last executing test programs:

47.283129086s ago: executing program 2 (id=631):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)={0x30, r1, 0x1, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x808}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x40884) (fail_nth: 7)

39.588109763s ago: executing program 2 (id=631):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)={0x30, r1, 0x1, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x808}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x40884) (fail_nth: 7)

30.758640197s ago: executing program 2 (id=631):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)={0x30, r1, 0x1, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x808}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x40884) (fail_nth: 7)

22.218190303s ago: executing program 2 (id=631):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)={0x30, r1, 0x1, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x808}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x40884) (fail_nth: 7)

14.140092963s ago: executing program 2 (id=631):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)={0x30, r1, 0x1, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x808}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x40884) (fail_nth: 7)

6.213129567s ago: executing program 2 (id=631):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)={0x30, r1, 0x1, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x808}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x40884) (fail_nth: 7)

4.138332803s ago: executing program 0 (id=1395):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r1, 0x402, 0x8000003d)
fcntl$setsig(r1, 0xa, 0x21)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x2, 0x0, &(0x7f0000000080)='./bus\x00', r1)
mknodat$loop(r1, &(0x7f0000002600)='./bus\x00', 0x0, 0x0)

4.12180354s ago: executing program 1 (id=1396):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x70, 0x30, 0x1, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x20040800}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
r2 = openat$null(0xffffff9c, &(0x7f0000000000), 0x400, 0x0)
r3 = socket$kcm(0x10, 0x100000000002, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x20, 0x1}, 0x8, 0x10, &(0x7f0000000340), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xad80, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000040)=r2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="39000000140081ae00002c000500015601a8cb6f18b975d1d0b6fda7aac3618575e285af0180000000171300883795c04a2b", 0x32}], 0x1, 0x0, 0x0, 0xc00e}, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001100a7cc5a8100ae541d002007000000", @ANYRES32=r5, @ANYBLOB="00000a00100000801c001a80080002802d03fa0408000200f47b0c"], 0x44}, 0x1, 0x10000000}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000180))
socket(0x1e, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x3}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r6 = gettid()
sched_setscheduler(r6, 0x5, &(0x7f0000000300)=0xfffffff8)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r7 = getpid()
r8 = syz_open_dev$sndctrl(&(0x7f0000000180), 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r8, 0xc0045543, &(0x7f0000000080))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x4)
recvfrom$inet_nvme(0xffffffffffffffff, &(0x7f0000000640)=""/4096, 0x1000, 0x2000, &(0x7f0000000380)=@generic={0x11, "d71d9c1bf36be386b8195be2f96732daece168ab8c4756fcaaaaa57ab4d9fa9c5e136c872457faea878081b25c7ac9863e328325d3608f7b92b91789fb2322981d60e78ecebc51a8a848ac66a135cbf9adb555f5fff1d2552ce4b120288f1c606bebc17e3b75c547a1c41ac89d1be3f0e179d586d665ef8397dfdbdaa865"}, 0x80)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r10, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r7, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

3.328024538s ago: executing program 3 (id=1399):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x90, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x68, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x21}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x30, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0xf}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_BITWISE_DATA={0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xe4}}, 0x0) (fail_nth: 7)

3.181114261s ago: executing program 1 (id=1400):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)={0x98, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x800, 0x1, 0x1, 0x0, {0x5, 0xfb, 0x0, 0xc, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x400, 0xeb96, 0x4}}, @NL80211_ATTR_FREQ_FIXED={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x999}], @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x0, 0x1, 0x7, 0x0, {0xfffffffffffffffd, 0x3d6, 0x0, 0x6, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x300, 0xc23}}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x300, 0x3, 0x1, 0x0, {0x6, 0x330, 0x0, 0x4, 0x0, 0x1, 0x0, 0x1, 0x1}, 0x1, 0x6}}, @NL80211_ATTR_IE={0x4}]}, 0x98}}, 0x0)

3.180803304s ago: executing program 0 (id=1401):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000080)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0xfffffffe, @loopback, 0x40000000}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'veth1_to_hsr\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="3000000010000305000000000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="030000000000000008001d000080000008000a00", @ANYRES32=r2, @ANYBLOB="612e92ee7f20cc28fed920b8e81290a4e4a49109c02c4e7e7ea39f55d3f82acb29ab23b7c7c6eb4d844e1b4aba94f1cd6ce72c33427c19080000009fb0f55ee2fcc98d52e5e794c4da50d6ab18fb9689cde1ccdc044518cf48b3ed3e566475b3f0f5cf89c520a6c3bc22a421cf293eb6d88b484d46b871a27625746c05586a0815271a8453dd9a0e60ff3b89ce892608b11d8fd5691a6215e8edd876e5fc3be5d89cce7447a51a201979a89f49c406ab6eaef34363200abbca77fea62da812eec92494dec632438721d388ee8acfe409dfa660cfcabf7dbae9b9c7164a56fb"], 0x30}}, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="28000000fffff8aacde2fe5dde00000000000000", @ANYRES32=r4, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x28}}, 0x0)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000040)=@gcm_128={{0x303, 0x37}, "475566172f45f011", "bd14060000000000000092f94413582b", "a4774ec6", "15b188e5e74e13ed"}, 0x28)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x0, 0x10100, 0x0, 0x0, 0x0, r7}, &(0x7f0000000180)=<r8=>0x0, 0x0)
syz_io_uring_submit(r8, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
socket$inet6_sctp(0xa, 0x5, 0x84)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r10, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c0000000000ea000000000000020000000000c80000000000"], 0x1c}}, 0x0)
r11 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$UI_SET_EVBIT(r11, 0x40045564, 0x11)
ioctl$UI_SET_LEDBIT(r11, 0x40045569, 0x3)
ioctl$UI_DEV_SETUP(r11, 0x405c5503, &(0x7f0000000100)={{}, 'syz0\x00'})
ioctl$UI_DEV_CREATE(r11, 0x5501)
ioctl$UI_DEV_DESTROY(r11, 0x5502)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e00010069703665727370616e00000020000280040012000500160002000000060018000008000005"], 0x54}}, 0x0)

3.180473376s ago: executing program 1 (id=1402):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xa, [{}, {0x10}, {0x0, 0x9}, {0xd97e}, {}, {}, {0xfffffffc}, {0x400000}], 0x0, 0x4, 0x0, 0x0, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
eventfd(0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r3, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x300, 0x2}, 0x10)
sendmsg$tipc(r4, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x10)

3.152320259s ago: executing program 3 (id=1403):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x23e, &(0x7f0000000380)={0x0, 0x6093, 0x1000, 0xdffffffc}, &(0x7f00000000c0), &(0x7f00000001c0))
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
unshare(0xc000080)
r2 = socket(0xa, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, 0x0, 0x0)
r3 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r3, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @local}, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044850}, 0xf942d3a5c2bc9c4f)
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
r4 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x188)
fcntl$setlease(r4, 0x400, 0x1)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0x541b, &(0x7f0000000040)={<r5=>0xffffffffffffffff})
r6 = openat$apparmor_thread_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$apparmor_exec(r6, &(0x7f0000000080)=ANY=[], 0xb1)
close_range(r5, 0xffffffffffffffff, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="300000000203010200000000000000000000000008000340000000000800010001000500000002000000000000000000"], 0x30}}, 0x0)
socket(0x9, 0x1, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x4, 0x328402)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000001a00010000000000000000008180"], 0x30}}, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
r8 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'})
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000280)={'veth1_to_hsr\x00'})

2.308952845s ago: executing program 1 (id=1404):
socket$inet6(0xa, 0x2, 0x3a)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYRES16], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f00000005c0)=[{0x0, 0x1, 0x4, 0x8}], 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x6, &(0x7f0000000640)=0x1ff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(0xffffffffffffffff, 0x80045530, &(0x7f0000000380)=""/214)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, r0, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000740)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x2d41, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
prctl$PR_GET_TSC(0x43, &(0x7f0000000040))
brk(0x5ede6021)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=ANY=[@ANYBLOB="000000005a00400471bd7000ffdbdf25000000de99d66c4b00"], 0x24}, 0x1, 0x0, 0x0, 0x48801}, 0x40000)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000280), 0x8400, 0x0)
r5 = syz_open_procfs(0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(0x0, r6)
fchdir(r5)
r7 = memfd_create(&(0x7f0000002280)='\xcaB\x89\xed`@>\x89=\x9e', 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r7, 0x0)
ioctl$SOUND_MIXER_READ_STEREODEVS(r4, 0x80044dfb, &(0x7f00000002c0))

2.241291883s ago: executing program 0 (id=1405):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r1)
sendmsg$NLBL_MGMT_C_LISTDEF(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x14, r2, 0x1, 0x70bd29, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) (fail_nth: 6)

2.091158713s ago: executing program 0 (id=1406):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_VOICE(r0, 0x112, 0x10, &(0x7f00000001c0), &(0x7f0000000200)=0x2)
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x24)
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x4, 0xa0, 0x41, [{{0x9, 0x4, 0x0, 0xbf, 0x2, 0x7, 0x1, 0x2, 0x4e, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0xa, 0xa}}}}}]}}]}}, 0x0)

2.089991771s ago: executing program 3 (id=1407):
mknod$loop(0x0, 0x100000000000600d, 0x1) (async)
mknod$loop(0x0, 0x100000000000600d, 0x1)
socket$inet6(0xa, 0x6, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], 0x0, 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0)
getpid()
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1e2) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1e2)
socketpair$unix(0x1, 0x2, 0x0, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) (async)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
socket$inet6(0xa, 0x3, 0x7)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x10)
fremovexattr(r0, &(0x7f0000000040)=@known='system.posix_acl_default\x00') (async)
fremovexattr(r0, &(0x7f0000000040)=@known='system.posix_acl_default\x00')
mount(&(0x7f0000000000)=@sr0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='ntfs3\x00', 0x0, 0x0) (async)
mount(&(0x7f0000000000)=@sr0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='ntfs3\x00', 0x0, 0x0)
mount(&(0x7f0000000040)=@sr0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='ntfs3\x00', 0x8, 0x0)
r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fcntl$dupfd(r1, 0x0, r1) (async)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, &(0x7f0000000080))
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$KDSETLED(r2, 0x4b32, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0xa}, @NFT_OBJECT_LIMIT=@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x4}}, @NFT_MSG_DELSETELEM={0xaa8, 0xe, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0xa94, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x5}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz0\x00'}]}, {0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x5}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz0\x00'}]}, {0x100, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY_END={0x44, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}]}]}, @NFTA_SET_ELEM_KEY_END={0xb8, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x1a, 0x1, "cd2c142635e152b080ac57e2e474730c24d93a98a261"}, @NFTA_DATA_VALUE={0x68, 0x1, "93ebbe64dbcebcc694126160d9ceaf312560622462fc244421ee5f45ac59cffb7aa57a251150777c90b9b7d42a5e5b2d019b4073f7b8b9d5653964805b4baefc509bea2d3cda7fb87a4e05db6d18a4141d80d88279548d34d7cc1197d0e1b3b783b677be"}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0xc0b4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}]}]}]}, {0x44, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPRESSIONS={0x20, 0xb, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_MASQ_REG_PROTO_MAX={0x8, 0x3, 0x1, 0x0, 0x14}]}}}]}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz0\x00'}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_USERDATA={0x5, 0x6, 0x1, 0x0, "e5"}]}, {0x3ec, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x208, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x2c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VALUE={0x26, 0x1, "604a5a7cdee60a282242e464b9da18e165317598e416593cfb8d377244823cebd752"}, @NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VALUE={0x100, 0x1, "f757ce95692eafd8255f7f1fb2d06de986708e18eef05cac48e82f267c689b148a4ab90f153baff2e0bee104e35c32e75bd6a3ca104377ea743ab3b4ffc0ca8b1075f33a7c4c2241bdb99ea8bfbc05b2b1a244e6b74ec47b61efe6ce729735aa7d9d4005c2d348260b44d77f461517619c1b343166c7b118510c9672f804a58fb985deeeb0b04bfe6deeba8be603121243128c34d7508cb4d9d69a645c3ce412e3b98e8103edc2db9d7d2d07d14009844849161459fa53093f2ab9ea5c03b2a1002a0eb5d349de03378171a34af2b0aa84cf2af9d8f1c9c9d4a5d485576709c3cc81c5f71879afbec0de050537fe9391593a84e9780ccedbedc2d714"}, @NFTA_DATA_VERDICT={0x38, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VALUE={0x24, 0x1, "32d8bd9c319821bf56fe16be40c7865f67f08e7f7845da15516052216140c196"}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}]}]}, @NFTA_SET_ELEM_EXPRESSIONS={0x60, 0xb, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @reject={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_REJECT_ICMP_CODE={0x5, 0x2, 0x7}, @NFTA_REJECT_ICMP_CODE={0x5, 0x2, 0x9c}, @NFTA_REJECT_TYPE={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_REJECT_ICMP_CODE={0x5, 0x2, 0x1}, @NFTA_REJECT_TYPE={0x8, 0x1, 0x1, 0x0, 0x2}]}}}, {0x10, 0x1, 0x0, 0x1, @counter={{0xc}, @void}}, {0x10, 0x1, 0x0, 0x1, @match={{0xa}, @void}}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_DATA={0x150, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0xef, 0x1, "8dfd8f03d111b8a2612bc2319d1b548f019ae2d13fce4f8b7a729dd0c6c0f7269e1300672ad5ff9e208528c589cef7afd36cccff360dd3d064e9b77b7e4b9aadbec186f11c36fb32922eb85280b72d2a667b6f9ca8aaba8f02f987a040b5efe86a36774d0eda280624174f3061ff2b896ff9c24baa4a384b1a42373dd9b39552555ffeaff8f22fbe64a3bec3900c225df348f7e33153891bf2e22f9930ed267cabb301f0d640c9d65114421ff5502edfa9cd93330ad98deac69e0323a2c3de7c21cb91177cc83c8736af763239ad0a4f7bff69a9d37fad79629d7fd28ce065aaca401b322123f843adfb43"}, @NFTA_DATA_VALUE={0x5a, 0x1, "34f41b88cea4bebd2ac0d7c98ae15b2e630a6a2fa7912eca96326037216fa89d2efdb91286e50180656343a34065473fab1eb2fc39a74155444743a44b185e3062df812c21ee784ede4606ca8f05f64365c607842086"}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x7}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x80000000}]}, {0x41c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_DATA={0x104, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VALUE={0xf1, 0x1, "81be05f608edfe2b2a1e2a809ba2d539220c3491a6ab7c33a3c5d648ea746d8832c429eb0834dc9a461bce16231317aabecd561944dd414597b3d699e6571ffb20b837f7b6f5d1c08bce56d5d6c836e93e82b6a24f4feb422fc4394d8666fa17d17444a9b09224dd09c59b361427aaecffc8e69f4b1cb79cf6046f2f944a502aaba240ef2c2853f1386c7282f7de58c1248fb7db9d84146537b8c24af8931e5f400dd3ef5aeeab5e9881ebfcbd3b70925c2c22fd1c3d9aa87ac916e5b4e4b8657e593fb89712d3d4bd0d8cf87edd3aa9651a4fe58213488dd3260b96e6df4a0ea3ca97a4db89458da7f9d01c49"}]}, @NFTA_SET_ELEM_EXPR={0x14, 0x7, 0x0, 0x1, @byteorder={{0xe}, @void}}, @NFTA_SET_ELEM_KEY={0x138, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x28, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}]}, @NFTA_DATA_VALUE={0xa9, 0x1, "04d4e37bc53155aae5d5409f52f12d4c2bcaa81bf99f930dd9f668188e645f1f788271666ceb3bb61daa18aa66b51a9990831cdb7832ca102dcd6fd640bd42311bdc60b160ca3119fc08a7b40d8002a767fdfe16ca16bef53d1f09a2738a11bbbbc099c84dacb616e142276b7d7663d8ca2372197dd273dec16bf80f655500229437c49927f5c2d33a926231cc3308e9ee3e8721f090137065ade4fac6bbda685a7f4354f7"}, @NFTA_DATA_VERDICT={0x60, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}]}]}, @NFTA_SET_ELEM_EXPR={0xc, 0x7, 0x0, 0x1, @fib={{0x8}, @void}}, @NFTA_SET_ELEM_EXPRESSIONS={0x30, 0xb, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @nat={{0x8}, @void}}, {0x10, 0x1, 0x0, 0x1, @payload={{0xc}, @void}}, {0x10, 0x1, 0x0, 0x1, @quota={{0xa}, @void}}]}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz2\x00'}, @NFTA_SET_ELEM_DATA={0x50, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VALUE={0x19, 0x1, "3ade2d69b30b7623e651cb56526e9632aea4cbb137"}]}, @NFTA_SET_ELEM_USERDATA={0x18, 0x6, 0x1, 0x0, "48f045085c1c44229a5eb44042525871111f8def"}, @NFTA_SET_ELEM_KEY_END={0x118, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}]}, @NFTA_DATA_VALUE={0xfd, 0x1, "3b53e272a87626dbfadc30c71a523db9fb68b06493c15f04fc86ca77948f5e2c9090660fbc480224eb0b2fe5a28b765f15ddc57b377137cae3fa2daa81d7b5aaf2d31a7772935fd18322f65797f200ba668210cab256e89152e67872a5cef650099d26d1e5154fbd642db1f077dc7157a3fee9aa1e3e9fdca347c9d2ef9e56efca84723d75fe8307937b08d5d1b0384e706cc46e83064878384ed9fef2f12125913e49b85c77daf17f1d8f8d5f8384ea8e8968969ec5b4cdeb065f1c230488467044d9c3d5021eea5be95b5045e0d43b0cd8a78074f27bba56362a8c1a6357a1e55c1fb20ad2db51a7ebe24c64e48be405bfe4f1c9a4d4f30d"}]}]}, {0x10c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_USERDATA={0xf9, 0x6, 0x1, 0x0, "9f5874501ad08e1391d10577548c254899b9bc4828d780a83edb909f74fdbab721d836182da860c366157fceee30acd9169450b914df694750c7705d08cf2eb21911a6cbdbab52be1754f8080ea66e357addbb856df7ccda03331353873123330e1cbba71876e3b3281e966e7216ce91c9901dae3f4a9957a7a2551f752d046a358cf589e8ef87bd554c34690d1e6946fd98d0c3145377cf2c8b14148470360e1f4de15c0319b9b532a4695243bea9020a41386069174abb671345c770e330ddc1fbbfe4c014f53ba0715f16cce7aca18e1393c50b5ff8348982d087561cea0d83be89712c8d974f9117ba3cd15ba6a6130bf3ac14"}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x3}]}]}]}, @NFT_MSG_NEWTABLE={0x68, 0x0, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_TABLE_FLAGS={0x8}, @NFTA_TABLE_FLAGS={0x8}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x201, 0x0, 0x0, {0x7, 0x0, 0xa}, @NFT_OBJECT_COUNTER=@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}}, @NFT_MSG_NEWFLOWTABLE={0x1c, 0x16, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}]}, @NFT_MSG_DELTABLE={0x114, 0x2, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_USERDATA={0xc0, 0x6, "646346d19788641eaebce0d061729949359826319b810b98630cb571e98ae075bbd16e08bcdda79a23fcc81e87b471d148c13dd4ace053aa0e2e0e335db512e31737c08820621bcd1ad71a45a0e0f3e3616eee92deca4ad3c46ec4da31fafc4d8159d18d367b4e55a77ceae8001df88a9a57c9b9771edd6a8b6b1dffe18af6d5ce6603ec9f365a20697360660b5776a000b20066ad14db9c6b3b25c38773d6d6933086ce8ed4e2b91111bfdee2709f869a7de1f4fb944c5d7ebc86a8"}, @NFTA_TABLE_USERDATA={0x1f, 0x6, "85a5fc1f27e1566549012211ea0e67e41cadddc9e4853928543e3d"}]}, @NFT_MSG_DELTABLE={0x90, 0x2, 0xa, 0x201, 0x0, 0x0, {0x7, 0x0, 0x5}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x4}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x4}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_USERDATA={0x1f, 0x6, "1ed3e1614923a431424c3fda5e9104985654cb1ffa385a6d10527d"}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x4}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x801, 0x0, 0x0, {0x3, 0x0, 0x2}, [@NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x1}, @NFTA_CHAIN_HOOK={0xc, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x25c05744}]}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffd}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x5}]}], {0x14}}, 0xd80}, 0x1, 0x0, 0x0, 0x40010}, 0x4000)
r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x101301)
ioctl$USBDEVFS_CLAIM_PORT(r5, 0x80045518, &(0x7f0000000000)=0x1)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r6, 0xffffffffffffffff, 0x0) (async)
close_range(r6, 0xffffffffffffffff, 0x0)

1.670741478s ago: executing program 3 (id=1408):
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_TMR_TIMEBASE(r0, 0xc0045401, &(0x7f0000000340))
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreqn(r1, 0x0, 0x3, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000940)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000180)='percpu_alloc_percpu\x00', r3}, 0x18)
sync()
syz_emit_ethernet(0x6e, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000210", 0x38, 0x3a, 0x0, @remote, @mcast2, {[], @dest_unreach={0x1, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "e68634", 0x0, 0x2f, 0x0, @private1, @local, [@fragment={0x2, 0x0, 0x0, 0x0, 0x0, 0x13, 0x65}]}}}}}}}, 0x0)
sync()
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4004743d, 0x2000000b)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x4)
accept4(r1, 0x0, &(0x7f00000001c0), 0x80000)
r4 = openat$rdma_cm(0xffffff9c, &(0x7f0000000200), 0x2, 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440)={<r6=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r5, &(0x7f0000000000)={0x13, 0x10, 0x7, {0x0, r6, 0x1}}, 0x18)
write$RDMA_USER_CM_CMD_REJECT(r4, &(0x7f0000000380)={0x9, 0x108, 0xfa00, {r6, 0x49, "c84d30", "44536eec8893ae260bdda17d20478e1a01e4ddca7a097609eb029f38b17f99cabbb3cdfa7b739fb8a84c3f2811780e2b5565399572cfbcbafef5eae93e9be5d9b46c85b01c45f0309c78271884068b7e4407246d861eb59eb555dc9886051cb77e64b8a3928d634338c11a0747df8de656a6435e7006687d66050681c7e1c5540d3844beed630d8b14092890632246b3c74e7e438c607232a22066c524854d164b186e3747466420220aff478f2de80c5d42de735e9fdd3779c5dcefd6dee1f5700d980c42c38c51ab4c185346e830ab58babcebe797f7cf750f7b9d05a648c947bafbc4e245745b3596428e7e43d26a4937c33bc1e46193b4712bcded039226"}}, 0x110)

1.571157461s ago: executing program 3 (id=1409):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
mkdir(0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
close(0xffffffffffffffff)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r4, 0x2285, &(0x7f0000000440)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x0, 0x20020, &(0x7f0000000140)=""/24}, &(0x7f0000000380)="851666ce20db", 0x0, 0xfffffffb, 0x39, 0x0, 0x0})
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
lseek(r5, 0xfffffffffffffffb, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
fstatat64(0xffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x3100)

1.239940792s ago: executing program 1 (id=1410):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r1, 0x402, 0x8000003d)
fcntl$setsig(r1, 0xa, 0x21)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x2, &(0x7f0000000040)='source', 0x0, r1)
mknodat$loop(r1, &(0x7f0000002600)='./bus\x00', 0x0, 0x0)

901.068346ms ago: executing program 0 (id=1411):
memfd_create(&(0x7f0000000000)='prodM\xb0\xea\a\x06\xbe\xaen/\xce4\xb7\xc1\xef\xba!\x9d\rSt\xa24\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1dz\xd05\xe2e,\xb1\x84\xea\x91^%A\xe5\x9e\x13TdT\xc6^p\xb0#R\x04\x06\xd4\xc6\x90j\xac\xf9\xa4\xf9\xa5\x0f\x89\xdc\x80O\";\xae\xebA;X\x14\x97\xab\x86\xd1/\x84\x8a\x91$GY\xeb\x8f\xec\xb4\xf9\x1f\xb7\x04\xc2\xc0\xc6\x03\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf04\x03\x88\xae9\'>R^P{Vr!\xe2\x02\x00\x00\x00\x00\x00\x00\x006\x96\xffZ\\A@\x00\x00\x00\xc9\xdeY\xb8\x89#\xa1\xb1)Dk\xeb\xa1\t\x00{x[\xbd\x9d\xf4\xbf\\\xce\x02P\xf2MY\x05^\xffj\x9c\x14\xb7\xb6v2*1>\x00 \x00\x00\x00\x00\x14C?]\x8c\xb4Y\xcf\x80\x85\xd6\x036\xc8~\xa8\f\x00\x00\xb5M\x9a\x9dc\xaaAU\xec\xe06\xed\xb3\xbd\xe4\xfb\xdf\a\xd0lg\x13\xf9\x8b:s>\xd7s\xef\xb3\x9f#\x15)\xf9\xe10\xc7\xb262<k\xa8\x88\x01\x00fhD\xe7\xb6\x17\x80\x95\xa8\x1e\t\xb01KF\xcb\x00\x1e\x7fE\x7f\x02\x00\x00\x00y<nGR\x94\x99\xb8\x89\x9b\x8f\xd5\xe6\x02\xb5C\xad\"u\xf4\x01\x00\x00\x00\x00\x00\x00\xdd\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc3\xa7/\x0f\x9b`\xa5\x98\x81a\xeev\x00\x00\x00\x00\a\x10\x00m2\xf2\xd8,\x17\xf8\x8e\xae\xc8\xad\xed<\"\x8e\n\x9d\xb13\x8d\xef\x96\xd2I\"8=tg\xdfU\xd0q\x95/f\xec\xdc\xa3\xe1[\xc0\xaa\xefz\xc9\xf4[\x00\x00\x00Q\xff}5\x94\x88\xa1\xdc\xa1g\xe0q\xc5:\xe4\xdf\x80\xb3,\xb9\xb2\xdc\x81\x9f6\x0f\x84WY\xbfSY`\xb8\a\x19\xb1\x058\xa4\xc3\xbb\xf8aB:\x84\x02?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3o-GU\xb0\x00F\xb3o(aI[\xd6\x9f\x80,y\xdf/\xaa\xe2i\x8cZ\x9c\xc3 \x90\xc6G\xaeI\x83\x93\x8cC\xc0#\xe0q\xd0Ex|\xdb\xa8\x16\xfe>:\t0\xfd\x8a\xc7\x84\xb5\xc7M-0A\xf0\xc95\xcc\xb6\xf6\xe8o\xfd\x882\xb3\xa84\xac\x00\xdd}Ft\xc6\xcc\f}1X#\xe4\xe1\x94i\xce\xa1\xff\x95\x80\xb4T\x9c\x01\xf3\x1cLB\x94m(m\f\xbc\xebY\xa0\xf7\xf0\x9d\x10\xbd\x86\x1by\xe6\xdf\xc0\xc5\xb9\xb9\xbf\xdf~9\nC\xe9\xc5\x0e\xda\x9c(\x9b\"\xc7\x97\xfc\b\xd9\xc2T\xa7*}]\xc8\xb3 .\x9b\x89\x0f\xf8$\xdd>lU\x13EG\xbb1] \xda\x19\xc5\x9b\x15\x95\xc4\xfcw\xbb\x92\x91\xc4\xa6\x907XK\xfc\x17]\xfa\xff\'\xef\x92\x1c\xb8\x1fK\xb2o \xd1\xbd\xb2\x11+\xa3R\xefQ\xc2\xbdW\x05\xec\xb3=@\x03\xc6^\xa2\x15%\xb0\'D#\xb6Q\x8f\x82]S>\x0fP\x9cE\x92{d\xe6\x9cj1\x87\xb3\x01\xde\xd3\x84d\xf4\x134\x00\x00\x00\x00h\xaa\x15\x9a\xf7\x03\x00%\x88p\x90\xbb\x9dt\xa3\xe1\r\x8d\x94\"\x19\x8b\x17)\xea\xd5\x17\xeb\xe4\x1b\x0fBZ1\xbe\xee\xfa\x1c\xf9\xa6\x11\x94\x06\\P:\xaf\xcex\xc2\x82\x9a\x16\xfc\xa1\xf9q\x12\xe3\x1a\xdc\xb7\x12\xbba\b\xbb\xed\xb2\xd1W\xe2\x8b\x8d8}\x10W\xbd\xa60k2\x03\xfa\x890\x86#\bQ\xcb)\x00]\x9e\x14\xd2\xea\x82\xa8\xb7ZG\x15r\xf1\t\x00\x00\x00 \xc1\xaf\x19?\x00\\\x91\x13\x1b8\xe1\xc3\xa4\v\x94\xbfJ\xb5\xde\x95\x82\x00]B|\xe2[%\xe3\xf0\x04\xba\xed\xdb\xf5\x7f\x9d\xfe>\xf6m$M&\x7fq]\xe4\xf6\x82\xc3\x00\xb1zg}\x99E\xa4\x19\xe9\x1a4a\xd75D-k\x84\xa6\x12+\xebk\xa1\xfek\x89\xef\x18\xc1)6\xa65\xe2D\xbe\xe1\xdfq\xdd68\xf37g\xab9m\xe7\xddO\v?\xe0\xbe}\xa9U\xc7{\xd3\x16W\xbb\xe5\xd2\x93\xfe\xa4\x9d\r$\xe91c8`\x86\xbc)\xc6\x12\x8c_x\xa8\xfa\xb5K\x03\x85\x93k\xe1\x8e\x1f)\".\xcc\'\v\xa6\x1bj\\\n\xe98yA\xd8T\x85\x80A\xcbo\x99\x99\xeb)r\x1a\xce\x18(\x185LL\xbcOeO\'\xe2\x86&\xe4\xe2\xe7~\x92\xa2\xb2\x9b\xc3\x00\x85\xce\xad7\x87\xa0\xfcc\xf5\xf8\xaf\v,q\xd4\x18\xbdM\x1a\xde\xba*L\x05m6\xecH\xd0T\xb8m\xdb\b\xa6\x02\xfb\x13\xac\x91\x8a\x8d\x94\x93\x8d=\xb1\x84\x9c\x9b\xe5\xc7\xa6\xc9Q\xc1eUc\xcc\x180^\x00\x00\x00\x00\x00\x00\x00\x00\xe7]6+\\\x00\x00\x00\x00?#C.\x1dj\xd9\xc3\xdd&\x80g:N\xec\x06[\x8f\x92\xe2\xb01\xb0\xef\x10,\xde\xf3\x86D\x8b\xf7\xf1>AH\xef\\\xf9\x8b\a\xe0\xb2\xcb\xf0\x97\b\r\xd5`\xb9\xd6\xa4\x1e\xbe\x12-}\xc5\x84\xde@\x18\x87\f\x01O\xedS\x8f\x9en,\xbce\xb2\xe4\x82v\x1c\xed\x84-s\xab\x06b\x9c\xba\xec\xa5\xc9A\x84\xd0\xe0 S\xc8\xa2\xaf\x85\v\xad\xa5\x88\xcf\xb6}`\x14\'\xea\xbfN\xac)\xa1\xe8\xb2\x9f\x112TJ\x16\x8c9\xe9\xf5\x18\x15Dd\x8a%>\x91\x93\x80\xe9\x18\x82]\x9e&\xfa\xaa\xfa8Z2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\xb35\x00\xfb\xac8wAph\xb4\x9d\x14\xf6\xec+f\x84\xde\x1b\x11\xe8\\}\xf81\xe6U3\xf9~\xdfD[\x1a\x02\x1f\xd2\x1as-\x9c\x01\x86\xa7\xb8\xc5\xeeOg\x99j\xedu\xafO@\x8e\xf24w\xad\x130Z&\xcb\x81\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00Lo\x12\x00\xa2\xa5$9\x05O\xfe\x0e\xd2N\x98\x84\x10\x01\x89\xaa)\x118\xcd\xf8>\xab\xd9\xbd\xcfH\xa5\x8e\x14\x12\xb0OF\x80\xbb\xb6B\x80Q \x85\'w\xc8D\xf9\xfa\fq\x9e\x83I\xe5\n\xae8\xb7\f\xab#\x85Y\xeeH\x98\x84\x8cRv\xdcZ<\x80\xbd\x8d~\n\x88-\xa1\x97\xaf2e\xa6\'\x8aQ\x85}\xf1\rJF\f\x8c_\x01\xbe\'\v1\xccL\x0e\x05\xbdIa\x85\xb8\x14\xe0;}\xb7\x11\xb5\xfa\xeb\x13\xd3\x92\x8a\xe47\xf9\x12\xd9\xd5\x99\xf4\t\xdf\x058\xc4]\xf7\x16J\xf9\xce\xf0zG\xe6i\xf1~\xaaL\xa5\xd5\xe5L\xban?\'\x11B', 0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000640)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
getsockopt$bt_BT_POWER(r1, 0x112, 0x9, 0x0, &(0x7f0000000180))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_emit_ethernet(0x0, 0x0, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r5 = fcntl$dupfd(r4, 0x0, r4)
write$sndseq(r5, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @tick=0x2f, {}, {}, @raw32}, {0x0, 0x2, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0x38)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000800)=ANY=[@ANYBLOB="38010000100013070000000000000000ffffffff000000000000000000000000fe8000000000000000000000000000bb000000000000000002000000000000006ea012f6df434bb85c20f017677553fbcdb36ec1b53e27621e82d15499e266c88034f49c9867b4cf9b51d87777a6c045ffbc0501b726299dd7116e3688582fed7aff7217cbf8fc4e8d4388341bab9df47669283a7d03558389f59ba6af5089fd9b", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000000003c000000ff010000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000003b030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000a0000000000000048000200656362286369706865725f6e756c6c2900"/229], 0x138}}, 0x0)
madvise(&(0x7f0000078000/0x4000)=nil, 0x4000, 0x17)
kcmp(0x0, 0x0, 0x300, 0xffffffffffffffff, 0xffffffffffffffff)
ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(0xffffffffffffffff, 0xc1105518, &(0x7f00000006c0)={{0x8, 0x4, 0x8, 0x803, 'syz1\x00', 0x3}, 0x4, 0x20000000, 0x9, r0, 0x0, 0x324f, 'syz0\x00', &(0x7f0000000680)})
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='nfsd\x00', 0x840d, 0x0)

691.095247ms ago: executing program 3 (id=1412):
openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$smc(&(0x7f0000001980), 0xffffffffffffffff)
sendmsg$SMC_PNETID_ADD(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100ffffffff00000000020000000900010073797a310000000014000200626f6e645f736c6176655f3100000000fd34a043a4757c0188e4af83f585c57eb54673df31c18f46182430a935db71fd15a7d3d045270c"], 0x34}}, 0x4000000)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000002740)=ANY=[@ANYBLOB="14000000130001ffffff7f8cd913e90002"], 0x14}], 0x1}, 0x0)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000140)='bbr\x00', 0x4)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = syz_socket_connect_nvme_tcp()
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f00000002c0)={0x3, &(0x7f0000000280)=[{0x4, 0x7, 0x9, 0x81}, {0x7, 0x9, 0x3, 0xd3}, {0x10, 0x8, 0x9, 0x7}]}, 0x8)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001140)={0x0, 0x3c}}, 0x0)
sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r3, &(0x7f0000000200)=""/20, 0x14, 0x40002722, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$smc(&(0x7f0000001980), 0xffffffffffffffff)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = syz_io_uring_setup(0x239, &(0x7f0000000280)={0x0, 0x7fffffff, 0x10100, 0x0, 0xba}, &(0x7f0000000100), &(0x7f00000001c0))
io_uring_enter(r9, 0x2def, 0x0, 0x0, 0x0, 0x0)

300.071189ms ago: executing program 1 (id=1413):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcf"], 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x54}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r2 = dup(r1)
write$UHID_INPUT(r2, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f99f2909094bf70e0dd038e7ff7fc6e5539b324c078b089b07333b6c1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31300d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)

0s ago: executing program 0 (id=1414):
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_TMR_TIMEBASE(r0, 0xc0045401, &(0x7f0000000340))
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreqn(r1, 0x0, 0x3, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000940)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000180)='percpu_alloc_percpu\x00', r3}, 0x18)
sync()
syz_emit_ethernet(0x6e, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000210", 0x38, 0x3a, 0x0, @remote, @mcast2, {[], @dest_unreach={0x1, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "e68634", 0x0, 0x2f, 0x0, @private1, @local, [@fragment={0x2, 0x0, 0x0, 0x0, 0x0, 0x13, 0x65}]}}}}}}}, 0x0)
sync()
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4004743d, 0x2000000b)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x4)
accept4(r1, 0x0, &(0x7f00000001c0), 0x80000)
r4 = openat$rdma_cm(0xffffff9c, &(0x7f0000000200), 0x2, 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440)={<r6=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r5, &(0x7f0000000000)={0x13, 0x10, 0x7, {0x0, r6, 0x1}}, 0x18)
write$RDMA_USER_CM_CMD_REJECT(r4, &(0x7f0000000380)={0x9, 0x108, 0xfa00, {r6, 0x49, "c84d30", "44536eec8893ae260bdda17d20478e1a01e4ddca7a097609eb029f38b17f99cabbb3cdfa7b739fb8a84c3f2811780e2b5565399572cfbcbafef5eae93e9be5d9b46c85b01c45f0309c78271884068b7e4407246d861eb59eb555dc9886051cb77e64b8a3928d634338c11a0747df8de656a6435e7006687d66050681c7e1c5540d3844beed630d8b14092890632246b3c74e7e438c607232a22066c524854d164b186e3747466420220aff478f2de80c5d42de735e9fdd3779c5dcefd6dee1f5700d980c42c38c51ab4c185346e830ab58babcebe797f7cf750f7b9d05a648c947bafbc4e245745b3596428e7e43d26a4937c33bc1e46193b4712bcded039226"}}, 0x110)

kernel console output (not intermixed with test programs):

pat_after_hwframe+0x84/0x8e
[  366.489985][T10232] RIP: 0023:0xf709e579
[  366.489995][T10232] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  366.490004][T10232] RSP: 002b:00000000f5090590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  366.490016][T10232] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5090620
[  366.490023][T10232] RDX: 000000000000000f RSI: 00000000f73d3ff4 RDI: 0000000000000000
[  366.490030][T10232] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  366.490036][T10232] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  366.490043][T10232] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  366.490056][T10232]  </TASK>
[  366.521235][T10236] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1158'.
[  366.548630][ T6021] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  367.523807][T10253] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in;
[  367.523807][T10253]    program syz.0.1163 not setting count and/or reply_len properly
[  367.835643][   T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  368.877203][   T40] kauditd_printk_skb: 25 callbacks suppressed
[  368.877215][   T40] audit: type=1326 audit(1737271724.780:2098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10258 comm="syz.3.1166" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  368.885673][   T40] audit: type=1326 audit(1737271724.780:2099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10258 comm="syz.3.1166" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  368.892055][   T40] audit: type=1326 audit(1737271724.780:2100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10258 comm="syz.3.1166" exe="/syz-executor" sig=0 arch=40000003 syscall=99 compat=1 ip=0xf708e579 code=0x7ffc0000
[  368.898034][   T40] audit: type=1326 audit(1737271724.780:2101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10258 comm="syz.3.1166" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  368.904481][   T40] audit: type=1326 audit(1737271724.780:2102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10258 comm="syz.3.1166" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  368.910621][   T40] audit: type=1326 audit(1737271724.780:2103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10258 comm="syz.3.1166" exe="/syz-executor" sig=0 arch=40000003 syscall=136 compat=1 ip=0xf708e579 code=0x7ffc0000
[  368.917218][   T40] audit: type=1326 audit(1737271724.780:2104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10258 comm="syz.3.1166" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  368.923335][   T40] audit: type=1326 audit(1737271724.780:2105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10258 comm="syz.3.1166" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  368.929498][   T40] audit: type=1326 audit(1737271724.780:2106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10258 comm="syz.3.1166" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf708e579 code=0x7ffc0000
[  368.935657][   T40] audit: type=1326 audit(1737271724.780:2107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10258 comm="syz.3.1166" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  368.964636][ T5973] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  368.970480][ T5973] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  368.973568][ T5973] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  368.979652][ T5973] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  368.987647][ T5973] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  368.990044][ T5973] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  369.020000][T10270] usb usb9: usbfs: interface 0 claimed by hub while 'syz.1.1168' sets config #0
[  369.134381][T10274] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$���UL�vy��آ
�D��UD\�Դ
[  369.163381][T10264] chnl_net:caif_netlink_parms(): no params data found
[  369.358883][   T58] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  369.382250][T10264] bridge0: port 1(bridge_slave_0) entered blocking state
[  369.384624][T10264] bridge0: port 1(bridge_slave_0) entered disabled state
[  369.387339][T10264] bridge_slave_0: entered allmulticast mode
[  369.407540][T10264] bridge_slave_0: entered promiscuous mode
[  369.425732][T10264] bridge0: port 2(bridge_slave_1) entered blocking state
[  369.428148][T10264] bridge0: port 2(bridge_slave_1) entered disabled state
[  369.431121][T10264] bridge_slave_1: entered allmulticast mode
[  369.433974][T10264] bridge_slave_1: entered promiscuous mode
[  369.486558][   T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  369.538872][   T58] usb 8-1: Using ep0 maxpacket: 16
[  369.543224][   T58] usb 8-1: config 0 has an invalid interface number: 8 but max is 0
[  369.545594][   T58] usb 8-1: config 0 has no interface number 0
[  369.547467][   T58] usb 8-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  369.550695][   T58] usb 8-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  369.555088][   T58] usb 8-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  369.557751][   T58] usb 8-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  369.561328][   T58] usb 8-1: Product: syz
[  369.567123][   T58] usb 8-1: SerialNumber: syz
[  369.652313][T10264] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  369.671515][   T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  369.676180][T10264] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  369.690630][   T58] usb 8-1: config 0 descriptor??
[  369.704936][T10264] team0: Port device team_slave_0 added
[  369.707810][T10264] team0: Port device team_slave_1 added
[  369.716382][   T58] cm109 8-1:0.8: invalid payload size 0, expected 4
[  369.725934][   T58] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.8/input/input72
[  369.735836][T10264] batman_adv: batadv0: Adding interface: batadv_slave_0
[  369.737804][T10264] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  369.747026][T10264] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  369.765239][   T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  369.770720][T10264] batman_adv: batadv0: Adding interface: batadv_slave_1
[  369.772662][T10264] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  369.781973][T10264] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  369.808318][T10264] hsr_slave_0: entered promiscuous mode
[  369.814625][T10264] hsr_slave_1: entered promiscuous mode
[  369.817384][T10264] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  369.822533][T10264] Cannot create hsr debugfs directory
[  369.888096][   T11] bridge_slave_1: left allmulticast mode
[  369.897244][   T11] bridge_slave_1: left promiscuous mode
[  369.899626][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  369.902657][   T11] bridge_slave_0: left allmulticast mode
[  369.904209][   T11] bridge_slave_0: left promiscuous mode
[  369.905777][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  369.943842][    C1] cm109 8-1:0.8: cm109_urb_ctl_callback: urb status -71
[  369.946003][    C1] cm109 8-1:0.8: cm109_urb_ctl_callback: urb status -71
[  369.948151][    C1] cm109 8-1:0.8: cm109_urb_ctl_callback: urb status -71
[  369.950232][   T58] usb 8-1: USB disconnect, device number 24
[  369.951968][    C1] cm109 8-1:0.8: cm109_urb_ctl_callback: urb status -71
[  369.951979][    C1] cm109 8-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  369.965143][   T58] cm109 8-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  370.211796][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  370.215925][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  370.218939][  T834] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  370.219615][   T11] bond0 (unregistering): Released all slaves
[  370.243189][T10266] vcan0: entered allmulticast mode
[  370.379167][  T834] usb 6-1: Using ep0 maxpacket: 16
[  370.389901][  T834] usb 6-1: config 1 interface 0 altsetting 191 bulk endpoint 0x1 has invalid maxpacket 32
[  370.394025][  T834] usb 6-1: config 1 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  370.398089][  T834] usb 6-1: config 1 interface 0 has no altsetting 0
[  370.410628][  T834] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  370.414360][  T834] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  370.417518][  T834] usb 6-1: Product: ч
[  370.419427][  T834] usb 6-1: Manufacturer: а
[  370.420749][  T834] usb 6-1: SerialNumber: 苊䉂ᒌዦ缡되䙸⍀䭐ᆺ壕⒋ㅅ室鉚팯
[  370.429561][T10295] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  370.505219][T10300] input: syz0 as /devices/virtual/input/input73
[  370.578613][   T11] hsr_slave_0: left promiscuous mode
[  370.580967][   T11] hsr_slave_1: left promiscuous mode
[  370.586227][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  370.589201][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  370.596674][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  370.606495][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  370.641311][   T11] veth1_macvtap: left promiscuous mode
[  370.642934][   T11] veth0_macvtap: left promiscuous mode
[  370.644482][   T11] veth1_vlan: left promiscuous mode
[  370.645944][   T11] veth0_vlan: left promiscuous mode
[  370.648306][  T834] usb 6-1: USB disconnect, device number 25
[  371.048997][ T5973] Bluetooth: hci1: command tx timeout
[  371.469995][ T5745] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  371.517613][   T11] team0 (unregistering): Port device team_slave_1 removed
[  371.596199][   T11] team0 (unregistering): Port device team_slave_0 removed
[  371.628803][ T5745] usb 6-1: Using ep0 maxpacket: 8
[  371.631550][ T5745] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  371.633858][ T5745] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  371.636539][ T5745] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  371.639618][ T5745] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  371.642280][ T5745] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  371.645944][ T5745] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  371.648441][ T5745] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.678886][   T65] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  371.854935][ T5745] usb 6-1: usb_control_msg returned -32
[  371.857286][ T5745] usbtmc 6-1:16.0: can't read capabilities
[  371.858785][   T65] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  371.862516][   T65] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  371.865342][   T65] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  371.867905][   T65] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.872672][T10322] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  371.900484][   T65] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  372.137563][   T65] usb 8-1: USB disconnect, device number 25
[  372.238115][T10264] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  372.251702][T10264] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  372.254926][T10264] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  372.258333][T10264] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  372.303450][T10264] 8021q: adding VLAN 0 to HW filter on device bond0
[  372.321114][T10264] 8021q: adding VLAN 0 to HW filter on device team0
[  372.325421][   T39] bridge0: port 1(bridge_slave_0) entered blocking state
[  372.327535][   T39] bridge0: port 1(bridge_slave_0) entered forwarding state
[  372.339327][ T1162] bridge0: port 2(bridge_slave_1) entered blocking state
[  372.342012][ T1162] bridge0: port 2(bridge_slave_1) entered forwarding state
[  372.374244][T10264] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  372.377135][T10264] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  372.459964][T10264] 8021q: adding VLAN 0 to HW filter on device batadv0
[  372.474680][T10264] veth0_vlan: entered promiscuous mode
[  372.479373][T10264] veth1_vlan: entered promiscuous mode
[  372.490764][T10264] veth0_macvtap: entered promiscuous mode
[  372.494112][T10264] veth1_macvtap: entered promiscuous mode
[  372.500513][T10264] batman_adv: batadv0: Interface activated: batadv_slave_0
[  372.504503][T10264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  372.507990][T10264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  372.512361][T10264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  372.515365][T10264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  372.518707][T10264] batman_adv: batadv0: Interface activated: batadv_slave_1
[  372.522678][T10264] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  372.525153][T10264] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  372.528279][T10264] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  372.531232][T10264] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  372.563514][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  372.565724][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  372.573387][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  372.575583][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  372.692142][T10341] tmpfs: Unknown parameter 'usE�uota'
[  372.697929][T10341] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  373.291281][T10351] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  373.338826][ T8647] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  373.488935][ T8647] usb 5-1: Using ep0 maxpacket: 16
[  373.492313][ T8647] usb 5-1: config 0 has no interfaces?
[  373.493944][ T8647] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  373.496747][ T8647] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  373.500233][ T8647] usb 5-1: config 0 descriptor??
[  373.664775][T10357] wg2: entered promiscuous mode
[  373.666460][T10357] wg2: entered allmulticast mode
[  373.669755][T10357] netlink: 'syz.3.1190': attribute type 10 has an invalid length.
[  373.676223][T10357] team0: Port device netdevsim0 added
[  373.679831][T10357] netlink: 'syz.3.1190': attribute type 10 has an invalid length.
[  373.687829][T10357] team0: Port device netdevsim0 removed
[  373.691618][T10357] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  373.697290][T10357] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1190'.
[  373.911563][T10348] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  373.914250][T10348] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  373.978953][T10358] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1187'.
[  374.226144][  T832] usb 6-1: USB disconnect, device number 26
[  374.355776][T10363] input: syz0 as /devices/virtual/input/input74
[  374.777100][ T1162] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  376.225388][ T6008] usb 5-1: USB disconnect, device number 31
[  376.241390][T10378] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  376.321239][   T67] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  376.325261][   T67] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  376.328050][   T67] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  376.336101][   T67] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  376.341170][   T67] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  376.344122][   T67] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  376.429949][  T832] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  376.548257][ T1162] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  376.570920][  T832] usb 6-1: device descriptor read/64, error -71
[  376.578368][T10381] chnl_net:caif_netlink_parms(): no params data found
[  376.650651][T10381] bridge0: port 1(bridge_slave_0) entered blocking state
[  376.657835][T10381] bridge0: port 1(bridge_slave_0) entered disabled state
[  376.660724][T10381] bridge_slave_0: entered allmulticast mode
[  376.663774][T10381] bridge_slave_0: entered promiscuous mode
[  376.665392][T10393] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  376.683718][ T1162] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  376.689852][T10381] bridge0: port 2(bridge_slave_1) entered blocking state
[  376.692708][T10381] bridge0: port 2(bridge_slave_1) entered disabled state
[  376.695082][T10381] bridge_slave_1: entered allmulticast mode
[  376.697420][T10381] bridge_slave_1: entered promiscuous mode
[  376.731571][  T834] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  376.749602][T10381] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  376.755083][T10381] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  376.794579][ T1162] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  376.803624][T10381] team0: Port device team_slave_0 added
[  376.807039][T10381] team0: Port device team_slave_1 added
[  376.819506][  T832] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  376.825352][T10381] batman_adv: batadv0: Adding interface: batadv_slave_0
[  376.827399][T10381] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  376.835237][T10381] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  376.839295][T10381] batman_adv: batadv0: Adding interface: batadv_slave_1
[  376.841314][T10381] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  376.848580][T10381] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  376.883239][T10381] hsr_slave_0: entered promiscuous mode
[  376.888076][T10381] hsr_slave_1: entered promiscuous mode
[  376.890908][T10381] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  376.893130][T10381] Cannot create hsr debugfs directory
[  376.898882][  T834] usb 5-1: Using ep0 maxpacket: 16
[  376.901530][  T834] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  376.903823][  T834] usb 5-1: config 0 has no interface number 0
[  376.905631][  T834] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  376.908865][  T834] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  376.912675][  T834] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  376.915407][  T834] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  376.917758][  T834] usb 5-1: Product: syz
[  376.919055][  T834] usb 5-1: SerialNumber: syz
[  376.925342][  T834] usb 5-1: config 0 descriptor??
[  376.928408][  T834] cm109 5-1:0.8: invalid payload size 0, expected 4
[  376.930860][  T834] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.8/input/input75
[  376.948595][ T1162] bridge_slave_1: left allmulticast mode
[  376.951178][ T1162] bridge_slave_1: left promiscuous mode
[  376.952947][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state
[  376.956203][ T1162] bridge_slave_0: left allmulticast mode
[  376.957899][ T1162] bridge_slave_0: left promiscuous mode
[  376.961983][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state
[  376.981280][  T832] usb 6-1: device descriptor read/64, error -71
[  377.103088][  T832] usb usb6-port1: attempt power cycle
[  377.150994][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  377.153145][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  377.155640][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  377.157653][  T834] usb 5-1: USB disconnect, device number 32
[  377.159333][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  377.159348][    C0] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  377.175778][  T834] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  377.261847][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  377.267007][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  377.281275][ T1162] bond0 (unregistering): Released all slaves
[  377.448968][  T832] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  377.469878][  T832] usb 6-1: device descriptor read/8, error -71
[  377.722213][ T1162] hsr_slave_0: left promiscuous mode
[  377.729120][  T832] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  377.731606][ T1162] hsr_slave_1: left promiscuous mode
[  377.734710][ T1162] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  377.737399][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0
[  377.749395][  T832] usb 6-1: device descriptor read/8, error -71
[  377.752878][ T1162] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  377.755526][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1
[  377.812597][ T1162] veth1_macvtap: left promiscuous mode
[  377.814124][ T1162] veth0_macvtap: left promiscuous mode
[  377.815618][ T1162] veth1_vlan: left promiscuous mode
[  377.817103][ T1162] veth0_vlan: left promiscuous mode
[  377.860359][  T832] usb usb6-port1: unable to enumerate USB device
[  378.072026][T10403] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in;
[  378.072026][T10403]    program syz.0.1202 not setting count and/or reply_len properly
[  378.405316][ T5973] Bluetooth: hci1: command tx timeout
[  378.603393][T10405] syz.3.1203[10405] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  378.603477][T10405] syz.3.1203[10405] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  378.607421][T10405] syz.3.1203[10405] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  379.294222][ T1162] team0 (unregistering): Port device team_slave_1 removed
[  379.325523][T10418] overlayfs: empty lowerdir
[  379.398996][ T1162] team0 (unregistering): Port device team_slave_0 removed
[  380.224746][T10428] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  380.260042][T10381] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  380.270053][T10381] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  380.274014][T10381] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  380.288529][T10381] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  380.317111][T10431] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  380.323057][T10381] 8021q: adding VLAN 0 to HW filter on device bond0
[  380.332610][T10381] 8021q: adding VLAN 0 to HW filter on device team0
[  380.348684][T10381] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  380.351898][T10381] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  380.357656][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  380.359925][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  380.364104][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  380.366181][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  380.397129][T10432] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in;
[  380.397129][T10432]    program syz.0.1209 not setting count and/or reply_len properly
[  380.478932][ T5973] Bluetooth: hci1: command tx timeout
[  380.487643][T10381] 8021q: adding VLAN 0 to HW filter on device batadv0
[  380.502511][T10381] veth0_vlan: entered promiscuous mode
[  380.506745][T10381] veth1_vlan: entered promiscuous mode
[  380.517253][T10381] veth0_macvtap: entered promiscuous mode
[  380.535982][T10381] veth1_macvtap: entered promiscuous mode
[  380.557754][T10381] batman_adv: batadv0: Interface activated: batadv_slave_0
[  380.561148][T10381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  380.564150][T10381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  380.566945][T10381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  380.570233][T10381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  380.576923][T10381] batman_adv: batadv0: Interface activated: batadv_slave_1
[  380.583450][T10381] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  380.586020][T10381] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  380.588583][T10381] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  380.600828][T10381] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  380.687282][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  380.698994][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  380.705869][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  380.708228][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  381.000288][T10444] FAULT_INJECTION: forcing a failure.
[  381.000288][T10444] name failslab, interval 1, probability 0, space 0, times 0
[  381.003702][T10444] CPU: 2 UID: 0 PID: 10444 Comm: syz.3.1214 Not tainted 6.13.0-rc7-syzkaller-00191-gfda5e3f28400 #0
[  381.006887][T10444] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  381.009945][T10444] Call Trace:
[  381.010904][T10444]  <TASK>
[  381.011728][T10444]  dump_stack_lvl+0x16c/0x1f0
[  381.013099][T10444]  should_fail_ex+0x497/0x5b0
[  381.014447][T10444]  ? fs_reclaim_acquire+0xae/0x150
[  381.015921][T10444]  should_failslab+0xc2/0x120
[  381.017252][T10444]  __kmalloc_noprof+0xce/0x4f0
[  381.018594][T10444]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  381.020668][T10444]  ? lockdep_hardirqs_on+0x7c/0x110
[  381.022147][T10444]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  381.024163][T10444]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  381.025649][T10444]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  381.027323][T10444]  ? genl_get_cmd+0x195/0x580
[  381.028625][T10444]  ? bpf_lsm_capable+0x9/0x10
[  381.029955][T10444]  ? security_capable+0x7e/0x260
[  381.031287][T10444]  ? ns_capable+0xd7/0x110
[  381.032528][T10444]  genl_rcv_msg+0x565/0x800
[  381.033873][T10444]  ? __pfx_genl_rcv_msg+0x10/0x10
[  381.035272][T10444]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  381.036757][T10444]  ? __pfx_nl80211_channel_switch+0x10/0x10
[  381.038420][T10444]  ? __pfx_nl80211_post_doit+0x10/0x10
[  381.039937][T10444]  netlink_rcv_skb+0x165/0x410
[  381.041351][T10444]  ? __pfx_genl_rcv_msg+0x10/0x10
[  381.042880][T10444]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  381.044458][T10444]  ? down_read+0xc9/0x330
[  381.045722][T10444]  ? __pfx_down_read+0x10/0x10
[  381.047129][T10444]  ? netlink_deliver_tap+0x1ae/0xca0
[  381.048704][T10444]  genl_rcv+0x28/0x40
[  381.049913][T10444]  netlink_unicast+0x53c/0x7f0
[  381.051620][T10444]  ? __pfx_netlink_unicast+0x10/0x10
[  381.053388][T10444]  ? __phys_addr_symbol+0x30/0x80
[  381.054931][T10444]  ? __check_object_size+0x488/0x710
[  381.056457][T10444]  netlink_sendmsg+0x8b8/0xd70
[  381.057831][T10444]  ? __pfx_netlink_sendmsg+0x10/0x10
[  381.059403][T10444]  ____sys_sendmsg+0x9ae/0xb40
[  381.060983][T10444]  ? __pfx_____sys_sendmsg+0x10/0x10
[  381.063073][T10444]  ? get_compat_msghdr+0x11b/0x170
[  381.065123][T10444]  ___sys_sendmsg+0x135/0x1e0
[  381.066995][T10444]  ? __pfx____sys_sendmsg+0x10/0x10
[  381.068851][T10444]  ? __pfx_lock_release+0x10/0x10
[  381.070380][T10444]  ? trace_lock_acquire+0x14e/0x1f0
[  381.072175][T10444]  ? __fget_files+0x206/0x3a0
[  381.073585][T10444]  __sys_sendmsg+0x16e/0x220
[  381.074997][T10444]  ? __pfx___sys_sendmsg+0x10/0x10
[  381.076513][T10444]  __do_fast_syscall_32+0x73/0x120
[  381.078010][T10444]  do_fast_syscall_32+0x32/0x80
[  381.079850][T10444]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  381.082846][T10444] RIP: 0023:0xf708e579
[  381.084450][T10444] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  381.090897][T10444] RSP: 002b:00000000f508055c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  381.094114][T10444] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000200
[  381.096665][T10444] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  381.099162][T10444] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  381.102200][T10444] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  381.105265][T10444] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  381.108026][T10444]  </TASK>
[  381.110140][    C2] vkms_vblank_simulate: vblank timer overrun
[  381.678862][   T65] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  381.839071][   T65] usb 6-1: Using ep0 maxpacket: 16
[  381.841813][   T65] usb 6-1: config 1 interface 0 altsetting 191 bulk endpoint 0x1 has invalid maxpacket 32
[  381.844580][   T65] usb 6-1: config 1 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  381.852231][   T65] usb 6-1: config 1 interface 0 has no altsetting 0
[  381.860001][   T65] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  381.862574][   T65] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.864792][   T65] usb 6-1: Product: ч
[  381.865938][   T65] usb 6-1: Manufacturer: а
[  381.867246][   T65] usb 6-1: SerialNumber: 苊䉂ᒌዦ缡되䙸⍀䭐ᆺ壕⒋ㅅ室鉚팯
[  381.881073][T10457] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  381.922909][T10464] overlayfs: empty lowerdir
[  382.094003][   T65] usb 6-1: USB disconnect, device number 31
[  382.124325][T10468] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  382.705075][T10480] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  382.837886][ T5745] kernel write not supported for file /sysvipc/msg (pid: 5745 comm: kworker/3:3)
[  382.873448][T10485] FAULT_INJECTION: forcing a failure.
[  382.873448][T10485] name failslab, interval 1, probability 0, space 0, times 0
[  382.877202][T10485] CPU: 3 UID: 0 PID: 10485 Comm: syz.1.1226 Not tainted 6.13.0-rc7-syzkaller-00191-gfda5e3f28400 #0
[  382.880287][T10485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  382.883498][T10485] Call Trace:
[  382.884469][T10485]  <TASK>
[  382.885326][T10485]  dump_stack_lvl+0x116/0x1f0
[  382.886707][T10485]  should_fail_ex+0x497/0x5b0
[  382.888059][T10485]  should_failslab+0xc2/0x120
[  382.889422][T10485]  kmem_cache_alloc_noprof+0x6e/0x3b0
[  382.890995][T10485]  ? __send_signal_locked+0x159/0x11a0
[  382.892584][T10485]  ? sig_get_ucounts+0x1c0/0x5b0
[  382.894083][T10485]  __send_signal_locked+0x159/0x11a0
[  382.895607][T10485]  ? __lock_task_sighand+0x146/0x340
[  382.897117][T10485]  group_send_sig_info+0x2aa/0x300
[  382.898587][T10485]  ? __pfx_group_send_sig_info+0x10/0x10
[  382.900238][T10485]  ? stack_depot_save_flags+0x28/0x9e0
[  382.901858][T10485]  ? __lock_acquire+0xcc5/0x3c40
[  382.903320][T10485]  bpf_send_signal_common+0x415/0x520
[  382.904867][T10485]  ? __pfx_bpf_send_signal_common+0x10/0x10
[  382.907038][T10485]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  382.909128][T10485]  ? trace_lock_acquire+0x14e/0x1f0
[  382.910732][T10485]  ? bpf_trace_run1+0x1ba/0x580
[  382.912163][T10485]  bpf_send_signal+0x1d/0x30
[  382.913541][T10485]  bpf_prog_9fbc3d1d47c9b36c+0x23/0x2a
[  382.915124][T10485]  bpf_trace_run1+0x229/0x580
[  382.916490][T10485]  ? __pfx_bpf_trace_run1+0x10/0x10
[  382.918034][T10485]  ? lock_acquire.part.0+0x11b/0x380
[  382.919857][T10485]  ? __pfx_ext4_evict_inode+0x10/0x10
[  382.921979][T10485]  ext4_evict_inode+0x98a/0x18c0
[  382.923939][T10485]  ? evict+0x3c8/0x960
[  382.925592][T10485]  ? __pfx_lock_release+0x10/0x10
[  382.927634][T10485]  ? __pfx_ext4_evict_inode+0x10/0x10
[  382.929777][T10485]  ? lock_acquire+0x2f/0xb0
[  382.931614][T10485]  ? __pfx_ext4_evict_inode+0x10/0x10
[  382.933752][T10485]  evict+0x409/0x960
[  382.935358][T10485]  ? __pfx_evict+0x10/0x10
[  382.937212][T10485]  ? __pfx___might_resched+0x10/0x10
[  382.939105][T10485]  dispose_list+0x117/0x1e0
[  382.940441][T10485]  prune_icache_sb+0xeb/0x150
[  382.941804][T10485]  ? __pfx_prune_icache_sb+0x10/0x10
[  382.943453][T10485]  ? list_lru_count_one+0x3a/0x310
[  382.944934][T10485]  super_cache_scan+0x375/0x550
[  382.946341][T10485]  do_shrink_slab+0x44f/0x11c0
[  382.947747][T10485]  shrink_slab+0x32b/0x12a0
[  382.949080][T10485]  ? shrink_slab+0x14e/0x12a0
[  382.950457][T10485]  ? rcu_read_unlock+0x17/0x60
[  382.951853][T10485]  ? __pfx_lock_release+0x10/0x10
[  382.953334][T10485]  ? trace_lock_acquire+0x14e/0x1f0
[  382.954833][T10485]  ? __pfx_shrink_slab+0x10/0x10
[  382.956262][T10485]  ? mem_cgroup_iter+0x38a/0x760
[  382.957698][T10485]  drop_slab+0x14c/0x2c0
[  382.958936][T10485]  drop_caches_sysctl_handler+0x171/0x190
[  382.960589][T10485]  proc_sys_call_handler+0x403/0x5d0
[  382.962445][T10485]  ? __pfx_proc_sys_call_handler+0x10/0x10
[  382.964785][T10485]  ? __pfx___lock_acquire+0x10/0x10
[  382.966860][T10485]  ? __pfx_aa_file_perm+0x10/0x10
[  382.968913][T10485]  ? lock_acquire.part.0+0x11b/0x380
[  382.971048][T10485]  do_iter_readv_writev+0x532/0x7f0
[  382.973168][T10485]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  382.975400][T10485]  ? rcu_is_watching+0x12/0xc0
[  382.977320][T10485]  ? do_writev+0x133/0x340
[  382.979144][T10485]  vfs_writev+0x363/0xdd0
[  382.980897][T10485]  ? fdget_pos+0x267/0x390
[  382.982493][T10485]  ? rcu_is_watching+0x12/0xc0
[  382.983909][T10485]  ? __pfx_vfs_writev+0x10/0x10
[  382.985306][T10485]  ? __mutex_lock+0x1cc/0xa60
[  382.986668][T10485]  ? find_held_lock+0x2d/0x110
[  382.988060][T10485]  ? __pfx___mutex_lock+0x10/0x10
[  382.989506][T10485]  ? trace_lock_acquire+0x14e/0x1f0
[  382.991014][T10485]  ? __fget_files+0x206/0x3a0
[  382.992371][T10485]  ? do_writev+0x133/0x340
[  382.993983][T10485]  do_writev+0x133/0x340
[  382.995214][T10485]  ? __pfx_do_writev+0x10/0x10
[  382.996595][T10485]  __do_fast_syscall_32+0x73/0x120
[  382.998062][T10485]  do_fast_syscall_32+0x32/0x80
[  382.999481][T10485]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  383.001279][T10485] RIP: 0023:0xf709e579
[  383.002448][T10485] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  383.009115][T10485] RSP: 002b:00000000f509055c EFLAGS: 00000296 ORIG_RAX: 0000000000000092
[  383.012049][T10485] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000200000c0
[  383.014476][T10485] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  383.016749][T10485] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  383.019002][T10485] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  383.021165][T10485] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  383.023625][T10485]  </TASK>
[  383.125553][T10491] overlayfs: empty lowerdir
[  383.140918][   T39] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.144556][T10485] syz.1.1226 (10485): drop_caches: 2
[  384.813290][T10507] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  384.849128][   T67] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  384.852834][   T67] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  384.855586][   T67] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  384.862432][   T67] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  384.864601][   T67] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  384.867215][   T67] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  384.953681][T10508] chnl_net:caif_netlink_parms(): no params data found
[  385.003538][   T39] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  385.057797][T10508] bridge0: port 1(bridge_slave_0) entered blocking state
[  385.060204][  T834] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  385.062631][T10508] bridge0: port 1(bridge_slave_0) entered disabled state
[  385.064732][T10508] bridge_slave_0: entered allmulticast mode
[  385.068234][T10508] bridge_slave_0: entered promiscuous mode
[  385.088142][   T39] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  385.100886][T10508] bridge0: port 2(bridge_slave_1) entered blocking state
[  385.103163][T10508] bridge0: port 2(bridge_slave_1) entered disabled state
[  385.103319][T10521] FAULT_INJECTION: forcing a failure.
[  385.103319][T10521] name failslab, interval 1, probability 0, space 0, times 0
[  385.105482][T10508] bridge_slave_1: entered allmulticast mode
[  385.108593][T10521] CPU: 2 UID: 0 PID: 10521 Comm: syz.1.1236 Not tainted 6.13.0-rc7-syzkaller-00191-gfda5e3f28400 #0
[  385.108610][T10521] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  385.108618][T10521] Call Trace:
[  385.108622][T10521]  <TASK>
[  385.112867][T10508] bridge_slave_1: entered promiscuous mode
[  385.113139][T10521]  dump_stack_lvl+0x16c/0x1f0
[  385.120640][T10521]  should_fail_ex+0x497/0x5b0
[  385.121859][T10521]  should_failslab+0xc2/0x120
[  385.123085][T10521]  kmem_cache_alloc_noprof+0x6e/0x3b0
[  385.124470][T10521]  ? skb_clone+0x190/0x3f0
[  385.125628][T10521]  skb_clone+0x190/0x3f0
[  385.126744][T10521]  netlink_deliver_tap+0xafd/0xca0
[  385.128065][T10521]  netlink_dump+0xb60/0xd00
[  385.129272][T10521]  ? __pfx_netlink_dump+0x10/0x10
[  385.130587][T10521]  ? lock_acquire+0x2f/0xb0
[  385.131768][T10521]  ? netlink_lookup+0x3d/0x270
[  385.132999][T10521]  __netlink_dump_start+0x6d9/0x980
[  385.134345][T10521]  ? __pfx_fib_nl_dumprule+0x10/0x10
[  385.135703][T10521]  rtnetlink_rcv_msg+0xb44/0xea0
[  385.136981][T10521]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  385.138386][T10521]  ? __pfx_fib_nl_dumprule+0x10/0x10
[  385.139885][T10521]  netlink_rcv_skb+0x165/0x410
[  385.141129][T10521]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  385.142545][T10521]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  385.143928][T10521]  ? netlink_deliver_tap+0x1ae/0xca0
[  385.145294][T10521]  netlink_unicast+0x53c/0x7f0
[  385.146544][T10521]  ? __pfx_netlink_unicast+0x10/0x10
[  385.147925][T10521]  ? __phys_addr_symbol+0x30/0x80
[  385.149254][T10521]  ? __check_object_size+0x488/0x710
[  385.150652][T10521]  netlink_sendmsg+0x8b8/0xd70
[  385.151898][T10521]  ? __pfx_netlink_sendmsg+0x10/0x10
[  385.153287][T10521]  ____sys_sendmsg+0x9ae/0xb40
[  385.154533][T10521]  ? __pfx_____sys_sendmsg+0x10/0x10
[  385.155909][T10521]  ? get_compat_msghdr+0x11b/0x170
[  385.157242][T10521]  ___sys_sendmsg+0x135/0x1e0
[  385.158501][T10521]  ? __pfx____sys_sendmsg+0x10/0x10
[  385.159878][T10521]  ? __pfx_lock_release+0x10/0x10
[  385.161193][T10521]  ? trace_lock_acquire+0x14e/0x1f0
[  385.162545][T10521]  ? __fget_files+0x206/0x3a0
[  385.163778][T10521]  __sys_sendmsg+0x16e/0x220
[  385.164993][T10521]  ? __pfx___sys_sendmsg+0x10/0x10
[  385.166331][T10521]  __do_fast_syscall_32+0x73/0x120
[  385.167668][T10521]  do_fast_syscall_32+0x32/0x80
[  385.168947][T10521]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  385.170613][T10521] RIP: 0023:0xf709e579
[  385.171698][T10521] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  385.176636][T10521] RSP: 002b:00000000f509055c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  385.178785][T10521] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020002b40
[  385.180825][T10521] RDX: 0000000000008000 RSI: 0000000000000000 RDI: 0000000000000000
[  385.182856][T10521] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  385.184882][T10521] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  385.187387][T10521] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  385.189452][T10521]  </TASK>
[  385.190367][    C2] vkms_vblank_simulate: vblank timer overrun
[  385.225123][T10524] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  385.235425][   T39] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  385.278954][  T834] usb 8-1: Using ep0 maxpacket: 16
[  385.288279][  T834] usb 8-1: config 1 interface 0 altsetting 191 bulk endpoint 0x1 has invalid maxpacket 32
[  385.291325][  T834] usb 8-1: config 1 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  385.293050][T10508] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  385.296167][  T834] usb 8-1: config 1 interface 0 has no altsetting 0
[  385.299849][T10508] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  385.306441][  T834] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  385.309115][  T834] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.311423][  T834] usb 8-1: Product: ч
[  385.312609][  T834] usb 8-1: Manufacturer: а
[  385.313927][  T834] usb 8-1: SerialNumber: 苊䉂ᒌዦ缡되䙸⍀䭐ᆺ壕⒋ㅅ室鉚팯
[  385.328509][T10502] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  385.337268][T10508] team0: Port device team_slave_0 added
[  385.340049][T10508] team0: Port device team_slave_1 added
[  385.358354][T10508] batman_adv: batadv0: Adding interface: batadv_slave_0
[  385.361025][T10508] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  385.368230][T10508] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  385.372496][T10508] batman_adv: batadv0: Adding interface: batadv_slave_1
[  385.374725][T10508] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  385.382391][T10508] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  385.415823][   T39] bridge_slave_1: left allmulticast mode
[  385.417951][   T39] bridge_slave_1: left promiscuous mode
[  385.420312][   T39] bridge0: port 2(bridge_slave_1) entered disabled state
[  385.423401][   T39] bridge_slave_0: left allmulticast mode
[  385.425036][   T39] bridge_slave_0: left promiscuous mode
[  385.426776][   T39] bridge0: port 1(bridge_slave_0) entered disabled state
[  385.518842][   T25] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  385.535484][  T834] usb 8-1: USB disconnect, device number 26
[  385.678860][   T25] usb 6-1: Using ep0 maxpacket: 8
[  385.681745][   T25] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  385.684161][   T25] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  385.687727][   T25] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  385.690935][   T25] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  385.693714][   T25] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  385.697403][   T25] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  385.700048][   T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  385.716936][   T39] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  385.721615][   T39] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  385.725368][   T39] bond0 (unregistering): Released all slaves
[  385.732797][T10508] hsr_slave_0: entered promiscuous mode
[  385.735825][T10508] hsr_slave_1: entered promiscuous mode
[  385.738159][T10508] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  385.740551][T10508] Cannot create hsr debugfs directory
[  385.907959][   T25] usb 6-1: usb_control_msg returned -32
[  385.909531][   T25] usbtmc 6-1:16.0: can't read capabilities
[  386.070250][T10535] overlayfs: empty lowerdir
[  386.076257][   T39] hsr_slave_0: left promiscuous mode
[  386.078213][   T39] hsr_slave_1: left promiscuous mode
[  386.082875][   T39] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  386.085076][   T39] batman_adv: batadv0: Removing interface: batadv_slave_0
[  386.088502][   T39] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  386.092034][   T39] batman_adv: batadv0: Removing interface: batadv_slave_1
[  386.116624][   T39] veth1_macvtap: left promiscuous mode
[  386.118263][   T39] veth0_macvtap: left promiscuous mode
[  386.121455][   T39] veth1_vlan: left promiscuous mode
[  386.122997][   T39] veth0_vlan: left promiscuous mode
[  386.180536][T10530] ceph: No mds server is up or the cluster is laggy
[  386.947688][   T39] team0 (unregistering): Port device team_slave_1 removed
[  386.960658][ T5973] Bluetooth: hci1: command tx timeout
[  387.039462][   T39] team0 (unregistering): Port device team_slave_0 removed
[  387.256810][T10552] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1245'.
[  387.518895][ T6021] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  387.668818][ T6021] usb 5-1: Using ep0 maxpacket: 16
[  387.671638][ T6021] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  387.673999][ T6021] usb 5-1: config 0 has no interface number 0
[  387.675804][ T6021] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  387.679444][ T6021] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  387.684513][ T6021] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  387.687261][ T6021] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  387.691311][ T6021] usb 5-1: Product: syz
[  387.692562][ T6021] usb 5-1: SerialNumber: syz
[  387.694880][ T6021] usb 5-1: config 0 descriptor??
[  387.697669][ T6021] cm109 5-1:0.8: invalid payload size 0, expected 4
[  387.700408][ T6021] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.8/input/input76
[  387.847864][T10508] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  387.859175][T10508] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  387.863385][T10508] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  387.867152][T10508] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  387.919634][T10508] 8021q: adding VLAN 0 to HW filter on device bond0
[  387.933416][T10508] 8021q: adding VLAN 0 to HW filter on device team0
[  387.937595][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  387.940273][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  387.949196][    C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  387.949305][ T6008] usb 5-1: USB disconnect, device number 33
[  387.951164][    C1] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  387.955315][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state
[  387.957749][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state
[  387.967744][ T6008] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  387.988231][T10508] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  387.992293][T10508] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  388.107299][T10508] 8021q: adding VLAN 0 to HW filter on device batadv0
[  388.141428][T10508] veth0_vlan: entered promiscuous mode
[  388.150406][T10508] veth1_vlan: entered promiscuous mode
[  388.168269][T10508] veth0_macvtap: entered promiscuous mode
[  388.173464][T10508] veth1_macvtap: entered promiscuous mode
[  388.179590][T10508] batman_adv: batadv0: Interface activated: batadv_slave_0
[  388.184336][T10508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  388.187315][T10508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  388.191132][T10508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  388.194073][T10508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  388.197340][T10508] batman_adv: batadv0: Interface activated: batadv_slave_1
[  388.202200][T10508] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  388.204579][T10508] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  388.206969][T10508] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  388.209628][T10508] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  388.236188][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  388.239160][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  388.249408][   T39] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  388.255322][   T39] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  388.281610][ T6008] usb 6-1: USB disconnect, device number 32
[  388.618882][ T6008] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  388.768984][ T6008] usb 6-1: Using ep0 maxpacket: 16
[  388.773698][ T6008] usb 6-1: config 1 interface 0 altsetting 191 bulk endpoint 0x1 has invalid maxpacket 32
[  388.776539][ T6008] usb 6-1: config 1 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  388.780733][ T6008] usb 6-1: config 1 interface 0 has no altsetting 0
[  388.784508][ T6008] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  388.787017][ T6008] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  388.789731][ T6008] usb 6-1: Product: ч
[  388.791038][ T6008] usb 6-1: Manufacturer: а
[  388.792270][ T6008] usb 6-1: SerialNumber: 苊䉂ᒌዦ缡되䙸⍀䭐ᆺ壕⒋ㅅ室鉚팯
[  388.800233][T10564] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  389.009367][ T6008] usb 6-1: USB disconnect, device number 33
[  389.353519][T10568] ceph: No mds server is up or the cluster is laggy
[  389.694403][T10588] input: syz0 as /devices/virtual/input/input77
[  390.228933][T10595] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in;
[  390.228933][T10595]    program syz.3.1257 not setting count and/or reply_len properly
[  390.571761][T10603] random: crng reseeded on system resumption
[  390.806904][ T1162] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  392.696492][ T1162] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  392.723859][ T5969] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  392.724955][T10615] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1264'.
[  392.732141][T10615] netlink: 'syz.3.1264': attribute type 1 has an invalid length.
[  392.738413][ T5969] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  392.742914][ T5969] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  392.753768][ T5969] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  392.761811][ T5969] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  392.769301][ T5969] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  392.772774][ T1162] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  392.879233][   T25] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  392.930303][ T1162] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  392.972925][T10619] chnl_net:caif_netlink_parms(): no params data found
[  393.061689][   T25] usb 6-1: Using ep0 maxpacket: 16
[  393.071254][   T25] usb 6-1: config 1 interface 0 altsetting 191 bulk endpoint 0x1 has invalid maxpacket 32
[  393.081926][   T25] usb 6-1: config 1 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  393.093780][   T25] usb 6-1: config 1 interface 0 has no altsetting 0
[  393.098494][   T25] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  393.105111][   T25] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  393.113887][   T25] usb 6-1: Product: ч
[  393.116564][   T25] usb 6-1: Manufacturer: а
[  393.126900][   T25] usb 6-1: SerialNumber: 苊䉂ᒌዦ缡되䙸⍀䭐ᆺ壕⒋ㅅ室鉚팯
[  393.138237][T10612] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  393.328158][T10619] bridge0: port 1(bridge_slave_0) entered blocking state
[  393.331226][T10619] bridge0: port 1(bridge_slave_0) entered disabled state
[  393.333521][T10619] bridge_slave_0: entered allmulticast mode
[  393.336365][T10619] bridge_slave_0: entered promiscuous mode
[  393.348569][T10619] bridge0: port 2(bridge_slave_1) entered blocking state
[  393.358923][T10619] bridge0: port 2(bridge_slave_1) entered disabled state
[  393.362640][   T25] usb 6-1: USB disconnect, device number 34
[  393.365593][T10619] bridge_slave_1: entered allmulticast mode
[  393.374068][T10619] bridge_slave_1: entered promiscuous mode
[  393.432278][ T1162] bridge_slave_1: left allmulticast mode
[  393.433951][ T1162] bridge_slave_1: left promiscuous mode
[  393.435636][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state
[  393.451176][ T1162] bridge_slave_0: left allmulticast mode
[  393.466873][ T1162] bridge_slave_0: left promiscuous mode
[  393.469424][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state
[  393.841795][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  393.846046][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  393.849951][ T1162] bond0 (unregistering): Released all slaves
[  393.854820][T10619] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  393.858499][T10619] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  394.007863][T10619] team0: Port device team_slave_0 added
[  394.011554][T10619] team0: Port device team_slave_1 added
[  394.036638][T10619] batman_adv: batadv0: Adding interface: batadv_slave_0
[  394.039780][T10619] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  394.052549][T10619] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  394.059174][T10619] batman_adv: batadv0: Adding interface: batadv_slave_1
[  394.063486][T10619] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  394.072624][T10645] input: syz0 as /devices/virtual/input/input78
[  394.204205][T10619] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  394.418166][T10619] hsr_slave_0: entered promiscuous mode
[  394.432471][T10619] hsr_slave_1: entered promiscuous mode
[  394.443574][T10619] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  394.446284][T10619] Cannot create hsr debugfs directory
[  394.473765][ T1162] hsr_slave_0: left promiscuous mode
[  394.477726][ T1162] hsr_slave_1: left promiscuous mode
[  394.488472][ T1162] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  394.495423][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0
[  394.518854][ T1162] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  394.521144][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1
[  394.549143][ T1162] veth1_macvtap: left promiscuous mode
[  394.551152][ T1162] veth0_macvtap: left promiscuous mode
[  394.552944][ T1162] veth1_vlan: left promiscuous mode
[  394.555639][ T1162] veth0_vlan: left promiscuous mode
[  394.800976][ T5973] Bluetooth: hci1: command tx timeout
[  395.322974][  T833] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  395.326872][ T1162] team0 (unregistering): Port device team_slave_1 removed
[  395.405311][ T1162] team0 (unregistering): Port device team_slave_0 removed
[  395.478837][  T833] usb 6-1: Using ep0 maxpacket: 16
[  395.482496][  T833] usb 6-1: config 1 interface 0 altsetting 191 bulk endpoint 0x1 has invalid maxpacket 32
[  395.486399][  T833] usb 6-1: config 1 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  395.492550][  T833] usb 6-1: config 1 interface 0 has no altsetting 0
[  395.496653][  T833] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  395.499639][  T833] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  395.501950][  T833] usb 6-1: Product: ч
[  395.503222][  T833] usb 6-1: Manufacturer: а
[  395.504549][  T833] usb 6-1: SerialNumber: 苊䉂ᒌዦ缡되䙸⍀䭐ᆺ壕⒋ㅅ室鉚팯
[  395.508484][T10659] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  395.715972][  T833] usb 6-1: USB disconnect, device number 35
[  396.363275][T10677] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in;
[  396.363275][T10677]    program syz.0.1278 not setting count and/or reply_len properly
[  396.765235][T10619] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  396.780072][T10619] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  396.784853][T10619] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  396.788393][T10619] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  396.851674][T10619] 8021q: adding VLAN 0 to HW filter on device bond0
[  396.872796][T10619] 8021q: adding VLAN 0 to HW filter on device team0
[  396.882933][   T39] bridge0: port 1(bridge_slave_0) entered blocking state
[  396.885805][   T39] bridge0: port 1(bridge_slave_0) entered forwarding state
[  396.888828][ T5973] Bluetooth: hci1: command tx timeout
[  396.912902][T10619] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  396.915601][T10619] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  396.927034][   T39] bridge0: port 2(bridge_slave_1) entered blocking state
[  396.929995][   T39] bridge0: port 2(bridge_slave_1) entered forwarding state
[  397.062573][T10619] 8021q: adding VLAN 0 to HW filter on device batadv0
[  397.074380][T10689] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  397.104261][T10619] veth0_vlan: entered promiscuous mode
[  397.107838][T10619] veth1_vlan: entered promiscuous mode
[  397.119828][T10619] veth0_macvtap: entered promiscuous mode
[  397.122991][T10619] veth1_macvtap: entered promiscuous mode
[  397.132596][T10619] batman_adv: batadv0: Interface activated: batadv_slave_0
[  397.136513][T10619] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  397.139642][T10619] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  397.142113][T10619] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  397.145291][T10619] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  397.148308][T10619] batman_adv: batadv0: Interface activated: batadv_slave_1
[  397.151858][T10619] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  397.154103][T10619] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  397.156404][T10619] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  397.158684][T10619] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  397.234548][   T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  397.236846][   T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  397.261025][   T92] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  397.263339][   T92] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  397.506645][T10708] FAULT_INJECTION: forcing a failure.
[  397.506645][T10708] name failslab, interval 1, probability 0, space 0, times 0
[  397.510906][T10708] CPU: 2 UID: 0 PID: 10708 Comm: syz.0.1290 Not tainted 6.13.0-rc7-syzkaller-00191-gfda5e3f28400 #0
[  397.514069][T10708] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  397.517224][T10708] Call Trace:
[  397.518213][T10708]  <TASK>
[  397.519204][T10708]  dump_stack_lvl+0x16c/0x1f0
[  397.520614][T10708]  should_fail_ex+0x497/0x5b0
[  397.522017][T10708]  ? fs_reclaim_acquire+0xae/0x150
[  397.523556][T10708]  should_failslab+0xc2/0x120
[  397.524967][T10708]  __kmalloc_noprof+0xce/0x4f0
[  397.526398][T10708]  ? tomoyo_encode2+0x100/0x3e0
[  397.527875][T10708]  tomoyo_encode2+0x100/0x3e0
[  397.529279][T10708]  tomoyo_realpath_from_path+0x1a7/0x710
[  397.530961][T10708]  ? tomoyo_path_number_perm+0x235/0x5b0
[  397.532620][T10708]  tomoyo_path_number_perm+0x248/0x5b0
[  397.534227][T10708]  ? tomoyo_path_number_perm+0x235/0x5b0
[  397.535895][T10708]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  397.537734][T10708]  ? __pfx_lock_release+0x10/0x10
[  397.539292][T10708]  ? trace_lock_acquire+0x14e/0x1f0
[  397.541338][T10708]  ? lock_acquire+0x2f/0xb0
[  397.543174][T10708]  ? __fget_files+0x40/0x3a0
[  397.545095][T10708]  ? __fget_files+0x206/0x3a0
[  397.546925][T10708]  security_file_ioctl_compat+0x9b/0x240
[  397.548608][T10708]  __do_compat_sys_ioctl+0x4e/0x2c0
[  397.550165][T10708]  __do_fast_syscall_32+0x73/0x120
[  397.551706][T10708]  do_fast_syscall_32+0x32/0x80
[  397.553157][T10708]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  397.555042][T10708] RIP: 0023:0xf7f36579
[  397.556254][T10708] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  397.561909][T10708] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  397.564346][T10708] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000ae78
[  397.566689][T10708] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  397.569029][T10708] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  397.571348][T10708] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  397.573630][T10708] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  397.575949][T10708]  </TASK>
[  397.580909][T10708] ERROR: Out of memory at tomoyo_realpath_from_path.
[  397.765307][T10711] Bluetooth: MGMT ver 1.23
[  397.825729][T10713] tipc: Started in network mode
[  397.827377][T10713] tipc: Node identity ffffffff, cluster identity 4711
[  397.829579][T10713] tipc: Node number set to 4294967295
[  398.020569][T10719] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1293'.
[  398.270023][T10723] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in;
[  398.270023][T10723]    program syz.3.1294 not setting count and/or reply_len properly
[  399.089976][T10729] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  399.258960][ T5745] usb 8-1: new high-speed USB device number 27 using dummy_hcd
[  399.303713][T10739] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  399.418884][ T5745] usb 8-1: Using ep0 maxpacket: 8
[  399.422156][ T5745] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  399.424577][ T5745] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  399.427378][ T5745] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  399.430354][ T5745] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  399.433296][ T5745] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  399.437100][ T5745] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  399.439812][ T5745] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  399.542354][T10745] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  399.649675][ T5745] usb 8-1: usb_control_msg returned -32
[  399.653559][ T5745] usbtmc 8-1:16.0: can't read capabilities
[  399.750203][ T1162] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.464050][ T1162] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.562992][ T1162] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.586253][ T5969] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  401.593655][ T5969] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  401.597716][ T5969] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  401.605774][ T5969] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  401.613596][ T5969] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  401.616704][ T5969] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  401.636874][ T1162] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.706920][ T1162] bridge_slave_1: left allmulticast mode
[  401.708830][ T1162] bridge_slave_1: left promiscuous mode
[  401.710924][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state
[  401.714243][ T1162] bridge_slave_0: left allmulticast mode
[  401.715869][ T1162] bridge_slave_0: left promiscuous mode
[  401.717527][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state
[  401.989670][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  401.994086][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  402.002645][ T1162] bond0 (unregistering): Released all slaves
[  402.009730][T10758] chnl_net:caif_netlink_parms(): no params data found
[  402.032434][ T5745] usb 8-1: USB disconnect, device number 27
[  402.060307][T10781] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1308'.
[  402.089583][T10784] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1309'.
[  402.102779][T10784] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1309'.
[  402.157631][T10758] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.166634][T10758] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.168943][T10758] bridge_slave_0: entered allmulticast mode
[  402.174929][T10758] bridge_slave_0: entered promiscuous mode
[  402.193396][T10758] bridge0: port 2(bridge_slave_1) entered blocking state
[  402.195515][T10758] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.197609][T10758] bridge_slave_1: entered allmulticast mode
[  402.200435][T10758] bridge_slave_1: entered promiscuous mode
[  402.222859][T10758] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  402.226378][T10758] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  402.247681][T10792] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  402.250605][T10758] team0: Port device team_slave_0 added
[  402.253934][T10758] team0: Port device team_slave_1 added
[  402.279891][T10758] batman_adv: batadv0: Adding interface: batadv_slave_0
[  402.281979][T10758] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  402.290199][T10758] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  402.295138][T10758] batman_adv: batadv0: Adding interface: batadv_slave_1
[  402.297161][T10758] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  402.307095][T10758] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  402.350777][T10758] hsr_slave_0: entered promiscuous mode
[  402.352979][T10758] hsr_slave_1: entered promiscuous mode
[  402.355438][T10758] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  402.357687][T10758] Cannot create hsr debugfs directory
[  402.496877][ T1162] hsr_slave_0: left promiscuous mode
[  402.501189][ T1162] hsr_slave_1: left promiscuous mode
[  402.504028][ T1162] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  402.506313][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0
[  402.511373][ T1162] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  402.513530][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1
[  402.540928][ T1162] veth1_macvtap: left promiscuous mode
[  402.542693][ T1162] veth0_macvtap: left promiscuous mode
[  402.544382][ T1162] veth1_vlan: left promiscuous mode
[  402.545995][ T1162] veth0_vlan: left promiscuous mode
[  403.347075][ T1162] team0 (unregistering): Port device team_slave_1 removed
[  403.532722][ T1162] team0 (unregistering): Port device team_slave_0 removed
[  403.688820][ T5973] Bluetooth: hci1: command tx timeout
[  404.044039][T10823] FAULT_INJECTION: forcing a failure.
[  404.044039][T10823] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  404.051204][T10823] CPU: 2 UID: 0 PID: 10823 Comm: syz.0.1319 Not tainted 6.13.0-rc7-syzkaller-00191-gfda5e3f28400 #0
[  404.055114][T10823] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  404.058880][T10823] Call Trace:
[  404.059987][T10823]  <TASK>
[  404.060849][T10823]  dump_stack_lvl+0x16c/0x1f0
[  404.062218][T10823]  should_fail_ex+0x497/0x5b0
[  404.063600][T10823]  _copy_to_user+0x32/0xd0
[  404.064884][T10823]  simple_read_from_buffer+0xd0/0x160
[  404.066423][T10823]  proc_fail_nth_read+0x198/0x270
[  404.067990][T10823]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  404.069913][T10823]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  404.071754][T10823]  vfs_read+0x1df/0xbe0
[  404.073329][T10823]  ? __fget_files+0x1fc/0x3a0
[  404.074716][T10823]  ? __pfx___mutex_lock+0x10/0x10
[  404.076180][T10823]  ? __pfx_vfs_read+0x10/0x10
[  404.077552][T10823]  ? __fget_files+0x206/0x3a0
[  404.078956][T10823]  ksys_read+0x12b/0x250
[  404.080197][T10823]  ? __pfx_ksys_read+0x10/0x10
[  404.081635][T10823]  __do_fast_syscall_32+0x73/0x120
[  404.083081][T10823]  do_fast_syscall_32+0x32/0x80
[  404.084477][T10823]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  404.086259][T10823] RIP: 0023:0xf7f36579
[  404.087435][T10823] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  404.093435][T10823] RSP: 002b:00000000f5086590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  404.096262][T10823] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5086620
[  404.099118][T10823] RDX: 000000000000000f RSI: 00000000f73c3ff4 RDI: 0000000000000000
[  404.101817][T10823] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  404.104066][T10823] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  404.106889][T10823] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  404.109809][T10823]  </TASK>
[  404.225838][T10827] netlink: 'syz.0.1321': attribute type 11 has an invalid length.
[  404.555072][T10810] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  404.623277][T10834] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  404.689896][T10840] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1324'.
[  404.692867][T10840] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1324'.
[  404.715234][T10840] FAULT_INJECTION: forcing a failure.
[  404.715234][T10840] name failslab, interval 1, probability 0, space 0, times 0
[  404.719328][T10840] CPU: 1 UID: 0 PID: 10840 Comm: syz.1.1324 Not tainted 6.13.0-rc7-syzkaller-00191-gfda5e3f28400 #0
[  404.722412][T10840] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  404.725516][T10840] Call Trace:
[  404.726518][T10840]  <TASK>
[  404.727385][T10840]  dump_stack_lvl+0x16c/0x1f0
[  404.728818][T10840]  should_fail_ex+0x497/0x5b0
[  404.730213][T10840]  ? fs_reclaim_acquire+0xae/0x150
[  404.731728][T10840]  should_failslab+0xc2/0x120
[  404.733114][T10840]  __kmalloc_cache_noprof+0x68/0x420
[  404.734676][T10840]  ? do_raw_read_unlock+0x44/0xe0
[  404.736140][T10840]  ? lockdep_init_map_type+0x16d/0x7d0
[  404.737718][T10840]  basic_init+0x43/0x1f0
[  404.738986][T10840]  tc_new_tfilter+0x11c0/0x23a0
[  404.740410][T10840]  ? __pfx_tc_new_tfilter+0x10/0x10
[  404.741917][T10840]  ? __pfx___lock_acquire+0x10/0x10
[  404.743494][T10840]  ? kmem_cache_free+0x152/0x4c0
[  404.744935][T10840]  ? aa_get_newest_label+0x376/0x680
[  404.746492][T10840]  ? find_held_lock+0x2d/0x110
[  404.747912][T10840]  ? rtnetlink_rcv_msg+0x93a/0xea0
[  404.749495][T10840]  ? __pfx_lock_release+0x10/0x10
[  404.750979][T10840]  ? trace_lock_acquire+0x14e/0x1f0
[  404.752496][T10840]  ? __pfx_tc_new_tfilter+0x10/0x10
[  404.754008][T10840]  rtnetlink_rcv_msg+0x95b/0xea0
[  404.755467][T10840]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  404.757086][T10840]  ? __pfx___dev_queue_xmit+0x10/0x10
[  404.758732][T10840]  netlink_rcv_skb+0x165/0x410
[  404.760215][T10840]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  404.761824][T10840]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  404.763374][T10840]  ? netlink_deliver_tap+0x1ae/0xca0
[  404.764900][T10840]  netlink_unicast+0x53c/0x7f0
[  404.766284][T10840]  ? __pfx_netlink_unicast+0x10/0x10
[  404.767824][T10840]  ? __phys_addr_symbol+0x30/0x80
[  404.769314][T10840]  ? __check_object_size+0x488/0x710
[  404.770864][T10840]  netlink_sendmsg+0x8b8/0xd70
[  404.772252][T10840]  ? __pfx_netlink_sendmsg+0x10/0x10
[  404.773799][T10840]  ____sys_sendmsg+0x9ae/0xb40
[  404.775215][T10840]  ? __pfx_____sys_sendmsg+0x10/0x10
[  404.776742][T10840]  ? get_compat_msghdr+0x11b/0x170
[  404.778178][T10840]  ___sys_sendmsg+0x135/0x1e0
[  404.779537][T10840]  ? __pfx____sys_sendmsg+0x10/0x10
[  404.781013][T10840]  ? __pfx_lock_release+0x10/0x10
[  404.782474][T10840]  ? trace_lock_acquire+0x14e/0x1f0
[  404.783975][T10840]  ? __fget_files+0x206/0x3a0
[  404.785343][T10840]  __sys_sendmsg+0x16e/0x220
[  404.786705][T10840]  ? __pfx___sys_sendmsg+0x10/0x10
[  404.788193][T10840]  __do_fast_syscall_32+0x73/0x120
[  404.789711][T10840]  do_fast_syscall_32+0x32/0x80
[  404.791141][T10840]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  404.792985][T10840] RIP: 0023:0xf709e579
[  404.794173][T10840] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  404.799715][T10840] RSP: 002b:00000000f509055c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  404.802110][T10840] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000140
[  404.804415][T10840] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  404.806709][T10840] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  404.809025][T10840] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  404.811315][T10840] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  404.813614][T10840]  </TASK>
[  404.937055][T10758] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  404.940343][T10758] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  404.943377][T10758] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  404.947438][T10758] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  404.972203][T10758] 8021q: adding VLAN 0 to HW filter on device bond0
[  404.977579][T10758] 8021q: adding VLAN 0 to HW filter on device team0
[  404.989502][T10758] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  404.992483][T10758] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  404.997119][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  404.999520][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  405.002786][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  405.004888][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  405.081058][T10758] 8021q: adding VLAN 0 to HW filter on device batadv0
[  405.097504][T10758] veth0_vlan: entered promiscuous mode
[  405.102930][T10758] veth1_vlan: entered promiscuous mode
[  405.114933][T10758] veth0_macvtap: entered promiscuous mode
[  405.118044][T10758] veth1_macvtap: entered promiscuous mode
[  405.120019][ T6021] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  405.143880][T10758] batman_adv: batadv0: Interface activated: batadv_slave_0
[  405.148483][T10758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  405.166468][T10758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  405.170930][T10758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  405.173921][T10758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  405.177307][T10758] batman_adv: batadv0: Interface activated: batadv_slave_1
[  405.181933][T10758] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  405.184468][T10758] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  405.186974][T10758] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  405.189937][T10758] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  405.233804][   T92] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  405.246003][   T92] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  405.258379][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  405.261075][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  405.280364][ T6021] usb 6-1: Using ep0 maxpacket: 16
[  405.283016][ T6021] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  405.285900][ T6021] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  405.293526][ T6021] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  405.298314][ T6021] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  405.303226][ T6021] usb 6-1: config 0 descriptor??
[  405.306381][ T6021] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  405.528839][ T5745] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[  405.568197][T10861] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  405.688851][ T5745] usb 8-1: Using ep0 maxpacket: 8
[  405.693023][ T5745] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  405.696395][ T5745] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  405.701797][ T5745] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  405.705554][ T5745] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  405.709776][ T5745] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  405.715018][ T5745] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  405.718651][ T5745] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  405.974772][ T5745] usb 8-1: usb_control_msg returned -32
[  405.976474][ T5745] usbtmc 8-1:16.0: can't read capabilities
[  406.084327][T10866] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in;
[  406.084327][T10866]    program syz.0.1331 not setting count and/or reply_len properly
[  406.092602][T10866] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1331'.
[  407.076604][T10875] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1333'.
[  407.079988][T10875] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  407.886026][T10628] usb 6-1: USB disconnect, device number 36
[  407.979970][ T6021] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  408.168838][ T6021] usb 5-1: Using ep0 maxpacket: 16
[  408.172416][ T6021] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  408.175617][ T6021] usb 5-1: config 0 has no interface number 0
[  408.178056][ T6021] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  408.183008][ T6021] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  408.187942][ T6021] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  408.192887][ T6021] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  408.195501][ T6021] usb 5-1: Product: syz
[  408.196817][ T6021] usb 5-1: SerialNumber: syz
[  408.201275][ T6021] usb 5-1: config 0 descriptor??
[  408.204359][ T6021] cm109 5-1:0.8: invalid payload size 0, expected 4
[  408.209363][ T6021] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.8/input/input79
[  408.244316][   T46] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  408.300846][ T6021] usb 8-1: USB disconnect, device number 28
[  408.417273][    C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  408.419504][    C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  408.421668][    C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  408.423844][    C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  408.425859][   T30] usb 5-1: USB disconnect, device number 34
[  408.427605][    C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  408.427616][    C1] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  408.433380][   T30] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  409.606601][   T46] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  409.695373][   T46] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  409.791110][   T46] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  409.921087][   T46] bridge_slave_1: left allmulticast mode
[  409.922742][   T46] bridge_slave_1: left promiscuous mode
[  409.924400][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  409.927442][   T46] bridge_slave_0: left allmulticast mode
[  409.929378][   T46] bridge_slave_0: left promiscuous mode
[  409.931040][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  410.127792][T10887] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  410.195185][T10890] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1338'.
[  410.209159][ T5969] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  410.224666][ T5969] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  410.229880][ T5969] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  410.237869][   T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  410.238180][ T5969] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  410.245650][ T5969] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  410.247941][ T5969] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  410.256763][T10896] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1338'.
[  410.258962][   T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  410.264690][   T46] bond0 (unregistering): Released all slaves
[  410.407234][T10908] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 20000 - 0
[  410.411905][T10908] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 20000 - 0
[  410.414464][T10908] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 20000 - 0
[  410.416844][T10908] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 20000 - 0
[  410.425553][T10891] chnl_net:caif_netlink_parms(): no params data found
[  410.473377][T10915] netlink: 'syz.3.1343': attribute type 2 has an invalid length.
[  410.629759][T10921] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  410.646888][T10891] bridge0: port 1(bridge_slave_0) entered blocking state
[  410.651312][T10891] bridge0: port 1(bridge_slave_0) entered disabled state
[  410.656312][T10891] bridge_slave_0: entered allmulticast mode
[  410.666808][T10891] bridge_slave_0: entered promiscuous mode
[  410.692654][T10891] bridge0: port 2(bridge_slave_1) entered blocking state
[  410.705501][T10891] bridge0: port 2(bridge_slave_1) entered disabled state
[  410.709335][T10891] bridge_slave_1: entered allmulticast mode
[  410.711816][T10891] bridge_slave_1: entered promiscuous mode
[  410.788079][   T46] hsr_slave_0: left promiscuous mode
[  410.793855][   T46] hsr_slave_1: left promiscuous mode
[  410.798327][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  410.803777][   T46] batman_adv: batadv0: Removing interface: batadv_slave_0
[  410.809562][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  410.812412][   T46] batman_adv: batadv0: Removing interface: batadv_slave_1
[  410.889536][   T46] veth1_macvtap: left promiscuous mode
[  410.892599][   T46] veth0_macvtap: left promiscuous mode
[  410.894778][   T46] veth1_vlan: left promiscuous mode
[  410.896767][   T46] veth0_vlan: left promiscuous mode
[  411.239213][T10628] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  411.369867][   T25] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  411.408982][T10628] usb 6-1: Using ep0 maxpacket: 16
[  411.411660][T10628] usb 6-1: config 0 has an invalid interface number: 8 but max is 0
[  411.418819][T10628] usb 6-1: config 0 has no interface number 0
[  411.420786][T10628] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  411.423891][T10628] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  411.428062][T10628] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  411.433818][T10628] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  411.436172][T10628] usb 6-1: Product: syz
[  411.437508][T10628] usb 6-1: SerialNumber: syz
[  411.444522][T10628] usb 6-1: config 0 descriptor??
[  411.447303][T10628] cm109 6-1:0.8: invalid payload size 0, expected 4
[  411.450235][T10628] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.8/input/input80
[  411.539056][   T25] usb 5-1: Using ep0 maxpacket: 8
[  411.543638][   T25] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  411.546031][   T25] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  411.549504][   T25] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  411.552331][   T25] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  411.555249][   T25] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  411.562252][   T25] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  411.565783][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  411.675473][    C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  411.677682][    C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  411.680085][    C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  411.682214][T10628] usb 6-1: USB disconnect, device number 37
[  411.682261][    C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  411.682271][    C2] cm109 6-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  411.698195][T10628] cm109 6-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  411.702522][   T46] team0 (unregistering): Port device team_slave_1 removed
[  411.773123][   T25] usb 5-1: usb_control_msg returned -32
[  411.774681][   T25] usbtmc 5-1:16.0: can't read capabilities
[  411.809106][   T46] team0 (unregistering): Port device team_slave_0 removed
[  412.328843][ T5973] Bluetooth: hci1: command tx timeout
[  412.586705][T10891] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  412.597377][T10891] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  412.647945][T10891] team0: Port device team_slave_0 added
[  412.652422][T10891] team0: Port device team_slave_1 added
[  412.687593][T10891] batman_adv: batadv0: Adding interface: batadv_slave_0
[  412.691378][T10891] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  412.698526][T10891] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  412.703998][T10891] batman_adv: batadv0: Adding interface: batadv_slave_1
[  412.706064][T10891] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  412.713793][T10891] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  412.739965][T10891] hsr_slave_0: entered promiscuous mode
[  412.744079][T10891] hsr_slave_1: entered promiscuous mode
[  412.749246][T10891] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  412.751843][T10949] input: syz0 as /devices/virtual/input/input81
[  412.753682][T10891] Cannot create hsr debugfs directory
[  413.271679][T10955] input: syz0 as /devices/virtual/input/input82
[  413.426172][T10891] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  413.431124][T10891] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  413.446378][T10891] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  413.455394][T10891] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  413.499056][T10891] 8021q: adding VLAN 0 to HW filter on device bond0
[  413.534458][T10891] 8021q: adding VLAN 0 to HW filter on device team0
[  413.549673][   T92] bridge0: port 1(bridge_slave_0) entered blocking state
[  413.551751][   T92] bridge0: port 1(bridge_slave_0) entered forwarding state
[  413.560174][   T92] bridge0: port 2(bridge_slave_1) entered blocking state
[  413.562774][   T92] bridge0: port 2(bridge_slave_1) entered forwarding state
[  413.672495][T10891] 8021q: adding VLAN 0 to HW filter on device batadv0
[  413.710303][T10891] veth0_vlan: entered promiscuous mode
[  413.719408][T10891] veth1_vlan: entered promiscuous mode
[  413.734380][T10891] veth0_macvtap: entered promiscuous mode
[  413.739463][T10891] veth1_macvtap: entered promiscuous mode
[  413.748648][T10891] batman_adv: batadv0: Interface activated: batadv_slave_0
[  413.755004][T10891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  413.760168][T10891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  413.763822][T10891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  413.767258][T10891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  413.771647][T10891] batman_adv: batadv0: Interface activated: batadv_slave_1
[  413.776232][T10891] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  413.781790][T10891] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  413.784981][T10891] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  413.787902][T10891] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  413.828239][   T92] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  413.840650][   T92] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  413.850357][ T1135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  413.852580][ T1135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  413.958877][T10628] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  414.108838][T10628] usb 6-1: Using ep0 maxpacket: 16
[  414.111507][T10628] usb 6-1: config 0 has an invalid interface number: 8 but max is 0
[  414.113875][T10628] usb 6-1: config 0 has no interface number 0
[  414.115631][T10628] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  414.118691][T10628] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  414.124053][T10628] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  414.127842][T10628] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  414.141571][T10628] usb 6-1: Product: syz
[  414.142804][T10628] usb 6-1: SerialNumber: syz
[  414.145039][T10628] usb 6-1: config 0 descriptor??
[  414.147703][T10628] cm109 6-1:0.8: invalid payload size 0, expected 4
[  414.152812][T10628] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.8/input/input83
[  414.156123][   T59] usb 5-1: USB disconnect, device number 35
[  414.367574][    C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  414.369734][    C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  414.371903][    C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  414.374002][    C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  414.376097][    C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  414.378150][    C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  414.380286][    C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  414.382416][    C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  414.384543][    C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  414.386803][    C2] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71
[  414.388934][T10628] usb 6-1: USB disconnect, device number 38
[  414.390826][    C2] cm109 6-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  414.394674][T10628] cm109 6-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  414.987647][T10983] input: syz0 as /devices/virtual/input/input84
[  415.096286][T10984] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in;
[  415.096286][T10984]    program syz.1.1364 not setting count and/or reply_len properly
[  415.119269][T10969] orangefs_mount: mount request failed with -4
[  415.568992][  T834] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  415.740490][  T834] usb 5-1: Using ep0 maxpacket: 8
[  415.743199][  T834] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  415.743729][T10992] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  415.745590][  T834] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  415.752292][  T834] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  415.755396][  T834] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  415.758214][  T834] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  415.762496][  T834] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  415.765147][  T834] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.974765][  T834] usb 5-1: usb_control_msg returned -32
[  415.976389][  T834] usbtmc 5-1:16.0: can't read capabilities
[  416.295735][ T1138] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.063791][ T1138] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.135287][ T1138] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.221387][ T1138] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.321020][   T59] usb 5-1: USB disconnect, device number 36
[  418.428869][ T1138] bridge_slave_1: left allmulticast mode
[  418.430747][ T1138] bridge_slave_1: left promiscuous mode
[  418.432427][ T1138] bridge0: port 2(bridge_slave_1) entered disabled state
[  418.441680][ T1138] bridge_slave_0: left allmulticast mode
[  418.443575][ T1138] bridge_slave_0: left promiscuous mode
[  418.445286][ T1138] bridge0: port 1(bridge_slave_0) entered disabled state
[  418.505615][ T5969] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  418.512254][ T5969] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  418.515629][ T5969] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  418.525320][ T5969] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  418.527579][ T5969] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  418.529808][ T5969] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  418.689006][   T59] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  418.796671][ T1138] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  418.801956][ T1138] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  418.806209][ T1138] bond0 (unregistering): Released all slaves
[  418.839217][   T59] usb 5-1: Using ep0 maxpacket: 16
[  418.843509][   T59] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  418.845796][   T59] usb 5-1: config 0 has no interface number 0
[  418.847537][   T59] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  418.850923][   T59] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  418.854761][   T59] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  418.857340][   T59] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  418.862342][   T59] usb 5-1: Product: syz
[  418.863560][   T59] usb 5-1: SerialNumber: syz
[  418.866019][   T59] usb 5-1: config 0 descriptor??
[  418.868692][   T59] cm109 5-1:0.8: invalid payload size 0, expected 4
[  418.871667][   T59] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.8/input/input85
[  418.982764][T11015] chnl_net:caif_netlink_parms(): no params data found
[  419.082174][ T1138] hsr_slave_0: left promiscuous mode
[  419.083947][ T1138] hsr_slave_1: left promiscuous mode
[  419.086039][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  419.086055][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_0
[  419.086546][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  419.086559][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_1
[  419.108190][ T6021] usb 5-1: USB disconnect, device number 37
[  419.108323][    C2] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  419.113637][ T6021] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  419.122692][ T1138] veth1_macvtap: left promiscuous mode
[  419.124410][ T1138] veth0_macvtap: left promiscuous mode
[  419.126032][ T1138] veth1_vlan: left promiscuous mode
[  419.127593][ T1138] veth0_vlan: left promiscuous mode
[  419.300264][T11034] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  419.942785][ T1138] team0 (unregistering): Port device team_slave_1 removed
[  420.031756][ T1138] team0 (unregistering): Port device team_slave_0 removed
[  420.560550][ T5973] Bluetooth: hci1: command tx timeout
[  420.699643][T11015] bridge0: port 1(bridge_slave_0) entered blocking state
[  420.702217][T11015] bridge0: port 1(bridge_slave_0) entered disabled state
[  420.705142][T11015] bridge_slave_0: entered allmulticast mode
[  420.707648][T11015] bridge_slave_0: entered promiscuous mode
[  420.713017][T11039] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  420.715938][T11015] bridge0: port 2(bridge_slave_1) entered blocking state
[  420.735952][T11015] bridge0: port 2(bridge_slave_1) entered disabled state
[  420.737989][T11015] bridge_slave_1: entered allmulticast mode
[  420.746236][T11015] bridge_slave_1: entered promiscuous mode
[  420.813811][T11015] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  420.817409][T11015] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  420.854669][T11015] team0: Port device team_slave_0 added
[  420.860334][T11015] team0: Port device team_slave_1 added
[  420.884627][T11015] batman_adv: batadv0: Adding interface: batadv_slave_0
[  420.888925][T11015] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  420.896166][T11015] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  420.900473][T11015] batman_adv: batadv0: Adding interface: batadv_slave_1
[  420.902557][T11015] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  420.912741][T11015] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  420.973085][T11015] hsr_slave_0: entered promiscuous mode
[  420.982741][T11015] hsr_slave_1: entered promiscuous mode
[  420.985680][T11015] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  420.987818][T11015] Cannot create hsr debugfs directory
[  421.039024][T10628] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  421.192278][T10628] usb 6-1: Using ep0 maxpacket: 8
[  421.198973][T10628] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  421.201302][T10628] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  421.203963][T10628] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  421.206668][T10628] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  421.229324][T10628] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  421.232750][T10628] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  421.237791][T10628] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  421.443382][T10628] usb 6-1: usb_control_msg returned -32
[  421.445062][T10628] usbtmc 6-1:16.0: can't read capabilities
[  421.645484][T11015] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  421.660534][T11015] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  421.665291][T11015] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  421.668488][T11015] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  421.698551][T11015] 8021q: adding VLAN 0 to HW filter on device bond0
[  421.725593][T11015] 8021q: adding VLAN 0 to HW filter on device team0
[  421.732783][ T1135] bridge0: port 1(bridge_slave_0) entered blocking state
[  421.735213][ T1135] bridge0: port 1(bridge_slave_0) entered forwarding state
[  421.739919][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  421.742666][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  421.761775][T11015] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  421.855516][T11015] 8021q: adding VLAN 0 to HW filter on device batadv0
[  421.858875][T11067] input: syz0 as /devices/virtual/input/input86
[  421.885032][T11015] veth0_vlan: entered promiscuous mode
[  421.890324][T11015] veth1_vlan: entered promiscuous mode
[  421.904702][T11015] veth0_macvtap: entered promiscuous mode
[  421.910517][T11015] veth1_macvtap: entered promiscuous mode
[  421.921090][T11015] batman_adv: batadv0: Interface activated: batadv_slave_0
[  421.926543][T11015] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  421.932134][T11015] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  421.935704][T11015] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  421.939321][T11015] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  421.943760][T11015] batman_adv: batadv0: Interface activated: batadv_slave_1
[  421.947513][T11015] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  421.950969][T11015] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  421.954076][T11015] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  421.956799][T11015] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  422.025719][ T1135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  422.028045][ T1135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  422.037487][ T1135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  422.042126][ T1135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  422.339248][T11078] FAULT_INJECTION: forcing a failure.
[  422.339248][T11078] name failslab, interval 1, probability 0, space 0, times 0
[  422.343034][T11078] CPU: 1 UID: 0 PID: 11078 Comm: syz.0.1386 Not tainted 6.13.0-rc7-syzkaller-00191-gfda5e3f28400 #0
[  422.346174][T11078] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  422.349114][T11078] Call Trace:
[  422.350080][T11078]  <TASK>
[  422.350920][T11078]  dump_stack_lvl+0x16c/0x1f0
[  422.352273][T11078]  should_fail_ex+0x497/0x5b0
[  422.353548][T11078]  ? fs_reclaim_acquire+0xae/0x150
[  422.354950][T11078]  should_failslab+0xc2/0x120
[  422.356252][T11078]  kmem_cache_alloc_node_noprof+0x72/0x3b0
[  422.357801][T11078]  ? __nla_parse+0x40/0x60
[  422.359041][T11078]  ? __alloc_skb+0x2b3/0x380
[  422.360345][T11078]  __alloc_skb+0x2b3/0x380
[  422.361558][T11078]  ? __pfx___alloc_skb+0x10/0x10
[  422.363226][T11078]  ? __pfx_ctnetlink_parse_tuple_filter+0x10/0x10
[  422.365012][T11078]  netlink_dump+0x699/0xd00
[  422.366314][T11078]  ? __pfx_netlink_dump+0x10/0x10
[  422.367686][T11078]  ? lock_acquire+0x2f/0xb0
[  422.368930][T11078]  ? netlink_lookup+0x3d/0x270
[  422.370584][T11078]  __netlink_dump_start+0x6d9/0x980
[  422.371996][T11078]  ctnetlink_get_conntrack+0x5fc/0x7c0
[  422.373449][T11078]  ? __pfx_ctnetlink_get_conntrack+0x10/0x10
[  422.375091][T11078]  ? __pfx_ctnetlink_start+0x10/0x10
[  422.376524][T11078]  ? __pfx_ctnetlink_dump_table+0x10/0x10
[  422.378069][T11078]  ? __pfx_ctnetlink_done+0x10/0x10
[  422.379543][T11078]  ? nfnetlink_rcv_msg+0x87a/0x11e0
[  422.380948][T11078]  nfnetlink_rcv_msg+0x9c3/0x11e0
[  422.382326][T11078]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  422.383781][T11078]  ? find_held_lock+0x2d/0x110
[  422.385127][T11078]  netlink_rcv_skb+0x165/0x410
[  422.386419][T11078]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  422.387897][T11078]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  422.389389][T11078]  ? __pfx_aa_get_newest_label+0x10/0x10
[  422.390940][T11078]  ? bpf_lsm_capable+0x9/0x10
[  422.392223][T11078]  ? security_capable+0x7e/0x260
[  422.393579][T11078]  ? ns_capable+0xd7/0x110
[  422.394779][T11078]  nfnetlink_rcv+0x1b4/0x430
[  422.396015][T11078]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  422.397368][T11078]  ? netlink_deliver_tap+0x1ae/0xca0
[  422.398828][T11078]  netlink_unicast+0x53c/0x7f0
[  422.400121][T11078]  ? __pfx_netlink_unicast+0x10/0x10
[  422.401525][T11078]  ? __phys_addr_symbol+0x30/0x80
[  422.402883][T11078]  ? __check_object_size+0x488/0x710
[  422.404333][T11078]  netlink_sendmsg+0x8b8/0xd70
[  422.405684][T11078]  ? __pfx_netlink_sendmsg+0x10/0x10
[  422.407170][T11078]  ____sys_sendmsg+0x9ae/0xb40
[  422.408470][T11078]  ? __pfx_____sys_sendmsg+0x10/0x10
[  422.409871][T11078]  ? get_compat_msghdr+0x11b/0x170
[  422.411260][T11078]  ___sys_sendmsg+0x135/0x1e0
[  422.412532][T11078]  ? __pfx____sys_sendmsg+0x10/0x10
[  422.413943][T11078]  ? __pfx_lock_release+0x10/0x10
[  422.415303][T11078]  ? trace_lock_acquire+0x14e/0x1f0
[  422.416678][T11078]  ? __fget_files+0x206/0x3a0
[  422.417933][T11078]  __sys_sendmsg+0x16e/0x220
[  422.419213][T11078]  ? __pfx___sys_sendmsg+0x10/0x10
[  422.420598][T11078]  __do_fast_syscall_32+0x73/0x120
[  422.421950][T11078]  do_fast_syscall_32+0x32/0x80
[  422.423263][T11078]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  422.424973][T11078] RIP: 0023:0xf7f36579
[  422.426091][T11078] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  422.431232][T11078] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  422.433405][T11078] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200004c0
[  422.435502][T11078] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  422.437591][T11078] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  422.439803][T11078] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  422.442008][T11078] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  422.444214][T11078]  </TASK>
[  422.500573][T11081] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in;
[  422.500573][T11081]    program syz.3.1385 not setting count and/or reply_len properly
[  422.633799][T11084] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  423.215108][T11095] input: syz0 as /devices/virtual/input/input87
[  423.795266][ T5745] usb 6-1: USB disconnect, device number 39
[  424.258713][   T92] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  426.053371][   T92] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  426.184554][   T92] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  426.282347][   T92] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  426.383580][ T5969] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  426.388178][ T5969] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  426.390915][ T5969] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  426.393449][ T5969] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  426.396303][ T5969] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  426.398553][ T5969] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  426.715057][T11119] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  426.717782][   T92] bridge_slave_1: left allmulticast mode
[  426.722569][   T92] bridge_slave_1: left promiscuous mode
[  426.724252][   T92] bridge0: port 2(bridge_slave_1) entered disabled state
[  426.727540][   T92] bridge_slave_0: left allmulticast mode
[  426.729389][   T92] bridge_slave_0: left promiscuous mode
[  426.731116][   T92] bridge0: port 1(bridge_slave_0) entered disabled state
[  427.031515][   T92] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  427.037359][   T92] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  427.042434][   T92] bond0 (unregistering): Released all slaves
[  427.043666][T11124] FAULT_INJECTION: forcing a failure.
[  427.043666][T11124] name failslab, interval 1, probability 0, space 0, times 0
[  427.047582][T11124] CPU: 3 UID: 0 PID: 11124 Comm: syz.3.1399 Not tainted 6.13.0-rc7-syzkaller-00191-gfda5e3f28400 #0
[  427.050502][T11124] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  427.053416][T11124] Call Trace:
[  427.054360][T11124]  <TASK>
[  427.055193][T11124]  dump_stack_lvl+0x16c/0x1f0
[  427.056526][T11124]  should_fail_ex+0x497/0x5b0
[  427.057836][T11124]  ? fs_reclaim_acquire+0xae/0x150
[  427.059272][T11124]  should_failslab+0xc2/0x120
[  427.060619][T11124]  __kmalloc_cache_noprof+0x68/0x420
[  427.062101][T11124]  nfnl_err_add+0x4e/0x2d0
[  427.063322][T11124]  nfnetlink_rcv_batch+0xe42/0x24e0
[  427.064765][T11124]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  427.066312][T11124]  ? __pfx_lock_release+0x10/0x10
[  427.067714][T11124]  ? __local_bh_enable_ip+0xa4/0x120
[  427.069199][T11124]  ? lockdep_hardirqs_on+0x7c/0x110
[  427.070688][T11124]  ? __pfx___dev_queue_xmit+0x10/0x10
[  427.072119][T11124]  ? __nla_parse+0x40/0x60
[  427.073536][T11124]  nfnetlink_rcv+0x3c3/0x430
[  427.074952][T11124]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  427.076929][T11124]  netlink_unicast+0x53c/0x7f0
[  427.078865][T11124]  ? __pfx_netlink_unicast+0x10/0x10
[  427.080896][T11124]  ? __phys_addr_symbol+0x30/0x80
[  427.082853][T11124]  ? __check_object_size+0x488/0x710
[  427.084920][T11124]  netlink_sendmsg+0x8b8/0xd70
[  427.086833][T11124]  ? __pfx_netlink_sendmsg+0x10/0x10
[  427.088840][T11124]  ____sys_sendmsg+0x9ae/0xb40
[  427.090417][T11124]  ? __pfx_____sys_sendmsg+0x10/0x10
[  427.091913][T11124]  ? get_compat_msghdr+0x11b/0x170
[  427.093399][T11124]  ___sys_sendmsg+0x135/0x1e0
[  427.094757][T11124]  ? __pfx____sys_sendmsg+0x10/0x10
[  427.096276][T11124]  ? __pfx_lock_release+0x10/0x10
[  427.097709][T11124]  ? trace_lock_acquire+0x14e/0x1f0
[  427.099236][T11124]  ? __fget_files+0x206/0x3a0
[  427.101042][T11124]  __sys_sendmsg+0x16e/0x220
[  427.102891][T11124]  ? __pfx___sys_sendmsg+0x10/0x10
[  427.104825][T11124]  __do_fast_syscall_32+0x73/0x120
[  427.106665][T11124]  do_fast_syscall_32+0x32/0x80
[  427.108510][T11124]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  427.110814][T11124] RIP: 0023:0xf708e579
[  427.111974][T11124] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  427.117529][T11124] RSP: 002b:00000000f508055c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  427.119965][T11124] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000780
[  427.120907][T11110] ceph: No mds server is up or the cluster is laggy
[  427.122192][T11124] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  427.122201][T11124] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  427.128730][T11124] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  427.131192][T11124] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  427.133451][T11124]  </TASK>
[  427.305810][T11114] chnl_net:caif_netlink_parms(): no params data found
[  427.380114][T11138] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1403'.
[  427.903856][T11114] bridge0: port 1(bridge_slave_0) entered blocking state
[  427.905938][T11114] bridge0: port 1(bridge_slave_0) entered disabled state
[  427.908056][T11114] bridge_slave_0: entered allmulticast mode
[  427.910376][T11114] bridge_slave_0: entered promiscuous mode
[  427.923858][T11114] bridge0: port 2(bridge_slave_1) entered blocking state
[  427.925958][T11114] bridge0: port 2(bridge_slave_1) entered disabled state
[  427.928087][T11114] bridge_slave_1: entered allmulticast mode
[  427.943138][T11114] bridge_slave_1: entered promiscuous mode
[  427.945460][T11143] input: syz0 as /devices/virtual/input/input88
[  428.011561][T11114] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  428.026301][T11114] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  428.127340][T11147] FAULT_INJECTION: forcing a failure.
[  428.127340][T11147] name failslab, interval 1, probability 0, space 0, times 0
[  428.132734][T11147] CPU: 0 UID: 0 PID: 11147 Comm: syz.0.1405 Not tainted 6.13.0-rc7-syzkaller-00191-gfda5e3f28400 #0
[  428.136743][T11147] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  428.140801][T11147] Call Trace:
[  428.142072][T11147]  <TASK>
[  428.143198][T11147]  dump_stack_lvl+0x16c/0x1f0
[  428.144946][T11147]  should_fail_ex+0x497/0x5b0
[  428.146733][T11147]  ? fs_reclaim_acquire+0xae/0x150
[  428.148255][T11147]  should_failslab+0xc2/0x120
[  428.150048][T11147]  kmem_cache_alloc_node_noprof+0x72/0x3b0
[  428.152262][T11147]  ? __alloc_skb+0x2b3/0x380
[  428.154029][T11147]  __alloc_skb+0x2b3/0x380
[  428.155711][T11147]  ? __pfx___alloc_skb+0x10/0x10
[  428.157572][T11147]  ? __nla_parse+0x40/0x60
[  428.159386][T11147]  netlbl_mgmt_listdef+0xb8/0x5d0
[  428.161422][T11147]  genl_family_rcv_msg_doit+0x202/0x2f0
[  428.163508][T11147]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  428.165768][T11147]  ? genl_get_cmd+0x195/0x580
[  428.167563][T11147]  ? __radix_tree_lookup+0x21f/0x2c0
[  428.169544][T11147]  genl_rcv_msg+0x565/0x800
[  428.171302][T11147]  ? __pfx_genl_rcv_msg+0x10/0x10
[  428.173202][T11147]  ? __pfx_netlbl_mgmt_listdef+0x10/0x10
[  428.175306][T11147]  ? __pfx___lock_acquire+0x10/0x10
[  428.177251][T11147]  netlink_rcv_skb+0x165/0x410
[  428.179062][T11147]  ? __pfx_genl_rcv_msg+0x10/0x10
[  428.180972][T11147]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  428.182966][T11147]  ? down_read+0xc9/0x330
[  428.184584][T11147]  ? __pfx_down_read+0x10/0x10
[  428.186390][T11147]  ? netlink_deliver_tap+0x1ae/0xca0
[  428.188385][T11147]  genl_rcv+0x28/0x40
[  428.189810][T11147]  netlink_unicast+0x53c/0x7f0
[  428.191623][T11147]  ? __pfx_netlink_unicast+0x10/0x10
[  428.193182][T11147]  ? __phys_addr_symbol+0x30/0x80
[  428.194678][T11147]  ? __check_object_size+0x488/0x710
[  428.196235][T11147]  netlink_sendmsg+0x8b8/0xd70
[  428.197685][T11147]  ? __pfx_netlink_sendmsg+0x10/0x10
[  428.199249][T11147]  ____sys_sendmsg+0x9ae/0xb40
[  428.200657][T11147]  ? __pfx_____sys_sendmsg+0x10/0x10
[  428.202224][T11147]  ? get_compat_msghdr+0x11b/0x170
[  428.203744][T11147]  ___sys_sendmsg+0x135/0x1e0
[  428.205125][T11147]  ? __pfx____sys_sendmsg+0x10/0x10
[  428.206665][T11147]  ? __pfx_lock_release+0x10/0x10
[  428.208143][T11147]  ? trace_lock_acquire+0x14e/0x1f0
[  428.209671][T11147]  ? __fget_files+0x206/0x3a0
[  428.211086][T11147]  __sys_sendmsg+0x16e/0x220
[  428.212464][T11147]  ? __pfx___sys_sendmsg+0x10/0x10
[  428.213995][T11147]  __do_fast_syscall_32+0x73/0x120
[  428.215512][T11147]  do_fast_syscall_32+0x32/0x80
[  428.216944][T11147]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  428.218819][T11147] RIP: 0023:0xf7f36579
[  428.220028][T11147] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  428.225581][T11147] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  428.228003][T11147] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000380
[  428.230333][T11147] RDX: 0000000000008000 RSI: 0000000000000000 RDI: 0000000000000000
[  428.232615][T11147] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  428.234925][T11147] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  428.237211][T11147] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  428.239622][T11147]  </TASK>
[  428.268404][T11114] team0: Port device team_slave_0 added
[  428.271374][T11114] team0: Port device team_slave_1 added
[  428.303171][   T92] hsr_slave_0: left promiscuous mode
[  428.305147][   T92] hsr_slave_1: left promiscuous mode
[  428.307271][   T92] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  428.309958][   T92] batman_adv: batadv0: Removing interface: batadv_slave_0
[  428.312903][   T92] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  428.324759][   T92] batman_adv: batadv0: Removing interface: batadv_slave_1
[  428.378461][   T92] veth1_macvtap: left promiscuous mode
[  428.380324][   T92] veth0_macvtap: left promiscuous mode
[  428.382040][   T92] veth1_vlan: left promiscuous mode
[  428.383699][   T92] veth0_vlan: left promiscuous mode
[  428.421358][T11154] /dev/sr0: Can't open blockdev
[  428.478913][ T5969] Bluetooth: hci1: command tx timeout
[  428.529588][T11153] /dev/sr0: Can't open blockdev
[  428.538901][ T6022] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  428.670782][T11152] /dev/sr0: Can't open blockdev
[  428.698906][ T6022] usb 5-1: Using ep0 maxpacket: 16
[  428.701784][ T6022] usb 5-1: config 1 interface 0 altsetting 191 bulk endpoint 0x1 has invalid maxpacket 32
[  428.704467][ T6022] usb 5-1: config 1 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  428.707993][ T6022] usb 5-1: config 1 interface 0 has no altsetting 0
[  428.711786][ T6022] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  428.714955][ T6022] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  428.717482][ T6022] usb 5-1: Product: syz
[  428.719119][ T6022] usb 5-1: Manufacturer: syz
[  428.720502][ T6022] usb 5-1: SerialNumber: syz
[  428.723378][T11150] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  428.938546][ T6022] usb 5-1: USB disconnect, device number 38
[  429.259259][   T92] team0 (unregistering): Port device team_slave_1 removed
[  429.341596][   T92] team0 (unregistering): Port device team_slave_0 removed
[  429.665468][T11172] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in;
[  429.665468][T11172]    program syz.0.1411 not setting count and/or reply_len properly
[  429.824930][T11176] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  430.006424][T11114] batman_adv: batadv0: Adding interface: batadv_slave_0
[  430.008450][T11114] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  430.016038][T11114] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  430.018839][T11165] ceph: No mds server is up or the cluster is laggy
[  430.020217][T11114] batman_adv: batadv0: Adding interface: batadv_slave_1
[  430.023805][T11114] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  430.036751][T11114] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  430.106945][T11114] hsr_slave_0: entered promiscuous mode
[  430.110705][T11114] hsr_slave_1: entered promiscuous mode
[  430.112681][T11114] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  430.114942][T11114] Cannot create hsr debugfs directory
[  430.318979][ T6021] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  430.419457][ T1104] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[  430.421401][ T1104] ata1: failed to read log page 10h (errno=-5)
[  430.423645][ T1104] ata1.00: exception Emask 0x1 SAct 0x40 SErr 0x0 action 0x0
[  430.426349][ T1104] ata1.00: irq_stat 0x40000000
[  430.427738][ T1104] ata1.00: failed command: WRITE FPDMA QUEUED
[  430.429846][ T1104] ata1.00: cmd 61/00:30:aa:af:0d/01:00:00:00:00/40 tag 6 ncq dma 131072 out
[  430.429846][ T1104]          res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[  430.435291][ T1104] ata1.00: status: { DRDY }
[  430.436675][ T1104] ata1.00: error: { ABRT }
[  430.442460][ T1104] ata1.00: configured for UDMA/100
[  430.444186][ T1104] ata1: EH complete
[  430.459698][  T833] 
[  430.460402][  T833] ======================================================
[  430.462313][  T833] WARNING: possible circular locking dependency detected
[  430.464303][  T833] 6.13.0-rc7-syzkaller-00191-gfda5e3f28400 #0 Not tainted
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  430.467167][  T833] ------------------------------------------------------
[  430.470318][  T833] kworker/3:2/833 is trying to acquire lock:
[  430.472150][  T833] ffff8880439d4558 (&q->q_usage_counter(queue)#51){++++}-{0:0}, at: blk_mq_alloc_request+0x59b/0x950
[  430.476062][  T833] 
[  430.476062][  T833] but task is already holding lock:
[  430.478210][  T833] ffff8880439d4b70 (&q->limits_lock){+.+.}-{4:4}, at: sd_revalidate_disk.isra.0+0x52c/0xa8d0
[  430.481075][  T833] 
[  430.481075][  T833] which lock already depends on the new lock.
[  430.481075][  T833] 
[  430.484242][  T833] 
[  430.484242][  T833] the existing dependency chain (in reverse order) is:
[  430.486842][  T833] 
[  430.486842][  T833] -> #5 (&q->limits_lock){+.+.}-{4:4}:
[  430.489026][  T833]        __mutex_lock+0x19b/0xa60
[  430.490495][  T833]        loop_reconfigure_limits+0x407/0x8c0
[  430.492202][  T833]        lo_ioctl+0x8f4/0x18a0
[  430.493912][  T833]        lo_compat_ioctl+0xb9/0x170
[  430.495993][  T833]        compat_blkdev_ioctl+0x2f7/0x750
[  430.498245][  T833]        __do_compat_sys_ioctl+0x1cb/0x2c0
[  430.500557][  T833]        __do_fast_syscall_32+0x73/0x120
[  430.502792][  T833]        do_fast_syscall_32+0x32/0x80
[  430.504952][  T833]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  430.507648][  T833] 
[  430.507648][  T833] -> #4 (&q->q_usage_counter(io)#23){++++}-{0:0}:
[  430.511109][  T833]        blk_mq_submit_bio+0x1fb6/0x24c0
[  430.513101][  T833]        __submit_bio+0x384/0x540
[  430.514566][  T833]        submit_bio_noacct_nocheck+0x698/0xd70
[  430.516332][  T833]        submit_bio_noacct+0x93a/0x1e20
[  430.517948][  T833]        mpage_readahead+0x41d/0x590
[  430.519485][  T833]        read_pages+0x1a8/0xdc0
[  430.520884][  T833]        page_cache_ra_unbounded+0x3dc/0x750
[  430.522608][  T833]        force_page_cache_ra+0x24b/0x340
[  430.524258][  T833]        page_cache_sync_ra+0x110/0x9c0
[  430.525833][  T833]        filemap_get_pages+0xd7b/0x1be0
[  430.527469][  T833]        filemap_read+0x3ca/0xd70
[  430.528946][  T833]        blkdev_read_iter+0x187/0x480
[  430.530499][  T833]        vfs_read+0x87f/0xbe0
[  430.531849][  T833]        ksys_read+0x12b/0x250
[  430.533299][  T833]        do_syscall_64+0xcd/0x250
[  430.534760][  T833]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.536593][  T833] 
[  430.536593][  T833] -> #3 (mapping.invalidate_lock#2){++++}-{4:4}:
[  430.539041][  T833]        down_read+0x9a/0x330
[  430.540399][  T833]        filemap_fault+0x2e0/0x2820
[  430.541887][  T833]        __do_fault+0x10a/0x490
[  430.543467][  T833]        do_pte_missing+0xebd/0x3e00
[  430.544967][  T833]        __handle_mm_fault+0x103c/0x2a40
[  430.546582][  T833]        handle_mm_fault+0x3fa/0xaa0
[  430.548132][  T833]        do_user_addr_fault+0x7a3/0x13f0
[  430.549747][  T833]        exc_page_fault+0x5c/0xc0
[  430.551213][  T833]        asm_exc_page_fault+0x26/0x30
[  430.552791][  T833]        fault_in_readable+0x160/0x200
[  430.554364][  T833]        fault_in_iov_iter_readable+0x101/0x2c0
[  430.556141][  T833]        generic_perform_write+0x21b/0x920
[  430.557830][  T833]        shmem_file_write_iter+0x10e/0x140
[  430.559519][  T833]        vfs_write+0x5ae/0x1150
[  430.560913][  T833]        ksys_write+0x12b/0x250
[  430.562318][  T833]        __do_fast_syscall_32+0x73/0x120
[  430.563967][  T833]        do_fast_syscall_32+0x32/0x80
[  430.565504][  T833]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  430.567456][  T833] 
[  430.567456][  T833] -> #2 (&mm->mmap_lock){++++}-{4:4}:
[  430.569666][  T833]        __might_fault+0x11b/0x190
[  430.571143][  T833]        _copy_from_user+0x29/0xd0
[  430.572613][  T833]        compat_blk_trace_setup+0xc9/0x200
[  430.574977][  T833]        blk_trace_ioctl+0x24a/0x290
[  430.576686][  T833]        compat_blkdev_ioctl+0x13c/0x750
[  430.578332][  T833]        __do_compat_sys_ioctl+0x1cb/0x2c0
[  430.579992][  T833]        __do_fast_syscall_32+0x73/0x120
[  430.581587][  T833]        do_fast_syscall_32+0x32/0x80
[  430.583306][  T833]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  430.585409][  T833] 
[  430.585409][  T833] -> #1 (&q->debugfs_mutex){+.+.}-{4:4}:
[  430.587647][  T833]        __mutex_lock+0x19b/0xa60
[  430.589147][  T833]        blk_mq_init_sched+0x42b/0x640
[  430.590722][  T833]        elevator_init_mq+0x2cd/0x420
[  430.592263][  T833]        add_disk_fwnode+0x113/0x1300
[  430.594276][  T833]        sd_probe+0xa66/0xfa0
[  430.596033][  T833]        really_probe+0x23e/0xa90
[  430.597490][  T833]        __driver_probe_device+0x1de/0x440
[  430.599213][  T833]        driver_probe_device+0x4c/0x1b0
[  430.600790][  T833]        __device_attach_driver+0x1df/0x310
[  430.602518][  T833]        bus_for_each_drv+0x157/0x1e0
[  430.604141][  T833]        __device_attach_async_helper+0x1d3/0x290
[  430.605954][  T833]        async_run_entry_fn+0x9c/0x530
[  430.607522][  T833]        process_one_work+0x958/0x1b30
[  430.609067][  T833]        worker_thread+0x6c8/0xf00
[  430.610558][  T833]        kthread+0x2c1/0x3a0
[  430.611887][  T833]        ret_from_fork+0x45/0x80
[  430.613312][  T833]        ret_from_fork_asm+0x1a/0x30
[  430.613800][ T9431] vivid-001: reconnect
[  430.614819][  T833] 
[  430.614819][  T833] -> #0 (&q->q_usage_counter(queue)#51){++++}-{0:0}:
[  430.618543][  T833]        __lock_acquire+0x249e/0x3c40
[  430.620079][  T833]        lock_acquire.part.0+0x11b/0x380
[  430.621682][  T833]        blk_queue_enter+0x50f/0x640
[  430.623213][  T833]        blk_mq_alloc_request+0x59b/0x950
[  430.624838][  T833]        scsi_execute_cmd+0x20a/0xf30
[  430.626390][  T833]        read_capacity_16+0x21a/0xe20
[  430.627923][  T833]        sd_revalidate_disk.isra.0+0x1a06/0xa8d0
[  430.629726][  T833]        scsi_rescan_device+0x243/0x340
[  430.631318][  T833]        ata_scsi_dev_rescan+0x1cb/0x470
[  430.632932][  T833]        process_one_work+0x958/0x1b30
[  430.634496][  T833]        worker_thread+0x6c8/0xf00
[  430.635951][  T833]        kthread+0x2c1/0x3a0
[  430.637215][  T833]        ret_from_fork+0x45/0x80
[  430.638539][  T833]        ret_from_fork_asm+0x1a/0x30
[  430.640060][  T833] 
[  430.640060][  T833] other info that might help us debug this:
[  430.640060][  T833] 
[  430.642937][  T833] Chain exists of:
[  430.642937][  T833]   &q->q_usage_counter(queue)#51 --> &q->q_usage_counter(io)#23 --> &q->limits_lock
[  430.642937][  T833] 
[  430.647212][  T833]  Possible unsafe locking scenario:
[  430.647212][  T833] 
[  430.649344][  T833]        CPU0                    CPU1
[  430.650872][  T833]        ----                    ----
[  430.652397][  T833]   lock(&q->limits_lock);
[  430.653680][  T833]                                lock(&q->q_usage_counter(io)#23);
[  430.655907][  T833]                                lock(&q->limits_lock);
[  430.657782][  T833]   rlock(&q->q_usage_counter(queue)#51);
[  430.659434][  T833] 
[  430.659434][  T833]  *** DEADLOCK ***
[  430.659434][  T833] 
[  430.661732][  T833] 5 locks held by kworker/3:2/833:
[  430.663198][  T833]  #0: ffff88801ac88948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12cd/0x1b30
[  430.666136][  T833]  #1: ffffc90004567d80 ((work_completion)(&(&ap->scsi_rescan_task)->work)){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1b30
[  430.669754][  T833]  #2: ffff888024f9c358 (&ap->scsi_scan_mutex){+.+.}-{4:4}, at: ata_scsi_dev_rescan+0x3e/0x470
[  430.672689][  T833]  #3: ffff88802534a378 (&dev->mutex){....}-{4:4}, at: scsi_rescan_device+0x27/0x340
[  430.675364][  T833]  #4: ffff8880439d4b70 (&q->limits_lock){+.+.}-{4:4}, at: sd_revalidate_disk.isra.0+0x52c/0xa8d0
[  430.678300][  T833] 
[  430.678300][  T833] stack backtrace:
[  430.679843][  T833] CPU: 3 UID: 0 PID: 833 Comm: kworker/3:2 Not tainted 6.13.0-rc7-syzkaller-00191-gfda5e3f28400 #0
[  430.682659][  T833] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  430.685552][  T833] Workqueue: events ata_scsi_dev_rescan
[  430.687058][  T833] Call Trace:
[  430.687956][  T833]  <TASK>
[  430.688783][  T833]  dump_stack_lvl+0x116/0x1f0
[  430.690087][  T833]  print_circular_bug+0x41c/0x610
[  430.691518][  T833]  check_noncircular+0x31a/0x400
[  430.692916][  T833]  ? __pfx_check_noncircular+0x10/0x10
[  430.694471][  T833]  ? __pfx_try_to_wake_up+0x10/0x10
[  430.695915][  T833]  ? lockdep_lock+0xc6/0x200
[  430.697185][  T833]  ? __pfx_lockdep_lock+0x10/0x10
[  430.698616][  T833]  __lock_acquire+0x249e/0x3c40
[  430.699995][  T833]  ? __pfx___lock_acquire+0x10/0x10
[  430.701482][  T833]  lock_acquire.part.0+0x11b/0x380
[  430.702917][  T833]  ? blk_mq_alloc_request+0x59b/0x950
[  430.704424][  T833]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  430.705967][  T833]  ? rcu_is_watching+0x12/0xc0
[  430.707323][  T833]  ? trace_lock_acquire+0x14e/0x1f0
[  430.708784][  T833]  ? blk_mq_alloc_request+0x59b/0x950
[  430.710276][  T833]  ? lock_acquire+0x2f/0xb0
[  430.711553][  T833]  ? blk_mq_alloc_request+0x59b/0x950
[  430.713017][  T833]  blk_queue_enter+0x50f/0x640
[  430.714343][  T833]  ? blk_mq_alloc_request+0x59b/0x950
[  430.715804][  T833]  ? __pfx_blk_queue_enter+0x10/0x10
[  430.717236][  T833]  ? save_trace+0x42/0xa10
[  430.718481][  T833]  ? add_lock_to_list+0x17d/0x390
[  430.719883][  T833]  ? lockdep_unlock+0x11a/0x290
[  430.721224][  T833]  blk_mq_alloc_request+0x59b/0x950
[  430.722657][  T833]  ? __pfx_blk_mq_alloc_request+0x10/0x10
[  430.724248][  T833]  ? __pfx___lock_acquire+0x10/0x10
[  430.725668][  T833]  scsi_execute_cmd+0x20a/0xf30
[  430.726990][  T833]  ? lock_acquire.part.0+0x11b/0x380
[  430.728469][  T833]  ? __mutex_trylock_common+0xea/0x250
[  430.729980][  T833]  ? __pfx_scsi_execute_cmd+0x10/0x10
[  430.731508][  T833]  ? sd_revalidate_disk.isra.0+0x52c/0xa8d0
[  430.733201][  T833]  ? rcu_is_watching+0x12/0xc0
[  430.734546][  T833]  read_capacity_16+0x21a/0xe20
[  430.735915][  T833]  ? __pfx_read_capacity_16+0x10/0x10
[  430.737434][  T833]  ? __pfx___mutex_lock+0x10/0x10
[  430.738869][  T833]  ? __pfx_scsi_execute_cmd+0x10/0x10
[  430.740330][  T833]  sd_revalidate_disk.isra.0+0x1a06/0xa8d0
[  430.741850][  T833]  ? find_held_lock+0x2d/0x110
[  430.743173][  T833]  ? mark_held_locks+0x9f/0xe0
[  430.744512][  T833]  ? __pfx_sd_revalidate_disk.isra.0+0x10/0x10
[  430.746132][  T833]  ? kasan_save_stack+0x42/0x60
[  430.747461][  T833]  ? kasan_save_stack+0x33/0x60
[  430.748830][  T833]  ? kasan_save_track+0x14/0x30
[  430.750173][  T833]  ? kasan_save_free_info+0x3b/0x60
[  430.751584][  T833]  ? __kasan_slab_free+0x51/0x70
[  430.752951][  T833]  ? kfree+0x14f/0x4b0
[  430.754050][  T833]  ? scsi_attach_vpd+0x4dc/0x580
[  430.755446][  T833]  ? scsi_rescan_device+0xf5/0x340
[  430.756845][  T833]  ? ata_scsi_dev_rescan+0x1cb/0x470
[  430.758324][  T833]  ? process_one_work+0x958/0x1b30
[  430.759728][  T833]  ? worker_thread+0x6c8/0xf00
[  430.761046][  T833]  ? hlock_class+0x4e/0x130
[  430.762301][  T833]  ? mark_lock+0xb5/0xc60
[  430.763492][  T833]  ? mark_held_locks+0x9f/0xe0
[  430.764838][  T833]  ? kasan_quarantine_put+0x10a/0x240
[  430.766343][  T833]  ? lockdep_hardirqs_on+0x7c/0x110
[  430.767765][  T833]  ? kfree+0x14f/0x4b0
[  430.768919][  T833]  ? lockdep_hardirqs_on+0x7c/0x110
[  430.770365][  T833]  ? scsi_attach_vpd+0x4dc/0x580
[  430.771718][  T833]  ? scsi_attach_vpd+0x4dc/0x580
[  430.773097][  T833]  ? __pfx_sd_rescan+0x10/0x10
[  430.774414][  T833]  scsi_rescan_device+0x243/0x340
[  430.775829][  T833]  ata_scsi_dev_rescan+0x1cb/0x470
[  430.777275][  T833]  process_one_work+0x958/0x1b30
[  430.778705][  T833]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  430.780291][  T833]  ? __pfx_process_one_work+0x10/0x10
[  430.781678][  T833]  ? rcu_is_watching+0x12/0xc0
[  430.783013][  T833]  ? assign_work+0x1a0/0x250
[  430.784322][  T833]  worker_thread+0x6c8/0xf00
[  430.785609][  T833]  ? __kthread_parkme+0x148/0x220
[  430.787020][  T833]  ? __pfx_worker_thread+0x10/0x10
[  430.788486][  T833]  kthread+0x2c1/0x3a0
[  430.789638][  T833]  ? _raw_spin_unlock_irq+0x23/0x50
[  430.791110][  T833]  ? __pfx_kthread+0x10/0x10
[  430.792430][  T833]  ret_from_fork+0x45/0x80
[  430.793711][  T833]  ? __pfx_kthread+0x10/0x10
[  430.795044][  T833]  ret_from_fork_asm+0x1a/0x30
[  430.796414][  T833]  </TASK>
[  430.797407][ T6021] usb 6-1: Using ep0 maxpacket: 16
[  430.797949][ T5969] Bluetooth: hci1: command tx timeout
[  430.878829][    C3] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  431.160258][ T6021] usb 6-1: device descriptor read/all, error -71
[  431.170094][   T92] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  431.240920][   T92] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  431.334104][   T92] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  431.427011][   T92] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  431.941571][   T92] bond0 (unregistering): (slave team0): Releasing backup interface
[  431.944159][   T92] team0: left promiscuous mode
[  431.946092][   T92] bond0 (unregistering): Released all slaves
[  432.058927][   T92] tipc: Left network mode
[  432.262952][   T92] hsr_slave_0: left promiscuous mode
[  432.265375][   T92] hsr_slave_1: left promiscuous mode
[  432.268907][   T92] veth1_macvtap: left promiscuous mode
[  432.270605][   T92] veth0_macvtap: left promiscuous mode
[  432.272278][   T92] veth1_vlan: left promiscuous mode
[  432.273970][   T92] veth0_vlan: left promiscuous mode
[  432.649750][   T92] smc: removing net device bond_slave_1 with user defined pnetid SYZ1
[  433.264087][   T92] IPVS: stop unused estimator thread 0...
[  433.365279][   T92] bridge_slave_1: left allmulticast mode
[  433.366969][   T92] bridge_slave_1: left promiscuous mode
[  433.368682][   T92] bridge0: port 2(bridge_slave_1) entered disabled state
[  433.371506][   T92] bridge_slave_0: left allmulticast mode
[  433.373346][   T92] bridge_slave_0: left promiscuous mode
[  433.375079][   T92] bridge0: port 1(bridge_slave_0) entered disabled state
[  433.479271][   T92] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  433.482918][   T92] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  433.485849][   T92] bond0 (unregistering): Released all slaves
[  433.772669][   T92] hsr_slave_0: left promiscuous mode
[  433.776598][   T92] hsr_slave_1: left promiscuous mode
[  433.779254][   T92] batman_adv: batadv0: Removing interface: batadv_slave_0
[  433.782113][   T92] batman_adv: batadv0: Removing interface: batadv_slave_1
[  433.858015][   T92] team0 (unregistering): Port device team_slave_1 removed
[  433.901776][   T92] team0 (unregistering): Port device team_slave_0 removed

VM DIAGNOSIS:
07:12:41  Registers:
info registers vcpu 0

CPU#0
RAX=0000000080000002 RBX=0000000080000001 RCX=ffffffff814a8dc3 RDX=0000000080000001
RSI=0000000000000000 RDI=0000000000000005 RBP=0000000000000001 RSP=ffffc900042b7cc0
R8 =0000000000000000 R9 =fffffbfff203a582 R10=0000000080000001 R11=00000000000a2001
R12=ffff88803fffa5e0 R13=0000000000000008 R14=0000000000000000 R15=ffff8880003d0400
RIP=ffffffff81994783 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fc4b58ab280 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000021000000 CR3=000000002204c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000004 Opmask01=0000000000000000 Opmask02=00000000fffffdff Opmask03=0104100080810010
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000557d3be1dbb0 0000557d3be1a9d0
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000557d3be1dbb0 0000557d3be1a9d0
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373737373737373 7373737373737373
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 ffffff00000000ff
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffff0000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 ffffff00000000ff
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 ffffff00000000ff
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6be1cbc8c95e0665 7373260b1f410ef3
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73737373737373e2 737373435c021e73
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 73202c297325286b 636f6c66206f7420 656c62616e55006e 6f69746974726170
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 302c393230302c38 3230302c37323030 2c36323030003731 3d5145534b534944
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0d11040f0d0d1105 0f0d0d110a0f0d0d 110b0f0d0d000a0c 005145534b534944
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1892b8bbba2d7516 000055786c31f44e 00000000000001c1 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6c622f302e3065 63617073656d616e 2f306e6f69676572 2f30737562646e2f
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000171 5345434146524554 0000003165737500 306d656d702f6b63
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3a263e393a3a263b 393a3a263a393a3a 264c383a3a264f38 3a3a264e383a3a26
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=ffff88802b746720 RCX=ffffffff818d54cc RDX=ffff888022eb2440
RSI=ffffffff818d54a6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc90006647a40
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=ffffed10056e8ce5 R13=0000000000000001 R14=ffff88802b746728 R15=ffff88802b53ff80
RIP=ffffffff818d54a8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000030602ffc CR3=0000000025678000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000012000000000 0000000300000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=dffffc0000000000 RBX=ffffea00013393c0 RCX=ffffffff81d36e90 RDX=1ffffffff347ccb5
RSI=ffffc90003717858 RDI=ffff88807ffdb200 RBP=ffff8880404ee000 RSP=ffffc90003717758
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=ffffc90003717858 R13=ffff88807ffd6540 R14=ffffc900037179b0 R15=0000000000000001
RIP=ffffffff8204037f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7f06e40 CR3=000000000db7e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73a3ff4
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85146355 RDI=ffffffff9a66e200 RBP=ffffffff9a66e1c0 RSP=ffffc90004566a60
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=000000000000002d R14=ffffffff851462f0 R15=0000000000000000
RIP=ffffffff8514637f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=0000000025678000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6224e4f80794ddb8 870eb099886f645f
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 191eeb52a77644fd a72d5572c356f4b2
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 e08a8df758155d3d 3793869bd7d34dbc
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7e7eadd0442198ff 7de58d5323fc6a2e
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000049c0
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d40080012e008001 06f9d2c0ee008001
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100000001 00000001c2008001
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 06f9d0aa00000001 0800800106f9cea7
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000106f9d69a 06f9d48700000001
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 49ae7a6e76eb930d 03f553b3dd8ae215
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ef03a388690d15cf c5c8242ea173e505
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000