last executing test programs:

2.766157136s ago: executing program 2 (id=3):
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f0000000480)={0x0, {}, 0x0, {}, 0x3, 0x0, 0x1e, 0x28, "561bfcadb322e7a648b826f003c1851a9c242527cb3d254dada276366a87ccc588949546a12cc5809eccd37a8564cabfda4c147b3a45b8e943bced07fd3fffbf", "2b416beaef043ee1e602417940bd7c3771390871faaa7103228109660205a039", [0x3, 0x7]})
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000440)={@cgroup, 0x24, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002b40)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[], 0x60}}, 0x20004854)
r2 = openat$rfkill(0xffffff9c, &(0x7f0000000040), 0x402, 0x0)
poll(&(0x7f0000000280)=[{r2, 0x8680}], 0x1, 0xf0)
openat$nci(0xffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x8b22, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = syz_open_dev$vim2m(0x0, 0x5, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f00000002c0)={0x1, @pix={0x3, 0xf, 0x30314742, 0x6, 0xc, 0x5c09, 0x5, 0x7, 0x0, 0x0, 0x2, 0x4}})
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[@ANYBLOB="0203000304000004000019000000000000"], 0x20}, 0x1, 0x7}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x200000000000000)

2.639342243s ago: executing program 0 (id=1):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0)
r6 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd)
keyctl$read(0xb, r6, &(0x7f0000000240)=""/112, 0x349b7f55)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000540)=@newqdisc={0x78, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0xfffffffd, 0x0, 0x800000, 0x1, 0xffffffff}, 0x0, 0x0, 0x7, 0x4, 0x101, 0x14, 0x0, 0x0, 0x0, 0x0, {0x1ff, 0x0, 0x0, 0x7f}}}}]}, 0x78}}, 0x4080)

2.632059588s ago: executing program 1 (id=2):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = dup(r2)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
munlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_CLOSE={0x13, 0x3, 0x0, r4})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
read$nci(r8, &(0x7f00000019c0)=""/97, 0x61)
r11 = syz_genetlink_get_family_id$nfc(&(0x7f0000000240), r10)
sendmsg$NFC_CMD_DEV_UP(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYRES16=r11, @ANYBLOB="0100000000000000000002000000080001"], 0x1c}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
pipe(&(0x7f0000000000))
splice(r4, 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="34000000020605000000000000000000000000000c000300686173683a697000051d040000000000040007800500050002000000"], 0x34}, 0x1, 0x0, 0x0, 0x24004090}, 0x0)
ioctl$int_in(r4, 0x5421, &(0x7f00000001c0)=0x2f)
connect$inet6(r3, &(0x7f0000000280)={0xa, 0x4e22, 0x8000, @loopback, 0x12}, 0x1c)
close(r4)
socket(0x2b, 0x1, 0x1)

2.595699622s ago: executing program 3 (id=4):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000080)=0x2)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f00000000c0))
ioctl$SNDCTL_DSP_STEREO(r2, 0xc0045003, &(0x7f0000000100)=0x1)
write$dsp(r2, &(0x7f0000000000)="81", 0x1)
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, r2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)={0x70, 0x0, 0x9, 0x305, 0x0, 0x0, {}, [@NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x4}}, @NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @remote}}}]}, @NFCTH_PRIV_DATA_LEN={0x8}]}, 0x70}}, 0x0)
close(r2)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r4 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r5 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
pwritev(r5, &(0x7f0000000600)=[{&(0x7f0000000180)="10", 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r4, 0x4c00, r5)
sendfile(r4, r4, 0x0, 0x24002de8)
prlimit64(0x0, 0x5, &(0x7f0000000240)={0x5, 0x448eb0f5}, 0x0)
ioctl$LOOP_SET_STATUS(r4, 0x4c02, &(0x7f0000000300)={0x0, {}, 0x0, {}, 0x9, 0x9, 0x1f, 0x14, "522530d6e597ca54b72437f1295d3513b07ad78ca88090d709b29ee7c21514bb1f066e71674e1cf500", "0109000000e14cbe4623c5ce6a392e161ffa301eabda93c62aa2000000000008", [0x7, 0xb]})
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
r6 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_FREE_MR(r6, 0x114, 0x3, &(0x7f00000001c0)={{0xc1, 0x4}, 0x5}, 0x10)
socket(0x1e, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000faffeeff000000000000000085000000"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

2.477202571s ago: executing program 2 (id=5):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000080)=0x2)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f00000000c0))
ioctl$SNDCTL_DSP_STEREO(r2, 0xc0045003, &(0x7f0000000100)=0x1)
write$dsp(r2, &(0x7f0000000000)="81", 0x1)
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, r2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)={0x70, 0x0, 0x9, 0x305, 0x0, 0x0, {}, [@NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x4}}, @NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @remote}}}]}, @NFCTH_PRIV_DATA_LEN={0x8}]}, 0x70}}, 0x0)
close(r2)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r4 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r5 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
pwritev(r5, &(0x7f0000000600)=[{&(0x7f0000000180)="10", 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r4, 0x4c00, r5)
sendfile(r4, r4, 0x0, 0x24002de8)
prlimit64(0x0, 0x5, &(0x7f0000000240)={0x5, 0x448eb0f5}, 0x0)
ioctl$LOOP_SET_STATUS(r4, 0x4c02, &(0x7f0000000300)={0x0, {}, 0x0, {}, 0x9, 0x9, 0x1f, 0x14, "522530d6e597ca54b72437f1295d3513b07ad78ca88090d709b29ee7c21514bb1f066e71674e1cf500", "0109000000e14cbe4623c5ce6a392e161ffa301eabda93c62aa2000000000008", [0x7, 0xb]})
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
r6 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_FREE_MR(r6, 0x114, 0x3, &(0x7f00000001c0)={{0xc1, 0x4}, 0x5}, 0x10)
socket(0x1e, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000faffeeff000000000000000085000000"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1.955807142s ago: executing program 1 (id=6):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = dup(r2)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
munlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_CLOSE={0x13, 0x3, 0x0, r4})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
read$nci(r8, &(0x7f00000019c0)=""/97, 0x61)
syz_genetlink_get_family_id$nfc(&(0x7f0000000240), r10)
sendmsg$NFC_CMD_DEV_UP(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="0100000000000000000002000000080001"], 0x1c}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
pipe(&(0x7f0000000000))
splice(r4, 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="34000000020605000000000000000000000000000c000300686173683a697000051d040000000000040007800500050002000000"], 0x34}, 0x1, 0x0, 0x0, 0x24004090}, 0x0)
ioctl$int_in(r4, 0x5421, &(0x7f00000001c0)=0x2f)
connect$inet6(r3, &(0x7f0000000280)={0xa, 0x4e22, 0x8000, @loopback, 0x12}, 0x1c)
close(r4)
socket(0x2b, 0x1, 0x1)

1.72051149s ago: executing program 0 (id=7):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
syz_usb_connect(0x1, 0x0, 0x0, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = openat$sndseq(0xffffff9c, &(0x7f0000000180), 0x40)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r4, 0xc0a45320, &(0x7f00000000c0)={{0x80, 0x4}, 'port1\x00', 0x786520dbf34c80fe, 0x20a03, 0x20000003, 0x0, 0x0, 0xc, 0x400, 0x0, 0x0, 0x87})
r5 = openat$sequencer2(0xffffff9c, &(0x7f0000000040), 0x123482, 0x0)
dup3(r5, r4, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f00000012c0)=0x100000001, 0x4)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @rand_addr, 0x9}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
r6 = fcntl$dupfd(r3, 0x0, r3)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$IPVS_CMD_GET_CONFIG(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x0)
sendmsg$inet6(r3, &(0x7f0000001500)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000300)="5a6871908ddfe3ee43aa1160a73753ce6cab32d184de576a9f314969c1d7546399a47258ea86bbd3febfc84e58f64d32bb361e0af645bad480a103ab7d7fa2404622f26e7f7e668a4d7e5aee1276dc1d52b170003659e627d012cdf5dcb438b8ae0bf19e6c992c68011b7297da8b53655071195f55e0", 0x76}, {&(0x7f0000000700)}], 0x2}, 0x40001880)

1.610616259s ago: executing program 2 (id=8):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r2=>0x0})
mbind(&(0x7f0000bdf000/0x4000)=nil, 0x4000, 0x1, &(0x7f0000000040)=0x1, 0x2, 0x0)
mbind(&(0x7f0000be0000/0x2000)=nil, 0x2000, 0x4001, &(0x7f0000000080)=0x1000000000000085, 0x4, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
socket$vsock_stream(0x28, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
syz_open_dev$usbfs(0x0, 0xf, 0x8100)
r6 = syz_io_uring_setup(0x117, &(0x7f0000000100), &(0x7f0000000280)=<r7=>0x0, &(0x7f0000000200)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r9 = syz_io_uring_setup(0x7540, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000200)=<r10=>0x0)
r11 = syz_io_uring_setup(0x34ef, &(0x7f0000000400)={0x0, 0x0, 0x1}, &(0x7f00000003c0)=<r12=>0x0, &(0x7f0000001480))
syz_io_uring_submit(r12, r10, &(0x7f00000001c0)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r11, 0x0, 0x0})
io_uring_enter(r9, 0x2003, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(r7, r8, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0xc})
io_uring_enter(r6, 0x47f6, 0x0, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000002c0)={0x38, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'pim6reg0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}]}, 0x38}}, 0x0)

1.586135988s ago: executing program 3 (id=9):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r2=>0x0})
mbind(&(0x7f0000bdf000/0x4000)=nil, 0x4000, 0x1, &(0x7f0000000040)=0x1, 0x2, 0x0)
mbind(&(0x7f0000be0000/0x2000)=nil, 0x2000, 0x4001, &(0x7f0000000080)=0x1000000000000085, 0x4, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
socket$vsock_stream(0x28, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
syz_open_dev$usbfs(0x0, 0xf, 0x8100)
r6 = syz_io_uring_setup(0x117, &(0x7f0000000100), &(0x7f0000000280)=<r7=>0x0, &(0x7f0000000200)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
r9 = syz_io_uring_setup(0x7540, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000200)=<r10=>0x0)
r11 = syz_io_uring_setup(0x34ef, &(0x7f0000000400)={0x0, 0x0, 0x1}, &(0x7f00000003c0)=<r12=>0x0, &(0x7f0000001480))
syz_io_uring_submit(r12, r10, &(0x7f00000001c0)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r11, 0x0, 0x0})
io_uring_enter(r9, 0x2003, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(r7, r8, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0xc})
io_uring_enter(r6, 0x47f6, 0x0, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000002c0)={0x38, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'pim6reg0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}]}, 0x38}}, 0x0)

661.334743ms ago: executing program 1 (id=10):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00'})
mbind(&(0x7f0000bdf000/0x4000)=nil, 0x4000, 0x1, &(0x7f0000000040)=0x1, 0x2, 0x0)
mbind(&(0x7f0000be0000/0x2000)=nil, 0x2000, 0x4001, &(0x7f0000000080)=0x1000000000000085, 0x4, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
socket$vsock_stream(0x28, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$usbfs(&(0x7f0000000000), 0xf, 0x8100)
r4 = syz_io_uring_setup(0x117, &(0x7f0000000100), &(0x7f0000000280)=<r5=>0x0, &(0x7f0000000200)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_io_uring_setup(0x7540, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000200))
syz_io_uring_setup(0x34ef, &(0x7f0000000400)={0x0, 0x0, 0x1}, &(0x7f00000003c0), &(0x7f0000001480))
syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0xc})
io_uring_enter(r4, 0x47f6, 0x0, 0x0, 0x0, 0x0)

643.959017ms ago: executing program 3 (id=11):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = dup(r2)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
munlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_CLOSE={0x13, 0x3, 0x0, r4})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
read$nci(r8, &(0x7f00000019c0)=""/97, 0x61)
r11 = syz_genetlink_get_family_id$nfc(&(0x7f0000000240), r10)
sendmsg$NFC_CMD_DEV_UP(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYRES16=r11, @ANYBLOB="0100000000000000000002000000080001"], 0x1c}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
pipe(&(0x7f0000000000))
splice(r4, 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="34000000020605000000000000000000000000000c000300686173683a697000051d040000000000040007800500050002000000"], 0x34}, 0x1, 0x0, 0x0, 0x24004090}, 0x0)
ioctl$int_in(r4, 0x5421, &(0x7f00000001c0)=0x2f)
connect$inet6(r3, &(0x7f0000000280)={0xa, 0x4e22, 0x8000, @loopback, 0x12}, 0x1c)
close(r4)
socket(0x2b, 0x1, 0x1)

632.471848ms ago: executing program 2 (id=12):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r3}, 0x10)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0185879, &(0x7f0000000000)={@id={0x2, 0x0, @d}})
r4 = syz_open_dev$usbfs(&(0x7f0000000480), 0xc, 0x141341)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200))
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r5, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0xfffe)
connect$inet(r1, 0x0, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r7=>0xffffffffffffffff})
splice(r7, 0x0, r6, 0x0, 0x1, 0x0)
vmsplice(r6, &(0x7f00000013c0)=[{&(0x7f0000000080)='4', 0x1}, {0x0}], 0x2, 0x0)
ioctl$sock_SIOCINQ(r6, 0x541b, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0xa1a)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000017c0000040000000c00018006000600800a000004050280000514"], 0x528}}, 0xc000)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x141001, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_SET_NR_MMU_PAGES(r9, 0xae44, 0x1a9)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="10002dbd7000fcdbdf250a00ffff08000300070000003891299a577cf573205d5726bcf7329932c54f8cc87edc78e25f9283a7b804bdba0dd671140f6b2929f110e2b2f86b07e14edec7b89aa5f33fbb79a439b7d6bb5f849d559eee79988b65158eae25ae8daf66e91d5fb39a9b356ee3943acda3aa037fa6fa6795f850a1c1b5eaa0cf0ccdbf91f2"], 0x1c}, 0x1, 0x0, 0x0, 0x40080}, 0x40)
creat(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240), 0x0)

0s ago: executing program 2 (id=13):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x340, 0x18c, 0x2b8, 0x182, 0x0, 0x0, 0x278, 0x3a8, 0x3a8, 0x278, 0x3a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x164, 0x18c, 0x0, {0x0, 0xe0ffff00000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'fsm\x00', "83f0a574725c23587dcfbd695650fe91ad9f7783f34f23315a573f167f755eaff4d665d219fa653cdfd7ee1092b07e243bd3e81b17fa1a6a18d79ae45b76f817515ec14cdf53d785cfe1d638f578cf51801a954830bfb97c4595e7b07b7147a846d1a230f2e1053fd68b5c45f2847c271539bdbd0f149a701a72fc1f87ab788a", 0x20}}]}, @common=@inet=@SET1={0x28}}, {{@uncond, 0x0, 0xc8, 0xec, 0x0, {}, [@inet=@rpfilter={{0x24}}]}, @common=@unspec=@NFQUEUE0={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x39c)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=ANY=[], 0x2c}}, 0x8800)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, &(0x7f0000000240)={0x2, 0xda0, 0x0, 0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x44000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(r4, 0x8, &(0x7f00000001c0)=0x4)
mmap(&(0x7f0000333000/0x3000)=nil, 0x3000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x3cfe5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000001c00)=[{{&(0x7f0000000380)=@pppoe, 0x80, &(0x7f0000001e00)=[{&(0x7f0000000000)=""/37, 0x35}, {&(0x7f0000000400)=""/7, 0x7}, {&(0x7f00000004c0)=""/35, 0x19}, {&(0x7f0000000480)=""/31, 0x1f}, {&(0x7f0000000580)=""/106, 0x6a}, {&(0x7f0000000f40)=""/52, 0x31}, {&(0x7f0000001c80)=""/132, 0x84}, {&(0x7f0000000600)=""/97, 0x61}, {&(0x7f00000016c0)=""/98, 0x62}, {&(0x7f0000001d40)=""/129, 0x81}], 0xa, &(0x7f0000000a80)=""/217, 0xd9}, 0x9}, {{0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f0000000b80)=""/75, 0x4b}, {&(0x7f0000000680)=""/43, 0x2b}, {&(0x7f0000000c00)=""/125, 0x8d}, {&(0x7f0000000cc0)=""/81, 0x51}, {&(0x7f0000000d40)=""/84, 0x54}, {&(0x7f0000000dc0)=""/237, 0xed}, {&(0x7f0000000ec0)=""/114, 0x72}, {&(0x7f0000001e80)=""/188}], 0x7, &(0x7f0000000f80)=""/140, 0x8c}, 0x96}, {{&(0x7f0000001040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000001480)=[{&(0x7f00000010c0)=""/81, 0x51}, {&(0x7f0000001140)=""/199, 0xc7}, {&(0x7f0000001240)=""/171, 0xab}, {&(0x7f0000001fc0)=""/242, 0xf2}, {&(0x7f0000001400)=""/67, 0x43}], 0x5, &(0x7f00000014c0)=""/79, 0x4f}, 0x9}, {{&(0x7f0000001540)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000440)=[{&(0x7f00000015c0)=""/204}, {&(0x7f0000001300)=""/81}], 0x8, &(0x7f0000001b80)=""/124, 0x7c}, 0xc}], 0x4, 0x40000063, 0x0)
sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), 0xffffffffffffffff)
r6 = openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$vim2m_VIDIOC_TRY_FMT(r6, 0xc0cc5640, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$smc(&(0x7f0000001980), 0xffffffffffffffff)
r7 = syz_open_dev$video4linux(&(0x7f0000002300), 0x0, 0x0)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
setrlimit(0x9, &(0x7f0000000040)={0x6, 0x1})
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r8, 0x84, 0x6d, 0x0, &(0x7f0000000140))
ioctl$VIDIOC_SUBDEV_S_FMT(r7, 0xc0205649, &(0x7f0000000500)={0x0, 0x0, {0x4, 0xfefffffe, 0x3007, 0x2, 0x7, 0x0, 0x1}})

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:3033' (ED25519) to the list of known hosts.
[   32.526405][ T5862] cgroup: Unknown subsys name 'net'
[   32.712525][ T5862] cgroup: Unknown subsys name 'cpuset'
[   32.716713][ T5862] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   33.481188][ T5862] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   36.163615][ T5954] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   36.166240][ T5954] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   36.169540][ T5953] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   36.169666][ T5957] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   36.174549][ T5953] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   36.174881][ T5955] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   36.175127][ T5957] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   36.175483][ T5957] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   36.176037][ T5957] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   36.176365][ T5957] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   36.176541][ T5957] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   36.181072][   T66] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   36.185064][ T5953] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   36.189381][   T66] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   36.191762][ T5953] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   36.192465][   T66] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   36.195139][ T5953] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   36.196131][ T5956] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   36.197062][   T66] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   36.198373][ T5956] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   36.198604][ T5956] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   36.198743][ T5956] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   36.203989][ T5953] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   36.217778][ T5953] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   36.315035][ T5941] chnl_net:caif_netlink_parms(): no params data found
[   36.339760][ T5940] chnl_net:caif_netlink_parms(): no params data found
[   36.474496][ T5940] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.477856][ T5940] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.480957][ T5940] bridge_slave_0: entered allmulticast mode
[   36.483119][ T5940] bridge_slave_0: entered promiscuous mode
[   36.486336][ T5941] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.488560][ T5941] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.491098][ T5941] bridge_slave_0: entered allmulticast mode
[   36.493867][ T5941] bridge_slave_0: entered promiscuous mode
[   36.496513][ T5941] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.498881][ T5941] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.501381][ T5941] bridge_slave_1: entered allmulticast mode
[   36.503958][ T5941] bridge_slave_1: entered promiscuous mode
[   36.515954][ T5940] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.519627][ T5940] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.521920][ T5940] bridge_slave_1: entered allmulticast mode
[   36.525127][ T5940] bridge_slave_1: entered promiscuous mode
[   36.543984][ T5945] chnl_net:caif_netlink_parms(): no params data found
[   36.573570][ T5940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   36.582713][ T5941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   36.586754][ T5940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   36.609065][ T5941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   36.630432][ T5940] team0: Port device team_slave_0 added
[   36.634023][ T5940] team0: Port device team_slave_1 added
[   36.678004][ T5941] team0: Port device team_slave_0 added
[   36.701714][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_0
[   36.703808][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.711499][ T5940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   36.716978][ T5941] team0: Port device team_slave_1 added
[   36.726744][ T5945] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.728978][ T5945] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.731001][ T5945] bridge_slave_0: entered allmulticast mode
[   36.733182][ T5945] bridge_slave_0: entered promiscuous mode
[   36.736253][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_1
[   36.738322][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.745425][ T5940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   36.758904][ T5945] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.760993][ T5945] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.763023][ T5945] bridge_slave_1: entered allmulticast mode
[   36.765137][ T5945] bridge_slave_1: entered promiscuous mode
[   36.784276][ T5945] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   36.787140][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_0
[   36.789193][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.796310][ T5941] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   36.800658][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_1
[   36.802694][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.810039][ T5941] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   36.814532][ T5949] chnl_net:caif_netlink_parms(): no params data found
[   36.818767][ T5945] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   36.860342][ T5940] hsr_slave_0: entered promiscuous mode
[   36.862995][ T5940] hsr_slave_1: entered promiscuous mode
[   36.878851][ T5945] team0: Port device team_slave_0 added
[   36.908833][ T5945] team0: Port device team_slave_1 added
[   36.925202][ T5941] hsr_slave_0: entered promiscuous mode
[   36.927291][ T5941] hsr_slave_1: entered promiscuous mode
[   36.930251][ T5941] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   36.932502][ T5941] Cannot create hsr debugfs directory
[   36.958821][ T5949] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.960911][ T5949] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.962983][ T5949] bridge_slave_0: entered allmulticast mode
[   36.965089][ T5949] bridge_slave_0: entered promiscuous mode
[   36.975727][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_0
[   36.978090][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.987237][ T5945] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   36.995015][ T5949] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.997133][ T5949] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.999338][ T5949] bridge_slave_1: entered allmulticast mode
[   37.001473][ T5949] bridge_slave_1: entered promiscuous mode
[   37.003722][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_1
[   37.006364][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   37.017391][ T5945] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   37.081776][ T5949] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   37.108302][ T5945] hsr_slave_0: entered promiscuous mode
[   37.110892][ T5945] hsr_slave_1: entered promiscuous mode
[   37.113263][ T5945] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   37.116102][ T5945] Cannot create hsr debugfs directory
[   37.127366][ T5949] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   37.152925][ T5949] team0: Port device team_slave_0 added
[   37.162110][ T5949] team0: Port device team_slave_1 added
[   37.226973][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_0
[   37.230359][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   37.237975][ T5949] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   37.256800][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_1
[   37.259114][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   37.266451][ T5949] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   37.336596][ T5949] hsr_slave_0: entered promiscuous mode
[   37.339938][ T5949] hsr_slave_1: entered promiscuous mode
[   37.342600][ T5949] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   37.345702][ T5949] Cannot create hsr debugfs directory
[   37.349387][ T5940] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   37.357660][ T5940] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   37.362933][ T5940] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   37.404020][ T5940] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   37.434023][ T5941] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   37.437694][ T5941] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   37.442571][ T5941] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   37.449764][ T5941] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   37.498359][ T5945] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   37.501867][ T5945] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   37.505308][ T5945] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   37.511043][ T5945] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   37.535185][ T5949] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   37.543050][ T5949] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   37.546240][ T5949] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   37.549767][ T5949] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   37.586391][ T5940] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.595010][ T5941] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.617230][ T5940] 8021q: adding VLAN 0 to HW filter on device team0
[   37.623926][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.626150][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.629986][ T5941] 8021q: adding VLAN 0 to HW filter on device team0
[   37.633958][ T5945] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.640584][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.642681][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.645481][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.647547][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.657569][ T5945] 8021q: adding VLAN 0 to HW filter on device team0
[   37.665584][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.668421][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.673346][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.675494][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.688737][   T74] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.690841][   T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.696743][ T5949] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.704630][ T5949] 8021q: adding VLAN 0 to HW filter on device team0
[   37.724067][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.726160][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.741385][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.744433][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.805796][ T5940] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.822564][ T5940] veth0_vlan: entered promiscuous mode
[   37.827975][ T5940] veth1_vlan: entered promiscuous mode
[   37.839913][ T5941] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.847214][ T5945] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.866440][ T5940] veth0_macvtap: entered promiscuous mode
[   37.873992][ T5940] veth1_macvtap: entered promiscuous mode
[   37.882366][ T5941] veth0_vlan: entered promiscuous mode
[   37.892724][ T5949] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.895950][ T5941] veth1_vlan: entered promiscuous mode
[   37.900166][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_0
[   37.905858][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_1
[   37.913284][ T5945] veth0_vlan: entered promiscuous mode
[   37.916410][ T5940] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   37.919159][ T5940] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   37.921732][ T5940] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   37.924254][ T5940] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   37.936027][ T5945] veth1_vlan: entered promiscuous mode
[   37.960414][ T5941] veth0_macvtap: entered promiscuous mode
[   37.969074][ T5949] veth0_vlan: entered promiscuous mode
[   37.971919][ T5941] veth1_macvtap: entered promiscuous mode
[   37.986448][ T5945] veth0_macvtap: entered promiscuous mode
[   37.990042][ T5949] veth1_vlan: entered promiscuous mode
[   37.993636][ T5945] veth1_macvtap: entered promiscuous mode
[   37.993807][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   37.997714][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   38.002308][ T5941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   38.005551][ T5941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.008992][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_0
[   38.018832][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   38.021877][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.024674][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   38.027678][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.031423][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_0
[   38.034399][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   38.034690][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   38.036770][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   38.040204][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.045199][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_1
[   38.052351][ T5941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   38.055387][ T5941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.059559][ T5941] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   38.062590][ T5941] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.065915][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_1
[   38.069490][ T5945] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   38.072207][ T5945] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   38.074707][ T5945] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   38.077331][ T5945] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   38.086015][ T5941] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   38.089491][ T5941] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   38.092300][ T5941] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   38.094930][ T5941] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   38.100952][ T5949] veth0_macvtap: entered promiscuous mode
[   38.114355][ T5949] veth1_macvtap: entered promiscuous mode
[   38.116150][ T5940] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   38.144653][ T5949] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   38.144759][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   38.148874][ T5949] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.151674][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   38.154751][ T5949] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   38.161855][ T5949] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.164712][ T5949] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   38.167714][ T5949] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.173502][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_0
[   38.185173][ T5949] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   38.188451][ T5949] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.191353][ T5949] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   38.194429][ T5949] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.197323][ T5949] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   38.200811][ T5949] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.204381][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_1
[   38.212217][ T5949] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   38.214818][ T5949] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   38.217507][ T5949] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   38.218861][ T5953] Bluetooth: hci2: command tx timeout
[   38.218867][   T66] Bluetooth: hci1: command tx timeout
[   38.220290][ T5949] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   38.221996][ T5952] Bluetooth: hci0: command tx timeout
[   38.226682][ T1135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   38.230447][ T1135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   38.234401][ T1135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   38.236935][ T1135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   38.242477][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   38.244871][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   38.268417][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   38.270729][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   38.280526][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   38.283803][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   38.298658][ T5952] Bluetooth: hci3: command tx timeout
[   38.412673][ T6022] netlink: 'syz.3.4': attribute type 2 has an invalid length.
[   38.415974][ T6022] netlink: 'syz.3.4': attribute type 1 has an invalid length.
[   38.419804][ T6022] netlink: 'syz.3.4': attribute type 1 has an invalid length.
[   38.436660][ T6022] loop7: detected capacity change from 0 to 16384
[   38.478469][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   38.480995][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   38.587080][ T6031] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2'.
[   38.609445][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   38.612677][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   38.615309][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   38.828707][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[   38.968335][ T6035] loop7: detected capacity change from 16384 to 16383
[   39.011457][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[   39.199513][ T6044] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6'.
[   39.202485][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[   40.293141][ T6062] usb 2-1: USB disconnect, device number 2
[   40.298694][ T5952] Bluetooth: hci0: command tx timeout
[   40.300343][ T5952] Bluetooth: hci2: command tx timeout
[   40.308331][ T5953] Bluetooth: hci1: command tx timeout
[   40.378370][ T5952] Bluetooth: hci3: command tx timeout
[   40.498367][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   40.588324][ T6068] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   40.590279][ T6068] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   40.600254][ T6068] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   40.603039][ T6068] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   40.605041][ T6068] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   40.610397][ T6068] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   40.613419][ T6068] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   40.615277][ T6068] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   40.618008][ T6068] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   40.624325][ T6068] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   40.626571][ T6068] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   40.651351][ T6068] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   40.779757][ T6075] netlink: 20 bytes leftover after parsing attributes in process `syz.3.11'.
[   40.848378][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   41.290358][ T6081] 
[   41.291442][ T6081] =============================
[   41.293421][ T6081] WARNING: suspicious RCU usage
[   41.295303][ T6081] 6.13.0-syzkaller-07632-gaa22f4da2a46 #0 Not tainted
[   41.299832][ T6081] -----------------------------
[   41.301889][ T6081] ./include/linux/kvm_host.h:1057 suspicious rcu_dereference_check() usage!
[   41.304583][ T6081] 
[   41.304583][ T6081] other info that might help us debug this:
[   41.304583][ T6081] 
[   41.307738][ T6081] 
[   41.307738][ T6081] rcu_scheduler_active = 2, debug_locks = 1
[   41.310746][ T6081] no locks held by syz.2.13/6081.
[   41.312293][ T6081] 
[   41.312293][ T6081] stack backtrace:
[   41.314067][ T6081] CPU: 2 UID: 0 PID: 6081 Comm: syz.2.13 Not tainted 6.13.0-syzkaller-07632-gaa22f4da2a46 #0
[   41.314077][ T6081] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   41.314083][ T6081] Call Trace:
[   41.314086][ T6081]  <TASK>
[   41.314089][ T6081]  dump_stack_lvl+0x16c/0x1f0
[   41.314104][ T6081]  lockdep_rcu_suspicious+0x210/0x3c0
[   41.314117][ T6081]  kvm_vcpu_gfn_to_memslot+0x48c/0x590
[   41.314129][ T6081]  ? __lock_acquire+0x2077/0x3c40
[   41.314141][ T6081]  kvm_vcpu_write_guest+0x68/0x130
[   41.314154][ T6081]  kvm_xen_write_hypercall_page+0x4aa/0x530
[   41.314167][ T6081]  ? __pfx_kvm_xen_write_hypercall_page+0x10/0x10
[   41.314182][ T6081]  kvm_set_msr_common+0x160b/0x33c0
[   41.314195][ T6081]  ? __pfx_kvm_set_msr_common+0x10/0x10
[   41.314209][ T6081]  ? __pfx_lock_release+0x10/0x10
[   41.314219][ T6081]  ? do_raw_spin_lock+0x12d/0x2c0
[   41.314234][ T6081]  vmx_set_msr+0xc2b/0x3950
[   41.314245][ T6081]  ? __pfx_vmx_set_msr+0x10/0x10
[   41.314256][ T6081]  ? _raw_spin_unlock+0x28/0x50
[   41.314265][ T6081]  ? kvm_clear_async_pf_completion_queue+0x2e1/0x480
[   41.314278][ T6081]  kvm_vcpu_reset+0x933/0x1960
[   41.314290][ T6081]  ? __pfx_kvm_vcpu_reset+0x10/0x10
[   41.314302][ T6081]  ? kvm_set_tsc_khz+0x28b/0x520
[   41.314315][ T6081]  kvm_arch_vcpu_create+0x6dc/0xab0
[   41.314327][ T6081]  kvm_vm_ioctl+0xf4f/0x3d70
[   41.314339][ T6081]  ? stack_trace_save+0x95/0xd0
[   41.314352][ T6081]  ? stack_depot_save_flags+0x28/0x9e0
[   41.314363][ T6081]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[   41.314374][ T6081]  ? kasan_save_stack+0x42/0x60
[   41.314387][ T6081]  ? kasan_save_stack+0x33/0x60
[   41.314394][ T6081]  ? kasan_save_track+0x14/0x30
[   41.314401][ T6081]  ? kasan_save_free_info+0x3b/0x60
[   41.314412][ T6081]  ? __kasan_slab_free+0x51/0x70
[   41.314420][ T6081]  ? kfree+0x14f/0x4b0
[   41.314427][ T6081]  ? tomoyo_path_number_perm+0x46d/0x5b0
[   41.314438][ T6081]  ? security_file_ioctl_compat+0x9b/0x240
[   41.314451][ T6081]  ? __do_compat_sys_ioctl+0x4e/0x2c0
[   41.314463][ T6081]  ? __do_fast_syscall_32+0x73/0x120
[   41.314474][ T6081]  ? do_fast_syscall_32+0x32/0x80
[   41.314483][ T6081]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   41.314496][ T6081]  ? kvm_arch_vm_compat_ioctl+0x2d1/0x480
[   41.314504][ T6081]  ? hlock_class+0x4e/0x130
[   41.314516][ T6081]  ? mark_lock+0xb5/0xc60
[   41.314525][ T6081]  ? __pfx_kvm_arch_vm_compat_ioctl+0x10/0x10
[   41.314534][ T6081]  ? __pfx_mark_lock+0x10/0x10
[   41.314549][ T6081]  ? find_held_lock+0x2d/0x110
[   41.314562][ T6081]  ? tomoyo_path_number_perm+0x298/0x5b0
[   41.314573][ T6081]  ? __pfx_lock_release+0x10/0x10
[   41.314584][ T6081]  ? tomoyo_path_number_perm+0x46d/0x5b0
[   41.314597][ T6081]  ? tomoyo_path_number_perm+0x190/0x5b0
[   41.314609][ T6081]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   41.314620][ T6081]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   41.314632][ T6081]  ? do_vfs_ioctl+0x513/0x1950
[   41.314642][ T6081]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   41.314658][ T6081]  kvm_vm_compat_ioctl+0x399/0x440
[   41.314669][ T6081]  ? __pfx_kvm_vm_compat_ioctl+0x10/0x10
[   41.314681][ T6081]  ? __pfx_lock_release+0x10/0x10
[   41.314690][ T6081]  ? trace_lock_acquire+0x14e/0x1f0
[   41.314701][ T6081]  ? __fget_files+0x206/0x3a0
[   41.314711][ T6081]  ? __pfx_kvm_vm_compat_ioctl+0x10/0x10
[   41.314723][ T6081]  __do_compat_sys_ioctl+0x1cb/0x2c0
[   41.314735][ T6081]  __do_fast_syscall_32+0x73/0x120
[   41.314746][ T6081]  do_fast_syscall_32+0x32/0x80
[   41.314757][ T6081]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   41.314769][ T6081] RIP: 0023:0xf7f10579
[   41.314777][ T6081] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   41.314785][ T6081] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[   41.314793][ T6081] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000ae41
[   41.314798][ T6081] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   41.314802][ T6081] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   41.314807][ T6081] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[   41.314811][ T6081] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   41.314821][ T6081]  </TASK>
[   42.549611][ T5952] Bluetooth: hci1: command 0x0419 tx timeout
[   42.618530][ T5952] Bluetooth: hci2: command 0x0419 tx timeout
[   42.619384][ T5953] Bluetooth: hci0: command 0x0419 tx timeout
[   42.698635][ T5953] Bluetooth: hci3: command 0x040f tx timeout
[   44.619543][ T5953] Bluetooth: hci1: command 0x0419 tx timeout
[   44.698364][ T5953] Bluetooth: hci0: command 0x0419 tx timeout
[   44.698441][ T5952] Bluetooth: hci2: command 0x0419 tx timeout
[   44.778348][ T5952] Bluetooth: hci3: command 0x040f tx timeout
[   46.698868][ T5952] Bluetooth: hci1: command 0x0419 tx timeout
[   46.778284][ T5952] Bluetooth: hci0: command 0x0419 tx timeout
[   46.788343][ T5952] Bluetooth: hci2: command 0x0419 tx timeout
[   46.868336][ T5952] Bluetooth: hci3: command 0x040f tx timeout
[   48.778294][ T5952] Bluetooth: hci1: command 0x0419 tx timeout
[   48.858366][ T5952] Bluetooth: hci2: command 0x0419 tx timeout
[   48.858389][ T5953] Bluetooth: hci0: command 0x0419 tx timeout
[   48.938305][ T5953] Bluetooth: hci3: command 0x040f tx timeout
[   51.020137][ T5953] Bluetooth: hci3: command 0x040f tx timeout

VM DIAGNOSIS:
11:16:11  Registers:
info registers vcpu 0

CPU#0
RAX=00000000000a8c05 RBX=0000000000000000 RCX=ffffffff8b45b199 RDX=0000000000000000
RSI=ffffffff8b6cd2e0 RDI=ffffffff8bd26ce0 RBP=fffffbfff1bd2ef8 RSP=ffffffff8de07e20
R8 =0000000000000001 R9 =ffffed1005686f7d R10=ffff88802b437beb R11=0000000000000000
R12=0000000000000000 R13=ffffffff8de977c0 R14=ffffffff905fea10 R15=0000000000000000
RIP=ffffffff8b45c57f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000002f4f1ffc CR3=000000006b544000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 00c800a400000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000200000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000001 RBX=1ffff920009f3f49 RCX=ffffffff819537be RDX=0000000000000001
RSI=ffffffff8b6cd5e0 RDI=ffffffff8bd26ce0 RBP=0000000000000000 RSP=ffffc90004f9fa40
R8 =0000000000000000 R9 =fffffbfff2dc3dc1 R10=ffffffff96e1ee0f R11=0000000000000002
R12=0000000000000000 R13=ffff8880261dea38 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff81963181 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b500000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000002f401ffc CR3=0000000067d62000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 00c800a400000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000500000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=000000000000006c RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85380845 RDI=ffffffff9aacf4e0 RBP=ffffffff9aacf4a0 RSP=ffffc90004fef010
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000004
R12=0000000000000000 R13=000000000000006c R14=ffffffff853807e0 R15=0000000000000000
RIP=ffffffff8538086f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000000000000 CR3=000000004d740000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 00c800a400000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000040465 RBX=0000000000000003 RCX=ffffffff8b45b199 RDX=0000000000000000
RSI=ffffffff8b6cd2e0 RDI=ffffffff8bd26ce0 RBP=ffffed1003ad2488 RSP=ffffc9000049fe08
R8 =0000000000000001 R9 =ffffed10056e6f7d R10=ffff88802b737beb R11=0000000000000000
R12=0000000000000003 R13=ffff88801d692440 R14=ffffffff905fea10 R15=0000000000000000
RIP=ffffffff8b45c57f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00000000f7143360 CR3=000000000df80000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 00c800a400000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000500000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000