last executing test programs:

8.091360861s ago: executing program 0 (id=278):
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="040efbff2820"], 0x7)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x20000000000000)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000180)=@arm64={0x4, 0xfc, 0x2, '\x00', 0x2})

7.920973298s ago: executing program 0 (id=279):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.idle_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
r1 = socket(0x1e, 0x1, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x8a, 0x0, 0x0)

7.792114533s ago: executing program 0 (id=280):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f00000006c0)='wg0\x00', 0x4)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
syz_emit_ethernet(0x36, &(0x7f00000005c0)={@local, @random="6a2ddcf6177a", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x1100, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5}}}}}}, 0x0)

6.92207834s ago: executing program 0 (id=286):
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x200004)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000000300)=""/102400, 0x19000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/oops_count', 0x300, 0x135)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$RTC_WKALM_SET(r1, 0x40187014, &(0x7f0000000080)={0x1, 0x0, {0x40000, 0x39, 0x0, 0xb, 0x0, 0x0, 0x2, 0x8000000, 0x1}})
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
shutdown(r3, 0x0)
dup3(r3, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
setsockopt$CAN_RAW_JOIN_FILTERS(0xffffffffffffffff, 0x65, 0x6, &(0x7f0000000240), 0x4)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
syz_open_dev$MSR(&(0x7f0000000140), 0xfffffeff, 0x0)
r5 = openat$cgroup_devices(r4, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="63202a3a2a2072770200"], 0xa)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RELDISP(r6, 0x5605)
syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2)
socket$nl_sock_diag(0x10, 0x3, 0x4)
syz_emit_ethernet(0x52, &(0x7f00000195c0)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaaaa86dd608a37f2001c2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa06000003", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780040054fa4eb2ec45302e3272aa34809b61b5451dc23502088fe2217575fbf442c4c6da33adfa4ca543ef106b2c123e8c963c35767a9698861cbeb53105305cb682fe0c5434fe0199a0aa38dbda3235a53f0f187629a31bc37e8def4c5827c6d3e71d61b63adebe5a1a9c093482f56acb49eb5df9c5a4043e3aaa52c8cdfba28da26dfc563d22173e8efe5f935ae34ec6386d0c82d17d4e9"], 0x0)
socket$inet(0x2, 0x0, 0x2)
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000019400)=ANY=[@ANYBLOB="7424ea8ad4ac8b972fcf2b0342f8f0729e4e80279df6e134981e3500ebe13e931103bd518cad5a9f7f843a6d2140273cf342214b0fdbb5a8628e180f5fa705ed42bc72c4edaee74a16b03674057b26adc0387c2ce5e91b435c91bd", @ANYRESDEC, @ANYRES32], 0x10)
ioctl$USBDEVFS_RELEASEINTERFACE(r2, 0x80045510, &(0x7f0000000000)=0x2fe)
writev(r6, &(0x7f0000019580)=[{&(0x7f0000019380)="9733824102000000", 0x8}, {&(0x7f00000198c0)="fd65e69af21386501e98f8f9d59e2c7fde1d2c3e785626c8496e055499693730a6684f5157ec72c3b8c8d3abeb3851ea6f44cd4a43bcc461756a7c75315be80f6ef2b89ecdd7b1694153768995631f2f906aba1036d9a9c481653fd36793f0e1b888610affa300c26ebc4b8249627aa8801822045bf803405aaf0d568e4dfa7390f593", 0x83}, {&(0x7f0000019480)="8452ec2756d2819952619a387bda8d92a946ec5191e91c0085518298b92a743fe2e19ab9b3004365ddc89cd55bc8e3759352caf627c2a0b428af8e7027ac8af1ef9eeb3b1c2b953576e496de968c37448a467223bfb2e00e874827f9b00e845cd7968db57193113dd71582245374dc2786ac39514cb1e9010190aa5d96b95bac7ff9fa71e3409274e6435d6a74d05515bad246a80cc19bc893f7d3e0d201d583dba3f7a50a71155cc01607d02b367167ec02ba903b2df2e788c4ad435233ed7e0bf98089703147358442f786357631158c87831308c010586dc49b60b2d097238ef9aa631d5be5f28967ecc25989f981fe5cdf41f039c5331308f62e", 0xfc}, {&(0x7f0000019700)="b48ae69ac92f2483911f96a71e49c6c88d97b805519939e415495398ad10195ccb9b6e44585d1d679b4566aa2ba169fd0518d98f0560ff4b25416bfc63aae71ad6fc6d9de92e48d546ead366506779d98b6b3c40e2c5c5a91bb4291829c200cdb1074c00433782c45c1ca8a61098ff421eeae2159317931490c4fb393f08c95aa0ebea16b26b3c331149d36847967bfbc2e3080bfe7763e145122313ef870fd6fe2f9d0345dabe53be46f3068f1cd3842cc5b0577dfdee0b36a10cfec88796da88aa610000", 0xc5}, {&(0x7f00000193c0)="c343e4a91b1b99ef9dba7df828dd56e2281eb9cbb0a37529d0e31748fe97578f9031d9ed7497b4c45acb21004de0a616edd662b881a700000000b866ab1f7b0c", 0x40}], 0x5)

4.533454352s ago: executing program 2 (id=292):
syz_emit_ethernet(0x46, &(0x7f00000003c0)={@local, @random="bcf99e33aaa3", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x10, 0x3a, 0x0, @remote, @mcast2, {[], @ndisc_ra}}}}}, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x70, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x526}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x0, 0xe4}}]}, {0x4}, {0xc}, {0xc, 0x4}}}]}]}, 0x70}}, 0x0)
socket(0x10, 0x80002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$kcm(0x29, 0x2, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffc)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
setsockopt$ax25_int(r4, 0x101, 0x3, 0x0, 0x0)
setsockopt(r4, 0x5, 0xe9, &(0x7f0000000340)="2bd68d737f2bcd812e3742e3c6a38f218ada4775902d15b986c277063ebb51999451fde83165d33d76ff4e78e52dbaa06973d87d6f30c4eeb620ded846b951f5982b5bac07bec6fca8594b864b8380e448f7ee876d7c57775c246b2ab1913947ce1e0c3047ba614d579c8c3c9e90b4510a6478de05cb4bce5f4dc1b0a7230858564e83906e99763788535085a95d3015e6c456a1316eac2a0906a9837a8b2f10a795a18d8340aa16df6c4c272a76ee1d908806bdc5b65b8a32b63e92436ba2761ac9538eb570e2389d6e4d2ffba9386dc20beedbd3d7ddd40f78dea30d", 0xdd)
openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r5, &(0x7f00000003c0)=ANY=[@ANYBLOB="034886dd08012800"], 0xfdef)

3.861926726s ago: executing program 2 (id=294):
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x702, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x4c)
write$FUSE_ATTR(0xffffffffffffffff, 0x0, 0x0)
io_setup(0x0, 0x0)
msgctl$IPC_INFO(0xffffffffffffffff, 0x3, 0x0)
r2 = socket(0x200000100000011, 0x803, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r3=>0x0})
bind$packet(r2, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @local}, 0x14)
write$binfmt_aout(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="90030ee7ff072d2203000e2108060001080006040002c6b572da3e9647000000ae515669487147"], 0x120)
r4 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53048c4)
close(r4)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000080000000000000064ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={r5, 0xe0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001440)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfffffffffffffcac, 0x0}}, 0x10)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet6(r6, &(0x7f0000000080)={&(0x7f0000000040)={0xa, 0x0, 0x1000000, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c, 0x0}, 0x0)
execve(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
gettid()
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8931, &(0x7f0000000040)={'team0\x00', 0x0})
syz_emit_ethernet(0x3e, &(0x7f0000000500)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b88ef", 0x8, 0x3a, 0x0, @private1, @local, {[], @echo_reply}}}}}, 0x0)

3.641150808s ago: executing program 2 (id=299):
pipe(&(0x7f00000045c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet(0x2, 0x3, 0x7f)
bind$inet(r2, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10)
splice(r0, 0x0, r1, 0x0, 0x7ffc, 0x8)
write$P9_RSETATTR(r1, &(0x7f0000000240)={0x7, 0x1b, 0x1}, 0x7)

3.55004843s ago: executing program 2 (id=300):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.idle_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
r1 = socket(0x1e, 0x1, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x8a, &(0x7f00000000c0)={0x42, 0x2, 0x2}, 0x10)

3.547696981s ago: executing program 2 (id=301):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES64], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0)
ioctl$HIDIOCGSTRING(r1, 0x81044804, &(0x7f0000000300)={0x1, "c2"})
syz_usb_control_io(r0, &(0x7f0000000700)={0x2c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0003020000327a000010"], 0x0, 0x0, 0x0}, 0x0)

3.271338009s ago: executing program 0 (id=305):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x1, 0x10f, &(0x7f0000000600)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfd, 0x2, 0x1, 0x0, 0x20, 0x8, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x7, 0x24, 0x6, 0x0, 0x1, "10bd"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x9d, 0x0, 0x200, 0x9}, {0x6, 0x24, 0x1a, 0x77d3}, [@mdlm_detail={0x70, 0x24, 0x13, 0x81, "5193ffb69ce27f6997bd3123391a2ac909ac9f33faee4ed4528a94044fb649ee6669c07661e3351059885a32420127e66639d5ce061d56987911d64d7914d9b73a01afd74982b0c5f99bf082a2c9b9df43edb834539809b6e8954cda12b7abbd113410f1f8e2039a6cc3d749"}, @mbim={0xc, 0x24, 0x1b, 0xffff, 0x4, 0x18, 0xcc, 0x0, 0x3}, @obex={0x5, 0x24, 0x15, 0x1}, @country_functional={0x12, 0x24, 0x7, 0x0, 0x3, [0x1, 0x7, 0xff00, 0x6b06, 0x1, 0x6]}, @country_functional={0xc, 0x24, 0x7, 0x20, 0x0, [0x33a, 0xd, 0x4000]}]}, {{0x9, 0x5, 0x81, 0x3, 0x200, 0xff, 0x4, 0xe4}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0xc, 0x80, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x0, 0x3c, 0xd8}}}}}}}]}}, &(0x7f0000000440)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x300, 0x3, 0x7, 0xfa, 0x8, 0xe7}, 0x48, &(0x7f00000000c0)={0x5, 0xf, 0x48, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0x6, 0xc, 0xa, 0xffff}, @wireless={0xb, 0x10, 0x1, 0xc, 0x0, 0x1, 0x6, 0xce, 0x3}, @generic={0x31, 0x10, 0x0, "3a2bb6b1ae790105a722a576db812362e1372550db1a693c8fb0526f2730230a1ecc50518cc1d40ad8464609e9b8"}]}, 0x5, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x1407}}, {0x1d, &(0x7f0000000240)=@string={0x1d, 0x3, "05c57a25d0c390064a8d2dea5af7e3ea2092542b77bf0db74b1934"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0xf4ff}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x2c0a}}, {0x77, &(0x7f00000003c0)=@string={0x77, 0x3, "2f3bf47a54ef627bce12874522f13f663a0f81238d9ebcb758e167bb46a071d76b84b3504052bff7076562012ec629432d41c0a03a61e5eed7d63ef282c6e1dc83a78df7b2305d6d9f722a7ba97cc9b1aacdf19c49520b5dcd5f05f96c0e2ab0de318997e97fe9a5e52038f9327f8ade16e886dd12"}}]})
syz_clone3(&(0x7f0000000300)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r1}}, 0x58)

2.881560266s ago: executing program 1 (id=306):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffc000/0x1000)=nil)
setsockopt$inet6_tcp_int(r1, 0x6, 0x8, &(0x7f0000000000)=0xfffffffe, 0x4)
getsockopt$inet6_tcp_buf(r1, 0x6, 0x8, 0x0, &(0x7f0000001040))
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)

2.671719625s ago: executing program 1 (id=307):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x480840)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xf, 0x11012, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async, rerun: 32)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0) (rerun: 32)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x12, r3, 0x0) (async)
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(r4, 0xc040aed5, &(0x7f0000000080)={0x10000, 0x8000})

2.5985465s ago: executing program 1 (id=308):
io_uring_setup(0x377b, &(0x7f0000005840))
r0 = socket$kcm(0x2, 0x5, 0x84)
syz_emit_ethernet(0x46, &(0x7f0000000240)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x4, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @empty, @broadcast}, '\x00\x00\x00\b \x00\x00\x00'}}}}}, 0x0)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_X2APIC_API(r2, 0x4068aea3, &(0x7f0000000000)={0x81, 0x0, 0x7})
r3 = getpid()
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r4}, 0x10)
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000800)="d83e946000ffffff7f0000000000000000ee55abb5a3c573b3c99f631ee36e18aaae6104365107ea741a2d8f8251f0f0a0551f5c6b9b5dff27bf8c03948da7ff8f8f867fc26069f6e3c4ed5ccfbe66e594256605e5254d211f367f99691c94e9df47a48760793aa93d0ccb02a98f6e8d0541ef07fce587107f0b36203b065d55c8bc650164d2c6c1d6d67e694b81527bc9798cd6da78b9956760d88ad0a7de145710c96b74acba939df3a60df1ab73cb02fc2b591d79259128e456dbf54171df14104dbbdbf5f0a964a7b970d93afdf906a355e01201ca82f8e9a7ad4178af6a0e60dbafcb048ddcdc21d698e909b07006b640f51354c97ee0feb113775c000000000024289992fe87451b221064bbe9569b15ecb08dba70e9a76f037edec181b1630005cf4a351277b2f8c1219a57da6f7730d49f6d616727b49b38641818ff6b5487812dc11432edda79c551da9528234cd7325d1f5d66c35be0d04907f59a96bcf8de1abf27c00925df92a4977313498b4d7bf1ad5ff1dd47e430b35632eecc58f819b31b85db6143e76fb02fef73d933f8b70f7f2befec7fa7eafd26e0bbf10e926e428d3e06c402f9de96a4", 0x11}, {&(0x7f0000000700)="9d61664a18b76bfbe532a057f7d5602ef13fc5efc86c762e4970dcf2c30f930696d390b1b08dc1ec660a363ef595ecff514220efc7542abc07284c7436ece547d8ec678a878a11b4ef085831a6311177063ffe4eeff8bb876670a8368a3b7b9288259463d9079cae066e987ba606264acdca9242a5e8e62ed3582abe0dde672c473e608e6488e60da0704627e8698ba08e478c4d2087b481cb254ac57d8faae7b037615ec0a9cf2f2c26ecc3cd801ec87f0b8902ac3e93ccb893ec399eab705be3", 0xc1}, {&(0x7f0000001100)="83b2ddbe1a9a0cf4f1d37744fcc91359a477ab7039125a89a9880f07769055642f6109acc875889ae77c846f7016c68d0859de52dbaf8e7e80bf0ab82545b9e9d169ad0b9acdc9f679b3e479dd83722c1c45aaba2d91cfe250ef0274c224af33bf0b3c98e5f1384ab4ac6606a2777a9f0a05cf546f9e1393f72d2583e10cafdcdb7233e8c68fa1ea6a4eceb1ee9cb627c2c132a847c3d3d22fb5c5e687825d8174f5a52ba469bfba35d7616ab7cc4aa78f89be697462048fb8b5b6d98ad9e313aac518491b8c2533212a886305e0096dc3626cd2ea1bb479303cf4ffeb666536891c49327ed5f6b2b0efbad4c916abc94e784e14514817e34911782a056ba7a75f94241a71a39e82362e906ecb3d48b80fbffd96af40c82728aefcf8467fa37dddb446afffd7c45d4579a723e3028f74f8f9dd071144130303340af2c06bb27c7e1e41aa9bb5bd90b04677f636588a196c0fd9626319b924008cb8ada006605092ca6837e4e0868af7f725d9679b0a6d7ee5fc7e7b826f42ec6c740207cb0da8d8f4191f53aeafebd2299d646bf2ab5026a19376c9592301b8010f6c1354e6cfde2ebd17dae81bcaa88fe3b7254d7225edea23ef9b805c82c9c9def83d487efb3551762474aaa0f925a5b4081babc9aa67d5821f7268005b200771614f6d6b91f7d5165bdb434d5baa42b4fb3eeab4542f44a4b0a3260c80ed2c8242fa5d7985d0ea265583eac3bdea6f5b45f498ae4d8f45c3f8739c61ac609e5ad7ad2ccbac41f6cd9d07f568b091b44e8a3fd3cdc305913611d5499d41ecf061585b4560501dc828092efd07e08321fc8afe4a6d5ebb11eaf93e88ee5c3b21a15a9389dd0dcc4acef4fd6f0eabf878d1b577b35f05c73e3aa24a3f6a301206ff9b69bc003ace8792c4f4031d56bf70dbe519ce581501b746f4cee12d30abdde1c2aa24db7db9d4ad2e44934f9db59d7aedef8680031488e8eaa9aacb6bbaaa04a6dcd58032312a8209e1d4cb102e30cf8170b8e7890104a6e6c3873e97274a299514cb87a51d9bbe48af14526baaefb85ffd05942d522a7d5e1faf167c1070293b7e9b6b294ad570481a62e141574f963a0f4505090e8f549ab787797b72a149e61fd8ab5912a88fdf8598cf83d6e80160b8b6998e0fadc9b8b9bb6f99ed86b439f0a50a56e04ec4b4e7cbfb4d31a6c42a6e060eafc86cdd795145e151f1fc4c02f5a5f1cdf3e02c5c9ddc0a258acc8f6d97dc42eccdc9e17d34c5973759f47018351b313db90eee39790e9cb0aaba2ae39df931f834ab8fa3090706218bca639c50cb4ad7344261e2a98c71dd7722d3171b343e488d93361147feb850296d4b1af34fd613cd7dc0cdcb3034c263df836b41e642fe182da9fe8c5016b87da332d64d7e60c07d1a23fa94737310c1c4af9488c01bae47b11288a2d2150b6cba5bccb3e4d5735b104158473b79be0cf4284e89f0c159136dc50bc976e4ab0a3648d3828e403a5b85b4c94557809f2126a96491e982132e94c8024786f4f08a484950cd234790632509a5fc06161adba181f223a5f9399a84ff67dbf34be979b4e9bf88e88bdf99efc260631502cbc04d42419aa4f38113b7d99ff8ff896ac3e5a43d99638884e39b67e8739d7628eca87eb0eb02df36cfef20c383175088a00b128628fe4a4fc15cb4bda110e88a43875461e6be2a06e91f3ca06a98e8adff187d67a1f8410a925b88348156aab0c8fa23c3ce52549e51081f0a0c366047c9637bed2841211086aaf29d01a9a7d62858884ba4a5946178c40ff2dbc1a31eeda28759b8633ed582f4df561bf16fcba9e6a74a5334e7e9fb44fbeb0213a73469119a04240a23f2849676a6e0958713dcdab8b88b6a17413f026b775183efa8ea4abcbe2f198ea0aeeddc77169af19edf43a7475661519abae18429541283278a04ddff8e8fcf440f0bcd19c9bd35a3380feef9048ef29a6eee8a7ae7dd91756d0934611946fd052aa2965e37c8825f53c5455cf333f29732ac5420a3e23663aea0e26f55f558bf8593a3078e7f64822f6536818c36ad13bb9fd606028261d9878f8a4a07d88b1de7157bd97c74be737a8f861543e4e50fd473d9bcf9188d04a4391358deff900ead3f429919a8e60b01f44618e7593a55bc154efba408ca33a08cf4d917ef7cc8a3daa6b97e4d9f1a41c1b9a28df7accb69b9052755d3429939f5019a9a2947b566bc12c71b37d60a13ec7ddbeb66093b202d9402f7f64d04b60eb00536ec2b955c63fcffeac494b06c99df457e4bc7d551c0757e4a2ca65d583a0f5b2b2bd4adabfc39cc64ced18f1bb25367f050e9e3b2d5179790ae6840d980e3708744c94d1f22b7d0d2687db29b176ec64b9c592c9af2a4dee42cb80da79d1513803bc456bd3b515027bafc1205309306154f2ff34484fa7ffbda68de361924bf69181647027eff391b044e2227c9d124eefb5a9ed4c0b473d905df82581ecc2078cc68c8ab3c5c4c5a6f4179ac23eafe5bbe355ffdcd03c5b06a318616147a6e1631a8fcb271d3ef0b8c930dbaf4eddb9741f565e7e07a105266fb9e33be285b9acf023f27f1ed867dff830a945cb8cfedefc899bd86c71efd7c7fa06e8edaa61d0c768fe612ca96ac9fcd765d3f5a55aaca4da35a6b55d8c18de38253f3f398a9bc214aca30179070baf750440085628f1315d0f1a6e83cdf0b023aa1b5b7777114436d7a297bf72c17c1441a92396fdb9f8608508a990853c21067fd58d59edfd93c0819776aba79d6cb97504fe46c74d2d67f374265a563aae18717e32f2295e5943ffe129dc43c307da1ee2412284d5bb285358df8e717ac79bb2c5c2bea6aec0184416b1eec3b5c6532479e7bc0536b649a75ff5cff2f90d3ef198e9340f3b37ebbf2a1d5924515ec61eb4c9507a5c344649b8877d5716d661b9d443ef5b4225fdd7a62b9f78510da752dbad36c3f80dfd6b200aee79f0a032844a7b597ce7dfd75d8ff1fe0c7e3878094b4a7c1ff586232a5340d6f9f77d26d02521871442793f17d0025d32660a824430d96808f55888b03cf576c64b3533045459b208cd7c87b8c046d0473b61616271e91a2de7a4f639a0e2b73ee7a1c7853cb976f5b0635e26c4c8a84cde8737d00dc9d54eaa7af8dc88ef6b4e7203424d260aa1097497f827b710fc973343afd3a6a4a20727fc8461415aa2d73a5715721d1959a6c16a9d2a8ed5dcb50945f15d39a237687c4189b77e64a0318f3690dd05db1fbfc18c122d6c64f83ba2ca2d920ad94a99023a7c23fed20d16caef3227a0f0cfe1fbc0a46e39bc193dabf908ee46e692df00fc1349d2fd693fc64923294f9da4c38a7488a120e4d0957e084af4b2fa5105504dcfb43dcc5d04af8699e940f23bef2a85414a3792318fc33858c61f02eafb33a8c7bd1f711773a22ffdce26c6831509194af7df156d46be8bee88cfd1488105570850153226b81f25684a501c4afaf540a367565a5d812bbf17ab8ad20413aa9a98f4ec1254c12b06ac671f47446110bf17abedf1f676fde70782458c33a24ac1a712864aeefd5766fdbb2f1e2bb34b5ec426f8f0dd74535ea8be95a407039f31ff95d41f6b18d60fb5c6ea9390350c3cc3213e2a1c3dae38bb95cb5c926cdd297f9653b6cb22e9cb3b9bc50cf2a8e2462a5d5ddb25d02ea4fe1478d375a5ad24140d3db83d940547bbdeb1059d419f194039fbc1b12ef6297dad10fba2eb79c42be896f0e7c992bd09d3edf6f99c4d3bfcf9c186e0ae5365a55eb2a16c882360df09c1b4f9586624e22d1a0e5e2d2121707dd8bee968714982d96b6d8a7b12f6847b02cd8f5df6e10028f4295e3060eca49842134e94e0873eb394cc2c4071187b06a82d44550e428f3ccd01f6569ce9a268f73954cadbad5aed30775049c9a97f549154c831ac30eb5bebf784f12ec28a675966821a5ec8c96f94493c036841887519b02fb5162ae3d5781ca9c776fd58b46e8c6c49900defc390cfe23aaff5194c1099788e30e085d1907c6616f4d54136a7405e0e76899ee24067041a9566a76bb7f0b2502734271b3dd27a47003a5e92e31a7d36ea06a4e580e86e098328d0ceae9c03405586f6837820bb64679bf1984d9f3c9a83c04f04ad288ffbc6b96ffbcbde9dbb9d859d564f72835848d7df08b5eaf295517f132913acdd5f29446b537b41eebfb1a472c267103114ffab97a56fd352fd5631e5c313552eae8e3090e2549f17ee2b8a708fa5c0bb56d5c262b298e9bd078d5718ae3fa80d39ff6496c1ea1eacf6eac97b81a3c38c595304915e6a0eab76cd8ab9bb2d34889a582722afa9802e914fc703198bef3421540ba8eecf67315b742dc66eb77c3054520fe234d6c34d87404c64ff0ae530f2f9b7a0f74e171066753872cb6dc42ea0d89be7d771863db5656434be007c2a5f79699d905c956515becfe2cccf44e619790fd022b24e234346afcd8f89111d7a46464a0ee8bad9a189111cc1d01a8d988dd722455f18b21655cf6c0401afd16241e106cdd6f1bebc509baa1629c518208c5ce51cc0e38ef7ed1d4dc43ea0fe7c78697e67153c60e4d93f4183be09fbbad91b843ea6579cf5ba5015c3ba1cf16bea7b2a6269354d7b53d0d923210258dec7b4cc34678232233c6f7432bc9dd52e5b7fe27f80c3871e406d92d6ff3e3e9f5fd78fa41bf95c9267cdb3bdd47b64f9770cbf74b2e8150f288e7aa7e5b82fa549cf12510c13bc3fae036a8360bdc2cd3e0478e96e2b8e19249b29a5665b2efaac691c425c1658cc9750945ec2f2c54d736303314df3a09c7e3ec3d8f73c8f82a101dea7508c4a8b3092a55ad9790c5d06d1c44eaf1e87b34126736e5f6b4bbd7f6f926aa851491a920ef2bd3e3621826ddf1dc985ad17389fe4b1bc7b15ba66d8e95ccebe9941d5f077b6d7f8a41c286adaffc8273e2a68fe8202cebc9caa719549281d03187cc66bdfb2c9a4797e6346caa3c1cdd2e220c5f964c2fc3a08c8255a76f64106e0db00f12728a5b46a91b696cd822f5a2793925f9897ef99fcfe72c6c35db17f8338c2b33009f720433e3ae78cef776ee6b2c45d80d7030329e32a17ef1413dad64099991e1068910f0577bc81bb3ab92b4996b6b1aa3b6de7c221c4d662f80b2268e2a02cdd68f2b4820f3dc77640f79d1647511bb1934b8d1d749602acb16c94f05381484fb83b6dd39e49e09e1e81d7ceb906f16cd709cd6e6cf906ab01fc95d7ffb6157e43806e45751056e071b8c7be4304da50716ce70a1e55b68f5fc3628c9cd492b228956523d06689a95423af00a5e344762cdecd95383b0da2064a816108cc118bdfca16f0c7ef4810d7dcca05d7889192e42201fc4a691002ea8ff937f0220d6662cdac4ab93c185df7ffc34176ab1740fdbde4f6fe9bb38e75ae5204a0d013c738de066567e13dd88a12546c781436fe13e2eb2c49bf2633371464a112ea213ae4047f146e547a584951563a1172cc4f22b17fc6ba33e0e93d7cec57a91af96e38109c4342043457367f2962d685771c0ba78204698ee1d36fad89f4d40b0ef03cf834f41a241ac594d67bbd8ede292e07e7e0b7a2b0aaecb1dac175c2239a621aa9c70b62e5d264c68015ca73296b8bd9727b0abe9152b306ca755f1ed7639d4346aa5a6d21970473005fd0cb60ad99feb8281625af0dda35aebeef935b3e1dff293bd466fc79acb09e0dc2878c2a60e72b8786506a49f06210e75c04ca35dfd915a46fdb583295b001b8991ca1ee788c1d34753405fad6e749d5b3c92d830ff509e65fc1ee53e", 0x1000}, {&(0x7f00000000c0)="0050c0e273700ee5c6", 0xffffffffffffffea}], 0x4}, 0x0)
r5 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r6, 0x0)
setsockopt$inet_int(r6, 0x10d, 0xa, &(0x7f0000000bc0)=0x7, 0x4)
ioctl$SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f0000000180)=0x6)
socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f00000003c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
r8 = getpid()
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1b, 0x9d, 0x0, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={r9, 0x0, 0x0}, 0x1c)
process_vm_readv(r8, &(0x7f0000008400)=[{&(0x7f00000004c0)=""/167, 0xa7}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, 0x0, 0x0)
sendmsg$inet(r0, &(0x7f00000006c0)={&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000300)=[{&(0x7f0000000c00)="e9", 0x1}], 0x1}, 0xe0)
sendmsg$inet(r0, &(0x7f00000010c0)={&(0x7f0000000140)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000640)=[{&(0x7f0000000440)='\\', 0x1}], 0x1}, 0x4)

2.261547132s ago: executing program 3 (id=309):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'team_slave_0\x00'})
r1 = openat$dlm_plock(0xffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
ppoll(&(0x7f0000000b80)=[{r1}], 0x1, &(0x7f0000000bc0), 0x0, 0x0) (async)
r2 = getpid() (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x1, &(0x7f0000000640)=ANY=[@ANYBLOB="0058030003400003e20578ba285be3344b1e0100e2723b891a46507b6a2066e33dd49cb60cb2f2850b7a593b1d9486fbc9d1606886f22a8626339ffffeb1b23b7dde6742943d7770d3671e219a38131a0869a71a116f349707ee"], &(0x7f0000000380)='GPL\x00', 0x0, 0x70, &(0x7f0000000400)=""/112, 0x41000, 0x1a, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0x0, 0xd, 0x49413e07, 0x7}, 0x10, 0x0, 0x0, 0x4, &(0x7f00000004c0)=[r1, r1, r1, 0xffffffffffffffff, r1, r1], &(0x7f0000000500)=[{0x2, 0x2, 0x3, 0x1}, {0x2, 0x2, 0x10}, {0x2, 0x1, 0x4, 0x3}, {0x0, 0x3, 0x8, 0x9}], 0x10, 0x6, @void, @value}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000140)='afs_reload_dir\x00', r1}, 0x10) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r2, &(0x7f0000008400), 0x0, &(0x7f0000000740)=[{&(0x7f0000000800)=""/108, 0x6c}], 0x1, 0x0) (async)
bpf$MAP_CREATE(0x0, 0x0, 0x0) (async)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) (async, rerun: 32)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000, 0x0) (async, rerun: 32)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') (async)
chdir(&(0x7f0000000080)='./file1\x00')
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r4, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x6, 0x7fffffff})
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async)
mkdirat(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x38) (async)
mkdir(&(0x7f00000006c0)='./bus/file0\x00', 0x27) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x10, &(0x7f0000000780)={[{@uuid_on}, {@redirect_dir_on}, {@uuid_null}, {@userxattr}, {@index_on}]}) (async, rerun: 64)
chdir(&(0x7f00000003c0)='./bus\x00') (async, rerun: 64)
iopl(0x3) (async)
msgget$private(0x0, 0x0) (async)
symlink(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./bus\x00') (async)
r5 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) (async)
socket$inet6(0xa, 0x1, 0x5)
sendfile(r5, r3, 0x0, 0x80009) (async)
openat$uhid(0xffffffffffffff9c, 0x0, 0x0, 0x0)

2.260981781s ago: executing program 3 (id=310):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x240000, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x2)
mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ffe000/0x2000)=nil)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x3)
r1 = socket$kcm(0x2, 0x200000000000004, 0x106)
syz_open_dev$dri(&(0x7f0000000600), 0x3, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0xd, 0x0, 0x2, 0x0)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000340)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x39, 0x0, "b0fd7b07ff8a216915a8d3215a3225178096acf74c85ad01ba95fd9d0543750fb5a62a045888e8febca073f1f821abb8083f4d192383c47b3800abd4d841e2d4b56039653b95d0cd0a00a6ea35bdfaf6"}, 0xd8)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x70, 0x0, 0x9, 0x101, 0x0, 0x0, {}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x7ff}}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_PRIV_DATA_LEN={0x8}, @NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x70}}, 0x0)
sendto$inet6(r4, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a54049f0c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a1", 0xc7, 0x0, 0x0, 0x0)
getsockopt$IP_SET_OP_GET_FNAME(0xffffffffffffffff, 0x1, 0x53, 0x0, &(0x7f0000000440))
sched_setscheduler(0x0, 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$kcm(r1, &(0x7f0000001900)={0x0, 0x0, 0x0}, 0x20040000)
syz_open_procfs$namespace(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r7 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r7, &(0x7f0000000240), 0xc)
quotactl_fd$Q_GETNEXTQUOTA(r6, 0xffffffff80000900, 0x0, &(0x7f0000000580))
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r7, 0x10e, 0x4, &(0x7f0000000000)=0x8, 0x4)
socket$inet_tcp(0x2, 0x1, 0x0)

2.071776473s ago: executing program 1 (id=311):
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r0 = syz_open_dev$usbfs(0x0, 0x204, 0x0)
r1 = openat$uinput(0xffffff9c, &(0x7f0000000080), 0x802, 0x0)
ioctl$UI_SET_PHYS(r1, 0x4004556c, &(0x7f0000000180)='syz1\x00')
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xf, 0x11012, r0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
r4 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0})
ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240)=r4)
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000040)={0x1, r4})
socket$packet(0x11, 0x3, 0x300)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000001140)={0x1, 0x0, [{0xdddd1000, 0x1000, &(0x7f0000001ec0)=""/4096}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x20000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)})
read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8)
r6 = openat$qat_adf_ctl(0xffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$IOCTL_CONFIG_SYS_RESOURCE_PARAMETERS(r6, 0x40096100, &(0x7f0000000300))
getsockopt$WPAN_WANTLQI(0xffffffffffffffff, 0x29, 0x49, 0x0, &(0x7f0000000040))
socket$nl_generic(0x10, 0x3, 0x10)

1.719696789s ago: executing program 3 (id=312):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
socket$kcm(0x2, 0xa, 0x2)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001440), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001500)={0x34, r2, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES={0x8, 0x3, 0xa000000}]}, 0x34}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r4 = openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
read$FUSE(r4, &(0x7f0000000b40)={0x2020}, 0x2020)
write$FUSE_DIRENTPLUS(r4, 0x0, 0x150)
io_uring_setup(0x523e, &(0x7f00000003c0)={0x0, 0x0, 0x8, 0x1})
pread64(0xffffffffffffffff, 0x0, 0x0, 0x3c)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
socket(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f0000000ac0)=ANY=[@ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpid()

801.861358ms ago: executing program 3 (id=313):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), r0)
r2 = socket$igmp(0x2, 0x3, 0x2)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_GET_GATEWAYS(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000740)={0x1c, r1, 0x73bf44d8d76863a9, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="021800001c000000000000000000000005000600000000000a00030000000000000000000000000000000000000000000000000000000000020012000000000000000000fcffffff0600ff0000000000000000000000000000000000000000000000000001000000fe8010000000002100000000000000bb050005002b0000000a0000a874000000fc01000000020000000200000000000000000000000000000800197c"], 0xe0}}, 0x0)
r6 = socket$kcm(0x2, 0xa, 0x2)
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r8, &(0x7f0000000000)=[{0x1e, 0x0, 0xff, 0x0, @time={0x1ff, 0xb36}, {}, {}, @quote={{0x8, 0x6}, 0x2, &(0x7f0000000080)={0x3, 0x80, 0x1, 0x9, @time={0x0, 0x81}, {0x8, 0x57}, {0x3, 0x9}, @time=@time={0x8007, 0xfffffffa}}}}], 0x29)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r7, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r7, 0x40505412, &(0x7f0000000440)={0x1, 0x20000006})
ioctl$SNDRV_TIMER_IOCTL_START(r7, 0x54a0)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @private2, 0x3}, 0xfffffffffffffe42)
getsockopt$bt_hci(r9, 0x84, 0x80, &(0x7f0000000000)=""/4103, &(0x7f00000014c0)=0x1007)
close_range(r7, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_MAP_INFO(0x15, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="000386dd0a00100012004000000060ec97000fc88900fe8000400000000000000000000000aaff020000000000000000000000000001"], 0xffe)

661.889117ms ago: executing program 3 (id=314):
syz_emit_ethernet(0x46, &(0x7f00000003c0)={@local, @random="bcf99e33aaa3", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x10, 0x3a, 0x0, @remote, @mcast2, {[], @ndisc_ra}}}}}, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x70, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x526}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x0, 0x3f00}}]}, {0x4}, {0xc}, {0xc, 0x4}}}]}]}, 0x70}}, 0x0)
socket(0x10, 0x80002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$kcm(0x29, 0x2, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffc)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
setsockopt$ax25_int(r4, 0x101, 0x3, 0x0, 0x0)
setsockopt(r4, 0x5, 0xe9, &(0x7f0000000340)="2bd68d737f2bcd812e3742e3c6a38f218ada4775902d15b986c277063ebb51999451fde83165d33d76ff4e78e52dbaa06973d87d6f30c4eeb620ded846b951f5982b5bac07bec6fca8594b864b8380e448f7ee876d7c57775c246b2ab1913947ce1e0c3047ba614d579c8c3c9e90b4510a6478de05cb4bce5f4dc1b0a7230858564e83906e99763788535085a95d3015e6c456a1316eac2a0906a9837a8b2f10a795a18d8340aa16df6c4c272a76ee1d908806bdc5b65b8a32b63e92436ba2761ac9538eb570e2389d6e4d2ffba9386dc20beedbd3d7ddd40f78dea30d", 0xdd)
openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r5, &(0x7f00000003c0)=ANY=[@ANYBLOB="034886dd08012800"], 0xfdef)

482.013474ms ago: executing program 1 (id=315):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x28046}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0x3}]}, 0x3c}, 0x1, 0x8}, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c) (async)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r2, &(0x7f0000000000)="e3", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x0, 0x0, @private2}, 0x1c)
shutdown(r2, 0x1)
setsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000001280), 0x10) (async)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) (async)
sendto$inet6(r0, &(0x7f00000000c0)="044aac2f202c5fed", 0x8, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) (async)
shutdown(r0, 0x1)

480.652ms ago: executing program 2 (id=316):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
userfaultfd(0x100000)
r1 = userfaultfd(0x801)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x800083}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r2 = timerfd_create(0x0, 0x0)
r3 = dup2(r1, r2)
ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000000)={&(0x7f000085a000/0x1000)=nil, 0x1000})
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f00000001c0), &(0x7f0000000340)=0x8)
r4 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x101641)
ioctl$USBDEVFS_IOCTL(r4, 0x80045503, 0x0)
r5 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000040)={'vcan0\x00'})
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r5, 0x6, 0x15, &(0x7f0000000040)=0x3, 0x4)
ioctl$HIDIOCGCOLLECTIONINDEX(0xffffffffffffffff, 0x40184810, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1802"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
close(r7)
syz_usb_connect(0x15a7a4957153133, 0x3e, &(0x7f0000001100)=ANY=[], 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x40045506, 0x0)
r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f00000000c0)=0x7)
setsockopt$inet_tcp_TCP_QUEUE_SEQ(r8, 0x6, 0x15, &(0x7f0000000040)=0x1, 0x4)
ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000480)=0xdc)

291.1837ms ago: executing program 1 (id=317):
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@private1, @in6=@private0, 0x400, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xff}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@mcast2, 0x0, 0x32}, 0x0, @in=@multicast1}}, 0xe4)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFCONF(r1, 0x8940, 0x0)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x2f, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208020300ecff3f0200000300000a000000009afc5ad9485bbb6a880000d6c8db0000dba67e06018000020000f10607bdff591040eb5488ac5bcedd2c37e999000ac45761407a681f009cee4a5acb3da400001fb700674f19b44e09f9315033bf79ac2dff060115003901000000000000ea000000000000000009ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf", 0xb8)
r2 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xf}]}, @NFT_MSG_NEWSETELEM={0x14, 0xc, 0xa, 0x801, 0x0, 0x0, {0x1}}], {0x14, 0x10}}, 0x98}}, 0x0)
r4 = socket(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'lblcr\x00', 0x20, 0x0, 0xfffffffe}, 0x2c)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00', @ANYRES16=r6], 0x54}}, 0x0)
ioctl$CDROMMULTISESSION(r2, 0x2284, &(0x7f00000000c0)={@lba=0x101})
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
close(0xffffffffffffffff)
socket(0x840000000002, 0x3, 0x100)

188.235877ms ago: executing program 0 (id=318):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r3}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, 0x0, 0x0)
getpid()
process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0x2, 0x0, 0x0)
r5 = io_uring_setup(0x253d, &(0x7f0000000280)={0x0, 0x547a, 0x8, 0x0, 0x3ca})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
rmdir(0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
connect(r6, &(0x7f0000000300)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x8}, 0x80)
close_range(r5, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f00000002c0)=0x2, 0x4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000000)=0x8, 0x4)
sendto$inet6(r1, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="af", 0x8980}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000b80)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76", 0x390}, {&(0x7f00000003c0)="439e9c06fc666cabc8569d63a866b31ff3ceda1e28f23f455e96a02001fc3fb089ed9e5234", 0x25}], 0x2, 0x0, 0x20}}], 0x2, 0x0)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), r0)
ioctl$FAT_IOCTL_SET_ATTRIBUTES(r2, 0x40047211, &(0x7f0000000080)=0x1)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r7, @ANYBLOB="01000000000000000000170000000c00060001000000010000000c01308014000400976f1044852bca665354bd217b6b9037200001800c0005000400000200000000080001000300000005000200000000000500020008"], 0x12c}}, 0x0)

0s ago: executing program 3 (id=319):
r0 = openat$ocfs2_control(0xffffff9c, &(0x7f0000000100), 0x80000, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x19, 0x4, 0x8, 0xc, 0x8820, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @value=r0, @void, @void, @value}, 0x50)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev, 'veth1_to_batadv\x00'}}, 0x1e)
r3 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r3, &(0x7f00000000c0)={0x18, 0x0, {0x2, @empty, 'veth1_to_bridge\x00'}}, 0x1e)
r4 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r4, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev, 'veth1_to_batadv\x00'}}, 0x1e)
connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0x0, @random="7c9ab5135269", 'pim6reg0\x00'}}, 0x1e)
connect$pppoe(r4, &(0x7f0000000040)={0x18, 0x0, {0x0, @remote, 'gretap0\x00'}}, 0x1e)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
dup2(r7, r6)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES64, @ANYBLOB="45f5000000001e00000032"], 0x1c}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:41318' (ED25519) to the list of known hosts.
[   35.113255][ T5279] cgroup: Unknown subsys name 'net'
[   35.254676][ T5279] cgroup: Unknown subsys name 'cpuset'
[   35.258824][ T5279] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   36.106459][ T5279] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   38.539349][ T5351] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   38.543390][ T5351] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   38.546583][ T5351] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   38.549669][ T5356] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   38.552946][ T5351] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   38.554019][ T5357] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   38.555002][ T5351] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   38.559069][ T5360] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   38.560293][ T5352] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   38.561591][ T5351] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   38.562001][ T5360] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   38.562507][ T5360] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   38.562628][ T5360] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   38.563859][ T5352] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   38.565533][ T5348] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   38.567391][ T5352] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   38.570413][   T64] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   38.579644][   T64] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   38.582741][   T64] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   38.583465][ T5352] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   38.584908][   T64] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   38.588605][   T64] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   38.590495][   T64] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   38.592264][ T5352] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   38.791310][ T5344] chnl_net:caif_netlink_parms(): no params data found
[   38.795916][ T5346] chnl_net:caif_netlink_parms(): no params data found
[   38.806672][ T5343] chnl_net:caif_netlink_parms(): no params data found
[   38.969774][ T5355] chnl_net:caif_netlink_parms(): no params data found
[   38.990714][ T5346] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.993769][ T5346] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.995746][ T5346] bridge_slave_0: entered allmulticast mode
[   38.997760][ T5346] bridge_slave_0: entered promiscuous mode
[   39.000775][ T5346] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.002822][ T5346] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.004636][ T5346] bridge_slave_1: entered allmulticast mode
[   39.006596][ T5346] bridge_slave_1: entered promiscuous mode
[   39.048076][ T5343] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.050210][ T5343] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.052115][ T5343] bridge_slave_0: entered allmulticast mode
[   39.054280][ T5343] bridge_slave_0: entered promiscuous mode
[   39.074616][ T5344] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.076635][ T5344] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.078601][ T5344] bridge_slave_0: entered allmulticast mode
[   39.080714][ T5344] bridge_slave_0: entered promiscuous mode
[   39.085296][ T5344] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.087312][ T5344] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.089164][ T5344] bridge_slave_1: entered allmulticast mode
[   39.091150][ T5344] bridge_slave_1: entered promiscuous mode
[   39.093948][ T5343] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.096539][ T5343] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.099178][ T5343] bridge_slave_1: entered allmulticast mode
[   39.102301][ T5343] bridge_slave_1: entered promiscuous mode
[   39.106050][ T5346] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   39.147764][ T5346] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   39.163656][ T5344] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   39.175633][ T5343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   39.213260][ T5344] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   39.216514][ T5343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   39.220547][ T5346] team0: Port device team_slave_0 added
[   39.225085][ T5346] team0: Port device team_slave_1 added
[   39.226812][ T5355] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.228718][ T5355] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.230657][ T5355] bridge_slave_0: entered allmulticast mode
[   39.233205][ T5355] bridge_slave_0: entered promiscuous mode
[   39.289423][ T5355] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.291322][ T5355] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.293465][ T5355] bridge_slave_1: entered allmulticast mode
[   39.295511][ T5355] bridge_slave_1: entered promiscuous mode
[   39.299701][ T5344] team0: Port device team_slave_0 added
[   39.302775][ T5343] team0: Port device team_slave_0 added
[   39.305369][ T5344] team0: Port device team_slave_1 added
[   39.307202][ T5346] batman_adv: batadv0: Adding interface: batadv_slave_0
[   39.309001][ T5346] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.315992][ T5346] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   39.351066][ T5343] team0: Port device team_slave_1 added
[   39.382844][ T5346] batman_adv: batadv0: Adding interface: batadv_slave_1
[   39.384648][ T5346] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.391053][ T5346] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   39.397170][ T5355] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   39.409987][ T5344] batman_adv: batadv0: Adding interface: batadv_slave_0
[   39.412427][ T5344] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.420730][ T5344] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   39.427630][ T5344] batman_adv: batadv0: Adding interface: batadv_slave_1
[   39.429967][ T5344] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.438214][ T5344] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   39.443082][ T5355] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   39.460263][ T5343] batman_adv: batadv0: Adding interface: batadv_slave_0
[   39.463250][ T5343] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.470731][ T5343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   39.495175][ T5343] batman_adv: batadv0: Adding interface: batadv_slave_1
[   39.496998][ T5343] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.503817][ T5343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   39.521009][ T5355] team0: Port device team_slave_0 added
[   39.526572][ T5355] team0: Port device team_slave_1 added
[   39.590645][ T5346] hsr_slave_0: entered promiscuous mode
[   39.593323][ T5346] hsr_slave_1: entered promiscuous mode
[   39.597781][ T5344] hsr_slave_0: entered promiscuous mode
[   39.599786][ T5344] hsr_slave_1: entered promiscuous mode
[   39.601569][ T5344] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   39.603750][ T5344] Cannot create hsr debugfs directory
[   39.605471][ T5355] batman_adv: batadv0: Adding interface: batadv_slave_0
[   39.607343][ T5355] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.614280][ T5355] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   39.618910][ T5343] hsr_slave_0: entered promiscuous mode
[   39.620784][ T5343] hsr_slave_1: entered promiscuous mode
[   39.622920][ T5343] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   39.625559][ T5343] Cannot create hsr debugfs directory
[   39.628490][ T5355] batman_adv: batadv0: Adding interface: batadv_slave_1
[   39.630806][ T5355] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.640106][ T5355] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   39.762544][ T5355] hsr_slave_0: entered promiscuous mode
[   39.764841][ T5355] hsr_slave_1: entered promiscuous mode
[   39.767017][ T5355] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   39.769509][ T5355] Cannot create hsr debugfs directory
[   39.940632][ T5346] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   39.945912][ T5346] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   39.949866][ T5346] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   39.953728][ T5346] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   39.977100][ T5355] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   39.980345][ T5355] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   39.984287][ T5355] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   39.987695][ T5355] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   40.011338][ T5343] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   40.019680][ T5343] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   40.027270][ T5343] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   40.030835][ T5343] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   40.053662][ T5344] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   40.060900][ T5344] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   40.065046][ T5344] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   40.072726][ T5344] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   40.121759][ T5346] 8021q: adding VLAN 0 to HW filter on device bond0
[   40.136207][ T5343] 8021q: adding VLAN 0 to HW filter on device bond0
[   40.147969][ T5346] 8021q: adding VLAN 0 to HW filter on device team0
[   40.166491][ T1096] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.168468][ T1096] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.185540][ T1096] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.187485][ T1096] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.195473][ T5343] 8021q: adding VLAN 0 to HW filter on device team0
[   40.200961][ T5355] 8021q: adding VLAN 0 to HW filter on device bond0
[   40.217920][ T1099] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.219836][ T1099] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.238576][ T5355] 8021q: adding VLAN 0 to HW filter on device team0
[   40.249034][ T1099] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.251651][ T1099] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.264437][ T1099] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.266443][ T1099] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.273545][ T5344] 8021q: adding VLAN 0 to HW filter on device bond0
[   40.280421][ T5346] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   40.294732][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.297294][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.308429][ T5344] 8021q: adding VLAN 0 to HW filter on device team0
[   40.316911][ T1161] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.318943][ T1161] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.328147][ T1161] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.330055][ T1161] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.388147][ T5346] 8021q: adding VLAN 0 to HW filter on device batadv0
[   40.417390][ T5343] 8021q: adding VLAN 0 to HW filter on device batadv0
[   40.424633][ T5346] veth0_vlan: entered promiscuous mode
[   40.429910][ T5346] veth1_vlan: entered promiscuous mode
[   40.450117][ T5355] 8021q: adding VLAN 0 to HW filter on device batadv0
[   40.458829][ T5343] veth0_vlan: entered promiscuous mode
[   40.467030][ T5343] veth1_vlan: entered promiscuous mode
[   40.472791][ T5346] veth0_macvtap: entered promiscuous mode
[   40.475730][ T5344] 8021q: adding VLAN 0 to HW filter on device batadv0
[   40.480184][ T5346] veth1_macvtap: entered promiscuous mode
[   40.498772][ T5343] veth0_macvtap: entered promiscuous mode
[   40.502706][ T5346] batman_adv: batadv0: Interface activated: batadv_slave_0
[   40.506330][ T5346] batman_adv: batadv0: Interface activated: batadv_slave_1
[   40.511127][ T5355] veth0_vlan: entered promiscuous mode
[   40.517190][ T5346] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   40.519543][ T5346] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   40.521771][ T5346] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   40.524996][ T5346] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   40.528250][ T5343] veth1_macvtap: entered promiscuous mode
[   40.536956][ T5355] veth1_vlan: entered promiscuous mode
[   40.557107][ T5343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   40.559892][ T5343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.563618][ T5343] batman_adv: batadv0: Interface activated: batadv_slave_0
[   40.566942][ T5344] veth0_vlan: entered promiscuous mode
[   40.573146][ T5343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   40.576213][ T5343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.580055][ T5343] batman_adv: batadv0: Interface activated: batadv_slave_1
[   40.583785][ T5352] Bluetooth: hci0: command tx timeout
[   40.585589][ T5352] Bluetooth: hci2: command tx timeout
[   40.585748][ T5343] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   40.589317][ T5343] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   40.591600][ T5343] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   40.594396][ T5343] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   40.611048][ T5344] veth1_vlan: entered promiscuous mode
[   40.638635][   T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   40.641398][   T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   40.645441][ T1161] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   40.645678][ T5355] veth0_macvtap: entered promiscuous mode
[   40.648054][ T1161] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   40.662149][ T5352] Bluetooth: hci3: command tx timeout
[   40.662158][ T4780] Bluetooth: hci1: command tx timeout
[   40.664693][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   40.665785][ T5355] veth1_macvtap: entered promiscuous mode
[   40.667198][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   40.678802][ T1099] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   40.680816][ T1099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   40.681389][ T5355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   40.687138][ T5355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.690504][ T5355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   40.694329][ T5355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.698992][ T5355] batman_adv: batadv0: Interface activated: batadv_slave_0
[   40.709602][ T5344] veth0_macvtap: entered promiscuous mode
[   40.709891][ T5346] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   40.712849][ T5344] veth1_macvtap: entered promiscuous mode
[   40.724924][ T5344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   40.727564][ T5344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.729973][ T5344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   40.732740][ T5344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.735129][ T5344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   40.737682][ T5344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.740686][ T5344] batman_adv: batadv0: Interface activated: batadv_slave_0
[   40.743861][ T5355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   40.746504][ T5355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.749386][ T5355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   40.752850][ T5355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.758711][ T5355] batman_adv: batadv0: Interface activated: batadv_slave_1
[   40.768869][ T5355] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   40.772908][ T5355] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   40.776081][ T5355] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   40.778686][ T5355] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   40.792748][ T5344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   40.796708][ T5344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.799380][ T5344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   40.808220][ T5344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.811517][ T5344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   40.817052][ T5344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.822575][ T5344] batman_adv: batadv0: Interface activated: batadv_slave_1
[   40.846935][ T5344] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   40.849253][ T5344] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   40.851525][ T5344] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   40.873786][ T5344] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   40.912337][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   41.013539][ T5386] IPVS: starting estimator thread 0...
[   41.021320][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   41.025444][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   41.088234][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   41.090879][ T5406] IPVS: starting estimator thread 0...
[   41.092898][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   41.115188][ T5413] IPVS: using max 34 ests per chain, 81600 per kthread
[   41.129790][   T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   41.131928][   T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   41.163308][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   41.165845][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   41.192939][ T5415] IPVS: using max 35 ests per chain, 84000 per kthread
[   41.295996][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   41.305514][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   41.362202][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   41.382507][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   41.392124][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[   41.407784][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   41.544329][ T5386] IPVS: starting estimator thread 0...
[   41.582693][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   41.585599][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   41.602259][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   41.632887][ T5422] IPVS: using max 35 ests per chain, 84000 per kthread
[   42.137322][   T73] IPVS: starting estimator thread 0...
[   42.232421][ T5423] IPVS: using max 34 ests per chain, 81600 per kthread
[   42.562725][ T5427] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5'.
[   42.658506][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   42.660789][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   42.662628][ T4780] Bluetooth: hci2: command tx timeout
[   42.664886][ T4780] Bluetooth: hci0: command tx timeout
[   42.672899][ T5428] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   42.742263][ T5352] Bluetooth: hci3: command tx timeout
[   42.744772][ T5352] Bluetooth: hci1: command tx timeout
[   44.002551][   T73] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   44.165269][   T73] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[   44.168457][   T73] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[   44.171704][   T73] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   44.178227][   T73] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   44.181503][   T73] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   44.185796][   T73] usb 6-1: config 0 descriptor??
[   44.188590][ T5442] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   44.607992][   T73] plantronics 0003:047F:FFFF.0002: ignoring exceeding usage max
[   44.611210][   T73] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving
[   44.621658][   T73] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[   44.752329][ T5352] Bluetooth: hci0: command tx timeout
[   44.752620][ T4780] Bluetooth: hci2: command tx timeout
[   44.822176][ T4780] Bluetooth: hci3: command tx timeout
[   44.822367][ T5352] Bluetooth: hci1: command tx timeout
[   45.226772][ T5461] process 'syz.2.16' launched './file2' with NULL argv: empty string added
[   45.998148][ T5475] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[   46.008485][ T5475] CIFS mount error: No usable UNC path provided in device string!
[   46.008485][ T5475] 
[   46.011297][ T5475] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[   46.030338][ T5475] openvswitch: netlink: Missing valid actions attribute.
[   46.034637][ T5475] openvswitch: netlink: Actions may not be safe on all matching packets
[   46.654109][ T5481] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0
[   46.692843][ T5485] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0
[   46.822694][ T5352] Bluetooth: hci0: command tx timeout
[   46.832421][ T5352] Bluetooth: hci2: command tx timeout
[   46.902770][ T5352] Bluetooth: hci1: command tx timeout
[   46.912458][ T5352] Bluetooth: hci3: command tx timeout
[   46.934887][    T8] usb 6-1: USB disconnect, device number 2
[   49.075178][ T5499] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   49.112986][ T5499] xt_CT: No such helper "netbios-ns"
[   49.270551][ T5508] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   50.427743][ T5531] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0
[   50.676188][ T5539] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[   51.025144][ T5541] xt_CT: No such helper "netbios-ns"
[   51.051095][ T5548] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0
[   51.371342][ T5562] vxcan0: tx drop: invalid sa for name 0x0000000000000001
[   51.768331][ T5569] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0
[   52.552200][ T4777] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   52.672144][ T4780] Bluetooth: hci3: command 0x0405 tx timeout
[   52.712210][ T4777] usb 8-1: Using ep0 maxpacket: 8
[   52.724144][ T4777] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   52.727611][ T4777] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   52.730666][ T4777] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   52.734684][ T4777] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   52.739623][ T4777] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   52.743173][ T4777] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   52.953660][ T4777] usb 8-1: GET_CAPABILITIES returned 0
[   52.955247][ T4777] usbtmc 8-1:16.0: can't read capabilities
[   53.022400][ T5588] capability: warning: `syz.2.48' uses deprecated v2 capabilities in a way that may be insecure
[   53.367721][ T5598] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[   54.051455][ T5601] netlink: 28 bytes leftover after parsing attributes in process `syz.2.51'.
[   54.054270][ T5601] netlink: 'syz.2.51': attribute type 7 has an invalid length.
[   54.056284][ T5601] netlink: 'syz.2.51': attribute type 8 has an invalid length.
[   54.058380][ T5601] netlink: 4 bytes leftover after parsing attributes in process `syz.2.51'.
[   54.064116][ T5601] gretap0: entered promiscuous mode
[   54.067467][ T5601] batadv_slave_1: entered promiscuous mode
[   54.070189][ T5601] gretap0: left promiscuous mode
[   54.072798][ T5601] batadv_slave_1: left promiscuous mode
[   54.792152][   T25] usb 5-1: new low-speed USB device number 2 using dummy_hcd
[   54.969519][   T25] usb 5-1: No LPM exit latency info found, disabling LPM.
[   54.977729][   T25] usb 5-1: config 44 has an invalid interface number: 40 but max is 3
[   54.980817][   T25] usb 5-1: config 44 has an invalid interface number: 23 but max is 3
[   54.983950][   T25] usb 5-1: config 44 has an invalid interface number: 204 but max is 3
[   54.986991][   T25] usb 5-1: config 44 has an invalid interface descriptor of length 5, skipping
[   54.990367][   T25] usb 5-1: config 44 has an invalid descriptor of length 194, skipping remainder of the config
[   54.994250][   T25] usb 5-1: config 44 has 3 interfaces, different from the descriptor's value: 4
[   54.997667][   T25] usb 5-1: config 44 has no interface number 0
[   54.999968][   T25] usb 5-1: config 44 has no interface number 1
[   55.002436][   T25] usb 5-1: config 44 has no interface number 2
[   55.004146][   T25] usb 5-1: config 44 interface 40 altsetting 248 has an endpoint descriptor with address 0x26, changing to 0x6
[   55.007274][   T25] usb 5-1: config 44 interface 40 altsetting 248 endpoint 0x6 has an invalid bInterval 145, changing to 4
[   55.010305][   T25] usb 5-1: config 44 interface 40 altsetting 248 endpoint 0x6 has invalid maxpacket 29814, setting to 0
[   55.013291][   T25] usb 5-1: config 44 interface 40 altsetting 248 endpoint 0x4 has invalid maxpacket 64, setting to 8
[   55.016166][   T25] usb 5-1: config 44 interface 40 altsetting 248 endpoint 0xC has invalid maxpacket 32, setting to 8
[   55.019053][   T25] usb 5-1: config 44 interface 40 altsetting 248 endpoint 0x7 has invalid maxpacket 64, setting to 8
[   55.022160][   T25] usb 5-1: config 44 interface 40 altsetting 248 endpoint 0x2 has invalid maxpacket 32, setting to 8
[   55.025040][   T25] usb 5-1: config 44 interface 40 altsetting 248 endpoint 0x3 has invalid maxpacket 16, setting to 8
[   55.028114][   T25] usb 5-1: config 44 interface 40 altsetting 248 has a duplicate endpoint with address 0x3, skipping
[   55.031105][   T25] usb 5-1: config 44 interface 40 altsetting 248 has a duplicate endpoint with address 0x2, skipping
[   55.034127][   T25] usb 5-1: config 44 interface 40 altsetting 248 endpoint 0x8 has invalid maxpacket 1023, setting to 8
[   55.037218][   T25] usb 5-1: config 44 interface 40 altsetting 248 has 9 endpoint descriptors, different from the interface descriptor's value: 8
[   55.040988][   T25] usb 5-1: config 44 interface 23 altsetting 0 has a duplicate endpoint with address 0xC, skipping
[   55.043970][   T25] usb 5-1: config 44 interface 23 altsetting 0 has a duplicate endpoint with address 0x7, skipping
[   55.046835][   T25] usb 5-1: config 44 interface 23 altsetting 0 endpoint 0x5 has invalid maxpacket 16, setting to 8
[   55.049735][   T25] usb 5-1: config 44 interface 23 altsetting 0 endpoint 0xE has invalid maxpacket 16, setting to 8
[   55.052824][   T25] usb 5-1: config 44 interface 23 altsetting 0 has a duplicate endpoint with address 0x6, skipping
[   55.056579][   T25] usb 5-1: config 44 interface 23 altsetting 0 endpoint 0xD has invalid maxpacket 1024, setting to 8
[   55.059547][   T25] usb 5-1: config 44 interface 23 altsetting 0 has a duplicate endpoint with address 0x8, skipping
[   55.062483][   T25] usb 5-1: config 44 interface 23 altsetting 0 has a duplicate endpoint with address 0xE, skipping
[   55.065356][   T25] usb 5-1: config 44 interface 23 altsetting 0 has an endpoint descriptor with address 0x7F, changing to 0xF
[   55.068454][   T25] usb 5-1: config 44 interface 23 altsetting 0 endpoint 0xF has invalid maxpacket 25701, setting to 8
[   55.071513][   T25] usb 5-1: config 44 interface 23 altsetting 0 has a duplicate endpoint with address 0xC, skipping
[   55.074472][   T25] usb 5-1: config 44 interface 23 altsetting 0 has 10 endpoint descriptors, different from the interface descriptor's value: 9
[   55.077965][   T25] usb 5-1: config 44 interface 204 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   55.081523][   T25] usb 5-1: config 44 interface 40 has no altsetting 0
[   55.083419][   T25] usb 5-1: config 44 interface 204 has no altsetting 0
[   55.087666][   T25] usb 5-1: New USB device found, idVendor=5050, idProduct=0100, bcdDevice=5c.e0
[   55.090390][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   55.092708][   T25] usb 5-1: Product: å‘…
[   55.093836][   T25] usb 5-1: Manufacturer: à ’
[   55.095160][   T25] usb 5-1: SerialNumber: ఌ
[   55.221666][ T1415] usb 8-1: USB disconnect, device number 2
[   55.395327][ T5622] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0
[   55.467973][ T5620] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   55.469777][ T5620] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[   55.480901][ T5620] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   55.484233][ T5620] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[   55.491558][ T5620] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   55.493257][ T5620] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[   55.500543][ T5620] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   55.502655][ T5620] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[   55.727254][ T5628] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0
[   56.194779][ T5631] xt_TCPMSS: Only works on TCP SYN packets
[   56.197280][ T5631] IPv6: NLM_F_CREATE should be specified when creating new route
[   56.552812][ T1415] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[   56.705739][ T1415] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   56.708810][ T1415] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[   56.711631][ T1415] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[   56.714261][ T1415] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   56.717614][ T1415] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   56.719965][ T1415] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   56.723429][ T1415] usb 6-1: config 0 descriptor??
[   57.139698][ T1415] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving
[   57.147186][ T1415] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[   57.350551][ T5644] binder_alloc: binder_alloc_mmap_handler: 5643 200a0000-200a2000 already mapped failed -16
[   57.529279][   T25] ftdi_sio 5-1:44.40: FTDI USB Serial Device converter detected
[   57.548334][   T25] ftdi_sio ttyUSB0: unknown device type: 0x5ce0
[   57.622906][   T25] ftdi_sio 5-1:44.23: FTDI USB Serial Device converter detected
[   57.627560][   T25] ftdi_sio ttyUSB1: unknown device type: 0x5ce0
[   57.680893][   T25] ftdi_sio 5-1:44.204: FTDI USB Serial Device converter detected
[   57.686056][   T25] ftdi_sio ttyUSB2: unknown device type: 0x5ce0
[   57.697147][   T25] usb 5-1: USB disconnect, device number 2
[   57.745385][   T25] ftdi_sio 5-1:44.40: device disconnected
[   57.769467][   T25] ftdi_sio 5-1:44.23: device disconnected
[   57.773614][   T25] ftdi_sio 5-1:44.204: device disconnected
[   58.032942][   T25] usb 6-1: USB disconnect, device number 3
[   58.755581][ T5683] netlink: 40 bytes leftover after parsing attributes in process `syz.1.75'.
[   58.769302][ T5683] loop0: detected capacity change from 0 to 7
[   58.780350][ T5683] Dev loop0: unable to read RDB block 7
[   58.782392][ T5683]  loop0: unable to read partition table
[   58.784483][ T5683] loop0: partition table beyond EOD, truncated
[   58.786265][ T5683] loop_reread_partitions: partition scan of loop0 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[   58.786265][ T5683] 
) failed (rc=-5)
[   58.998777][ T5690] Bluetooth: MGMT ver 1.23
[   59.104400][ T5692] netlink: 8 bytes leftover after parsing attributes in process `syz.2.78'.
[   59.143985][ T5692] loop9: detected capacity change from 0 to 7
[   59.150073][ T5692] Dev loop9: unable to read RDB block 7
[   59.154242][ T5692]  loop9: unable to read partition table
[   59.173523][ T5692] loop9: partition table beyond EOD, truncated
[   59.176550][ T5692] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[   59.509985][ T5699] netlink: 4 bytes leftover after parsing attributes in process `syz.0.80'.
[   59.577526][ T5700] netlink: 40 bytes leftover after parsing attributes in process `syz.0.80'.
[   59.589120][ T5701] netlink: 4 bytes leftover after parsing attributes in process `syz.0.80'.
[   60.020716][ T5713] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[   60.023267][ T5713] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[   60.025808][ T5713] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[   60.028162][ T5713] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[   60.031134][ T5713] netdevsim netdevsim1 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0
[   60.034224][ T5713] netdevsim netdevsim1 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[   60.036717][ T5713] netdevsim netdevsim1 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[   60.039231][ T5713] netdevsim netdevsim1 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[   60.041943][ T5713] geneve2: entered promiscuous mode
[   60.046269][ T5713] geneve2: entered allmulticast mode
[   60.361538][ T5719] syz.0.84 uses obsolete (PF_INET,SOCK_PACKET)
[   60.642120][ T1415] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[   60.646042][ T5730] IPv6: addrconf: prefix option has invalid lifetime
[   60.793224][ T1415] usb 8-1: Using ep0 maxpacket: 32
[   60.807104][ T1415] usb 8-1: config index 0 descriptor too short (expected 156, got 27)
[   60.814338][ T1415] usb 8-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[   60.817369][ T1415] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[   60.820297][ T1415] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 59391, setting to 1024
[   60.828919][ T1415] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[   60.838485][ T1415] usb 8-1: config 0 interface 0 has no altsetting 0
[   60.845053][ T1415] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[   60.848420][ T1415] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[   60.850636][ T1415] usb 8-1: Product: syz
[   60.851788][ T1415] usb 8-1: Manufacturer: syz
[   60.853774][ T1415] usb 8-1: SerialNumber: syz
[   60.859085][ T1415] usb 8-1: config 0 descriptor??
[   60.863268][ T5723] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   60.869092][ T1415] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[   60.873092][ T1415] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[   60.994632][ T5741] FAULT_INJECTION: forcing a failure.
[   60.994632][ T5741] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   60.999149][ T5741] CPU: 2 UID: 0 PID: 5741 Comm: syz.2.92 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0
[   61.002684][ T5741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   61.006313][ T5741] Call Trace:
[   61.007466][ T5741]  <TASK>
[   61.008479][ T5741]  dump_stack_lvl+0x16c/0x1f0
[   61.010091][ T5741]  should_fail_ex+0x497/0x5b0
[   61.011735][ T5741]  _copy_to_user+0x30/0xc0
[   61.013256][ T5741]  simple_read_from_buffer+0xd0/0x160
[   61.015118][ T5741]  proc_fail_nth_read+0x198/0x270
[   61.016832][ T5741]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   61.018726][ T5741]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   61.020597][ T5741]  vfs_read+0x1ce/0xbd0
[   61.022025][ T5741]  ? __fget_files+0x23a/0x3f0
[   61.023796][ T5741]  ? fdget_pos+0x24c/0x360
[   61.024992][ T5741]  ? __pfx_lock_release+0x10/0x10
[   61.026715][ T5741]  ? trace_lock_acquire+0x14a/0x1d0
[   61.028481][ T5741]  ? __pfx_vfs_read+0x10/0x10
[   61.030080][ T5741]  ? __pfx___mutex_lock+0x10/0x10
[   61.031810][ T5741]  ? __fget_files+0x244/0x3f0
[   61.033418][ T5741]  ksys_read+0x12f/0x260
[   61.034880][ T5741]  ? __pfx_ksys_read+0x10/0x10
[   61.036512][ T5741]  __do_fast_syscall_32+0x73/0x120
[   61.038262][ T5741]  do_fast_syscall_32+0x32/0x80
[   61.039918][ T5741]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   61.042066][ T5741] RIP: 0023:0xf740e579
[   61.043493][ T5741] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   61.049963][ T5741] RSP: 002b:00000000f56f65a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   61.052731][ T5741] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f56f6620
[   61.055426][ T5741] RDX: 000000000000000f RSI: 00000000f73fbff4 RDI: 0000000000000000
[   61.057506][ T5741] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   61.060171][ T5741] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[   61.062836][ T5741] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   61.065520][ T5741]  </TASK>
[   61.163865][ T5746] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   61.172660][ T5746] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   61.260735][    C2] ldusb 8-1:0.0: usb_submit_urb failed (-19)
[   61.262595][   T73] usb 8-1: USB disconnect, device number 3
[   61.268678][   T73] ldusb 8-1:0.0: LD USB Device #0 now disconnected
[   61.312741][ T5749] autofs: Unknown parameter '¹L?Ž:X‚¢¨ÿÞ”¥ÖÛO—I†ôìÕw4WfeÂR;&ñŽð'
[   61.368548][   T39] audit: type=1804 audit(2000000007.359:2): pid=5749 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.94" name="/newroot/16/bus/bus" dev="overlay" ino=123 res=1 errno=0
[   61.375259][ T5749] evm: overlay not supported
[   61.942125][ T1415] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[   62.095021][ T1415] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   62.097611][ T1415] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   62.100935][ T1415] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[   62.107332][ T1415] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   62.117051][ T1415] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   62.119606][ T1415] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   62.121916][ T1415] usb 6-1: Product: syz
[   62.125741][ T1415] usb 6-1: Manufacturer: syz
[   62.137762][ T1415] cdc_wdm 6-1:1.0: skipping garbage
[   62.139216][ T1415] cdc_wdm 6-1:1.0: skipping garbage
[   62.148447][ T1415] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[   62.150181][ T1415] cdc_wdm 6-1:1.0: Unknown control protocol
[   62.319607][ T5762] netlink: 'syz.2.98': attribute type 1 has an invalid length.
[   62.321884][ T5762] netlink: 112860 bytes leftover after parsing attributes in process `syz.2.98'.
[   62.336961][   T39] audit: type=1326 audit(2000000008.329:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5757 comm="syz.1.96" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73ce579 code=0xffff0000
[   62.344232][   T39] audit: type=1326 audit(2000000008.329:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5757 comm="syz.1.96" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73ce579 code=0xffff0000
[   63.714315][ T5778] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   63.719475][ T5778] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   63.724531][ T5778] bond0 (unregistering): Released all slaves
[   63.872143][   T25] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[   64.022185][   T25] usb 8-1: Using ep0 maxpacket: 32
[   64.025800][   T25] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[   64.029874][   T25] usb 8-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5
[   64.032318][   T25] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   64.034407][   T25] usb 8-1: Product: syz
[   64.035648][   T25] usb 8-1: Manufacturer: syz
[   64.036876][   T25] usb 8-1: SerialNumber: syz
[   64.039542][   T25] usb 8-1: config 0 descriptor??
[   64.041278][ T5781] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[   64.046583][   T25] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[   64.461468][ T5788] veth0_vlan: entered allmulticast mode
[   64.746103][ T5795] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0
[   65.647204][ T5800] vivid-000: =================  START STATUS  =================
[   65.651501][ T5800] vivid-000: Radio HW Seek Mode: Bounded
[   65.655638][ T5800] vivid-000: Radio Programmable HW Seek: false
[   65.657611][ T5800] vivid-000: RDS Rx I/O Mode: Block I/O
[   65.659772][ T5800] vivid-000: Generate RBDS Instead of RDS: false
[   65.661968][ T5800] vivid-000: RDS Reception: true
[   65.664971][ T5800] vivid-000: RDS Program Type: 0 inactive
[   65.666647][ T5800] vivid-000: RDS PS Name:  inactive
[   65.668023][ T5800] vivid-000: RDS Radio Text:  inactive
[   65.669460][ T5800] vivid-000: RDS Traffic Announcement: false inactive
[   65.671274][ T5800] vivid-000: RDS Traffic Program: false inactive
[   65.673175][ T5800] vivid-000: RDS Music: false inactive
[   65.674667][ T5800] vivid-000: ==================  END STATUS  ==================
[   66.645067][    T9] usb 8-1: USB disconnect, device number 4
[   66.831216][ T5824] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[   66.834487][ T5824] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[   66.837491][ T5824] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[   66.840577][ T5824] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[   66.846354][ T5824] netdevsim netdevsim0 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0
[   66.849307][ T5824] netdevsim netdevsim0 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[   66.854779][ T5824] netdevsim netdevsim0 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[   66.858508][ T5824] netdevsim netdevsim0 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[   66.864514][ T5824] geneve2: entered promiscuous mode
[   66.865919][ T5824] geneve2: entered allmulticast mode
[   67.412312][   T73] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   67.574763][   T73] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   67.578432][   T73] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   67.581969][   T73] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   67.602110][   T73] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   67.614164][ T5836] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[   67.655066][   T73] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[   67.834005][ T5844] netlink: 12 bytes leftover after parsing attributes in process `syz.3.122'.
[   67.842852][ T5845] Zero length message leads to an empty skb
[   68.403740][    T8] usb 5-1: USB disconnect, device number 3
[   68.571111][ T5874] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0
[   69.315135][ T5895] netlink: 4 bytes leftover after parsing attributes in process `syz.0.134'.
[   69.552104][ T5386] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   69.703494][ T5386] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   69.707585][ T5386] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[   69.711449][ T5386] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[   69.715014][ T5386] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   69.719588][ T5386] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   69.723073][ T5386] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   69.727391][ T5386] usb 7-1: config 0 descriptor??
[   70.144628][ T5386] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving
[   70.150275][ T5386] plantronics 0003:047F:FFFF.0004: hiddev1,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[   70.744647][ T1375] ieee802154 phy0 wpan0: encryption failed: -22
[   70.746458][ T1375] ieee802154 phy1 wpan1: encryption failed: -22
[   70.865270][ T5924] netlink: 'syz.0.140': attribute type 29 has an invalid length.
[   71.810860][ T4780] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   71.814157][ T4780] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   71.816820][ T4780] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   71.820068][ T4780] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   71.824123][ T4780] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   71.826269][ T4780] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   71.833040][ T5352] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   71.842437][ T5352] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   71.845621][ T5352] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   71.849940][ T5352] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   71.853048][ T5352] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   71.855210][ T5352] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   71.951314][ T5933] chnl_net:caif_netlink_parms(): no params data found
[   72.015016][ T5933] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.017049][ T5933] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.019113][ T5933] bridge_slave_0: entered allmulticast mode
[   72.021290][ T5933] bridge_slave_0: entered promiscuous mode
[   72.026077][ T5933] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.028043][ T5933] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.029958][ T5933] bridge_slave_1: entered allmulticast mode
[   72.031977][ T5933] bridge_slave_1: entered promiscuous mode
[   72.054429][ T5933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   72.058535][ T5933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   72.087602][ T5933] team0: Port device team_slave_0 added
[   72.090602][ T5933] team0: Port device team_slave_1 added
[   72.121439][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_0
[   72.123747][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   72.130927][ T5933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   72.135395][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_1
[   72.137219][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   72.145111][ T5933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   72.169790][ T5933] hsr_slave_0: entered promiscuous mode
[   72.171975][ T5933] hsr_slave_1: entered promiscuous mode
[   72.176165][ T5933] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   72.178206][ T5933] Cannot create hsr debugfs directory
[   72.247250][ T5933] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.308121][ T5358] usb 7-1: USB disconnect, device number 2
[   72.328073][ T5933] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.362204][   T25] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   72.482883][ T5933] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.503688][ T5963] jfs: Unrecognized mount option "$\\" or missing value
[   72.512165][   T25] usb 5-1: Using ep0 maxpacket: 8
[   72.514868][   T25] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[   72.518070][   T25] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[   72.520678][   T25] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   72.524152][   T25] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   72.527796][   T25] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   72.530149][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   72.601813][ T5933] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.717334][ T5933] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   72.723309][ T5933] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   72.727563][ T5933] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   72.738377][ T5957] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   72.741539][ T5933] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   72.745695][ T5957] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   72.749596][   T25] usb 5-1: GET_CAPABILITIES returned 0
[   72.751456][   T25] usbtmc 5-1:16.0: can't read capabilities
[   72.775692][ T5933] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.778147][ T5933] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.780656][ T5933] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.782664][ T5933] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.845039][ T5933] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.851715][ T5933] 8021q: adding VLAN 0 to HW filter on device team0
[   73.018916][ T5933] 8021q: adding VLAN 0 to HW filter on device batadv0
[   73.053783][ T5933] veth0_vlan: entered promiscuous mode
[   73.058243][ T5933] veth1_vlan: entered promiscuous mode
[   73.063545][ T5957] netlink: 4 bytes leftover after parsing attributes in process `syz.0.147'.
[   73.077123][ T5957] vxlan0: entered allmulticast mode
[   73.102546][ T5933] veth0_macvtap: entered promiscuous mode
[   73.105966][ T5933] veth1_macvtap: entered promiscuous mode
[   73.115432][ T5933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.119031][ T5933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.122920][ T5933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.126153][ T5933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.128955][ T5933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.132628][ T5933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.135794][ T5933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.139087][ T5933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.147551][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.153747][ T5933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   73.153765][ T5933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.153773][ T5933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   73.153784][ T5933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.153791][ T5933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   73.153802][ T5933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.153810][ T5933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   73.153822][ T5933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.154758][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.158330][ T5933] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.158349][ T5933] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.158364][ T5933] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.158378][ T5933] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.196656][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.235188][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.245058][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.247921][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.345315][ T5977] =======================================================
[   73.345315][ T5977] WARNING: The mand mount option has been deprecated and
[   73.345315][ T5977]          and is ignored by this kernel. Remove the mand
[   73.345315][ T5977]          option from the mount to silence this warning.
[   73.345315][ T5977] =======================================================
[   73.357795][ T5978] netlink: 'syz.3.151': attribute type 3 has an invalid length.
[   73.359330][ T5977] ntfs3: loop1: try to read out of volume at offset 0x0
[   73.863076][ T4780] Bluetooth: hci4: command tx timeout
[   74.377818][ T5996] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   74.387273][ T5996] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   74.403388][ T5996] bond0 (unregistering): Released all slaves
[   74.487816][ T5994] ubi0: attaching mtd0
[   74.490587][ T5994] ubi0: scanning is finished
[   74.491873][ T5994] ubi0: empty MTD device detected
[   74.823670][ T5994] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[   74.825845][ T5994] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[   74.828009][ T5994] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[   74.830153][ T5994] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[   74.832716][ T5994] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[   74.835369][ T5994] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[   74.837702][ T5994] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2488984360
[   74.840579][ T5994] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[   74.844159][ T6006] ubi0: background thread "ubi_bgt0d" started, PID 6006
[   75.076245][ T6010] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0
[   75.132530][ T5386] usb 5-1: USB disconnect, device number 4
[   75.565024][ T6017] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0
[   75.629550][ T6021] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   75.633285][ T6021] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   75.646769][ T6021] netlink: 'syz.0.161': attribute type 4 has an invalid length.
[   75.648956][ T6021] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.161'.
[   75.866358][ T1283] cfg80211: failed to load regulatory.db
[   75.882127][ T5386] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   75.952425][ T5352] Bluetooth: hci4: command tx timeout
[   76.033416][ T5386] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[   76.036009][ T5386] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   76.040088][ T5386] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[   76.042697][ T5386] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[   76.044739][ T5386] usb 5-1: Manufacturer: syz
[   76.046863][ T5386] usb 5-1: config 0 descriptor??
[   76.092098][ T5386] rc_core: IR keymap rc-hauppauge not found
[   76.093887][ T5386] Registered IR keymap rc-empty
[   76.096319][ T5386] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0
[   76.099414][ T5386] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input5
[   76.250140][ T1283] usb 5-1: USB disconnect, device number 5
[   76.897910][ T6038] netlink: 2 bytes leftover after parsing attributes in process `syz.2.166'.
[   76.900962][ T6038] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   76.904766][ T6038] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.907135][ T6037] netlink: 4 bytes leftover after parsing attributes in process `syz.3.167'.
[   76.907766][ T6038] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   76.913367][ T6038] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.915899][ T6038] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   76.918493][ T6038] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.920936][ T6038] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   76.924013][ T6038] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.927667][ T6038] batadv_slave_1: entered promiscuous mode
[   76.991131][   T39] audit: type=1326 audit(2000000022.979:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6039 comm="syz.3.168" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000
[   76.997694][   T39] audit: type=1326 audit(2000000022.979:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6039 comm="syz.3.168" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000
[   77.000847][ T6040] netlink: 'syz.3.168': attribute type 1 has an invalid length.
[   77.009046][ T6040] netlink: 9292 bytes leftover after parsing attributes in process `syz.3.168'.
[   77.009549][   T39] audit: type=1326 audit(2000000022.989:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6039 comm="syz.3.168" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f62579 code=0x7ffc0000
[   77.011439][ T6040] netlink: 'syz.3.168': attribute type 1 has an invalid length.
[   77.016558][   T39] audit: type=1326 audit(2000000022.989:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6039 comm="syz.3.168" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000
[   77.016627][   T39] audit: type=1326 audit(2000000022.989:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6039 comm="syz.3.168" exe="/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf7f62579 code=0x7ffc0000
[   77.016646][   T39] audit: type=1326 audit(2000000022.989:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6039 comm="syz.3.168" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000
[   77.016661][   T39] audit: type=1326 audit(2000000022.989:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6039 comm="syz.3.168" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f62579 code=0x7ffc0000
[   77.016733][   T39] audit: type=1326 audit(2000000022.989:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6039 comm="syz.3.168" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000
[   77.016804][   T39] audit: type=1326 audit(2000000022.989:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6039 comm="syz.3.168" exe="/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf7f62579 code=0x7ffc0000
[   77.050835][ T6040] netlink: 'syz.3.168': attribute type 2 has an invalid length.
[   77.053200][   T39] audit: type=1326 audit(2000000022.989:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6039 comm="syz.3.168" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f62579 code=0x7ffc0000
[   77.574485][ T6051] input: syz1 as /devices/virtual/input/input6
[   77.866612][ T6065] netlink: 'syz.3.176': attribute type 11 has an invalid length.
[   77.868648][ T6065] netlink: 134660 bytes leftover after parsing attributes in process `syz.3.176'.
[   77.871041][ T6065] openvswitch: netlink: Message has 8 unknown bytes.
[   77.935610][ T5352] Bluetooth: Wrong link type (-71)
[   78.023038][ T5352] Bluetooth: hci4: command 0x040f tx timeout
[   78.497346][ T6080] Driver unsupported XDP return value 0 on prog  (id 87) dev N/A, expect packet loss!
[   78.507284][ T6080] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   78.510607][ T6080] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   79.497113][ T6097] overlayfs: missing 'lowerdir'
[   80.113216][ T4780] Bluetooth: hci4: command 0x040f tx timeout
[   80.592664][ T6113] overlay: Unknown parameter '/'
[   81.210556][   T73] IPVS: starting estimator thread 0...
[   81.340874][ T6131] IPVS: using max 35 ests per chain, 84000 per kthread
[   81.656154][ T6141] netlink: 'syz.3.198': attribute type 1 has an invalid length.
[   81.658228][ T6141] netlink: 112860 bytes leftover after parsing attributes in process `syz.3.198'.
[   81.660601][ T6141] netlink: 'syz.3.198': attribute type 1 has an invalid length.
[   82.184157][ T4780] Bluetooth: hci4: command 0x040f tx timeout
[   82.213269][ T6156] capability: warning: `syz.0.200' uses 32-bit capabilities (legacy support in use)
[   82.231160][ T6156] netlink: 20 bytes leftover after parsing attributes in process `syz.0.200'.
[   82.583723][ T6160] 9pnet_fd: Insufficient options for proto=fd
[   83.535372][   T39] kauditd_printk_skb: 27 callbacks suppressed
[   83.535612][   T39] audit: type=1326 audit(2000000029.529:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6170 comm="syz.0.207" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f6f579 code=0x0
[   83.564451][ T6181] /dev/sr0: Can't open blockdev
[   83.952107][ T6000] usb 7-1: new full-speed USB device number 3 using dummy_hcd
[   84.103547][ T6000] usb 7-1: config 1 interface 0 has no altsetting 0
[   84.106898][ T6000] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[   84.109607][ T6000] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.111778][ T6000] usb 7-1: Product: syz
[   84.113284][ T6000] usb 7-1: Manufacturer: syz
[   84.114618][ T6000] usb 7-1: SerialNumber: syz
[   84.390205][ T6195] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0
[   84.890211][ T6202] fuse: Unknown parameter 'ûd¡'
[   85.827532][ T6188] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   85.832242][ T6000] usblp 7-1:1.0: usblp1: USB Unidirectional printer dev 3 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[   85.836594][ T6000] usb 7-1: USB disconnect, device number 3
[   85.839693][ T6000] usblp1: removed
[   99.151683][ T6214] netlink: 4 bytes leftover after parsing attributes in process `syz.1.216'.
[   99.160448][ T6214] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9)
[   99.163165][ T6214] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   99.168638][ T6214] vhci_hcd vhci_hcd.0: Device attached
[   99.178321][ T6221] vhci_hcd: cannot find a urb of seqnum 7 max seqnum 0
[   99.182994][   T45] vhci_hcd: stop threads
[   99.184342][   T45] vhci_hcd: release socket
[   99.185965][   T45] vhci_hcd: disconnect device
[   99.190406][ T6216] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[   99.192072][ T6216] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[   99.195311][ T6216] vhci_hcd vhci_hcd.0: Device attached
[   99.211870][ T6216] netlink: 12 bytes leftover after parsing attributes in process `syz.2.217'.
[   99.372258][   T35] vhci_hcd: vhci_device speed not set
[   99.432180][   T35] usb 17-1: new full-speed USB device number 2 using vhci_hcd
[   99.444138][ T6225] vhci_hcd: connection reset by peer
[   99.453314][   T68] vhci_hcd: stop threads
[   99.455619][   T68] vhci_hcd: release socket
[   99.464370][   T68] vhci_hcd: disconnect device
[   99.517656][ T6236] netfs: Couldn't get user pages (rc=-14)
[   99.518015][   T39] audit: type=1800 audit(2000000045.499:43): pid=6236 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.219" name="bus" dev="9p" ino=35922829 res=0 errno=0
[   99.790983][ T6241] input: syz0 as /devices/virtual/input/input7
[  100.318938][ T6237] syz.3.220 (6237) used greatest stack depth: 20864 bytes left
[  101.052853][ T6264] FAULT_INJECTION: forcing a failure.
[  101.052853][ T6264] name failslab, interval 1, probability 0, space 0, times 1
[  101.069591][ T6264] CPU: 3 UID: 0 PID: 6264 Comm: syz.3.227 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0
[  101.072339][ T6264] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  101.075051][ T6264] Call Trace:
[  101.075906][ T6264]  <TASK>
[  101.076663][ T6264]  dump_stack_lvl+0x16c/0x1f0
[  101.077889][ T6264]  should_fail_ex+0x497/0x5b0
[  101.079085][ T6264]  ? fs_reclaim_acquire+0xae/0x160
[  101.080420][ T6264]  should_failslab+0xc2/0x120
[  101.081628][ T6264]  __kmalloc_noprof+0xcb/0x410
[  101.082866][ T6264]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  101.084317][ T6264]  tomoyo_realpath_from_path+0xbf/0x710
[  101.085733][ T6264]  ? tomoyo_path_number_perm+0x232/0x5b0
[  101.087230][ T6264]  tomoyo_path_number_perm+0x245/0x5b0
[  101.088622][ T6264]  ? tomoyo_path_number_perm+0x232/0x5b0
[  101.090079][ T6264]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  101.091630][ T6264]  ? trace_lock_acquire+0x14a/0x1d0
[  101.092959][ T6264]  ? lock_acquire+0x2f/0xb0
[  101.094163][ T6264]  ? __fget_files+0x40/0x3f0
[  101.095353][ T6264]  ? __fget_files+0x244/0x3f0
[  101.096578][ T6264]  security_file_ioctl_compat+0x9b/0x240
[  101.098034][ T6264]  __do_compat_sys_ioctl+0x52/0x2b0
[  101.099353][ T6264]  __do_fast_syscall_32+0x73/0x120
[  101.100631][ T6264]  do_fast_syscall_32+0x32/0x80
[  101.101844][ T6264]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  101.103418][ T6264] RIP: 0023:0xf7f62579
[  101.104466][ T6264] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  101.109249][ T6264] RSP: 002b:00000000f56e656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  101.111380][ T6264] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005437
[  101.113387][ T6264] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  101.115447][ T6264] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  101.117441][ T6264] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  101.119462][ T6264] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  101.121457][ T6264]  </TASK>
[  101.124201][ T6264] ERROR: Out of memory at tomoyo_realpath_from_path.
[  101.189096][ T6267] netlink: 8 bytes leftover after parsing attributes in process `syz.1.228'.
[  101.197196][   T25] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  101.205035][   T25] hid-generic 0000:0000:0000.0005: hidraw1: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  101.245578][ T6272] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  101.247697][ T6272] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  101.249474][ T6272] vhci_hcd vhci_hcd.0: Device attached
[  101.268630][ T6274] netlink: 4 bytes leftover after parsing attributes in process `syz.3.231'.
[  101.281731][ T6272] netlink: 12 bytes leftover after parsing attributes in process `syz.0.230'.
[  101.325267][ T6287] input: syz0 as /devices/virtual/input/input8
[  101.345691][ T6274] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[  101.349526][ T6274] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  101.353378][ T6274] vhci_hcd vhci_hcd.0: Device attached
[  101.422614][   T25] vhci_hcd: vhci_device speed not set
[  101.492186][   T25] usb 13-1: new full-speed USB device number 2 using vhci_hcd
[  101.582468][ T6279] vhci_hcd: connection reset by peer
[  101.585858][   T45] vhci_hcd: stop threads
[  101.587464][   T45] vhci_hcd: release socket
[  101.589023][   T45] vhci_hcd: disconnect device
[  101.596086][   T73] usb 19-1: new high-speed USB device number 2 using vhci_hcd
[  101.781456][   T45] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.865218][ T6284] vhci_hcd: connection reset by peer
[  101.869694][   T75] vhci_hcd: stop threads
[  101.870875][   T75] vhci_hcd: release socket
[  101.872119][   T75] vhci_hcd: disconnect device
[  101.913586][   T45] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.982461][ T5352] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  101.986079][ T5352] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  101.992314][ T5352] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  101.995221][ T5352] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  101.997901][ T5352] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  102.001096][ T5352] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  102.066758][   T45] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.134047][ T6314] input input9: cannot allocate more than FF_MAX_EFFECTS effects
[  102.164527][   T45] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.251231][ T6305] chnl_net:caif_netlink_parms(): no params data found
[  102.499298][ T6305] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.501132][ T6305] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.503694][ T6305] bridge_slave_0: entered allmulticast mode
[  102.505955][ T6305] bridge_slave_0: entered promiscuous mode
[  102.508553][ T6305] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.510396][ T6305] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.512550][ T6305] bridge_slave_1: entered allmulticast mode
[  102.514522][ T6305] bridge_slave_1: entered promiscuous mode
[  102.516736][   T45] bridge_slave_1: left allmulticast mode
[  102.518482][   T45] bridge_slave_1: left promiscuous mode
[  102.520159][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.526684][   T45] bridge_slave_0: left allmulticast mode
[  102.528566][   T45] bridge_slave_0: left promiscuous mode
[  102.530505][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.762017][   T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  102.768048][   T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  102.773225][   T45] bond0 (unregistering): Released all slaves
[  102.780950][ T6337] netlink: 8 bytes leftover after parsing attributes in process `syz.0.247'.
[  102.793698][ T6343] netlink: 28 bytes leftover after parsing attributes in process `syz.0.247'.
[  102.799979][ T6343] netlink: 28 bytes leftover after parsing attributes in process `syz.0.247'.
[  102.823359][ T6347] pim6reg1: entered allmulticast mode
[  102.847359][ T6305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.851947][ T6305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.886764][ T6305] team0: Port device team_slave_0 added
[  102.889432][ T6305] team0: Port device team_slave_1 added
[  102.949654][ T6305] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.951896][ T6305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.959637][ T6305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.965098][ T6305] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.967657][ T6305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.975137][ T6305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.104810][ T6305] hsr_slave_0: entered promiscuous mode
[  103.106773][ T6305] hsr_slave_1: entered promiscuous mode
[  103.112377][ T6305] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  103.115172][ T6305] Cannot create hsr debugfs directory
[  103.207264][   T45] hsr_slave_0: left promiscuous mode
[  103.209997][   T45] hsr_slave_1: left promiscuous mode
[  103.211775][   T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  103.214315][   T45] batman_adv: batadv0: Removing interface: batadv_slave_0
[  103.218223][   T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  103.220147][   T45] batman_adv: batadv0: Removing interface: batadv_slave_1
[  103.256192][   T45] veth1_macvtap: left promiscuous mode
[  103.262548][   T45] veth0_macvtap: left promiscuous mode
[  103.271958][   T45] veth1_vlan: left promiscuous mode
[  103.274080][   T45] veth0_vlan: left promiscuous mode
[  104.024063][ T4780] Bluetooth: hci4: command tx timeout
[  104.371284][   T45] team0 (unregistering): Port device team_slave_1 removed
[  104.449375][   T45] team0 (unregistering): Port device team_slave_0 removed
[  104.582417][   T35] vhci_hcd: vhci_device speed not set
[  105.298229][ T6401] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[  105.305248][ T6401] overlayfs: conflicting options: userxattr,redirect_dir=on
[  105.664566][   T45] IPVS: stop unused estimator thread 0...
[  105.718740][ T6305] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  105.722617][ T6305] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  105.726544][ T6305] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  105.730621][ T6305] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  105.792369][ T6389] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  105.794888][ T6305] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.806120][ T6305] 8021q: adding VLAN 0 to HW filter on device team0
[  105.823761][ T1097] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.825470][ T1097] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.833557][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.835421][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.960771][ T6389] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  105.964550][ T6389] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  105.967766][ T6389] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  105.979744][ T6305] 8021q: adding VLAN 0 to HW filter on device batadv0
[  105.981771][ T6389] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  105.987842][ T6389] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  105.990213][ T6389] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.000015][ T6389] usb 8-1: config 0 descriptor??
[  106.002232][ T6417] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  106.005194][ T6305] veth0_vlan: entered promiscuous mode
[  106.016217][ T6305] veth1_vlan: entered promiscuous mode
[  106.057632][ T6305] veth0_macvtap: entered promiscuous mode
[  106.074622][ T6305] veth1_macvtap: entered promiscuous mode
[  106.102389][ T4780] Bluetooth: hci4: command tx timeout
[  106.102433][ T6305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  106.114532][ T6305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  106.122293][ T6305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  106.126383][ T6305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  106.142163][ T6305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  106.145092][ T6305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  106.148534][ T6305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  106.151446][ T6305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  106.173601][ T6305] batman_adv: batadv0: Interface activated: batadv_slave_0
[  106.185421][ T6305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  106.202082][ T6305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  106.204673][ T6305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  106.208150][ T6305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  106.210685][ T6305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  106.231602][ T6305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  106.234410][ T6305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  106.237874][ T6305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  106.244441][ T6305] batman_adv: batadv0: Interface activated: batadv_slave_1
[  106.251121][ T6305] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  106.262729][ T6305] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  106.265020][ T6305] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.267263][ T6305] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  106.322113][   T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.324870][   T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.341537][   T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.345348][   T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.592744][   T25] vhci_hcd: vhci_device speed not set
[  106.630586][ T6389] usbhid 8-1:0.0: can't add hid device: -71
[  106.632319][ T6389] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  106.635684][ T6389] usb 8-1: USB disconnect, device number 5
[  106.732178][   T73] vhci_hcd: vhci_device speed not set
[  108.182235][ T4780] Bluetooth: hci4: command tx timeout
[  108.570956][   T39] audit: type=1326 audit(2000000054.559:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6503 comm="syz.2.285" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x0
[  108.662211][    T9] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  108.855709][    T9] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  108.858803][    T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  108.861753][    T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  108.866287][    T9] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  108.869733][    T9] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  108.873147][    T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  108.879581][    T9] usb 8-1: config 0 descriptor??
[  108.881530][ T6500] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  109.332855][    T9] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  109.342658][    T9] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  109.344916][    T9] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  109.352215][    T9] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  109.361202][    T9] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  109.364264][    T9] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  109.366695][    T9] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  109.368821][    T9] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  109.370769][    T9] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  109.380520][    T9] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  109.382924][    T9] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  109.385224][    T9] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  109.387331][    T9] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  109.389741][    T9] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  109.396416][    T9] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  109.401293][    T9] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving
[  109.408213][    T9] plantronics 0003:047F:FFFF.0006: hiddev1,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  109.943439][ T6519] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0
[  110.262237][ T4780] Bluetooth: hci4: command tx timeout
[  110.909817][ T6525] FAULT_INJECTION: forcing a failure.
[  110.909817][ T6525] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  110.915079][ T6525] CPU: 0 UID: 0 PID: 6525 Comm: syz.2.290 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0
[  110.917831][ T6525] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  110.920605][ T6525] Call Trace:
[  110.921492][ T6525]  <TASK>
[  110.922303][ T6525]  dump_stack_lvl+0x16c/0x1f0
[  110.923547][ T6525]  should_fail_ex+0x497/0x5b0
[  110.924858][ T6525]  _copy_to_user+0x30/0xc0
[  110.926046][ T6525]  simple_read_from_buffer+0xd0/0x160
[  110.927458][ T6525]  proc_fail_nth_read+0x198/0x270
[  110.928788][ T6525]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  110.930249][ T6525]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  110.931681][ T6525]  vfs_read+0x1ce/0xbd0
[  110.932788][ T6525]  ? __fget_files+0x23a/0x3f0
[  110.934046][ T6525]  ? fdget_pos+0x24c/0x360
[  110.935303][ T6525]  ? __pfx_lock_release+0x10/0x10
[  110.936627][ T6525]  ? trace_lock_acquire+0x14a/0x1d0
[  110.937991][ T6525]  ? __pfx_vfs_read+0x10/0x10
[  110.939221][ T6525]  ? __pfx___mutex_lock+0x10/0x10
[  110.940545][ T6525]  ? __fget_files+0x244/0x3f0
[  110.941794][ T6525]  ksys_read+0x12f/0x260
[  110.942930][ T6525]  ? __pfx_ksys_read+0x10/0x10
[  110.944196][ T6525]  __do_fast_syscall_32+0x73/0x120
[  110.945551][ T6525]  do_fast_syscall_32+0x32/0x80
[  110.946861][ T6525]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  110.948571][ T6525] RIP: 0023:0xf740e579
[  110.949663][ T6525] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  110.954646][ T6525] RSP: 002b:00000000f56f65a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  110.956806][ T6525] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f56f6620
[  110.958856][ T6525] RDX: 000000000000000f RSI: 00000000f73fbff4 RDI: 0000000000000000
[  110.960900][ T6525] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  110.962948][ T6525] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  110.965066][ T6525] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  110.967117][ T6525]  </TASK>
[  111.416766][    T9] usb 8-1: USB disconnect, device number 6
[  111.607076][ T6532] netlink: 'syz.3.293': attribute type 10 has an invalid length.
[  111.609729][ T6532] ipvlan1: entered promiscuous mode
[  111.616011][ T6532] team0: Device ipvlan1 failed to register rx_handler
[  112.322107][    T9] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  112.501488][    T9] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  112.519617][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  112.523861][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  112.527773][    T9] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  112.531638][    T9] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  112.534717][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.561692][    T9] usb 7-1: config 0 descriptor??
[  112.562192][   T25] usb 5-1: new low-speed USB device number 6 using dummy_hcd
[  112.566624][ T6558] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  112.712168][   T25] usb 5-1: Invalid ep0 maxpacket: 16
[  112.842128][   T25] usb 5-1: new low-speed USB device number 7 using dummy_hcd
[  112.988994][    T9] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  112.991497][    T9] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  112.994312][    T9] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  112.996416][    T9] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  112.998462][    T9] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  113.000526][    T9] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  113.005919][    T9] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  113.008027][    T9] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  113.010098][    T9] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  113.012133][    T9] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  113.013247][   T25] usb 5-1: Invalid ep0 maxpacket: 16
[  113.014135][    T9] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  113.017564][   T25] usb usb5-port1: attempt power cycle
[  113.017935][    T9] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  113.021516][    T9] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  113.026103][    T9] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  113.028932][    T9] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  113.035079][    T9] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving
[  113.046613][    T9] plantronics 0003:047F:FFFF.0007: hiddev1,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  113.372316][   T25] usb 5-1: new low-speed USB device number 8 using dummy_hcd
[  113.393485][   T25] usb 5-1: Invalid ep0 maxpacket: 16
[  113.522153][   T25] usb 5-1: new low-speed USB device number 9 using dummy_hcd
[  113.542855][   T25] usb 5-1: Invalid ep0 maxpacket: 16
[  113.545043][   T25] usb usb5-port1: unable to enumerate USB device
[  113.570328][ T6588] netlink: 'syz.3.310': attribute type 1 has an invalid length.
[  113.575019][ T6588] netlink: 'syz.3.310': attribute type 2 has an invalid length.
[  115.092196][   T35] usb 7-1: USB disconnect, device number 4
[  115.376907][ T5386] IPVS: starting estimator thread 0...
[  115.483055][ T6610] IPVS: using max 34 ests per chain, 81600 per kthread
[  115.540074][   T39] audit: type=1326 audit(2000000061.529:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6611 comm="syz.0.318" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f6f579 code=0x7ffc0000
[  115.548426][   T39] audit: type=1326 audit(2000000061.529:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6611 comm="syz.0.318" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f6f579 code=0x7ffc0000
[  115.554473][   T39] audit: type=1326 audit(2000000061.529:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6611 comm="syz.0.318" exe="/syz-executor" sig=0 arch=40000003 syscall=40 compat=1 ip=0xf7f6f579 code=0x7ffc0000
[  115.561875][   T39] audit: type=1326 audit(2000000061.529:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6611 comm="syz.0.318" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f6f579 code=0x7ffc0000
[  115.568003][   T39] audit: type=1326 audit(2000000061.529:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6611 comm="syz.0.318" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f6f579 code=0x7ffc0000
[  115.574172][   T39] audit: type=1326 audit(2000000061.529:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6611 comm="syz.0.318" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f6f579 code=0x7ffc0000
[  115.579877][   T39] audit: type=1326 audit(2000000061.529:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6611 comm="syz.0.318" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7f6f579 code=0x7ffc0000
[  115.585946][   T39] audit: type=1326 audit(2000000061.529:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6611 comm="syz.0.318" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f6f579 code=0x7ffc0000
[  115.591749][   T39] audit: type=1326 audit(2000000061.529:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6611 comm="syz.0.318" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf7f6f579 code=0x7ffc0000
[  115.597861][   T39] audit: type=1326 audit(2000000061.529:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6611 comm="syz.0.318" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf7f6f579 code=0x7ffc0000
[  115.644694][ T6612] 
[  115.645374][ T6612] ======================================================
[  115.647217][ T6612] WARNING: possible circular locking dependency detected
[  115.649219][ T6612] 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 Not tainted
[  115.652808][ T6612] ------------------------------------------------------
[  115.655579][ T6612] syz.0.318/6612 is trying to acquire lock:
[  115.657621][ T6612] ffff888029b11258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x6d/0x3b0
[  115.661583][ T6612] 
[  115.661583][ T6612] but task is already holding lock:
[  115.664064][ T6612] ffff88802a58b128 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x235/0x700
[  115.666280][ T6615] netlink: 204 bytes leftover after parsing attributes in process `syz.0.318'.
[  115.666414][ T6612] 
[  115.666414][ T6612] which lock already depends on the new lock.
[  115.666414][ T6612] 
[  115.666419][ T6612] 
[  115.666419][ T6612] the existing dependency chain (in reverse order) is:
[  115.666422][ T6612] 
[  115.666422][ T6612] -> #3 (&d->lock){+.+.}-{3:3}:
[  115.666437][ T6612]        __mutex_lock+0x175/0x9c0
[  115.678374][ T6612]        __rfcomm_dlc_close+0x235/0x700
[  115.679934][ T6612]        rfcomm_dlc_close+0x1eb/0x240
[  115.681339][ T6612]        __rfcomm_sock_close+0xa7/0x230
[  115.682796][ T6612]        rfcomm_sock_shutdown+0xd5/0x230
[  115.684312][ T6612]        rfcomm_sock_release+0x5d/0x140
[  115.685792][ T6612]        __sock_release+0xb0/0x270
[  115.687153][ T6612]        sock_close+0x1c/0x30
[  115.688394][ T6612]        __fput+0x3f6/0xb60
[  115.690037][ T6612]        task_work_run+0x14e/0x250
[  115.691903][ T6612]        get_signal+0x1d3/0x26d0
[  115.693628][ T6612]        arch_do_signal_or_restart+0x90/0x7e0
[  115.695500][ T6612]        syscall_exit_to_user_mode+0x150/0x2a0
[  115.697620][ T6612]        __do_fast_syscall_32+0x80/0x120
[  115.699579][ T6612]        do_fast_syscall_32+0x32/0x80
[  115.701227][ T6612]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  115.703015][ T6612] 
[  115.703015][ T6612] -> #2 (rfcomm_mutex){+.+.}-{3:3}:
[  115.705081][ T6612]        __mutex_lock+0x175/0x9c0
[  115.706422][ T6612]        rfcomm_dlc_exists+0x5f/0x1a0
[  115.707826][ T6612]        rfcomm_dev_ioctl+0xabc/0x1e70
[  115.709586][ T6612]        rfcomm_sock_compat_ioctl+0xba/0xe0
[  115.711754][ T6612]        compat_sock_ioctl+0x17b/0x7e0
[  115.713707][ T6612]        __do_compat_sys_ioctl+0x259/0x2b0
[  115.715641][ T6612]        __do_fast_syscall_32+0x73/0x120
[  115.717548][ T6612]        do_fast_syscall_32+0x32/0x80
[  115.719231][ T6612]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  115.721019][ T6612] 
[  115.721019][ T6612] -> #1 (rfcomm_ioctl_mutex){+.+.}-{3:3}:
[  115.723052][ T6612]        __mutex_lock+0x175/0x9c0
[  115.724368][ T6612]        rfcomm_dev_ioctl+0x9db/0x1e70
[  115.725844][ T6612]        rfcomm_sock_compat_ioctl+0xba/0xe0
[  115.727381][ T6612]        compat_sock_ioctl+0x17b/0x7e0
[  115.728915][ T6612]        __do_compat_sys_ioctl+0x259/0x2b0
[  115.731047][ T6612]        __do_fast_syscall_32+0x73/0x120
[  115.733048][ T6612]        do_fast_syscall_32+0x32/0x80
[  115.734488][ T6612]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  115.736328][ T6612] 
[  115.736328][ T6612] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}:
[  115.738801][ T6612]        __lock_acquire+0x250b/0x3ce0
[  115.740209][ T6612]        lock_acquire.part.0+0x11b/0x380
[  115.741689][ T6612]        lock_sock_nested+0x3a/0xf0
[  115.743050][ T6612]        rfcomm_sk_state_change+0x6d/0x3b0
[  115.744582][ T6612]        __rfcomm_dlc_close+0x28c/0x700
[  115.746091][ T6612]        rfcomm_dlc_close+0x1eb/0x240
[  115.747533][ T6612]        __rfcomm_sock_close+0xa7/0x230
[  115.749182][ T6612]        rfcomm_sock_shutdown+0xd5/0x230
[  115.751241][ T6612]        rfcomm_sock_release+0x5d/0x140
[  115.753222][ T6612]        __sock_release+0xb0/0x270
[  115.755037][ T6612]        sock_close+0x1c/0x30
[  115.756602][ T6612]        __fput+0x3f6/0xb60
[  115.758026][ T6612]        task_work_run+0x14e/0x250
[  115.759566][ T6612]        get_signal+0x1d3/0x26d0
[  115.760894][ T6612]        arch_do_signal_or_restart+0x90/0x7e0
[  115.762495][ T6612]        syscall_exit_to_user_mode+0x150/0x2a0
[  115.764099][ T6612]        __do_fast_syscall_32+0x80/0x120
[  115.765557][ T6612]        do_fast_syscall_32+0x32/0x80
[  115.767345][ T6612]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  115.769676][ T6612] 
[  115.769676][ T6612] other info that might help us debug this:
[  115.769676][ T6612] 
[  115.773091][ T6612] Chain exists of:
[  115.773091][ T6612]   sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM --> rfcomm_mutex --> &d->lock
[  115.773091][ T6612] 
[  115.777707][ T6612]  Possible unsafe locking scenario:
[  115.777707][ T6612] 
[  115.780200][ T6612]        CPU0                    CPU1
[  115.782006][ T6612]        ----                    ----
[  115.783809][ T6612]   lock(&d->lock);
[  115.785107][ T6612]                                lock(rfcomm_mutex);
[  115.787362][ T6612]                                lock(&d->lock);
[  115.789476][ T6612]   lock(sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM);
[  115.791570][ T6612] 
[  115.791570][ T6612]  *** DEADLOCK ***
[  115.791570][ T6612] 
[  115.794309][ T6612] 3 locks held by syz.0.318/6612:
[  115.796005][ T6612]  #0: ffff88804261b808 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release+0x86/0x270
[  115.799528][ T6612]  #1: ffffffff8fd52128 (rfcomm_mutex){+.+.}-{3:3}, at: rfcomm_dlc_close+0x33/0x240
[  115.802674][ T6612]  #2: ffff88802a58b128 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x235/0x700
[  115.805768][ T6612] 
[  115.805768][ T6612] stack backtrace:
[  115.807748][ T6612] CPU: 2 UID: 0 PID: 6612 Comm: syz.0.318 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0
[  115.811256][ T6612] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  115.814855][ T6612] Call Trace:
[  115.815985][ T6612]  <TASK>
[  115.816976][ T6612]  dump_stack_lvl+0x116/0x1f0
[  115.818588][ T6612]  print_circular_bug+0x419/0x5d0
[  115.820278][ T6612]  check_noncircular+0x31a/0x400
[  115.821973][ T6612]  ? __pfx_check_noncircular+0x10/0x10
[  115.823799][ T6612]  ? lockdep_lock+0xc6/0x200
[  115.825365][ T6612]  ? __pfx_lockdep_lock+0x10/0x10
[  115.827069][ T6612]  __lock_acquire+0x250b/0x3ce0
[  115.828715][ T6612]  ? __pfx___lock_acquire+0x10/0x10
[  115.830460][ T6612]  ? __mutex_trylock_common+0xea/0x250
[  115.832295][ T6612]  ? __pfx___mutex_trylock_common+0x10/0x10
[  115.834307][ T6612]  ? __rfcomm_dlc_close+0x235/0x700
[  115.836052][ T6612]  lock_acquire.part.0+0x11b/0x380
[  115.837788][ T6612]  ? rfcomm_sk_state_change+0x6d/0x3b0
[  115.839618][ T6612]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  115.841497][ T6612]  ? rcu_is_watching+0x12/0xc0
[  115.843121][ T6612]  ? trace_lock_acquire+0x14a/0x1d0
[  115.844867][ T6612]  ? rfcomm_sk_state_change+0x6d/0x3b0
[  115.846710][ T6612]  ? lock_acquire+0x2f/0xb0
[  115.848227][ T6612]  ? rfcomm_sk_state_change+0x6d/0x3b0
[  115.850058][ T6612]  lock_sock_nested+0x3a/0xf0
[  115.851640][ T6612]  ? rfcomm_sk_state_change+0x6d/0x3b0
[  115.853487][ T6612]  rfcomm_sk_state_change+0x6d/0x3b0
[  115.855261][ T6612]  __rfcomm_dlc_close+0x28c/0x700
[  115.856950][ T6612]  rfcomm_dlc_close+0x1eb/0x240
[  115.858586][ T6612]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  115.860576][ T6612]  __rfcomm_sock_close+0xa7/0x230
[  115.862274][ T6612]  rfcomm_sock_shutdown+0xd5/0x230
[  115.863994][ T6612]  rfcomm_sock_release+0x5d/0x140
[  115.865686][ T6612]  __sock_release+0xb0/0x270
[  115.867250][ T6612]  ? __pfx_sock_close+0x10/0x10
[  115.868880][ T6612]  sock_close+0x1c/0x30
[  115.870305][ T6612]  __fput+0x3f6/0xb60
[  115.871652][ T6612]  ? _raw_spin_unlock_irq+0x23/0x50
[  115.873415][ T6612]  task_work_run+0x14e/0x250
[  115.874968][ T6612]  ? __pfx_task_work_run+0x10/0x10
[  115.876681][ T6612]  get_signal+0x1d3/0x26d0
[  115.878185][ T6612]  ? kick_process+0xf6/0x1b0
[  115.879754][ T6612]  ? task_work_add+0x1d6/0x370
[  115.881370][ T6612]  ? __pfx_task_work_add+0x10/0x10
[  115.883098][ T6612]  ? __pfx_get_signal+0x10/0x10
[  115.884729][ T6612]  arch_do_signal_or_restart+0x90/0x7e0
[  115.886617][ T6612]  ? __pfx___sys_connect+0x10/0x10
[  115.888326][ T6612]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  115.890396][ T6612]  syscall_exit_to_user_mode+0x150/0x2a0
[  115.892260][ T6612]  __do_fast_syscall_32+0x80/0x120
[  115.894013][ T6612]  do_fast_syscall_32+0x32/0x80
[  115.895649][ T6612]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  115.897775][ T6612] RIP: 0023:0xf7f6f579
[  115.899137][ T6612] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  115.905545][ T6612] RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 000000000000016a
[  115.908319][ T6612] RAX: fffffffffffffffc RBX: 000000000000000b RCX: 0000000020000300
[  115.910963][ T6612] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000
[  115.913611][ T6612] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  115.916268][ T6612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  115.918902][ T6612] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  115.921552][ T6612]  </TASK>
[  115.924782][ T6622] netlink: 8 bytes leftover after parsing attributes in process `syz.3.321'.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  116.279620][   T45] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.384780][   T45] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.451184][   T45] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.518615][   T45] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.630863][   T45] bridge_slave_1: left allmulticast mode
[  116.633578][   T45] bridge_slave_1: left promiscuous mode
[  116.635552][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.638240][   T45] bridge_slave_0: left allmulticast mode
[  116.640029][   T45] bridge_slave_0: left promiscuous mode
[  116.641815][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.745795][   T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  116.749589][   T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  116.754008][   T45] bond0 (unregistering): Released all slaves
[  117.047414][   T45] hsr_slave_0: left promiscuous mode
[  117.049208][   T45] hsr_slave_1: left promiscuous mode
[  117.053821][   T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  117.055965][   T45] batman_adv: batadv0: Removing interface: batadv_slave_0
[  117.058220][   T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  117.060136][   T45] batman_adv: batadv0: Removing interface: batadv_slave_1
[  117.065920][   T45] veth1_macvtap: left promiscuous mode
[  117.067410][   T45] veth0_macvtap: left promiscuous mode
[  117.068892][   T45] veth1_vlan: left promiscuous mode
[  117.070301][   T45] veth0_vlan: left promiscuous mode
[  117.302190][   T45] team0 (unregistering): Port device team_slave_1 removed
[  117.335104][   T45] team0 (unregistering): Port device team_slave_0 removed
[  117.803515][   T45] IPVS: stop unused estimator thread 0...
[  117.882196][   T45] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.935810][   T45] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.005546][   T45] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.064979][   T45] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.126917][   T45] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.176331][   T45] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.225973][   T45] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.276979][   T45] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.364293][   T45] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.437477][   T45] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.496883][   T45] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.568142][   T45] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.623117][   T45] bridge_slave_1: left allmulticast mode
[  118.624900][   T45] bridge_slave_1: left promiscuous mode
[  118.628856][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.633351][   T45] bridge_slave_0: left allmulticast mode
[  118.635468][   T45] bridge_slave_0: left promiscuous mode
[  118.637453][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.644154][   T45] bridge_slave_1: left allmulticast mode
[  118.645775][   T45] bridge_slave_1: left promiscuous mode
[  118.647305][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.650261][   T45] bridge_slave_0: left allmulticast mode
[  118.652761][   T45] bridge_slave_0: left promiscuous mode
[  118.654320][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.663250][   T45] bridge_slave_1: left allmulticast mode
[  118.664749][   T45] bridge_slave_1: left promiscuous mode
[  118.666232][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.670434][   T45] bridge_slave_0: left allmulticast mode
[  118.671930][   T45] bridge_slave_0: left promiscuous mode
[  118.674139][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.965507][   T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  118.969904][   T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  118.974034][   T45] bond0 (unregistering): Released all slaves
[  119.467504][   T45] hsr_slave_0: left promiscuous mode
[  119.469327][   T45] hsr_slave_1: left promiscuous mode
[  119.471158][   T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  119.473342][   T45] batman_adv: batadv0: Removing interface: batadv_slave_0
[  119.475479][   T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  119.477367][   T45] batman_adv: batadv0: Removing interface: batadv_slave_1
[  119.480540][   T45] hsr_slave_0: left promiscuous mode
[  119.482587][   T45] hsr_slave_1: left promiscuous mode
[  119.484418][   T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  119.487149][   T45] batman_adv: batadv0: Removing interface: batadv_slave_0
[  119.489411][   T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  119.491478][   T45] batman_adv: batadv0: Removing interface: batadv_slave_1
[  119.495637][   T45] hsr_slave_0: left promiscuous mode
[  119.497499][   T45] hsr_slave_1: left promiscuous mode
[  119.499301][   T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  119.501801][   T45] batman_adv: batadv0: Removing interface: batadv_slave_0
[  119.505453][   T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  119.507882][   T45] batman_adv: batadv0: Removing interface: batadv_slave_1
[  119.513586][   T45] veth1_macvtap: left promiscuous mode
[  119.515077][   T45] veth0_macvtap: left promiscuous mode
[  119.516540][   T45] veth1_vlan: left promiscuous mode
[  119.517927][   T45] veth0_vlan: left promiscuous mode
[  119.519697][   T45] veth1_macvtap: left promiscuous mode
[  119.521141][   T45] veth0_macvtap: left promiscuous mode
[  119.522780][   T45] veth1_vlan: left promiscuous mode
[  119.524823][   T45] veth1_macvtap: left promiscuous mode
[  119.526283][   T45] veth0_macvtap: left promiscuous mode
[  119.527729][   T45] veth1_vlan: left promiscuous mode
[  119.529111][   T45] veth0_vlan: left promiscuous mode
[  119.715131][   T45] team0 (unregistering): Port device team_slave_1 removed
[  119.749583][   T45] team0 (unregistering): Port device team_slave_0 removed
[  120.050316][   T45] team0 (unregistering): Port device team_slave_1 removed
[  120.083717][   T45] team0 (unregistering): Port device team_slave_0 removed
[  120.417231][   T45] team0 (unregistering): Port device team_slave_1 removed
[  120.449845][   T45] team0 (unregistering): Port device team_slave_0 removed
[  121.452153][   T45] IPVS: stop unused estimator thread 0...
[  121.454064][   T45] IPVS: stop unused estimator thread 0...
[  121.455961][   T45] IPVS: stop unused estimator thread 0...
[  123.324305][   T72] usb 6-1: USB disconnect, device number 4
[  123.327049][ T1099] bridge_slave_1: left allmulticast mode
[  123.328835][ T1099] bridge_slave_1: left promiscuous mode
[  123.330844][ T1099] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.334633][ T1099] bridge_slave_0: left allmulticast mode
[  123.336723][ T1099] bridge_slave_0: left promiscuous mode
[  123.338833][ T1099] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.458931][ T1099] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  123.463453][ T1099] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  123.467450][ T1099] bond0 (unregistering): Released all slaves
[  123.690307][ T1099] hsr_slave_0: left promiscuous mode
[  123.692611][ T1099] hsr_slave_1: left promiscuous mode
[  123.694873][ T1099] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  123.697555][ T1099] batman_adv: batadv0: Removing interface: batadv_slave_0
[  123.700426][ T1099] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  123.703309][ T1099] batman_adv: batadv0: Removing interface: batadv_slave_1
[  123.707681][ T1099] veth1_macvtap: left promiscuous mode
[  123.709726][ T1099] veth0_macvtap: left promiscuous mode
[  123.711777][ T1099] veth1_vlan: left promiscuous mode
[  123.713802][ T1099] veth0_vlan: left promiscuous mode
[  123.902591][ T1099] team0 (unregistering): Port device team_slave_1 removed
[  123.933428][ T1099] team0 (unregistering): Port device team_slave_0 removed
[  124.460714][ T1099] IPVS: stop unused estimator thread 0...

VM DIAGNOSIS:
16:49:59  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=ffff8880408afc78 RCX=ffffffff81f9ed46 RDX=0000000000000000
RSI=0000000000000004 RDI=ffff8880408afc78 RBP=ffff8880408afc30 RSP=ffffc90023927590
R8 =0000000000000000 R9 =ffffed1008115f8f R10=ffff8880408afc7b R11=1ffff1100499208a
R12=0000000000000000 R13=0000000000000001 R14=0000000000000000 R15=dffffc0000000000
RIP=ffffffff81f9ed69 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000020857000 CR3=000000006fb44000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000023c00000000 0000000700000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff81857518 RDX=ffff88801f4c4880
RSI=0000000000000008 RDI=ffffffff901cd188 RBP=0000000000000000 RSP=ffffc90000e3f620
R8 =0000000000000005 R9 =0000000000000007 R10=0000000000000001 R11=ffff88802b528a7c
R12=ffff88805fb4c000 R13=00000000ffffffff R14=000000000003dbcc R15=ffff88805fb4e000
RIP=ffffffff8185753c RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b500000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f73bec50 CR3=000000000db7c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000003800000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000074 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85036a05 RDI=ffffffff9a63a220 RBP=ffffffff9a63a1e0 RSP=ffffc900217cf1a8
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=722d302e32312e36
R12=0000000000000000 R13=0000000000000074 R14=ffffffff850369a0 R15=0000000000000000
RIP=ffffffff85036a2f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000020021000 CR3=000000006af6e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000003800000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=ffff88802b6467c0 RCX=ffffffff8180aa7c RDX=ffff88801bbb0000
RSI=ffffffff8180aa56 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc900005d7a60
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=ffffed10056c8cf9 R13=0000000000000001 R14=ffff88802b6467c8 R15=ffff88802b740100
RIP=ffffffff8180aa58 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f73edc2c CR3=000000006a4f8000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000023c00000000 0000000700000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000