last executing test programs:

5.554450579s ago: executing program 1 (id=2):
ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
madvise$auto(0x0, 0x7, 0x20000e)
mmap$auto(0x7ff, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x9)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
socket(0x2, 0x2, 0x0)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x7f, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0xc, 0x1, 0x2, 0x4, 0x15f4da0e, 0x3, 0xd08, 0xc, 0x8, 0x4, 0x6d3f, 0x9, 0x2, 0x4000000000000d]}, 0x0)
pread64$auto(0xffffffffffffffff, &(0x7f0000000000)='/proc/thread-self/net/tcp6\x00\xd2)\x8e\x892\x82\x19\xfd\x03\xc3\x8d\xd7D\bz\xde5u4\xddS\xe6\x1a\x8a`\xad0\x98|\xbc\x00\x98\b\x0ey\xcb`\x9b\x91r\xd5\x13\x9e\xdd4\xe7\xb7\x94P\x8fBlm\x04eAW\xbc0\x9b\xbd\x8f\xf5];\x94\x18\xf0\v\xd7\xf4P\xd3\x9e,Q\xd8\x16\x989l\x03\a\xcc\x1e\xb9\xe9{\xeeS\xa9\xc60\x00\xb5&\x9e\xdbk{F\x18\xa8\xba*G\xd3\x80\xb1G.\xec1\x96uP\x97\x8co\xf1\xa6\xd5\xea\xc8L3|a\xb3\xaa\x90~Y\xb19\xad\xdc\x05o\x98g\xd4\x10]5\x95\xd0\xabJC\x06\xd0c\xd1Ra\xf7\xc4n\xdf\xe4\xc7\x03\x19x\xbb\v\x00\t\xde\xf5\x93\xfb\xfb#\xbd\xc0S\f57\x83\xdd\xaa\xf0\x9c\xd3G\xe1\x00'/232, 0x3ef, 0x9)
r0 = socket(0xa, 0x2, 0x3a)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
bind$auto(r0, &(0x7f0000000040)=@generic={0xa, "2c551d000000fe8000"}, 0x66)

5.239993547s ago: executing program 2 (id=3):
r0 = socket(0xa, 0x3, 0xff)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
sendmsg$auto_GTP_CMD_ECHOREQ(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x40040c4)
r1 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYRESHEX=r0], 0x1ac}, 0x1, 0x0, 0x0, 0x80}, 0x40000)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x802, 0x0)
openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0)
ioctl$auto_TCFLSH2(r2, 0x540b, 0xfffffffffffffffd)
r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
ioctl$auto_TCFLSH2(r3, 0x5453, 0x0)
write$auto(0x3, 0x0, 0xfdef)
r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r5 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xde, 0xeb0, 0x401, 0x8000)
syz_genetlink_get_family_id$auto_nlbl_unlbl(&(0x7f0000000080), r5)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
r6 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$auto_posix_clock_file_operations_posix_clock(r6, 0xc0603d06, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1fe, 0x3, 0x2, 0x1, 0x948f, 0x3, 0x95f4da0a, 0xffffffffdfffffff, 0x3, 0x62, 0x84000001, 0x5, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0)
write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x1ff, 0x7, 0xd, 0x1, 0x1f, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000023, 0x7, 0x6d40, 0x9, 0x2, 0x6]}, 0x0)
ioctl$auto(r5, 0x57, r4)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_ila(0x0, 0xffffffffffffffff)
process_vm_readv$auto(0x0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, 0x0, 0x6, 0x0)
close_range$auto(0x2, 0xa, 0x0)
recvmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x4, 0x0, 0x4, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0)

4.701802913s ago: executing program 0 (id=1):
landlock_restrict_self$auto(0xffffffffffffffff, 0x2)
socket(0x2, 0x3, 0xa)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000440), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'veth1_to_bond\x00'})
prctl$auto(0x16, 0x2, 0x2, 0x4000000d, 0x100)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1\x00', 0x1, 0x0)
io_uring_setup$auto(0x6, 0x0)
openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000)
sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800)
kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[], 0x58}, 0x1, 0x0, 0x0, 0x40080}, 0x40090)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x68, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {0xa, 0x0, 0xa00}, [@CTRL_ATTR_FAMILY_NAME={0xb, 0x2, 'netdev\x00'}, @CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x828}, @CTRL_ATTR_OP={0x8, 0xa, 0x2}, @CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x7fff}, @CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x71b0}, @CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x8001}, @CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x9}, @CTRL_ATTR_FAMILY_NAME={0xb, 0x2, 'netdev\x00'}, @CTRL_ATTR_FAMILY_NAME={0xb, 0x2, 'netdev\x00'}]}, 0x68}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004896)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000)

4.522102727s ago: executing program 1 (id=5):
bind$auto(0xffffffffffffffff, 0x0, 0x66)
openat$auto_tracing_saved_cmdlines_fops_trace(0xffffffffffffff9c, 0x0, 0xa00, 0x0)
r0 = openat$auto_ftrace_event_id_fops_trace_events(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/id\x00', 0xa2000, 0x0)
read$auto_ftrace_event_id_fops_trace_events(r0, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
capget$auto(0x0, 0xfffffffffffffffe)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/crash_elfcorehdr_size\x00', 0x8040, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000040)=""/116, 0x74)
r2 = open(0x0, 0x591002, 0x0)
vmsplice$auto(0xffffffffffffffff, 0x0, 0x2, 0x5)
writev$auto(0xffffffffffffffff, 0x0, 0x4)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2)
mprotect$auto(0x8000, 0x8, 0x8)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
acct$auto(0x0)
openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0)
sendmmsg$auto(r2, &(0x7f0000000280)={{&(0x7f0000000140)="40509dd0dd9aed1cd26d186cad18f0251ff0a4487a302041bd730c610bbd509c29e8264c9980631af8664e597316a2ae383bd08af40b955181de391293e805f01cff26de7c0055a3ffb31380e845f50d9ed1e73d9afab71e3e71dca50b6e3382d0f770626fd909b05aaff87bc7078a73cdebeea0b54196a09e9fb35f3df042aefeaa12b2a38c8f383ac7455563f14a3800b80fdb24fce617dce0ae8de83e32d6aec364c5a26a9bcc353d6f93a8f8a8985c7bce75f34bebc393", 0x100, &(0x7f0000000080)={&(0x7f0000000200)="11ce3ffd6b5b040c4f90f326081d91003d904ffd3536bf1bece3a77f25e945ffd03a53119ed4c06402ca6538e64dccacfc9cb84a3605286a3dc27a81c27b98953e296d45fdce69d1e7ef1e400559497d545d7659ad", 0xf65b}, 0xf5, &(0x7f0000000340)="f1b6366d3e7f6d5a5f540fef427621459f70b25fa7a01f887b20a35ec28ea8007741d4127b15bbfe33c217bcd4c9bf96197fca404760493bfbaca5d4c68c863968fd88ec19bb4d066a36d1e0f6c6f72be1a57accaf712eff731c53993e6fbd05f636ae9482babda6efcfd485043355b1dcb727d80fc98628d9a56ac7d4eb4d2f5f59abebed4fa5a0ffba936517aae00452472f7a98164546d48f89bff2cca4006e341f69a3a29e353e8efba82f7066f531c4cc21f0c7e35a23c39abc159db9e398", 0xc, 0x2}, 0xb}, 0x1, 0xe4)
clock_getres$auto(0xfffffffd, 0x0)
mmap$auto(0x0, 0x40009, 0xdd, 0x9b74, 0x7, 0x28000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NET_SHAPER_CMD_GROUP(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004c804}, 0x14)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)

3.638502204s ago: executing program 3 (id=4):
mmap$auto(0x1, 0x2020009, 0x3, 0xebd, 0xfffffffffffffffa, 0xfffffffffffffffd)
mmap$auto(0x0, 0x40009, 0xde, 0x9b72, 0x7, 0x28000)
adjtimex$auto(&(0x7f0000000200)={0x5f95, 0x0, 0x2, 0x2000000a, 0xff7d, 0xbc58, 0x4000005, 0x0, 0x5, 0x8, 0x80000000, {0x7ff, 0xf423f}, 0x2744, 0x200000001, 0xff, 0x7, 0x0, 0x3c8, 0x8, 0x8, 0xffffffffffffffff, 0x1560cc85, 0x9})
mbind$auto(0x2001, 0x100000004, 0x100000000, 0x0, 0x5, 0x2)
open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x282900, 0x0)
read$auto(r0, 0x0, 0x200039b8)
capget$auto(0x0, 0x0)
openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x1a9901, 0x0)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x10803, 0x0)
ioctl$auto_SNDCTL_SEQ_NRMIDIS(r2, 0x8004510b, &(0x7f0000000680)="6a2e7360b6731f0e738f6f9322e7cd911ff77a304386180fe271105446b53575f0b8dd2b18f16a2dc526944a67f844dba08a303007c841fb3e4fac989a40bd6d6e25b7904c0d600fe604d2fead46db4a68b44fc415f0af1b577a96e20b333d3f3ca6376cc901d52b2074b3583c04cc3c80491c2947254c866dbecdcb802bcf28499a8dc3a2e2b942dcf82fe95cc115dcc3c73f0fa42334168b0c76d813bb755ed15394d0a2657773e0e36e915269dd5eaabb0dd7ee69f0e8108f2fa2bb68868938ed27c8dbd029054b3538d320afa2bd659fd18bd5714479208286df777c2ffa6974410f3a9480c711598f73c573a527")
r3 = gettid()
process_vm_readv$auto(r3, &(0x7f0000000040)={0x0, 0x5}, 0x4, &(0x7f00000000c0)={0x0, 0xffffffffffffff}, 0x3, 0x483)
r4 = syz_open_procfs$namespace(r3, 0x0)
ioctl$auto_MON_IOCX_GETX(r4, 0x4018920a, &(0x7f0000000140)={&(0x7f0000000080)={0xfff, 0x9d, 0x0, 0xd, 0xc6, 0x8, 0x2, 0x5, 0x100000001, 0x4, 0x4d, 0x9, 0x2, @iso={0x3ff, 0x7f}, 0x9, 0xffffff81, 0x2, 0x6}, &(0x7f0000000180)="af6137feb4a816345b588822f37a151cf2b1671d8887b101d406f68c08a49cebe7649be3b0f38922bfde099a4b3069184210ac9d966abc4e690cf57500000000000000000000000000000000c7b38966301e51bf9e75fdd8249713b58523e280d91420774fa7edb9ed8e3ecb4bd56b8942d3b061f997ca8ac807f6e9661080740cfe582de7dc109b90af9d1ddbd2cf7875582dbf11e8495b3a96a61bf7e56baa980ed5f7f1091dc19050df6299326981f05d5df0a455c21fe8a0271b83ae2bc7f01a336d7afe1540d7737b1e7b5e3d5879e78c8b60fed546e63c9c8bc59dea23aa53657dc017abae1fb67bf9", 0xfff})
openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, 0x0, 0x40001, 0x0)
sendmsg$auto_NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r5, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9)
sendfile$auto(0x1, r1, 0x0, 0x0)
r6 = socket(0x10, 0x2, 0x6)
r7 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="010028bd7000fddbdf251100fc00990f3f83331d687ee75c3c94587e1f5cd59006f73c6d6845a036a2fb8e18a48c5faf968c0e511a645aaae8aae65663a5c338dab6fb9aba2aaf595fd8b7bea6f1a0215903fdeca93d8aa4371660a82ede09d48262f353e478571052224dee7140b0e7b6fa79dfdd36ada6faa8cdeb0da918a84f600e34fe3b5a9a326bf73e18fe4d5269bf579bf0ec5ce21d2703ea772b6fda6cd19d8d34274f412e1ca5f937be6e163a7229d71c9f77f938b79c6d727f982553e7bc44719d857bd5c2c828cd6cf92a74647606454c190e3fc1e1094bb08409a9d7b040fd1c2412e247ef81d381957693fe084bc2627b6d3e920b28275cad3537e295f0078e3a9fbcbbeab992fe17d73fadf6671f79836e13548cf7dfc9bc5a97cbb5351ad5c26decb10ae46c3d835c991da34b59e2ed9742ff58c5e8e7"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x8044)
r8 = openat$auto_stat_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x800, 0x0)
lseek$auto(r8, 0x2, 0x1)
msync$auto(0x1ffff000, 0x180000000000000, 0x400000004)
write$auto(0x3, 0x0, 0x100082)

3.184933247s ago: executing program 0 (id=6):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0xa, 0x1, 0x84)
bpf$auto(0x0, 0x0, 0x6f4)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r0 = socket(0x1d, 0x3, 0x1)
sendmmsg$auto(r0, &(0x7f0000000340)={{&(0x7f0000000100), 0x6, &(0x7f0000000000)={0x0, 0xff}, 0x8, &(0x7f00000002c0), 0x1ff, 0x7}, 0x1000}, 0x2a08, 0x0)
socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0)
unshare$auto(0x40000080)
setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd)
r1 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f00000007c0)='/sys/kernel/debug/block/nbd15/sched/read2_next_rq\x00', 0x200, 0x0)
pread64$auto(r1, 0x0, 0x8000, 0x0)
setsockopt$auto(0x3, 0x8084, 0x7c, 0x0, 0x8)

3.100994878s ago: executing program 2 (id=7):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0)
read$auto(r0, 0x0, 0x7)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x2, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x97)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x1, 0x8, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000)
io_uring_setup$auto(0x1, 0x0)
socket(0x840000000002, 0x3, 0xff)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55)
write$auto(0x3, 0x0, 0xfdef)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000180), 0xffffffffffffffff)
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000002c00), 0xffffffffffffffff)
ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0)

1.453919945s ago: executing program 3 (id=8):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2b, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0)
ioctl$auto(0x3, 0x4b34, 0x3)
msgget$auto(0x1, 0x1)
r1 = openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/events/vmalloc/free_vmap_area_noflush/filter\x00', 0x4000, 0x0)
write$auto_ftrace_event_filter_fops_trace_events(r1, &(0x7f0000000100)="1981c7a5b1a93a553f147178ced3d8ca035153a1", 0x14)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x3, 0x0, 0x1f, 0x80b}, 0x800009}, 0x3, 0x20000000)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
write$auto(r0, 0x0, 0xfffffde9)
shutdown$auto(0x200000003, 0x2)
mmap$auto(0x0, 0x2020009, 0x80, 0xeb1, 0xfffffffffffffffa, 0xf5)
mmap$auto(0x8, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x19e)

1.382698718s ago: executing program 0 (id=9):
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zram0\x00', 0x121002, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
unshare$auto(0x20000)
r0 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/1/msr\x00', 0xf82, 0x0)
readv$auto(r0, 0x0, 0x400)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
socket(0xa, 0x5, 0x84)
getrandom$auto(0x0, 0x6000000, 0x3)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008)
r1 = socket(0x29, 0x2, 0x0)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
recvmmsg$auto(r2, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0)
ioctl$auto(r1, 0x89f2, 0x24)
mmap$auto(0xbcf, 0x2020009, 0x9, 0xeb1, 0xffffffffffffffff, 0x20000009)
setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28)
r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0)
ioctl$auto(r3, 0x80845663, r3)
pread64$auto(0xffffffffffffffff, 0x0, 0x100000001, 0x100)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/workqueue/nf_ft_offload_stats/affinity_scope\x00', 0x8000, 0x0)
read$auto(r4, 0x0, 0x20)
socket(0x2, 0x801, 0x106)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r5 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x28082, 0x0)
ioctl$auto_BLKPG2(r5, 0x1269, 0x0)
write$auto(0x3, 0x0, 0x5c8)

516.912726ms ago: executing program 2 (id=10):
r0 = open_tree$auto(0xffffffffffffff9c, &(0x7f0000001100)='./cgroup\x00', 0x0)
newfstatat$auto(r0, &(0x7f0000000140)='./cgroup\x00', &(0x7f00000003c0)={0x5, 0x3c, 0xa3, 0x8001, 0xffffffffffffffff, 0xee00, 0x0, 0x1cd, 0xa89, 0x0, 0x8000000000000000, 0xe76b, 0x2, 0x7fffffff, 0x8, 0x79, 0x8}, 0x1)
mmap$auto(0x6, 0x40000a, 0x6, 0x9b72, r0, 0x100000000008001)
mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x801, 0x106)
bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x3, 0x8, 0xc, 0x2e, 0x0, 0x3}, 0x6f4)
bpf$auto(0x1, &(0x7f00000001c0)=@bpf_attr_1={0x3, 0xca99, @value=0x7, 0xa}, 0xc)
r1 = socket(0x2, 0x1, 0x106)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x26}}, 0x54)
shutdown$auto(r1, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0)
r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd6/queue/scheduler\x00', 0x189002, 0x0)
sendfile$auto(r2, r2, 0x0, 0x3)
shutdown$auto(0x200000003, 0x2)
mmap$auto(0x200000000000000, 0x400006, 0xdf, 0x12, 0x2, 0x8001)
madvise$auto(0x0, 0xffffffffffff0002, 0x19)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
write$auto(0x3, 0x0, 0x7fffffff)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/pci0000:00/waiting_for_supplier\x00', 0x80800, 0x0)
openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace\x00', 0x20600, 0x0)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto(0xffffffffffffffff, 0x64ce, 0xffffffffffffd4b4)
syz_clone(0x40011, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000200), 0x0)
mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0x18000)

0s ago: executing program 3 (id=11):
landlock_restrict_self$auto(0xffffffffffffffff, 0x2)
socket(0x2, 0x3, 0xa)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000440), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'veth1_to_bond\x00'})
prctl$auto(0x16, 0x2, 0x2, 0x4000000d, 0x100)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1\x00', 0x1, 0x0)
io_uring_setup$auto(0x6, 0x0)
openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000)
sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800)
kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4)
sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[], 0x58}, 0x1, 0x0, 0x0, 0x40080}, 0x40090)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
select$auto(0xffffffff, &(0x7f0000000040)={[0x54, 0x10, 0x800000c8be, 0x8, 0x273a, 0x0, 0xb, 0x5, 0x5, 0x330, 0x7, 0x200cf, 0x45, 0xc, 0x5, 0xb98]}, 0x0, 0x0, 0x0)
sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf25020000002c00018028003c8008001b"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.49' (ED25519) to the list of known hosts.
syzkaller login: [   99.159085][ T5818] cgroup: Unknown subsys name 'net'
[   99.272847][ T5818] cgroup: Unknown subsys name 'cpuset'
[   99.283289][ T5818] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  101.191805][ T5818] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  102.309938][ T1779] cfg80211: failed to load regulatory.db
[  103.481822][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  103.490408][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  103.498535][   T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  103.506955][   T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  103.515107][   T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  103.536439][ T5839] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  103.549162][ T5141] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  103.557225][ T5141] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  103.566107][ T5141] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  103.574598][ T5141] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  103.585996][ T5141] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  103.601533][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  103.604910][ T5141] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  103.617571][ T5141] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  103.625850][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  103.634146][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  103.636139][ T5141] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  103.650506][ T5141] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  103.650652][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  103.668055][ T5141] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  104.225336][ T5842] chnl_net:caif_netlink_parms(): no params data found
[  104.331211][ T5833] chnl_net:caif_netlink_parms(): no params data found
[  104.468124][ T5836] chnl_net:caif_netlink_parms(): no params data found
[  104.599248][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.607013][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.616257][ T5833] bridge_slave_0: entered allmulticast mode
[  104.624042][ T5833] bridge_slave_0: entered promiscuous mode
[  104.653198][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.660559][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.667861][ T5842] bridge_slave_0: entered allmulticast mode
[  104.675274][ T5842] bridge_slave_0: entered promiscuous mode
[  104.696648][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.704220][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.711587][ T5833] bridge_slave_1: entered allmulticast mode
[  104.719751][ T5833] bridge_slave_1: entered promiscuous mode
[  104.739921][ T5840] chnl_net:caif_netlink_parms(): no params data found
[  104.751555][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.759290][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.766682][ T5842] bridge_slave_1: entered allmulticast mode
[  104.774519][ T5842] bridge_slave_1: entered promiscuous mode
[  104.862756][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.875871][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.898701][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.911889][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.921436][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.928690][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.935954][ T5836] bridge_slave_0: entered allmulticast mode
[  104.943689][ T5836] bridge_slave_0: entered promiscuous mode
[  105.010979][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.018572][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.025765][ T5836] bridge_slave_1: entered allmulticast mode
[  105.034296][ T5836] bridge_slave_1: entered promiscuous mode
[  105.064516][ T5842] team0: Port device team_slave_0 added
[  105.089095][ T5833] team0: Port device team_slave_0 added
[  105.121674][ T5842] team0: Port device team_slave_1 added
[  105.135963][ T5833] team0: Port device team_slave_1 added
[  105.145324][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  105.192469][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  105.292162][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.299507][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.326581][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  105.340249][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1
[  105.347234][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.373274][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  105.385882][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.392936][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.419268][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  105.432502][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[  105.439791][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.465864][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  105.481015][ T5836] team0: Port device team_slave_0 added
[  105.487343][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.494667][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.502177][ T5840] bridge_slave_0: entered allmulticast mode
[  105.510478][ T5840] bridge_slave_0: entered promiscuous mode
[  105.536372][ T5836] team0: Port device team_slave_1 added
[  105.561959][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.569321][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.576537][ T5840] bridge_slave_1: entered allmulticast mode
[  105.584222][ T5840] bridge_slave_1: entered promiscuous mode
[  105.590434][ T5141] Bluetooth: hci0: command tx timeout
[  105.664814][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  105.674822][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.682237][ T5141] Bluetooth: hci1: command tx timeout
[  105.688219][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.714207][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  105.746627][ T5842] hsr_slave_0: entered promiscuous mode
[  105.753370][ T5842] hsr_slave_1: entered promiscuous mode
[  105.759136][ T5141] Bluetooth: hci3: command tx timeout
[  105.759146][   T55] Bluetooth: hci2: command tx timeout
[  105.784398][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  105.811000][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1
[  105.819394][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.845672][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  105.930920][ T5833] hsr_slave_0: entered promiscuous mode
[  105.937363][ T5833] hsr_slave_1: entered promiscuous mode
[  105.944212][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  105.952074][ T5833] Cannot create hsr debugfs directory
[  105.962287][ T5840] team0: Port device team_slave_0 added
[  105.996721][ T5836] hsr_slave_0: entered promiscuous mode
[  106.003660][ T5836] hsr_slave_1: entered promiscuous mode
[  106.010166][ T5836] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  106.017768][ T5836] Cannot create hsr debugfs directory
[  106.025933][ T5840] team0: Port device team_slave_1 added
[  106.126075][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[  106.133640][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  106.159827][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  106.215215][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[  106.223039][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  106.249231][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  106.466220][ T5840] hsr_slave_0: entered promiscuous mode
[  106.475548][ T5840] hsr_slave_1: entered promiscuous mode
[  106.482243][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  106.490149][ T5840] Cannot create hsr debugfs directory
[  106.700599][ T5842] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  106.730030][ T5842] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  106.774616][ T5842] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  106.805356][ T5842] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  106.869640][ T5836] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  106.886343][ T5836] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  106.897644][ T5836] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  106.911260][ T5836] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  107.035805][ T5833] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  107.057448][ T5833] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  107.069424][ T5833] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  107.107099][ T5833] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  107.219743][ T5840] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  107.231711][ T5840] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  107.243993][ T5840] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  107.262347][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.276657][ T5840] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  107.305969][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.322542][ T5842] 8021q: adding VLAN 0 to HW filter on device team0
[  107.353396][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.360869][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.389795][ T1143] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.396965][ T1143] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.432895][ T5836] 8021q: adding VLAN 0 to HW filter on device team0
[  107.467425][ T1324] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.474783][ T1324] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.540140][ T1324] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.547350][ T1324] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.668649][ T5141] Bluetooth: hci0: command tx timeout
[  107.748070][ T5141] Bluetooth: hci1: command tx timeout
[  107.783441][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.801012][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.828852][ T5141] Bluetooth: hci2: command tx timeout
[  107.834465][ T5141] Bluetooth: hci3: command tx timeout
[  107.855942][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[  107.895307][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[  107.920370][ T1324] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.927583][ T1324] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.984558][ T1324] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.991819][ T1324] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.011865][ T1324] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.019189][ T1324] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.037637][ T1324] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.045026][ T1324] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.236230][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.333378][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.390896][ T5842] veth0_vlan: entered promiscuous mode
[  108.442528][ T5842] veth1_vlan: entered promiscuous mode
[  108.571414][ T5836] veth0_vlan: entered promiscuous mode
[  108.577793][ T5842] veth0_macvtap: entered promiscuous mode
[  108.636197][ T5842] veth1_macvtap: entered promiscuous mode
[  108.656928][ T5836] veth1_vlan: entered promiscuous mode
[  108.735805][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.773970][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.811204][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.825547][ T5842] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.835109][ T5842] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.844305][ T5842] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.853404][ T5842] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.871874][ T5836] veth0_macvtap: entered promiscuous mode
[  108.892546][ T5836] veth1_macvtap: entered promiscuous mode
[  108.955030][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[  109.016401][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.024370][ T5833] veth0_vlan: entered promiscuous mode
[  109.059737][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.098563][ T5833] veth1_vlan: entered promiscuous mode
[  109.111878][ T5836] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.122038][ T5836] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.132005][ T5836] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.140877][ T5836] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.164918][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.185155][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.262526][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.271863][ T5840] veth0_vlan: entered promiscuous mode
[  109.280918][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.327775][ T5833] veth0_macvtap: entered promiscuous mode
[  109.366704][ T5833] veth1_macvtap: entered promiscuous mode
[  109.405673][ T5840] veth1_vlan: entered promiscuous mode
[  109.442624][ T5842] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  109.457297][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.477111][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.507765][ T5833] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.531346][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.539482][ T5833] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.548936][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.560386][ T5833] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.571676][ T5833] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.690372][ T5840] veth0_macvtap: entered promiscuous mode
[  109.698994][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.706863][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.734089][ T5840] veth1_macvtap: entered promiscuous mode
[  109.749265][ T5141] Bluetooth: hci0: command tx timeout
[  109.828262][ T5141] Bluetooth: hci1: command tx timeout
[  109.851568][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.877693][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  109.908205][ T5141] Bluetooth: hci2: command tx timeout
[  109.918659][ T5141] Bluetooth: hci3: command tx timeout
[  109.957059][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.995569][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.018908][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.030057][ T5840] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  110.045656][ T5840] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  110.055294][ T5840] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  110.064692][ T5840] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  110.142485][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.158863][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.161944][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.230165][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.402779][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.448196][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.538579][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.607340][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.738488][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.747546][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.758336][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.788620][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.819593][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.879634][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.928520][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  111.829196][ T5141] Bluetooth: hci0: command tx timeout
[  111.918088][ T5141] Bluetooth: hci1: command tx timeout
[  111.989318][ T5141] Bluetooth: hci3: command tx timeout
[  111.989327][   T55] Bluetooth: hci2: command tx timeout
[  112.248802][ T5917] FAULT_INJECTION: forcing a failure.
[  112.248802][ T5917] name failslab, interval 1, probability 0, space 0, times 1
[  112.289752][ T5917] CPU: 0 UID: 0 PID: 5917 Comm: syz.2.7 Not tainted 6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  112.289801][ T5917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  112.289825][ T5917] Call Trace:
[  112.289836][ T5917]  <TASK>
[  112.289853][ T5917]  dump_stack_lvl+0x16c/0x1f0
[  112.289915][ T5917]  should_fail_ex+0x512/0x640
[  112.289965][ T5917]  ? __kmalloc_node_noprof+0xc5/0x500
[  112.290012][ T5917]  should_failslab+0xc2/0x120
[  112.290056][ T5917]  __kmalloc_node_noprof+0xd8/0x500
[  112.290098][ T5917]  ? __vmalloc_node_range_noprof+0x3eb/0x1540
[  112.290161][ T5917]  __vmalloc_node_range_noprof+0x3eb/0x1540
[  112.290242][ T5917]  ? n_tty_open+0x1a/0x170
[  112.290298][ T5917]  ? __ldsem_down_write_nested+0x10e/0x850
[  112.290353][ T5917]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  112.290423][ T5917]  ? n_tty_open+0x1a/0x170
[  112.290475][ T5917]  vzalloc_noprof+0x6b/0x90
[  112.290506][ T5917]  ? n_tty_open+0x1a/0x170
[  112.290553][ T5917]  ? __pfx_n_tty_open+0x10/0x10
[  112.290599][ T5917]  n_tty_open+0x1a/0x170
[  112.290647][ T5917]  ? __pfx_n_tty_open+0x10/0x10
[  112.290695][ T5917]  tty_ldisc_open+0x9c/0x120
[  112.290733][ T5917]  tty_ldisc_setup+0x40/0x100
[  112.290773][ T5917]  tty_init_dev.part.0+0x1ec/0x500
[  112.290824][ T5917]  tty_open+0xa50/0xf90
[  112.290879][ T5917]  ? __pfx_tty_open+0x10/0x10
[  112.290925][ T5917]  ? chrdev_open+0x10b/0x6a0
[  112.290968][ T5917]  ? __pfx_tty_open+0x10/0x10
[  112.291015][ T5917]  chrdev_open+0x234/0x6a0
[  112.291052][ T5917]  ? __pfx_apparmor_file_open+0x10/0x10
[  112.291099][ T5917]  ? __pfx_chrdev_open+0x10/0x10
[  112.291156][ T5917]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  112.291220][ T5917]  do_dentry_open+0x741/0x1c10
[  112.291262][ T5917]  ? __pfx_chrdev_open+0x10/0x10
[  112.291310][ T5917]  vfs_open+0x82/0x3f0
[  112.291362][ T5917]  path_openat+0x1e5e/0x2d40
[  112.291414][ T5917]  ? __pfx_path_openat+0x10/0x10
[  112.291462][ T5917]  do_filp_open+0x20b/0x470
[  112.291497][ T5917]  ? __pfx_do_filp_open+0x10/0x10
[  112.291566][ T5917]  ? alloc_fd+0x471/0x7d0
[  112.291634][ T5917]  do_sys_openat2+0x11b/0x1d0
[  112.291681][ T5917]  ? __pfx_do_sys_openat2+0x10/0x10
[  112.291726][ T5917]  ? fdget+0x187/0x210
[  112.291756][ T5917]  ? __sys_connect+0xf1/0x170
[  112.291805][ T5917]  __x64_sys_openat+0x174/0x210
[  112.291852][ T5917]  ? __pfx___x64_sys_openat+0x10/0x10
[  112.291903][ T5917]  ? rcu_is_watching+0x12/0xc0
[  112.291949][ T5917]  do_syscall_64+0xcd/0x230
[  112.292006][ T5917]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.292041][ T5917] RIP: 0033:0x7fecfa98e969
[  112.292067][ T5917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  112.292099][ T5917] RSP: 002b:00007fecfb794038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  112.292130][ T5917] RAX: ffffffffffffffda RBX: 00007fecfabb5fa0 RCX: 00007fecfa98e969
[  112.292152][ T5917] RDX: 0000000000101e81 RSI: 0000200000000400 RDI: ffffffffffffff9c
[  112.292173][ T5917] RBP: 00007fecfaa10ab1 R08: 0000000000000000 R09: 0000000000000000
[  112.292194][ T5917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  112.292213][ T5917] R13: 0000000000000000 R14: 00007fecfabb5fa0 R15: 00007ffcc04e61a8
[  112.292265][ T5917]  </TASK>
[  112.292440][ T5917] syz.2.7: vmalloc error: size 12288, failed to allocated page array size 24, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null)
[  112.321248][ T5914] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4'.
[  112.661209][ T5917] ,cpuset=/,mems_allowed=0-1
[  112.669133][ T5917] CPU: 1 UID: 0 PID: 5917 Comm: syz.2.7 Not tainted 6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  112.669177][ T5917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  112.669196][ T5917] Call Trace:
[  112.669207][ T5917]  <TASK>
[  112.669220][ T5917]  dump_stack_lvl+0x16c/0x1f0
[  112.669275][ T5917]  warn_alloc+0x248/0x3a0
[  112.669318][ T5917]  ? __pfx_warn_alloc+0x10/0x10
[  112.669354][ T5917]  ? dump_stack_lvl+0x185/0x1f0
[  112.669417][ T5917]  ? rcu_is_watching+0x12/0xc0
[  112.669452][ T5917]  ? __kmalloc_node_noprof+0x23b/0x500
[  112.669504][ T5917]  __vmalloc_node_range_noprof+0x1110/0x1540
[  112.669577][ T5917]  ? n_tty_open+0x1a/0x170
[  112.669632][ T5917]  ? __ldsem_down_write_nested+0x10e/0x850
[  112.669685][ T5917]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  112.669754][ T5917]  ? n_tty_open+0x1a/0x170
[  112.669803][ T5917]  vzalloc_noprof+0x6b/0x90
[  112.669834][ T5917]  ? n_tty_open+0x1a/0x170
[  112.669891][ T5917]  ? __pfx_n_tty_open+0x10/0x10
[  112.669937][ T5917]  n_tty_open+0x1a/0x170
[  112.669985][ T5917]  ? __pfx_n_tty_open+0x10/0x10
[  112.670035][ T5917]  tty_ldisc_open+0x9c/0x120
[  112.670073][ T5917]  tty_ldisc_setup+0x40/0x100
[  112.670114][ T5917]  tty_init_dev.part.0+0x1ec/0x500
[  112.670167][ T5917]  tty_open+0xa50/0xf90
[  112.670223][ T5917]  ? __pfx_tty_open+0x10/0x10
[  112.670269][ T5917]  ? chrdev_open+0x10b/0x6a0
[  112.670314][ T5917]  ? __pfx_tty_open+0x10/0x10
[  112.670359][ T5917]  chrdev_open+0x234/0x6a0
[  112.670395][ T5917]  ? __pfx_apparmor_file_open+0x10/0x10
[  112.670442][ T5917]  ? __pfx_chrdev_open+0x10/0x10
[  112.670484][ T5917]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  112.670545][ T5917]  do_dentry_open+0x741/0x1c10
[  112.670582][ T5917]  ? __pfx_chrdev_open+0x10/0x10
[  112.670629][ T5917]  vfs_open+0x82/0x3f0
[  112.670680][ T5917]  path_openat+0x1e5e/0x2d40
[  112.670732][ T5917]  ? __pfx_path_openat+0x10/0x10
[  112.670780][ T5917]  do_filp_open+0x20b/0x470
[  112.670815][ T5917]  ? __pfx_do_filp_open+0x10/0x10
[  112.670891][ T5917]  ? alloc_fd+0x471/0x7d0
[  112.670957][ T5917]  do_sys_openat2+0x11b/0x1d0
[  112.671004][ T5917]  ? __pfx_do_sys_openat2+0x10/0x10
[  112.671049][ T5917]  ? fdget+0x187/0x210
[  112.671079][ T5917]  ? __sys_connect+0xf1/0x170
[  112.671128][ T5917]  __x64_sys_openat+0x174/0x210
[  112.671175][ T5917]  ? __pfx___x64_sys_openat+0x10/0x10
[  112.671226][ T5917]  ? rcu_is_watching+0x12/0xc0
[  112.671272][ T5917]  do_syscall_64+0xcd/0x230
[  112.671328][ T5917]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.671363][ T5917] RIP: 0033:0x7fecfa98e969
[  112.671389][ T5917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  112.671420][ T5917] RSP: 002b:00007fecfb794038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  112.671452][ T5917] RAX: ffffffffffffffda RBX: 00007fecfabb5fa0 RCX: 00007fecfa98e969
[  112.671474][ T5917] RDX: 0000000000101e81 RSI: 0000200000000400 RDI: ffffffffffffff9c
[  112.671495][ T5917] RBP: 00007fecfaa10ab1 R08: 0000000000000000 R09: 0000000000000000
[  112.671515][ T5917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  112.671535][ T5917] R13: 0000000000000000 R14: 00007fecfabb5fa0 R15: 00007ffcc04e61a8
[  112.671580][ T5917]  </TASK>
[  112.671593][ T5917] Mem-Info:
[  113.031916][ T5917] active_anon:9623 inactive_anon:0 isolated_anon:13
[  113.031916][ T5917]  active_file:1100 inactive_file:39819 isolated_file:0
[  113.031916][ T5917]  unevictable:768 dirty:1547 writeback:175
[  113.031916][ T5917]  slab_reclaimable:9855 slab_unreclaimable:94000
[  113.031916][ T5917]  mapped:28915 shmem:4800 pagetables:795
[  113.031916][ T5917]  sec_pagetables:0 bounce:0
[  113.031916][ T5917]  kernel_misc_reclaimable:0
[  113.031916][ T5917]  free:1360056 free_pcp:841 free_cma:0
[  113.171194][ T5917] Node 0 active_anon:39556kB inactive_anon:0kB active_file:4468kB inactive_file:159076kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:116428kB dirty:5160kB writeback:156kB shmem:18740kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10736kB pagetables:3268kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  113.399204][ T5917] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:16kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  113.432337][ T5917] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  113.467239][ T5917] lowmem_reserve[]: 0 2484 2486 2486 2486
[  113.480272][ T5917] Node 0 DMA32 free:1508164kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:37308kB inactive_anon:0kB active_file:4668kB inactive_file:157244kB unevictable:1536kB writepending:5008kB present:3129332kB managed:2544136kB mlocked:0kB bounce:0kB free_pcp:12188kB local_pcp:10288kB free_cma:0kB
[  113.563606][ T5917] lowmem_reserve[]: 0 0 1 1 1
[  113.568453][ T5917] Node 0 Normal free:4kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1832kB unevictable:0kB writepending:8kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[  113.700491][ T5917] lowmem_reserve[]: 0 0 0 0 0
[  113.710128][ T5917] Node 1 Normal free:3908312kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:16kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:404kB local_pcp:404kB free_cma:0kB
[  113.819227][ T5917] lowmem_reserve[]: 0 0 0 0 0
[  113.847658][ T5917] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  113.905834][ T5917] Node 0 DMA32: 171*4kB (UE) 249*8kB (UM) 18*16kB (UME) 12*32kB (UME) 2*64kB (E) 5*128kB (UME) 2*256kB (UE) 2*512kB (E) 2*1024kB (UE) 3*2048kB (UME) 366*4096kB (M) = 1512980kB
[  113.974092][ T5917] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB
[  113.997397][ T5917] Node 1 Normal: 122*4kB (UME) 44*8kB (UME) 45*16kB (UME) 203*32kB (UME) 91*64kB (UME) 34*128kB (UME) 12*256kB (UME) 10*512kB (UME) 3*1024kB (UM) 4*2048kB (UE) 945*4096kB (M) = 3908408kB
[  114.052718][ T5917] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  114.103844][ T5917] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  114.143809][ T5917] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  114.174135][ T5917] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  114.226613][ T5917] 48478 total pagecache pages
[  114.241744][ T5917] 0 pages in swap cache
[  114.261925][ T5917] Free swap  = 124996kB
[  114.296731][ T5917] Total swap = 124996kB
[  114.301050][ T5917] 2097051 pages RAM
[  114.304887][ T5917] 0 pages HighMem/MovableOnly
[  114.360707][ T5917] 428911 pages reserved
[  114.388919][ T5917] 0 pages cma reserved
[  114.415305][ T5917] ttyS ttyS2: ldisc open failed (-12), clearing slot 2
[  115.163042][ T5935] 
[  115.165430][ T5935] ======================================================
[  115.172485][ T5935] WARNING: possible circular locking dependency detected
[  115.179538][ T5935] 6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 Not tainted
[  115.186686][ T5935] ------------------------------------------------------
[  115.193744][ T5935] syz.2.10/5935 is trying to acquire lock:
[  115.199604][ T5935] ffff888025ec5d98 (&q->elevator_lock){+.+.}-{4:4}, at: elv_iosched_store+0x201/0x5f0
[  115.209269][ T5935] 
[  115.209269][ T5935] but task is already holding lock:
[  115.216678][ T5935] ffff888025ec5868 (&q->q_usage_counter(io)#55){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  115.228014][ T5935] 
[  115.228014][ T5935] which lock already depends on the new lock.
[  115.228014][ T5935] 
[  115.238460][ T5935] 
[  115.238460][ T5935] the existing dependency chain (in reverse order) is:
[  115.247551][ T5935] 
[  115.247551][ T5935] -> #2 (&q->q_usage_counter(io)#55){++++}-{0:0}:
[  115.256246][ T5935]        blk_alloc_queue+0x619/0x760
[  115.261618][ T5935]        blk_mq_alloc_queue+0x179/0x290
[  115.267237][ T5935]        __blk_mq_alloc_disk+0x29/0x120
[  115.272968][ T5935]        nbd_dev_add+0x49d/0xbb0
[  115.277967][ T5935]        nbd_init+0x181/0x320
[  115.282719][ T5935]        do_one_initcall+0x120/0x6e0
[  115.288072][ T5935]        kernel_init_freeable+0x5c2/0x900
[  115.293863][ T5935]        kernel_init+0x1c/0x2b0
[  115.298770][ T5935]        ret_from_fork+0x48/0x80
[  115.303759][ T5935]        ret_from_fork_asm+0x1a/0x30
[  115.309107][ T5935] 
[  115.309107][ T5935] -> #1 (fs_reclaim){+.+.}-{0:0}:
[  115.316369][ T5935]        fs_reclaim_acquire+0x102/0x150
[  115.322071][ T5935]        kmem_cache_alloc_noprof+0x53/0x3b0
[  115.328017][ T5935]        __kernfs_new_node+0xd2/0x8a0
[  115.333438][ T5935]        kernfs_new_node+0x13c/0x1e0
[  115.338755][ T5935]        kernfs_create_dir_ns+0x4c/0x1a0
[  115.344434][ T5935]        sysfs_create_dir_ns+0x13a/0x2b0
[  115.350124][ T5935]        kobject_add_internal+0x2c4/0x9b0
[  115.355886][ T5935]        kobject_add+0x16e/0x240
[  115.360861][ T5935]        elv_register_queue+0xd3/0x2a0
[  115.366360][ T5935]        blk_register_queue+0x3c4/0x560
[  115.371931][ T5935]        add_disk_fwnode+0x911/0x13a0
[  115.377338][ T5935]        nbd_dev_add+0x78e/0xbb0
[  115.382302][ T5935]        nbd_init+0x181/0x320
[  115.387014][ T5935]        do_one_initcall+0x120/0x6e0
[  115.392339][ T5935]        kernel_init_freeable+0x5c2/0x900
[  115.398101][ T5935]        kernel_init+0x1c/0x2b0
[  115.402978][ T5935]        ret_from_fork+0x48/0x80
[  115.407937][ T5935]        ret_from_fork_asm+0x1a/0x30
[  115.413280][ T5935] 
[  115.413280][ T5935] -> #0 (&q->elevator_lock){+.+.}-{4:4}:
[  115.421138][ T5935]        __lock_acquire+0x1173/0x1ba0
[  115.426542][ T5935]        lock_acquire+0x179/0x350
[  115.431596][ T5935]        __mutex_lock+0x199/0xb90
[  115.436663][ T5935]        elv_iosched_store+0x201/0x5f0
[  115.442161][ T5935]        queue_attr_store+0x273/0x310
[  115.447554][ T5935]        sysfs_kf_write+0xef/0x150
[  115.452733][ T5935]        kernfs_fop_write_iter+0x351/0x510
[  115.458571][ T5935]        iter_file_splice_write+0x91f/0x1150
[  115.464590][ T5935]        direct_splice_actor+0x18f/0x6c0
[  115.470260][ T5935]        splice_direct_to_actor+0x342/0xa30
[  115.476190][ T5935]        do_splice_direct+0x174/0x240
[  115.481598][ T5935]        do_sendfile+0xafd/0xe50
[  115.486588][ T5935]        __x64_sys_sendfile64+0x1d8/0x220
[  115.492431][ T5935]        do_syscall_64+0xcd/0x230
[  115.497500][ T5935]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.503944][ T5935] 
[  115.503944][ T5935] other info that might help us debug this:
[  115.503944][ T5935] 
[  115.514200][ T5935] Chain exists of:
[  115.514200][ T5935]   &q->elevator_lock --> fs_reclaim --> &q->q_usage_counter(io)#55
[  115.514200][ T5935] 
[  115.528078][ T5935]  Possible unsafe locking scenario:
[  115.528078][ T5935] 
[  115.535537][ T5935]        CPU0                    CPU1
[  115.540926][ T5935]        ----                    ----
[  115.546298][ T5935]   lock(&q->q_usage_counter(io)#55);
[  115.551700][ T5935]                                lock(fs_reclaim);
[  115.558226][ T5935]                                lock(&q->q_usage_counter(io)#55);
[  115.566149][ T5935]   lock(&q->elevator_lock);
[  115.570767][ T5935] 
[  115.570767][ T5935]  *** DEADLOCK ***
[  115.570767][ T5935] 
[  115.578921][ T5935] 5 locks held by syz.2.10/5935:
[  115.583874][ T5935]  #0: ffff8880356a0420 (sb_writers#7){.+.+}-{0:0}, at: splice_direct_to_actor+0x342/0xa30
[  115.593966][ T5935]  #1: ffff888030eb1088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  115.603784][ T5935]  #2: ffff88801f7030f8 (kn->active#62){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  115.613875][ T5935]  #3: ffff888025ec5868 (&q->q_usage_counter(io)#55){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  115.625610][ T5935]  #4: ffff888025ec58a0 (&q->q_usage_counter(queue)#7){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  115.637610][ T5935] 
[  115.637610][ T5935] stack backtrace:
[  115.643554][ T5935] CPU: 1 UID: 0 PID: 5935 Comm: syz.2.10 Not tainted 6.15.0-rc7-syzkaller-00144-gb1427432d3b6 #0 PREEMPT(full) 
[  115.643588][ T5935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  115.643603][ T5935] Call Trace:
[  115.643612][ T5935]  <TASK>
[  115.643623][ T5935]  dump_stack_lvl+0x116/0x1f0
[  115.643665][ T5935]  print_circular_bug+0x275/0x350
[  115.643706][ T5935]  check_noncircular+0x14c/0x170
[  115.643745][ T5935]  __lock_acquire+0x1173/0x1ba0
[  115.643787][ T5935]  lock_acquire+0x179/0x350
[  115.643821][ T5935]  ? elv_iosched_store+0x201/0x5f0
[  115.643858][ T5935]  ? __pfx___might_resched+0x10/0x10
[  115.643889][ T5935]  ? do_raw_spin_lock+0x12c/0x2b0
[  115.643932][ T5935]  __mutex_lock+0x199/0xb90
[  115.643974][ T5935]  ? elv_iosched_store+0x201/0x5f0
[  115.644010][ T5935]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  115.644047][ T5935]  ? elv_iosched_store+0x201/0x5f0
[  115.644082][ T5935]  ? lockdep_hardirqs_on+0x7c/0x110
[  115.644121][ T5935]  ? __pfx___mutex_lock+0x10/0x10
[  115.644166][ T5935]  ? __pfx_autoremove_wake_function+0x10/0x10
[  115.644204][ T5935]  ? elv_iosched_store+0x201/0x5f0
[  115.644238][ T5935]  elv_iosched_store+0x201/0x5f0
[  115.644274][ T5935]  ? __x64_sys_sendfile64+0x1d8/0x220
[  115.644307][ T5935]  ? __pfx_elv_iosched_store+0x10/0x10
[  115.644344][ T5935]  ? __mutex_trylock_common+0xe9/0x250
[  115.644382][ T5935]  ? __pfx_elv_iosched_store+0x10/0x10
[  115.644418][ T5935]  queue_attr_store+0x273/0x310
[  115.644445][ T5935]  ? __pfx_queue_attr_store+0x10/0x10
[  115.644478][ T5935]  ? find_held_lock+0x2b/0x80
[  115.644503][ T5935]  ? sysfs_file_kobj+0xe4/0x290
[  115.644544][ T5935]  ? __pfx_queue_attr_store+0x10/0x10
[  115.644568][ T5935]  sysfs_kf_write+0xef/0x150
[  115.644608][ T5935]  kernfs_fop_write_iter+0x351/0x510
[  115.644643][ T5935]  ? __pfx_sysfs_kf_write+0x10/0x10
[  115.644684][ T5935]  iter_file_splice_write+0x91f/0x1150
[  115.644745][ T5935]  ? __pfx_iter_file_splice_write+0x10/0x10
[  115.644791][ T5935]  ? __pfx_copy_splice_read+0x10/0x10
[  115.644840][ T5935]  ? __pfx_iter_file_splice_write+0x10/0x10
[  115.644884][ T5935]  direct_splice_actor+0x18f/0x6c0
[  115.644927][ T5935]  splice_direct_to_actor+0x342/0xa30
[  115.644970][ T5935]  ? __pfx_direct_splice_actor+0x10/0x10
[  115.645015][ T5935]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  115.645061][ T5935]  do_splice_direct+0x174/0x240
[  115.645102][ T5935]  ? __pfx_do_splice_direct+0x10/0x10
[  115.645143][ T5935]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  115.645186][ T5935]  ? rw_verify_area+0xcf/0x680
[  115.645229][ T5935]  do_sendfile+0xafd/0xe50
[  115.645255][ T5935]  ? __pfx_do_sendfile+0x10/0x10
[  115.645281][ T5935]  ? __x64_sys_futex+0x1e0/0x4c0
[  115.645311][ T5935]  ? __x64_sys_futex+0x1e9/0x4c0
[  115.645342][ T5935]  __x64_sys_sendfile64+0x1d8/0x220
[  115.645375][ T5935]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  115.645407][ T5935]  ? rcu_is_watching+0x12/0xc0
[  115.645437][ T5935]  do_syscall_64+0xcd/0x230
[  115.645480][ T5935]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.645507][ T5935] RIP: 0033:0x7fecfa98e969
[  115.645529][ T5935] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  115.645554][ T5935] RSP: 002b:00007fecfb794038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  115.645579][ T5935] RAX: ffffffffffffffda RBX: 00007fecfabb5fa0 RCX: 00007fecfa98e969
[  115.645596][ T5935] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005
[  115.645612][ T5935] RBP: 00007fecfaa10ab1 R08: 0000000000000000 R09: 0000000000000000
[  115.645628][ T5935] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[  115.645643][ T5935] R13: 0000000000000000 R14: 00007fecfabb5fa0 R15: 00007ffcc04e61a8
[  115.645668][ T5935]  </TASK>