last executing test programs:

434.938962ms ago: executing program 2 (id=3):
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb2361000000010902"], 0x0)
ioctl$SNDRV_PCM_IOCTL_REWIND(r2, 0x40084146, &(0x7f00000003c0)=0x2)

248.039025ms ago: executing program 3 (id=4):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
sendto$inet6(r0, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000540)=ANY=[], 0xed)

79.330048ms ago: executing program 1 (id=2):
r0 = memfd_create(&(0x7f0000000b40)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84\xcdN\xf7\xf6\b~\xed_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xadNaC\xa6\xf9\xa7>c\x84\xd8\xfa\xf1\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8g8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZH\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\xea\x82\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\x0f\x8eS\xaeX\x93\x7f\xd3\xb9a\xe4\xe0\xbd\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x84\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1#\xe7N\x89\xf8\xe8+\xa1\x82\x13\xb2\xa9\xef\xa5\xf8\x8b \x00\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)2\xe2\xd6\x81\x00b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|&k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc2Ru2Ht\re\xa1\xf6\xbd\xaa\xb0\x83}i\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf\xa4O\xb4\xed\xc8\xccH\xd1=\x81\x00\x00\x00\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xd6\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\x86C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17U\xf0\x16K\xf9&@\xb1[\xe2j$F1n@\xde\n%t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5#\x7f\xa8\x1f\x14\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebk\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x850\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96\x87\xc0e\xab\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!\xec\xf7$\xc2\xbaU \x98\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\"k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xec\x01\'\t\x89(\xf9\x98B\xaf\xde*\x91\xd5k\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\xdfC\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84\x0e\xa7U\xc7}\xea.U`\x1b*\xcep\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xc9\xcfw\xf3\x02\x1b\xde\xc3\x86\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x13\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcdQ\xdf\x83\xbdjp,\xe8\xbb\xe6\xc6Db\xb8\xd6\xcd\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd4k7L\x8a\xa3Z\xf9%{\xfax\x9a\x04\'/\x90\xe6\xe2\xe9\xf1@o\x0ez\xb8\xce\xbeF\x0fkE\xf4ry\x92n\xff\xcb\xf8e\xf3j\xc5[wK\x91\xdb\xf7-r\xd3\x1bx\x9b$\x91\x03q~@\xd8R\x11\x05|\x8f\xb4\xc9\x16\x87C\xab\x96\xc4\xef\xea\xb9\r\xf5\xf3\xbe\x8a\t\xc7\x88\xc0sL;.\xcf\x1d\xc4^\xb0l\xbb\x97\xc5\xf6n\xca\x18M\xb8\x81\xff\xa9~\xf7\xa3\xa6\xd3\x15I\xecXG\x89\xa8\b\x8b\xcc\xe8\x88\xa07Z\x03\xff14\x87I\xc7\\vK<m2\x16\x03\xcd\xc1\xa8.\x7f\x16qlk\xf1\xf1y\x8c\xde\xd6|\xa1(\xf4\x12O\xca3\xf8%1\x8d\xd7\a\xfeJ\xe6\x8bc\xb3\x1bKC.\xafB\x8d\xdd\xf9\x1e\x9d\xa7\x13\x00\x14\xc7\xa1\xf3\x1e\xcb\x19\x13z`\xac\xf3\xd1x\x1b#}\xfaYR\xc5#Zoag@\x18\xfa*\xb4\xc4\x04\x03V\x87\xc5\xe7\xb5\x9bJ\x85-\x7f\xfe\xc0\xb7g\xe8\'`\x96q\x88[\xf8\xe8L\x12\x85\xf5t\x99\x0e}\xd3H\xed\xda\xf3>\xd8\x12\x8cXc5%\x03\x8d`\xdayC\x9b\x9a\xd9c\xe9\xb4\v\x99\x87\xe4\x00\x8a\x8eS\x8e\f\x05ZH\xa2\x0e\xbc\x9c\x95\b2Cf6\x9a\xe7\xb9\x86\xbe\xd0\xda\x91\xc1sl\x11PA\x93\xa5\x93\xc8\xf1w\x7fp6z\xbf\xe8[\'u\xb8\xd2$K\x12\rt\x87\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00r\xe2`\xdf\xd2\xb3\xaf\xe9\xc4!Z\xb4&\xa2\x12\xe2i\x91kC$A\xafR\xb3\xff\x1d=Z\x0e\xde\x99\xec\x10\xb4+\x13\'\x92>\x14\x00\a\xb6R\x8b\xdcz\xc3\xd1Y\xd6\xd9;s \xb0\x938\xb7D9\xdcN\xbd\xdbn\xe35\xa7\x02\x9c\xc1\xd9\x13?\xc9\xd7\xab\x9c\xf3\x82\xd1\xee^kk\xce\xdbn\x02\x1f\x80\t\xdbr\xa9\xcc\xf1\xcb\x9f@\x8c\xfc\x02W/p\x97\xb0\xbd\x8f\xdb|n2a\xee\x95u\x83\xca\x8a>}\xd3\xd0\xff6.pa\x17\xe3e\xd2\x7f\xf6\xbc\x9d\x112\x1b\x14<B\x91\xc0{{\x9d@\xb3a\xad\x14\xe9\xcc|\xd7\xa1\xc6\xb9F\x04\xce]\xb9Y\xbd\xbd\f\xa4F;q\xec\x83\x9bM\x93\xa4\x9c\xdd\x93\xa0\x82E\x02d\xd4RAI\xd9O\x17\xa6P#\xa35\a\xf6\xbb\t>p\xa1\xd6u\xefn\xb4\xa3\x05D\x8c\xc5l\xcc\b\xeb\xf42\xe9\xf15\xf3\xf2\xee\xd6\xed\t\xb3\xf7\x1a\x7f\xe6\xb4z\x19\xe1\xb4w\xf7\xa6\xd7\\\xfa\x96\xe2\xf9\xb1\x81\xba\xdfg\xadI\x1c\xde*_\xd5\xdf\xeeA\xcd \x91\xc9\xd4\xd1\xcd*.t\x80]\xd5~\xfb\xfb>\x9d\x91Kq]N\x87\x0f\x04L\xd4(\xf2G \xfdr~:\xc4\xc3\xfe\x14G\xadG~^l\xe0:(Y`\x0e\x90\xfa\x1c\xb6\f6\x92B\x92\xd3\xa9BG\xd2*AB\x1e\x01\xf0m+\x02\x87\x81aj;\xb6y.g\xeb\xc4\x0f\xd3\x85\xa5\x00\xa1\xa6iP\x0f\x02\x14\x90q\x94\xab\xb3\x0f\x01=\x06\x98\xa8\x87\xd9=\xce\xbef<\x1d\v\xba[\xd8]\x9e\xf30\xb8\xf1\b\x06M\x18w\xdc\x0e\x98?\x04G\xf9\x99\xab\xc1\xc0z\xe9Fu\x03\x9aj\xc0]\xb47\xd5\xb8]\x98y@\x8c\x8fM\x8c],\x1b\x03\xaa\'gv\xeb\xbf\xa8d\"\x94e3Q\xfci\xdf\xad\x819\xd1\xf3\xaa\xc8i\xf2\x8a\xc4CU3\x87Ns\x9f\x9f\xcd\x05\x06g\x9aRBg\x98\x10Ch\x1c\x96\xd3\xce', 0x7)
read(r0, &(0x7f0000000000)=""/269, 0xfffffdef)

0s ago: executing program 3 (id=5):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, &(0x7f0000000140), &(0x7f00000001c0)=0x30)
lseek(0xffffffffffffffff, 0x5, 0x4)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bond0\x00'})
r2 = openat$binfmt_format(0xffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
write$binfmt_format(r2, &(0x7f0000000100)='-1\x00', 0x2)
close_range(r2, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

no interfaces have a carrier
[   45.965044][ T5499] 8021q: adding VLAN 0 to HW filter on device bond0
[   45.997424][ T5499] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting crond: OK
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.183' (ED25519) to the list of known hosts.
syzkaller login: [   64.752586][ T5821] cgroup: Unknown subsys name 'net'
[   64.878813][ T5821] cgroup: Unknown subsys name 'cpuset'
[   64.887982][ T5821] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   66.282187][ T5821] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   68.643391][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   68.651220][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   68.659368][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   68.667984][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   68.676283][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   68.684113][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   68.700643][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   68.722197][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   68.729507][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   68.732418][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   68.737510][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   68.751213][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   68.752976][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   68.767497][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   68.776364][ T5844] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   68.776788][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   68.783603][ T5838] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   68.800231][ T5838] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   68.809211][ T5844] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   68.817901][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   69.205032][ T5836] chnl_net:caif_netlink_parms(): no params data found
[   69.414462][ T5840] chnl_net:caif_netlink_parms(): no params data found
[   69.425462][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.433054][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.440775][ T5836] bridge_slave_0: entered allmulticast mode
[   69.448064][ T5836] bridge_slave_0: entered promiscuous mode
[   69.498280][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.505622][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.512786][ T5836] bridge_slave_1: entered allmulticast mode
[   69.520979][ T5836] bridge_slave_1: entered promiscuous mode
[   69.579280][ T5830] chnl_net:caif_netlink_parms(): no params data found
[   69.614089][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   69.638855][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   69.659644][ T5831] chnl_net:caif_netlink_parms(): no params data found
[   69.734817][ T5836] team0: Port device team_slave_0 added
[   69.754618][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.761804][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.769104][ T5840] bridge_slave_0: entered allmulticast mode
[   69.776486][ T5840] bridge_slave_0: entered promiscuous mode
[   69.785105][ T5836] team0: Port device team_slave_1 added
[   69.807584][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.814743][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.822222][ T5840] bridge_slave_1: entered allmulticast mode
[   69.829876][ T5840] bridge_slave_1: entered promiscuous mode
[   69.898338][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   69.938677][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   69.948710][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0
[   69.955721][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.982421][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   69.998953][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.006362][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.013488][ T5830] bridge_slave_0: entered allmulticast mode
[   70.021075][ T5830] bridge_slave_0: entered promiscuous mode
[   70.039830][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1
[   70.047000][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.073282][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   70.095964][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.103131][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.110772][ T5830] bridge_slave_1: entered allmulticast mode
[   70.117866][ T5830] bridge_slave_1: entered promiscuous mode
[   70.160086][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.167281][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.174553][ T5831] bridge_slave_0: entered allmulticast mode
[   70.181710][ T5831] bridge_slave_0: entered promiscuous mode
[   70.202823][ T5840] team0: Port device team_slave_0 added
[   70.211885][ T5840] team0: Port device team_slave_1 added
[   70.218087][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.225196][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.233399][ T5831] bridge_slave_1: entered allmulticast mode
[   70.240823][ T5831] bridge_slave_1: entered promiscuous mode
[   70.301176][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   70.351676][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   70.363018][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   70.372803][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[   70.380710][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.407798][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   70.420611][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[   70.427752][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.454102][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   70.471559][ T5836] hsr_slave_0: entered promiscuous mode
[   70.478390][ T5836] hsr_slave_1: entered promiscuous mode
[   70.486850][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   70.581174][ T5831] team0: Port device team_slave_0 added
[   70.588771][ T5830] team0: Port device team_slave_0 added
[   70.596722][ T5831] team0: Port device team_slave_1 added
[   70.623124][ T5830] team0: Port device team_slave_1 added
[   70.659049][ T5840] hsr_slave_0: entered promiscuous mode
[   70.665199][ T5840] hsr_slave_1: entered promiscuous mode
[   70.671786][ T5840] debugfs: 'hsr0' already exists in 'hsr'
[   70.677873][ T5840] Cannot create hsr debugfs directory
[   70.727600][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[   70.734554][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.761168][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   70.773618][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[   70.782677][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.809952][ T5842] Bluetooth: hci2: command tx timeout
[   70.815982][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   70.832730][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[   70.839718][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.865966][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   70.886454][ T5842] Bluetooth: hci3: command tx timeout
[   70.895598][ T5844] Bluetooth: hci0: command tx timeout
[   70.901268][ T5842] Bluetooth: hci1: command tx timeout
[   70.919012][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[   70.926724][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.953092][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.015925][ T5831] hsr_slave_0: entered promiscuous mode
[   71.022108][ T5831] hsr_slave_1: entered promiscuous mode
[   71.029089][ T5831] debugfs: 'hsr0' already exists in 'hsr'
[   71.034814][ T5831] Cannot create hsr debugfs directory
[   71.147696][ T5830] hsr_slave_0: entered promiscuous mode
[   71.153886][ T5830] hsr_slave_1: entered promiscuous mode
[   71.161260][ T5830] debugfs: 'hsr0' already exists in 'hsr'
[   71.167028][ T5830] Cannot create hsr debugfs directory
[   71.371420][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[   71.380399][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[   71.408196][ T5836] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   71.455501][ T5836] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   71.487395][ T5836] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   71.513694][ T5836] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   71.557291][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   71.575772][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   71.586154][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   71.608619][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   71.669940][ T5831] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   71.721318][ T5831] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   71.741359][ T5831] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   71.751495][ T5831] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   71.820897][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   71.832176][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   71.856819][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0
[   71.864043][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   71.888143][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   71.937105][ T5836] 8021q: adding VLAN 0 to HW filter on device team0
[   71.959020][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.966287][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.992833][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.999941][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.013389][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.051999][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[   72.072908][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.080081][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.114173][   T71] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.121292][   T71] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.197419][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.244880][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[   72.267153][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.274377][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.307346][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.314482][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.419522][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.483838][ T5831] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   72.513753][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[   72.538677][ T3555] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.545848][ T3555] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.579119][ T1315] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.586358][ T1315] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.680314][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.748071][ T5830] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   72.780752][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.871258][ T5840] veth0_vlan: entered promiscuous mode
[   72.889856][ T5842] Bluetooth: hci2: command tx timeout
[   72.902923][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.924909][ T5840] veth1_vlan: entered promiscuous mode
[   72.960677][ T5836] veth0_vlan: entered promiscuous mode
[   72.967314][ T5842] Bluetooth: hci1: command tx timeout
[   72.972729][ T5842] Bluetooth: hci0: command tx timeout
[   72.979225][ T5844] Bluetooth: hci3: command tx timeout
[   73.031198][ T5836] veth1_vlan: entered promiscuous mode
[   73.071203][ T5831] veth0_vlan: entered promiscuous mode
[   73.087868][ T5840] veth0_macvtap: entered promiscuous mode
[   73.109655][ T5840] veth1_macvtap: entered promiscuous mode
[   73.131995][ T5831] veth1_vlan: entered promiscuous mode
[   73.148587][ T5836] veth0_macvtap: entered promiscuous mode
[   73.171189][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.183935][ T5836] veth1_macvtap: entered promiscuous mode
[   73.195676][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.212179][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.223397][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.238326][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.255048][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[   73.269928][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.299915][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.310765][ T5831] veth0_macvtap: entered promiscuous mode
[   73.333055][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.342746][ T5831] veth1_macvtap: entered promiscuous mode
[   73.369281][   T71] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.379856][   T71] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.411905][   T71] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.421228][   T71] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.463301][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.499150][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.522459][ T3555] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.531149][ T3555] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.561180][ T1315] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.595169][ T5830] veth0_vlan: entered promiscuous mode
[   73.609373][ T1315] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.619767][ T1315] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.640150][ T1315] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.659524][   T71] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.669129][   T71] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.711751][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.713579][ T5830] veth1_vlan: entered promiscuous mode
[   73.736985][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.754782][ T5840] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   73.890421][ T3555] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.900276][   T71] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.913926][ T3555] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.924827][ T5830] veth0_macvtap: entered promiscuous mode
[   73.937946][   T71] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.991097][ T5830] veth1_macvtap: entered promiscuous mode
[   74.000682][ T3555] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.012132][ T3555] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.063055][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0
[   74.101937][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1
[   74.126414][ T1315] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   74.149952][ T1315] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   74.161260][ T5893] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[   74.185856][ T1315] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   74.205743][ T1315] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   74.312264][ T5927] 
[   74.314617][ T5927] ============================================
[   74.315389][ T5830] ieee80211 phy9: Selected rate control algorithm 'minstrel_ht'
[   74.320753][ T5927] WARNING: possible recursive locking detected
[   74.320769][ T5927] 6.16.0-rc4-next-20250702-syzkaller #0 Not tainted
[   74.320780][ T5927] --------------------------------------------
[   74.343962][ T2995] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.347212][ T5927] syz.3.5/5927 is trying to acquire lock:
[   74.347224][ T5927] ffff8880115b5f78 (&sb->s_type->i_mutex_key#17
[   74.357001][ T5830] ieee80211 phy10: Selected rate control algorithm 'minstrel_ht'
[   74.360719][ T5927] ){+.+.}-{4:4}, at: __simple_recursive_removal+0x95/0x510
[   74.381833][ T5927] 
[   74.381833][ T5927] but task is already holding lock:
[   74.389178][ T5927] ffff888023129a70 (&sb->s_type->i_mutex_key#17){+.+.}-{4:4}, at: bm_entry_write+0x289/0x540
[   74.399347][ T5927] 
[   74.399347][ T5927] other info that might help us debug this:
[   74.407386][ T5927]  Possible unsafe locking scenario:
[   74.407386][ T5927] 
[   74.414818][ T5927]        CPU0
[   74.418079][ T5927]        ----
[   74.421341][ T5927]   lock(&sb->s_type->i_mutex_key#17);
[   74.426789][ T5927]   lock(&sb->s_type->i_mutex_key#17);
[   74.432233][ T5927] 
[   74.432233][ T5927]  *** DEADLOCK ***
[   74.432233][ T5927] 
[   74.440356][ T5927]  May be due to missing lock nesting notation
[   74.440356][ T5927] 
[   74.448653][ T5927] 3 locks held by syz.3.5/5927:
[   74.453482][ T5927]  #0: ffff8880282a1278 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x320
[   74.462519][ T5927]  #1: ffff888064c28428 (sb_writers#11){.+.+}-{0:0}, at: vfs_write+0x211/0xa90
[   74.471469][ T5927]  #2: ffff888023129a70 (&sb->s_type->i_mutex_key#17){+.+.}-{4:4}, at: bm_entry_write+0x289/0x540
[   74.482075][ T5927] 
[   74.482075][ T5927] stack backtrace:
[   74.487957][ T5927] CPU: 1 UID: 0 PID: 5927 Comm: syz.3.5 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[   74.487980][ T5927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   74.487995][ T5927] Call Trace:
[   74.488001][ T5927]  <TASK>
[   74.488006][ T5927]  dump_stack_lvl+0x189/0x250
[   74.488024][ T5927]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.488037][ T5927]  ? __pfx__printk+0x10/0x10
[   74.488052][ T5927]  ? print_lock_name+0xde/0x100
[   74.488067][ T5927]  print_deadlock_bug+0x28b/0x2a0
[   74.488081][ T5927]  validate_chain+0x1a3f/0x2140
[   74.488096][ T5927]  ? lockdep_unlock+0x89/0x120
[   74.488115][ T5927]  ? validate_chain+0x897/0x2140
[   74.488130][ T5927]  __lock_acquire+0xab9/0xd20
[   74.488149][ T5927]  ? __simple_recursive_removal+0x95/0x510
[   74.488163][ T5927]  lock_acquire+0x120/0x360
[   74.488180][ T5927]  ? __simple_recursive_removal+0x95/0x510
[   74.488198][ T5927]  down_write+0x96/0x1f0
[   74.488215][ T5927]  ? __simple_recursive_removal+0x95/0x510
[   74.488230][ T5927]  ? __pfx_down_write+0x10/0x10
[   74.488253][ T5927]  __simple_recursive_removal+0x95/0x510
[   74.488270][ T5927]  bm_entry_write+0x4f7/0x540
[   74.488287][ T5927]  ? __pfx_bm_entry_write+0x10/0x10
[   74.488304][ T5927]  ? __pfx_bm_entry_write+0x10/0x10
[   74.488320][ T5927]  vfs_write+0x27e/0xa90
[   74.488337][ T5927]  ? __pfx_vfs_write+0x10/0x10
[   74.488351][ T5927]  ? __fget_files+0x2a/0x420
[   74.488370][ T5927]  ? __fget_files+0x3a0/0x420
[   74.488388][ T5927]  ? __fget_files+0x2a/0x420
[   74.488406][ T5927]  ksys_write+0x145/0x250
[   74.488421][ T5927]  ? __pfx_ksys_write+0x10/0x10
[   74.488436][ T5927]  ? do_syscall_64+0xbe/0x3b0
[   74.488453][ T5927]  do_syscall_64+0xfa/0x3b0
[   74.488468][ T5927]  ? lockdep_hardirqs_on+0x9c/0x150
[   74.488484][ T5927]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.488496][ T5927]  ? clear_bhb_loop+0x60/0xb0
[   74.488513][ T5927]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.488525][ T5927] RIP: 0033:0x7f1f94f8e929
[   74.488542][ T5927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.488553][ T5927] RSP: 002b:00007f1f95d13038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   74.488566][ T5927] RAX: ffffffffffffffda RBX: 00007f1f951b5fa0 RCX: 00007f1f94f8e929
[   74.488575][ T5927] RDX: 0000000000000002 RSI: 0000200000000100 RDI: 0000000000000005
[   74.488583][ T5927] RBP: 00007f1f95010b39 R08: 0000000000000000 R09: 0000000000000000
[   74.488591][ T5927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.488598][ T5927] R13: 0000000000000000 R14: 00007f1f951b5fa0 R15: 00007ffdf5296f18
[   74.488612][ T5927]  </TASK>
[   74.749158][ T2995] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.783115][ T5893] usb 3-1: config 0 has no interfaces?
[   74.788817][ T5893] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   74.808841][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   74.841266][ T3555] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.850311][ T3555] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.869660][ T5893] usb 3-1: config 0 descriptor??
[   74.975523][ T5842] Bluetooth: hci2: command tx timeout
[   75.045635][ T5844] Bluetooth: hci3: command tx timeout
[   75.045650][ T5835] Bluetooth: hci1: command tx timeout
[   75.056494][ T5842] Bluetooth: hci0: command tx timeout
[   75.082456][ T5893] usb 3-1: USB disconnect, device number 2
[   77.045424][ T5844] Bluetooth: hci2: command tx timeout
[   77.125470][ T5844] Bluetooth: hci1: command tx timeout
[   77.125489][ T5842] Bluetooth: hci3: command tx timeout
[   77.125514][ T5842] Bluetooth: hci0: command tx timeout