last executing test programs:

6.940527259s ago: executing program 1 (id=2550):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x0, 0x32, 0x0, 0x0, 0x7}, 0x28)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$BPF_GET_MAP_INFO(0x3, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000000)={{0x0, 0xeeef0000, 0xe, 0x0, 0x81, 0x4, 0xa, 0x4e, 0x0, 0x7, 0x6, 0x1}, {0x5000, 0xffff1000, 0x3, 0x5, 0x2, 0x8, 0xd, 0x3, 0x0, 0x81, 0x8, 0x1}, {0x5000, 0x0, 0x0, 0xfd, 0x2, 0x1, 0x6, 0xf, 0x8, 0x6, 0x2}, {0xffff1000, 0xd5dd0000, 0xe, 0x2, 0x1, 0x3, 0xc, 0x2, 0x1, 0x6, 0x4, 0x9}, {0x100002, 0xeeee8000, 0x9, 0x0, 0x80, 0xee, 0x2d, 0x7, 0x7c, 0x0, 0xe, 0x9}, {0x3000, 0x4, 0x8, 0x1, 0x5, 0x4, 0x1, 0x1, 0x6, 0x86, 0xb, 0x2}, {0xeeee8000, 0xe6e60000, 0xc, 0x7, 0x7, 0x3, 0x1d, 0x47, 0x30, 0x2, 0x8, 0xe1}, {0xf000, 0x2, 0xc, 0xf8, 0xfd, 0xa, 0x2, 0x4, 0x3, 0x8, 0x5, 0x4e}, {0x4, 0x7}, {0x6000, 0x5}, 0x10, 0x0, 0x0, 0x40, 0x7, 0x1000, 0xeeef0000, [0x5, 0x8001, 0x8]})
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000100)={{0xeeee8000, 0xdddd1000, 0x10, 0x0, 0x8, 0x2, 0x1, 0x4, 0x0, 0x4, 0x47, 0x10}, {0xcccff001, 0x500, 0xd, 0x0, 0x0, 0x0, 0x6, 0x1, 0x7, 0x4}, {0x2000, 0xdddd0000, 0x0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x2, 0x0, 0xfc}, {0x3000, 0xffff1000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4, 0x8}, {0xeeee8000, 0x3000, 0xb, 0x0, 0x0, 0x4, 0x0, 0xe, 0x0, 0x3a}, {0x5000, 0xd000, 0x0, 0x7, 0xc, 0x0, 0x2, 0x0, 0x4, 0x10, 0x80}, {0xdddd1000, 0x100000, 0xa, 0x6, 0x0, 0x0, 0x2, 0x4, 0x10}, {0x8080000, 0x3000, 0x0, 0x1, 0x7f, 0x4, 0x0, 0x1a, 0x26, 0x0, 0xff}, {0x80ac000}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x1, 0x70, 0x0, 0xdd00, 0x0, [0xfffffffffffffffc, 0x0, 0x1, 0xfffffffffffffffc]})
socket$nl_route(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x800, 0x0)
socketpair$unix(0x1, 0xd9ae450b6b8f8aed, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)

5.851321718s ago: executing program 0 (id=2552):
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000fc0)=[{{&(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f00000008c0)=[{&(0x7f00000006c0)="c93eba827ac4f84860f73e10e9aa464fdddb0c942abf7c1cf7823e7136dd41d050451bd64174472e84e4a4aac653dc513e5efa10e41e099880d57c31b63b5295c21cd1a47f7d27288df5de493466a5480d467cfbc7b88cffcdc6ac7792b320adff12500e355b2d2721f28a71b2a8646c461c12e5b8b1bd74826f670b8a914599a4d9c9700f04cd228613a1dc60f58aab28a80a3a37bf0459d4786afb7744d454e013c177ff30d8678d8678b3e9ea1fe5acc15487d1ece9dc20e65b48749e9da356742664764e345a23ec9bd7", 0xcc}, {&(0x7f0000000a00)="47dba160e1b4731d9e7e5da30355eca85e1b4e88014923c46698375edd5883c33763f8f378190863a1facc484daa057ab54c313f2d6f3a727e2371df2874a91055b49ce5b0c8235c79f1e7f0cba2761950ec0c71c287d857350b9e68f5199fe772adc11869d0b6c9dbc56929ca8a36218ef4cf5d460eb2ac44445c9cd25c25b799290248902b2059d75c69128fb390d2f268abd2f1bb6bedc312524c8da2f9132ad71a66feccb236bf2fb9a886c6c8e6ef6cfc036a9f5950f8ba7c1390e3b50042502a1ff1e3b3dc8af6b79722129ca65db25c1bd057762841ea97cde03a6e0bf7ca9000445a826d", 0xe8}, {&(0x7f0000000580)="a021ba1dce24d317a09358c5e4762c5bcffaeb35db636c56777c323786fa9ffcdcca659c40654c5c1ab1e5fc416c218f864858a4180eaa4e5317813ee19811c7d8404c725a9024ae0def2f1a5fb7e15b4ddff4f22fc0de2f020359ca13892835319625b19ca62ce7c152ab3d5e86102823b609b99b98da35e945624645af238d59fee0f3edde785bb42f", 0x8a}, {&(0x7f0000000b00)="6ae8445c83e48f4fc68d902d6fa4123e460da27dea7152f280d8e485c3542468b9cf9b7afb3af9dfafce7440fdb13887e54551c4836be3c9636ff2f1a87213e1baa3d4636ed9a21a254e670de889a9f2d0cd37aecacb354bc35f22cf9e6e0adc6a80d501cc89b8e4b4a42e57e289e376f608960e5f935a1c0a0a1a9f36a087a98ef5", 0x82}, {&(0x7f0000000440)="ca1f891441e5fd5844163966e694665a8b31ce803c36c68681ff590d0d41d93dc0f048690d57965171ea5515e58c8bfd8c2cf8f8216bc6534859a56f1f8a7ac22a6b5806517935dfdb19f67f9e3da3c27e9195", 0x53}, {&(0x7f0000000280)}, {&(0x7f00000007c0)="c40de8c30ef977488cc876c5c8dcdde4b42c79a3b218b7e76236336927addde7816ab281a42b50d66bd3ce374c7f7d37309206885f459cf8cdbe9caa179162b8eccbf19481a7a71dbe944ee6b19d59a0bf661c72534acbbb3f37c8d6096e9383ae46dd2252557724885cc25e3cefa623cd9eeea5fb31", 0x76}, {&(0x7f0000000300)}, {&(0x7f0000000bc0)="36ee362d69090af082cf74c6a8b2fabfc7e139d49265b45d5bab4c607720134e76a789485524b058a684f32571196be9d647d9479deec31bb00ff61145509cb2950ef3e3fa244a0f8c741fab5b28a93a5e8a50c5a564ebd9664efac52828edc8992b40acb26cc56c9724c38822b021d6b55c83f9bfab34dff8902c1df10c8ea4bf9022db6d388ff759f402dcac81c7b0d887c434538e7385037446", 0x9b}], 0x9, &(0x7f0000000f00)=[@cred={{0x18, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @rights={{0x2c, 0x1, 0x1, [r0, r0, r1, r1, r1, 0xffffffffffffffff, 0xffffffffffffffff, r1]}}, @rights={{0x10, 0x1, 0x1, [r0]}}, @rights={{0x28, 0x1, 0x1, [r0, r1, r0, r1, r1, r0, r0]}}, @cred={{0x18}}, @cred={{0x18}}], 0xac, 0x2004000}}], 0x1, 0x4040)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={0x0, 0x40}}, 0x0)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @broadcast}})
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0x14)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0x1)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x3)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f0000000940)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000e0000008500000006000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70500000800000085000000a700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
getsockopt$rose(0xffffffffffffffff, 0x104, 0x0, 0x0, &(0x7f0000000100))
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r9}, 0xc)
ioctl$TIOCVHANGUP(r7, 0x5437, 0x0)

5.697258391s ago: executing program 1 (id=2553):
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000fc0)=[{{&(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f00000008c0)=[{&(0x7f00000006c0)="c93eba827ac4f84860f73e10e9aa464fdddb0c942abf7c1cf7823e7136dd41d050451bd64174472e84e4a4aac653dc513e5efa10e41e099880d57c31b63b5295c21cd1a47f7d27288df5de493466a5480d467cfbc7b88cffcdc6ac7792b320adff12500e355b2d2721f28a71b2a8646c461c12e5b8b1bd74826f670b8a914599a4d9c9700f04cd228613a1dc60f58aab28a80a3a37bf0459d4786afb7744d454e013c177ff30d8678d8678b3e9ea1fe5acc15487d1ece9dc20e65b48749e9da356742664764e345a23ec9bd7", 0xcc}, {&(0x7f0000000a00)="47dba160e1b4731d9e7e5da30355eca85e1b4e88014923c46698375edd5883c33763f8f378190863a1facc484daa057ab54c313f2d6f3a727e2371df2874a91055b49ce5b0c8235c79f1e7f0cba2761950ec0c71c287d857350b9e68f5199fe772adc11869d0b6c9dbc56929ca8a36218ef4cf5d460eb2ac44445c9cd25c25b799290248902b2059d75c69128fb390d2f268abd2f1bb6bedc312524c8da2f9132ad71a66feccb236bf2fb9a886c6c8e6ef6cfc036a9f5950f8ba7c1390e3b50042502a1ff1e3b3dc8af6b79722129ca65db25c1bd057762841ea97cde03a6e0bf7ca9000445a826d", 0xe8}, {&(0x7f0000000580)="a021ba1dce24d317a09358c5e4762c5bcffaeb35db636c56777c323786fa9ffcdcca659c40654c5c1ab1e5fc416c218f864858a4180eaa4e5317813ee19811c7d8404c725a9024ae0def2f1a5fb7e15b4ddff4f22fc0de2f020359ca13892835319625b19ca62ce7c152ab3d5e86102823b609b99b98da35e945624645af238d59fee0f3edde785bb42f", 0x8a}, {&(0x7f0000000b00)="6ae8445c83e48f4fc68d902d6fa4123e460da27dea7152f280d8e485c3542468b9cf9b7afb3af9dfafce7440fdb13887e54551c4836be3c9636ff2f1a87213e1baa3d4636ed9a21a254e670de889a9f2d0cd37aecacb354bc35f22cf9e6e0adc6a80d501cc89b8e4b4a42e57e289e376f608960e5f935a1c0a0a1a9f36a087a98ef5", 0x82}, {&(0x7f0000000440)="ca1f891441e5fd5844163966e694665a8b31ce803c36c68681ff590d0d41d93dc0f048690d57965171ea5515e58c8bfd8c2cf8f8216bc6534859a56f1f8a7ac22a6b5806517935dfdb19f67f9e3da3c27e9195", 0x53}, {&(0x7f0000000280)="9478", 0x2}, {&(0x7f00000007c0)="c40de8c30ef977488cc876c5c8dcdde4b42c79a3b218b7e76236336927addde7816ab281a42b50d66bd3ce374c7f7d37309206885f459cf8cdbe9caa179162b8eccbf19481a7a71dbe944ee6b19d59a0bf661c72534acbbb3f37c8d6096e9383ae46dd2252557724885cc25e3cefa623cd9eeea5fb31", 0x76}, {&(0x7f0000000300)}, {&(0x7f0000000bc0)="36ee362d69090af082cf74c6a8b2fabfc7e139d49265b45d5bab4c607720134e76a789485524b058a684f32571196be9d647d9479deec31bb00ff61145509cb2950ef3e3fa244a0f8c741fab5b28a93a5e8a50c5a564ebd9664efac52828edc8992b40acb26cc56c9724c38822b021d6b55c83f9bfab34dff8902c1df10c8ea4bf9022db6d388ff759f402dcac81c7b0d887c434538e7385037446", 0x9b}], 0x9, &(0x7f0000000f00)=[@cred={{0x18, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @rights={{0x2c, 0x1, 0x1, [r0, r0, r1, r1, r1, 0xffffffffffffffff, 0xffffffffffffffff, r1]}}, @rights={{0x10, 0x1, 0x1, [r0]}}, @rights={{0x28, 0x1, 0x1, [r0, r1, r0, r1, r1, r0, r0]}}, @cred={{0x18}}, @cred={{0x18}}], 0xac, 0x2004000}}], 0x1, 0x4040)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={0x0, 0x40}}, 0x0)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @broadcast}})
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0x14)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0x1)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x3)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f0000000940)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000e0000008500000006000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70500000800000085000000a700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
getsockopt$rose(0xffffffffffffffff, 0x104, 0x0, 0x0, &(0x7f0000000100))
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r9}, 0xc)
ioctl$TIOCVHANGUP(r7, 0x5437, 0x0)

4.151468692s ago: executing program 1 (id=2559):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x0)
ioctl$CEC_S_MODE(r2, 0x40046109, &(0x7f00000000c0)=0x32)
ioctl$CEC_S_MODE(r2, 0x40046109, &(0x7f00000002c0)=0x1)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x300, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="44000000190001090000000000000000021800000002fd010000000008000100ac14140008000500ac1e0101100016800c00010000000000000000040600150001000000d8f033d71499385671961c5fd5039a192a2349dc3498e1772383d09440c32db26af5ecdb217f1f61415f2b7db6be72cc8a9e00"], 0x44}}, 0x0)

3.904076009s ago: executing program 0 (id=2561):
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000fc0)=[{{&(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f00000008c0)=[{&(0x7f00000006c0)="c93eba827ac4f84860f73e10e9aa464fdddb0c942abf7c1cf7823e7136dd41d050451bd64174472e84e4a4aac653dc513e5efa10e41e099880d57c31b63b5295c21cd1a47f7d27288df5de493466a5480d467cfbc7b88cffcdc6ac7792b320adff12500e355b2d2721f28a71b2a8646c461c12e5b8b1bd74826f670b8a914599a4d9c9700f04cd228613a1dc60f58aab28a80a3a37bf0459d4786afb7744d454e013c177ff30d8678d8678b3e9ea1fe5acc15487d1ece9dc20e65b48749e9da356742664764e345a23ec9bd7", 0xcc}, {&(0x7f0000000a00)="47dba160e1b4731d9e7e5da30355eca85e1b4e88014923c46698375edd5883c33763f8f378190863a1facc484daa057ab54c313f2d6f3a727e2371df2874a91055b49ce5b0c8235c79f1e7f0cba2761950ec0c71c287d857350b9e68f5199fe772adc11869d0b6c9dbc56929ca8a36218ef4cf5d460eb2ac44445c9cd25c25b799290248902b2059d75c69128fb390d2f268abd2f1bb6bedc312524c8da2f9132ad71a66feccb236bf2fb9a886c6c8e6ef6cfc036a9f5950f8ba7c1390e3b50042502a1ff1e3b3dc8af6b79722129ca65db25c1bd057762841ea97cde03a6e0bf7ca9000445a826d", 0xe8}, {&(0x7f0000000580)="a021ba1dce24d317a09358c5e4762c5bcffaeb35db636c56777c323786fa9ffcdcca659c40654c5c1ab1e5fc416c218f864858a4180eaa4e5317813ee19811c7d8404c725a9024ae0def2f1a5fb7e15b4ddff4f22fc0de2f020359ca13892835319625b19ca62ce7c152ab3d5e86102823b609b99b98da35e945624645af238d59fee0f3edde785bb42f", 0x8a}, {&(0x7f0000000b00)="6ae8445c83e48f4fc68d902d6fa4123e460da27dea7152f280d8e485c3542468b9cf9b7afb3af9dfafce7440fdb13887e54551c4836be3c9636ff2f1a87213e1baa3d4636ed9a21a254e670de889a9f2d0cd37aecacb354bc35f22cf9e6e0adc6a80d501cc89b8e4b4a42e57e289e376f608960e5f935a1c0a0a1a9f36a087a98ef5", 0x82}, {&(0x7f0000000440)="ca1f891441e5fd5844163966e694665a8b31ce803c36c68681ff590d0d41d93dc0f048690d57965171ea5515e58c8bfd8c2cf8f8216bc6534859a56f1f8a7ac22a6b5806517935dfdb19f67f9e3da3c27e9195", 0x53}, {&(0x7f0000000280)}, {&(0x7f00000007c0)="c40de8c30ef977488cc876c5c8dcdde4b42c79a3b218b7e76236336927addde7816ab281a42b50d66bd3ce374c7f7d37309206885f459cf8cdbe9caa179162b8eccbf19481a7a71dbe944ee6b19d59a0bf661c72534acbbb3f37c8d6096e9383ae46dd2252557724885cc25e3cefa623cd9eeea5fb31", 0x76}, {&(0x7f0000000300)}, {&(0x7f0000000bc0)="36ee362d69090af082cf74c6a8b2fabfc7e139d49265b45d5bab4c607720134e76a789485524b058a684f32571196be9d647d9479deec31bb00ff61145509cb2950ef3e3fa244a0f8c741fab5b28a93a5e8a50c5a564ebd9664efac52828edc8992b40acb26cc56c9724c38822b021d6b55c83f9bfab34dff8902c1df10c8ea4bf9022db6d388ff759f402dcac81c7b0d887c434538e7385037446", 0x9b}], 0x9, &(0x7f0000000f00)=[@cred={{0x18, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @rights={{0x2c, 0x1, 0x1, [r0, r0, r1, r1, r1, 0xffffffffffffffff, 0xffffffffffffffff, r1]}}, @rights={{0x10, 0x1, 0x1, [r0]}}, @rights={{0x28, 0x1, 0x1, [r0, r1, r0, r1, r1, r0, r0]}}, @cred={{0x18}}, @cred={{0x18}}], 0xac, 0x2004000}}], 0x1, 0x4040)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={0x0, 0x40}}, 0x0)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @broadcast}})
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0x14)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0x1)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x3)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f0000000940)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000e0000008500000006000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70500000800000085000000a700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
getsockopt$rose(0xffffffffffffffff, 0x104, 0x0, 0x0, &(0x7f0000000100))
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r9}, 0xc)
ioctl$TIOCVHANGUP(r7, 0x5437, 0x0)

2.750092632s ago: executing program 3 (id=2563):
r0 = openat$dsp1(0xffffff9c, &(0x7f0000000280), 0x109000, 0x0)
r1 = socket(0x10, 0x3, 0x0)
write(r1, &(0x7f00000004c0)="240000001a005f0214f9f407000904ff2358c365040000020009000000000400012a4600", 0x24)
r2 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64)
r3 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
r4 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000004700)={'team0\x00', <r5=>0x0}) (async, rerun: 64)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1e1a00, 0x0) (rerun: 64)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r7, 0xc048aec8, &(0x7f0000000080)={0x1, 0x0, @pic={0x0, 0x81, 0x9, 0x5, 0x3c, 0xfd, 0x5, 0x9, 0x4, 0xfc, 0xff, 0xf9, 0x55, 0x9, 0xf7, 0x7}})
mkdir(&(0x7f0000000180)='./file0\x00', 0xe0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10) (async)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000500)={0xb, {'syz0\x00', 'syz1\x00', 'syz0\x00', 0xd7, 0x8, 0x400, 0x5, 0x3, 0x5, "2b357edfd16f5fde9daa3235959c3b110cd40448891ff223bcf6b9d4e80e98e53e50b5db202c8728f5db2d5653fe0fbe95e40176d67e88998705d731f5f657985841f60ddf2d0b473b3b6fec4acadefaceeb5e13cf84628677e71dbc80557e2747d48832a826d3c8d9577d688d5ffd280eab6e67d1099390d13029568b1bb6f6b7c1974f2d50166af2b3d8fdd4f5bfddde104055146b025e30014b9f5d21610809a5ed9421382ba3243316e102954d5f59055317a55f40a7dc8858ff185e4cf5098f0f9dbe586b1cbce182c7bdf5cd4b417e90debc8499"}}, 0x1ef)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000300)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r9, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010040000000000002034400000008000300", @ANYRES32=r10, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140002"], 0x4c}}, 0x0) (async)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f0000000ac0)=ANY=[@ANYRES32=r2, @ANYRES32=r0, @ANYRESHEX=r2, @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705f69763d513521b59827eab709f0798158484e3b5223fdb263fb328b02e623c10e23775ed89b08455e0a2d1bca19a95d45c01465b6bc3987a8a26c5fb7fb215d4df9e091928fb30b8cc83f757b1af1a63bcc1c63de71e5f82904e69c27146691fd30a94c2091aa37b791907130125304ec88cb61c00f45db13898c0e26e8db316b65adc5295ede02c0fac22528b70d91ba21bff40ad3aff96b036cfc765d1ec249bf929cedd524c9b3cfb3a772ecb6ebb96aedcab39b3ee899bae798b1661a2795d4dfb4a30ccdcd1e568f742a33e47a1b121343451fd546f8a6f34c215b537de82856127a1cce03369aa6af997eec", @ANYRESDEC=r8])
io_setup(0x8, &(0x7f0000004200))
r11 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r11, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) (async, rerun: 32)
sendmsg$nl_route(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)=ANY=[@ANYRES16=r5, @ANYRESDEC=r11], 0x38}, 0x1, 0x0, 0x0, 0x20040800}, 0x0) (async, rerun: 32)
syz_open_procfs(0x0, 0x0) (async)
umount2(&(0x7f0000000100)='./file0\x00', 0x3)
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000340)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050427bd7000fedbdf250100000008000100", @ANYRES32=r5, @ANYBLOB="4400028040000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005000000100004006c949b03ff616c616e6365002c1f17e3985b4f3d877230fb1b5a4a5ccdc1673ae5e31e87e178d9fb40f1b522c2855fdfa38d5c03ea9a26e81761766ae9c7fbf89fc76acf85c64b55a094bc488f4df5a312d08ea65cf7bfe00d381f418f05169c413d293ff479995cacdcea4766559907ca491548b4e73a2934797535aa3f4e27bc6830551799ee96f6b8461e9f86cebe31f345cd3d289eb920a8c446a53d"], 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084) (async)
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r5, {}, {}, {0x8, 0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x8881}, 0x0) (async)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0xa}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x4}}], {0x14}}, 0xa4}}, 0x0) (async)
ioctl$SNDCTL_DSP_POST(r0, 0x5008, 0x0)

2.546675562s ago: executing program 0 (id=2564):
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair(0x18, 0x6, 0x1ff, 0x0)
r0 = getpid()
syz_pidfd_open(r0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r1)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4051}, 0x20000010)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)={0x2c, 0x3d, 0x107, 0x0, 0x0, {0x3, 0x7c}, [@nested={0x18, 0x37, 0x0, 0x1, [@typed={0x13, 0x3, 0x0, 0x0, @str='qtr(4\x14\xd6\xbb\xa9\x19sm4)\x00'}]}]}, 0x2c}}, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r1)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0xe)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x1f, 0xf, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0xe84}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, r5}, 0x94)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', <r6=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x2, 0x0, {}, [@NHA_OIF={0x8, 0x5, r6}]}, 0x20}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@ipv4_newroute={0x24, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x20003b00}, [@RTA_NH_ID={0x8, 0x1e, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="24000000200001070000000000000000022000000000000000000000080001000000"], 0x24}}, 0x0)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r9, 0x89f1, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000440)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x3, 0x5e55b37311de6d89, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}}}}})

2.537981901s ago: executing program 3 (id=2565):
r0 = openat$yama_ptrace_scope(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x18, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0xfffffe10}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0x47}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020641700000000002020007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='ib_mad_send_done_handler\x00', r4, 0x0, 0x2}, 0x18)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000001c0))
fstat(r0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000440)={<r8=>0x0, 0x0, <r9=>0x0}, &(0x7f0000000480)=0xc)
setregid(r9, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000500)={{{@in=@multicast2, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0}}, {{@in=@local}, 0x0, @in=@local}}, &(0x7f0000000380)=0xe4)
sendmmsg$unix(r3, &(0x7f0000003280)=[{{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000002840)=ANY=[], 0xb4}}, {{0x0, 0x0, &(0x7f0000002a40)=[{&(0x7f0000002940)="5d49c67b14fac82b707fec5c0efce59509d07ed0494cfae2beeb4251bef34e59d05a10b6fcc56283bb1b531f90c7a97b9f33906602e06dd9412049a7233b2ae0b84b9b235ada23fa0915f395ab58bff8ca9729ea9fddb5411540545dcfd8d42260316e2ffd8b11c64ea25d23cf93ad4fee5cf93a702a812c758e61771c370e5ac4f8cfe4575e6f3b7b166e7fa6a60e218ea0afd7c9755dd06ce8214283b60ff07a463917c77d61f6586f17cfa50b6448f5c7f41d983b9a29cea06a78ee29894ce08729e506246fc78ca8007ba2eb7a1cd0d82792f1cd8841524f3ab17cd05622ac737886190b6ae8c7", 0xe9}], 0x1, &(0x7f0000000840)=[@rights={{0x1c, 0x1, 0x1, [r0, r7, r4, r4]}}, @cred={{0x18, 0x1, 0x2, {0x0, r10, r6}}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x18}}], 0x6c, 0x48844}}, {{&(0x7f0000002b80)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000031c0)=[{&(0x7f0000002c00)="05ed428a48cb53e353e1b18ce0de74fd747cc94e653301ffb030cdd331c6076f32c7ab0757f249f5919c02ce27947da800f503ebfbcc51ed008130feb340c547a22ea6d21f3e51f3460b446b4d16ac4fd79479377eed908a372a7c406a0fafff5d52cb6f5bcfd4f424bb741352a1d9fa60a5e6be23a716596a094f51cc5e69e3bad60621ffe96238bbbd46bfbeebe2a7e5ff364acf2a8da8955497aef44c51b14884ae573b7140db47c737481b32551b75f9138663f52f278e0d90e6db4dc48672ba8ffed0bff59f1ba1928645ebc2fa200d1b6fa5e74e39fdc51fce6b96bedf954a9b45c793137f54e0ce8f9d196ff122403d0201771f5119b489", 0xfb}, {&(0x7f0000002d00)="6e05c0b3218dad4662647a9506873914cd51dc73c683ab9173761e7dc26ad87c01ced79876d36358c8ac586f29986b5ab0a74ce809c047ac4f18ce65be62ff96c47a3311bb528d59ef2080aed11f5bac7a3572235b1c6081b66d2a546609641dfb04ae47cff54dec6c3630464b0be019e67975ba2338577d1258ab34abef5a8cb8a077c19c3e2d3a77bc64ce514518c07b011f54ffd5c26962516244092646e8d0e9cc54c7c3f2cfa53094107167861bde437ed0c600a77522bcac9eeae4bb93b96f26dfe1dbd6420eb854f6efaf4fd984981ea51df9b2f8f705a6de720aae9e61e6017b1f2885241c3a549f97cfed21f9756db661925b25", 0xf8}, {&(0x7f00000006c0)="a283b352ca35c5cab0b055e5ad7d2ab0a8dbc8a30f46ccb67c9dfe63094555edf25e056bbf8204448d43ca32fc398cad8f9f92ada216843fade11d8ad4b1c3e5de3cc4371331f60290ff3e8edad1b547560ea61a089014eb05a4ae95620cdbac68b35586aaa88022b5aea3e7b464094fdce146e7d81b6f80779535284eec1d66fe1a7cd2e868bec25cc9c4d40f5888194120c27b2aa073a3f4ad02d383d734b8957bac980b7e27773d95cd0585dd081e30c5271f13135da85ca6b0573df337a87d468c45b08359dd5a1150db77361b3c964a3f22d07b6a477820b13d85948d19140d9e0583ed9b78c2a347", 0xeb}, {&(0x7f0000002f00)="bc3e6e25c71de21431b2c3ec9e31f6914646e538c6ef5313cdb18eec4d8b1c3fd241fa1b0e9c039c00426619ea9ee6a7e5aabede37144b14d40b37418fb7156895b986457b6dbe58a860f67f79a4f02ebaa2115ffde8b281353751cd5d0b296c81abcedaf3a9b09d5306a4b36edadea70553373f9300b6ae2bea6ad1af129e880d51c73a9351f4f8c68771b3f0ed6a54fb84f4e83859345b2b82871146b9c2e9a7f308f64af88ef1fb448c8f9685d7838fd5014ae1092779b8", 0xb9}, {&(0x7f0000002fc0)="0f0269475268ca51cd3af1fb9fa8260fb428b200137b428be287a1c98087fcc2b0147539f7e5f04d3cda321db98924a51d31f55daf91f7b98296a0e2d3167c230f0bc93e3505dab14ccb3ffaa9004714e8607d8abbdb936efa8986456694f7cd13e419c77a139badfbb9bff94361c1ff54d3a7fa825111c01cb5122658ace151fea6319f170c8aa0ba0d5659cd290127f1de909a00b45fa43f2d66b55e4f3f698a27425214bb1e3188820ccebb8ad6e99c4a2c", 0xb3}, {&(0x7f0000003080)="622f6c4fceac3c35a82767c1a4136dd004e89578ae33d8db9345995321e555c3ce6438f75a3a4db47ad0b85cacec59401237b26b556ee7d81226a4f45bd96de6a0e914d5cc40b5e123c954ce9908799166008870e3f92f00981759290af95b6b6e6fff639cfdd64b10da653bd35b803530f02fca3b05d3cf64de0997ec90a9785d858364291f3a1f883e22ef197d76f0b2b935ac371385c8c37ff692e3fdf7ca80874957496772e79514196e3d86a8eba1ba8e0e9de4edc23ba72551d8506ff85927f3ac3c18d69d7211dbcb0ac337189c51e2ed317c6dd0cd928e833abeb92b1929a53dfaf2d18fcc49e4ff974cd9", 0xef}, {&(0x7f0000003180)="c121429767213cdd9a80b98898faf3e421db96d97f49762474b88aff64dc0b70cc70ebceeea34f", 0x27}], 0x7, &(0x7f0000003200)=[@rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, r2, r0, 0xffffffffffffffff, r7, r2, 0xffffffffffffffff, r5, r5, r2]}}, @cred={{0x18, 0x1, 0x2, {r1}}}, @cred={{0x18, 0x1, 0x2, {r8}}}], 0x64, 0x2004c890}}], 0x3, 0x3004c0d5)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0)
r11 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
r12 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd)
keyctl$read(0xb, r11, &(0x7f0000000240)=""/112, 0x349b7f55)
request_key(&(0x7f0000000400)='.request_key_auth\x00', &(0x7f00000007c0)={'syz', 0x0}, &(0x7f0000000800)='user\x00', r12)
getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x5, &(0x7f0000000040)=""/162, &(0x7f0000000100)=0xa2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x6, [@var={0x4, 0x0, 0x0, 0xe, 0x3}, @ptr={0x0, 0x0, 0x0, 0x2, 0x2}]}, {0x0, [0x2e, 0x0, 0x0, 0x61]}}, 0x0, 0x3a}, 0x28)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0)

2.478153454s ago: executing program 1 (id=2566):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, &(0x7f0000000200))
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect={0xec})
sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000024000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a140000001100010000000000000000000000000a"], 0x64}}, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)

2.419669282s ago: executing program 0 (id=2567):
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair(0x18, 0x6, 0x1ff, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4051}, 0x20000010)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0xe)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x1f, 0xf, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0xe84}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, r3}, 0x94)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', <r4=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x2, 0x0, {}, [@NHA_OIF={0x8, 0x5, r4}]}, 0x20}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@ipv4_newroute={0x24, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x20003b00}, [@RTA_NH_ID={0x8, 0x1e, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="24000000200001070000000000000000022000000000000000000000080001000000"], 0x24}}, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r7, 0x89b1, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000440)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x3, 0x5e55b37311de6d89, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}}}}})

2.410758147s ago: executing program 0 (id=2568):
personality(0x8)
uname(&(0x7f0000000040)=""/46)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001300)={{0x14}, [@NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELRULE={0x33, 0x8, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x74}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'macvlan0\x00'})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x200, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x215}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_EVENT={0x8, 0x2c, 0x8}, @IFLA_MTU={0x8, 0x4, 0x2ed}]}, 0x44}, 0x1, 0xba01, 0x0, 0x4000000}, 0x8050)

2.341010745s ago: executing program 0 (id=2569):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000100)={0x18, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x1f2f, 0xb, 0x0, &(0x7f00000007c0)="9f44948721919580684010", 0x0, 0x241, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x4c)
r1 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r2 = dup(r1)
pipe2$watch_queue(&(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
write$6lowpan_enable(r2, &(0x7f0000000180)='0', 0xfffffd5e)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
sendmsg$RDMA_NLDEV_CMD_RES_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x18, 0x1409, 0x1, 0x70bd26, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}}, 0x200040c0)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='befs\x00', 0x200000, 0x0)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000340), 0x7, 0x4040)
write$vga_arbiter(r4, &(0x7f0000000600)=@other={'unlock', ' ', 'none'}, 0xc)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'veth0\x00', <r6=>0x0})
setsockopt$packet_int(r5, 0x107, 0x14, &(0x7f0000000180)=0x19ca, 0x4)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r5, &(0x7f00000000c0)="3f031c000502140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14)
setsockopt$inet_tcp_int(r2, 0x6, 0xa, &(0x7f0000000380)=0x6, 0x4)
recvfrom$packet(r5, &(0x7f0000000200)=""/202, 0xca, 0x21, &(0x7f0000000300)={0x11, 0xf5, r6, 0x1, 0x80}, 0x14)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r7, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140100001400210200000000fcdbdf25031100800c0002"], 0x114}], 0x1}, 0x4814)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x31, '\x00', 0x0, 0x0, r3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r8}, 0x10)

2.254233633s ago: executing program 2 (id=2570):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000140)=@RTM_DELMDB={0x38, 0x54, 0x93d, 0x0, 0x0, {}, [@MDBA_SET_ENTRY={0x6, 0x1, {0x0, 0x0, 0x3, 0x0, {@in6_addr=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x86dd}}}]}, 0x38}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000180)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
openat$comedi(0xffffffffffffff9c, 0x0, 0x400, 0x0)
pipe(&(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
splice(r9, 0x0, r7, 0x0, 0x2, 0x0)
vmsplice(r6, 0x0, 0x0, 0x8)
write$binfmt_elf64(r8, &(0x7f0000000000)=ANY=[], 0x18c6)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x20)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4a, &(0x7f0000000380)=0x10001, 0x4)
syz_emit_ethernet(0x8e, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES8], 0x0)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
openat$incfs(0xffffffffffffff9c, &(0x7f00000a0040)='.pending_reads\x00', 0x80102, 0x10)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="043e110b"], 0xec)

1.16768905s ago: executing program 3 (id=2571):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x2}, [], {0x14, 0x10}}, 0x28}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000140)=@RTM_DELMDB={0x38, 0x54, 0x93d, 0x0, 0x0, {}, [@MDBA_SET_ENTRY={0x6, 0x1, {0x0, 0x0, 0x3, 0x0, {@in6_addr=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x86dd}}}]}, 0x38}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000180)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
openat$comedi(0xffffffffffffff9c, 0x0, 0x400, 0x0)
pipe(&(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
splice(r9, 0x0, r7, 0x0, 0x2, 0x0)
vmsplice(r6, &(0x7f0000000180)=[{&(0x7f0000000080)="a1", 0x1}], 0x1, 0x8)
write$binfmt_elf64(r8, &(0x7f0000000000)=ANY=[], 0x18c6)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4a, &(0x7f0000000380)=0x10001, 0x4)
syz_emit_ethernet(0x8e, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES8], 0x0)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
chdir(&(0x7f0000000340)='./file0\x00')
openat$incfs(0xffffffffffffff9c, &(0x7f00000a0040)='.pending_reads\x00', 0x80102, 0x10)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="043e110b"], 0xec)

1.162351405s ago: executing program 2 (id=2572):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000800000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='contention_end\x00', r3}, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r4, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x4c, r5, 0xf20, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_SEC_LEVEL={0x2c, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x8}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x3}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x1}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x1}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24000000}, 0x40000)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xfff1, 0xffff}, {0x0, 0xffe2}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=@delchain={0x24, 0x66, 0xf31, 0xfffffff8, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x2, 0x1b}}}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0)

556.384107ms ago: executing program 2 (id=2573):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @local}, &(0x7f0000000080)=0x1c, 0x80800)
getsockopt$inet6_mreq(r1, 0x29, 0x6, &(0x7f0000000140)={@loopback}, &(0x7f0000000180)=0x14)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00'})
r2 = socket$key(0xf, 0x3, 0x2)
close(r2)
shutdown(r0, 0x1)
syz_emit_ethernet(0x4e, &(0x7f0000000080)={@broadcast, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "87fb89", 0x18, 0x0, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2, {[@dstopts={0x5c, 0x1, '\x00', [@enc_lim, @padn={0x1, 0x2, [0x0, 0x0]}, @jumbo={0xc2, 0x4, 0xfc}]}]}}}}}, 0x0)
unshare(0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000030a01080000000000000000020000080c00024000000000000000030900010073797a3000000000140000001100010000000000000000000000000a065a1d18f23013d747c6c9d0edc58ba559c7543b7d2dfb9cc51f09b7fb844c44a66c00d7372f2570fc91f3a5fa6414be8de18439509ec8db2626db6bca6cffb7818aca391945c00599e51ba1550dbeaa33f7148c51e51c7130d41a7984041f2774fe39e578783091ef568e67fd21308a61ca91489d9b08fb03616acde76fa159689437225d2769e9b130ac4aae861c1464bf5200a3c9caf18ada418b8bffeb825d184f9a489d7050b247d8424c6bfa0c88ca27b7bfcd1011fb49023849ae60aee3b50f7788e4d29d163c8251ccc65a829a327a8ef16a7a1aca3fa853d95dea06f57468514d826c82fddc347bbb7f8c40920dda0689fef8598a326b2876608f60774b2ee1f927d0eeb0cf4d6fd535322d7b15b34acbecd75ea5da5a6ca52fc0bcc310079492d1966277b8ca3b3976640dbff2c2550553a29a0b7632750d6bebeb93adfbb1dbc1eef7b75afeeb71fe85008aea7f95e9a22c198a9bedc67c974db2e9b44ec6"], 0x54}}, 0x0)

556.234505ms ago: executing program 2 (id=2574):
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
fchdir(r0)
r1 = io_uring_setup(0x29d5, &(0x7f0000000100)={0x0, 0xccb7, 0x0, 0x2, 0x2bd, 0x0, r0})
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
setresgid(0xffffffffffffffff, 0xee00, 0xffffffffffffffff)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10)
listen(r2, 0x1ff)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r4, 0xc0189378, &(0x7f0000000280)={{0x1, 0x1, 0x17, <r5=>0xffffffffffffffff, {0x7}}, './file1\x00'})
write$P9_RLOCK(r5, &(0x7f0000000000)={0x8, 0x35, 0x1, 0x3}, 0x8)
sendto$inet(r3, &(0x7f00000000c0)="ab", 0x1, 0xc1, &(0x7f0000000280)={0x2, 0x4e22, @loopback}, 0x10)
close_range(r1, 0xffffffffffffffff, 0x0)

470.009263ms ago: executing program 2 (id=2575):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x2}, [@NFT_MSG_NEWSET={0xa4, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2c}, @NFTA_SET_DESC={0x68, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_DESC_CONCAT={0x5c, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0x24, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}]}]}]}]}], {0x14, 0x10}}, 0xcc}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000140)=@RTM_DELMDB={0x38, 0x54, 0x93d, 0x0, 0x0, {}, [@MDBA_SET_ENTRY={0x6, 0x1, {0x0, 0x0, 0x3, 0x0, {@in6_addr=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x86dd}}}]}, 0x38}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000180)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
openat$comedi(0xffffffffffffff9c, 0x0, 0x400, 0x0)
pipe(&(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
splice(r9, 0x0, r7, 0x0, 0x2, 0x0)
vmsplice(r6, &(0x7f0000000180)=[{&(0x7f0000000080)="a1", 0x1}], 0x1, 0x8)
write$binfmt_elf64(r8, &(0x7f0000000000)=ANY=[], 0x18c6)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x20)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4a, &(0x7f0000000380)=0x10001, 0x4)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
openat$incfs(0xffffffffffffff9c, &(0x7f00000a0040)='.pending_reads\x00', 0x80102, 0x10)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="043e110b"], 0xec)

206.561019ms ago: executing program 3 (id=2576):
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_GET_WOWLAN(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x28}}, 0x0)
getsockname$packet(r4, &(0x7f0000000140)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r5, 0x10681, 0x20000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}}, 0x20044002)
r6 = socket(0x10, 0x803, 0x0)
r7 = socket(0x1, 0x803, 0x0)
sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40}, [@IFA_LOCAL={0x14, 0x2, @ipv4}]}, 0x2c}}, 0x0)
r8 = socket(0x10, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001400b59500000000000000000a000000", @ANYRES32=r9, @ANYBLOB="150002000000000000000000ffff0000000021e8995f6ebcc940"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffff", @ANYRES32=r2, @ANYBLOB="01"], 0x3c}}, 0x0)

129.246331ms ago: executing program 3 (id=2577):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x1, 0x81, 0x1ff, 0x801, 0x1}, 0x1c)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1, 0x0, 0x0, 0x1000000}}], 0x400000000000181, 0x9200000000000000)
bind$tipc(r0, 0x0, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r1, 0xffffffffffffffff, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2b3d, 0xf8fa, 0x6, 0x0, 0x0)

93.459034ms ago: executing program 3 (id=2578):
socket$inet6_sctp(0xa, 0x5, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="140000000400000000000600000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00 \x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYRESHEX=r2], 0x50)
bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r4, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendfile(r4, r3, 0x0, 0x40008)
r5 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x80002, 0x0)
setsockopt$MRT6_INIT(r5, 0x29, 0xc8, 0x0, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
io_setup(0x30, &(0x7f0000000600))
pipe2$9p(&(0x7f0000000080)={<r6=>0xffffffffffffffff}, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f00000004c0), 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0))
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)
ioctl$KVM_SET_IRQCHIP(r8, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @ioapic={0xdddd1000, 0x4, 0x20000004, 0xf0a5, 0x0, [{0x5, 0x81, 0x0, '\x00', 0xef}, {0x6, 0x39, 0x10}, {0xd1, 0xde, 0xd6, '\x00', 0xd}, {0x2, 0x6, 0x3, '\x00', 0x8}, {0x4, 0x4, 0x4, '\x00', 0x40}, {0x42, 0x1, 0x80, '\x00', 0x8}, {0x1, 0x0, 0xb0, '\x00', 0x1}, {0x6, 0x1, 0x9, '\x00', 0x2}, {0x6, 0x7, 0xfd, '\x00', 0xf5}, {0x7, 0x5f, 0x4, '\x00', 0x1}, {0xe1, 0xe, 0xff, '\x00', 0x4}, {0x61, 0xb4, 0xd, '\x00', 0xf}, {0xc8, 0x9, 0x9, '\x00', 0x6}, {0xad, 0x7, 0x7, '\x00', 0x8}, {0xf3, 0xf, 0x5, '\x00', 0x9}, {0x1, 0xf7, 0x7, '\x00', 0x5}, {0x9, 0x2, 0x23, '\x00', 0x6}, {0xe6, 0x4, 0x5, '\x00', 0x90}, {0x8, 0x16, 0x6, '\x00', 0x81}, {0xa, 0xbe, 0xcc, '\x00', 0x5}, {0x6, 0x60, 0x6, '\x00', 0x2}, {0x2, 0x7f, 0x5}, {0x10, 0x5, 0xf9, '\x00', 0x5}, {0x31, 0xcc, 0x10, '\x00', 0x5}]}})
fsetxattr$trusted_overlay_origin(r6, &(0x7f00000000c0), &(0x7f0000000140), 0x2, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, 0x0)

83.385776ms ago: executing program 2 (id=2579):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x8200, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0x9, [{}, {0x0, 0xffffbc24}, {0x3}, {}, {0x0, 0x80000001}, {0x0, 0x1}, {}, {0x0, 0xfffffffe}]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="38000000031404002ab1000f4938"], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4040)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x3, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="348bd2909098ab7508efd782fa91039b73d8e84bbabfe4a9c2040c1210175e81738c8b0185b3ec821c90f278822261d76956237366437c877e1a05b9ff0ecc6284ce3baf95c2497b58f4a8ae38ee6c76ec145176cb5f3f31d5272087224b927995f9da89d1d07c2a89895476e2b5e4f61823538b7f99a4023edb778925dbdaef589bba0752cc1a7e9147932194f605636ddaa8459efd156a872c7db13aeb15f0", @ANYRES32, @ANYRES32=r0, @ANYRES64=r2, @ANYRES64=r1, @ANYRESDEC=r2], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB], 0xf)
syz_clone(0x1222080, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x6, 0x10001, 0x34324152, 0x0, 0xb, [{}, {0x10}, {0x2}, {0x0, 0x1}]}})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x80}, 0x1, 0x0, 0x0, 0x840}, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$inet6(0xa, 0x2, 0x0)
getsockopt$inet6_int(r5, 0x29, 0x4e, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000000)={0xef4, "9c12717b1dffb34a7f925e5aea238fea8da9be192cb4aaab0d301fb3bbac8444"})
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r6, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r6, 0xc0045006, &(0x7f0000000180)=0x6f)

366.409µs ago: executing program 1 (id=2580):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x10, 0x803, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x1, &(0x7f0000000380)=ANY=[@ANYBLOB="001e009f81710000c79ca86c1df3c516c99bd832aad0cd73dc15c63531f61bc0a7e20013cdad83765e7851933afd0d4fbd4f67e80bb601a219456da3329211956f63d8d51d94d8059f1766115e235a02d9f2424f0ba970c7df241a9b3870acf97a33513bb6d7d25a89ddcbdde41851e287d1c79206e39b075f3279664449020073850082d6f7751928a5e573fa3dac3f5371c0bd369705707dc5cc6900d2a23c299945853842306ab02cba7da1c7f5a42bbd311139b44e88fb466333dcd217742188c2f1f9812a3a1359ccec13aefe0eee7458"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
r2 = socket(0x1, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x1000000, 0x0, {0xa, 0x40, 0xeaddb0ce1851e778, 0x0, r3}, [@IFA_LOCAL={0x14, 0x2, @loopback}, @IFA_FLAGS={0x8, 0x8, 0x374}]}, 0x34}}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_RADAR_DETECT(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x28, r4, 0x1, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0xfffffffa, 0x4c}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x40000)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r6, 0x8982, &(0x7f0000000000))

0s ago: executing program 1 (id=2581):
r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
fallocate(0xffffffffffffffff, 0x44, 0x0, 0x3)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = open(&(0x7f0000000400)='./file0\x00', 0x64842, 0x0)
pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x143a82, 0x8)
r3 = dup(r2)
sendfile(r3, r1, 0x0, 0x8000fffffffc)
write$uinput_user_dev(r0, 0x0, 0x0)
syz_init_net_socket$llc(0x1a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdir(0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) (fail_nth: 9)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

configuration, please check.
[  499.054610][ T1347] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  499.162556][T13854] netlink: 129704 bytes leftover after parsing attributes in process `syz.0.1567'.
[  499.483358][ T1347] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  499.510005][T13863] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1568'.
[  499.515355][T13863] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1568'.
[  500.358867][T13885] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1571'.
[  500.975778][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  500.977779][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  502.003609][T13902] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  502.007454][T13902] syzkaller0: entered promiscuous mode
[  502.009562][T13902] syzkaller0: entered allmulticast mode
[  502.065909][T13902] tipc: Resetting bearer <eth:syzkaller0>
[  502.070361][T13901] tipc: Resetting bearer <eth:syzkaller0>
[  502.078546][T13901] tipc: Disabling bearer <eth:syzkaller0>
[  502.146656][T13906] netlink: 88 bytes leftover after parsing attributes in process `syz.3.1575'.
[  502.298160][T13910] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1577'.
[  502.302130][T13910] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1577'.
[  503.247411][T13940] netlink: 129704 bytes leftover after parsing attributes in process `syz.3.1581'.
[  503.609542][T13948] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  503.609976][T13948] syzkaller0: entered promiscuous mode
[  503.614229][T13948] syzkaller0: entered allmulticast mode
[  503.622690][T13946] FAULT_INJECTION: forcing a failure.
[  503.622690][T13946] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  503.627727][T13946] CPU: 1 UID: 0 PID: 13946 Comm: syz.0.1582 Not tainted syzkaller #0 PREEMPT(full) 
[  503.627754][T13946] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  503.627762][T13946] Call Trace:
[  503.627765][T13946]  <TASK>
[  503.627770][T13946]  dump_stack_lvl+0x16c/0x1f0
[  503.627790][T13946]  should_fail_ex+0x512/0x640
[  503.627811][T13946]  _copy_from_iter+0x29f/0x1720
[  503.627826][T13946]  ? __pfx__copy_from_iter+0x10/0x10
[  503.627840][T13946]  ? __pfx___might_resched+0x10/0x10
[  503.627855][T13946]  file_tty_write.constprop.0+0x488/0x9b0
[  503.627877][T13946]  vfs_write+0x7d0/0x11d0
[  503.627890][T13946]  ? __pfx_tty_write+0x10/0x10
[  503.627907][T13946]  ? __pfx_vfs_write+0x10/0x10
[  503.627918][T13946]  ? find_held_lock+0x2b/0x80
[  503.627938][T13946]  ksys_write+0x12a/0x250
[  503.627950][T13946]  ? __pfx_ksys_write+0x10/0x10
[  503.627964][T13946]  ? rcu_is_watching+0x12/0xc0
[  503.627977][T13946]  __do_fast_syscall_32+0x7c/0x3a0
[  503.627995][T13946]  do_fast_syscall_32+0x32/0x80
[  503.628012][T13946]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  503.628025][T13946] RIP: 0023:0xf7f67579
[  503.628034][T13946] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  503.628045][T13946] RSP: 002b:00000000f547655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  503.628055][T13946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080002080
[  503.628062][T13946] RDX: 0000000000001006 RSI: 0000000000000000 RDI: 0000000000000000
[  503.628068][T13946] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  503.628074][T13946] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  503.628080][T13946] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  503.628094][T13946]  </TASK>
[  503.633549][T13948] tipc: Resetting bearer <eth:syzkaller0>
[  503.698043][T13947] tipc: Resetting bearer <eth:syzkaller0>
[  503.705814][T13947] tipc: Disabling bearer <eth:syzkaller0>
[  503.859070][T13956] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1586'.
[  503.866821][T13956] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1586'.
[  506.009176][T14016] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  506.012021][T14016] syzkaller0: entered promiscuous mode
[  506.014137][T14016] syzkaller0: entered allmulticast mode
[  506.033613][T14016] tipc: Resetting bearer <eth:syzkaller0>
[  506.058005][T14015] tipc: Resetting bearer <eth:syzkaller0>
[  506.081094][T14015] tipc: Disabling bearer <eth:syzkaller0>
[  508.094184][T14091] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1604'.
[  511.925459][ T5975] Bluetooth: hci3: unknown advertising packet type: 0x65
[  512.226596][T14173] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  512.579315][T14190] netlink: 'syz.1.1619': attribute type 10 has an invalid length.
[  514.582645][T14232] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  514.780640][ T5975] Bluetooth: hci3: unknown advertising packet type: 0x65
[  514.935618][T14232] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1627'.
[  517.071571][T14289] loop6: detected capacity change from 0 to 524287999
[  519.121538][T14354] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  520.176401][T14376] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  520.701880][T14390] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  520.707690][T14390] syzkaller0: entered promiscuous mode
[  520.709494][T14390] syzkaller0: entered allmulticast mode
[  520.749183][T14390] tipc: Resetting bearer <eth:syzkaller0>
[  520.756938][T14389] tipc: Resetting bearer <eth:syzkaller0>
[  520.770657][T14389] tipc: Disabling bearer <eth:syzkaller0>
[  522.949555][T14426] sd 0:0:0:0: PR command failed: 1026
[  522.951256][T14426] sd 0:0:0:0: Sense Key : Illegal Request [current] 
[  522.953378][T14426] sd 0:0:0:0: Add. Sense: Invalid command operation code
[  523.106680][T14437] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  527.846401][T14542] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1682'.
[  527.850161][T14542] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1682'.
[  529.270445][T14576] ieee802154 phy0 wpan0: encryption failed: -22
[  531.259568][T14627] ieee802154 phy0 wpan0: encryption failed: -22
[  533.193086][T14660] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  533.240284][T14660] tipc: Resetting bearer <eth:syzkaller0>
[  533.288563][T14659] tipc: Disabling bearer <eth:syzkaller0>
[  533.597541][T14671] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  533.599690][T14671] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  533.603041][T14671] vhci_hcd vhci_hcd.0: Device attached
[  533.864209][ T1347] usb 38-1: SetAddress Request (2) to port 0
[  533.868083][ T1347] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd
[  533.905637][T14672] vhci_hcd: connection reset by peer
[  533.908560][ T1143] vhci_hcd: stop threads
[  533.910059][ T1143] vhci_hcd: release socket
[  533.911558][ T1143] vhci_hcd: disconnect device
[  534.011337][T14679] FAULT_INJECTION: forcing a failure.
[  534.011337][T14679] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  534.017990][T14679] CPU: 0 UID: 0 PID: 14679 Comm: syz.2.1707 Not tainted syzkaller #0 PREEMPT(full) 
[  534.018038][T14679] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  534.018048][T14679] Call Trace:
[  534.018054][T14679]  <TASK>
[  534.018060][T14679]  dump_stack_lvl+0x16c/0x1f0
[  534.018088][T14679]  should_fail_ex+0x512/0x640
[  534.018117][T14679]  _copy_from_user+0x2e/0xd0
[  534.018135][T14679]  mfill_atomic_copy+0x1262/0x1f50
[  534.018167][T14679]  ? __might_fault+0xe3/0x190
[  534.018186][T14679]  ? __pfx_mfill_atomic_copy+0x10/0x10
[  534.018216][T14679]  userfaultfd_ioctl+0x2436/0x3930
[  534.018246][T14679]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  534.018270][T14679]  ? do_vfs_ioctl+0x128/0x14f0
[  534.018295][T14679]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  534.018330][T14679]  ? find_held_lock+0x2b/0x80
[  534.018347][T14679]  ? hook_file_ioctl_common+0x145/0x410
[  534.018373][T14679]  ? __fget_files+0x20e/0x3c0
[  534.018392][T14679]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  534.018417][T14679]  ? compat_ptr_ioctl+0x6e/0xa0
[  534.018439][T14679]  compat_ptr_ioctl+0x6e/0xa0
[  534.018462][T14679]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[  534.018485][T14679]  __ia32_compat_sys_ioctl+0x242/0x370
[  534.018513][T14679]  __do_fast_syscall_32+0x7c/0x3a0
[  534.018540][T14679]  do_fast_syscall_32+0x32/0x80
[  534.018564][T14679]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  534.018584][T14679] RIP: 0023:0xf7f41579
[  534.018617][T14679] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  534.018633][T14679] RSP: 002b:00000000f543555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  534.018649][T14679] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000c028aa03
[  534.018659][T14679] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000
[  534.018669][T14679] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  534.018678][T14679] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  534.018688][T14679] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  534.018709][T14679]  </TASK>
[  534.513664][T14682] netlink: 129704 bytes leftover after parsing attributes in process `syz.1.1708'.
[  536.227493][T14719] ªªªªªª: renamed from wg2 (while UP)
[  536.677314][T14722] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  536.685350][T14722] tipc: Resetting bearer <eth:syzkaller0>
[  536.691259][T14721] tipc: Disabling bearer <eth:syzkaller0>
[  538.939696][T14787] netlink: 129704 bytes leftover after parsing attributes in process `syz.3.1724'.
[  538.943477][ T1347] usb 38-1: device descriptor read/8, error -110
[  539.333731][ T1347] usb usb38-port1: attempt power cycle
[  539.916614][ T1347] usb usb38-port1: unable to enumerate USB device
[  539.964103][T14813] netlink: 129704 bytes leftover after parsing attributes in process `syz.1.1726'.
[  543.285496][T14871] ªªªªªª: renamed from wg2 (while UP)
[  544.697121][T14899] netlink: 129704 bytes leftover after parsing attributes in process `syz.1.1742'.
[  549.509996][T14985] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1759'.
[  549.515715][T14985] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1759'.
[  549.537495][T14987] netlink: 129704 bytes leftover after parsing attributes in process `syz.0.1760'.
[  549.953339][   T10] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  550.112072][   T10] usb 8-1: New USB device found, idVendor=0fe9, idProduct=db55, bcdDevice=69.fb
[  550.115673][   T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=201
[  550.118513][   T10] usb 8-1: Product: syz
[  550.119991][   T10] usb 8-1: Manufacturer: syz
[  550.121635][   T10] usb 8-1: SerialNumber: syz
[  550.129594][   T10] usb 8-1: config 0 descriptor??
[  550.136920][   T10] dvb-usb: found a 'DigitalNow DVB-T Dual USB' in warm state.
[  550.139776][   T10] dvb-usb: bulk message failed: -22 (2/0)
[  550.152433][   T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  550.157369][   T10] dvbdev: DVB: registering new adapter (DigitalNow DVB-T Dual USB)
[  550.160439][   T10] usb 8-1: media controller created
[  550.179635][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  550.336724][T14996] dvb-usb: bulk message failed: -22 (4/0)
[  550.339722][T14996] cxusb: i2c read failed
[  550.342429][   T10] cxusb: set interface failed
[  550.345287][   T10] dvb-usb: bulk message failed: -22 (1/0)
[  550.369532][   T10] DVB: Unable to find symbol mt352_attach()
[  550.371611][   T10] dvb-usb: bulk message failed: -22 (5/0)
[  550.375052][   T10] zl10353_read_register: readreg error (reg=127, ret==-121)
[  550.377414][   T10] dvb-usb: no frontend was attached by 'DigitalNow DVB-T Dual USB'
[  550.423374][   T10] rc_core: IR keymap rc-dvico-mce not found
[  550.425789][   T10] Registered IR keymap rc-empty
[  550.430240][   T10] rc rc0: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.3/usb8/8-1/rc/rc0
[  550.435408][   T10] input: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.3/usb8/8-1/rc/rc0/input5
[  550.443472][   T10] dvb-usb: schedule remote query interval to 100 msecs.
[  550.445923][   T10] dvb-usb: DigitalNow DVB-T Dual USB successfully initialized and connected.
[  550.450869][   T10] usb 8-1: USB disconnect, device number 2
[  550.482851][   T10] dvb-usb: DigitalNow DVB-T Dual USB successfully deinitialized and disconnected.
[  551.880993][T15020] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1769'.
[  552.173381][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  557.611823][T15137] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1792'.
[  557.866205][   T40] audit: type=1800 audit(1757224275.554:210): pid=15149 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1793" name="SYSV00000000" dev="tmpfs" ino=5 res=0 errno=0
[  561.183341][T14324] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  561.370484][T14324] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  561.374136][T14324] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  561.377433][T14324] usb 7-1: Product: syz
[  561.379192][T14324] usb 7-1: Manufacturer: syz
[  561.381039][T14324] usb 7-1: SerialNumber: syz
[  561.387451][T14324] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  561.417009][   T29] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  562.190559][  T844] usb 7-1: USB disconnect, device number 4
[  562.427330][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  562.429608][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  562.493420][   T29] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive
[  562.497998][   T29] ath9k_htc: Failed to initialize the device
[  562.500962][  T844] usb 7-1: ath9k_htc: USB layer deinitialized
[  563.719509][T15227] syzkaller0: entered promiscuous mode
[  563.725866][T15227] syzkaller0: entered allmulticast mode
[  565.338559][T15267] loop6: detected capacity change from 0 to 7
[  565.351763][T10608] Dev loop6: unable to read RDB block 7
[  565.354775][T10608]  loop6: unable to read partition table
[  565.356635][T10608] loop6: partition table beyond EOD, truncated
[  565.525452][T15267] Dev loop6: unable to read RDB block 7
[  565.527317][T15267]  loop6: unable to read partition table
[  565.529367][T15267] loop6: partition table beyond EOD, truncated
[  565.531334][T15267] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  565.680054][T15295] syzkaller0: entered promiscuous mode
[  565.681812][T15295] syzkaller0: entered allmulticast mode
[  565.918582][T15303] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1826'.
[  566.089542][T15314] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  567.267952][   T72] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  567.296990][T15340] loop6: detected capacity change from 0 to 7
[  567.301036][T10608] Dev loop6: unable to read RDB block 7
[  567.304070][T10608]  loop6: unable to read partition table
[  567.305935][T10608] loop6: partition table beyond EOD, truncated
[  567.319271][T15340] Dev loop6: unable to read RDB block 7
[  567.323596][T15340]  loop6: unable to read partition table
[  567.325957][T15340] loop6: partition table beyond EOD, truncated
[  567.328161][T15340] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  567.458747][T15351] syzkaller0: entered promiscuous mode
[  567.460990][T15351] syzkaller0: entered allmulticast mode
[  568.145492][ T6029] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  568.317095][T15368] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1839'.
[  570.759850][T15403] loop6: detected capacity change from 0 to 7
[  570.767326][T15403] Dev loop6: unable to read RDB block 7
[  570.777010][T15403]  loop6: unable to read partition table
[  570.780923][T15403] loop6: partition table beyond EOD, truncated
[  570.786860][T15403] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  572.043798][T15431] tipc: Enabled bearer <eth:team0>, priority 0
[  572.258720][T15435] syzkaller0: entered promiscuous mode
[  572.260685][T15435] syzkaller0: entered allmulticast mode
[  573.044491][ T1336] tipc: Node number set to 2781319134
[  574.311017][T15456] JFS: charset not found
[  574.319029][T15456] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1857'.
[  574.322477][T15456] netlink: 'syz.2.1857': attribute type 5 has an invalid length.
[  574.327227][T15456] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1857'.
[  574.347468][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  574.368265][T15485] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  574.417018][T15456] geneve2: entered promiscuous mode
[  574.754170][T15456] geneve2: entered allmulticast mode
[  574.761963][ T1143] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  574.771369][ T1143] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  574.784885][ T1143] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  574.788808][ T1143] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  575.055689][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  576.634608][ T5975] Bluetooth: hci2: unexpected event for opcode 0x0c13
[  576.710267][   T40] audit: type=1326 audit(1757224294.394:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15528 comm="syz.2.1868" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f41579 code=0x7ffc0000
[  576.718794][   T40] audit: type=1326 audit(1757224294.394:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15528 comm="syz.2.1868" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7f415a7 code=0x7ffc0000
[  576.725579][   T40] audit: type=1326 audit(1757224294.394:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15528 comm="syz.2.1868" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f41579 code=0x7ffc0000
[  576.735015][   T40] audit: type=1326 audit(1757224294.394:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15528 comm="syz.2.1868" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7f415a7 code=0x7ffc0000
[  576.743760][   T40] audit: type=1326 audit(1757224294.394:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15528 comm="syz.2.1868" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f41579 code=0x7ffc0000
[  576.752471][   T40] audit: type=1326 audit(1757224294.394:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15528 comm="syz.2.1868" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7f415a7 code=0x7ffc0000
[  576.761996][   T40] audit: type=1326 audit(1757224294.404:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15528 comm="syz.2.1868" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f41579 code=0x7ffc0000
[  576.769715][   T40] audit: type=1326 audit(1757224294.404:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15528 comm="syz.2.1868" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7f415a7 code=0x7ffc0000
[  576.776213][   T40] audit: type=1326 audit(1757224294.404:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15528 comm="syz.2.1868" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f41579 code=0x7ffc0000
[  576.782756][   T40] audit: type=1326 audit(1757224294.404:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15528 comm="syz.2.1868" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7f415a7 code=0x7ffc0000
[  576.809491][T15529] A link change request failed with some changes committed already. Interface xfrm0 may have been left with an inconsistent configuration, please check.
[  581.080407][T15639] syzkaller0: entered promiscuous mode
[  581.082133][T15639] syzkaller0: entered allmulticast mode
[  582.433493][T15679] syzkaller0: entered promiscuous mode
[  582.435369][T15679] syzkaller0: entered allmulticast mode
[  583.337083][T15715] Bluetooth: hci0: invalid len left 7, exp >= 175
[  583.365364][T15719] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1907'.
[  583.425844][T15726] syzkaller0: entered promiscuous mode
[  583.427679][T15726] syzkaller0: entered allmulticast mode
[  584.513820][T15757] syzkaller0: entered promiscuous mode
[  584.515617][T15757] syzkaller0: entered allmulticast mode
[  584.520913][T15760] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1917'.
[  585.867717][T15822] netlink: 'syz.0.1925': attribute type 1 has an invalid length.
[  585.870680][T15822] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1925'.
[  585.883796][T15822] netlink: 'syz.0.1925': attribute type 2 has an invalid length.
[  585.886496][T15822] netlink: 'syz.0.1925': attribute type 1 has an invalid length.
[  585.888938][T15822] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1925'.
[  587.058362][   T34] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  587.203285][   T34] usb 6-1: Using ep0 maxpacket: 8
[  587.206255][   T34] usb 6-1: config 0 interface 0 has no altsetting 0
[  587.208402][   T34] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  587.211286][   T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  587.215415][   T34] usb 6-1: config 0 descriptor??
[  587.629891][   T34] mcp2221 0003:04D8:00DD.0002: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  588.013326][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  588.841409][T15901] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1940'.
[  588.978160][T15914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  589.836257][T15944] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1946'.
[  589.957252][T15955] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1950'.
[  589.989194][T15958] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1949'.
[  589.992016][T15958] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1949'.
[  590.013333][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  590.879166][T15966] FAULT_INJECTION: forcing a failure.
[  590.879166][T15966] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  590.883454][T15966] CPU: 0 UID: 0 PID: 15966 Comm: syz.2.1954 Not tainted syzkaller #0 PREEMPT(full) 
[  590.883479][T15966] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  590.883491][T15966] Call Trace:
[  590.883497][T15966]  <TASK>
[  590.883504][T15966]  dump_stack_lvl+0x16c/0x1f0
[  590.883535][T15966]  should_fail_ex+0x512/0x640
[  590.883568][T15966]  should_fail_alloc_page+0xe7/0x130
[  590.883593][T15966]  prepare_alloc_pages+0x3c2/0x610
[  590.883624][T15966]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  590.883647][T15966]  ? stack_trace_save+0x8e/0xc0
[  590.883667][T15966]  ? __pfx_stack_trace_save+0x10/0x10
[  590.883687][T15966]  ? stack_depot_save_flags+0x29/0x9c0
[  590.883721][T15966]  ? kasan_save_stack+0x42/0x60
[  590.883747][T15966]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  590.883768][T15966]  ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  590.883789][T15966]  ? __get_vm_area_node+0x1ca/0x330
[  590.883815][T15966]  ? __vmalloc_node_noprof+0xad/0xf0
[  590.883831][T15966]  ? bpf_check+0x1c8/0xc4d0
[  590.883851][T15966]  ? bpf_prog_load+0xe41/0x2490
[  590.883874][T15966]  ? __sys_bpf+0x4a3f/0x4de0
[  590.883894][T15966]  ? __ia32_sys_bpf+0x76/0xe0
[  590.883918][T15966]  ? __do_fast_syscall_32+0x7c/0x3a0
[  590.883946][T15966]  ? do_fast_syscall_32+0x32/0x80
[  590.883981][T15966]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  590.884009][T15966]  ? policy_nodemask+0xea/0x4e0
[  590.884034][T15966]  alloc_pages_mpol+0x1fb/0x550
[  590.884059][T15966]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  590.884090][T15966]  alloc_pages_noprof+0x131/0x390
[  590.884114][T15966]  get_free_pages_noprof+0x10/0xb0
[  590.884139][T15966]  kasan_populate_vmalloc+0x89/0x1f0
[  590.884162][T15966]  alloc_vmap_area+0x959/0x29c0
[  590.884199][T15966]  ? __pfx_alloc_vmap_area+0x10/0x10
[  590.884232][T15966]  __get_vm_area_node+0x1ca/0x330
[  590.884264][T15966]  __vmalloc_node_range_noprof+0x271/0x14b0
[  590.884283][T15966]  ? bpf_check+0x1c8/0xc4d0
[  590.884304][T15966]  ? rcu_is_watching+0x12/0xc0
[  590.884325][T15966]  ? mod_memcg_lruvec_state+0x389/0x5f0
[  590.884356][T15966]  ? bpf_check+0x1c8/0xc4d0
[  590.884375][T15966]  ? rcu_read_unlock+0x17/0x60
[  590.884401][T15966]  ? lockdep_hardirqs_on+0x7c/0x110
[  590.884426][T15966]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  590.884444][T15966]  ? rcu_is_watching+0x12/0xc0
[  590.884462][T15966]  ? rcu_is_watching+0x12/0xc0
[  590.884482][T15966]  ? bpf_check+0x1c8/0xc4d0
[  590.884500][T15966]  __vmalloc_node_noprof+0xad/0xf0
[  590.884515][T15966]  ? bpf_check+0x1c8/0xc4d0
[  590.884537][T15966]  bpf_check+0x1c8/0xc4d0
[  590.884555][T15966]  ? __pfx___mutex_trylock_common+0x10/0x10
[  590.884585][T15966]  ? __lock_acquire+0x62e/0x1ce0
[  590.884619][T15966]  ? __pfx_bpf_check+0x10/0x10
[  590.884637][T15966]  ? __lock_acquire+0xb97/0x1ce0
[  590.884671][T15966]  ? find_held_lock+0x2b/0x80
[  590.884689][T15966]  ? rcu_is_watching+0x12/0xc0
[  590.884706][T15966]  ? ktime_get_with_offset+0x26e/0x3b0
[  590.884728][T15966]  ? __asan_memset+0x23/0x50
[  590.884750][T15966]  ? bpf_obj_name_cpy+0x14a/0x1a0
[  590.884775][T15966]  bpf_prog_load+0xe41/0x2490
[  590.884803][T15966]  ? __pfx_bpf_prog_load+0x10/0x10
[  590.884853][T15966]  __sys_bpf+0x4a3f/0x4de0
[  590.884881][T15966]  ? __pfx___sys_bpf+0x10/0x10
[  590.884907][T15966]  ? ksys_write+0x190/0x250
[  590.884931][T15966]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  590.884973][T15966]  ? fput+0x9b/0xd0
[  590.884997][T15966]  ? ksys_write+0x1ac/0x250
[  590.885018][T15966]  ? __pfx_ksys_write+0x10/0x10
[  590.885041][T15966]  __ia32_sys_bpf+0x76/0xe0
[  590.885067][T15966]  __do_fast_syscall_32+0x7c/0x3a0
[  590.885094][T15966]  do_fast_syscall_32+0x32/0x80
[  590.885124][T15966]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  590.885145][T15966] RIP: 0023:0xf7f41579
[  590.885160][T15966] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  590.885176][T15966] RSP: 002b:00000000f545655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  590.885194][T15966] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000600
[  590.885205][T15966] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000
[  590.885215][T15966] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  590.885226][T15966] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  590.885235][T15966] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  590.885257][T15966]  </TASK>
[  590.885467][T15966] syz.2.1954: vmalloc error: size 264, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
[  590.903763][T14324] usb 6-1: USB disconnect, device number 2
[  590.905172][T15966] ,cpuset=/,mems_allowed=0-1
[  591.035338][T15966] CPU: 0 UID: 0 PID: 15966 Comm: syz.2.1954 Not tainted syzkaller #0 PREEMPT(full) 
[  591.035362][T15966] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  591.035380][T15966] Call Trace:
[  591.035386][T15966]  <TASK>
[  591.035390][T15966]  dump_stack_lvl+0x16c/0x1f0
[  591.035410][T15966]  warn_alloc+0x248/0x3a0
[  591.035426][T15966]  ? __pfx_warn_alloc+0x10/0x10
[  591.035440][T15966]  ? kfree+0x2b4/0x4d0
[  591.035453][T15966]  ? __get_vm_area_node+0x208/0x330
[  591.035473][T15966]  __vmalloc_node_range_noprof+0xb2d/0x14b0
[  591.035485][T15966]  ? rcu_is_watching+0x12/0xc0
[  591.035497][T15966]  ? mod_memcg_lruvec_state+0x389/0x5f0
[  591.035520][T15966]  ? bpf_check+0x1c8/0xc4d0
[  591.035532][T15966]  ? rcu_read_unlock+0x17/0x60
[  591.035548][T15966]  ? lockdep_hardirqs_on+0x7c/0x110
[  591.035563][T15966]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  591.035575][T15966]  ? rcu_is_watching+0x12/0xc0
[  591.035586][T15966]  ? rcu_is_watching+0x12/0xc0
[  591.035599][T15966]  ? bpf_check+0x1c8/0xc4d0
[  591.035610][T15966]  __vmalloc_node_noprof+0xad/0xf0
[  591.035620][T15966]  ? bpf_check+0x1c8/0xc4d0
[  591.035634][T15966]  bpf_check+0x1c8/0xc4d0
[  591.035646][T15966]  ? __pfx___mutex_trylock_common+0x10/0x10
[  591.035665][T15966]  ? __lock_acquire+0x62e/0x1ce0
[  591.035686][T15966]  ? __pfx_bpf_check+0x10/0x10
[  591.035697][T15966]  ? __lock_acquire+0xb97/0x1ce0
[  591.035718][T15966]  ? find_held_lock+0x2b/0x80
[  591.035730][T15966]  ? rcu_is_watching+0x12/0xc0
[  591.035740][T15966]  ? ktime_get_with_offset+0x26e/0x3b0
[  591.035755][T15966]  ? __asan_memset+0x23/0x50
[  591.035766][T15966]  ? bpf_obj_name_cpy+0x14a/0x1a0
[  591.035783][T15966]  bpf_prog_load+0xe41/0x2490
[  591.035802][T15966]  ? __pfx_bpf_prog_load+0x10/0x10
[  591.035831][T15966]  __sys_bpf+0x4a3f/0x4de0
[  591.035848][T15966]  ? __pfx___sys_bpf+0x10/0x10
[  591.035864][T15966]  ? ksys_write+0x190/0x250
[  591.035879][T15966]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  591.035903][T15966]  ? fput+0x9b/0xd0
[  591.035918][T15966]  ? ksys_write+0x1ac/0x250
[  591.035930][T15966]  ? __pfx_ksys_write+0x10/0x10
[  591.035945][T15966]  __ia32_sys_bpf+0x76/0xe0
[  591.035962][T15966]  __do_fast_syscall_32+0x7c/0x3a0
[  591.035980][T15966]  do_fast_syscall_32+0x32/0x80
[  591.035997][T15966]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  591.036010][T15966] RIP: 0023:0xf7f41579
[  591.036019][T15966] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  591.036029][T15966] RSP: 002b:00000000f545655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  591.036039][T15966] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000600
[  591.036046][T15966] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000
[  591.036052][T15966] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  591.036058][T15966] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  591.036064][T15966] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  591.036078][T15966]  </TASK>
[  591.036128][T15966] Mem-Info:
[  591.063295][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  591.151363][T15966] active_anon:18275 inactive_anon:48 isolated_anon:0
[  591.151363][T15966]  active_file:6574 inactive_file:15966 isolated_file:0
[  591.151363][T15966]  unevictable:1768 dirty:211 writeback:0
[  591.151363][T15966]  slab_reclaimable:6280 slab_unreclaimable:56235
[  591.151363][T15966]  mapped:29064 shmem:14843 pagetables:1293
[  591.151363][T15966]  sec_pagetables:328 bounce:0
[  591.151363][T15966]  kernel_misc_reclaimable:0
[  591.151363][T15966]  free:59878 free_pcp:12220 free_cma:0
[  591.165584][T15966] Node 0 active_anon:452kB inactive_anon:24kB active_file:788kB inactive_file:80kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:312kB dirty:4kB writeback:0kB shmem:3684kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:7896kB pagetables:1460kB sec_pagetables:1148kB all_unreclaimable? yes Balloon:0kB
[  591.178153][T15966] Node 1 active_anon:72648kB inactive_anon:168kB active_file:25508kB inactive_file:63784kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:115944kB dirty:840kB writeback:0kB shmem:55688kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:4924kB pagetables:3712kB sec_pagetables:164kB all_unreclaimable? no Balloon:0kB
[  591.190659][T15966] Node 0 DMA free:2092kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:624kB local_pcp:36kB free_cma:0kB
[  591.199871][T15966] lowmem_reserve[]: 0 288 288 288 288
[  591.201574][T15966] Node 0 DMA32 free:20180kB boost:2048kB min:15268kB low:18572kB high:21876kB reserved_highatomic:4096KB free_highatomic:1700KB active_anon:452kB inactive_anon:24kB active_file:788kB inactive_file:80kB unevictable:3536kB writepending:4kB present:1032196kB managed:295104kB mlocked:0kB bounce:0kB free_pcp:14168kB local_pcp:4044kB free_cma:0kB
[  591.211361][T15966] lowmem_reserve[]: 0 0 0 0 0
[  591.212868][T15966] Node 1 DMA32 free:217240kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:2048KB free_highatomic:2048KB active_anon:72648kB inactive_anon:168kB active_file:25508kB inactive_file:63784kB unevictable:3536kB writepending:840kB present:1048432kB managed:948220kB mlocked:0kB bounce:0kB free_pcp:33804kB local_pcp:11664kB free_cma:0kB
[  591.223465][T15966] lowmem_reserve[]: 0 0 0 0 0
[  591.225361][T15966] Node 0 DMA: 1*4kB (M) 5*8kB (U) 4*16kB (U) 6*32kB (U) 2*64kB (UM) 1*128kB (M) 0*256kB 1*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 2092kB
[  591.230948][T15966] Node 0 DMA32: 343*4kB (UH) 329*8kB (UH) 153*16kB (UMH) 69*32kB (UMH) 62*64kB (UMH) 39*128kB (UMH) 2*256kB (U) 4*512kB (UMH) 0*1024kB 0*2048kB 0*4096kB = 20180kB
[  591.236201][T15966] Node 1 DMA32: 0*4kB 387*8kB (UME) 240*16kB (UME) 65*32kB (UME) 216*64kB (UME) 86*128kB (UME) 100*256kB (UME) 86*512kB (UME) 35*1024kB (UM) 20*2048kB (UMH) 9*4096kB (U) = 217144kB
[  591.242090][T15966] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  591.245462][T15966] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  591.248319][T15966] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  591.251248][T15966] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  591.254182][T15966] 37917 total pagecache pages
[  591.255691][T15966] 538 pages in swap cache
[  591.257547][T15966] Free swap  = 119264kB
[  591.259205][T15966] Total swap = 124996kB
[  591.260850][T15966] 524155 pages RAM
[  591.262339][T15966] 0 pages HighMem/MovableOnly
[  591.264878][T15966] 209484 pages reserved
[  591.266231][T15966] 0 pages cma reserved
[  591.635572][T15978] netlink: 'syz.2.1956': attribute type 13 has an invalid length.
[  591.900396][T15978] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  591.954700][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  592.463346][T14959] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  592.592338][T16032] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1963'.
[  592.596812][T16032] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1963'.
[  594.534450][T16077] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1973'.
[  594.537856][T16077] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1973'.
[  596.285348][T16165] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1983'.
[  596.303089][T16165] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1983'.
[  599.248870][T16211] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1993'.
[  599.252541][T16211] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1993'.
[  605.795004][T16341] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2016'.
[  607.541727][T16413] syzkaller1: entered promiscuous mode
[  607.547177][T16413] syzkaller1: entered allmulticast mode
[  612.084706][T16474] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2043'.
[  614.835584][T16568] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2058'.
[  614.853422][T16580] loop6: detected capacity change from 0 to 7
[  614.864469][T10608] Dev loop6: unable to read RDB block 7
[  614.866578][T10608]  loop6: unable to read partition table
[  614.868722][T10608] loop6: partition table beyond EOD, truncated
[  614.873115][T16580] Dev loop6: unable to read RDB block 7
[  614.876069][T16580]  loop6: unable to read partition table
[  614.877706][T16580] loop6: partition table beyond EOD, truncated
[  614.881002][T16580] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  615.783300][ T5986] Bluetooth: hci3: command 0x0c1a tx timeout
[  618.743293][    C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  618.921332][T16700] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  618.927758][T16700] syzkaller0: entered promiscuous mode
[  618.929635][T16700] syzkaller0: entered allmulticast mode
[  619.282174][T16718] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2075'.
[  621.610864][T16753] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  621.615955][T16753] syzkaller0: entered promiscuous mode
[  621.617980][T16753] syzkaller0: entered allmulticast mode
[  622.294611][T16796] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  622.302331][T16796] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  622.385379][T16796] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  622.388676][T16796] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  622.460908][T16796] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  622.464996][T16796] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  622.570735][T16796] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  622.575391][T16796] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  622.670362][ T8517] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  622.673140][ T8517] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  622.684833][ T8517] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  622.687498][ T8517] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  622.696155][ T8508] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  622.699073][ T8508] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  622.711228][ T8508] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  622.714000][ T8508] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[  623.855509][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  623.857575][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  624.007940][T16879] veth0_to_bridge: entered promiscuous mode
[  624.178845][T16874] veth0_to_bridge: left promiscuous mode
[  625.792466][T16953] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 8, id = 0
[  626.599020][T16970] syzkaller0: entered promiscuous mode
[  628.641184][T17033] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  628.650026][T17033] syzkaller0: entered promiscuous mode
[  628.651760][T17033] syzkaller0: entered allmulticast mode
[  628.679957][T17033] tipc: Resetting bearer <eth:syzkaller0>
[  628.689735][T17031] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2115'.
[  629.015803][T17032] tipc: Resetting bearer <eth:syzkaller0>
[  629.029813][T17032] tipc: Disabling bearer <eth:syzkaller0>
[  629.526645][T17050] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2121'.
[  631.212264][T17123] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  631.223274][T17123] syzkaller0: entered promiscuous mode
[  631.225138][T17123] syzkaller0: entered allmulticast mode
[  631.438738][T17130] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2132'.
[  631.441789][T17130] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2132'.
[  632.105125][T17137] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2133'.
[  632.182697][T17136] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2134'.
[  633.247849][T17189] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2141'.
[  633.265613][T17191] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  633.269479][T17191] syzkaller0: entered promiscuous mode
[  633.271329][T17191] syzkaller0: entered allmulticast mode
[  634.912156][T17252] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  634.918365][T17252] syzkaller0: entered promiscuous mode
[  634.920636][T17252] syzkaller0: entered allmulticast mode
[  634.924534][T17254] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2151'.
[  634.938749][T17252] tipc: Resetting bearer <eth:syzkaller0>
[  634.953360][T17251] tipc: Resetting bearer <eth:syzkaller0>
[  634.971136][T17251] tipc: Disabling bearer <eth:syzkaller0>
[  635.380097][T17263] openvswitch: : Dropping previously announced user features
[  635.383775][T17263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2153'.
[  635.616582][T17298] veth0_to_bridge: entered promiscuous mode
[  635.986897][T17291] veth0_to_bridge: left promiscuous mode
[  636.264719][T17331] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  636.277498][T17331] syzkaller0: entered promiscuous mode
[  636.279278][T17331] syzkaller0: entered allmulticast mode
[  636.314282][T17331] syzkaller0: mtu greater than device maximum
[  636.321664][T17330] tipc: Resetting bearer <eth:syzkaller0>
[  636.337783][T17330] tipc: Disabling bearer <eth:syzkaller0>
[  636.475211][T17341] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2160'.
[  637.374245][T17378] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  637.552881][T17378] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  637.689010][T17378] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  638.063765][T17378] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  638.195292][T14919] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  638.264637][ T8508] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  638.272995][ T8515] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  638.285961][ T8515] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  638.643624][T17431] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2173'.
[  638.645055][T17408] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2169'.
[  638.649731][T17408] bridge_slave_1: left allmulticast mode
[  638.652048][T17408] bridge_slave_1: left promiscuous mode
[  638.654627][T17408] bridge0: port 2(bridge_slave_1) entered disabled state
[  638.660354][T17408] bridge_slave_0: left allmulticast mode
[  638.662253][T17408] bridge_slave_0: left promiscuous mode
[  638.677721][T17408] bridge0: port 1(bridge_slave_0) entered disabled state
[  640.445194][T17492] netlink: 248 bytes leftover after parsing attributes in process `syz.1.2179'.
[  640.448165][T17492] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2179'.
[  640.461984][T17492] netlink: 'syz.1.2179': attribute type 27 has an invalid length.
[  641.848565][T17519] block device autoloading is deprecated and will be removed.
[  642.609311][T17529] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2185'.
[  643.719903][T17562] comedi comedi0: Minor 240 is invalid!
[  644.481663][T14959] IPVS: starting estimator thread 0...
[  644.573421][T17609] IPVS: using max 43 ests per chain, 103200 per kthread
[  648.608697][   T24] IPVS: starting estimator thread 0...
[  648.693304][T17745] IPVS: using max 43 ests per chain, 103200 per kthread
[  650.199408][T17779] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2222'.
[  650.202432][T17779] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2222'.
[  651.228281][  T844] IPVS: starting estimator thread 0...
[  651.497251][T17827] IPVS: using max 43 ests per chain, 103200 per kthread
[  654.498006][T17875] syzkaller0: entered promiscuous mode
[  654.500306][T17875] syzkaller0: entered allmulticast mode
[  654.561249][T17879] ntfs3(nbd2): try to read out of volume at offset 0x0
[  658.056552][T18005] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  658.059206][T18005] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  658.063755][T18005] vhci_hcd vhci_hcd.0: Device attached
[  658.076243][T18005] Device name cannot be null; rc = [-22]
[  658.108414][T18005] lo speed is unknown, defaulting to 1000
[  658.111571][T18005] lo speed is unknown, defaulting to 1000
[  658.125130][T18005] lo speed is unknown, defaulting to 1000
[  658.145723][T18005] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  658.187776][T18005] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  658.268392][T18005] lo speed is unknown, defaulting to 1000
[  658.277162][T18005] lo speed is unknown, defaulting to 1000
[  658.284580][T18005] lo speed is unknown, defaulting to 1000
[  658.292121][T18005] lo speed is unknown, defaulting to 1000
[  658.313512][ T6014] usb 41-1: new low-speed USB device number 2 using vhci_hcd
[  658.630760][T18007] vhci_hcd: connection reset by peer
[  658.632639][ T8515] vhci_hcd: stop threads
[  658.634176][ T8515] vhci_hcd: release socket
[  658.635812][ T8515] vhci_hcd: disconnect device
[  659.617085][T18073] FAULT_INJECTION: forcing a failure.
[  659.617085][T18073] name failslab, interval 1, probability 0, space 0, times 0
[  659.621073][T18073] CPU: 2 UID: 0 PID: 18073 Comm: syz.1.2263 Not tainted syzkaller #0 PREEMPT(full) 
[  659.621088][T18073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  659.621096][T18073] Call Trace:
[  659.621100][T18073]  <TASK>
[  659.621104][T18073]  dump_stack_lvl+0x16c/0x1f0
[  659.621157][T18073]  should_fail_ex+0x512/0x640
[  659.621181][T18073]  ? __kmalloc_cache_node_noprof+0x5a/0x420
[  659.621196][T18073]  should_failslab+0xc2/0x120
[  659.621211][T18073]  __kmalloc_cache_node_noprof+0x6d/0x420
[  659.621223][T18073]  ? trace_kmalloc+0x2b/0xd0
[  659.621237][T18073]  ? page_pool_create_percpu+0x7a/0xcb0
[  659.621250][T18073]  ? kasan_addr_to_slab+0x50/0x80
[  659.621265][T18073]  page_pool_create_percpu+0x7a/0xcb0
[  659.621279][T18073]  bpf_test_run_xdp_live+0x18e/0x500
[  659.621296][T18073]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  659.621316][T18073]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  659.621343][T18073]  ? _copy_from_user+0x59/0xd0
[  659.621356][T18073]  ? bpf_test_init.isra.0+0x6b/0x140
[  659.621371][T18073]  bpf_prog_test_run_xdp+0x824/0x1590
[  659.621391][T18073]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  659.621408][T18073]  ? __might_fault+0x20/0x190
[  659.621438][T18073]  ? fput+0x9b/0xd0
[  659.621455][T18073]  ? __bpf_prog_get+0x97/0x2a0
[  659.621468][T18073]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  659.621484][T18073]  __sys_bpf+0x1050/0x4de0
[  659.621502][T18073]  ? __pfx___sys_bpf+0x10/0x10
[  659.621518][T18073]  ? ksys_write+0x190/0x250
[  659.621532][T18073]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  659.621562][T18073]  ? fput+0x9b/0xd0
[  659.621576][T18073]  ? ksys_write+0x1ac/0x250
[  659.621588][T18073]  ? __pfx_ksys_write+0x10/0x10
[  659.621603][T18073]  __ia32_sys_bpf+0x76/0xe0
[  659.621620][T18073]  __do_fast_syscall_32+0x7c/0x3a0
[  659.621637][T18073]  do_fast_syscall_32+0x32/0x80
[  659.621654][T18073]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  659.621667][T18073] RIP: 0023:0xf702e579
[  659.621677][T18073] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  659.621688][T18073] RSP: 002b:00000000f541e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  659.621698][T18073] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000600
[  659.621705][T18073] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  659.621711][T18073] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  659.621717][T18073] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  659.621724][T18073] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  659.621737][T18073]  </TASK>
[  660.280298][T18087] syzkaller0: entered promiscuous mode
[  660.282297][T18087] syzkaller0: entered allmulticast mode
[  661.844485][T18117] syzkaller0: entered promiscuous mode
[  661.846445][T18117] syzkaller0: entered allmulticast mode
[  662.152593][T18130] sch_fq: defrate 53322 ignored.
[  662.836691][T18144] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2284'.
[  662.839921][T18144] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2284'.
[  663.106152][T18155] syzkaller0: entered promiscuous mode
[  663.108835][T18155] syzkaller0: entered allmulticast mode
[  663.451002][ T6014] vhci_hcd: vhci_device speed not set
[  663.659244][T18168] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2291'.
[  663.662056][T18168] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2291'.
[  664.443272][   T61] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  664.623436][   T61] usb 8-1: Using ep0 maxpacket: 8
[  664.637052][   T61] usb 8-1: config 1 interface 0 altsetting 4 bulk endpoint 0x1 has invalid maxpacket 16
[  664.641446][   T61] usb 8-1: config 1 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  664.650945][   T61] usb 8-1: config 1 interface 0 has no altsetting 0
[  664.658179][   T61] usb 8-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40
[  664.661888][   T61] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  664.668268][   T61] usb 8-1: Product: syz
[  664.670140][   T61] usb 8-1: Manufacturer: 胾෩ꙶ潹껎齫祕知쫑亖�먜삾䛯䦗䕺⿿徦⃃놜錪�䴻��唚�겤沠鹱풅ㆮ䴣蓻ꩯꟚ閆ꇨ쫎ㄿ辴鰪멫�᾿宷붴�ᙩˈ腄싅﫯
[  664.678510][   T61] usb 8-1: SerialNumber: syz
[  664.695683][T18178] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  664.698767][T18178] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  665.005831][   T61] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 4 proto 1 vid 0x04B8 pid 0x0202
[  665.013851][   T61] usb 8-1: USB disconnect, device number 3
[  665.024386][   T61] usblp0: removed
[  665.085727][T18183] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2294'.
[  665.089819][T18183] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2294'.
[  665.182448][T18195] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2298'.
[  665.223635][T18198] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  665.229104][T18198] tipc: Resetting bearer <eth:syzkaller0>
[  665.236696][T18197] tipc: Disabling bearer <eth:syzkaller0>
[  665.335808][T18210] ntfs3(nbd1): try to read out of volume at offset 0x0
[  667.030754][T18221] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2304'.
[  667.034581][T18221] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2304'.
[  667.197888][T18227] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  667.204175][T18227] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  667.218058][T18227] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  667.225755][T18227] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  667.236402][T18227] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  667.276328][T18225] lo speed is unknown, defaulting to 1000
[  667.365778][T18225] chnl_net:caif_netlink_parms(): no params data found
[  667.480537][ T8508] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  667.487640][T18225] bridge0: port 1(bridge_slave_0) entered blocking state
[  667.490016][T18225] bridge0: port 1(bridge_slave_0) entered disabled state
[  667.492293][T18225] bridge_slave_0: entered allmulticast mode
[  667.495844][T18225] bridge_slave_0: entered promiscuous mode
[  667.500328][T18225] bridge0: port 2(bridge_slave_1) entered blocking state
[  667.503694][T18225] bridge0: port 2(bridge_slave_1) entered disabled state
[  667.506107][T18225] bridge_slave_1: entered allmulticast mode
[  667.508811][T18225] bridge_slave_1: entered promiscuous mode
[  667.547312][T18225] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  667.550342][T18245] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  667.562338][ T8508] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  667.571695][T18225] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  667.589969][T18245] tipc: Resetting bearer <eth:syzkaller0>
[  667.609587][T18244] tipc: Disabling bearer <eth:syzkaller0>
[  667.614924][T18225] team0: Port device team_slave_0 added
[  667.618287][T18225] team0: Port device team_slave_1 added
[  667.650680][T18225] batman_adv: batadv0: Adding interface: batadv_slave_0
[  667.652873][T18225] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  667.661302][T18225] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  667.667228][T18225] batman_adv: batadv0: Adding interface: batadv_slave_1
[  667.669543][T18225] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  667.680097][T18225] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  667.691937][ T8508] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  667.739924][T18225] hsr_slave_0: entered promiscuous mode
[  667.742150][T18225] hsr_slave_1: entered promiscuous mode
[  667.744738][T18225] debugfs: 'hsr0' already exists in 'hsr'
[  667.746654][T18225] Cannot create hsr debugfs directory
[  667.803816][ T8508] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  667.930690][ T8508] bridge_slave_1: left allmulticast mode
[  667.932839][ T8508] bridge_slave_1: left promiscuous mode
[  667.935954][ T8508] bridge0: port 2(bridge_slave_1) entered disabled state
[  667.940759][ T8508] bridge_slave_0: left allmulticast mode
[  667.942635][ T8508] bridge_slave_0: left promiscuous mode
[  667.944909][ T8508] bridge0: port 1(bridge_slave_0) entered disabled state
[  668.195375][   T61] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  668.343392][   T61] usb 6-1: Using ep0 maxpacket: 8
[  668.348461][   T61] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  668.353406][   T61] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  668.357515][   T61] usb 6-1: config 0 interface 0 has no altsetting 0
[  668.360314][   T61] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  668.364241][   T61] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  668.370016][   T61] usb 6-1: config 0 descriptor??
[  668.834305][   T61] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0
[  668.841099][   T61] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0
[  668.843574][   T61] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0
[  668.847266][   T61] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0
[  668.849538][   T61] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0
[  668.857776][   T61] mcp2221 0003:04D8:00DD.0003: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  668.909315][ T8508] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  668.914052][ T8508] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  668.917587][ T8508] bond0 (unregistering): Released all slaves
[  668.989692][ T8508] : left promiscuous mode
[  669.031864][ T6058] usb 6-1: USB disconnect, device number 3
[  669.097849][ T8508] tipc: Disabling bearer <eth:team0>
[  669.100558][ T8508] tipc: Left network mode
[  669.173777][   T40] kauditd_printk_skb: 178 callbacks suppressed
[  669.173789][   T40] audit: type=1326 audit(1757224386.864:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18282 comm="syz.2.2317" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f41579 code=0x0
[  669.267651][ T8508] hsr_slave_0: left promiscuous mode
[  669.271404][ T8508] hsr_slave_1: left promiscuous mode
[  669.274594][ T8508] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  669.276969][ T8508] batman_adv: batadv0: Removing interface: batadv_slave_0
[  669.279677][ T8508] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  669.281943][ T8508] batman_adv: batadv0: Removing interface: batadv_slave_1
[  669.293741][ T5975] Bluetooth: hci4: command tx timeout
[  669.311342][ T8508] veth1_macvtap: left promiscuous mode
[  669.313617][ T8508] veth0_macvtap: left promiscuous mode
[  669.823231][ T8508] team0 (unregistering): Port device team_slave_1 removed
[  669.918224][ T8508] team0 (unregistering): Port device team_slave_0 removed
[  670.594426][T18316] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2322'.
[  670.699327][T18225] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  670.704508][T18225] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  670.709008][T18225] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  670.712908][T18225] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  670.755216][T18225] 8021q: adding VLAN 0 to HW filter on device bond0
[  670.769441][T18225] 8021q: adding VLAN 0 to HW filter on device team0
[  670.788417][ T8516] bridge0: port 1(bridge_slave_0) entered blocking state
[  670.791471][ T8516] bridge0: port 1(bridge_slave_0) entered forwarding state
[  670.801740][ T8515] bridge0: port 2(bridge_slave_1) entered blocking state
[  670.805576][ T8515] bridge0: port 2(bridge_slave_1) entered forwarding state
[  670.828401][T18225] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  670.831646][T18225] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  670.991387][T18225] 8021q: adding VLAN 0 to HW filter on device batadv0
[  671.019345][T18225] veth0_vlan: entered promiscuous mode
[  671.024724][T18225] veth1_vlan: entered promiscuous mode
[  671.051037][T18225] veth0_macvtap: entered promiscuous mode
[  671.059601][T18225] veth1_macvtap: entered promiscuous mode
[  671.061266][ T8508] IPVS: stop unused estimator thread 0...
[  671.072958][T18225] batman_adv: batadv0: Interface activated: batadv_slave_0
[  671.082859][T18225] batman_adv: batadv0: Interface activated: batadv_slave_1
[  671.092468][ T8515] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  671.096484][ T8515] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  671.099410][ T8515] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  671.102437][ T8515] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  671.173565][ T8508] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  671.183286][ T8508] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  671.184628][ T8516] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  671.188030][ T8516] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  671.373972][ T5975] Bluetooth: hci4: command tx timeout
[  672.615838][T18409] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  672.626531][T18409] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2332'.
[  672.674546][T18413] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  672.677473][T18413] syzkaller0: entered promiscuous mode
[  672.679230][T18413] syzkaller0: entered allmulticast mode
[  672.696994][T18412] tipc: Resetting bearer <eth:syzkaller0>
[  672.706995][T18412] tipc: Disabling bearer <eth:syzkaller0>
[  673.457094][ T5975] Bluetooth: hci4: command tx timeout
[  673.488948][T18441] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2338'.
[  673.499157][T18441] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2338'.
[  674.305106][T18452] FAULT_INJECTION: forcing a failure.
[  674.305106][T18452] name failslab, interval 1, probability 0, space 0, times 0
[  674.309243][T18452] CPU: 3 UID: 0 PID: 18452 Comm: syz.3.2342 Not tainted syzkaller #0 PREEMPT(full) 
[  674.309258][T18452] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  674.309265][T18452] Call Trace:
[  674.309269][T18452]  <TASK>
[  674.309274][T18452]  dump_stack_lvl+0x16c/0x1f0
[  674.309322][T18452]  should_fail_ex+0x512/0x640
[  674.309340][T18452]  ? fs_reclaim_acquire+0xae/0x150
[  674.309357][T18452]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  674.309373][T18452]  should_failslab+0xc2/0x120
[  674.309401][T18452]  __kmalloc_noprof+0xd2/0x510
[  674.309419][T18452]  tomoyo_realpath_from_path+0xc2/0x6e0
[  674.309436][T18452]  ? tomoyo_profile+0x47/0x60
[  674.309447][T18452]  tomoyo_path_number_perm+0x245/0x580
[  674.309460][T18452]  ? tomoyo_path_number_perm+0x237/0x580
[  674.309475][T18452]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  674.309503][T18452]  ? find_held_lock+0x2b/0x80
[  674.309514][T18452]  ? hook_file_ioctl_common+0x145/0x410
[  674.309532][T18452]  ? __fget_files+0x20e/0x3c0
[  674.309546][T18452]  security_file_ioctl_compat+0x9b/0x240
[  674.309562][T18452]  __ia32_compat_sys_ioctl+0xc3/0x370
[  674.309582][T18452]  __do_fast_syscall_32+0x7c/0x3a0
[  674.309600][T18452]  do_fast_syscall_32+0x32/0x80
[  674.309617][T18452]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  674.309630][T18452] RIP: 0023:0xf704e579
[  674.309639][T18452] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  674.309650][T18452] RSP: 002b:00000000f543e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  674.309660][T18452] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000004020ae76
[  674.309667][T18452] RDX: 0000000080000140 RSI: 0000000000000000 RDI: 0000000000000000
[  674.309673][T18452] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  674.309683][T18452] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  674.309689][T18452] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  674.309702][T18452]  </TASK>
[  674.309779][T18452] ERROR: Out of memory at tomoyo_realpath_from_path.
[  674.479988][T18460] vlan2: entered promiscuous mode
[  674.481625][T18460] bridge0: entered promiscuous mode
[  674.487118][   T40] audit: type=1326 audit(1757224392.174:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18453 comm="syz.1.2343" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  674.489074][T18460] macvlan2: entered allmulticast mode
[  674.494634][   T40] audit: type=1326 audit(1757224392.174:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18453 comm="syz.1.2343" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  674.497239][T18460] veth1_vlan: entered allmulticast mode
[  674.502789][   T40] audit: type=1326 audit(1757224392.174:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18453 comm="syz.1.2343" exe="/syz-executor" sig=0 arch=40000003 syscall=374 compat=1 ip=0xf702e579 code=0x7ffc0000
[  674.507499][T18460] veth1_vlan: left allmulticast mode
[  674.511823][   T40] audit: type=1326 audit(1757224392.174:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18453 comm="syz.1.2343" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  674.519967][   T40] audit: type=1326 audit(1757224392.174:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18453 comm="syz.1.2343" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  674.527552][   T40] audit: type=1326 audit(1757224392.174:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18453 comm="syz.1.2343" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  674.534275][   T40] audit: type=1326 audit(1757224392.174:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18453 comm="syz.1.2343" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  674.540848][   T40] audit: type=1326 audit(1757224392.174:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18453 comm="syz.1.2343" exe="/syz-executor" sig=0 arch=40000003 syscall=426 compat=1 ip=0xf702e579 code=0x7ffc0000
[  674.547588][   T40] audit: type=1326 audit(1757224392.174:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18453 comm="syz.1.2343" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[  674.562746][   T40] audit: type=1326 audit(1757224392.174:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18453 comm="syz.1.2343" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf702e579 code=0x7ffc0000
[  675.035753][T18488] binder: 18480:18488 ioctl 4018620d 0 returned -22
[  675.533413][ T5975] Bluetooth: hci4: command tx timeout
[  675.711557][T18503] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2351'.
[  675.723389][T18503] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2351'.
[  676.195485][T18508] tipc: Started in network mode
[  676.197106][T18508] tipc: Node identity 2e53ecda1bbf, cluster identity 4711
[  676.199904][T18508] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  676.221327][T18505] syzkaller0: entered promiscuous mode
[  676.227960][T18505] syzkaller0: entered allmulticast mode
[  676.290538][T18504] tipc: Resetting bearer <eth:syzkaller0>
[  676.300281][T18504] tipc: Disabling bearer <eth:syzkaller0>
[  677.435195][T18227] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  677.438933][T18227] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  677.441734][T18227] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  677.444962][T18227] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  677.447596][T18227] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  677.476400][T18529] lo speed is unknown, defaulting to 1000
[  677.488976][T18533] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  677.491827][T18533] syzkaller0: entered promiscuous mode
[  677.495492][T18533] syzkaller0: entered allmulticast mode
[  677.527872][T18533] tipc: Resetting bearer <eth:syzkaller0>
[  677.534335][T18532] tipc: Resetting bearer <eth:syzkaller0>
[  677.542291][T18532] tipc: Disabling bearer <eth:syzkaller0>
[  677.612245][T18529] chnl_net:caif_netlink_parms(): no params data found
[  677.697341][T18529] bridge0: port 1(bridge_slave_0) entered blocking state
[  677.699520][T18529] bridge0: port 1(bridge_slave_0) entered disabled state
[  677.701692][T18529] bridge_slave_0: entered allmulticast mode
[  677.704705][T18529] bridge_slave_0: entered promiscuous mode
[  677.707690][T18529] bridge0: port 2(bridge_slave_1) entered blocking state
[  677.709890][T18529] bridge0: port 2(bridge_slave_1) entered disabled state
[  677.712040][T18529] bridge_slave_1: entered allmulticast mode
[  677.724319][T18529] bridge_slave_1: entered promiscuous mode
[  677.738185][ T8516] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  677.796051][T18529] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  677.800764][T18529] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  677.812226][T18563] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2359'.
[  677.822756][ T8516] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  677.848068][T18529] team0: Port device team_slave_0 added
[  677.852104][T18529] team0: Port device team_slave_1 added
[  677.901411][ T8516] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  677.909915][T18529] batman_adv: batadv0: Adding interface: batadv_slave_0
[  677.912048][T18529] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  677.921123][T18529] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  677.925789][T18529] batman_adv: batadv0: Adding interface: batadv_slave_1
[  677.927957][T18529] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  677.938189][T18529] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  677.969043][ T8516] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  677.995289][T18529] hsr_slave_0: entered promiscuous mode
[  677.997524][T18529] hsr_slave_1: entered promiscuous mode
[  679.533506][ T5975] Bluetooth: hci0: command tx timeout
[  679.669465][ T8516] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  679.674457][ T8516] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  679.679396][ T8516] bond0 (unregistering): Released all slaves
[  679.843496][ T8516] tipc: Left network mode
[  679.886616][ T8516] IPVS: stopping backup sync thread 16953 ...
[  680.295465][ T8516] hsr_slave_0: left promiscuous mode
[  680.297720][ T8516] hsr_slave_1: left promiscuous mode
[  680.299676][ T8516] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  680.302343][ T8516] batman_adv: batadv0: Removing interface: batadv_slave_0
[  680.307776][ T8516] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  680.310428][ T8516] batman_adv: batadv0: Removing interface: batadv_slave_1
[  680.332495][ T8516] veth1_macvtap: left promiscuous mode
[  680.335816][ T8516] veth0_macvtap: left promiscuous mode
[  680.338045][ T8516] veth1_vlan: left promiscuous mode
[  680.339907][ T8516] veth0_vlan: left promiscuous mode
[  680.986632][ T8516] team0 (unregistering): Port device team_slave_1 removed
[  681.066152][ T8516] team0 (unregistering): Port device team_slave_0 removed
[  681.623306][ T5975] Bluetooth: hci0: command tx timeout
[  681.662101][T18612] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  681.666979][T18613] syzkaller0: entered promiscuous mode
[  681.673355][T18613] syzkaller0: entered allmulticast mode
[  681.706299][T18610] tipc: Resetting bearer <eth:syzkaller0>
[  681.715253][T18529] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  681.729722][T18609] tipc: Resetting bearer <eth:syzkaller0>
[  681.747843][T18609] tipc: Disabling bearer <eth:syzkaller0>
[  681.756599][T18529] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  681.761701][T18529] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  681.766180][T18621] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2368'.
[  681.769658][T18529] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  681.826264][T18529] 8021q: adding VLAN 0 to HW filter on device bond0
[  681.841177][T18529] 8021q: adding VLAN 0 to HW filter on device team0
[  681.847859][ T8517] bridge0: port 1(bridge_slave_0) entered blocking state
[  681.850072][ T8517] bridge0: port 1(bridge_slave_0) entered forwarding state
[  681.855585][ T8517] bridge0: port 2(bridge_slave_1) entered blocking state
[  681.857718][ T8517] bridge0: port 2(bridge_slave_1) entered forwarding state
[  682.096511][T18529] 8021q: adding VLAN 0 to HW filter on device batadv0
[  682.215423][T18646] Invalid ELF header magic: != ELF
[  682.259442][T18529] veth0_vlan: entered promiscuous mode
[  682.268992][T18633] kernel profiling enabled (shift: 17)
[  682.271940][T18529] veth1_vlan: entered promiscuous mode
[  682.316744][T18529] veth0_macvtap: entered promiscuous mode
[  682.320575][T18529] veth1_macvtap: entered promiscuous mode
[  682.331938][T18529] batman_adv: batadv0: Interface activated: batadv_slave_0
[  682.348967][T18529] batman_adv: batadv0: Interface activated: batadv_slave_1
[  682.355747][T14919] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  682.358825][T14919] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  682.362003][T14919] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  682.369201][T14919] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  682.448848][ T8516] IPVS: stop unused estimator thread 0...
[  682.495986][T14919] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  682.499496][T14919] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  682.539503][ T8515] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  682.548494][ T8515] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  682.723306][T18658] netlink: 'syz.1.2374': attribute type 11 has an invalid length.
[  683.206407][T18683] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2380'.
[  683.228986][T18685] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2381'.
[  683.693858][T18227] Bluetooth: hci0: command tx timeout
[  685.138362][T18736] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2391'.
[  685.300856][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  685.302997][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  685.762614][T18753] Bluetooth: MGMT ver 1.23
[  685.783469][T18227] Bluetooth: hci0: command tx timeout
[  685.974481][T18766] binder: 18754:18766 ioctl 4018620d 0 returned -22
[  686.053347][T18770] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  686.477426][   T72] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  686.793392][   T72] usb 6-1: Using ep0 maxpacket: 16
[  686.796633][   T72] usb 6-1: config 0 has no interfaces?
[  686.800146][   T72] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  686.803016][   T72] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  686.805594][   T72] usb 6-1: Product: syz
[  686.806815][   T72] usb 6-1: Manufacturer: syz
[  686.808223][   T72] usb 6-1: SerialNumber: syz
[  686.819570][   T72] usb 6-1: config 0 descriptor??
[  686.849130][T18779] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2400'.
[  687.053448][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  687.065839][T18792] loop6: detected capacity change from 0 to 63
[  687.069011][T18790] fuse: Unknown parameter 'group_id00000000000000000000'
[  687.073078][T10608] Buffer I/O error on dev loop6, logical block 0, async page read
[  687.076734][T10608] Buffer I/O error on dev loop6, logical block 0, async page read
[  687.079670][T10608] Buffer I/O error on dev loop6, logical block 0, async page read
[  687.142199][T10608] Buffer I/O error on dev loop6, logical block 0, async page read
[  687.150964][T10608] Buffer I/O error on dev loop6, logical block 0, async page read
[  687.158320][   T72] usb 6-1: USB disconnect, device number 4
[  687.171254][T18794] Buffer I/O error on dev loop6, logical block 0, async page read
[  687.175795][T18792] Buffer I/O error on dev loop6, logical block 0, async page read
[  687.178311][T18792] Buffer I/O error on dev loop6, logical block 0, async page read
[  687.180776][T18792] Buffer I/O error on dev loop6, logical block 0, async page read
[  687.184549][T18794] Buffer I/O error on dev loop6, logical block 0, async page read
[  687.224706][T18793] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2401'.
[  687.307664][T18801] : entered promiscuous mode
[  687.407310][T18801] lo speed is unknown, defaulting to 1000
[  687.921711][T18812] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  687.925082][T18812] syzkaller0: entered promiscuous mode
[  687.927459][T18812] syzkaller0: entered allmulticast mode
[  687.959089][T18812] tipc: Resetting bearer <eth:syzkaller0>
[  687.966901][T18811] tipc: Resetting bearer <eth:syzkaller0>
[  687.976364][T18811] tipc: Disabling bearer <eth:syzkaller0>
[  688.093340][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  688.971450][T18847] FAULT_INJECTION: forcing a failure.
[  688.971450][T18847] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  688.976505][T18847] CPU: 0 UID: 0 PID: 18847 Comm: syz.1.2415 Not tainted syzkaller #0 PREEMPT(full) 
[  688.976550][T18847] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  688.976560][T18847] Call Trace:
[  688.976566][T18847]  <TASK>
[  688.976574][T18847]  dump_stack_lvl+0x16c/0x1f0
[  688.976607][T18847]  should_fail_ex+0x512/0x640
[  688.976639][T18847]  should_fail_alloc_page+0xe7/0x130
[  688.976666][T18847]  prepare_alloc_pages+0x3c2/0x610
[  688.976694][T18847]  ? rcu_is_watching+0x12/0xc0
[  688.976717][T18847]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  688.976739][T18847]  ? __lock_acquire+0xb97/0x1ce0
[  688.976768][T18847]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  688.976790][T18847]  ? do_raw_spin_lock+0x12c/0x2b0
[  688.976822][T18847]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  688.976846][T18847]  ? find_held_lock+0x2b/0x80
[  688.976872][T18847]  ? __lock_acquire+0xb97/0x1ce0
[  688.976896][T18847]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  688.976925][T18847]  ? policy_nodemask+0xea/0x4e0
[  688.976950][T18847]  alloc_pages_mpol+0x1fb/0x550
[  688.976976][T18847]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  688.977006][T18847]  folio_alloc_mpol_noprof+0x36/0x2f0
[  688.977036][T18847]  shmem_alloc_folio+0x135/0x160
[  688.977065][T18847]  shmem_alloc_and_add_folio+0x499/0xc20
[  688.977092][T18847]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  688.977117][T18847]  ? shmem_allowable_huge_orders+0xcb/0x2f0
[  688.977162][T18847]  shmem_get_folio_gfp+0x67f/0x1600
[  688.977192][T18847]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  688.977215][T18847]  ? filemap_map_pages+0xf58/0x1670
[  688.977241][T18847]  shmem_fault+0x1fe/0xa30
[  688.977263][T18847]  ? __pfx_shmem_fault+0x10/0x10
[  688.977288][T18847]  ? __pfx_filemap_map_pages+0x10/0x10
[  688.977315][T18847]  ? __pfx_filemap_map_pages+0x10/0x10
[  688.977335][T18847]  __do_fault+0x10a/0x490
[  688.977359][T18847]  ? __pfx_filemap_map_pages+0x10/0x10
[  688.977378][T18847]  do_pte_missing+0xf50/0x3ba0
[  688.977397][T18847]  ? find_held_lock+0x2b/0x80
[  688.977415][T18847]  ? __handle_mm_fault+0x14fd/0x2a50
[  688.977437][T18847]  __handle_mm_fault+0x152a/0x2a50
[  688.977463][T18847]  ? __pfx___handle_mm_fault+0x10/0x10
[  688.977484][T18847]  ? __pte_offset_map_lock+0x174/0x310
[  688.977509][T18847]  ? find_held_lock+0x2b/0x80
[  688.977534][T18847]  ? follow_page_pte.constprop.0+0x5cf/0x1390
[  688.977568][T18847]  handle_mm_fault+0x589/0xd10
[  688.977592][T18847]  __get_user_pages+0x551/0x34a0
[  688.977628][T18847]  ? __pfx___get_user_pages+0x10/0x10
[  688.977662][T18847]  populate_vma_page_range+0x267/0x3f0
[  688.977692][T18847]  ? __pfx_populate_vma_page_range+0x10/0x10
[  688.977718][T18847]  ? __pfx_find_vma_intersection+0x10/0x10
[  688.977743][T18847]  ? do_mmap+0x69c/0x1210
[  688.977772][T18847]  __mm_populate+0x1d8/0x380
[  688.977801][T18847]  ? __pfx___mm_populate+0x10/0x10
[  688.977836][T18847]  ? up_write+0x1b2/0x520
[  688.977863][T18847]  vm_mmap_pgoff+0x37f/0x470
[  688.977892][T18847]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  688.977915][T18847]  ? handle_mm_fault+0x2a0/0xd10
[  688.977942][T18847]  ? ksys_write+0x1ac/0x250
[  688.977967][T18847]  ksys_mmap_pgoff+0x7d/0x5c0
[  688.977991][T18847]  ? rcu_is_watching+0x12/0xc0
[  688.978009][T18847]  ? __ia32_sys_mmap_pgoff+0x11/0x1b0
[  688.978036][T18847]  __do_fast_syscall_32+0x7c/0x3a0
[  688.978066][T18847]  do_fast_syscall_32+0x32/0x80
[  688.978094][T18847]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  688.978115][T18847] RIP: 0023:0xf702e579
[  688.978129][T18847] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  688.978147][T18847] RSP: 002b:00000000f541e55c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0
[  688.978164][T18847] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000b36000
[  688.978175][T18847] RDX: 0000000006ebbeef RSI: 0000000000008031 RDI: 00000000ffffffff
[  688.978186][T18847] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  688.978195][T18847] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  688.978206][T18847] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  688.978230][T18847]  </TASK>
[  689.593377][T18864] netlink: 'syz.0.2417': attribute type 1 has an invalid length.
[  690.659883][T18912] binder: 18909:18912 ioctl 4018620d 0 returned -22
[  690.891835][T18918] binder: 18914:18918 ioctl 4018620d 0 returned -22
[  691.269924][ T5975] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  691.277002][ T5975] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  691.280669][ T5975] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  691.285078][ T5975] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  691.288320][ T5975] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  691.317178][T18922] lo speed is unknown, defaulting to 1000
[  691.449025][T18922] chnl_net:caif_netlink_parms(): no params data found
[  691.714573][T18922] bridge0: port 1(bridge_slave_0) entered blocking state
[  691.717367][T18922] bridge0: port 1(bridge_slave_0) entered disabled state
[  691.720819][T18922] bridge_slave_0: entered allmulticast mode
[  691.723777][T18922] bridge_slave_0: entered promiscuous mode
[  691.726861][T18922] bridge0: port 2(bridge_slave_1) entered blocking state
[  691.729136][T18922] bridge0: port 2(bridge_slave_1) entered disabled state
[  691.732256][T18922] bridge_slave_1: entered allmulticast mode
[  691.735176][T18922] bridge_slave_1: entered promiscuous mode
[  691.862538][T18922] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  691.901432][T18922] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  691.951084][T18944] netlink: 'syz.0.2431': attribute type 11 has an invalid length.
[  691.999704][T18922] team0: Port device team_slave_0 added
[  692.006626][T18922] team0: Port device team_slave_1 added
[  692.110699][T18922] batman_adv: batadv0: Adding interface: batadv_slave_0
[  692.113976][T18922] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  692.125923][T18922] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  692.131566][T18922] batman_adv: batadv0: Adding interface: batadv_slave_1
[  692.136501][T18922] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  692.147284][T18922] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  692.200985][T18922] hsr_slave_0: entered promiscuous mode
[  692.204941][T18922] hsr_slave_1: entered promiscuous mode
[  692.207039][T18922] debugfs: 'hsr0' already exists in 'hsr'
[  692.208821][T18922] Cannot create hsr debugfs directory
[  692.372187][T18922] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  692.377996][T18922] netdevsim netdevsim2 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  692.451965][T18922] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  692.455172][T18922] netdevsim netdevsim2 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  692.527882][T18922] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  692.530911][T18922] netdevsim netdevsim2 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  692.597741][T18922] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  692.600860][T18922] netdevsim netdevsim2 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  692.811069][T18922] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  692.819324][T18922] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  692.822754][T18978] FAULT_INJECTION: forcing a failure.
[  692.822754][T18978] name failslab, interval 1, probability 0, space 0, times 0
[  692.830167][T18922] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  692.834448][T18978] CPU: 2 UID: 0 PID: 18978 Comm: syz.0.2440 Not tainted syzkaller #0 PREEMPT(full) 
[  692.834463][T18978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  692.834471][T18978] Call Trace:
[  692.834475][T18978]  <TASK>
[  692.834479][T18978]  dump_stack_lvl+0x16c/0x1f0
[  692.834499][T18978]  should_fail_ex+0x512/0x640
[  692.834517][T18978]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  692.834532][T18978]  should_failslab+0xc2/0x120
[  692.834547][T18978]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  692.834559][T18978]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  692.834577][T18978]  ? getname_flags.part.0+0x4c/0x550
[  692.834596][T18978]  getname_flags.part.0+0x4c/0x550
[  692.834613][T18978]  getname_flags+0x93/0xf0
[  692.834625][T18978]  do_readlinkat+0xb4/0x3a0
[  692.834641][T18978]  ? __pfx_do_readlinkat+0x10/0x10
[  692.834654][T18978]  ? ksys_write+0x1ac/0x250
[  692.834667][T18978]  ? __pfx_ksys_write+0x10/0x10
[  692.834682][T18978]  __ia32_sys_readlink+0x76/0xc0
[  692.834692][T18978]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  692.834709][T18978]  __do_fast_syscall_32+0x7c/0x3a0
[  692.834727][T18978]  do_fast_syscall_32+0x32/0x80
[  692.834749][T18978]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  692.834763][T18978] RIP: 0023:0xf706e579
[  692.834771][T18978] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  692.834782][T18978] RSP: 002b:00000000f545e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000055
[  692.834793][T18978] RAX: ffffffffffffffda RBX: 0000000080000180 RCX: 0000000080000040
[  692.834800][T18978] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[  692.834806][T18978] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  692.834812][T18978] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  692.834818][T18978] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  692.834831][T18978]  </TASK>
[  692.838274][T18922] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  692.986324][T18922] 8021q: adding VLAN 0 to HW filter on device bond0
[  692.999968][T18922] 8021q: adding VLAN 0 to HW filter on device team0
[  693.018545][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state
[  693.021793][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state
[  693.032858][T14919] bridge0: port 2(bridge_slave_1) entered blocking state
[  693.036249][T14919] bridge0: port 2(bridge_slave_1) entered forwarding state
[  693.089234][T18922] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  693.094944][T18922] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  693.220009][T18922] 8021q: adding VLAN 0 to HW filter on device batadv0
[  693.270524][T18922] veth0_vlan: entered promiscuous mode
[  693.281757][T18922] veth1_vlan: entered promiscuous mode
[  693.315709][T18922] veth0_macvtap: entered promiscuous mode
[  693.321215][T18922] veth1_macvtap: entered promiscuous mode
[  693.342069][T18922] batman_adv: batadv0: Interface activated: batadv_slave_0
[  693.352531][T18922] batman_adv: batadv0: Interface activated: batadv_slave_1
[  693.362892][ T1143] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  693.371816][ T1143] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  693.381444][ T1143] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  693.384795][T18227] Bluetooth: hci1: command tx timeout
[  693.397046][ T1143] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  693.479741][ T8508] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  693.492984][ T8508] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  693.528580][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  693.531412][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  693.670322][T19021] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  693.673083][T19021] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  693.679061][T19021] vhci_hcd vhci_hcd.0: Device attached
[  693.807713][T19021] netdevsim netdevsim3: Direct firmware load for @ failed with error -2
[  693.811222][T19021] netdevsim netdevsim3: Falling back to sysfs fallback for: @
[  693.928405][T19027] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2449'.
[  693.943369][   T29] usb 44-1: SetAddress Request (2) to port 0
[  693.945683][   T29] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd
[  694.373836][T19022] vhci_hcd: connection reset by peer
[  694.377580][ T1143] vhci_hcd: stop threads
[  694.379002][ T1143] vhci_hcd: release socket
[  694.380638][ T1143] vhci_hcd: disconnect device
[  694.606644][T19037] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  694.622269][T19037] ubi: mtd0 is already attached to ubi31
[  694.982836][T19059] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2459'.
[  694.987043][T19059] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2459'.
[  695.011749][T19059] syz.3.2459 (19059): drop_caches: 2
[  695.024285][T19059] syz.3.2459 (19059): drop_caches: 2
[  695.226719][T19068] binder: 19061:19068 ioctl 4018620d 0 returned -22
[  695.453328][T18227] Bluetooth: hci1: command tx timeout
[  696.054800][T19099] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2468'.
[  696.058202][T19099] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2468'.
[  696.486285][T19119] trusted_key: syz.2.2472 sent an empty control message without MSG_MORE.
[  697.543263][T18227] Bluetooth: hci1: command tx timeout
[  697.702580][T19150] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  697.707230][T19150] syzkaller0: entered promiscuous mode
[  697.707708][ T5975] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  697.709309][T19150] syzkaller0: entered allmulticast mode
[  697.712912][ T5975] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  697.717659][ T5975] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  697.721089][ T5975] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  697.731471][ T5975] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  697.733336][T19150] tipc: Resetting bearer <eth:syzkaller0>
[  697.740038][T19149] tipc: Resetting bearer <eth:syzkaller0>
[  697.756460][T19149] tipc: Disabling bearer <eth:syzkaller0>
[  697.759628][T19153] syz.0.2479 (19153): drop_caches: 2
[  697.779041][T19151] lo speed is unknown, defaulting to 1000
[  697.896551][T19158] FAULT_INJECTION: forcing a failure.
[  697.896551][T19158] name failslab, interval 1, probability 0, space 0, times 0
[  697.902039][T19158] CPU: 3 UID: 0 PID: 19158 Comm: syz.3.2481 Not tainted syzkaller #0 PREEMPT(full) 
[  697.902055][T19158] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  697.902063][T19158] Call Trace:
[  697.902068][T19158]  <TASK>
[  697.902073][T19158]  dump_stack_lvl+0x16c/0x1f0
[  697.902093][T19158]  should_fail_ex+0x512/0x640
[  697.902111][T19158]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  697.902126][T19158]  should_failslab+0xc2/0x120
[  697.902141][T19158]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  697.902154][T19158]  ? __pfx___might_resched+0x10/0x10
[  697.902165][T19158]  ? alloc_vmap_area+0x645/0x29c0
[  697.902184][T19158]  alloc_vmap_area+0x645/0x29c0
[  697.902206][T19158]  ? __pfx_alloc_vmap_area+0x10/0x10
[  697.902225][T19158]  __get_vm_area_node+0x1ca/0x330
[  697.902259][T19158]  __vmalloc_node_range_noprof+0x271/0x14b0
[  697.902271][T19158]  ? n_tty_open+0x1a/0x170
[  697.902283][T19158]  ? look_up_lock_class+0x59/0x150
[  697.902302][T19158]  ? n_tty_open+0x1a/0x170
[  697.902317][T19158]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  697.902327][T19158]  ? look_up_lock_class+0x59/0x150
[  697.902345][T19158]  ? __pfx___ldsem_down_write_nested+0x10/0x10
[  697.902359][T19158]  ? n_tty_open+0x1a/0x170
[  697.902369][T19158]  __vmalloc_node_noprof+0xad/0xf0
[  697.902379][T19158]  ? n_tty_open+0x1a/0x170
[  697.902389][T19158]  ? __pfx_n_tty_open+0x10/0x10
[  697.902401][T19158]  n_tty_open+0x1a/0x170
[  697.902411][T19158]  ? __pfx_n_tty_open+0x10/0x10
[  697.902422][T19158]  tty_ldisc_open+0x9f/0x120
[  697.902436][T19158]  tty_ldisc_setup+0x40/0x100
[  697.902452][T19158]  tty_init_dev.part.0+0x1ec/0x500
[  697.902463][T19158]  tty_init_dev+0x60/0x80
[  697.902477][T19158]  ? __pfx_ptmx_open+0x10/0x10
[  697.902490][T19158]  ptmx_open+0x10d/0x360
[  697.902503][T19158]  ? __pfx_ptmx_open+0x10/0x10
[  697.902518][T19158]  chrdev_open+0x234/0x6a0
[  697.902538][T19158]  ? __pfx_apparmor_file_open+0x10/0x10
[  697.902555][T19158]  ? __pfx_chrdev_open+0x10/0x10
[  697.902576][T19158]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  697.902592][T19158]  do_dentry_open+0x982/0x1530
[  697.902606][T19158]  ? __pfx_chrdev_open+0x10/0x10
[  697.902623][T19158]  vfs_open+0x82/0x3f0
[  697.902641][T19158]  path_openat+0x1de4/0x2cb0
[  697.902659][T19158]  ? __pfx_path_openat+0x10/0x10
[  697.902673][T19158]  ? __lock_acquire+0xb97/0x1ce0
[  697.902689][T19158]  do_filp_open+0x20b/0x470
[  697.902702][T19158]  ? __pfx_do_filp_open+0x10/0x10
[  697.902726][T19158]  ? _raw_spin_unlock+0x28/0x50
[  697.902740][T19158]  ? alloc_fd+0x471/0x7d0
[  697.902756][T19158]  do_sys_openat2+0x11b/0x1d0
[  697.902772][T19158]  ? __pfx_do_sys_openat2+0x10/0x10
[  697.902790][T19158]  ? __fget_files+0x20e/0x3c0
[  697.902800][T19158]  ? handle_mm_fault+0x2a0/0xd10
[  697.902814][T19158]  __ia32_compat_sys_openat+0x16d/0x210
[  697.902825][T19158]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  697.902835][T19158]  ? ksys_write+0x1ac/0x250
[  697.902849][T19158]  ? rcu_is_watching+0x12/0xc0
[  697.902863][T19158]  __do_fast_syscall_32+0x7c/0x3a0
[  697.902881][T19158]  do_fast_syscall_32+0x32/0x80
[  697.902897][T19158]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  697.902912][T19158] RIP: 0023:0xf704e579
[  697.902921][T19158] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  697.902931][T19158] RSP: 002b:00000000f543e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  697.902942][T19158] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000000
[  697.902948][T19158] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  697.902954][T19158] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  697.902960][T19158] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  697.902966][T19158] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  697.902980][T19158]  </TASK>
[  697.903025][T19158] syz.3.2481: vmalloc error: size 9128, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  698.027575][T19158] CPU: 3 UID: 0 PID: 19158 Comm: syz.3.2481 Not tainted syzkaller #0 PREEMPT(full) 
[  698.027590][T19158] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  698.027597][T19158] Call Trace:
[  698.027601][T19158]  <TASK>
[  698.027606][T19158]  dump_stack_lvl+0x16c/0x1f0
[  698.027626][T19158]  warn_alloc+0x248/0x3a0
[  698.027641][T19158]  ? __pfx_warn_alloc+0x10/0x10
[  698.027656][T19158]  ? kfree+0x2b4/0x4d0
[  698.027669][T19158]  ? __get_vm_area_node+0x208/0x330
[  698.027700][T19158]  __vmalloc_node_range_noprof+0xb2d/0x14b0
[  698.027713][T19158]  ? look_up_lock_class+0x59/0x150
[  698.027733][T19158]  ? n_tty_open+0x1a/0x170
[  698.027750][T19158]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  698.027760][T19158]  ? look_up_lock_class+0x59/0x150
[  698.027778][T19158]  ? __pfx___ldsem_down_write_nested+0x10/0x10
[  698.027792][T19158]  ? n_tty_open+0x1a/0x170
[  698.027802][T19158]  __vmalloc_node_noprof+0xad/0xf0
[  698.027812][T19158]  ? n_tty_open+0x1a/0x170
[  698.027823][T19158]  ? __pfx_n_tty_open+0x10/0x10
[  698.027834][T19158]  n_tty_open+0x1a/0x170
[  698.027845][T19158]  ? __pfx_n_tty_open+0x10/0x10
[  698.027855][T19158]  tty_ldisc_open+0x9f/0x120
[  698.027870][T19158]  tty_ldisc_setup+0x40/0x100
[  698.027886][T19158]  tty_init_dev.part.0+0x1ec/0x500
[  698.027897][T19158]  tty_init_dev+0x60/0x80
[  698.027907][T19158]  ? __pfx_ptmx_open+0x10/0x10
[  698.027920][T19158]  ptmx_open+0x10d/0x360
[  698.027933][T19158]  ? __pfx_ptmx_open+0x10/0x10
[  698.027947][T19158]  chrdev_open+0x234/0x6a0
[  698.027961][T19158]  ? __pfx_apparmor_file_open+0x10/0x10
[  698.027974][T19158]  ? __pfx_chrdev_open+0x10/0x10
[  698.027988][T19158]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  698.028004][T19158]  do_dentry_open+0x982/0x1530
[  698.028018][T19158]  ? __pfx_chrdev_open+0x10/0x10
[  698.028035][T19158]  vfs_open+0x82/0x3f0
[  698.028053][T19158]  path_openat+0x1de4/0x2cb0
[  698.028071][T19158]  ? __pfx_path_openat+0x10/0x10
[  698.028084][T19158]  ? __lock_acquire+0xb97/0x1ce0
[  698.028101][T19158]  do_filp_open+0x20b/0x470
[  698.028121][T19158]  ? __pfx_do_filp_open+0x10/0x10
[  698.028154][T19158]  ? _raw_spin_unlock+0x28/0x50
[  698.028177][T19158]  ? alloc_fd+0x471/0x7d0
[  698.028202][T19158]  do_sys_openat2+0x11b/0x1d0
[  698.028228][T19158]  ? __pfx_do_sys_openat2+0x10/0x10
[  698.028258][T19158]  ? __fget_files+0x20e/0x3c0
[  698.028274][T19158]  ? handle_mm_fault+0x2a0/0xd10
[  698.028296][T19158]  __ia32_compat_sys_openat+0x16d/0x210
[  698.028312][T19158]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  698.028328][T19158]  ? ksys_write+0x1ac/0x250
[  698.028351][T19158]  ? rcu_is_watching+0x12/0xc0
[  698.028376][T19158]  __do_fast_syscall_32+0x7c/0x3a0
[  698.028405][T19158]  do_fast_syscall_32+0x32/0x80
[  698.028431][T19158]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  698.028452][T19158] RIP: 0023:0xf704e579
[  698.028469][T19158] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  698.028486][T19158] RSP: 002b:00000000f543e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  698.028502][T19158] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000000
[  698.028512][T19158] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  698.028522][T19158] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  698.028531][T19158] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  698.028542][T19158] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  698.028564][T19158]  </TASK>
[  698.028610][T19158] Mem-Info:
[  698.147578][T19158] active_anon:6988 inactive_anon:1824 isolated_anon:0
[  698.147578][T19158]  active_file:4065 inactive_file:12557 isolated_file:0
[  698.147578][T19158]  unevictable:1768 dirty:470 writeback:0
[  698.147578][T19158]  slab_reclaimable:6287 slab_unreclaimable:64624
[  698.147578][T19158]  mapped:24119 shmem:6192 pagetables:1257
[  698.147578][T19158]  sec_pagetables:331 bounce:0
[  698.147578][T19158]  kernel_misc_reclaimable:0
[  698.147578][T19158]  free:61860 free_pcp:10391 free_cma:0
[  698.166324][T19158] Node 0 active_anon:36kB inactive_anon:104kB active_file:160kB inactive_file:12kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:1804kB dirty:44kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8344kB pagetables:1456kB sec_pagetables:1152kB all_unreclaimable? yes Balloon:0kB
[  698.177663][T19158] Node 1 active_anon:22084kB inactive_anon:7192kB active_file:16100kB inactive_file:50216kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:94672kB dirty:1836kB writeback:0kB shmem:15372kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:4712kB pagetables:3572kB sec_pagetables:172kB all_unreclaimable? no Balloon:0kB
[  698.187668][T19158] Node 0 DMA free:2076kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:8kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:692kB local_pcp:124kB free_cma:0kB
[  698.190411][ T8515] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  698.196690][T19158] lowmem_reserve[]: 0 288 288 288 288
[  698.202215][T19158] Node 0 DMA32 free:19508kB boost:0kB min:13220kB low:16524kB high:19828kB reserved_highatomic:4096KB free_highatomic:3100KB active_anon:28kB inactive_anon:104kB active_file:160kB inactive_file:12kB unevictable:3536kB writepending:44kB present:1032196kB managed:295104kB mlocked:0kB bounce:0kB free_pcp:12976kB local_pcp:3416kB free_cma:0kB
[  698.212042][T19158] lowmem_reserve[]: 0 0 0 0 0
[  698.214383][T19158] Node 1 DMA32 free:236900kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:2048KB free_highatomic:2048KB active_anon:11584kB inactive_anon:7192kB active_file:16100kB inactive_file:50216kB unevictable:3536kB writepending:1836kB present:1048432kB managed:948220kB mlocked:0kB bounce:0kB free_pcp:33252kB local_pcp:4520kB free_cma:0kB
[  698.226971][T19158] lowmem_reserve[]: 0 0 0 0 0
[  698.229215][T19158] Node 0 DMA: 5*4kB (M) 13*8kB (UM) 10*16kB (UM) 8*32kB (UM) 2*64kB (UM) 1*128kB (M) 1*256kB (M) 0*512kB 1*1024kB (M) 0*2048kB 0*4096kB = 2076kB
[  698.234799][T19158] Node 0 DMA32: 217*4kB (UEH) 50*8kB (UMEH) 68*16kB (UMEH) 142*32kB (UMEH) 71*64kB (UMEH) 25*128kB (UMEH) 7*256kB (MEH) 2*512kB (MH) 2*1024kB (UM) 0*2048kB 0*4096kB = 19508kB
[  698.238511][T19151] chnl_net:caif_netlink_parms(): no params data found
[  698.242311][T19158] Node 1 DMA32: 979*4kB (UME) 550*8kB (UME) 412*16kB (UME) 319*32kB (UME) 182*64kB (UME) 96*128kB (UME) 148*256kB (UME) 119*512kB (UM) 59*1024kB (UM) 12*2048kB (UH) 1*4096kB (M) = 236956kB
[  698.252699][T19158] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  698.256154][T19158] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  698.258885][T19158] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  698.261642][T19158] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  698.264443][T19158] 19009 total pagecache pages
[  698.265885][T19158] 272 pages in swap cache
[  698.267228][T19158] Free swap  = 114720kB
[  698.268486][T19158] Total swap = 124996kB
[  698.269802][T19158] 524155 pages RAM
[  698.270958][T19158] 0 pages HighMem/MovableOnly
[  698.272373][T19158] 209484 pages reserved
[  698.273750][T19158] 0 pages cma reserved
[  698.275142][T19158] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  698.280135][ T8515] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  698.363356][ T8515] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  698.407358][T19151] bridge0: port 1(bridge_slave_0) entered blocking state
[  698.409406][T19151] bridge0: port 1(bridge_slave_0) entered disabled state
[  698.411487][T19151] bridge_slave_0: entered allmulticast mode
[  698.414347][T19151] bridge_slave_0: entered promiscuous mode
[  698.417861][T19151] bridge0: port 2(bridge_slave_1) entered blocking state
[  698.420392][T19151] bridge0: port 2(bridge_slave_1) entered disabled state
[  698.423570][T19151] bridge_slave_1: entered allmulticast mode
[  698.427745][T19151] bridge_slave_1: entered promiscuous mode
[  698.509452][T19174] : entered promiscuous mode
[  698.514009][ T8515] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  698.570503][T19151] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  698.575187][T19151] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  698.635206][T19151] team0: Port device team_slave_0 added
[  698.647577][T19180] lo speed is unknown, defaulting to 1000
[  698.686403][T19151] team0: Port device team_slave_1 added
[  698.761864][T19151] batman_adv: batadv0: Adding interface: batadv_slave_0
[  698.764998][T19151] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  698.777359][T19151] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  698.798867][T19151] batman_adv: batadv0: Adding interface: batadv_slave_1
[  698.801762][T19151] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  698.812686][T19151] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  698.960438][T19151] hsr_slave_0: entered promiscuous mode
[  698.962864][T19151] hsr_slave_1: entered promiscuous mode
[  698.965097][T19151] debugfs: 'hsr0' already exists in 'hsr'
[  698.966985][T19151] Cannot create hsr debugfs directory
[  698.973367][   T29] usb 44-1: device descriptor read/8, error -110
[  699.385980][   T29] usb usb44-port1: attempt power cycle
[  699.623351][ T5975] Bluetooth: hci1: command tx timeout
[  699.773712][ T5975] Bluetooth: hci2: command tx timeout
[  699.865807][ T8515] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  699.870211][ T8515] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  699.875541][ T8515] bond0 (unregistering): (slave macvlan0): Releasing backup interface
[  699.879427][ T8515] bond0 (unregistering): Released all slaves
[  699.964922][ T8515] tipc: Left network mode
[  700.066692][   T29] usb usb44-port1: unable to enumerate USB device
[  700.575626][ T8515] hsr_slave_0: left promiscuous mode
[  700.578280][ T8515] hsr_slave_1: left promiscuous mode
[  700.580260][ T8515] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  700.582572][ T8515] batman_adv: batadv0: Removing interface: batadv_slave_0
[  700.587263][ T8515] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  700.589606][ T8515] batman_adv: batadv0: Removing interface: batadv_slave_1
[  700.612364][ T8515] veth1_macvtap: left promiscuous mode
[  700.614256][ T8515] veth0_macvtap: left promiscuous mode
[  700.616026][ T8515] veth1_vlan: left promiscuous mode
[  700.617738][ T8515] veth0_vlan: left promiscuous mode
[  700.678155][T19223] netlink: 360 bytes leftover after parsing attributes in process `syz.3.2492'.
[  701.307080][ T8515] team0 (unregistering): Port device team_slave_1 removed
[  701.381059][ T8515] team0 (unregistering): Port device team_slave_0 removed
[  701.863325][ T5975] Bluetooth: hci2: command tx timeout
[  701.882014][T19226] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  701.883732][T19228] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  702.319804][T19151] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  702.330576][T19151] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  702.336539][T19151] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  702.343962][T19151] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  702.621559][T19151] 8021q: adding VLAN 0 to HW filter on device bond0
[  702.631120][T19151] 8021q: adding VLAN 0 to HW filter on device team0
[  702.645888][T14919] bridge0: port 1(bridge_slave_0) entered blocking state
[  702.648227][T14919] bridge0: port 1(bridge_slave_0) entered forwarding state
[  702.655517][T14919] bridge0: port 2(bridge_slave_1) entered blocking state
[  702.658547][T14919] bridge0: port 2(bridge_slave_1) entered forwarding state
[  702.800085][T19151] 8021q: adding VLAN 0 to HW filter on device batadv0
[  702.827392][T19151] veth0_vlan: entered promiscuous mode
[  702.833429][T19151] veth1_vlan: entered promiscuous mode
[  702.851956][T19151] veth0_macvtap: entered promiscuous mode
[  702.856780][T19151] veth1_macvtap: entered promiscuous mode
[  702.865635][T19151] batman_adv: batadv0: Interface activated: batadv_slave_0
[  702.875778][T19151] batman_adv: batadv0: Interface activated: batadv_slave_1
[  703.324038][T19297] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2502'.
[  703.340168][T19299] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2503'.
[  703.385991][T19300] input: syz1 as /devices/virtual/input/input8
[  703.444502][T19302] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2503'.
[  703.447300][T19302] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2503'.
[  703.649975][ T8517] bond0 (unregistering): (slave macvlan0): Releasing backup interface
[  703.669451][ T8517] bond0 (unregistering): Released all slaves
[  703.682228][T19297] batadv1: entered allmulticast mode
[  703.704791][T19302] geneve2: entered promiscuous mode
[  703.706499][T19302] geneve2: entered allmulticast mode
[  703.727223][   T46] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  703.741826][   T46] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  703.744693][   T46] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  703.761490][   T46] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  703.772965][ T8517] tipc: Left network mode
[  703.807837][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  703.811225][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  703.826084][ T8508] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  703.828570][ T8508] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  703.933320][ T5975] Bluetooth: hci2: command tx timeout
[  705.023356][ T8517] hsr_slave_0: left promiscuous mode
[  705.025652][ T8517] hsr_slave_1: left promiscuous mode
[  705.033337][ T1336] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  705.049772][ T8517] veth1_macvtap: left promiscuous mode
[  705.051492][ T8517] veth0_macvtap: left promiscuous mode
[  705.053598][ T8517] veth1_vlan: left promiscuous mode
[  705.055308][ T8517] veth0_vlan: left promiscuous mode
[  705.468540][ T1336] usb 7-1: Using ep0 maxpacket: 8
[  705.480353][ T1336] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  705.484738][ T1336] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  705.487545][ T1336] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  705.491798][ T1336] usb 7-1: config 0 descriptor??
[  705.708371][ T1336] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  705.990292][ T1336] usb 7-1: USB disconnect, device number 5
[  706.016643][ T5975] Bluetooth: hci2: command tx timeout
[  706.339800][   T34] lo speed is unknown, defaulting to 1000
[  706.345462][   T34] infiniband syz2: ib_query_port failed (-19)
[  706.352231][T19361] sp0: Synchronizing with TNC
[  706.688720][ T8517] IPVS: stop unused estimator thread 0...
[  706.716997][T19384] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2515'.
[  710.727911][T19505] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2536'.
[  710.955903][ T8517] Bluetooth: Error in BCSP hdr checksum
[  711.214539][ T8508] Bluetooth: Error in BCSP hdr checksum
[  711.871528][T19542] 9pnet_fd: Insufficient options for proto=fd
[  712.741215][T19574] 9pnet_fd: Insufficient options for proto=fd
[  712.743341][T18227] Bluetooth: hci3: command 0x1003 tx timeout
[  712.743357][ T5975] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  712.855119][T19574] netlink: 'syz.1.2545': attribute type 10 has an invalid length.
[  712.966493][T19574] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  713.303455][   T34] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  713.464257][   T34] usb 7-1: Using ep0 maxpacket: 8
[  713.468053][   T34] usb 7-1: config 0 has an invalid interface number: 246 but max is 0
[  713.471405][   T34] usb 7-1: config 0 has no interface number 0
[  713.475075][   T34] usb 7-1: config 0 interface 246 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  713.481411][   T34] usb 7-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3
[  713.485339][   T34] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  713.488561][   T34] usb 7-1: Product: syz
[  713.490531][   T34] usb 7-1: Manufacturer: syz
[  713.492107][   T34] usb 7-1: SerialNumber: syz
[  713.496946][   T34] usb 7-1: config 0 descriptor??
[  713.507035][T18227] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  713.511353][T18227] CPU: 2 UID: 0 PID: 18227 Comm: kworker/u33:0 Not tainted syzkaller #0 PREEMPT(full) 
[  713.511370][T18227] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  713.511379][T18227] Workqueue: hci2 hci_rx_work
[  713.511398][T18227] Call Trace:
[  713.511403][T18227]  <TASK>
[  713.511408][T18227]  dump_stack_lvl+0x16c/0x1f0
[  713.511428][T18227]  sysfs_warn_dup+0x7f/0xa0
[  713.511443][T18227]  sysfs_create_dir_ns+0x24b/0x2b0
[  713.511457][T18227]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  713.511470][T18227]  ? find_held_lock+0x2b/0x80
[  713.511485][T18227]  ? do_raw_spin_unlock+0x172/0x230
[  713.511503][T18227]  kobject_add_internal+0x2c4/0x9b0
[  713.511517][T18227]  kobject_add+0x16e/0x240
[  713.511528][T18227]  ? __pfx_kobject_add+0x10/0x10
[  713.511540][T18227]  ? do_raw_spin_unlock+0x172/0x230
[  713.511564][T18227]  ? kobject_put+0xab/0x5a0
[  713.511579][T18227]  device_add+0x288/0x1aa0
[  713.511596][T18227]  ? __pfx_dev_set_name+0x10/0x10
[  713.511611][T18227]  ? __pfx_device_add+0x10/0x10
[  713.511624][T18227]  ? mgmt_send_event_skb+0x2fb/0x460
[  713.511643][T18227]  hci_conn_add_sysfs+0x17e/0x230
[  713.511661][T18227]  le_conn_complete_evt+0x1075/0x1d70
[  713.511676][T18227]  ? preempt_count_sub+0x130/0x160
[  713.511690][T18227]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  713.511703][T18227]  ? hci_event_packet+0x459/0x11c0
[  713.511721][T18227]  hci_le_conn_complete_evt+0x23c/0x370
[  713.511738][T18227]  hci_le_meta_evt+0x357/0x5e0
[  713.511753][T18227]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  713.511769][T18227]  hci_event_packet+0x685/0x11c0
[  713.511782][T18227]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  713.511798][T18227]  ? __pfx_hci_event_packet+0x10/0x10
[  713.511814][T18227]  ? kcov_remote_start+0x3c9/0x6d0
[  713.511830][T18227]  ? lockdep_hardirqs_on+0x7c/0x110
[  713.511859][T18227]  hci_rx_work+0x2c5/0x16b0
[  713.511875][T18227]  ? rcu_is_watching+0x12/0xc0
[  713.511890][T18227]  process_one_work+0x9cf/0x1b70
[  713.511915][T18227]  ? __pfx_process_one_work+0x10/0x10
[  713.511937][T18227]  ? assign_work+0x1a0/0x250
[  713.511955][T18227]  worker_thread+0x6c8/0xf10
[  713.511970][T18227]  ? __kthread_parkme+0x19e/0x250
[  713.511986][T18227]  ? __pfx_worker_thread+0x10/0x10
[  713.511997][T18227]  kthread+0x3c5/0x780
[  713.512013][T18227]  ? __pfx_kthread+0x10/0x10
[  713.512030][T18227]  ? rcu_is_watching+0x12/0xc0
[  713.512041][T18227]  ? __pfx_kthread+0x10/0x10
[  713.512058][T18227]  ret_from_fork+0x5d7/0x6f0
[  713.512075][T18227]  ? __pfx_kthread+0x10/0x10
[  713.512091][T18227]  ret_from_fork_asm+0x1a/0x30
[  713.512112][T18227]  </TASK>
[  713.512125][T18227] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  713.600083][T18227] Bluetooth: hci2: failed to register connection device
[  713.626556][   T34] msi2500 7-1:0.246: Registered as swradio24
[  713.629005][   T34] msi2500 7-1:0.246: SDR API is still slightly experimental and functionality changes may follow
[  715.705009][ T6058] usb 7-1: USB disconnect, device number 6
[  716.100886][T19625] FAULT_INJECTION: forcing a failure.
[  716.100886][T19625] name failslab, interval 1, probability 0, space 0, times 0
[  716.105590][T19625] CPU: 3 UID: 0 PID: 19625 Comm: syz.2.2555 Not tainted syzkaller #0 PREEMPT(full) 
[  716.105624][T19625] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  716.105635][T19625] Call Trace:
[  716.105641][T19625]  <TASK>
[  716.105648][T19625]  dump_stack_lvl+0x16c/0x1f0
[  716.105682][T19625]  should_fail_ex+0x512/0x640
[  716.105710][T19625]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  716.105735][T19625]  should_failslab+0xc2/0x120
[  716.105761][T19625]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  716.105783][T19625]  ? copy_process+0x4b6/0x7690
[  716.105808][T19625]  copy_process+0x4b6/0x7690
[  716.105840][T19625]  ? __pfx_copy_process+0x10/0x10
[  716.105876][T19625]  kernel_clone+0xfc/0x930
[  716.105901][T19625]  ? __pfx_kernel_clone+0x10/0x10
[  716.105934][T19625]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  716.105965][T19625]  __do_compat_sys_ia32_clone+0xcb/0x110
[  716.105991][T19625]  ? __pfx___do_compat_sys_ia32_clone+0x10/0x10
[  716.106027][T19625]  ? ksys_write+0x1ac/0x250
[  716.106048][T19625]  ? __pfx_ksys_write+0x10/0x10
[  716.106070][T19625]  ? rcu_is_watching+0x12/0xc0
[  716.106093][T19625]  __do_fast_syscall_32+0x7c/0x3a0
[  716.106123][T19625]  do_fast_syscall_32+0x32/0x80
[  716.106150][T19625]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  716.106172][T19625] RIP: 0023:0xf706e579
[  716.106186][T19625] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  716.106202][T19625] RSP: 002b:00000000f541c50c EFLAGS: 00000246 ORIG_RAX: 0000000000000078
[  716.106219][T19625] RAX: ffffffffffffffda RBX: 0000000000140000 RCX: 0000000000000000
[  716.106230][T19625] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  716.106240][T19625] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  716.106250][T19625] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  716.106259][T19625] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  716.106283][T19625]  </TASK>
[  717.174071][T19645] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2557'.
[  717.178645][T19645] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2557'.
[  718.560341][T19684] FAULT_INJECTION: forcing a failure.
[  718.560341][T19684] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  718.564660][T19684] CPU: 2 UID: 0 PID: 19684 Comm: syz.3.2562 Not tainted syzkaller #0 PREEMPT(full) 
[  718.564675][T19684] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  718.564681][T19684] Call Trace:
[  718.564686][T19684]  <TASK>
[  718.564691][T19684]  dump_stack_lvl+0x16c/0x1f0
[  718.564712][T19684]  should_fail_ex+0x512/0x640
[  718.564732][T19684]  _copy_to_user+0x32/0xd0
[  718.564746][T19684]  simple_read_from_buffer+0xcb/0x170
[  718.564758][T19684]  proc_fail_nth_read+0x197/0x240
[  718.564772][T19684]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  718.564784][T19684]  ? rw_verify_area+0xcf/0x6c0
[  718.564795][T19684]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  718.564806][T19684]  vfs_read+0x1e4/0xcf0
[  718.564821][T19684]  ? __pfx_vfs_read+0x10/0x10
[  718.564832][T19684]  ? find_held_lock+0x2b/0x80
[  718.564847][T19684]  ? __fget_files+0x20e/0x3c0
[  718.564863][T19684]  ksys_read+0x12a/0x250
[  718.564901][T19684]  ? __pfx_ksys_read+0x10/0x10
[  718.564913][T19684]  ? fput+0x9b/0xd0
[  718.564927][T19684]  ? rcu_is_watching+0x12/0xc0
[  718.564940][T19684]  __do_fast_syscall_32+0x7c/0x3a0
[  718.564958][T19684]  do_fast_syscall_32+0x32/0x80
[  718.564988][T19684]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  718.565002][T19684] RIP: 0023:0xf704e579
[  718.565010][T19684] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  718.565021][T19684] RSP: 002b:00000000f543e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  718.565032][T19684] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f543e620
[  718.565038][T19684] RDX: 000000000000000f RSI: 00000000f73c4ff4 RDI: 0000000000000000
[  718.565044][T19684] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  718.565050][T19684] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  718.565056][T19684] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  718.565070][T19684]  </TASK>
[  718.696725][T19687] fuse: Unknown parameter ''
[  719.057871][T19699] netlink: 19 bytes leftover after parsing attributes in process `syz.0.2568'.
[  720.555668][T19711] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2572'.
[  721.277199][T19731] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2576'.
[  721.281241][T19731] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2576'.
[  721.649073][T19749] random: crng reseeded on system resumption
[  721.655204][T19749] FAULT_INJECTION: forcing a failure.
[  721.655204][T19749] name failslab, interval 1, probability 0, space 0, times 0
[  721.660289][T19749] CPU: 3 UID: 0 PID: 19749 Comm: syz.1.2581 Not tainted syzkaller #0 PREEMPT(full) 
[  721.660305][T19749] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  721.660312][T19749] Call Trace:
[  721.660317][T19749]  <TASK>
[  721.660321][T19749]  dump_stack_lvl+0x16c/0x1f0
[  721.660342][T19749]  should_fail_ex+0x512/0x640
[  721.660375][T19749]  should_failslab+0xc2/0x120
[  721.660391][T19749]  __kmalloc_cache_noprof+0x6a/0x3e0
[  721.660402][T19749]  ? do_raw_spin_lock+0x12c/0x2b0
[  721.660419][T19749]  ? find_held_lock+0x2b/0x80
[  721.660428][T19749]  ? async_schedule_node_domain+0x54/0x120
[  721.660443][T19749]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[  721.660460][T19749]  async_schedule_node_domain+0x54/0x120
[  721.660480][T19749]  dev_cache_fw_image+0x38e/0x490
[  721.660496][T19749]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  721.660513][T19749]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  721.660528][T19749]  dpm_for_each_dev+0x5d/0xb0
[  721.660542][T19749]  fw_pm_notify+0x81/0x150
[  721.660555][T19749]  notifier_call_chain+0xb9/0x410
[  721.660570][T19749]  ? __pfx_fw_pm_notify+0x10/0x10
[  721.660586][T19749]  blocking_notifier_call_chain_robust+0xc8/0x160
[  721.660602][T19749]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[  721.660622][T19749]  pm_notifier_call_chain_robust+0x27/0x60
[  721.660637][T19749]  snapshot_open+0x218/0x2b0
[  721.660650][T19749]  ? __pfx_snapshot_open+0x10/0x10
[  721.660664][T19749]  misc_open+0x35d/0x420
[  721.660678][T19749]  ? __pfx_misc_open+0x10/0x10
[  721.660690][T19749]  chrdev_open+0x234/0x6a0
[  721.660704][T19749]  ? __pfx_apparmor_file_open+0x10/0x10
[  721.660717][T19749]  ? __pfx_chrdev_open+0x10/0x10
[  721.660732][T19749]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  721.660748][T19749]  do_dentry_open+0x982/0x1530
[  721.660762][T19749]  ? __pfx_chrdev_open+0x10/0x10
[  721.660779][T19749]  vfs_open+0x82/0x3f0
[  721.660797][T19749]  path_openat+0x1de4/0x2cb0
[  721.660815][T19749]  ? __pfx_path_openat+0x10/0x10
[  721.660829][T19749]  ? __lock_acquire+0xb97/0x1ce0
[  721.660869][T19749]  do_filp_open+0x20b/0x470
[  721.660884][T19749]  ? __pfx_do_filp_open+0x10/0x10
[  721.660908][T19749]  ? _raw_spin_unlock+0x28/0x50
[  721.660922][T19749]  ? alloc_fd+0x471/0x7d0
[  721.660938][T19749]  do_sys_openat2+0x11b/0x1d0
[  721.660955][T19749]  ? __pfx_do_sys_openat2+0x10/0x10
[  721.660973][T19749]  ? __fget_files+0x20e/0x3c0
[  721.660983][T19749]  ? handle_mm_fault+0x2a0/0xd10
[  721.660997][T19749]  __ia32_compat_sys_openat+0x16d/0x210
[  721.661008][T19749]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  721.661018][T19749]  ? ksys_write+0x1ac/0x250
[  721.661033][T19749]  ? rcu_is_watching+0x12/0xc0
[  721.661046][T19749]  __do_fast_syscall_32+0x7c/0x3a0
[  721.661065][T19749]  do_fast_syscall_32+0x32/0x80
[  721.661082][T19749]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  721.661096][T19749] RIP: 0023:0xf70fe579
[  721.661105][T19749] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  721.661116][T19749] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  721.661126][T19749] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000100
[  721.661133][T19749] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  721.661139][T19749] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  721.661145][T19749] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  721.661151][T19749] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  721.661165][T19749]  </TASK>
[  721.803933][T19749] 
[  721.804766][T19749] ============================================
[  721.806856][T19749] WARNING: possible recursive locking detected
[  721.808812][T19749] syzkaller #0 Not tainted
[  721.810408][T19749] --------------------------------------------
[  721.813826][T19749] syz.1.2581/19749 is trying to acquire lock:
[  721.815823][T19749] ffffffff8f51d3e8 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x4e/0x640
[  721.818454][T19749] 
[  721.818454][T19749] but task is already holding lock:
[  721.820856][T19749] ffffffff8f51d3e8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150
[  721.823466][T19749] 
[  721.823466][T19749] other info that might help us debug this:
[  721.826146][T19749]  Possible unsafe locking scenario:
[  721.826146][T19749] 
[  721.828593][T19749]        CPU0
[  721.829714][T19749]        ----
[  721.830820][T19749]   lock(fw_lock);
[  721.832097][T19749]   lock(fw_lock);
[  721.833388][T19749] 
[  721.833388][T19749]  *** DEADLOCK ***
[  721.833388][T19749] 
[  721.836095][T19749]  May be due to missing lock nesting notation
[  721.836095][T19749] 
[  721.838914][T19749] 5 locks held by syz.1.2581/19749:
[  721.840618][T19749]  #0: ffffffff8f307968 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x420
[  721.843337][T19749]  #1: ffffffff8e484848 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0
[  721.846754][T19749]  #2: ffffffff8e4c4cb0 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0xa8/0x160
[  721.850550][T19749]  #3: ffffffff8f51d3e8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150
[  721.853382][T19749]  #4: ffffffff8f517de8 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x2d/0xb0
[  721.856328][T19749] 
[  721.856328][T19749] stack backtrace:
[  721.858267][T19749] CPU: 2 UID: 0 PID: 19749 Comm: syz.1.2581 Not tainted syzkaller #0 PREEMPT(full) 
[  721.858281][T19749] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  721.858288][T19749] Call Trace:
[  721.858292][T19749]  <TASK>
[  721.858299][T19749]  dump_stack_lvl+0x116/0x1f0
[  721.858317][T19749]  print_deadlock_bug+0x1e9/0x240
[  721.858331][T19749]  __lock_acquire+0x1133/0x1ce0
[  721.858346][T19749]  ? kasan_save_track+0x14/0x30
[  721.858360][T19749]  lock_acquire+0x179/0x350
[  721.858373][T19749]  ? assign_fw+0x4e/0x640
[  721.858387][T19749]  ? __pfx___might_resched+0x10/0x10
[  721.858398][T19749]  ? path_openat+0x1de4/0x2cb0
[  721.858410][T19749]  ? do_filp_open+0x20b/0x470
[  721.858421][T19749]  ? do_sys_openat2+0x11b/0x1d0
[  721.858439][T19749]  ? assign_fw+0x4e/0x640
[  721.858451][T19749]  __mutex_lock+0x193/0x1060
[  721.858468][T19749]  ? assign_fw+0x4e/0x640
[  721.858482][T19749]  ? __pfx___mutex_lock+0x10/0x10
[  721.858508][T19749]  ? kasan_quarantine_put+0x10a/0x240
[  721.858528][T19749]  ? lockdep_hardirqs_on+0x7c/0x110
[  721.858553][T19749]  ? assign_fw+0x4e/0x640
[  721.858575][T19749]  assign_fw+0x4e/0x640
[  721.858596][T19749]  ? _request_firmware+0x957/0x1470
[  721.858620][T19749]  _request_firmware+0x988/0x1470
[  721.858646][T19749]  ? __pfx__request_firmware+0x10/0x10
[  721.858664][T19749]  ? dump_stack_lvl+0x197/0x1f0
[  721.858680][T19749]  ? dump_stack_lvl+0x1a3/0x1f0
[  721.858695][T19749]  __async_dev_cache_fw_image+0xb1/0x340
[  721.858710][T19749]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[  721.858726][T19749]  ? mark_held_locks+0x49/0x80
[  721.858738][T19749]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  721.858754][T19749]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[  721.858769][T19749]  async_schedule_node_domain+0xd4/0x120
[  721.858783][T19749]  dev_cache_fw_image+0x38e/0x490
[  721.858797][T19749]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  721.858811][T19749]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  721.858825][T19749]  dpm_for_each_dev+0x5d/0xb0
[  721.858837][T19749]  fw_pm_notify+0x81/0x150
[  721.858849][T19749]  notifier_call_chain+0xb9/0x410
[  721.858862][T19749]  ? __pfx_fw_pm_notify+0x10/0x10
[  721.858876][T19749]  blocking_notifier_call_chain_robust+0xc8/0x160
[  721.858891][T19749]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[  721.858907][T19749]  pm_notifier_call_chain_robust+0x27/0x60
[  721.858922][T19749]  snapshot_open+0x218/0x2b0
[  721.858934][T19749]  ? __pfx_snapshot_open+0x10/0x10
[  721.858946][T19749]  misc_open+0x35d/0x420
[  721.858960][T19749]  ? __pfx_misc_open+0x10/0x10
[  721.858972][T19749]  chrdev_open+0x234/0x6a0
[  721.858985][T19749]  ? __pfx_apparmor_file_open+0x10/0x10
[  721.858997][T19749]  ? __pfx_chrdev_open+0x10/0x10
[  721.859011][T19749]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  721.859024][T19749]  do_dentry_open+0x982/0x1530
[  721.859036][T19749]  ? __pfx_chrdev_open+0x10/0x10
[  721.859050][T19749]  vfs_open+0x82/0x3f0
[  721.859066][T19749]  path_openat+0x1de4/0x2cb0
[  721.859080][T19749]  ? __pfx_path_openat+0x10/0x10
[  721.859092][T19749]  ? __lock_acquire+0xb97/0x1ce0
[  721.859105][T19749]  do_filp_open+0x20b/0x470
[  721.859117][T19749]  ? __pfx_do_filp_open+0x10/0x10
[  721.859133][T19749]  ? _raw_spin_unlock+0x28/0x50
[  721.859145][T19749]  ? alloc_fd+0x471/0x7d0
[  721.859157][T19749]  do_sys_openat2+0x11b/0x1d0
[  721.859173][T19749]  ? __pfx_do_sys_openat2+0x10/0x10
[  721.859189][T19749]  ? __fget_files+0x20e/0x3c0
[  721.859199][T19749]  ? handle_mm_fault+0x2a0/0xd10
[  721.859211][T19749]  __ia32_compat_sys_openat+0x16d/0x210
[  721.859221][T19749]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  721.859231][T19749]  ? ksys_write+0x1ac/0x250
[  721.859243][T19749]  ? rcu_is_watching+0x12/0xc0
[  721.859255][T19749]  __do_fast_syscall_32+0x7c/0x3a0
[  721.859272][T19749]  do_fast_syscall_32+0x32/0x80
[  721.859287][T19749]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  721.859305][T19749] RIP: 0023:0xf70fe579
[  721.859314][T19749] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  721.859325][T19749] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  721.859335][T19749] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000100
[  721.859341][T19749] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  721.859347][T19749] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  721.859353][T19749] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  721.859359][T19749] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  721.859368][T19749]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)

VM DIAGNOSIS:
05:53:59  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000010001 RBX=ffffc900036a7b20 RCX=ffffffff81aefa41 RDX=ffffffff8e2977c0
RSI=ffffffff81aefed8 RDI=ffffc900036a7b60 RBP=ffffffff851546c0 RSP=ffffc90000007f90
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=ffffc90000007ff8
R12=0000000000000000 R13=dffffc0000000000 R14=0000000000000000 R15=ffffc900036a7b28
RIP=ffffffff851546c0 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880974bd000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080106018 CR3=000000006dfa9000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000390 RBX=ffff88802b23a440 RCX=000000a80f4e6224 RDX=ffff88802b23b100
RSI=1ffff11005647620 RDI=0000000000000000 RBP=0000000000000000 RSP=ffffc9000046fb88
R8 =ffff88802b23af48 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=000000a80f4e2400 R13=000000a80f4e2790 R14=ffff88802b23af80 R15=0000000000000000
RIP=ffffffff8191b894 RFL=00000047 [---Z-PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880975bd000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080028000 CR3=000000006dfa9000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85619cf5 RDI=ffffffff9b0ff700 RBP=ffffffff9b0ff6c0 RSP=ffffc90003a46ce8
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=000000000000002d R14=ffffffff9b0ff6c0 R15=ffffffff85619c90
RIP=ffffffff85619d1f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880976bd000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080202018 CR3=0000000068edd000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000a0f894 RBX=0000000000000003 RCX=ffffffff8b913bf9 RDX=ffffed10056a6656
RSI=ffffffff8c163100 RDI=ffffffff8190ca91 RBP=ffffed1003865000 RSP=ffffc9000048fdf8
R8 =0000000000000000 R9 =ffffed10056a6655 R10=ffff88802b5332ab R11=0000000000000001
R12=0000000000000003 R13=ffff88801c328000 R14=ffffffff90aba190 R15=0000000000000000
RIP=ffffffff8b91275f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977bd000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080118018 CR3=000000006f2ba000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000