ T4664]  ? __pfx_ret_from_fork+0x10/0x10
[   87.006343][ T4664]  ? __switch_to_asm+0x39/0x70
[   87.006352][ T4664]  ? __switch_to_asm+0x33/0x70
[   87.006361][ T4664]  ? __pfx_kthread+0x10/0x10
[   87.006370][ T4664]  ret_from_fork_asm+0x1a/0x30
[   87.006383][ T4664]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[   87.432841][ T5822] syz-executor (5822) used greatest stack depth: 19192 bytes left
[   87.448625][   T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.555781][   T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.616173][   T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.644701][   T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.745153][   T13] bridge_slave_1: left allmulticast mode
[   87.747501][   T13] bridge_slave_1: left promiscuous mode
[   87.752238][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.756764][   T13] bridge_slave_0: left allmulticast mode
[   87.759043][   T13] bridge_slave_0: left promiscuous mode
[   87.761695][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.935009][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   87.938898][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   87.942812][   T13] bond0 (unregistering): Released all slaves
[   87.947442][   T13] bond1 (unregistering): Released all slaves
[   88.153734][   T13] hsr_slave_0: left promiscuous mode
[   88.158278][   T13] hsr_slave_1: left promiscuous mode
[   88.162240][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   88.165138][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[   88.170473][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   88.173333][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[   88.177922][   T13] veth1_macvtap: left promiscuous mode
[   88.179668][   T13] veth0_macvtap: left promiscuous mode
[   88.182169][   T13] veth1_vlan: left promiscuous mode
[   88.186424][   T13] veth0_vlan: left promiscuous mode
[   88.289509][   T13] team0 (unregistering): Port device team_slave_1 removed
[   88.306571][   T13] team0 (unregistering): Port device team_slave_0 removed
[   88.643799][   T13] IPVS: stop unused estimator thread 0...
[   88.695251][   T13] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.724585][   T13] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.773940][   T13] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.814058][   T13] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.888576][   T13] bridge_slave_1: left allmulticast mode
[   88.892179][   T13] bridge_slave_1: left promiscuous mode
[   88.894531][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.898727][   T13] bridge_slave_0: left allmulticast mode
[   88.901542][   T13] bridge_slave_0: left promiscuous mode
[   88.903851][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.054515][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   89.059501][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   89.064430][   T13] bond0 (unregistering): Released all slaves
[   89.116166][   T13] tipc: Left network mode
[   89.247707][   T13] hsr_slave_0: left promiscuous mode
[   89.250612][   T13] hsr_slave_1: left promiscuous mode
[   89.253272][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   89.256465][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[   89.259645][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   89.263130][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[   89.269039][   T13] veth1_macvtap: left promiscuous mode
[   89.272670][   T13] veth0_macvtap: left promiscuous mode
[   89.274914][   T13] veth1_vlan: left promiscuous mode
[   89.277046][   T13] veth0_vlan: left promiscuous mode
[   89.418021][   T13] team0 (unregistering): Port device team_slave_1 removed
[   89.434321][   T13] team0 (unregistering): Port device team_slave_0 removed

VM DIAGNOSIS:
09:57:15  Registers:
info registers vcpu 0

CPU#0
RAX=ffffffff89972b31 RBX=1ffff920005edf51 RCX=ffff888022828000 RDX=0000000000000002
RSI=0000000000000000 RDI=0000000000000000 RBP=0000000000004002 RSP=ffffc90002f6f970
R8 =ffff888022828007 R9 =1ffff11004505000 R10=dffffc0000000000 R11=ffffed1004505001
R12=ffff888022828000 R13=1ffff11004505000 R14=ffffc90002f6fa88 R15=ffffc90002f6fa8c
RIP=ffffffff81c03b87 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f9dae9e06c0 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007efce4ae07c1 CR3=0000000041740000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000001 XMM01=0000000000000000 0000555580186490
XMM02=0004800401000008 0806060101ee0008 XMM03=8603040200058403 3c04000580032010
XMM04=0800059003018408 0005880300020005 XMM05=01038010000fffff ffffffff04010000
XMM06=02080606015bbe20 1000058004010000 XMM07=0a0806060101ee00 0800059803040800
XMM08=0590030184080005 8803000200058603 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000074 RBX=0000000000000074 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90008b96e10
R8 =ffff888020ee0237 R9 =1ffff110041dc046 R10=dffffc0000000000 R11=ffffffff85478780
R12=dffffc0000000000 R13=ffffffff99af98cc R14=ffffffff99dfe6e0 R15=0000000000000000
RIP=ffffffff854787fc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f3459cc6095 CR3=0000000041740000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=182b532126b1bb42 1afbe747103e056f
XMM02=0aef0e209af3f8b0 543aac5abdb6a1b2 XMM03=c29e7ec1182b5321 26b1bb421afbe747
XMM04=00007f9dae8ed100 00007f9dadd85440 XMM05=00007f9dadd85458 00007f9dadd854a0
XMM06=00007f9dadd85498 00007f9dadd85490 XMM07=00007f9dadd85488 00007f9dadd85480
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f9dadc11c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
