last executing test programs:

47.835535622s ago: executing program 0 (id=1123):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff], 0xeeee8000, 0x2011c0})
pselect6(0x40, &(0x7f0000000000)={0x5, 0x4, 0x7, 0x6, 0x4, 0x2, 0x0, 0x80000001}, &(0x7f0000000040)={0x8, 0x0, 0xf9c5, 0x4, 0x8, 0x5, 0x73a, 0x1}, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 3)
getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000000)=0x8b)

40.410746388s ago: executing program 0 (id=1123):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff], 0xeeee8000, 0x2011c0})
pselect6(0x40, &(0x7f0000000000)={0x5, 0x4, 0x7, 0x6, 0x4, 0x2, 0x0, 0x80000001}, &(0x7f0000000040)={0x8, 0x0, 0xf9c5, 0x4, 0x8, 0x5, 0x73a, 0x1}, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 3)
getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000000)=0x8b)

31.950247715s ago: executing program 0 (id=1123):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff], 0xeeee8000, 0x2011c0})
pselect6(0x40, &(0x7f0000000000)={0x5, 0x4, 0x7, 0x6, 0x4, 0x2, 0x0, 0x80000001}, &(0x7f0000000040)={0x8, 0x0, 0xf9c5, 0x4, 0x8, 0x5, 0x73a, 0x1}, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 3)
getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000000)=0x8b)

23.237351788s ago: executing program 0 (id=1123):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff], 0xeeee8000, 0x2011c0})
pselect6(0x40, &(0x7f0000000000)={0x5, 0x4, 0x7, 0x6, 0x4, 0x2, 0x0, 0x80000001}, &(0x7f0000000040)={0x8, 0x0, 0xf9c5, 0x4, 0x8, 0x5, 0x73a, 0x1}, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 3)
getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000000)=0x8b)

14.437099316s ago: executing program 0 (id=1123):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff], 0xeeee8000, 0x2011c0})
pselect6(0x40, &(0x7f0000000000)={0x5, 0x4, 0x7, 0x6, 0x4, 0x2, 0x0, 0x80000001}, &(0x7f0000000040)={0x8, 0x0, 0xf9c5, 0x4, 0x8, 0x5, 0x73a, 0x1}, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 3)
getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000000)=0x8b)

7.094871142s ago: executing program 0 (id=1123):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff], 0xeeee8000, 0x2011c0})
pselect6(0x40, &(0x7f0000000000)={0x5, 0x4, 0x7, 0x6, 0x4, 0x2, 0x0, 0x80000001}, &(0x7f0000000040)={0x8, 0x0, 0xf9c5, 0x4, 0x8, 0x5, 0x73a, 0x1}, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 3)
getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000000)=0x8b)

3.764151829s ago: executing program 2 (id=1619):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0xd, 0x8, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="680000000206050100000001000000000000fffc120003006269746d61703a69702c6d616300000005000400000000000900020073797a31000000001c000780050003001f00000008000a408000000108000840000000e405000500020000000500010006000000"], 0x68}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x38, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050)
r2 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
syz_open_procfs(0xffffffffffffffff, 0x0)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587", @ANYRES16], 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r4, &(0x7f0000000040)=""/4092, 0xffc)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0xfffffcfa, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94)
set_mempolicy(0x6, &(0x7f00000003c0)=0x8000000000000001, 0xe0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2800001, 0xc3072, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc01100, 0x0, 0x0, 0x0, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r5}, 0x10)
r6 = syz_io_uring_setup(0x3a14, &(0x7f0000000300)={0x0, 0xcb8, 0x10100, 0x2000002, 0x0, 0x0, r3}, &(0x7f0000000100)=<r7=>0x0, &(0x7f00000001c0)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r6, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
futex(&(0x7f0000000180)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
r9 = syz_open_dev$vcsa(&(0x7f0000000040), 0x1, 0x40002)
writev(r9, &(0x7f0000000c40)=[{0x0}, {&(0x7f00000005c0)="c21cfb", 0x3}, {&(0x7f00000007c0), 0x300}, {&(0x7f0000000900), 0x4000}], 0xe)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)

1.7881724s ago: executing program 1 (id=1630):
mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0)
r0 = gettid()
sigaltstack(&(0x7f0000000000)={&(0x7f0000002b40)=""/4096, 0x1, 0x1000}, 0x0)
rt_sigqueueinfo(r0, 0x21, &(0x7f00000002c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0xd, 0x8, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140))
ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f00000000c0)=0x41)
pwritev(r1, &(0x7f0000000040)=[{&(0x7f0000000180)="80fd02000040", 0x42}], 0x1, 0x0, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x3, 0x0, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000010c0)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050)
r4 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
syz_open_procfs(0xffffffffffffffff, 0x0)
dup(r4)
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587", @ANYRES16], 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r5, &(0x7f0000000040)=""/4092, 0xffc)
bpf$TOKEN_CREATE(0x24, &(0x7f0000001080), 0x8)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r6}, 0x10)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r4, 0x0, 0x0, 0x0, {}, 0x1})
syz_open_dev$vcsa(&(0x7f0000000040), 0x1, 0x40002)
writev(r7, &(0x7f0000001540)=[{&(0x7f00000010c0)="c44f98237bf09fcb", 0x8}, {&(0x7f00000011c0)="cf55578ec6f0fb82065b4bfd60ced2197d5e1bdfe46deb5e847b5db33f2c9b94dce38159fda4fea9e86b76b2e71284479dac5e44210b05fc525c6de859fc973f249993437a4cb297b27265f09adf0f03fb8704b5e623e0961eb42a248525f749f6ed20990e59de2b000f39aae5348b6e685d10ca1f", 0x75}, {&(0x7f0000001240)="0eb6e62dce1537262276a72b5d31aa3a380170c6880b045da347c685b2e43050835a7581796d9582aa7aebc4981883dab2f6163cccfe3d1232a86947af33b8fa26f65eda2419bb7e7c882a0a42d3fcaba770972b35d45dc7e5", 0x59}, {&(0x7f00000012c0)="e170ecfe59ac5dc137e7fbad1174873fb64a8655192b71ce239b973c132fe0770675fd3af6e6106f90eb07deb76c65869ba1372f646368892ef26225b3afdee17ad044803c7f8e04f33969768325e4868701f37f4155ab95c236a2b5591d9b9b6211a13e73146601a60dba8d13589efc198d2c5aac464005b493bf9da997e4b49133f6a657471ba31e05fd524b365be0071daf93f1f0", 0x96}, {&(0x7f0000001380)="5190745bc04f7bbf860a40de35a6ab46ec5cea795a97f79635106c8d2b048d76b836807685252993a3242e94fccffd8be0d86025c85ad0f7d368dfe9922289431242ab78630a3e04eef461bc063db775b35c95949920b04db51a17db265636663c258e1555da80e16cdc2aed96c596e13bce621ab0c02ff0147830c8c6a2aa8efd2ff2d6498d7931733bf557c3b71de31811d12bf12afd890cdccaee62db5e910d8166afba64465d329bee948ee05d2bffd07fc869a754b80372ef1e79688d40d5a762368f3f410cc7fe92b7db983a00a1723bfa7bfb8196f80850597bc8ddcebefb42931c03a7c1682550d59de60c8604098ff301", 0xf5}, {&(0x7f0000001480)="8cb6fd01a2457b71f11e7ab16615404df37c340e4fa3d5ed91e56d58dc194d1fbd2ff2ab55e88ebdcb34fa97d89fb8039b3262c8fb135d8a0df75b190ac99f75463ad7a0f9ec6add9be4d4e82a7d41f3d769869314b7a8ae3a5c399999fc1897e319f570f6b123ec0122c5f3a463408d8c0e28cec254244c9e634705bd8038b28ba7142c5d5d4ea1e59971aae13672142164fc8b3d481b18247fda6dc20d2692b44eedec", 0xa4}], 0x6)

1.740110259s ago: executing program 3 (id=1632):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2)
openat$cdrom(0xffffff9c, 0x0, 0x20100, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3}, 0x76e0})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01)
write$sndseq(r2, &(0x7f0000000000)=[{0x1e, 0x0, 0x8, 0xfd, @tick=0x8, {}, {}, @result}], 0x1c)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r3, &(0x7f0000000200)='m', 0x1)
ioctl$SNDCTL_DSP_SYNC(r3, 0x5001, 0x0)

1.541386482s ago: executing program 2 (id=1633):
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000100))
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x18)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000080)={{0x3, 0x1}})
ioctl$SNDRV_TIMER_IOCTL_INFO(0xffffffffffffffff, 0x80e05411, &(0x7f0000000440))

1.532796289s ago: executing program 2 (id=1634):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0)
io_setup(0x80000000, &(0x7f0000001800)=<r1=>0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b80)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @lookup={{0xb}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_LOOKUP_SREG={0x8, 0x2, 0x1, 0x0, 0x9}, @NFTA_LOOKUP_SET={0x9, 0x1, 'syz2\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001", @ANYRESDEC=r1, @ANYRESDEC], 0x7c}}, 0x20000010)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

1.460121003s ago: executing program 2 (id=1635):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x19, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000611214000000000095"], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
ioctl$TUNDETACHFILTER(r0, 0x400854d6, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0, <r1=>0xffffffffffffffff}, 0x4) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x1c, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xb}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
r6 = socket(0x15, 0x5, 0x0)
setsockopt$sock_timeval(r6, 0x1, 0x14, &(0x7f0000000040)={0x0, 0x2710}, 0x10) (async)
recvmsg(r6, &(0x7f0000001500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x407006}, 0x104) (async)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r4, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f0000000cc0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000000c000000140003800400040004c5c1606fa18a09d0535723df4825a5cd0fa3028ea127c3ebe95c99c722baef4f999415d4a3e16f70310e32cd6c5b36fff6201e030d593cc0bc068a0d7d05322411babd66da2944cfe3e4f1203e563c38ec024943bf4aa2b876817539c69524fc60106a72009219d53658a68e0400948ae52d06698fdacbd7c43f086f5ca111c551c86062fe000008000200000002002a000500200001801400020070696d3672656731000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="3e5f67c77a9d2254587894378f8bfdc2a35d890f447b2310532ddcddd05210ee3b78c80ca0e0ac98789caf4d16f2eeed697ee7ec4172b5ff8eab79e9b5251499f66e7d4bf7cd67bdc00b1126bb7e851109fe53c4a192a5dc34ba40755d82955cbc0c186fdcbeb4f5b0"], 0x48}}, 0x10000)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000140), &(0x7f0000000180)=0x4)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000004c0)={'ip6tnl0\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x2f, 0x6, 0x4, 0x4, 0x1, @mcast1, @private1, 0x8000, 0x10, 0xb4, 0x1fe0000}})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'batadv0\x00', <r7=>0x0})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000002380), 0xffffffffffffffff)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_PAYLOAD_BASE={0x8}, @NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x3}, @NFTA_PAYLOAD_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000023c0)={'veth1_to_batadv\x00', <r11=>0x0})
sendmsg$ETHTOOL_MSG_FEATURES_SET(r8, &(0x7f0000002580)={0x0, 0x0, &(0x7f0000002540)={&(0x7f0000000c80)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000000c0000000c00018008000100", @ANYRES32=r11, @ANYBLOB="10000380040000000000000004000400"], 0x30}}, 0x0) (async)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000005c0)={'syztnl0\x00', &(0x7f0000000540)={'syztnl1\x00', <r12=>0x0, 0x4, 0x2, 0x1d, 0x3, 0x1, @local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x20, 0x7800, 0x76, 0x7}})
r13 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r13, 0x8933, &(0x7f0000000040)={'team0\x00', <r14=>0x0})
sendmsg$nl_route(r13, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@bridge_newneigh={0x28, 0x1c, 0x1, 0x0, 0x2000000, {0x7, 0x0, 0x0, r14, 0x0, 0x2}, [@NDA_LLADDR={0xa, 0x2, @link_local}]}, 0x28}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000a00)={'syztnl2\x00', &(0x7f0000000940)={'syztnl1\x00', <r15=>r12, 0x7800, 0x80, 0x7, 0x7, {{0x1b, 0x4, 0x2, 0x1d, 0x6c, 0x65, 0x0, 0xfc, 0x2f, 0x0, @empty, @multicast2, {[@lsrr={0x83, 0xf, 0xfc, [@loopback, @private=0xa010102, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @noop, @cipso={0x86, 0x21, 0x2, [{0x1, 0x9, "36f4aef5f12028"}, {0x1, 0x10, "370a30794e3efd25f909aac5d71a"}, {0x6, 0x2}]}, @ssrr={0x89, 0x7, 0x5f, [@multicast1]}, @ra={0x94, 0x4, 0x1}, @ssrr={0x89, 0x1b, 0x51, [@multicast2, @local, @remote, @remote, @multicast2, @multicast1]}, @end]}}}}})
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r4, &(0x7f0000000700)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000740)={0x148, r5, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gretap0\x00'}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6tnl0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x4}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}]}]}, 0x148}, 0x1, 0x0, 0x0, 0x14cf274fa199e7d}, 0x84) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='tlb_flush\x00', r3}, 0x10)

1.459860898s ago: executing program 2 (id=1636):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f00000009c0)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0], 0xcc}, 0x1, 0x0, 0x0, 0x80}, 0x4000000)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @sdr={0x47425247, 0x6}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff)
r1 = fcntl$getown(r0, 0x9)
r2 = fcntl$getown(r0, 0x9)
r3 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000480)='syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000004c0)={0x2000080, &(0x7f00000000c0), &(0x7f0000000240), &(0x7f0000000280), {0x40}, &(0x7f00000002c0)=""/63, 0x3f, &(0x7f0000000300)=""/191, &(0x7f0000000440)=[0x0, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, r1, r2], 0x9, {r3}}, 0x58)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
ftruncate(r4, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
recvmmsg(r6, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r5, r4, 0x0, 0x578410eb)
r7 = socket$kcm(0x10, 0x2, 0x0)
process_vm_readv(0x0, &(0x7f0000008400)=[{0x0}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
splice(0xffffffffffffffff, 0x0, r8, 0x0, 0xf3e, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
sendmsg$kcm(r7, 0x0, 0x4)
syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x0, 0xb}, @l2cap_cid_signaling={{0x7}, [@l2cap_move_chan_req={{0xe, 0x0, 0x3}, {0x3, 0x6}}]}}, 0x10)
r9 = openat$btrfs_control(0xffffff9c, &(0x7f0000000000), 0x140, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000040)={'wlan1\x00'})

1.190236618s ago: executing program 3 (id=1637):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r0)
syz_open_dev$sg(0x0, 0x0, 0x8002)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$vim2m(0x0, 0x52cd, 0x2)
socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0xfffffffffffffd9f, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x3ffa, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = dup(r5)
write$UHID_INPUT(r6, &(0x7f0000002b40)={0xe, {"a2e3ad099b0d09f91b5f2f0987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f323063090810e0879b0f0a75e70a9b334d959b669a240d5b0af3988f7ef31952010afde8d178708c523c921b1b5b07070d075b0936cd3b78130daa61d8e81a0000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397273ce1766769f0c91c00305d3f46635eb016d5b1dda98e2d739be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b7638354a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc3609aa24b7d520c829d095083bba2987a67399eac430d145d546a40b9f6ff14ac488ec130bb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b2860d1b3cff57d8b6d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a4f0492d48604675fde2b34cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827955e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb9754fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94e7475cb74642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd72ea4998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5ff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c58b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b50517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864af090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d885b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1a85ae7e69fd1a47a284f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cef8473b53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b344340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cccf8a97406bb5a68a1f0c4549820a73c8859dde0712ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcb7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c2e14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ec00000000000000b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a52830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec685f068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000e00f96f06817fb903729a7fb6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x942}}, 0x1006) (fail_nth: 1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', 0xffffffffffffffff, 0x0, 0x7fffffc}, 0x18)
socket$netlink(0x10, 0x3, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="790004000000000000007e0000000800570009000000dbb81a0dcc11a9ec92c4959c167d3892a991f6caacc56c11583e9f448ab0f41cee8b851edb4611e2383d983bcac9ef02f5b8a76303a4d836015f41f3e78a7fe4bf6c22b667a7dd1657"], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r8 = openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r8, 0x7a7, &(0x7f0000000040)=0x10000)

1.090105976s ago: executing program 1 (id=1638):
r0 = syz_clone(0x80, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(r0, 0x0, 0x80000000, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000140))
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0))
syz_emit_ethernet(0x42, &(0x7f0000000040)={@broadcast, @remote, @void, {@arp={0x86dd, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x4, @remote, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, @local}}}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="041817aaaaaaaaaa10"], 0x1a)

746.350647ms ago: executing program 2 (id=1639):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r0)
syz_open_dev$sg(0x0, 0x0, 0x8002)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$vim2m(0x0, 0x52cd, 0x2)
socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0xfffffffffffffd9f, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x3ffa, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = dup(r5)
write$UHID_INPUT(r6, &(0x7f0000002b40)={0xe, {"a2e3ad099b0d09f91b5f2f0987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f323063090810e0879b0f0a75e70a9b334d959b669a240d5b0af3988f7ef31952010afde8d178708c523c921b1b5b07070d075b0936cd3b78130daa61d8e81a0000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397273ce1766769f0c91c00305d3f46635eb016d5b1dda98e2d739be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b7638354a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc3609aa24b7d520c829d095083bba2987a67399eac430d145d546a40b9f6ff14ac488ec130bb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b2860d1b3cff57d8b6d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a4f0492d48604675fde2b34cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827955e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb9754fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94e7475cb74642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd72ea4998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5ff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c58b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b50517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864af090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d885b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1a85ae7e69fd1a47a284f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cef8473b53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b344340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cccf8a97406bb5a68a1f0c4549820a73c8859dde0712ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcb7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c2e14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ec00000000000000b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a52830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec685f068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000e00f96f06817fb903729a7fb6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x942}}, 0x1006)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', 0xffffffffffffffff, 0x0, 0x7fffffc}, 0x18)
socket$netlink(0x10, 0x3, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="790004000000000000007e0000000800570009000000dbb81a0dcc11a9ec92c4959c167d3892a991f6caacc56c11583e9f448ab0f41cee8b851edb4611e2383d983bcac9ef02f5b8a76303a4d836015f41f3e78a7fe4bf6c22b667a7dd1657"], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r8 = openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r8, 0x7a7, &(0x7f0000000040)=0x10000)

687.491935ms ago: executing program 1 (id=1640):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', <r1=>0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1f, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x11, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000480)={r2, 0x70000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x9)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000008100000008000300", @ANYRES32=r6, @ANYBLOB="0a0006000802110000160000060066008e8800002a003300203c0300080211000001ffffffffffff080211000001350000400500080211000001000001000000"], 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x4, 0x0, 0x300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x5, 0x1}]}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}, 0x1, 0x0, 0x0, 0xc084}, 0x8044)
r7 = syz_usb_connect$printer(0x4, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x9, 0x0, 0x5, [{{0x9, 0x4, 0x0, 0x80, 0x1, 0x7, 0x1, 0x2, 0x3, "", {{{0x9, 0x5, 0x1, 0x2, 0x200, 0x8, 0x81, 0x9}}, [{{0x9, 0x5, 0x82, 0x2, 0x10, 0xff, 0x8, 0x8e}}]}}}]}}]}}, &(0x7f0000000140)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x110, 0x1f, 0x8, 0xd, 0x10, 0x2}, 0x1d, &(0x7f00000000c0)={0x5, 0xf, 0x1d, 0x1, [@ssp_cap={0x18, 0x10, 0xa, 0x77, 0x3, 0x8, 0xf, 0x9, [0x3f30, 0xc00f, 0x3f0f]}]}, 0x1, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x80a}}]})
syz_usb_control_io$printer(r7, &(0x7f0000000340)={0xc, &(0x7f0000000240)={0x0, 0x7, 0xf1, {0xf1, 0x3, "cf540ac0f8727c25fd00c48fa2c77f07f781a944265806b223b03705c1edd68afdbc473ce80328b8e8707b55b90cc898750ead54eab1da6cd79b072df6f243198320379227b4618387f0afc8b8a43b894f68d8572d56b7d1c6b58673edcfdcd25d5b5316d2fff386fd40521300cfa71647dce4da18a89fa7d7f6d45dabf061e30d2367ffdbac82031044e269bd4e5785544812f199d69a225fd66cc33f7d37aee4e25e3ffb082973270920a7150cf224e9397aa93a8ce9253c842ba4de9fb168f9026f5afb0a0c9cccc5b6428c03a6a66fd946d54274d05e5657b77b48451379e39c242977a8a11da7f5ee8cd16746"}}, &(0x7f0000000180)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x140a}}}, &(0x7f0000000740)={0x1c, &(0x7f0000000480)={0x20, 0xb, 0xc1, "32d60960ab54addf281a5e5524829d71fb48c2ea700996e59dd9540cb61ceab20c6a32394323cf80916b4c513e6dd38b8250583c3eec5db1a49f82dc33dc4c7f1113243b0c5322fd92c67ce048951ed26845a2e06bc3322c8c1641cd5ec76c72c25bc15826a2d60221cceca7363c61cc145ec97171b5eebe99fc8cb3719d5790e74816e191a180ce5516a1a2ded38d6181b4c315e69926645b9bf14bb03ab7e3acc38a4a468227d87d9ba0b731b16d6707732feec534c87769f8b374c0dce6c059"}, &(0x7f0000000380)={0x0, 0xa, 0x1, 0xf}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x4}, &(0x7f00000005c0)={0x20, 0x0, 0xfc, {0xfa, "41899be022c2138f28881fe5b896dd19b48f16e4c4168920c7577b6e86587bdb2a5731aba5e89ce447f66d328964647ae3e77c4a1ce7eef95ee195bfff706b5a6017be75cecc9b9038fcfe78d4cdfd6f65e8c9d2dd5345ff1f4477e32d47a66a43c29ed24c1a82756bdf4115865af1919bd98e8c3412dfd2cfaaa7e1b639989def66b78f3edcb14d1e81478d18e9289361b71f0668c4f7bb2edec0d5564816b7e8b4c70b49530e07e2bac33133f9a809fd62f22959256a135309554ce7ac04e5d1f9f14e693d87fb4b08e5bb62f4c4f3a86924986d89d62c143f2dd5ffa2903bd919421b0d38ae4b6a6a7c8a8f0cc17dda732274c3741b8b69c7"}}, &(0x7f0000000400)={0x20, 0x1, 0x1, 0xf}, &(0x7f0000000700)={0x20, 0x0, 0x1, 0x5}})

210.440164ms ago: executing program 3 (id=1641):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0xc048aeca, &(0x7f0000000080))

177.138266ms ago: executing program 3 (id=1642):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) (async)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xd40, 0xd2)
mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x200000, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYRESDEC=r1])
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2) (async)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c) (async)
listen(r3, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (async)
syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x6}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0) (async)
sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2) (async)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
getsockopt$MRT6(0xffffffffffffffff, 0x29, 0xce, &(0x7f0000000180), &(0x7f0000000300)=0x4)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101) (async)
syz_io_uring_setup(0x235, &(0x7f0000000500)={0x0, 0x4533, 0x10100, 0x0, 0x24c}, &(0x7f00000001c0), 0x0) (async)
r8 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r8, &(0x7f0000000840)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x24}}, 0x10)

99.799442ms ago: executing program 1 (id=1643):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0)
io_setup(0x80000000, &(0x7f0000001800)=<r1=>0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001", @ANYRESDEC=r1, @ANYRESDEC], 0x7c}}, 0x20000010)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

57.497434ms ago: executing program 3 (id=1644):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000e40)={'wlan1\x00'})
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1c, 0xa, 0x80, 0x80, 0x0, 0xffffffffffffffff, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
socket$can_raw(0x1d, 0x3, 0x1)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x40800}, 0x4044000)
bind$rxrpc(0xffffffffffffffff, &(0x7f0000000100)=@in6={0x21, 0x4, 0x2, 0x1c, {0xa, 0x4e02, 0x9, @loopback, 0x3}}, 0x24)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r1, 0x0, 0x0, 0x931766f6319eed40)
shutdown(r1, 0x1)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x4e20, 0xa, @remote, 0x8000}], 0x1c)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd74)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x9)
socket$nl_route(0x10, 0x3, 0x0)
unlink(&(0x7f0000000280)='./file1\x00')
mknod$loop(0x0, 0xfff, 0x0)
execve(0x0, 0x0, 0x0)

56.848654ms ago: executing program 1 (id=1645):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2)
openat$cdrom(0xffffff9c, 0x0, 0x20100, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3}, 0x76e0})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01)
write$sndseq(r2, &(0x7f0000000000)=[{0x1e, 0x0, 0x8, 0xfd, @tick=0x8, {}, {}, @result}], 0x1c)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r3, &(0x7f0000000200)='m', 0x1)
ioctl$SNDCTL_DSP_SYNC(r3, 0x5001, 0x0)

53.296974ms ago: executing program 3 (id=1646):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f04000000000000000000850000000f000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
socket$nl_rdma(0x10, 0x3, 0x14)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(0xffffffffffffffff, 0x3)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r1}, 0x10)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_TIOCOUTQ(r2, 0x5411, &(0x7f0000000380))
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
mlock2(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x50ff20)
fdatasync(0xffffffffffffffff)
llistxattr(&(0x7f0000000140)='.\x00', 0x0, 0x0)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0xff, 0x5ac, 0x280, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x9, 0x30, 0x3, [{{0x9, 0x4, 0x0, 0x4, 0x1, 0x3, 0x1, 0x1, 0x7, {0x9, 0x21, 0x2, 0x5, 0x1, {0x22, 0xf72}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0xfa, 0xa, 0x2}}}}}]}}]}}, &(0x7f00000001c0)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x150, 0x1, 0x5, 0xa3, 0x8, 0x73}, 0x5, &(0x7f00000000c0)={0x5, 0xf, 0x5}, 0x1, [{0x13, &(0x7f0000000180)=@string={0x13, 0x3, "a9150eedb2fb0a2b8a0fd573aae7793199"}}]})

0s ago: executing program 1 (id=1647):
socket$alg(0x26, 0x5, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00', {0x7, 0x4, 0x1b3, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x9, 0x7f, 0x2, 0x7, 0x7f, 0x6, 0xfffffff9, 0xfffffff2, 0x5f, 0xa, 0x3, 0xdfff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0xffffffff, 0x1f461e2c, 0x2, 0xe65f, 0x4, 0x9, 0x3, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3c, 0x91, 0x6, 0x0, 0x3, 0x5, 0x4, 0x8, 0x0, 0x1, 0x0, 0x5, 0x6, 0x4, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x12f, 0x8000, 0x10, 0x8, 0x129432e2, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffe, 0x3, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0xa, 0x4, 0x4000, 0x8000, 0x9, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0x1005, 0x7ff, 0x5f31, 0x4, 0x0, 0x6, 0x9, 0xa, 0x0, 0x6, 0x9, 0x9, 0x6, 0x2, 0x0, 0x1, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x5, 0x100, 0x4, 0x1, 0x7, 0xb, 0x9, 0x48c93690, 0x3, 0xff], [0x7, 0x0, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x1, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x2, 0x3b, 0x3, 0x2, 0x80, 0x3, 0x4, 0x2, 0x0, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x54fe12d2, 0xbf, 0x200, 0x3, 0x400002, 0xfffffff9, 0x0, 0x6, 0x5, 0x0, 0x6, 0xfffffffb, 0x100, 0x3, 0x6, 0x9, 0x4, 0x3], [0x9, 0xbb2f, 0x3, 0x7, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x5, 0x5, 0x3, 0x2, 0x10000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x5, 0xffffffff, 0x7ffffffe, 0x5, 0x8, 0xc8, 0x4, 0x61dc, 0xffff, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x11, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x9, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xffb]}, 0x45c)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0xf, 0xc, &(0x7f0000000fc0)=ANY=[@ANYBLOB], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x66, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_ethernet(0x3e, &(0x7f0000000300)=ANY=[], 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)=@newtaction={0x130, 0x30, 0x1, 0x0, 0x2, {}, [{0x11c, 0x1, [@m_mpls={0xe0, 0x4, 0x0, 0x0, {{0x9}, {0x14, 0x2, 0x0, 0x1, [@TCA_MPLS_BOS={0x5, 0x8, 0x1}, @TCA_MPLS_PROTO={0x6, 0x4, 0x7}]}, {0xa4, 0x6, "a4ce5bff1de34489884bf870ff488b6db133201064454f336f448a46318633b6c3e80eb4667dfd60e0d87a9f8c7d500ca3354f5a912a222623dab24bf6a3d64ffc34522b4db9803e79e849d978d7c5b5eb72c2b399201c08a350c911f77bc3ad56349487d1a7553b51fb79b1fbd99e79e391b1d2356e5fbfbb00d761fa9cd24e4c8a3e9bcfda6940bae0271f64e4f7f13c1a99929a788955357139a11d8d0ad1"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_ife={0x38, 0x1, 0x0, 0x0, {{0x8}, {0x10, 0x2, 0x0, 0x1, [@TCA_IFE_SMAC={0xa, 0x4, @local}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x130}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x28, 0x1, 0x0)
r4 = syz_io_uring_setup(0x112, &(0x7f0000000280)={0x0, 0x408c, 0x100, 0x8, 0x40}, &(0x7f0000000240)=<r5=>0x0, &(0x7f0000000040)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0, 0x2121, 0x0, {0x3}})
io_uring_enter(r4, 0x47f6, 0xb277, 0x0, 0x0, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r7, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d424000000000000002900", 0x2a)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
syz_io_uring_setup(0x9eb, &(0x7f0000000140)={0x0, 0xfad6}, &(0x7f0000000240), &(0x7f0000000280))
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r8, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r9, {0x2, 0x0, @multicast1}, 0x2}}, 0x2e)

0s ago: executing program 2 (id=1648):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4)
connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x4e21, 0x1, @remote, 0x4}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000140), 0x4)
write$6lowpan_control(r0, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="04"], 0x10)
close(0x3)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19) (fail_nth: 9)

kernel console output (not intermixed with test programs):

 __do_fast_syscall_32+0x7c/0x3a0
[  302.176446][T11416]  do_fast_syscall_32+0x32/0x80
[  302.176461][T11416]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  302.176474][T11416] RIP: 0023:0xf70fe579
[  302.176483][T11416] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  302.176493][T11416] RSP: 002b:00000000f50cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  302.176503][T11416] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000c01c64a3
[  302.176509][T11416] RDX: 0000000080000280 RSI: 0000000000000000 RDI: 0000000000000000
[  302.176515][T11416] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  302.176521][T11416] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  302.176527][T11416] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  302.176539][T11416]  </TASK>
[  302.469482][T11422] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1346'.
[  302.478828][T11419] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  302.558652][T11419] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  302.616991][T11419] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  302.684880][T11419] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  302.747218][T11419] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  302.754472][T11419] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  302.761264][T11419] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  302.767736][T11419] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  302.932848][T11410] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  302.948297][ T5948] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  302.954298][ T5948] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  302.958320][ T5948] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  302.963504][ T5948] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  302.966410][ T5948] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  302.993236][T11418] ªªªªªª speed is unknown, defaulting to 1000
[  302.995834][T11418] ªªªªªª speed is unknown, defaulting to 1000
[  303.170343][T11418] chnl_net:caif_netlink_parms(): no params data found
[  303.243198][ T1338] usb 8-1: new full-speed USB device number 9 using dummy_hcd
[  303.266808][T11427] No source specified
[  303.277952][T11427] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  303.292153][ T1256] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.303400][T11418] bridge0: port 1(bridge_slave_0) entered blocking state
[  303.305842][T11418] bridge0: port 1(bridge_slave_0) entered disabled state
[  303.308282][T11418] bridge_slave_0: entered allmulticast mode
[  303.311093][T11418] bridge_slave_0: entered promiscuous mode
[  303.315935][T11418] bridge0: port 2(bridge_slave_1) entered blocking state
[  303.318159][T11418] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.320648][T11418] bridge_slave_1: entered allmulticast mode
[  303.323480][T11418] bridge_slave_1: entered promiscuous mode
[  303.372242][ T1338] usb 8-1: device descriptor read/64, error -71
[  303.390420][ T1256] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.398715][T11418] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  303.407343][T11418] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  303.460906][ T1256] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.481317][T11418] team0: Port device team_slave_0 added
[  303.495457][T11418] team0: Port device team_slave_1 added
[  303.543320][T11418] batman_adv: batadv0: Adding interface: batadv_slave_0
[  303.545565][T11418] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  303.554810][T11418] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  303.559458][T11418] batman_adv: batadv0: Adding interface: batadv_slave_1
[  303.561957][T11418] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  303.571108][T11418] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  303.612446][ T1338] usb 8-1: new full-speed USB device number 10 using dummy_hcd
[  303.655131][T11418] hsr_slave_0: entered promiscuous mode
[  303.657474][T11418] hsr_slave_1: entered promiscuous mode
[  303.669747][ T1256] bridge_slave_1: left allmulticast mode
[  303.671614][ T1256] bridge_slave_1: left promiscuous mode
[  303.673741][ T1256] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.678334][ T1256] bridge_slave_0: left allmulticast mode
[  303.680122][ T1256] bridge_slave_0: left promiscuous mode
[  303.681952][ T1256] bridge0: port 1(bridge_slave_0) entered disabled state
[  303.742453][ T1338] usb 8-1: device descriptor read/64, error -71
[  303.852918][ T1338] usb usb8-port1: attempt power cycle
[  303.978351][ T1256] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  303.984476][ T1256] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  303.990029][ T1256] bond0 (unregistering): Released all slaves
[  304.182934][ T5951] Bluetooth: hci3: command 0x0405 tx timeout
[  304.192449][ T1338] usb 8-1: new full-speed USB device number 11 using dummy_hcd
[  304.214334][ T1338] usb 8-1: device descriptor read/8, error -71
[  304.437778][ T1256] hsr_slave_0: left promiscuous mode
[  304.440161][ T1256] hsr_slave_1: left promiscuous mode
[  304.442822][ T1256] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  304.445591][ T1256] batman_adv: batadv0: Removing interface: batadv_slave_0
[  304.452225][ T1338] usb 8-1: new full-speed USB device number 12 using dummy_hcd
[  304.453102][ T1256] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  304.457922][ T1256] batman_adv: batadv0: Removing interface: batadv_slave_1
[  304.472932][ T1338] usb 8-1: device descriptor read/8, error -71
[  304.500390][ T1256] veth1_macvtap: left promiscuous mode
[  304.502959][ T1256] veth0_macvtap: left promiscuous mode
[  304.505073][ T1256] veth1_vlan: left promiscuous mode
[  304.507016][ T1256] veth0_vlan: left promiscuous mode
[  304.583855][ T1338] usb usb8-port1: unable to enumerate USB device
[  304.848026][T11454] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1355'.
[  304.984156][ T5951] Bluetooth: hci2: command tx timeout
[  305.180829][ T1256] team0 (unregistering): Port device team_slave_1 removed
[  305.260848][ T1256] team0 (unregistering): Port device team_slave_0 removed
[  305.777192][T11463] No source specified
[  305.786984][T11463] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  305.898216][T11449] lo: entered allmulticast mode
[  305.903480][T11449] tunl0: entered allmulticast mode
[  305.909361][T11449] gre0: entered allmulticast mode
[  305.918573][T11449] gretap0: entered allmulticast mode
[  305.923258][T11449] erspan0: entered allmulticast mode
[  305.927736][T11449] ip_vti0: entered allmulticast mode
[  305.937314][T11449] ip6_vti0: entered allmulticast mode
[  305.943432][T11449] sit0: entered allmulticast mode
[  305.948158][T11449] ip6tnl0: entered allmulticast mode
[  305.956163][T11449] ip6gre0: entered allmulticast mode
[  305.963617][T11449] syz_tun: entered allmulticast mode
[  305.967310][T11449] ip6gretap0: entered allmulticast mode
[  305.971781][T11449] bridge0: entered allmulticast mode
[  305.973711][T11449] bond0: entered allmulticast mode
[  305.975713][T11449] dummy0: entered allmulticast mode
[  305.983459][T11449] nlmon0: entered allmulticast mode
[  305.987460][T11449] caif0: entered allmulticast mode
[  305.989708][T11449] vxcan0: entered allmulticast mode
[  305.992755][T11449] vxcan1: entered allmulticast mode
[  305.996066][T11449] veth0: entered allmulticast mode
[  306.010411][T11449] wg0: entered allmulticast mode
[  306.015964][T11449] wg1: entered allmulticast mode
[  306.020899][T11449] wg2: entered allmulticast mode
[  306.024550][T11449] veth0_to_bridge: entered allmulticast mode
[  306.031593][T11449] bridge_slave_0: entered allmulticast mode
[  306.036000][T11449] veth1_to_bridge: entered allmulticast mode
[  306.042249][T11449] bridge_slave_1: entered allmulticast mode
[  306.047024][T11449] veth0_to_bond: entered allmulticast mode
[  306.049022][T11449] bond_slave_0: entered allmulticast mode
[  306.051167][T11449] veth1_to_bond: entered allmulticast mode
[  306.055783][T11449] bond_slave_1: entered allmulticast mode
[  306.059646][T11449] veth0_to_team: entered allmulticast mode
[  306.062958][T11449] team_slave_0: entered allmulticast mode
[  306.066699][T11449] veth1_to_team: entered allmulticast mode
[  306.070536][T11449] team_slave_1: entered allmulticast mode
[  306.073492][T11449] veth0_to_batadv: entered allmulticast mode
[  306.078767][T11449] batadv_slave_0: left promiscuous mode
[  306.080550][T11449] batadv_slave_0: entered allmulticast mode
[  306.084475][T11449] veth1_to_batadv: entered allmulticast mode
[  306.090394][T11449] batadv_slave_1: entered allmulticast mode
[  306.095201][T11449] xfrm0: entered allmulticast mode
[  306.102966][T11449] veth0_to_hsr: entered allmulticast mode
[  306.109825][T11449] hsr_slave_0: entered allmulticast mode
[  306.117988][T11449] veth1_to_hsr: entered allmulticast mode
[  306.122911][T11449] hsr_slave_1: entered allmulticast mode
[  306.127417][T11449] hsr0: entered allmulticast mode
[  306.134648][T11449] veth1_virt_wifi: entered allmulticast mode
[  306.144721][T11449] veth0_virt_wifi: entered allmulticast mode
[  306.149242][T11449] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  306.153238][T11449] veth1_vlan: entered allmulticast mode
[  306.158882][T11449] veth0_vlan: entered allmulticast mode
[  306.170453][T11449] vlan0: entered allmulticast mode
[  306.174710][T11449] vlan1: entered allmulticast mode
[  306.181066][T11449] macvlan0: entered allmulticast mode
[  306.188836][T11449] macvlan1: entered allmulticast mode
[  306.195626][T11449] ipvlan0: entered allmulticast mode
[  306.197685][T11449] ipvlan1: entered allmulticast mode
[  306.200644][T11449] veth1_macvtap: entered allmulticast mode
[  306.204646][T11449] veth0_macvtap: entered allmulticast mode
[  306.212603][T11449] macvtap0: entered allmulticast mode
[  306.216320][T11449] macsec0: entered allmulticast mode
[  306.224054][T11449] geneve0: entered allmulticast mode
[  306.229431][T11449] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  306.232244][T11449] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  306.234838][T11449] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  306.237452][T11449] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  306.240285][T11449] geneve1: entered allmulticast mode
[  306.244291][T11449] mac80211_hwsim hwsim7 wlan0: entered allmulticast mode
[  306.248382][T11449] bond1: entered allmulticast mode
[  306.253503][T11449] veth2: entered allmulticast mode
[  306.255244][T11449] veth3: entered allmulticast mode
[  306.257432][T11449] bridge1: entered allmulticast mode
[  306.261286][T11449] bridge2: entered allmulticast mode
[  306.272505][T11449] ip6gretap1: entered allmulticast mode
[  306.277174][T11449] bond2: entered allmulticast mode
[  306.280289][T11449] gtp0: entered allmulticast mode
[  306.284517][T11449] bond3: left promiscuous mode
[  306.286130][T11449] netdevsim netdevsim2 eth0: entered allmulticast mode
[  306.288813][T11449] netdevsim netdevsim2 eth1: entered allmulticast mode
[  306.291087][T11449] netdevsim netdevsim2 eth2: entered allmulticast mode
[  306.293464][T11449] netdevsim netdevsim2 eth3: entered allmulticast mode
[  306.356430][T11418] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  306.375208][T11418] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  306.380014][T11418] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  306.385285][T11418] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  306.439146][T11418] 8021q: adding VLAN 0 to HW filter on device bond0
[  306.450201][T11418] 8021q: adding VLAN 0 to HW filter on device team0
[  306.459158][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  306.461795][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  306.467957][ T1136] bridge0: port 2(bridge_slave_1) entered blocking state
[  306.470894][ T1136] bridge0: port 2(bridge_slave_1) entered forwarding state
[  306.506768][T11484] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1359'.
[  306.509776][T11484] netlink: 'syz.2.1359': attribute type 5 has an invalid length.
[  306.516069][T11484] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1359'.
[  306.522676][T11484] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  306.525450][T11484] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  306.528361][T11484] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  306.531074][T11484] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  306.534243][T11484] geneve2: entered promiscuous mode
[  306.536104][T11484] geneve2: entered allmulticast mode
[  306.590749][T11418] 8021q: adding VLAN 0 to HW filter on device batadv0
[  306.614477][T11418] veth0_vlan: entered promiscuous mode
[  306.619647][T11418] veth1_vlan: entered promiscuous mode
[  306.638727][T11418] veth0_macvtap: entered promiscuous mode
[  306.643488][T11418] veth1_macvtap: entered promiscuous mode
[  306.652484][T11418] batman_adv: batadv0: Interface activated: batadv_slave_0
[  306.659047][T11418] batman_adv: batadv0: Interface activated: batadv_slave_1
[  306.665303][T11418] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  306.668067][T11418] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  306.670937][T11418] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  306.674769][T11418] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  306.707841][ T1256] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  306.710652][ T1256] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  306.723747][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  306.727457][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  307.578459][T11498] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1363'.
[  307.581266][T11498] netlink: 'syz.2.1363': attribute type 5 has an invalid length.
[  307.583985][T11498] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1363'.
[  307.681997][    T9] usb 6-1: new full-speed USB device number 23 using dummy_hcd
[  307.822105][    T9] usb 6-1: device descriptor read/64, error -71
[  308.082048][    T9] usb 6-1: new full-speed USB device number 24 using dummy_hcd
[  308.212293][    T9] usb 6-1: device descriptor read/64, error -71
[  308.322465][    T9] usb usb6-port1: attempt power cycle
[  308.662155][    T9] usb 6-1: new full-speed USB device number 25 using dummy_hcd
[  308.682829][    T9] usb 6-1: device descriptor read/8, error -71
[  308.921951][    T9] usb 6-1: new full-speed USB device number 26 using dummy_hcd
[  308.943078][    T9] usb 6-1: device descriptor read/8, error -71
[  309.052292][    T9] usb usb6-port1: unable to enumerate USB device
[  309.248868][ T1256] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  309.481970][   T29] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  309.643949][   T29] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  309.647661][   T29] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  309.651310][   T29] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  309.654755][   T29] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  309.660308][   T29] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  309.663347][   T29] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  309.665956][   T29] usb 8-1: Manufacturer: syz
[  309.669458][   T29] usb 8-1: config 0 descriptor??
[  310.082416][   T29] usbhid 8-1:0.0: can't add hid device: -71
[  310.085010][   T29] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  310.090018][   T29] usb 8-1: USB disconnect, device number 13
[  310.194491][   T40] audit: type=1326 audit(2000000058.573:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11527 comm="syz.2.1373" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x0
[  310.280541][ T5948] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  310.286362][ T5948] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  310.291063][ T5948] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  310.295085][ T5948] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  310.299317][ T5948] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  310.307768][T11530] binder: 11527:11530 ioctl c004562f 80000340 returned -22
[  310.324152][T11531] ªªªªªª speed is unknown, defaulting to 1000
[  310.326743][T11531] ªªªªªª speed is unknown, defaulting to 1000
[  310.507906][T11531] chnl_net:caif_netlink_parms(): no params data found
[  310.632923][T11531] bridge0: port 1(bridge_slave_0) entered blocking state
[  310.635186][T11531] bridge0: port 1(bridge_slave_0) entered disabled state
[  310.637626][T11531] bridge_slave_0: entered allmulticast mode
[  310.640391][T11531] bridge_slave_0: entered promiscuous mode
[  310.644915][T11531] bridge0: port 2(bridge_slave_1) entered blocking state
[  310.647215][T11531] bridge0: port 2(bridge_slave_1) entered disabled state
[  310.649495][T11531] bridge_slave_1: entered allmulticast mode
[  310.653373][T11531] bridge_slave_1: entered promiscuous mode
[  310.685752][T11531] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  310.690417][T11531] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  310.739425][T11531] team0: Port device team_slave_0 added
[  310.744954][T11531] team0: Port device team_slave_1 added
[  310.794419][T11531] batman_adv: batadv0: Adding interface: batadv_slave_0
[  310.797032][T11531] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  310.806005][T11531] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  310.825406][ T1256] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.835003][T11531] batman_adv: batadv0: Adding interface: batadv_slave_1
[  310.837315][T11531] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  310.846025][T11531] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  310.889086][T11531] hsr_slave_0: entered promiscuous mode
[  310.891498][T11531] hsr_slave_1: entered promiscuous mode
[  310.894155][T11531] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  310.897155][T11531] Cannot create hsr debugfs directory
[  310.911225][ T1256] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  311.014380][ T1256] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  311.063783][T11552] No source specified
[  311.103647][T11552] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  311.451186][ T1256] bridge_slave_1: left allmulticast mode
[  311.454637][ T1256] bridge_slave_1: left promiscuous mode
[  311.456908][ T1256] bridge0: port 2(bridge_slave_1) entered disabled state
[  311.460992][ T1256] bridge_slave_0: left allmulticast mode
[  311.463477][ T1256] bridge_slave_0: left promiscuous mode
[  311.465839][ T1256] bridge0: port 1(bridge_slave_0) entered disabled state
[  311.546967][T11563] netlink: 'syz.3.1379': attribute type 21 has an invalid length.
[  311.554560][T11564] input: syz1 as /devices/virtual/input/input16
[  311.770644][ T1256] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  311.775127][ T1256] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  311.778869][ T1256] bond0 (unregistering): Released all slaves
[  311.823427][T11563] netlink: 'syz.3.1379': attribute type 6 has an invalid length.
[  311.825966][T11563] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1379'.
[  312.341847][ T5951] Bluetooth: hci2: command tx timeout
[  312.345774][ T1256] hsr_slave_0: left promiscuous mode
[  312.347893][ T1256] hsr_slave_1: left promiscuous mode
[  312.349929][ T1256] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  312.352436][ T1256] batman_adv: batadv0: Removing interface: batadv_slave_0
[  312.355149][ T1256] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  312.357461][ T1256] batman_adv: batadv0: Removing interface: batadv_slave_1
[  312.413099][ T1256] veth1_macvtap: left promiscuous mode
[  312.415671][ T1256] veth0_macvtap: left promiscuous mode
[  312.417854][ T1256] veth1_vlan: left promiscuous mode
[  312.419568][ T1256] veth0_vlan: left promiscuous mode
[  312.532411][T11582] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1383'.
[  313.430340][ T1256] team0 (unregistering): Port device team_slave_1 removed
[  313.545507][ T1256] team0 (unregistering): Port device team_slave_0 removed
[  313.727730][T11593] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1385'.
[  313.727751][T11593] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1385'.
[  314.021697][    C2] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  314.422453][ T5951] Bluetooth: hci2: command tx timeout
[  314.500508][T11531] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  314.514674][T11531] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  314.546351][T11531] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  314.552551][T11531] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  314.553190][T11599] FAULT_INJECTION: forcing a failure.
[  314.553190][T11599] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  314.559643][T11599] CPU: 0 UID: 0 PID: 11599 Comm: syz.3.1386 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  314.559659][T11599] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  314.559665][T11599] Call Trace:
[  314.559669][T11599]  <TASK>
[  314.559674][T11599]  dump_stack_lvl+0x16c/0x1f0
[  314.559693][T11599]  should_fail_ex+0x512/0x640
[  314.559711][T11599]  _copy_from_user+0x2e/0xd0
[  314.559729][T11599]  kstrtouint_from_user+0xd6/0x1d0
[  314.559741][T11599]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  314.559754][T11599]  ? __lock_acquire+0xb8a/0x1c90
[  314.559774][T11599]  proc_fail_nth_write+0x83/0x250
[  314.559787][T11599]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  314.559822][T11599]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  314.559834][T11599]  vfs_write+0x29d/0x1150
[  314.559853][T11599]  ? __pfx_vfs_write+0x10/0x10
[  314.559866][T11599]  ? find_held_lock+0x2b/0x80
[  314.559880][T11599]  ? __fget_files+0x20e/0x3c0
[  314.559898][T11599]  ksys_write+0x12a/0x250
[  314.559912][T11599]  ? __pfx_ksys_write+0x10/0x10
[  314.559927][T11599]  ? rcu_is_watching+0x12/0xc0
[  314.559940][T11599]  __do_fast_syscall_32+0x7c/0x3a0
[  314.559951][T11599]  do_fast_syscall_32+0x32/0x80
[  314.559961][T11599]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  314.559974][T11599] RIP: 0023:0xf70fe579
[  314.559982][T11599] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  314.559992][T11599] RSP: 002b:00000000f50ee590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  314.560003][T11599] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f50ee620
[  314.560009][T11599] RDX: 0000000000000001 RSI: 00000000f7462ff4 RDI: 0000000000000000
[  314.560015][T11599] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  314.560021][T11599] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  314.560027][T11599] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  314.560044][T11599]  </TASK>
[  314.739630][T11531] 8021q: adding VLAN 0 to HW filter on device bond0
[  314.754926][T11531] 8021q: adding VLAN 0 to HW filter on device team0
[  314.761216][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state
[  314.763834][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state
[  314.774140][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state
[  314.776403][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state
[  314.964833][T11615] No source specified
[  314.983671][T11615] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  315.030043][T11531] 8021q: adding VLAN 0 to HW filter on device batadv0
[  315.067575][T11531] veth0_vlan: entered promiscuous mode
[  315.075730][T11531] veth1_vlan: entered promiscuous mode
[  315.100380][T11531] veth0_macvtap: entered promiscuous mode
[  315.105818][T11531] veth1_macvtap: entered promiscuous mode
[  315.120017][T11531] batman_adv: batadv0: Interface activated: batadv_slave_0
[  315.136763][T11531] batman_adv: batadv0: Interface activated: batadv_slave_1
[  315.153388][T11531] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  315.156415][T11531] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  315.159617][T11531] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  315.163972][T11531] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  315.211319][T11623] netlink: 'syz.2.1390': attribute type 10 has an invalid length.
[  315.216834][T11623] bond0: left allmulticast mode
[  315.225882][T11623] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1390'.
[  315.238636][ T1136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  315.241419][ T1136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  315.265928][T11623] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  315.295975][ T1136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  315.298537][ T1136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  315.349871][T11623] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  315.404540][T11623] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  315.509385][T11623] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  315.647276][T11623] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  315.651646][    T9] usb 8-1: new full-speed USB device number 14 using dummy_hcd
[  315.661085][T11623] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  315.671276][T11623] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  315.686436][T11623] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  315.732892][T11637] /dev/sr0: Can't open blockdev
[  315.815371][    T9] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  315.819647][    T9] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  315.826926][    T9] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  315.830793][    T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.834338][    T9] usb 8-1: Product: syz
[  315.836136][    T9] usb 8-1: Manufacturer: syz
[  315.838155][    T9] usb 8-1: SerialNumber: syz
[  316.005710][T11646] netlink: 'syz.2.1396': attribute type 10 has an invalid length.
[  316.009544][T11646] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1396'.
[  316.024124][T11646] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  316.114345][T11646] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  316.228111][T11646] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  316.298254][T11646] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  316.404220][T11653] netlink: 'syz.1.1397': attribute type 21 has an invalid length.
[  316.407615][T11653] netlink: 'syz.1.1397': attribute type 6 has an invalid length.
[  316.411292][T11653] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1397'.
[  316.554658][    T9] usb 8-1: 0:2 : does not exist
[  316.560939][    T9] usb 8-1: USB disconnect, device number 14
[  316.585760][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  316.889164][T11646] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  316.895760][T11646] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  316.902175][T11646] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  316.908470][T11646] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  317.049576][ T1256] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  317.647748][T11661] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1399'.
[  317.655121][T11661] rtc_cmos 00:05: Alarms can be up to one day in the future
[  318.239467][ T5948] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  318.244353][ T5948] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  318.247508][ T5948] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  318.254572][ T5948] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  318.257057][ T5948] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  318.284889][T11675] ªªªªªª speed is unknown, defaulting to 1000
[  318.288488][T11675] ªªªªªª speed is unknown, defaulting to 1000
[  318.312392][T11680] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  318.336647][T11680] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12)
[  318.338651][T11680] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  318.372069][T11680] vhci_hcd vhci_hcd.0: Device attached
[  318.381810][T11681] vhci_hcd: unknown pdu 2
[  318.384772][   T12] vhci_hcd: stop threads
[  318.386445][   T12] vhci_hcd: release socket
[  318.388001][   T12] vhci_hcd: disconnect device
[  318.595263][ T1256] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  318.634495][T11675] chnl_net:caif_netlink_parms(): no params data found
[  318.679896][ T1256] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  318.811226][ T1256] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  318.820707][T11675] bridge0: port 1(bridge_slave_0) entered blocking state
[  318.823554][T11675] bridge0: port 1(bridge_slave_0) entered disabled state
[  318.825961][T11675] bridge_slave_0: entered allmulticast mode
[  318.829540][T11675] bridge_slave_0: entered promiscuous mode
[  318.835263][T11675] bridge0: port 2(bridge_slave_1) entered blocking state
[  318.837943][T11675] bridge0: port 2(bridge_slave_1) entered disabled state
[  318.840218][T11675] bridge_slave_1: entered allmulticast mode
[  318.844490][T11675] bridge_slave_1: entered promiscuous mode
[  318.890557][T11675] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  318.899219][T11675] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  318.969010][T11675] team0: Port device team_slave_0 added
[  318.985969][T11675] team0: Port device team_slave_1 added
[  319.017468][ T1256] bridge_slave_1: left allmulticast mode
[  319.019301][ T1256] bridge_slave_1: left promiscuous mode
[  319.021211][ T1256] bridge0: port 2(bridge_slave_1) entered disabled state
[  319.025290][ T1256] bridge_slave_0: left allmulticast mode
[  319.027096][ T1256] bridge_slave_0: left promiscuous mode
[  319.028935][ T1256] bridge0: port 1(bridge_slave_0) entered disabled state
[  319.055861][T11694] tmpfs: Unknown parameter 'ÿÿÿÿÿÿÿÿ'
[  319.344420][ T1256] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  319.349804][ T1256] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  319.354591][ T1256] bond0 (unregistering): Released all slaves
[  319.372080][T11675] batman_adv: batadv0: Adding interface: batadv_slave_0
[  319.538269][T11698] netlink: 'syz.2.1407': attribute type 21 has an invalid length.
[  319.546886][T11675] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  319.555381][T11675] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  319.564325][T11675] batman_adv: batadv0: Adding interface: batadv_slave_1
[  319.567156][T11675] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  319.577113][T11675] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  319.594544][T11698] netlink: 'syz.2.1407': attribute type 6 has an invalid length.
[  319.597329][T11698] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1407'.
[  319.755580][T11675] hsr_slave_0: entered promiscuous mode
[  319.757865][T11675] hsr_slave_1: entered promiscuous mode
[  319.938485][ T1256] hsr_slave_0: left promiscuous mode
[  319.946611][ T1256] hsr_slave_1: left promiscuous mode
[  319.949421][ T1256] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  319.953360][ T1256] batman_adv: batadv0: Removing interface: batadv_slave_0
[  319.956654][ T1256] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  319.958995][ T1256] batman_adv: batadv0: Removing interface: batadv_slave_1
[  320.031588][ T1256] veth1_macvtap: left promiscuous mode
[  320.033914][ T1256] veth0_macvtap: left promiscuous mode
[  320.036320][ T1256] veth1_vlan: left promiscuous mode
[  320.038559][ T1256] veth0_vlan: left promiscuous mode
[  320.341348][ T5951] Bluetooth: hci2: command tx timeout
[  321.042982][ T1256] team0 (unregistering): Port device team_slave_1 removed
[  321.129668][ T1256] team0 (unregistering): Port device team_slave_0 removed
[  322.337827][T11675] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  322.445763][T11675] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  322.448223][ T5951] Bluetooth: hci2: command tx timeout
[  322.461996][T11675] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  322.466854][T11675] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  322.479395][T11740] ªªªªªª: left allmulticast mode
[  322.503574][   T53] ªªªªªª speed is unknown, defaulting to 1000
[  322.507446][   T53] s
z1: Port: 1 Link DOWN
[  322.566119][T11675] 8021q: adding VLAN 0 to HW filter on device bond0
[  322.585468][T11675] 8021q: adding VLAN 0 to HW filter on device team0
[  322.600871][T11748] 9pnet_fd: Insufficient options for proto=fd
[  322.613457][   T53] ªªªªªª speed is unknown, defaulting to 1000
[  322.638823][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state
[  322.641411][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state
[  322.650119][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state
[  322.652491][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state
[  322.926528][T11675] 8021q: adding VLAN 0 to HW filter on device batadv0
[  322.945001][T11758] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  322.965686][T11675] veth0_vlan: entered promiscuous mode
[  322.971470][T11675] veth1_vlan: entered promiscuous mode
[  322.998370][T11675] veth0_macvtap: entered promiscuous mode
[  323.010929][T11675] veth1_macvtap: entered promiscuous mode
[  323.027275][T11675] batman_adv: batadv0: Interface activated: batadv_slave_0
[  323.042191][T11675] batman_adv: batadv0: Interface activated: batadv_slave_1
[  323.047369][T11675] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  323.050154][T11675] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  323.053701][T11675] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  323.056396][T11675] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  323.088998][ T1136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  323.094537][ T1136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  323.113025][ T1136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  323.115704][ T1136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  323.207303][T11760] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1422'.
[  323.240611][T11762] netlink: 'syz.3.1423': attribute type 21 has an invalid length.
[  323.243492][T11762] netlink: 'syz.3.1423': attribute type 6 has an invalid length.
[  323.245966][T11762] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1423'.
[  323.541740][T11765] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  323.747101][T11773] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  323.752996][T11773] netlink: 'syz.2.1425': attribute type 11 has an invalid length.
[  323.759386][T11773] fuse: Bad value for 'user_id'
[  323.761850][T11773] fuse: Bad value for 'user_id'
[  323.804500][T11775] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10)
[  323.807317][T11775] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  323.810834][T11775] vhci_hcd vhci_hcd.0: Device attached
[  323.816420][T11775] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  323.821191][T11775] vhci_hcd vhci_hcd.0: pdev(3) rhport(2) sockfd(14)
[  323.824003][T11775] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  323.827147][T11775] vhci_hcd vhci_hcd.0: Device attached
[  323.830834][T11775] vhci_hcd vhci_hcd.0: pdev(3) rhport(3) sockfd(16)
[  323.832914][T11775] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  323.835736][T11775] vhci_hcd vhci_hcd.0: Device attached
[  323.838918][T11775] vhci_hcd vhci_hcd.0: pdev(3) rhport(4) sockfd(18)
[  323.841059][T11775] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  323.843690][T11775] vhci_hcd vhci_hcd.0: Device attached
[  323.846075][T11775] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  323.849110][T11775] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  323.866225][T11784] vhci_hcd: connection closed
[  323.866462][T11782] vhci_hcd: connection closed
[  323.866511][T11780] vhci_hcd: connection closed
[  323.868100][T11776] vhci_hcd: connection closed
[  323.868290][   T12] vhci_hcd: stop threads
[  323.868305][   T12] vhci_hcd: release socket
[  323.868318][   T12] vhci_hcd: disconnect device
[  323.868499][   T12] vhci_hcd: stop threads
[  323.868506][   T12] vhci_hcd: release socket
[  323.868516][   T12] vhci_hcd: disconnect device
[  323.870106][   T12] vhci_hcd: stop threads
[  323.889190][   T12] vhci_hcd: release socket
[  323.891397][   T12] vhci_hcd: disconnect device
[  323.893531][   T12] vhci_hcd: stop threads
[  323.895308][   T12] vhci_hcd: release socket
[  323.897163][   T12] vhci_hcd: disconnect device
[  324.262305][T11796] netlink: 'syz.2.1430': attribute type 10 has an invalid length.
[  324.265732][T11796] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1430'.
[  324.275582][T11796] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  324.345941][T11796] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  324.426976][T11796] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  324.427239][   T40] audit: type=1326 audit(2000000072.804:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11794 comm="syz.1.1431" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf707e579 code=0x0
[  324.483673][T11796] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  324.535355][T11796] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  324.542761][T11796] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  324.549709][T11796] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  324.558789][T11796] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  324.653191][T11803] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  324.655783][T11803] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  324.658305][T11803] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  324.660948][T11803] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  324.676454][T11804] mkiss: ax0: crc mode is auto.
[  324.992017][T11807] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  325.062531][T11811] netlink: 'syz.3.1435': attribute type 21 has an invalid length.
[  325.079085][ T1256] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.088845][T11811] netlink: 'syz.3.1435': attribute type 6 has an invalid length.
[  325.092009][T11811] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1435'.
[  326.182821][T11820] 
@ÿ: renamed from veth0_vlan
[  326.288223][ T5948] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  326.291360][ T5948] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  326.294341][ T5948] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  326.297434][ T5948] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  326.302941][ T5948] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  326.327413][T11821] ªªªªªª speed is unknown, defaulting to 1000
[  326.330851][T11821] ªªªªªª speed is unknown, defaulting to 1000
[  326.457721][T11823] No source specified
[  326.480813][T11823] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  326.531618][T11821] chnl_net:caif_netlink_parms(): no params data found
[  326.623404][T11821] bridge0: port 1(bridge_slave_0) entered blocking state
[  326.626684][T11821] bridge0: port 1(bridge_slave_0) entered disabled state
[  326.629419][T11821] bridge_slave_0: entered allmulticast mode
[  326.632963][T11821] bridge_slave_0: entered promiscuous mode
[  326.636228][T11829] tunl0: left allmulticast mode
[  326.638683][T11829] gre0: left allmulticast mode
[  326.640676][T11829] gretap0: left allmulticast mode
[  326.642817][T11829] erspan0: left allmulticast mode
[  326.645041][T11829] ip_vti0: left allmulticast mode
[  326.647105][T11829] ip6_vti0: left allmulticast mode
[  326.649167][T11829] sit0: left allmulticast mode
[  326.651243][T11829] ip6tnl0: left allmulticast mode
[  326.653286][T11829] ip6gre0: left allmulticast mode
[  326.655323][T11829] syz_tun: left allmulticast mode
[  326.657374][T11829] ip6gretap0: left allmulticast mode
[  326.659470][T11829] bridge0: left allmulticast mode
[  326.661902][T11829] vcan0: left allmulticast mode
[  326.663969][T11829] dummy0: left allmulticast mode
[  326.665990][T11829] nlmon0: left allmulticast mode
[  326.668022][T11829] caif0: left allmulticast mode
[  326.670002][T11829] batadv0: left allmulticast mode
[  326.672124][T11829] vxcan0: left allmulticast mode
[  326.674333][T11829] vxcan1: left allmulticast mode
[  326.674377][ T5948] Bluetooth: hci3: connection err: -111
[  326.676321][T11829] veth0: left allmulticast mode
[  326.676395][T11829] veth1: left allmulticast mode
[  326.682308][T11829] wg0: left allmulticast mode
[  326.684292][T11829] wg1: left allmulticast mode
[  326.686226][T11829] wg2: left allmulticast mode
[  326.688193][T11829] veth0_to_bridge: left allmulticast mode
[  326.690532][T11829] bridge_slave_0: left allmulticast mode
[  326.692954][T11829] veth1_to_bridge: left allmulticast mode
[  326.695262][T11829] bridge_slave_1: left allmulticast mode
[  326.697716][T11829] bond_slave_0: left allmulticast mode
[  326.699989][T11829] veth1_to_bond: left allmulticast mode
[  326.702335][T11829] bond_slave_1: left allmulticast mode
[  326.704635][T11829] veth0_to_team: left allmulticast mode
[  326.706905][T11829] team_slave_0: left allmulticast mode
[  326.709164][T11829] veth1_to_team: left allmulticast mode
[  326.711487][T11829] team_slave_1: left allmulticast mode
[  326.713654][T11829] veth0_to_batadv: left allmulticast mode
[  326.715955][T11829] batadv_slave_0: left allmulticast mode
[  326.718187][T11829] veth1_to_batadv: left allmulticast mode
[  326.720472][T11829] batadv_slave_1: left allmulticast mode
[  326.722977][T11829] veth0_to_hsr: left allmulticast mode
[  326.725257][T11829] veth1_to_hsr: left allmulticast mode
[  326.727507][T11829] hsr0: left allmulticast mode
[  326.729393][T11829] hsr_slave_0: left allmulticast mode
[  326.731584][T11829] hsr_slave_1: left allmulticast mode
[  326.733805][T11829] veth1_virt_wifi: left allmulticast mode
[  326.736179][T11829] veth0_virt_wifi: left allmulticast mode
[  326.738466][T11829] net veth1_virt_wifi virt_wifi0: left allmulticast mode
[  326.741408][T11829] veth1_vlan: left allmulticast mode
[  326.743655][T11829] vlan0: left allmulticast mode
[  326.745665][T11829] vlan1: left allmulticast mode
[  326.747802][T11829] macvlan1: left allmulticast mode
[  326.749880][T11829] ipvlan0: left allmulticast mode
[  326.752078][T11829] ipvlan1: left allmulticast mode
[  326.754030][T11829] veth0_vlan: left allmulticast mode
[  326.756175][T11829] veth1_macvtap: left allmulticast mode
[  326.758389][T11829] veth0_macvtap: left allmulticast mode
[  326.760556][T11829] macvtap0: left allmulticast mode
[  326.762737][T11829] macsec0: left allmulticast mode
[  326.764758][T11829] geneve0: left allmulticast mode
[  326.766653][T11829] geneve1: left allmulticast mode
[  326.768753][T11829] mac80211_hwsim hwsim8 wlan1: left allmulticast mode
[  326.771482][T11829] mac80211_hwsim hwsim10 wlan2: left allmulticast mode
[  326.774169][T11829] bond1: left allmulticast mode
[  326.776101][T11829] geneve2: left allmulticast mode
[  326.782386][T11829] veth0_to_bond: left promiscuous mode
[  326.784708][T11829] macvlan2: left promiscuous mode
[  326.786250][T11829] macvlan2: left allmulticast mode
[  326.790004][T11821] bridge0: port 2(bridge_slave_1) entered blocking state
[  326.795290][T11821] bridge0: port 2(bridge_slave_1) entered disabled state
[  326.798483][T11821] bridge_slave_1: entered allmulticast mode
[  326.816543][T11821] bridge_slave_1: entered promiscuous mode
[  326.857145][T11821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  326.862188][T11821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  326.900030][T11821] team0: Port device team_slave_0 added
[  326.903539][T11821] team0: Port device team_slave_1 added
[  326.950835][T11821] batman_adv: batadv0: Adding interface: batadv_slave_0
[  326.953649][T11821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  326.962635][T11821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  326.970526][T11821] batman_adv: batadv0: Adding interface: batadv_slave_1
[  326.972945][T11821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  326.981795][T11821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  327.029372][T11821] hsr_slave_0: entered promiscuous mode
[  327.031743][T11821] hsr_slave_1: entered promiscuous mode
[  327.033921][T11821] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  327.036263][T11821] Cannot create hsr debugfs directory
[  327.100755][ T1256] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  327.188346][ T1256] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  327.293930][T11838] usb usb8: usbfs: process 11838 (syz.1.1442) did not claim interface 0 before use
[  327.297382][ T1256] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  327.412928][ T1256] bridge_slave_1: left allmulticast mode
[  327.414747][ T1256] bridge_slave_1: left promiscuous mode
[  327.416603][ T1256] bridge0: port 2(bridge_slave_1) entered disabled state
[  327.423935][ T1256] bridge_slave_0: left allmulticast mode
[  327.426346][ T1256] bridge_slave_0: left promiscuous mode
[  327.428871][ T1256] bridge0: port 1(bridge_slave_0) entered disabled state
[  327.782666][ T1256] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  327.787279][ T1256] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  327.792632][ T1256] bond0 (unregistering): Released all slaves
[  328.345431][ T5948] Bluetooth: hci2: command tx timeout
[  328.357589][T11852] No source specified
[  328.362822][T11852] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  328.450453][ T1256] hsr_slave_0: left promiscuous mode
[  328.458589][ T1256] hsr_slave_1: left promiscuous mode
[  328.461220][ T1256] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  328.464163][ T1256] batman_adv: batadv0: Removing interface: batadv_slave_0
[  328.467578][ T1256] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  328.470533][ T1256] batman_adv: batadv0: Removing interface: batadv_slave_1
[  328.496669][ T1256] veth1_macvtap: left promiscuous mode
[  328.498582][ T1256] veth0_macvtap: left promiscuous mode
[  328.500390][ T1256] veth1_vlan: left promiscuous mode
[  328.502225][ T1256] veth0_vlan: left promiscuous mode
[  329.236853][ T1256] team0 (unregistering): Port device team_slave_1 removed
[  329.348651][ T1256] team0 (unregistering): Port device team_slave_0 removed
[  330.127994][T11821] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  330.137784][T11821] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  330.148696][T11821] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  330.154811][T11821] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  330.254413][T11821] 8021q: adding VLAN 0 to HW filter on device bond0
[  330.267589][T11821] 8021q: adding VLAN 0 to HW filter on device team0
[  330.278026][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  330.280960][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  330.290794][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state
[  330.293580][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state
[  330.423123][ T5948] Bluetooth: hci2: command tx timeout
[  330.499171][T11821] 8021q: adding VLAN 0 to HW filter on device batadv0
[  330.529565][T11821] veth0_vlan: entered promiscuous mode
[  330.537540][T11821] veth1_vlan: entered promiscuous mode
[  330.554371][T11821] veth0_macvtap: entered promiscuous mode
[  330.561072][T11821] veth1_macvtap: entered promiscuous mode
[  330.572437][T11821] batman_adv: batadv0: Interface activated: batadv_slave_0
[  330.577735][T11821] batman_adv: batadv0: Interface activated: batadv_slave_1
[  330.583635][T11894] netlink: 'syz.2.1454': attribute type 10 has an invalid length.
[  330.586245][T11821] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  330.589239][T11821] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  330.593522][T11821] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  330.596476][T11821] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  330.611737][T11894] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1454'.
[  330.629338][T11894] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  330.669811][ T1256] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  330.675547][ T1256] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  330.687359][ T1149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  330.690718][ T1149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  330.715121][T11894] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  330.805412][T11894] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  330.912004][T11894] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  331.006386][T11894] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  331.027774][T11894] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  331.036251][T11894] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  331.042923][T11894] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  331.490812][   T54] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  331.662831][   T54] usb 6-1: Using ep0 maxpacket: 32
[  331.912112][T11910] No source specified
[  331.918051][T11910] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  331.998833][   T54] usb 6-1: unable to get BOS descriptor or descriptor too short
[  332.005830][   T54] usb 6-1: unable to read config index 0 descriptor/start: -71
[  332.008900][   T54] usb 6-1: can't read configurations, error -71
[  332.077797][   T40] audit: type=1326 audit(2000000309.448:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11913 comm="syz.2.1458" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f64579 code=0x0
[  332.537395][ T1149] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  333.878696][ T5951] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  333.883471][ T5951] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  333.887290][ T5951] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  333.892080][ T5951] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  333.895836][ T5951] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  333.920207][T11933] ªªªªªª speed is unknown, defaulting to 1000
[  333.922930][T11933] ªªªªªª speed is unknown, defaulting to 1000
[  334.102158][T11933] chnl_net:caif_netlink_parms(): no params data found
[  334.190125][T11933] bridge0: port 1(bridge_slave_0) entered blocking state
[  334.195324][T11933] bridge0: port 1(bridge_slave_0) entered disabled state
[  334.198287][T11933] bridge_slave_0: entered allmulticast mode
[  334.202406][T11933] bridge_slave_0: entered promiscuous mode
[  334.206712][T11933] bridge0: port 2(bridge_slave_1) entered blocking state
[  334.209397][T11933] bridge0: port 2(bridge_slave_1) entered disabled state
[  334.213214][T11933] bridge_slave_1: entered allmulticast mode
[  334.215862][T11933] bridge_slave_1: entered promiscuous mode
[  334.269608][ T1149] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  334.278457][T11933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  334.284512][T11933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  334.323658][T11933] team0: Port device team_slave_0 added
[  334.327254][T11933] team0: Port device team_slave_1 added
[  334.364577][ T1149] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  334.388315][T11933] batman_adv: batadv0: Adding interface: batadv_slave_0
[  334.391500][T11933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  334.402384][T11933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  334.407987][T11933] batman_adv: batadv0: Adding interface: batadv_slave_1
[  334.410354][T11933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  334.420111][T11933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  334.472045][ T1149] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  334.505180][T11933] hsr_slave_0: entered promiscuous mode
[  334.508408][T11933] hsr_slave_1: entered promiscuous mode
[  334.706325][ T1149] bridge_slave_1: left allmulticast mode
[  334.708814][ T1149] bridge_slave_1: left promiscuous mode
[  334.712546][ T1149] bridge0: port 2(bridge_slave_1) entered disabled state
[  334.717716][ T1149] bridge_slave_0: left allmulticast mode
[  334.720087][ T1149] bridge_slave_0: left promiscuous mode
[  334.722897][ T1149] bridge0: port 1(bridge_slave_0) entered disabled state
[  334.796265][T11943] overlayfs: conflicting options: userxattr,metacopy=on
[  334.997654][ T1149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  335.002230][ T1149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  335.005846][ T1149] bond0 (unregistering): Released all slaves
[  335.381214][   T24] usb 6-1: new full-speed USB device number 29 using dummy_hcd
[  335.408620][T11956] netlink: 'syz.2.1468': attribute type 2 has an invalid length.
[  335.437891][T11933] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  335.458648][T11933] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  335.468092][T11933] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  335.478350][ T1149] hsr_slave_0: left promiscuous mode
[  335.491368][ T1149] hsr_slave_1: left promiscuous mode
[  335.493308][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  335.495451][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_0
[  335.512548][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  335.516025][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_1
[  335.532140][   T24] usb 6-1: device descriptor read/64, error -71
[  335.594444][ T1149] veth1_macvtap: left promiscuous mode
[  335.596967][T11960] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1469'.
[  335.599554][ T1149] veth0_macvtap: left promiscuous mode
[  335.603060][ T1149] veth1_vlan: left promiscuous mode
[  335.604768][ T1149] veth0_vlan: left promiscuous mode
[  335.612139][T11960] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1469'.
[  335.618287][T11960] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1469'.
[  335.790475][   T24] usb 6-1: new full-speed USB device number 30 using dummy_hcd
[  335.940438][   T24] usb 6-1: device descriptor read/64, error -71
[  335.952202][ T5948] Bluetooth: hci2: command tx timeout
[  335.978221][T11974] netlink: 'syz.3.1473': attribute type 10 has an invalid length.
[  336.034019][T11971] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1473'.
[  336.052139][   T24] usb usb6-port1: attempt power cycle
[  336.400911][   T24] usb 6-1: new full-speed USB device number 31 using dummy_hcd
[  336.401786][ T1149] team0 (unregistering): Port device team_slave_1 removed
[  336.421406][   T24] usb 6-1: device descriptor read/8, error -71
[  336.478935][ T1149] team0 (unregistering): Port device team_slave_0 removed
[  336.673297][   T24] usb 6-1: new full-speed USB device number 32 using dummy_hcd
[  336.701166][   T24] usb 6-1: device descriptor read/8, error -71
[  336.810971][   T24] usb usb6-port1: unable to enumerate USB device
[  337.058969][T11933] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  337.064932][T11960] batadv_slave_0: entered promiscuous mode
[  337.066896][T11960] batadv_slave_0: left allmulticast mode
[  337.184583][T11933] 8021q: adding VLAN 0 to HW filter on device bond0
[  337.204009][T11933] 8021q: adding VLAN 0 to HW filter on device team0
[  337.243698][T11933] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  337.248365][T11933] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  337.261603][ T1136] bridge0: port 1(bridge_slave_0) entered blocking state
[  337.264441][ T1136] bridge0: port 1(bridge_slave_0) entered forwarding state
[  337.269723][ T1136] bridge0: port 2(bridge_slave_1) entered blocking state
[  337.272835][ T1136] bridge0: port 2(bridge_slave_1) entered forwarding state
[  337.442036][T11933] 8021q: adding VLAN 0 to HW filter on device batadv0
[  337.494143][T11933] veth0_vlan: entered promiscuous mode
[  337.503426][T11933] veth1_vlan: entered promiscuous mode
[  337.532193][T11933] veth0_macvtap: entered promiscuous mode
[  337.539156][T11933] veth1_macvtap: entered promiscuous mode
[  337.558422][T11933] batman_adv: batadv0: Interface activated: batadv_slave_0
[  337.571971][T11933] batman_adv: batadv0: Interface activated: batadv_slave_1
[  337.586202][T11933] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  337.588977][T11933] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  337.592153][T11933] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  337.594877][T11933] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  337.672615][ T1136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  337.675811][ T1136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  337.694866][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  337.697449][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  338.197838][T11995] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1477'.
[  338.202850][T11995] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1477'.
[  338.219272][T11996] netlink: 'syz.2.1476': attribute type 2 has an invalid length.
[  339.106066][T12017] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  339.339837][T12020] No source specified
[  339.345145][T12020] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  339.394524][T12027] wireguard0: entered promiscuous mode
[  339.396566][T12027] wireguard0: entered allmulticast mode
[  340.021447][T12023] syz.1.1485: page allocation failure: order:0, mode:0x10cc0(GFP_KERNEL|__GFP_NORETRY), nodemask=(null),cpuset=/,mems_allowed=0-1
[  340.028593][T12023] CPU: 3 UID: 0 PID: 12023 Comm: syz.1.1485 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  340.028617][T12023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  340.028629][T12023] Call Trace:
[  340.028636][T12023]  <TASK>
[  340.028644][T12023]  dump_stack_lvl+0x16c/0x1f0
[  340.028698][T12023]  warn_alloc+0x248/0x3a0
[  340.028728][T12023]  ? __pfx_warn_alloc+0x10/0x10
[  340.028753][T12023]  ? psi_group_change+0x6dc/0xd20
[  340.028783][T12023]  ? __pfx___alloc_pages_direct_compact+0x10/0x10
[  340.028807][T12023]  ? psi_memstall_leave+0x1e1/0x2d0
[  340.028831][T12023]  ? psi_memstall_leave+0x1e6/0x2d0
[  340.028857][T12023]  __alloc_frozen_pages_noprof+0xea2/0x23f0
[  340.028897][T12023]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  340.028941][T12023]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  340.028972][T12023]  ? policy_nodemask+0xea/0x4e0
[  340.029002][T12023]  alloc_pages_mpol+0x1fb/0x550
[  340.029021][T12023]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  340.029053][T12023]  alloc_pages_noprof+0x131/0x390
[  340.029074][T12023]  kimage_alloc_pages+0x75/0x350
[  340.029104][T12023]  kimage_alloc_control_pages+0x153/0xa00
[  340.029139][T12023]  ? __pfx_kimage_alloc_control_pages+0x10/0x10
[  340.029176][T12023]  do_kexec_load+0x480/0x8d0
[  340.029195][T12023]  ? __pfx_do_kexec_load+0x10/0x10
[  340.029220][T12023]  __ia32_compat_sys_kexec_load+0x37f/0x400
[  340.029243][T12023]  ? __pfx___ia32_compat_sys_kexec_load+0x10/0x10
[  340.029265][T12023]  ? rcu_is_watching+0x12/0xc0
[  340.029287][T12023]  __do_fast_syscall_32+0x7c/0x3a0
[  340.029306][T12023]  do_fast_syscall_32+0x32/0x80
[  340.029323][T12023]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  340.029346][T12023] RIP: 0023:0xf707e579
[  340.029361][T12023] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  340.029379][T12023] RSP: 002b:00000000f504d55c EFLAGS: 00000296 ORIG_RAX: 000000000000011b
[  340.029395][T12023] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000003
[  340.029407][T12023] RDX: 0000000080001080 RSI: 00000000003e0000 RDI: 0000000000000000
[  340.029417][T12023] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  340.029427][T12023] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  340.029436][T12023] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  340.029460][T12023]  </TASK>
[  340.029467][T12023] Mem-Info:
[  340.142812][T12023] active_anon:15160 inactive_anon:10981 isolated_anon:33
[  340.142812][T12023]  active_file:5722 inactive_file:3295 isolated_file:0
[  340.142812][T12023]  unevictable:1768 dirty:148 writeback:0
[  340.142812][T12023]  slab_reclaimable:6114 slab_unreclaimable:61087
[  340.142812][T12023]  mapped:27116 shmem:25335 pagetables:1051
[  340.142812][T12023]  sec_pagetables:313 bounce:0
[  340.142812][T12023]  kernel_misc_reclaimable:0
[  340.142812][T12023]  free:25821 free_pcp:3193 free_cma:0
[  340.233883][T12023] Node 0 active_anon:1420kB inactive_anon:11468kB active_file:36kB inactive_file:4kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:17824kB dirty:0kB writeback:0kB shmem:15544kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:7792kB pagetables:1372kB sec_pagetables:1160kB all_unreclaimable? no Balloon:0kB
[  340.269921][T12023] Node 1 active_anon:55220kB inactive_anon:32492kB active_file:22972kB inactive_file:13092kB unevictable:3536kB isolated(anon):28kB isolated(file):0kB mapped:95016kB dirty:128kB writeback:712kB shmem:82464kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5540kB pagetables:2864kB sec_pagetables:92kB all_unreclaimable? no Balloon:0kB
[  340.292969][T12023] Node 0 DMA free:1536kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:272kB inactive_anon:256kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  340.317476][T12023] lowmem_reserve[]: 0 289 289 289 289
[  340.335821][ T1149] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  340.344721][T12023] Node 0 DMA32 free:9788kB boost:0kB min:13220kB low:16524kB high:19828kB reserved_highatomic:2048KB free_highatomic:356KB active_anon:1240kB inactive_anon:8012kB active_file:160kB inactive_file:4kB unevictable:3536kB writepending:0kB present:1032196kB managed:296436kB mlocked:0kB bounce:0kB free_pcp:96kB local_pcp:0kB free_cma:0kB
[  340.367946][T12023] lowmem_reserve[]: 0 0 0 0 0
[  340.370431][T12023] Node 1 DMA32 free:117596kB boost:81920kB min:129064kB low:140848kB high:152632kB reserved_highatomic:2048KB free_highatomic:1952KB active_anon:59020kB inactive_anon:21764kB active_file:22984kB inactive_file:13088kB unevictable:3536kB writepending:196kB present:1048432kB managed:948284kB mlocked:0kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB
[  340.400583][T12023] lowmem_reserve[]: 0 0 0 0 0
[  340.404845][T12023] Node 0 DMA: 1*4kB (U) 2*8kB (UM) 2*16kB (UM) 5*32kB (UM) 1*64kB (U) 0*128kB 1*256kB (M) 0*512kB 1*1024kB (M) 0*2048kB 0*4096kB = 1556kB
[  340.421332][T12023] Node 0 DMA32: 306*4kB (UMEH) 278*8kB (UMEH) 148*16kB (UMEH) 57*32kB (UMEH) 52*64kB (UME) 11*128kB (UME) 5*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 13656kB
[  340.439384][T12023] Node 1 DMA32: 138*4kB (UME) 442*8kB (UMEH) 902*16kB (UMEH) 645*32kB (UMEH) 397*64kB (UMEH) 153*128kB (UMEH) 55*256kB (UMEH) 30*512kB (UMH) 5*1024kB (UM) 0*2048kB 0*4096kB = 118712kB
[  340.906959][T12023] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  340.915697][T12023] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  340.922999][T12023] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  340.929065][T12023] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  340.934432][T12023] 32167 total pagecache pages
[  340.947496][T12023] 526 pages in swap cache
[  340.949386][T12023] Free swap  = 80000kB
[  340.951901][T12023] Total swap = 124996kB
[  340.953643][T12023] 524155 pages RAM
[  340.955235][T12023] 0 pages HighMem/MovableOnly
[  340.957229][T12023] 209135 pages reserved
[  340.959109][T12023] 0 pages cma reserved
[  341.407994][T12023] kexec: Could not allocate control_code_buffer
[  342.253025][T12040] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1488'.
[  342.256905][T12040] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1488'.
[  342.399639][T12051] netlink: 'syz.3.1490': attribute type 10 has an invalid length.
[  342.420045][ T1149] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  342.431534][T12051] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1490'.
[  342.435690][T12052] netlink: 'syz.1.1491': attribute type 2 has an invalid length.
[  342.732611][ T5951] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  342.739605][ T5951] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  342.744008][ T5951] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  342.748134][ T5951] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  342.751820][ T5951] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  342.775187][ T1149] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  342.815604][T12054] ªªªªªª speed is unknown, defaulting to 1000
[  342.821990][T12054] ªªªªªª speed is unknown, defaulting to 1000
[  342.853037][ T1149] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  343.006324][T12060] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1492'.
[  343.012199][T12060] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1492'.
[  343.018896][T12060] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1492'.
[  343.029020][T12060] SET target dimension over the limit!
[  343.031878][ T1149] bridge_slave_1: left allmulticast mode
[  343.034223][ T1149] bridge_slave_1: left promiscuous mode
[  343.037877][ T1149] bridge0: port 2(bridge_slave_1) entered disabled state
[  343.043336][ T1149] bridge_slave_0: left allmulticast mode
[  343.045686][ T1149] bridge_slave_0: left promiscuous mode
[  343.048077][ T1149] bridge0: port 1(bridge_slave_0) entered disabled state
[  343.189475][T12063] FAULT_INJECTION: forcing a failure.
[  343.189475][T12063] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  343.196242][T12063] CPU: 0 UID: 0 PID: 12063 Comm: syz.2.1493 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  343.196258][T12063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  343.196266][T12063] Call Trace:
[  343.196270][T12063]  <TASK>
[  343.196274][T12063]  dump_stack_lvl+0x16c/0x1f0
[  343.196295][T12063]  should_fail_ex+0x512/0x640
[  343.196322][T12063]  should_fail_alloc_page+0xe7/0x130
[  343.196333][T12063]  prepare_alloc_pages+0x3c2/0x610
[  343.196348][T12063]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  343.196364][T12063]  ? kasan_save_stack+0x42/0x60
[  343.196378][T12063]  ? kasan_save_stack+0x33/0x60
[  343.196392][T12063]  ? kasan_save_track+0x14/0x30
[  343.196405][T12063]  ? __kasan_kmalloc+0xaa/0xb0
[  343.196418][T12063]  ? __kmalloc_noprof+0x223/0x510
[  343.196431][T12063]  ? bio_kmalloc+0x41/0x70
[  343.196445][T12063]  ? blk_rq_map_kern+0x387/0x6d0
[  343.196456][T12063]  ? scsi_execute_cmd+0xbd9/0xef0
[  343.196466][T12063]  ? sr_do_ioctl+0x219/0x840
[  343.196480][T12063]  ? sr_read_tochdr.isra.0+0xfc/0x270
[  343.196494][T12063]  ? sr_audio_ioctl+0x10f/0x2f0
[  343.196503][T12063]  ? cdrom_count_tracks+0x26f/0x7e0
[  343.196518][T12063]  ? cdrom_open+0x738/0x26b0
[  343.196527][T12063]  ? sr_block_open+0x173/0x270
[  343.196541][T12063]  ? blkdev_get_whole+0x99/0x290
[  343.196552][T12063]  ? bdev_open+0x2c7/0xe40
[  343.196563][T12063]  ? blkdev_open+0x280/0x3f0
[  343.196576][T12063]  ? do_dentry_open+0x744/0x1c10
[  343.196589][T12063]  ? vfs_open+0x82/0x3f0
[  343.196599][T12063]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  343.196614][T12063]  ? __ia32_compat_sys_openat+0x16d/0x210
[  343.196625][T12063]  ? do_fast_syscall_32+0x32/0x80
[  343.196643][T12063]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  343.196660][T12063]  ? policy_nodemask+0xea/0x4e0
[  343.196678][T12063]  alloc_pages_mpol+0x1fb/0x550
[  343.196688][T12063]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  343.196697][T12063]  ? trace_kmalloc+0x2b/0xd0
[  343.196707][T12063]  ? __kmalloc_noprof+0x242/0x510
[  343.196721][T12063]  ? __pfx___debug_object_init+0x10/0x10
[  343.196734][T12063]  alloc_pages_noprof+0x131/0x390
[  343.196744][T12063]  blk_rq_map_kern+0x403/0x6d0
[  343.196759][T12063]  scsi_execute_cmd+0xbd9/0xef0
[  343.196770][T12063]  ? sr_block_open+0x173/0x270
[  343.196786][T12063]  ? path_openat+0x1de4/0x2cb0
[  343.196805][T12063]  ? __pfx_scsi_execute_cmd+0x10/0x10
[  343.196815][T12063]  ? __do_fast_syscall_32+0x7c/0x3a0
[  343.196823][T12063]  ? do_fast_syscall_32+0x32/0x80
[  343.196832][T12063]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  343.196849][T12063]  sr_do_ioctl+0x219/0x840
[  343.196868][T12063]  ? __pfx_sr_do_ioctl+0x10/0x10
[  343.196891][T12063]  sr_read_tochdr.isra.0+0xfc/0x270
[  343.196907][T12063]  ? __pfx_sr_read_tochdr.isra.0+0x10/0x10
[  343.196926][T12063]  ? __pfx_scsi_execute_cmd+0x10/0x10
[  343.196936][T12063]  ? percpu_ref_put_many.constprop.0+0xc4/0x2a0
[  343.196951][T12063]  sr_audio_ioctl+0x10f/0x2f0
[  343.196960][T12063]  ? __pfx_sr_audio_ioctl+0x10/0x10
[  343.196970][T12063]  ? __pfx_scsi_test_unit_ready+0x10/0x10
[  343.196986][T12063]  cdrom_count_tracks+0x26f/0x7e0
[  343.197004][T12063]  ? __pfx_cdrom_count_tracks+0x10/0x10
[  343.197019][T12063]  ? __pfx_sr_drive_status+0x10/0x10
[  343.197034][T12063]  ? __lock_acquire+0xb8a/0x1c90
[  343.197052][T12063]  cdrom_open+0x738/0x26b0
[  343.197064][T12063]  ? __pfx_cdrom_open+0x10/0x10
[  343.197074][T12063]  ? __pfx___might_resched+0x10/0x10
[  343.197086][T12063]  ? trace_contention_end+0xdd/0x130
[  343.197100][T12063]  ? __mutex_lock+0x1ca/0xb90
[  343.197111][T12063]  ? sr_block_open+0x167/0x270
[  343.197127][T12063]  ? __pfx___mutex_lock+0x10/0x10
[  343.197135][T12063]  ? mark_held_locks+0x49/0x80
[  343.197148][T12063]  ? _raw_spin_unlock_irq+0x23/0x50
[  343.197163][T12063]  ? disk_check_media_change+0x1ca/0x270
[  343.197178][T12063]  ? __pfx_disk_check_media_change+0x10/0x10
[  343.197192][T12063]  ? lockdep_hardirqs_on+0x7c/0x110
[  343.197206][T12063]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  343.197223][T12063]  sr_block_open+0x173/0x270
[  343.197239][T12063]  ? __pfx_sr_block_open+0x10/0x10
[  343.197257][T12063]  ? __pfx_sr_block_open+0x10/0x10
[  343.197273][T12063]  blkdev_get_whole+0x99/0x290
[  343.197286][T12063]  bdev_open+0x2c7/0xe40
[  343.197302][T12063]  blkdev_open+0x280/0x3f0
[  343.197317][T12063]  do_dentry_open+0x744/0x1c10
[  343.197332][T12063]  ? __pfx_blkdev_open+0x10/0x10
[  343.197349][T12063]  vfs_open+0x82/0x3f0
[  343.197361][T12063]  path_openat+0x1de4/0x2cb0
[  343.197380][T12063]  ? __pfx_path_openat+0x10/0x10
[  343.197398][T12063]  do_filp_open+0x20b/0x470
[  343.197412][T12063]  ? __pfx_do_filp_open+0x10/0x10
[  343.197437][T12063]  ? _raw_spin_unlock+0x28/0x50
[  343.197450][T12063]  ? alloc_fd+0x471/0x7d0
[  343.197467][T12063]  do_sys_openat2+0x11b/0x1d0
[  343.197478][T12063]  ? __pfx_do_sys_openat2+0x10/0x10
[  343.197490][T12063]  ? __fget_files+0x20e/0x3c0
[  343.197502][T12063]  ? handle_mm_fault+0x1d0/0xd10
[  343.197518][T12063]  __ia32_compat_sys_openat+0x16d/0x210
[  343.197530][T12063]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  343.197542][T12063]  ? ksys_write+0x1ac/0x250
[  343.197559][T12063]  ? rcu_is_watching+0x12/0xc0
[  343.197571][T12063]  __do_fast_syscall_32+0x7c/0x3a0
[  343.197582][T12063]  do_fast_syscall_32+0x32/0x80
[  343.197591][T12063]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  343.197603][T12063] RIP: 0023:0xf7f64579
[  343.197612][T12063] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  343.197622][T12063] RSP: 002b:00000000f5086490 EFLAGS: 00000293 ORIG_RAX: 0000000000000127
[  343.197632][T12063] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f50864e0
[  343.197639][T12063] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 00000000f73f2ff4
[  343.197644][T12063] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  343.197650][T12063] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  343.197656][T12063] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  343.197669][T12063]  </TASK>
[  343.520698][T12062] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  343.634421][ T1149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  343.638921][ T1149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  343.643223][ T1149] bond0 (unregistering): Released all slaves
[  343.822236][T12054] chnl_net:caif_netlink_parms(): no params data found
[  343.942166][T12078] fuse: Bad value for 'group_id'
[  343.944070][T12078] fuse: Bad value for 'group_id'
[  344.169318][T12054] bridge0: port 1(bridge_slave_0) entered blocking state
[  344.205801][T12054] bridge0: port 1(bridge_slave_0) entered disabled state
[  344.208881][T12054] bridge_slave_0: entered allmulticast mode
[  344.226046][T12054] bridge_slave_0: entered promiscuous mode
[  344.237033][T12054] bridge0: port 2(bridge_slave_1) entered blocking state
[  344.246375][T12054] bridge0: port 2(bridge_slave_1) entered disabled state
[  344.249428][T12054] bridge_slave_1: entered allmulticast mode
[  344.257822][T12054] bridge_slave_1: entered promiscuous mode
[  344.325275][T12054] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  344.342836][ T1149] hsr_slave_0: left promiscuous mode
[  344.345966][ T1149] hsr_slave_1: left promiscuous mode
[  344.347972][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  344.350554][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_0
[  344.354007][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  344.356323][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_1
[  344.393291][ T1149] veth1_macvtap: left promiscuous mode
[  344.395662][ T1149] veth0_macvtap: left promiscuous mode
[  344.398053][ T1149] veth1_vlan: left promiscuous mode
[  344.400640][ T1149] veth0_vlan: left promiscuous mode
[  344.835755][ T5951] Bluetooth: hci2: command tx timeout
[  345.227948][ T1149] team0 (unregistering): Port device team_slave_1 removed
[  345.300539][ T1149] team0 (unregistering): Port device team_slave_0 removed
[  345.873878][T12054] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  345.924010][T12054] team0: Port device team_slave_0 added
[  345.931740][T12054] team0: Port device team_slave_1 added
[  345.971617][T12054] batman_adv: batadv0: Adding interface: batadv_slave_0
[  345.974248][T12054] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  345.983281][T12054] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  345.988147][T12054] batman_adv: batadv0: Adding interface: batadv_slave_1
[  345.992355][T12054] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  346.001480][T12054] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  346.055871][T12054] hsr_slave_0: entered promiscuous mode
[  346.058224][T12054] hsr_slave_1: entered promiscuous mode
[  346.111289][T12108] netlink: 'syz.2.1502': attribute type 10 has an invalid length.
[  346.118658][T12108] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1502'.
[  346.131252][T12108] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  346.225361][T12113] veth0_to_hsr: entered allmulticast mode
[  346.230510][T12113] pim6reg: entered allmulticast mode
[  346.236831][T12113] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1504'.
[  346.418633][T12114] veth0_to_hsr (unregistering): left allmulticast mode
[  346.462751][T12114] hsr_slave_0 (unregistering): left promiscuous mode
[  346.468306][T12108] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  346.559641][T12108] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  346.743063][T12108] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  346.808345][T12054] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  346.825136][T12054] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  346.830063][T12054] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  346.837900][T12108] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  346.842349][T12054] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  346.851330][T12108] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  346.858888][T12108] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  346.860275][T12121] overlayfs: failed to clone lowerpath
[  346.869364][T12108] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  346.899942][ T5951] Bluetooth: hci2: command tx timeout
[  347.171262][T12054] 8021q: adding VLAN 0 to HW filter on device bond0
[  347.207116][T12054] 8021q: adding VLAN 0 to HW filter on device team0
[  347.231104][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state
[  347.233409][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state
[  347.243947][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state
[  347.247362][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state
[  347.320914][T12135] netlink: 'syz.3.1507': attribute type 10 has an invalid length.
[  347.324617][T12135] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1507'.
[  347.385039][T12054] 8021q: adding VLAN 0 to HW filter on device batadv0
[  347.411046][T12054] veth0_vlan: entered promiscuous mode
[  347.415692][T12054] veth1_vlan: entered promiscuous mode
[  347.439318][T12054] veth0_macvtap: entered promiscuous mode
[  347.463146][T12054] veth1_macvtap: entered promiscuous mode
[  347.473812][T12054] batman_adv: batadv0: Interface activated: batadv_slave_0
[  347.479841][T12054] batman_adv: batadv0: Interface activated: batadv_slave_1
[  347.484746][T12054] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  347.487566][T12054] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  347.492069][T12054] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  347.494754][T12054] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  347.539111][ T1149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  347.546723][ T1149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  347.564011][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  347.566482][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  347.786661][T12148] netlink: 'syz.2.1509': attribute type 10 has an invalid length.
[  347.792556][T12148] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1509'.
[  347.921584][T12148] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  348.007881][T12148] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  348.073133][T12148] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  348.164863][T12148] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  348.242523][T12148] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  348.251820][T12148] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  348.258373][T12148] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  348.272774][T12148] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  348.566670][T12154] netlink: 'syz.3.1511': attribute type 10 has an invalid length.
[  348.669347][T12161] netlink: 'syz.3.1512': attribute type 2 has an invalid length.
[  349.084379][T12171] No source specified
[  349.106042][T12171] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  349.705729][   T87] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  349.714667][T12184] netlink: 'syz.3.1519': attribute type 27 has an invalid length.
[  349.717564][T12184] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1519'.
[  349.736919][T12184] 8021q: adding VLAN 0 to HW filter on device bond0
[  349.741770][T12184] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  349.746556][ T1338] ªªªªªª speed is unknown, defaulting to 1000
[  349.748464][ T1338] s
z1: Port: 1 Link ACTIVE
[  349.750860][ T1338] ªªªªªª speed is unknown, defaulting to 1000
[  351.093243][T12189] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1521'.
[  351.207302][ T5948] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  351.211283][ T5948] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  351.218648][ T5948] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  351.224668][ T5948] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  351.227127][ T5948] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  351.245994][T12199] ªªªªªª speed is unknown, defaulting to 1000
[  351.248612][T12199] ªªªªªª speed is unknown, defaulting to 1000
[  351.395809][   T87] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.610838][T12210] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1525'.
[  351.635316][T12199] chnl_net:caif_netlink_parms(): no params data found
[  351.675111][   T87] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.770137][   T87] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.979945][T12199] bridge0: port 1(bridge_slave_0) entered blocking state
[  351.982347][T12199] bridge0: port 1(bridge_slave_0) entered disabled state
[  351.984661][T12199] bridge_slave_0: entered allmulticast mode
[  351.987368][T12199] bridge_slave_0: entered promiscuous mode
[  351.990886][T12199] bridge0: port 2(bridge_slave_1) entered blocking state
[  351.993210][T12199] bridge0: port 2(bridge_slave_1) entered disabled state
[  351.995505][T12199] bridge_slave_1: entered allmulticast mode
[  351.998592][T12199] bridge_slave_1: entered promiscuous mode
[  352.062947][T12199] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  352.068619][T12199] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  352.157331][T12199] team0: Port device team_slave_0 added
[  352.165300][T12199] team0: Port device team_slave_1 added
[  352.291570][   T87] bridge_slave_1: left allmulticast mode
[  352.293388][   T87] bridge_slave_1: left promiscuous mode
[  352.295238][   T87] bridge0: port 2(bridge_slave_1) entered disabled state
[  352.299123][   T87] bridge_slave_0: left allmulticast mode
[  352.302060][   T87] bridge_slave_0: left promiscuous mode
[  352.304605][   T87] bridge0: port 1(bridge_slave_0) entered disabled state
[  352.705975][   T87] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  352.710596][   T87] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  352.714507][   T87] bond0 (unregistering): Released all slaves
[  352.758548][T12199] batman_adv: batadv0: Adding interface: batadv_slave_0
[  352.761765][T12199] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  352.773031][T12199] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  352.778690][T12199] batman_adv: batadv0: Adding interface: batadv_slave_1
[  352.781751][T12199] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  352.793659][T12199] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  352.844317][T12199] hsr_slave_0: entered promiscuous mode
[  352.847082][T12199] hsr_slave_1: entered promiscuous mode
[  352.849828][T12199] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  352.852830][T12199] Cannot create hsr debugfs directory
[  353.131728][   T87] hsr_slave_0: left promiscuous mode
[  353.134769][   T87] hsr_slave_1: left promiscuous mode
[  353.137567][   T87] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  353.149502][   T87] batman_adv: batadv0: Removing interface: batadv_slave_0
[  353.153052][   T87] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  353.155514][   T87] batman_adv: batadv0: Removing interface: batadv_slave_1
[  353.189561][   T87] veth1_macvtap: left promiscuous mode
[  353.191477][   T87] veth0_macvtap: left promiscuous mode
[  353.195023][   T87] veth1_vlan: left promiscuous mode
[  353.197448][   T87] veth0_vlan: left promiscuous mode
[  353.312653][ T5951] Bluetooth: hci2: command tx timeout
[  353.869305][T12259] Cannot find del_set index 3 as target
[  353.958450][   T87] team0 (unregistering): Port device team_slave_1 removed
[  354.037333][   T87] team0 (unregistering): Port device team_slave_0 removed
[  354.759140][T12265] can: request_module (can-proto-0) failed.
[  354.790528][T12265] trusted_key: encrypted_key: hex blob is missing
[  354.798024][T12265] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1544'.
[  354.974194][T12199] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  354.981313][T12199] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  354.990859][T12199] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  354.995424][T12199] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  355.072457][T12199] 8021q: adding VLAN 0 to HW filter on device bond0
[  355.081896][T12199] 8021q: adding VLAN 0 to HW filter on device team0
[  355.092192][ T1152] bridge0: port 1(bridge_slave_0) entered blocking state
[  355.095194][ T1152] bridge0: port 1(bridge_slave_0) entered forwarding state
[  355.102801][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  355.105794][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  355.164680][T12287] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  355.237947][T12199] 8021q: adding VLAN 0 to HW filter on device batadv0
[  355.281345][T12199] veth0_vlan: entered promiscuous mode
[  355.289957][T12199] veth1_vlan: entered promiscuous mode
[  355.309053][T12199] veth0_macvtap: entered promiscuous mode
[  355.313853][T12199] veth1_macvtap: entered promiscuous mode
[  355.322292][T12199] batman_adv: batadv0: Interface activated: batadv_slave_0
[  355.326372][T12199] batman_adv: batadv0: Interface activated: batadv_slave_1
[  355.330133][T12199] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  355.333457][T12199] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  355.336339][T12199] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  355.339007][T12199] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  355.389368][ T5951] Bluetooth: hci2: command tx timeout
[  355.502257][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  355.505086][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  355.548999][T12303] No source specified
[  355.553845][ T1256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  355.557190][ T1256] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  357.002961][T12326] netlink: 'syz.2.1559': attribute type 21 has an invalid length.
[  357.005505][T12326] netlink: 'syz.2.1559': attribute type 6 has an invalid length.
[  357.007985][T12326] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1559'.
[  357.489198][T12335] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  357.491818][T12335] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  357.494450][T12335] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  357.497076][T12335] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  357.500926][T12335] geneve3: entered promiscuous mode
[  357.873446][T12337] IPVS: length: 140 != 8
[  357.901535][T12339] FAULT_INJECTION: forcing a failure.
[  357.901535][T12339] name failslab, interval 1, probability 0, space 0, times 0
[  357.907065][T12339] CPU: 2 UID: 0 PID: 12339 Comm: syz.2.1563 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  357.907080][T12339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  357.907087][T12339] Call Trace:
[  357.907091][T12339]  <TASK>
[  357.907096][T12339]  dump_stack_lvl+0x16c/0x1f0
[  357.907116][T12339]  should_fail_ex+0x512/0x640
[  357.907134][T12339]  should_failslab+0xc2/0x120
[  357.907145][T12339]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  357.907161][T12339]  ? __alloc_skb+0x2b2/0x380
[  357.907178][T12339]  __alloc_skb+0x2b2/0x380
[  357.907193][T12339]  ? __pfx___alloc_skb+0x10/0x10
[  357.907209][T12339]  ? lock_acquire+0x179/0x350
[  357.907223][T12339]  ? find_held_lock+0x2b/0x80
[  357.907234][T12339]  fdb_notify+0xa4/0x1a0
[  357.907248][T12339]  fdb_delete+0x6f9/0x1230
[  357.907265][T12339]  br_fdb_flush+0x2cc/0x530
[  357.907282][T12339]  br_fdb_delete_bulk+0x667/0xd00
[  357.907296][T12339]  ? __pfx_br_fdb_delete_bulk+0x10/0x10
[  357.907314][T12339]  ? __pfx_aa_get_newest_label+0x10/0x10
[  357.907332][T12339]  ? __nla_parse+0x40/0x60
[  357.907343][T12339]  ? __pfx_br_fdb_delete_bulk+0x10/0x10
[  357.907357][T12339]  rtnl_fdb_del+0x7bc/0xc50
[  357.907369][T12339]  ? __mutex_lock+0x1ca/0xb90
[  357.907378][T12339]  ? __pfx_rtnl_fdb_del+0x10/0x10
[  357.907397][T12339]  ? __pfx_rtnl_fdb_del+0x10/0x10
[  357.907431][T12339]  rtnetlink_rcv_msg+0x3c9/0xe90
[  357.907443][T12339]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  357.907456][T12339]  ? __lock_acquire+0x622/0x1c90
[  357.907471][T12339]  netlink_rcv_skb+0x158/0x420
[  357.907483][T12339]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  357.907494][T12339]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  357.907510][T12339]  ? netlink_deliver_tap+0x1ae/0xd30
[  357.907520][T12339]  ? is_vmalloc_addr+0x86/0xa0
[  357.907537][T12339]  netlink_unicast+0x53a/0x7f0
[  357.907550][T12339]  ? __pfx_netlink_unicast+0x10/0x10
[  357.907565][T12339]  netlink_sendmsg+0x8d1/0xdd0
[  357.907579][T12339]  ? __pfx_netlink_sendmsg+0x10/0x10
[  357.907595][T12339]  sock_write_iter+0x4fc/0x5b0
[  357.907608][T12339]  ? __pfx_sock_write_iter+0x10/0x10
[  357.907625][T12339]  ? bpf_lsm_file_permission+0x9/0x10
[  357.907636][T12339]  ? security_file_permission+0x71/0x210
[  357.907650][T12339]  ? rw_verify_area+0xcf/0x680
[  357.907664][T12339]  vfs_write+0x6c7/0x1150
[  357.907678][T12339]  ? __pfx_sock_write_iter+0x10/0x10
[  357.907696][T12339]  ? __pfx_vfs_write+0x10/0x10
[  357.907709][T12339]  ? find_held_lock+0x2b/0x80
[  357.907727][T12339]  ksys_write+0x1f8/0x250
[  357.907741][T12339]  ? __pfx_ksys_write+0x10/0x10
[  357.907756][T12339]  ? rcu_is_watching+0x12/0xc0
[  357.907768][T12339]  __do_fast_syscall_32+0x7c/0x3a0
[  357.907779][T12339]  do_fast_syscall_32+0x32/0x80
[  357.907789][T12339]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  357.907802][T12339] RIP: 0023:0xf7f64579
[  357.907810][T12339] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  357.907820][T12339] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  357.907830][T12339] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  357.907837][T12339] RDX: 000000000000001c RSI: 0000000000000000 RDI: 0000000000000000
[  357.907843][T12339] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  357.907849][T12339] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  357.907854][T12339] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  357.907867][T12339]  </TASK>
[  358.496330][   T87] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.549223][   T34] usb 7-1: new low-speed USB device number 8 using dummy_hcd
[  358.720776][   T34] usb 7-1: unable to get BOS descriptor or descriptor too short
[  358.724619][   T34] usb 7-1: unable to read config index 0 descriptor/start: -71
[  358.727716][   T34] usb 7-1: can't read configurations, error -71
[  359.974801][   T87] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  360.090013][   T87] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  360.118158][ T5948] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  360.122528][ T5948] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  360.125976][ T5948] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  360.129094][ T5948] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  360.132963][ T5948] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  360.151667][T12361] ªªªªªª speed is unknown, defaulting to 1000
[  360.154127][T12361] ªªªªªª speed is unknown, defaulting to 1000
[  360.208756][   T87] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  360.269108][   T60] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  360.322976][   T87] bridge_slave_1: left allmulticast mode
[  360.324822][   T87] bridge_slave_1: left promiscuous mode
[  360.326684][   T87] bridge0: port 2(bridge_slave_1) entered disabled state
[  360.330657][   T87] bridge_slave_0: left allmulticast mode
[  360.332935][   T87] bridge_slave_0: left promiscuous mode
[  360.334783][   T87] bridge0: port 1(bridge_slave_0) entered disabled state
[  360.397690][T12357] No source specified
[  360.430988][   T60] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  360.442559][   T60] usb 8-1: config 0 interface 0 has no altsetting 0
[  360.453927][   T60] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  360.462848][   T60] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  360.465523][   T60] usb 8-1: Product: syz
[  360.466884][   T60] usb 8-1: Manufacturer: syz
[  360.468396][   T60] usb 8-1: SerialNumber: syz
[  360.480626][   T60] usb 8-1: config 0 descriptor??
[  360.485612][   T60] usb 8-1: selecting invalid altsetting 0
[  360.627070][   T87] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  360.631431][   T87] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  360.635798][   T87] bond0 (unregistering): Released all slaves
[  360.647289][T12361] chnl_net:caif_netlink_parms(): no params data found
[  360.686725][   T60] usb 8-1: USB disconnect, device number 15
[  360.756376][T12361] bridge0: port 1(bridge_slave_0) entered blocking state
[  360.758647][T12361] bridge0: port 1(bridge_slave_0) entered disabled state
[  360.769159][T12361] bridge_slave_0: entered allmulticast mode
[  360.771988][T12361] bridge_slave_0: entered promiscuous mode
[  360.777181][T12378] "syz.1.1572" (12378) uses obsolete ecb(arc4) skcipher
[  360.794097][T12361] bridge0: port 2(bridge_slave_1) entered blocking state
[  360.796471][T12361] bridge0: port 2(bridge_slave_1) entered disabled state
[  360.798740][T12361] bridge_slave_1: entered allmulticast mode
[  360.802487][T12361] bridge_slave_1: entered promiscuous mode
[  360.846829][T12378] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1572'.
[  360.857336][T12361] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  360.863280][T12361] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  360.903935][T12361] team0: Port device team_slave_0 added
[  360.907325][T12361] team0: Port device team_slave_1 added
[  360.952357][T12361] batman_adv: batadv0: Adding interface: batadv_slave_0
[  360.954554][T12361] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  360.964065][T12361] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  360.968235][T12361] batman_adv: batadv0: Adding interface: batadv_slave_1
[  360.970490][T12361] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  360.978717][T12361] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  361.031645][T12361] hsr_slave_0: entered promiscuous mode
[  361.033978][T12361] hsr_slave_1: entered promiscuous mode
[  361.136534][   T87] hsr_slave_0: left promiscuous mode
[  361.138772][   T87] hsr_slave_1: left promiscuous mode
[  361.145365][   T87] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  361.147830][   T87] batman_adv: batadv0: Removing interface: batadv_slave_0
[  361.152494][   T87] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  361.153392][   T53] libceph: connect (1)[c::]:6789 error -101
[  361.154806][   T87] batman_adv: batadv0: Removing interface: batadv_slave_1
[  361.156999][   T53] libceph: mon0 (1)[c::]:6789 connect error
[  361.190427][   T87] veth1_macvtap: left promiscuous mode
[  361.192233][   T87] veth0_macvtap: left promiscuous mode
[  361.194028][   T87] veth1_vlan: left promiscuous mode
[  361.195704][   T87] veth0_vlan: left promiscuous mode
[  361.196924][T12383] ceph: No mds server is up or the cluster is laggy
[  361.628742][T12395] netlink: 'syz.1.1576': attribute type 2 has an invalid length.
[  361.817696][T12398] openvswitch: netlink: Geneve option length err (len 256, max 255).
[  361.962741][   T87] team0 (unregistering): Port device team_slave_1 removed
[  362.039229][   T87] team0 (unregistering): Port device team_slave_0 removed
[  362.196954][ T5951] Bluetooth: hci2: command tx timeout
[  362.398234][T12408] netlink: 'syz.3.1580': attribute type 10 has an invalid length.
[  362.452020][T12409] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1580'.
[  362.711086][T12406] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  362.748426][T12412] netlink: 'syz.1.1581': attribute type 10 has an invalid length.
[  362.751032][T12412] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1581'.
[  362.773952][T12412] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  362.780551][T12406] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  362.975114][T12406] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  363.039393][T12421] netlink: 'syz.1.1582': attribute type 4 has an invalid length.
[  363.111318][T12406] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  363.213434][T12361] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  363.221300][T12361] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  363.228976][T12361] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  363.233246][T12361] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  363.275448][T12406] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  363.318177][T12361] 8021q: adding VLAN 0 to HW filter on device bond0
[  363.332943][T12361] 8021q: adding VLAN 0 to HW filter on device team0
[  363.342105][   T87] bridge0: port 1(bridge_slave_0) entered blocking state
[  363.345024][   T87] bridge0: port 1(bridge_slave_0) entered forwarding state
[  363.356176][T12406] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  363.370483][   T87] bridge0: port 2(bridge_slave_1) entered blocking state
[  363.373272][   T87] bridge0: port 2(bridge_slave_1) entered forwarding state
[  363.381032][T12406] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  363.402022][T12406] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  363.548790][T12361] 8021q: adding VLAN 0 to HW filter on device batadv0
[  363.581975][T12361] veth0_vlan: entered promiscuous mode
[  363.592193][T12361] veth1_vlan: entered promiscuous mode
[  363.612877][T12361] veth0_macvtap: entered promiscuous mode
[  363.618507][T12361] veth1_macvtap: entered promiscuous mode
[  363.631134][T12361] batman_adv: batadv0: Interface activated: batadv_slave_0
[  363.638717][T12361] batman_adv: batadv0: Interface activated: batadv_slave_1
[  363.645397][T12361] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  363.649249][T12361] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  363.652692][T12361] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  363.655804][T12361] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  363.701561][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  363.704126][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  363.772333][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  363.778952][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  363.885161][T12439] ªªªªªª speed is unknown, defaulting to 1000
[  363.940735][T12439] ªªªªªª speed is unknown, defaulting to 1000
[  364.086865][T12445] overlay: filesystem on ./bus not supported
[  364.324168][T12452] 9pnet: Unknown protocol version 9p20
[  364.431215][T12456] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1594'.
[  364.714647][T12460] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1596'.
[  364.725773][T12460] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1596'.
[  364.836060][T12475] netlink: 'syz.1.1600': attribute type 10 has an invalid length.
[  364.841765][T12475] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1600'.
[  364.847274][T12475] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  364.850874][T12475] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  364.912363][T12475] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  364.915752][T12475] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  364.976725][T12475] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  364.981802][T12475] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  365.071196][T12475] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  365.074461][T12475] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  365.134112][T12475] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  365.137273][T12475] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  365.146335][T12475] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  365.151105][T12475] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  365.157669][T12475] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  365.161149][T12475] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  365.167673][T12475] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  365.170335][T12475] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  365.373167][T12482] netlink: 'syz.3.1602': attribute type 10 has an invalid length.
[  365.375641][T12482] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1602'.
[  365.378499][T12482] dummy0: entered promiscuous mode
[  365.380693][T12482] bridge0: port 1(dummy0) entered blocking state
[  365.383043][T12482] bridge0: port 1(dummy0) entered disabled state
[  365.385177][T12482] dummy0: entered allmulticast mode
[  365.388251][T12482] bridge0: port 1(dummy0) entered blocking state
[  365.390503][T12482] bridge0: port 1(dummy0) entered forwarding state
[  365.863851][ T1149] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  367.676914][ T5948] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  367.684801][ T5948] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  367.688758][ T5948] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  367.693474][ T5948] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  367.697084][ T5948] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  367.715674][ T1149] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  367.732239][T12509] ªªªªªª speed is unknown, defaulting to 1000
[  367.734679][T12509] ªªªªªª speed is unknown, defaulting to 1000
[  367.787088][ T1149] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  367.833913][T12513] No source specified
[  367.843957][ T1149] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  367.900872][T12509] chnl_net:caif_netlink_parms(): no params data found
[  367.999201][T12509] bridge0: port 1(bridge_slave_0) entered blocking state
[  368.001499][T12509] bridge0: port 1(bridge_slave_0) entered disabled state
[  368.003742][T12509] bridge_slave_0: entered allmulticast mode
[  368.006234][T12509] bridge_slave_0: entered promiscuous mode
[  368.014720][T12509] bridge0: port 2(bridge_slave_1) entered blocking state
[  368.017202][T12509] bridge0: port 2(bridge_slave_1) entered disabled state
[  368.020166][T12509] bridge_slave_1: entered allmulticast mode
[  368.023150][T12509] bridge_slave_1: entered promiscuous mode
[  368.066514][T12509] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  368.069753][ T1149] bridge_slave_1: left allmulticast mode
[  368.071639][ T1149] bridge_slave_1: left promiscuous mode
[  368.073494][ T1149] bridge0: port 2(bridge_slave_1) entered disabled state
[  368.077707][ T1149] bridge_slave_0: left allmulticast mode
[  368.080173][ T1149] bridge_slave_0: left promiscuous mode
[  368.082129][ T1149] bridge0: port 1(bridge_slave_0) entered disabled state
[  368.347386][ T1149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  368.351675][ T1149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  368.355328][ T1149] bond0 (unregistering): Released all slaves
[  368.362888][T12509] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  368.462384][T12509] team0: Port device team_slave_0 added
[  368.488130][T12509] team0: Port device team_slave_1 added
[  368.512731][T12525] overlayfs: missing 'lowerdir'
[  368.518107][T12525] fuse: Bad value for 'fd'
[  368.541089][T12509] batman_adv: batadv0: Adding interface: batadv_slave_0
[  368.543281][T12509] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  368.551677][T12509] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  368.556064][T12509] batman_adv: batadv0: Adding interface: batadv_slave_1
[  368.558401][T12509] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  368.563827][T12523] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1612'.
[  368.567800][T12509] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  368.592263][T12520] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1611'.
[  368.609672][T12520] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1611'.
[  368.636487][T12523] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1612'.
[  368.637087][T12530] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1614'.
[  368.643752][T12509] hsr_slave_0: entered promiscuous mode
[  368.645961][T12509] hsr_slave_1: entered promiscuous mode
[  368.648028][T12509] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  368.650946][T12523] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1612'.
[  368.651499][T12509] Cannot create hsr debugfs directory
[  368.668898][   T60] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  368.729490][T12530] batadv_slave_0: entered promiscuous mode
[  368.747765][ T1149] hsr_slave_0: left promiscuous mode
[  368.757845][ T1149] hsr_slave_1: left promiscuous mode
[  368.760029][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  368.762476][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_0
[  368.779915][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  368.784730][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_1
[  368.831867][ T1149] veth1_macvtap: left promiscuous mode
[  368.833674][ T1149] veth0_macvtap: left promiscuous mode
[  368.835457][ T1149] veth1_vlan: left promiscuous mode
[  368.837139][ T1149] veth0_vlan: left promiscuous mode
[  369.624281][ T1149] team0 (unregistering): Port device team_slave_1 removed
[  369.705388][ T1149] team0 (unregistering): Port device team_slave_0 removed
[  369.779691][ T5948] Bluetooth: hci2: command tx timeout
[  369.850735][   T60] usb 7-1: new full-speed USB device number 12 using dummy_hcd
[  370.022986][   T60] usb 7-1: config index 0 descriptor too short (expected 156, got 27)
[  370.025631][   T60] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  370.039518][   T60] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  370.043627][   T60] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  370.047999][   T60] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  370.056029][   T60] usb 7-1: config 0 interface 0 has no altsetting 0
[  370.062363][   T60] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  370.065188][   T60] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  370.067922][   T60] usb 7-1: Product: syz
[  370.070253][   T60] usb 7-1: Manufacturer: syz
[  370.071904][   T60] usb 7-1: SerialNumber: syz
[  370.074480][   T60] usb 7-1: config 0 descriptor??
[  370.077017][T12541] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  370.081341][   T60] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  370.084908][   T60] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  370.383711][T12551] No source specified
[  370.487387][T12551] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  370.779011][T12560] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1623'.
[  370.808455][ T5979] usb 7-1: USB disconnect, device number 12
[  370.812021][ T5979] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  371.079642][T12576] netlink: 'syz.3.1629': attribute type 1 has an invalid length.
[  371.082001][T12576] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1629'.
[  371.287715][T12509] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  371.298161][T12509] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  371.302752][T12509] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  371.306635][T12509] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  371.345482][T12509] 8021q: adding VLAN 0 to HW filter on device bond0
[  371.357453][T12509] 8021q: adding VLAN 0 to HW filter on device team0
[  371.362776][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state
[  371.365247][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state
[  371.371561][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  371.373803][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  371.522412][T12509] 8021q: adding VLAN 0 to HW filter on device batadv0
[  371.555525][T12509] veth0_vlan: entered promiscuous mode
[  371.560656][T12509] veth1_vlan: entered promiscuous mode
[  371.577875][T12509] veth0_macvtap: entered promiscuous mode
[  371.582110][T12509] veth1_macvtap: entered promiscuous mode
[  371.590549][T12509] batman_adv: batadv0: Interface activated: batadv_slave_0
[  371.596353][T12509] batman_adv: batadv0: Interface activated: batadv_slave_1
[  371.601069][T12509] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  371.603841][T12509] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  371.606558][T12509] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  371.610167][T12509] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  371.644559][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  371.647099][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  371.667476][ T1256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  371.678431][ T1256] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  371.901034][T12615] FAULT_INJECTION: forcing a failure.
[  371.901034][T12615] name failslab, interval 1, probability 0, space 0, times 0
[  371.905075][T12615] CPU: 1 UID: 0 PID: 12615 Comm: syz.3.1637 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  371.905102][T12615] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  371.905109][T12615] Call Trace:
[  371.905113][T12615]  <TASK>
[  371.905118][T12615]  dump_stack_lvl+0x16c/0x1f0
[  371.905138][T12615]  should_fail_ex+0x512/0x640
[  371.905154][T12615]  ? __kvmalloc_node_noprof+0x124/0x620
[  371.905170][T12615]  should_failslab+0xc2/0x120
[  371.905181][T12615]  __kvmalloc_node_noprof+0x137/0x620
[  371.905195][T12615]  ? find_held_lock+0x2b/0x80
[  371.905205][T12615]  ? file_tty_write.constprop.0+0x6ef/0x9b0
[  371.905224][T12615]  ? file_tty_write.constprop.0+0x6ef/0x9b0
[  371.905239][T12615]  file_tty_write.constprop.0+0x6ef/0x9b0
[  371.905258][T12615]  ? rw_verify_area+0xcf/0x680
[  371.905272][T12615]  vfs_write+0x6c7/0x1150
[  371.905287][T12615]  ? __pfx_tty_write+0x10/0x10
[  371.905304][T12615]  ? __pfx_vfs_write+0x10/0x10
[  371.905316][T12615]  ? find_held_lock+0x2b/0x80
[  371.905335][T12615]  ksys_write+0x12a/0x250
[  371.905349][T12615]  ? __pfx_ksys_write+0x10/0x10
[  371.905364][T12615]  ? rcu_is_watching+0x12/0xc0
[  371.905376][T12615]  __do_fast_syscall_32+0x7c/0x3a0
[  371.905388][T12615]  do_fast_syscall_32+0x32/0x80
[  371.905397][T12615]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  371.905410][T12615] RIP: 0023:0xf70fe579
[  371.905419][T12615] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  371.905429][T12615] RSP: 002b:00000000f50ac55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  371.905439][T12615] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080002b40
[  371.905445][T12615] RDX: 0000000000001006 RSI: 0000000000000000 RDI: 0000000000000000
[  371.905455][T12615] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  371.905461][T12615] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  371.905467][T12615] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  371.905480][T12615]  </TASK>
[  372.101031][ T5948] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  372.284730][T12620] bridge1: entered promiscuous mode
[  372.286803][T12620] bridge1: entered allmulticast mode
[  372.747694][T12628] 9pnet_fd: Insufficient options for proto=fd
[  373.087215][T12644] FAULT_INJECTION: forcing a failure.
[  373.087215][T12644] name failslab, interval 1, probability 0, space 0, times 0
[  373.092324][T12644] CPU: 3 UID: 0 PID: 12644 Comm: syz.2.1648 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  373.092340][T12644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  373.092347][T12644] Call Trace:
[  373.092352][T12644]  <TASK>
[  373.092357][T12644]  dump_stack_lvl+0x16c/0x1f0
[  373.092377][T12644]  should_fail_ex+0x512/0x640
[  373.092395][T12644]  should_failslab+0xc2/0x120
[  373.092406][T12644]  __kmalloc_cache_noprof+0x6a/0x3e0
[  373.092420][T12644]  ? do_raw_spin_lock+0x12c/0x2b0
[  373.092436][T12644]  ? find_held_lock+0x2b/0x80
[  373.092445][T12644]  ? async_schedule_node_domain+0x54/0x120
[  373.092458][T12644]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[  373.092473][T12644]  async_schedule_node_domain+0x54/0x120
[  373.092486][T12644]  dev_cache_fw_image+0x38e/0x490
[  373.092501][T12644]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  373.092517][T12644]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  373.092530][T12644]  dpm_for_each_dev+0x5a/0xb0
[  373.092543][T12644]  fw_pm_notify+0x81/0x150
[  373.092555][T12644]  notifier_call_chain+0xb9/0x410
[  373.092568][T12644]  ? __pfx_fw_pm_notify+0x10/0x10
[  373.092583][T12644]  blocking_notifier_call_chain_robust+0xc8/0x160
[  373.092598][T12644]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[  373.092612][T12644]  ? do_raw_spin_unlock+0x172/0x230
[  373.092630][T12644]  pm_notifier_call_chain_robust+0x27/0x60
[  373.092645][T12644]  snapshot_open+0x189/0x2b0
[  373.092657][T12644]  ? __pfx_snapshot_open+0x10/0x10
[  373.092670][T12644]  misc_open+0x35d/0x420
[  373.092684][T12644]  ? __pfx_misc_open+0x10/0x10
[  373.092696][T12644]  chrdev_open+0x231/0x6a0
[  373.092713][T12644]  ? __pfx_apparmor_file_open+0x10/0x10
[  373.092732][T12644]  ? __pfx_chrdev_open+0x10/0x10
[  373.092749][T12644]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  373.092766][T12644]  do_dentry_open+0x744/0x1c10
[  373.092782][T12644]  ? __pfx_chrdev_open+0x10/0x10
[  373.092801][T12644]  vfs_open+0x82/0x3f0
[  373.092814][T12644]  path_openat+0x1de4/0x2cb0
[  373.092834][T12644]  ? __pfx_path_openat+0x10/0x10
[  373.092852][T12644]  do_filp_open+0x20b/0x470
[  373.092868][T12644]  ? __pfx_do_filp_open+0x10/0x10
[  373.092893][T12644]  ? _raw_spin_unlock+0x28/0x50
[  373.092907][T12644]  ? alloc_fd+0x471/0x7d0
[  373.092925][T12644]  do_sys_openat2+0x11b/0x1d0
[  373.092937][T12644]  ? __pfx_do_sys_openat2+0x10/0x10
[  373.092951][T12644]  ? bpf_trace_run2+0x2a5/0x590
[  373.092968][T12644]  __ia32_compat_sys_openat+0x16d/0x210
[  373.092981][T12644]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  373.092995][T12644]  ? syscall_trace_enter+0x1cb/0x260
[  373.093012][T12644]  ? rcu_is_watching+0x12/0xc0
[  373.093024][T12644]  __do_fast_syscall_32+0x7c/0x3a0
[  373.093036][T12644]  do_fast_syscall_32+0x32/0x80
[  373.093046][T12644]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  373.093059][T12644] RIP: 0023:0xf7f64579
[  373.093068][T12644] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  373.093078][T12644] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  373.093088][T12644] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000680
[  373.093095][T12644] RDX: 0000000000040000 RSI: 0000000000000019 RDI: 0000000000000000
[  373.093101][T12644] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  373.093107][T12644] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  373.093112][T12644] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  373.093126][T12644]  </TASK>
[  373.094488][T12644] 
[  373.118448][ T5979] usb 8-1: new full-speed USB device number 16 using dummy_hcd
[  373.118573][T12644] ============================================
[  373.118579][T12644] WARNING: possible recursive locking detected
[  373.232400][T12644] 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 Not tainted
[  373.237025][T12644] --------------------------------------------
[  373.239820][T12644] syz.2.1648/12644 is trying to acquire lock:
[  373.242060][T12644] ffffffff8f515f68 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x4e/0x640
[  373.245134][T12644] 
[  373.245134][T12644] but task is already holding lock:
[  373.247741][T12644] ffffffff8f515f68 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150
[  373.250312][T12644] 
[  373.250312][T12644] other info that might help us debug this:
[  373.252784][T12644]  Possible unsafe locking scenario:
[  373.252784][T12644] 
[  373.255081][T12644]        CPU0
[  373.256143][T12644]        ----
[  373.257190][T12644]   lock(fw_lock);
[  373.258398][T12644]   lock(fw_lock);
[  373.258597][ T5979] usb 8-1: device descriptor read/64, error -71
[  373.259603][T12644] 
[  373.259603][T12644]  *** DEADLOCK ***
[  373.259603][T12644] 
[  373.259608][T12644]  May be due to missing lock nesting notation
[  373.259608][T12644] 
[  373.259612][T12644] 5 locks held by syz.2.1648/12644:
[  373.269947][T12644]  #0: ffffffff8f303e28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x420
[  373.273183][T12644]  #1: ffffffff8e487be8 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0
[  373.276335][T12644]  #2: ffffffff8e4c8390 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0xa8/0x160
[  373.280428][T12644]  #3: ffffffff8f515f68 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150
[  373.283350][T12644]  #4: ffffffff8f510968 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x2d/0xb0
[  373.287003][T12644] 
[  373.287003][T12644] stack backtrace:
[  373.288874][T12644] CPU: 3 UID: 0 PID: 12644 Comm: syz.2.1648 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  373.288888][T12644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  373.288894][T12644] Call Trace:
[  373.288899][T12644]  <TASK>
[  373.288903][T12644]  dump_stack_lvl+0x116/0x1f0
[  373.288921][T12644]  print_deadlock_bug+0x1e9/0x240
[  373.288937][T12644]  __lock_acquire+0x1106/0x1c90
[  373.288951][T12644]  ? __kasan_slab_free+0x51/0x70
[  373.288967][T12644]  lock_acquire+0x179/0x350
[  373.288980][T12644]  ? assign_fw+0x4e/0x640
[  373.288993][T12644]  ? __pfx___might_resched+0x10/0x10
[  373.289003][T12644]  ? do_sys_openat2+0x11b/0x1d0
[  373.289014][T12644]  ? __ia32_compat_sys_openat+0x16d/0x210
[  373.289026][T12644]  ? __do_fast_syscall_32+0x7c/0x3a0
[  373.289036][T12644]  __mutex_lock+0x199/0xb90
[  373.289045][T12644]  ? assign_fw+0x4e/0x640
[  373.289058][T12644]  ? assign_fw+0x4e/0x640
[  373.289070][T12644]  ? __pfx___mutex_lock+0x10/0x10
[  373.289081][T12644]  ? kasan_quarantine_put+0x10a/0x240
[  373.289095][T12644]  ? lockdep_hardirqs_on+0x7c/0x110
[  373.289111][T12644]  ? assign_fw+0x4e/0x640
[  373.289123][T12644]  assign_fw+0x4e/0x640
[  373.289134][T12644]  ? _request_firmware+0x957/0x1470
[  373.289148][T12644]  _request_firmware+0x988/0x1470
[  373.289163][T12644]  ? __pfx__request_firmware+0x10/0x10
[  373.289177][T12644]  ? dump_stack_lvl+0x185/0x1f0
[  373.289191][T12644]  ? lockdep_hardirqs_on+0x7c/0x110
[  373.289207][T12644]  __async_dev_cache_fw_image+0xb1/0x340
[  373.289221][T12644]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[  373.289235][T12644]  ? mark_held_locks+0x49/0x80
[  373.289247][T12644]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  373.289262][T12644]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[  373.289276][T12644]  async_schedule_node_domain+0xd1/0x120
[  373.289288][T12644]  dev_cache_fw_image+0x38e/0x490
[  373.289301][T12644]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  373.289314][T12644]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  373.289326][T12644]  dpm_for_each_dev+0x5a/0xb0
[  373.289338][T12644]  fw_pm_notify+0x81/0x150
[  373.289350][T12644]  notifier_call_chain+0xb9/0x410
[  373.289361][T12644]  ? __pfx_fw_pm_notify+0x10/0x10
[  373.289373][T12644]  blocking_notifier_call_chain_robust+0xc8/0x160
[  373.289386][T12644]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[  373.289400][T12644]  ? do_raw_spin_unlock+0x172/0x230
[  373.289416][T12644]  pm_notifier_call_chain_robust+0x27/0x60
[  373.289430][T12644]  snapshot_open+0x189/0x2b0
[  373.289441][T12644]  ? __pfx_snapshot_open+0x10/0x10
[  373.289453][T12644]  misc_open+0x35d/0x420
[  373.289466][T12644]  ? __pfx_misc_open+0x10/0x10
[  373.289478][T12644]  chrdev_open+0x231/0x6a0
[  373.289493][T12644]  ? __pfx_apparmor_file_open+0x10/0x10
[  373.289506][T12644]  ? __pfx_chrdev_open+0x10/0x10
[  373.289522][T12644]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  373.289537][T12644]  do_dentry_open+0x744/0x1c10
[  373.289552][T12644]  ? __pfx_chrdev_open+0x10/0x10
[  373.289568][T12644]  vfs_open+0x82/0x3f0
[  373.289579][T12644]  path_openat+0x1de4/0x2cb0
[  373.289595][T12644]  ? __pfx_path_openat+0x10/0x10
[  373.289610][T12644]  do_filp_open+0x20b/0x470
[  373.289624][T12644]  ? __pfx_do_filp_open+0x10/0x10
[  373.289642][T12644]  ? _raw_spin_unlock+0x28/0x50
[  373.289655][T12644]  ? alloc_fd+0x471/0x7d0
[  373.289670][T12644]  do_sys_openat2+0x11b/0x1d0
[  373.289681][T12644]  ? __pfx_do_sys_openat2+0x10/0x10
[  373.289692][T12644]  ? bpf_trace_run2+0x2a5/0x590
[  373.289707][T12644]  __ia32_compat_sys_openat+0x16d/0x210
[  373.289719][T12644]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  373.289732][T12644]  ? syscall_trace_enter+0x1cb/0x260
[  373.289747][T12644]  ? rcu_is_watching+0x12/0xc0
[  373.289763][T12644]  __do_fast_syscall_32+0x7c/0x3a0
[  373.289772][T12644]  do_fast_syscall_32+0x32/0x80
[  373.289782][T12644]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  373.289794][T12644] RIP: 0023:0xf7f64579
[  373.289803][T12644] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  373.289813][T12644] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  373.289823][T12644] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000680
[  373.289829][T12644] RDX: 0000000000040000 RSI: 0000000000000019 RDI: 0000000000000000
[  373.289836][T12644] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  373.289842][T12644] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  373.289847][T12644] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  373.289857][T12644]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  373.558339][ T5979] usb 8-1: new full-speed USB device number 17 using dummy_hcd
[  374.602691][ T1149] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  375.138376][ T5951] Bluetooth: hci3: command 0x0405 tx timeout
[  378.020145][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  383.137881][    C2] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!

VM DIAGNOSIS:
12:51:16  Registers:
info registers vcpu 0

CPU#0
RAX=00000000005ae054 RBX=0000000000000000 RCX=ffffffff8b7c4be9 RDX=ffffed1005646646
RSI=ffffffff8c1562e0 RDI=ffffffff81918571 RBP=fffffbfff1c52ef0 RSP=ffffffff8e207e08
R8 =0000000000000000 R9 =ffffed1005646645 R10=ffff88802b23322b R11=0000000000000001
R12=0000000000000000 R13=ffffffff8e297780 R14=ffffffff90a83350 R15=0000000000000000
RIP=ffffffff8b7c374f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809755f000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f73a3360 CR3=0000000068fef000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=ffff88802b541f40 RCX=ffffc9000c001000 RDX=0000000000080000
RSI=ffffffff81af7569 RDI=0000000000000005 RBP=0000000000000001 RSP=ffffc9000454fa30
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=000000000000001e
R12=dffffc0000000000 R13=0000000000000003 R14=ffffed10056a83e9 R15=ffff88802b33b6c0
RIP=ffffffff81af756f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88809765f000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002f108ff8 CR3=0000000068fef000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=0000000000000100 RCX=0000000000015230 RDX=0000559067352730
RSI=0000000000000000 RDI=0000559067363d00 RBP=0000000000026800 RSP=00007ffda16db538
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=0000559067352730 R13=00005590672873b0 R14=000055904e993f00 R15=000055904e983d64
RIP=00007f9fa217f0d3 RFL=00010287 [--S--PC] CPL=3 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0033 0000000000000000 ffffffff 00a0fb00 DPL=3 CS64 [-RA]
SS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f9fa2740300 ffffffff 00c00000
GS =0000 0000000000000000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000559067363000 CR3=00000000285d3000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a 0000003000000012 0004000000080024 0000000000280034
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000677 0000001800000000 0000000000000000 0000000000000015
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f01ffffffffffff ffffe1080e800318 0000024d0000000b 0000000100000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 860c80020883a2d0 a008000100000008 060601259a000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001ffff ffffffffffffbf08
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0ca8030008000ca0 030008000c980300 08000c9003040800 0c88030008000c80
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 030180c18008000e 800201c708000600 49d60072656d6974 2f646e732f766564
ZMM24=04da15fe04da15fe 04da15fe04da15fe 04da15fe04da15fe 04da15fe04da15fe 04da15fe04da15fe 04da15fe04da15fe 04da15fe04da15fe 04da15fe04da15fe
ZMM25=1223bb9d1223bb9d 1223bb9d1223bb9d 1223bb9d1223bb9d 1223bb9d1223bb9d 1223bb9d1223bb9d 1223bb9d1223bb9d 1223bb9d1223bb9d 1223bb9d1223bb9d
ZMM26=e8ff3a32e8ff3a32 e8ff3a32e8ff3a32 e8ff3a32e8ff3a32 e8ff3a32e8ff3a32 e8ff3a32e8ff3a32 e8ff3a32e8ff3a32 e8ff3a32e8ff3a32 e8ff3a32e8ff3a32
ZMM27=6a18cc886a18cc88 6a18cc886a18cc88 6a18cc886a18cc88 6a18cc886a18cc88 6a18cc886a18cc88 6a18cc886a18cc88 6a18cc886a18cc88 6a18cc886a18cc88
ZMM28=00000200000001ff 000001fe000001fd 000001fc000001fb 000001fa000001f9 000001f8000001f7 000001f6000001f5 000001f4000001f3 000001f2000001f1
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=ce170000ce170000 ce170000ce170000 ce170000ce170000 ce170000ce170000 ce170000ce170000 ce170000ce170000 ce170000ce170000 ce170000ce170000
info registers vcpu 3

CPU#3
RAX=0000000000000074 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85580c55 RDI=ffffffff9b06da00 RBP=ffffffff9b06d9c0 RSP=ffffc9000699ed00
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=722d302e36312e36
R12=0000000000000000 R13=0000000000000074 R14=ffffffff9b06d9c0 R15=ffffffff85580bf0
RIP=ffffffff85580c7f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88809785f000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f5085fac CR3=000000002ac45000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000