last executing test programs:

529.494597ms ago: executing program 0 (id=274):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETOFFLOAD(r0, 0x400454ce, 0xa)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})

478.795203ms ago: executing program 2 (id=275):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0x1}}}, 0x24}}, 0x20000000)
bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x3, @empty, 0x0, 0x3}, 0x20)
connect$l2tp6(r0, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20)
sendmmsg$inet6(r0, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1b, 0x0}}], 0x17fd147c801ae9af, 0xff12)

478.339981ms ago: executing program 0 (id=277):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x15, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020692500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000650000000600000085100000010000009500000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x3}, 0x94)

420.196254ms ago: executing program 2 (id=278):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000440)='contention_end\x00', r0}, 0x18)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_GET_FEATURE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x10}, 0x10}}, 0x0)

419.894397ms ago: executing program 0 (id=280):
r0 = socket(0x8000000010, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
write(r0, &(0x7f0000000c40)="fc0000001c000704ab5b2509b86803000aab087a0400000001481193210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af0000d71da56c721dc51c3349f0d4796f0000090548de00", 0xfc)

327.273007ms ago: executing program 2 (id=281):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000000f8c0000000c0a01080000000000000000010000000900020073797a3200000000600003805c000080080003400000000250000b80200001800a00010071756f7461000000100002800c0001400000000000000000140001800c000100636f756e74657200000000000000058011e70000666c6f775f6f66666c6f6164000000000900010073797a30"], 0x110}}, 0x0)

326.771311ms ago: executing program 0 (id=282):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10)

326.412335ms ago: executing program 2 (id=283):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000600)='sys_enter\x00', r2}, 0x10)
r3 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0x40000000})

260.358826ms ago: executing program 2 (id=284):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMRRU(r0, 0x4010744d, 0x0)

260.058726ms ago: executing program 0 (id=285):
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r1, 0x2, {0x1}}, 0x18)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
write$cgroup_int(r2, &(0x7f0000000000), 0xffffff6a)
sendfile(r0, r2, 0x0, 0x1)

208.313445ms ago: executing program 2 (id=287):
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000e, 0x1010, 0xffffffffffffffff, 0x400000)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c9042, 0x0)
r1 = getpid()
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x10010000004e20}, 0x1c)
syz_emit_ethernet(0x83, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r3, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r1}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40005}, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095", @ANYRESDEC=r0, @ANYRES16=r1, @ANYRES32], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x74, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$packet(0x11, 0x3, 0x300)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', <r7=>0x0})
sendto$packet(r6, &(0x7f0000000180), 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r7}, 0x14)
r8 = socket$netlink(0x10, 0x3, 0x400000000000004)
r9 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r9, 0x11b, 0x3, &(0x7f00000001c0)=0x100000, 0x4)
writev(r8, &(0x7f0000000000)=[{&(0x7f0000000280)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6811778581acb6c0101ff0000000309", 0x48}], 0x1)

208.077048ms ago: executing program 1 (id=288):
syz_emit_ethernet(0x86, &(0x7f0000002bc0)={@local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f81fcb", 0x50, 0x3a, 0x0, @private0, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "4aa1d3", 0x0, 0x0, 0x0, @private1, @ipv4={'\x00', '\xff\xff', @loopback}, [@srh={0x2b, 0x0, 0x4, 0x0, 0x9, 0x28, 0x2}, @srh={0x2f, 0x0, 0x4, 0x0, 0xc, 0x28, 0xfe}, @hopopts={0x87}, @dstopts={0x3b}]}}}}}}}, 0x0)

145.915241ms ago: executing program 1 (id=289):
pipe(&(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f0000002840)=[{&(0x7f0000000240)="32edb92832", 0x5}], 0x1, 0xd)
r2 = socket$netlink(0x10, 0x3, 0x0)
splice(r0, 0x0, r2, 0x0, 0x4, 0xf)

144.59036ms ago: executing program 1 (id=290):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f00000003c0)=0x6, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x49ed}], 0x1c)

60.076226ms ago: executing program 0 (id=291):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x4, &(0x7f00000006c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@ldst={0x2, 0x0, 0x3}]}, 0x0, 0xd, 0x0, 0x0, 0x0, 0x7}, 0x94)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)

59.94601ms ago: executing program 1 (id=292):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000000100000000000008001f0001000000", 0x24)

212.721µs ago: executing program 1 (id=293):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0xc3490000)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000140)={'filter\x00', 0x4}, 0x68)

0s ago: executing program 1 (id=294):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f0000000340), 0x11000)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:45946' (ED25519) to the list of known hosts.
syzkaller login: [   49.001393][ T5739] cgroup: Unknown subsys name 'net'
[   49.072920][ T5739] cgroup: Unknown subsys name 'cpuset'
[   49.078673][ T5739] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.577907][ T5739] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   60.238690][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   60.242391][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   60.245876][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   60.248411][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   60.251805][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   60.320059][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   60.325407][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   60.328022][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   60.331861][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   60.335241][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   60.375565][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   60.378778][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   60.381548][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   60.384724][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   60.387699][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   60.576715][ T5840] chnl_net:caif_netlink_parms(): no params data found
[   60.691433][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.694262][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.696947][ T5840] bridge_slave_0: entered allmulticast mode
[   60.699763][ T5840] bridge_slave_0: entered promiscuous mode
[   60.730912][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.733729][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.737067][ T5840] bridge_slave_1: entered allmulticast mode
[   60.740956][ T5840] bridge_slave_1: entered promiscuous mode
[   60.813692][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.823519][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   60.828812][ T5844] chnl_net:caif_netlink_parms(): no params data found
[   60.849181][ T5846] chnl_net:caif_netlink_parms(): no params data found
[   60.930010][ T5840] team0: Port device team_slave_0 added
[   60.948688][ T5840] team0: Port device team_slave_1 added
[   61.028940][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.031419][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.041461][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.060760][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.063812][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.067196][ T5846] bridge_slave_0: entered allmulticast mode
[   61.070694][ T5846] bridge_slave_0: entered promiscuous mode
[   61.087716][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.090522][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.100614][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.112560][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.115082][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.118661][ T5846] bridge_slave_1: entered allmulticast mode
[   61.122382][ T5846] bridge_slave_1: entered promiscuous mode
[   61.126271][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.129192][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.131967][ T5844] bridge_slave_0: entered allmulticast mode
[   61.134591][ T5844] bridge_slave_0: entered promiscuous mode
[   61.138485][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.140843][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.143113][ T5844] bridge_slave_1: entered allmulticast mode
[   61.146142][ T5844] bridge_slave_1: entered promiscuous mode
[   61.194186][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.226018][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.231399][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.237237][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.266633][ T5840] hsr_slave_0: entered promiscuous mode
[   61.269873][ T5840] hsr_slave_1: entered promiscuous mode
[   61.287100][ T5844] team0: Port device team_slave_0 added
[   61.303466][ T5844] team0: Port device team_slave_1 added
[   61.316621][ T5846] team0: Port device team_slave_0 added
[   61.345037][ T5846] team0: Port device team_slave_1 added
[   61.348929][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.351730][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.361928][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.400795][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.403581][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.414633][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.430455][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.433326][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.443681][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.450168][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.453085][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.463509][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.524271][ T5844] hsr_slave_0: entered promiscuous mode
[   61.527565][ T5844] hsr_slave_1: entered promiscuous mode
[   61.531736][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   61.535074][ T5844] Cannot create hsr debugfs directory
[   61.590174][ T5846] hsr_slave_0: entered promiscuous mode
[   61.592531][ T5846] hsr_slave_1: entered promiscuous mode
[   61.594637][ T5846] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   61.598250][ T5846] Cannot create hsr debugfs directory
[   61.793261][ T5840] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   61.816594][ T5840] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   61.826263][ T5840] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   61.837943][ T5840] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   61.868189][ T5844] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   61.879214][ T5844] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   61.889096][ T5844] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   61.897249][ T5844] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   61.934469][ T5846] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   61.943807][ T5846] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   61.969136][ T5846] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   61.979025][ T5846] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   62.054901][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.098866][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[   62.112556][ T1088] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.115794][ T1088] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.129612][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.148775][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.151709][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.164721][ T5844] 8021q: adding VLAN 0 to HW filter on device team0
[   62.192157][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.197374][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.200011][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.218521][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.221166][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.241458][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[   62.257058][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.260017][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.289602][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.292559][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.295362][ T5842] Bluetooth: hci0: command tx timeout
[   62.377686][ T5842] Bluetooth: hci1: command tx timeout
[   62.432758][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.447093][ T5842] Bluetooth: hci2: command tx timeout
[   62.524078][ T5840] veth0_vlan: entered promiscuous mode
[   62.533487][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.544566][ T5840] veth1_vlan: entered promiscuous mode
[   62.583225][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.602525][ T5840] veth0_macvtap: entered promiscuous mode
[   62.611558][ T5840] veth1_macvtap: entered promiscuous mode
[   62.642357][ T5844] veth0_vlan: entered promiscuous mode
[   62.658435][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.667704][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.677683][ T5846] veth0_vlan: entered promiscuous mode
[   62.684466][ T5844] veth1_vlan: entered promiscuous mode
[   62.696901][ T5840] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.700490][ T5840] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.703949][ T5840] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.710545][ T5840] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.729561][ T5846] veth1_vlan: entered promiscuous mode
[   62.806679][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.809565][ T5846] veth0_macvtap: entered promiscuous mode
[   62.809842][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.813338][ T5844] veth0_macvtap: entered promiscuous mode
[   62.832384][ T5846] veth1_macvtap: entered promiscuous mode
[   62.844526][ T5844] veth1_macvtap: entered promiscuous mode
[   62.859249][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.862259][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.874900][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.878914][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.888195][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.894232][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.900520][ T5844] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.903673][ T5844] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.908958][ T5844] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.912379][ T5844] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.917276][ T5840] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   62.920807][ T5846] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.927800][ T5846] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.931816][ T5846] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.934928][ T5846] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.963463][ T5902] warning: `syz.0.19' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   63.070554][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.073751][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.113288][ T1088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.118167][ T1088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.120501][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.129844][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.191192][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.195061][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.301945][ T5911] Zero length message leads to an empty skb
[   64.163376][ T5962] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   64.348040][ T5973] netlink: 'syz.0.48': attribute type 1 has an invalid length.
[   64.351380][ T5973] netlink: 224 bytes leftover after parsing attributes in process `syz.0.48'.
[   64.366216][ T5842] Bluetooth: hci0: command tx timeout
[   64.416845][ T5976] netlink: 12 bytes leftover after parsing attributes in process `syz.2.50'.
[   64.446447][ T5842] Bluetooth: hci1: command tx timeout
[   64.525864][ T5842] Bluetooth: hci2: command tx timeout
[   65.280644][ T6027] openvswitch: netlink: Duplicate or invalid key (type 0).
[   65.287094][ T6027] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   65.571940][ T6047] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled
[   66.210216][ T6077] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[   66.231585][ T6080] netlink: 40 bytes leftover after parsing attributes in process `syz.2.99'.
[   66.456741][ T5842] Bluetooth: hci0: command tx timeout
[   66.514121][ T6097] netlink: 'syz.1.107': attribute type 2 has an invalid length.
[   66.526516][ T5842] Bluetooth: hci1: command tx timeout
[   66.582929][ T6103] netlink: 332 bytes leftover after parsing attributes in process `syz.2.110'.
[   66.596090][ T6103] netlink: 104 bytes leftover after parsing attributes in process `syz.2.110'.
[   66.599147][ T6103] netlink: 32 bytes leftover after parsing attributes in process `syz.2.110'.
[   66.606555][ T5842] Bluetooth: hci2: command tx timeout
[   66.825005][ T6105] raw_sendmsg: syz.1.111 forgot to set AF_INET. Fix it!
[   67.434281][ T6140] netlink: 12 bytes leftover after parsing attributes in process `syz.2.126'.
[   67.453560][ T6140] tipc: Started in network mode
[   67.459486][ T6140] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[   67.463571][ T6140] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:0000
[   67.470591][ T6140] tipc: Enabled bearer <udp:syz1>, priority 10
[   67.942960][ T6172] ip6gretap0: entered promiscuous mode
[   67.947024][ T6170] syz.2.137 (6170) used greatest stack depth: 19960 bytes left
[   67.962515][ T6172] ip6gretap0: left promiscuous mode
[   68.077423][ T6177] netlink: 'syz.1.141': attribute type 39 has an invalid length.
[   68.198941][ T6182] netlink: 'syz.2.144': attribute type 58 has an invalid length.
[   68.224521][ T6184] Bluetooth: MGMT ver 1.23
[   68.344018][ T6194] netlink: 'syz.2.149': attribute type 1 has an invalid length.
[   68.354174][ T6196] netlink: 'syz.0.150': attribute type 4 has an invalid length.
[   68.409281][ T6200] netlink: 56 bytes leftover after parsing attributes in process `syz.2.151'.
[   68.526617][ T5842] Bluetooth: hci0: command tx timeout
[   68.587180][ T5886] tipc: Node number set to 1
[   68.607617][ T5842] Bluetooth: hci1: command tx timeout
[   68.685567][ T5842] Bluetooth: hci2: command tx timeout
[   69.046624][ T6258] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   69.297281][ T6286] ip6t_srh: unknown srh match flags  5294
[   69.337379][ T6283] netlink: 12 bytes leftover after parsing attributes in process `syz.0.191'.
[   69.345828][ T6283] xt_CT: You must specify a L4 protocol and not use inversions on it
[   69.511731][ T6304] xt_hashlimit: overflow, try lower: 6/0
[   69.812268][ T6326] netlink: 4 bytes leftover after parsing attributes in process `syz.2.209'.
[   69.816089][ T6326] netlink: 4 bytes leftover after parsing attributes in process `syz.2.209'.
[   69.929645][ T6332] netlink: 'syz.2.212': attribute type 64 has an invalid length.
[   69.951419][ T6332] netlink: 4 bytes leftover after parsing attributes in process `syz.2.212'.
[   70.003333][ T6338] Driver unsupported XDP return value 0 on prog  (id 44) dev N/A, expect packet loss!
[   70.223523][ T6352] netlink: 4 bytes leftover after parsing attributes in process `syz.1.220'.
[   70.376191][ T6360] batman_adv: batadv0: Adding interface: ip6gretap1
[   70.378602][ T6360] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.389943][ T6360] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active
[   70.393273][ T6362] netlink: 8 bytes leftover after parsing attributes in process `syz.1.225'.
[   70.400598][ T6362] openvswitch: netlink: nsh attribute has 2338 unknown bytes.
[   70.403116][ T6362] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   70.414080][ T6360] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   70.417267][ T6360] batman_adv: batadv0: Removing interface: batadv_slave_0
[   70.430703][ T6360] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   70.447833][ T6360] batman_adv: batadv0: Removing interface: batadv_slave_1
[   70.451644][ T6360] batman_adv: batadv0: Removing interface: ip6gretap1
[   70.541372][ T6374] netlink: 16 bytes leftover after parsing attributes in process `syz.0.231'.
[   70.544179][ T6374] netlink: 64 bytes leftover after parsing attributes in process `syz.0.231'.
[   70.551889][ T6374] netlink: 16 bytes leftover after parsing attributes in process `syz.0.231'.
[   70.599853][ T6380] xt_hashlimit: size too large, truncated to 1048576
[   70.603036][ T6380] xt_hashlimit: overflow, try lower: 3/0
[   70.643359][ T6382] netlink: 8 bytes leftover after parsing attributes in process `syz.2.235'.
[   70.914321][ T6403] netlink: 'syz.0.246': attribute type 4 has an invalid length.
[   70.920465][ T6403] netlink: 4 bytes leftover after parsing attributes in process `syz.0.246'.
[   71.088798][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   71.091377][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   71.126322][ T6414] nbd2: detected capacity change from 0 to 63
[   71.133255][ T6425] block nbd2: NBD_DISCONNECT
[   71.137096][ T6425] block nbd2: Disconnected due to user request.
[   71.140272][ T6425] block nbd2: shutting down sockets
[   71.150854][    C1] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   71.153896][    C1] Buffer I/O error on dev nbd2, logical block 0, async page read
[   71.156488][    C1] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   71.159380][    C1] Buffer I/O error on dev nbd2, logical block 1, async page read
[   71.162063][    C1] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   71.165068][    C1] Buffer I/O error on dev nbd2, logical block 2, async page read
[   71.167905][    C1] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   71.170822][    C1] Buffer I/O error on dev nbd2, logical block 3, async page read
[   71.195504][ T5964] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   71.198689][ T5964] Buffer I/O error on dev nbd2, logical block 0, async page read
[   71.201454][ T5964] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   71.204440][ T5964] Buffer I/O error on dev nbd2, logical block 1, async page read
[   71.231639][ T5964] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   71.241957][ T5964] Buffer I/O error on dev nbd2, logical block 2, async page read
[   71.263257][ T5964] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   71.273013][ T5964] Buffer I/O error on dev nbd2, logical block 3, async page read
[   71.282802][ T5964] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   71.293136][ T5964] Buffer I/O error on dev nbd2, logical block 0, async page read
[   71.299808][ T5964] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   71.302774][ T5964] Buffer I/O error on dev nbd2, logical block 1, async page read
[   71.312937][ T5964] ldm_validate_partition_table(): Disk read failed.
[   71.326591][ T5964] Dev nbd2: unable to read RDB block 0
[   71.332411][ T5964]  nbd2: unable to read partition table
[   71.348685][ T5964] ldm_validate_partition_table(): Disk read failed.
[   71.357688][ T5964] Dev nbd2: unable to read RDB block 0
[   71.364865][ T5964]  nbd2: unable to read partition table
[   71.462544][ T6450] veth2: entered allmulticast mode
[   71.504393][ T6455] netlink: 'syz.0.268': attribute type 18 has an invalid length.
[   71.739733][ T6479] netlink: 'syz.0.280': attribute type 12 has an invalid length.
[   71.948068][ T6496] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.066466][ T6496] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.121086][ T6496] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.167104][ T6510] nbd: socks must be embedded in a SOCK_ITEM attr
[   72.168330][ T6496] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.180546][   T40] 
[   72.181608][   T40] ======================================================
[   72.184007][   T40] WARNING: possible circular locking dependency detected
[   72.186546][   T40] 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 Not tainted
[   72.189916][   T40] ------------------------------------------------------
[   72.192160][   T40] kworker/u10:2/40 is trying to acquire lock:
[   72.194152][   T40] ffff88810dfe7358 (&disk->open_mutex){+.+.}-{4:4}, at: __del_gendisk+0x129/0x9e0
[   72.197324][   T40] 
[   72.197324][   T40] but task is already holding lock:
[   72.199584][   T40] ffff888031a12988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: del_gendisk+0xe0/0x160
[   72.202821][   T40] 
[   72.202821][   T40] which lock already depends on the new lock.
[   72.202821][   T40] 
[   72.206275][   T40] 
[   72.206275][   T40] the existing dependency chain (in reverse order) is:
[   72.209140][   T40] 
[   72.209140][   T40] -> #2 (&set->update_nr_hwq_lock){++++}-{4:4}:
[   72.211868][   T40]        lock_acquire+0x120/0x360
[   72.213540][   T40]        down_write+0x96/0x1f0
[   72.215115][   T40]        blk_mq_update_nr_hw_queues+0x3b/0x14c0
[   72.217239][   T40]        nbd_start_device+0x16c/0xac0
[   72.218995][   T40]        nbd_genl_connect+0x1250/0x1930
[   72.220793][   T40]        genl_family_rcv_msg_doit+0x215/0x300
[   72.222749][   T40]        genl_rcv_msg+0x60e/0x790
[   72.224427][   T40]        netlink_rcv_skb+0x208/0x470
[   72.226225][   T40]        genl_rcv+0x28/0x40
[   72.227734][   T40]        netlink_unicast+0x75b/0x8d0
[   72.229440][   T40]        netlink_sendmsg+0x805/0xb30
[   72.231139][   T40]        __sock_sendmsg+0x21c/0x270
[   72.232850][   T40]        ____sys_sendmsg+0x505/0x830
[   72.234553][   T40]        ___sys_sendmsg+0x21f/0x2a0
[   72.236443][   T40]        __x64_sys_sendmsg+0x19b/0x260
[   72.238462][   T40]        do_syscall_64+0xfa/0x3b0
[   72.240371][   T40]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.242756][   T40] 
[   72.242756][   T40] -> #1 (&nbd->config_lock){+.+.}-{4:4}:
[   72.245649][   T40]        lock_acquire+0x120/0x360
[   72.247393][   T40]        __mutex_lock+0x182/0xe80
[   72.249257][   T40]        refcount_dec_and_mutex_lock+0x30/0xa0
[   72.251265][   T40]        nbd_config_put+0x2c/0x790
[   72.252942][   T40]        nbd_release+0xfe/0x140
[   72.254533][   T40]        bdev_release+0x536/0x650
[   72.256161][   T40]        blkdev_release+0x15/0x20
[   72.257858][   T40]        __fput+0x44c/0xa70
[   72.259377][   T40]        fput_close_sync+0x119/0x200
[   72.261105][   T40]        __x64_sys_close+0x7f/0x110
[   72.262795][   T40]        do_syscall_64+0xfa/0x3b0
[   72.264453][   T40]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.266573][   T40] 
[   72.266573][   T40] -> #0 (&disk->open_mutex){+.+.}-{4:4}:
[   72.269125][   T40]        validate_chain+0xb9b/0x2140
[   72.270911][   T40]        __lock_acquire+0xab9/0xd20
[   72.272591][   T40]        lock_acquire+0x120/0x360
[   72.274226][   T40]        __mutex_lock+0x182/0xe80
[   72.275922][   T40]        __del_gendisk+0x129/0x9e0
[   72.277610][   T40]        del_gendisk+0xe8/0x160
[   72.279191][   T40]        nbd_dev_remove_work+0x47/0xe0
[   72.280979][   T40]        process_scheduled_works+0xae1/0x17b0
[   72.282959][   T40]        worker_thread+0x8a0/0xda0
[   72.284908][   T40]        kthread+0x711/0x8a0
[   72.286479][   T40]        ret_from_fork+0x3fc/0x770
[   72.288146][   T40]        ret_from_fork_asm+0x1a/0x30
[   72.289891][   T40] 
[   72.289891][   T40] other info that might help us debug this:
[   72.289891][   T40] 
[   72.293671][   T40] Chain exists of:
[   72.293671][   T40]   &disk->open_mutex --> &nbd->config_lock --> &set->update_nr_hwq_lock
[   72.293671][   T40] 
[   72.298887][   T40]  Possible unsafe locking scenario:
[   72.298887][   T40] 
[   72.301384][   T40]        CPU0                    CPU1
[   72.303156][   T40]        ----                    ----
[   72.305333][   T40]   rlock(&set->update_nr_hwq_lock);
[   72.307279][   T40]                                lock(&nbd->config_lock);
[   72.309699][   T40]                                lock(&set->update_nr_hwq_lock);
[   72.312358][   T40]   lock(&disk->open_mutex);
[   72.313882][   T40] 
[   72.313882][   T40]  *** DEADLOCK ***
[   72.313882][   T40] 
[   72.316676][   T40] 3 locks held by kworker/u10:2/40:
[   72.318445][   T40]  #0: ffff88810861a148 ((wq_completion)nbd-del){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[   72.322171][   T40]  #1: ffffc900006efbc0 ((work_completion)(&nbd->remove_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[   72.326214][   T40]  #2: ffff888031a12988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: del_gendisk+0xe0/0x160
[   72.329508][   T40] 
[   72.329508][   T40] stack backtrace:
[   72.331355][   T40] CPU: 1 UID: 0 PID: 40 Comm: kworker/u10:2 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[   72.331364][   T40] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   72.331370][   T40] Workqueue: nbd-del nbd_dev_remove_work
[   72.331383][   T40] Call Trace:
[   72.331388][   T40]  <TASK>
[   72.331393][   T40]  dump_stack_lvl+0x189/0x250
[   72.331411][   T40]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.331421][   T40]  ? __pfx__printk+0x10/0x10
[   72.331430][   T40]  ? print_lock_name+0xde/0x100
[   72.331437][   T40]  print_circular_bug+0x2ee/0x310
[   72.331445][   T40]  check_noncircular+0x134/0x160
[   72.331453][   T40]  validate_chain+0xb9b/0x2140
[   72.331460][   T40]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   72.331469][   T40]  ? arch_stack_walk+0x11c/0x150
[   72.331478][   T40]  __lock_acquire+0xab9/0xd20
[   72.331488][   T40]  ? __del_gendisk+0x129/0x9e0
[   72.331497][   T40]  lock_acquire+0x120/0x360
[   72.331506][   T40]  ? __del_gendisk+0x129/0x9e0
[   72.331517][   T40]  ? check_path+0x21/0x40
[   72.331523][   T40]  __mutex_lock+0x182/0xe80
[   72.331535][   T40]  ? __del_gendisk+0x129/0x9e0
[   72.331546][   T40]  ? __del_gendisk+0x129/0x9e0
[   72.331555][   T40]  ? __pfx___mutex_lock+0x10/0x10
[   72.331565][   T40]  ? __pfx___might_resched+0x10/0x10
[   72.331577][   T40]  ? __lock_acquire+0xab9/0xd20
[   72.331585][   T40]  ? disk_del_events+0xb5/0x210
[   72.331592][   T40]  ? __del_gendisk+0xc1/0x9e0
[   72.331601][   T40]  __del_gendisk+0x129/0x9e0
[   72.331611][   T40]  ? del_gendisk+0xe0/0x160
[   72.331621][   T40]  ? __pfx___del_gendisk+0x10/0x10
[   72.331631][   T40]  ? down_read+0x1ad/0x2e0
[   72.331637][   T40]  del_gendisk+0xe8/0x160
[   72.331647][   T40]  nbd_dev_remove_work+0x47/0xe0
[   72.331657][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[   72.331667][   T40]  process_scheduled_works+0xae1/0x17b0
[   72.331680][   T40]  ? __pfx_process_scheduled_works+0x10/0x10
[   72.331692][   T40]  worker_thread+0x8a0/0xda0
[   72.331706][   T40]  kthread+0x711/0x8a0
[   72.331714][   T40]  ? __pfx_worker_thread+0x10/0x10
[   72.331724][   T40]  ? __pfx_kthread+0x10/0x10
[   72.331731][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[   72.331740][   T40]  ? lockdep_hardirqs_on+0x9c/0x150
[   72.331750][   T40]  ? __pfx_kthread+0x10/0x10
[   72.331757][   T40]  ret_from_fork+0x3fc/0x770
[   72.331768][   T40]  ? __pfx_ret_from_fork+0x10/0x10
[   72.331777][   T40]  ? __switch_to_asm+0x39/0x70
[   72.331784][   T40]  ? __switch_to_asm+0x33/0x70
[   72.331790][   T40]  ? __pfx_kthread+0x10/0x10
[   72.331797][   T40]  ret_from_fork_asm+0x1a/0x30
[   72.331806][   T40]  </TASK>
[   72.458662][ T6496] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.467047][ T6496] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.476102][ T6496] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.483284][ T6496] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   81.334599][   T24] cfg80211: failed to load regulatory.db

VM DIAGNOSIS:
04:05:00  Registers:
info registers vcpu 0

CPU#0
RAX=0a8d4f02722c2a00 RBX=ffffffff81974d58 RCX=0a8d4f02722c2a00 RDX=0000000000000001
RSI=ffffffff8be28d20 RDI=ffffffff81974d58 RBP=ffffffff8de07ea8 RSP=ffffffff8de07d80
R8 =ffff88804b032f5b R9 =1ffff110096065eb R10=dffffc0000000000 R11=ffffed10096065ec
R12=ffffffff8fa10cf0 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a50
RIP=ffffffff8b66b4a3 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8650000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c334c25 CR3=0000000111f74000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff813394fe ffffffff813394fe
XMM02=00007f323db84478 ffffffff813394fe XMM03=00007f323db84488 00007f323db84480
XMM04=00007f323e6ed100 00007f323db84440 XMM05=00007f323db84458 00007f323db844a0
XMM06=00007f323db84498 00007f323db84490 XMM07=00007f323db84488 00007f323db84480
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f323da11c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000074 RBX=0000000000000074 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900006eee10
R8 =ffff888107db8237 R9 =1ffff11020fb7046 R10=dffffc0000000000 R11=ffffffff85474610
R12=dffffc0000000000 R13=ffffffff99ac490c R14=ffffffff99dc9760 R15=0000000000000000
RIP=ffffffff8547468c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c50000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c2c82e0 CR3=000000002851e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=ffff000000000000 ffff00ff00000000 XMM05=0000000000000131 0000000000003331
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=ffffffffffff0000 ffffffffffff0000 XMM09=00000000000001e1 0000000000003331
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
