last executing test programs:

6.090739895s ago: executing program 3 (id=959):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
r1 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0xfc}, 0x18)
fanotify_init(0x40, 0x40000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r5 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x1}, 0x1c)
ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a03000000000000000000070000000900010073797a300000000064000000090a010400000000000000000700000008000a40000000000900020073797ac8d80000000900010073797a3000000000080005400000001f280011800a00010071756f7461000000180002800c000140000000000000002c0800024000000016140000001000010000000000000000000084000a"], 0xac}, 0x1, 0x0, 0x0, 0xc}, 0x20008844)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x8001})
setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000180)={'nat\x00', 0x0, 0x0, 0x0, [0x3, 0x8, 0x9bc6, 0x8, 0x4, 0x9], 0x1, 0x0, 0x0, [{}]}, 0x60)

4.939175583s ago: executing program 3 (id=962):
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x44004000)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
r1 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0xfc}, 0x18)
fanotify_init(0x40, 0x40000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r5 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x1}, 0x1c)
ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a03000000000000000000070000000900010073797a300000000064000000090a010400000000000000000700000008000a40000000000900020073797ac8d80000000900010073797a3000000000080005400000001f280011800a00010071756f7461000000180002800c000140000000000000002c0800024000000016140000001000010000000000000000000084000a"], 0xac}, 0x1, 0x0, 0x0, 0xc}, 0x20008844)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x8001})
setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000180)={'nat\x00', 0x0, 0x0, 0x0, [0x3, 0x8, 0x9bc6, 0x8, 0x4, 0x9], 0x1, 0x0, 0x0, [{}]}, 0x60)

4.628485548s ago: executing program 1 (id=964):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = gettid()
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="e677920000000000000000000074f778747324a9aa27c9b54767adc0ce59a5e5b6b27d7ba29f6a6e6265bb4b593d1a5315878cc31b4c3a2525a25c1f80aa9ed7b4abdccd810000f19d7214ffccc4b704882bf5511a2a8a97809a1797c516eef5c86139bbdc6500881b87afb5c3ace559496039b9ca8b29172b9217a9db4f193cf71c26861be5de2d114e3dfea8abd2b588cc1b11dd18b62502165d54ba9d27063300ad0e09869ae10d8ec0f0353ee26845384fe2440d9961cf9be3e5ea76ed12138e747024fb0dc1faab9db65ee932437fca68935eb21edfce308340e4ea07b1931df0b493c31f7870f66cdece91a45a0300000072bed79d7854ee6c4749b54747117b1d057c0c75b4"], 0x48)
getpgid(0xffffffffffffffff)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x3, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x27, 0xe, 0x0, &(0x7f00000005c0)="f8adda3fa41900000000c1c20261", 0x0, 0x4000, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000100))
r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f00000002c0), 0x0)
r4 = socket$inet6(0xa, 0x3, 0x84)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f0000001680)={{}, 0x0, 0x10, @inherit={0x68, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000000004000000000000000900000000000000dd09000000000000200000000000000000000000100000000000000003000000000000008100000000000000020000000000000004000000000000000900000000000000"]}, @devid})
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r2, 0x50009417, &(0x7f0000002180)={{r4}, 0x0, 0x8, @unused=[0x3, 0xc1, 0x5, 0x2], @name="77cd0194c43cb9aeb672084a797e642cdaf9bec6a43c9d28700e10c7bff62f3bcbd89a969335b958c8a3d9ade1d5b756e43c5555984a60ba41778c5693a410d71d4ae74bd1b2a28e66af6d288b5948cb5bb12c65ee4b49d3caa1625e7978e1d3376653fa6157fdcdc633815a049c1c4cf0ffc4fb2ca2ad5d0326481b8688ea8704a7779f0b97b5a08a1a64cce44cc5fa2c8bac842efd4f67515068cf682377489c6937ce641606f45f45c0b4c01ca6241c359bf9f187fac71c6ab4e3b37eb8de6a3740ef1e03293e01844736f94229d547e09e7d85f8307485f66b3e20016e974ea8355c12b6a17a97a5c67d5a7da0c431eae1dc58a3d667f5bc05adfeab601fedbf70ff0bd261e63211b110a5743d38fc99225009b06f1b1efca29edbc303237d8b3338c443a505c44eda5a90edc40e1e1fc49a4295b6c9b86a1453cafa575b500fc722501dce468d795ffa67b82992652b5d6a93ef538d7fb6057194c79a4f5289eed432bfe60609daca4e2ab2b6262c8b56f65f0e94485895ba1f83bb8ad4f14e6f6f35215fc98b0f47759fa54ee5d3936229f7c0a8d59e923859f5d9f329a97dda837d01451cb979b34a61536894fa0ac364f96ad517edb2f03dee4aa440d5106c78f2fb940afd8eebd2aaf176ac35706705e666c8f75b89538fd68ee042df071397868926a9af0eb8abb4d4f2ce9519215916d88eb507bed28c42b125f2ce764992a2881d6a68e709eced6972d58c6c24311522f90994965a2650a9f8e00f659ee9b78d1ee50776c92cc9a9fc7658224d1635cc028fcaa2673d7c6b07a10dea457cc70ce229dd30ad905c50462287ba52a3273b3d6e8a14670e48efd4a15f66bf22a74c9d0aff87007eeff9f3754810509310d0e8561419a1894559ed81ffc621ea2b18665dec31439cf43b126e1146a408b996dca0401865db1ab07c6b30bade33db994e0f840bbac4b33ea44fdbd5e2c8cfc6d410bd1bd72cc242279ffa4e0425bbf7379c4b6f0df4d90b97953f9a0c981ba058973145a9715a95787b53ad10729c9c065212c05637db9c890ccd8c8c4195d6f177fa18de20ce2c1c8f37cce8866f1dcdeefbc87292a9e8d5412769703a199c4f39d51ccabd6aa547dd0dcc5b43353f60fb8edccc53697a7e3fc0aee323e1e701a4dc72b5ea2d37414a1f8e7e5fcdd7469934911fc1bb1d30398ceec69e209e73d8e5e3ddac3cbc6f34e2f7b95d75892170803b240c838527d03b82b6c9d21668bb06a126db41f31c70017c4814d7b6d5aca5ef74317709670ca1c361647fe2e21fc800850e974b97637ed969f42688dc691a9f12cd934442e1978e2572232f27cdc58a7c4f8c4e8df7d8c9a91588b5cddeea876901df7869542a5145643450409032068e91af64e088e4af0941ba7a69e4a778bb4917a97a4c0eb5d607334572a4e44b1a4b10cfc5328aa8100942daf2aaf0ae623f7437c01799fb30e1f04534bba1eb0561dd4d29ab5194e16335aea64cc8c0ef75aee1527d4d74d242a9fd37bb85e16ba2e249bd5e47d44569ac0791b1b3941e69be2005d66441e794385c8c4e57071e6172e00ffeafd58168263d08dcbfefcfcb15af92fba00729cf7f6e93b606da6275b67b653636d96b6e56f1fc7032d0cdef853d6a75924e937ee0d945a04f0c2df19d7eab74f7e7402870620bc04f7591e15ede6e1e1dd07c903063f7677e82ae5abc68e5a24756b0ccbec1392755c6086c487fc4d607285cb9e6700ce1f78b11af5bccfa681a4c3b717d9aad2cc275a282ccc1d2f1cf88b8c3d7961ba9fc0d53d6f99415ab07ece9b2a18155f7b09f10cd89b51fa1076d70dfd017ebafc5c8db25819bd7bb659e21ecd928e1802aaedfdf6c74e369455d2dfc038d46d89272324a0a275ca62a5de76fdeaf50497cdb18473f6b568bebd415db3f9d7f8cc991b5ec95dbaf3da34cc757b1064a8716ca9ac7494821376720109b057677def88aad3a715d8c9fc8fc4a5e0ee06a2192d22dccf034bb26e419fc4d565895d8e2e7bbfb27c788890311ae615527737a326ecee80ecdb73763bd8660c7e43af1a32d22ce9dce125116d62ef11a52d477a3a38f31e0e4382124fe2082e3277c40c87ba24a5f64f0c553503d3370bc1db1d16cbd88b9c2d99c2c7bb0bb535fb9762d478439ce642550ca387ddf4bb4ff35490edae71a3c75ac392c5f0de1c94f1b812dee9c1c17acf76bb083f9949df5d5372ecaba9eebef020caa03553c19b91386b9408e434cfcc7184f9fe7776d71ed504dbb4af485736a5c01651ab45054359596272917059de133fbdd58b63248703b2cd0292356f24939d42eb89ce6c1eb731c2b771573f373cb49834649acc3409fe8ff5b1bc3dada149a3ef35c459cef02fe750f15ad9303fa2a83a955e70a486d00507a1b2d9eeccbeba5e7bde275cb8251cf41c81ecb670de526ac9ecfc0fae172f8377d2fcab35840a5ae60ad08da51061845ad461b6ffa906d7773df97af10966b2888cad98314e7ce1e0db65c6cbefe5d5a076437d0846ca4211d5f2009ecbf28e3183d82422147c9ad42421b7eb8f769974f00debd03e9f91dce1af0a4e18a99361ce0eeb420c86a6969a17fed6049de258799530a4e471b80f0ea457b89283c0d50163ecb50d112767d92166efaa423b5de09307a5745b3069c0a4705d4a564b1de36a6a44ea4daad6fa1e20d38165152c5fb1158e85ac007e17e66eb9a52fb98ebf9dc39d0f84687d48f8455b2d1320a8278690537fc091da3ad8f18cb1b45b57b6c387ed71006c347d474d3d922ede656cb6a4139924257ed076a8c961c191989ea5533881e802b2316aeb9848ead699509cf93afa39fb48ecacf9aad7fd2087a686cff89f7dec3d008b77a96cc9292ef1153dc95c348244681308fdb8ce66c28bf9c9b8d0acd6b055850c3360e8dc6b12a8f99185038e3ff17babf214728497b882203bc246bdc454b5ab92084d4f99b0da641045efcda25875350591ed297e860357f86ff026fe0aa6172c20d620a7175660904cdb05e2b7dc8607dd58c3ef154b66aa7b65294cfeb25c932c34181c88b2e1155d19d6f4b6476193c03d1f03db4fd1e02ebaffd219a91eca5dae13fe4e8c1f58970dfbdf4467cd5a36d1b2690f6e2c5069c16be6ef8e224aff3455dba184d6c7ab568bcf68f45afffaa4c113d4815a316674adf3eaef3dda8c1932e8c7d5d207d0b64c9d8e6564da184e9c82d6fe3e32eee96fbf92bbad298238fe8b60d6c672a0da033abda51247be747adbf8dfe1fc73aaa0506bc4cb2e0aacdaf8af427aa80b4b76c3bc55232362f460af67cdde8d9beff999108f20bc5398cd58f96f81c942a9bdfbbdcfa6b4f8cac5dc37490ba28d37c099082f4114fb678d9fc1f30b9ec2a2020ce00b34d31ebf07a48f3b88850cd7af3a147fb8057e66cdb3fd012ba53a0d421afc0900753ccf95d61b63f4ed9bf3b0610ca52d7631a28588991bf4c661e6b9fe766151b15e1e8325523b411c69be65d4f0bb4777ac722f930c1703a0bbaa3b3c9b6fdb7c914a4249360bd9c105462d75dd89c7dc651fd110c4fa1fdfed66e2b5da49a8e30a45a7f2868b62e19c39338595c3c081ed48f6c4097751bdf370b3aa8884386eeded80a54ef8c447730d1e80820ad2a4768ce9d792ace37b10a92970d7148e2cff9c4579adf28afc800e0da82e97ed6c0e399db14c50f8d8b78728e6460a39f8b9742063efc96811472ee6be773579038e11e9c6e1751267d71f7c28bc111cf9d3522a19998babec4ba9625781ec4ea5cbfb1a2a5d78dd0d888b07a0a5b061cc78030e86461d3cedebf7c196c0979b18b28c5946b07f844add59a608e641babf535b110b8bf11454b688d4b4948d9d82877ec59a8bc2cb8de77fa12da176b314c0605144ee72b17f15e4f739eee7f2f7a0b956dafc272136dadc4ae3cd4f1d88097413ac6096da4e9add490c6ef913f6912e43f68e95d3f9ef980877ed631df763afa1f63235d7cb8f6f67a328bacf379333c9323a25b06f9dfedc7784dd0add593790be68fcde59efce9d046004ff1a4632850d4f800a5bb2ccab8c1d8361f5baaacc64bf8a93d7b22746bb91e323cc31a7ff914ab64c18eb5a699463998d2787f8fdd296c3619602876fe7fd774f17a6ae5ad96c0423b727b26d2eaca51fa19a2c9a71e83bf668fd7224283fd67cb565456c07e5c7e68f9799e38f66675c93d38858909fcc2211729df2be282756a626e0fad30e979fe706c895c4cfd960bc319f2344d60447c85596a9c59d697c218b9e244e460a17fb8c680fe332ff5d3fc7468f624ef114cd2a8b4d4788eab55f3a9f0cbcc8556d3c2554dbcf7db0aa721514439621cfa24db8556d092324daca799342be0d35e69365baabf312f4376071e57cff4e13e6c5a5cb74a9f14cb96ffd2a5865b878dccbb0d274775e08f7f96ffe250b98b271a684e652415fde155f4ea17ed5ec0148975875c1df4fca5201a9c24d4e9a0efdbf2609dafb9f464df3a461d0907f8a4e824f3bf8470c7ba43eb3ec17f8cbe700b3b5356a9bb69a111deb37dde6d2d104bdf016586a2269cf263995a95bd15de92dae7e586ab4df7adab5bd4f4a15b2240920fec6aecf45112a0850fa946eba73db80792017b10e7f2cb74bb980cda311c0536d475f85ff35f4348a146a6b82f803e35e0ec07ace081fbc209d3fe1c33be216d094239933aa08aa5baa88addcaa13c50a19704d0b3331e0daaedf58ed4d89bd69731e7fe649ab2acad82130ceb50c885cf48aeb05fbd819c8b079266f4ab191e0af41e91ed4c2e410d6b8fc92b7679909ded370720f8917a3e4b3917cbc613e9d6e3fa47dd578fef0a7a11bb3dcc806c028fa8a1ef1f54572f477644a6e8bbdf2715fc89a13973b4520398d5dd42e40ec40685bfb95fa6138f96788d632b38060b1782f289fcbb8b79c9d6166b8c6d536d1ea5d562600ce2936e4021d66d4781812bc043206f2c3a39fe60d7758368090e6b4260e6cc7d8533a56989261ab8dfd97dcbcc0b0194941cd91bcc41c0f327795772602b4ab3990920a3242028fadd6dd7527c751dba804b13cfc13d4be80198ecc5aefd9d0e9953ea9203db3b0ec5aced949bdc764c1142f74e3a0a5a320672f1077fc17c5394f192e3b58ba41648830278a4835b32ea93aff6a3b2c754cdf38282c9e6e1f51e0cd9f1e59deeccc74c94c942ae4149d6b4a067333ba74b69b9681648f384f0c41aeb4e6f2573282a2b33beec17f73dab272328b4b101457329c62ac820a10b193aad8a25a299500c5539e7143f4f5e896448219fa7cc799d2a201563477de7d378d88aea9fe014c971611b4af67dfc31b77c0f2ffdc8cde5303a1f24235bb6494441f605c09976288d7e33fda4d10a3f05c064d994626d0f8895e66dddeab4127389072c1720c159ad1c7d0f528fe30e2ec63581b6fb10df6419244a2a20788f74ec6ef201d05ad46b84e017c19d231e4299d63a409442a0c728fd7b8da7eb07a94fd27f561091067c6b51fadf04c5f5db974a1235c9d9f6348baf58267f1d3bbe92cc2961d4345e102c16bd6a7086b0c796b6bc87da3e6d5e51657d75cd4ff3c4a92f3c0cd77de39aa1677be2a5319e472ef73abfedf8f773dae31ea99993c8b2b98a1d60ca204f67485718144ee21985ca76b69c1c29eefa8d41080cd1ca9dd59d5fec65bab64f802467f3bbd7"})
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r6 = socket$packet(0x11, 0x2, 0x300)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r8, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r9=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="6800000010000100"/20, @ANYRES32=r9, @ANYBLOB="0000000000000000480012800e0001006970366772657461700000003400028008000100", @ANYRES32, @ANYBLOB="55000600fe8000000e0082000000000000000055060007"], 0x68}, 0x1, 0x0, 0x0, 0x810}, 0x140)
sendto$packet(r6, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @random="ad446050e878"}, 0x14)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x5000, 0x0, @loopback, 0x5}, 0x1c)
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)
read$qrtrtun(r3, 0x0, 0xeffd)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
syz_emit_ethernet(0x36, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x1}}}}}}, 0x0)

3.839559887s ago: executing program 3 (id=968):
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44004000)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0xfc}, 0x18)
fanotify_init(0x40, 0x40000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r5 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x1}, 0x1c)
ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0})
r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a03000000000000000000070000000900010073797a300000000064000000090a010400000000000000000700000008000a40000000000900020073797ac8d80000000900010073797a3000000000080005400000001f280011800a00010071756f7461000000180002800c000140000000000000002c0800024000000016140000001000010000000000000000000084000a"], 0xac}, 0x1, 0x0, 0x0, 0xc}, 0x20008844)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x8001})
ioctl$sock_bt_hidp_HIDPCONNDEL(r6, 0x400448c9, 0x0)
setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000180)={'nat\x00', 0x0, 0x0, 0x0, [0x3, 0x8, 0x9bc6, 0x8, 0x4, 0x9], 0x1, 0x0, 0x0, [{}]}, 0x60)

3.689550154s ago: executing program 0 (id=969):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a70000000060a0b0400000000000000000200000044000480400001800a0001006d6174636800000030000280080002400000000118000300d6feffffffffffffff537c4c3060c6a405106c720a0001006f776e65720000000900010073797a30000000000900020073797a32"], 0x98}}, 0x4048010)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050028bd7000000000001200000008000300", @ANYRES32=r5, @ANYBLOB="0a00060008021100000000001e001f"], 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x24000000)
write$UHID_CREATE2(r2, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r2, 0x0)
socket$kcm(0xa, 0x5, 0x11)
pipe(&(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
setsockopt$XDP_UMEM_REG(r7, 0x11b, 0x4, &(0x7f0000000280)={&(0x7f0000000140)=""/51, 0xbf12ae2308811dc1, 0x1000, 0x5d, 0x2}, 0x1c)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8000000000, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0xfffffffffffffffc}, 0x0, 0x0)
write(r7, &(0x7f0000000240)="94", 0x1)
tee(r6, r8, 0x8f5, 0x100000000000000)
ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000000)={0x14, 0x7b52e4aff0f1e2e4, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

3.68896064s ago: executing program 1 (id=970):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000300)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002040)={0x18, 0x3, &(0x7f0000000540)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x3}, 0x94)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c09425, &(0x7f0000000380)={"b8e50a31a002b94fcd8fc4db3056309d", 0x0, 0x0, {0x7, 0x100}, {0xffffffffffffff7b, 0x5}, 0x51, [0x7, 0x33d, 0xe, 0x2, 0x9, 0x8, 0xd8e, 0x7fc0000, 0x5, 0x0, 0x6, 0x3, 0x5, 0x800000000049, 0x1, 0xc]})
openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x6, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0xffffffffffffff7c, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
sched_setattr(r1, &(0x7f0000000000)={0x38, 0x5, 0x18, 0x3, 0x1, 0x3, 0x605, 0x1, 0x6, 0x9}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee7, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0xfffffffffffffeef, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000800)=ANY=[@ANYBLOB="611234000000000061134c0000000000bf2000000000000015000200000001103d030100000000009500000000000000bc26000000000000bf67000000000000070300000fff070067020000030000001606000000000078bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f909ad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305865050df26469fac5202d6293c3d5e11f4f83e7455baeeba4f"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f00000003c0)={@in={{0x2, 0x4e20, @multicast2}}, 0x0, 0x0, 0x3a, 0x0, "33d080577968b3107694c2858f48c27f17ef54caf822abcfad9399c494d846140482c7e40195d5f034a72c69ed7330f3000f530ff9525fad6b3db9851a4354d70cc3734d319f852c370cbc9e69c75987"}, 0xd8)
r5 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xa0, 0x8, [{{0x9, 0x4, 0x0, 0xfe, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0xffff, 0xfd, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0x0, 0xfd}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io(r5, &(0x7f0000000040)={0x18, &(0x7f0000000140)={0x40, 0x22, 0x3b, {0x3b, 0xb, "1eb9b1d7080b5c858c9a943606cd17b21b8d6cd7b7d6631781c8942b96076d29fa148419fc9cc80b6abcfa1800000000000000f200000078b3"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
r6 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x1)
ioctl$I2C_SMBUS(r6, 0x720, &(0x7f0000000580)={0x0, 0xc, 0x1, 0x0})

2.858266189s ago: executing program 3 (id=974):
r0 = socket$kcm(0x10, 0x2, 0x10)
r1 = syz_usb_connect$uac1(0x3, 0xcf, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xbd, 0x3, 0x1, 0x6, 0x180, 0x1, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x70, 0x4}, [@output_terminal={0x9, 0x24, 0x3, 0x5, 0x303, 0x5, 0x1, 0x3}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x8, 0x3, 0x96, 0xfe, "de01", "81"}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x2, 0x5c2, 0x4, "caccb1c1"}, @as_header={0x7, 0x24, 0x1, 0x1, 0x8, 0x5}, @format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x9, 0x4, 0xc4, 0x9, "64314503b6"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x5, 0x3, 0x7f, 0x0, "4d9168", "9c0a"}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0x1d, 0x4, 0x0, 0x3, "4a963cbe291af9b0"}]}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x4, 0xb9, 0x4, {0x7, 0x25, 0x1, 0x0, 0x80, 0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0xf0, 0x3, 0x4, 0x2, "15476f5a"}]}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0x8, 0xc, 0xfd, {0x7, 0x25, 0x1, 0x3, 0x5, 0x401}}}}}}}]}}, &(0x7f0000000500)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x110, 0x2, 0x81, 0x6, 0x8, 0x1}, 0xf, &(0x7f0000000200)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x2, 0xe, 0x9, 0x71c}]}, 0x8, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x1001}}, {0xa7, &(0x7f0000000280)=@string={0xa7, 0x3, "a8db60aa99c8cd6632671abbfebba0ce531e7d0fc5a773e2c39495199fa4afc2e279e734a7f73fc7e53ac679c89f335375a446832d699f954d1133657d4d0fd9c3146e1760fe1b6ba99dc4b345475b12147a7c589a0b67c7017f0b6872349b7f9d4c52f7edd3ff3cd91743555d37895f383a7369fe31f921cbc0e5d1b497cf7e8ce6fe7f38fd062e14b8aff393aa2692e2484fdb2728d9f5cfe70f0545f88f810732144d77"}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x4ff}}, {0x5f, &(0x7f0000000380)=ANY=[@ANYBLOB="5f03ecf15e216a394078b2cacf0335b3e5cda0b736b05bb451e705aab1832d861184f4265f1642c0a1681097cdcadac34eca780708d1ac8dbcde7f1084dcc081bf27ae4f4eae592ff3d0e92428316a9749b9c93b6c7695211d9a7fabcd0167"]}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x401}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x412}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x860}}, {0xa, &(0x7f00000004c0)=@string={0xa, 0x3, "cf8f3ffa6f6b1f2f"}}]})
syz_usb_control_io$uac1(r1, &(0x7f00000006c0)={0xc, &(0x7f0000000580)={0x20, 0x23, 0x32, {0x32, 0x23, "5db3401756a84514e1452c155080682671b39a7969251e43e39b8b1a7c92441f21a6829fbeb36fd1493c99e17829dded"}}, &(0x7f00000005c0)={0x0, 0x3, 0xda, @string={0xda, 0x3, "de968f73b0bf42ce3a6467a96e9adf5f9cb4d36d24e67c8d429b76783bbcc31f00d14a1d3aeb909a7fd041925003453051d4418b93c5db784e76d85cf958f1109fcc2842e6b1e982c7498751e24d3e9f7564b0878e4e58f0315063dd42c0c1dd818cc0bdd056e23c7ecf8d196185791a4d3238c690fca5cb977d580728d2f27e38fc9323a579096d366fe6a83a265ab7ac3783da9491737649d490813e6599b51a64c6cea00a61c3e044f55d4687b9e820e36209025aabbdfd75a6e7ac1541088c637a2559c03c085d33a3eef05f4bd05a19a0ff8345bd93"}}}, &(0x7f0000000900)={0x24, &(0x7f0000000700)={0x20, 0xf, 0x15, "17074cd38faab3d3d4f5ec751fc61f444625e249f8"}, &(0x7f0000000740)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000780)={0x0, 0x8, 0x1, 0xf}, &(0x7f00000007c0)={0x20, 0x81, 0x2, "36a2"}, &(0x7f0000000800)={0x20, 0x82, 0x3, 'y\t['}, &(0x7f0000000840)={0x20, 0x83, 0x3, "024aa2"}, &(0x7f0000000880)={0x20, 0x84, 0x3, "92ef2a"}, &(0x7f00000008c0)={0x20, 0x85, 0x3, "e62dd8"}}) (async)
syz_usb_control_io$uac1(r1, &(0x7f00000006c0)={0xc, &(0x7f0000000580)={0x20, 0x23, 0x32, {0x32, 0x23, "5db3401756a84514e1452c155080682671b39a7969251e43e39b8b1a7c92441f21a6829fbeb36fd1493c99e17829dded"}}, &(0x7f00000005c0)={0x0, 0x3, 0xda, @string={0xda, 0x3, "de968f73b0bf42ce3a6467a96e9adf5f9cb4d36d24e67c8d429b76783bbcc31f00d14a1d3aeb909a7fd041925003453051d4418b93c5db784e76d85cf958f1109fcc2842e6b1e982c7498751e24d3e9f7564b0878e4e58f0315063dd42c0c1dd818cc0bdd056e23c7ecf8d196185791a4d3238c690fca5cb977d580728d2f27e38fc9323a579096d366fe6a83a265ab7ac3783da9491737649d490813e6599b51a64c6cea00a61c3e044f55d4687b9e820e36209025aabbdfd75a6e7ac1541088c637a2559c03c085d33a3eef05f4bd05a19a0ff8345bd93"}}}, &(0x7f0000000900)={0x24, &(0x7f0000000700)={0x20, 0xf, 0x15, "17074cd38faab3d3d4f5ec751fc61f444625e249f8"}, &(0x7f0000000740)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000780)={0x0, 0x8, 0x1, 0xf}, &(0x7f00000007c0)={0x20, 0x81, 0x2, "36a2"}, &(0x7f0000000800)={0x20, 0x82, 0x3, 'y\t['}, &(0x7f0000000840)={0x20, 0x83, 0x3, "024aa2"}, &(0x7f0000000880)={0x20, 0x84, 0x3, "92ef2a"}, &(0x7f00000008c0)={0x20, 0x85, 0x3, "e62dd8"}})
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)

2.759628529s ago: executing program 0 (id=975):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000340), 0x88500, 0x0)
open$dir(0x0, 0x2100, 0xc2)
r1 = fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x1)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r3 = epoll_create1(0x80000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x800000000000193, 0x0)
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r4, &(0x7f0000000040)={0xc000000a})
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000000)={0xb000200e})
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r3, &(0x7f0000000140)={0xa0004013})
epoll_wait(r5, &(0x7f0000000280)=[{}], 0x1, 0x4000005)
close_range(r2, r0, 0x0)
fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000100)='mand\x00', 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x1, 0x3)
fcntl$dupfd(r0, 0x406, r1)
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9)
r6 = socket$netlink(0x10, 0x3, 0x13)
unshare(0x22020600)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000280)='./file1\x00', &(0x7f0000000240)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f00000002c0)='./file1\x00')
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r7, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x800000000009, 0xa, 0x8000000000004, 0x3, 0x0, 0xffffffffffffffff, 0x3, 0xffffffff})
r8 = syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/mnt\x00')
setns(r8, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)

2.759332421s ago: executing program 2 (id=976):
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x44004000)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
r1 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0xfc}, 0x18)
fanotify_init(0x40, 0x40000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r5 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x1}, 0x1c)
ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a03000000000000000000070000000900010073797a300000000064000000090a010400000000000000000700000008000a40000000000900020073797ac8d80000000900010073797a3000000000080005400000001f280011800a00010071756f7461000000180002800c000140000000000000002c0800024000000016140000001000010000000000000000000084000a"], 0xac}, 0x1, 0x0, 0x0, 0xc}, 0x20008844)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x8001})
setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000180)={'nat\x00', 0x0, 0x0, 0x0, [0x3, 0x8, 0x9bc6, 0x8, 0x4, 0x9], 0x1, 0x0, 0x0, [{}]}, 0x60)

1.849802886s ago: executing program 0 (id=977):
syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/uts\x00')
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1c0000, 0x1, &(0x7f0000000040))
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x48c00, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{0x0}], 0x1)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge0\x00'})
socket(0x10, 0x80002, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000080), 0x4a)
sendmmsg$inet(r1, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)

1.848768639s ago: executing program 2 (id=978):
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = dup(0xffffffffffffffff)
write$6lowpan_enable(r0, &(0x7f0000000000)='0', 0xfffffd2c)
r1 = socket(0xa, 0x3, 0x3a)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000000700000006000000000000100000000000612e615f2e00"], 0x0, 0x2b, 0x0, 0x8, 0x6}, 0x28)
setsockopt$MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private0, 0x809}, {0xa, 0x8, 0x0, @empty}, 0x2, {[0x0, 0x1, 0xfffffffe, 0x0, 0xffffffff]}}, 0x5c)
setsockopt$MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, 0x0, {[0x1, 0x0, 0x0, 0x0, 0x9]}}, 0x5c)
setsockopt$MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f00000001c0)={{0xa, 0x0, 0x6, @remote}, {0xa, 0x4e24, 0x4, @mcast1}, 0x0, {[0x0, 0x7, 0x1000, 0x0, 0x0, 0x0, 0x3]}}, 0x5c)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001840)={0x0}}, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000300))
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0xfff)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002140)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
preadv(r6, &(0x7f0000000180)=[{&(0x7f0000000240)=""/52, 0x34}], 0x1, 0x0, 0x0)

1.707491243s ago: executing program 0 (id=979):
syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
io_setup(0x6, &(0x7f0000001380))
r0 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00')
iopl(0x3)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
getsockopt$ax25_int(r0, 0x101, 0x0, &(0x7f0000000000), &(0x7f0000000040)=0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
shmget$private(0x0, 0x1000, 0x20, &(0x7f0000ffc000/0x1000)=nil)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r3 = io_uring_setup(0xf08, &(0x7f0000000780)={0x0, 0xfb6e, 0x38c1, 0x3, 0xf0})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000000c000/0x1000)=nil, &(0x7f000001f000/0x1000)=nil, &(0x7f0000015000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f000000c000/0x4000)=nil, &(0x7f000001d000/0x3000)=nil, &(0x7f0000012000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68)
io_uring_register$IORING_REGISTER_FILES(r3, 0x20, &(0x7f0000000000)=[r3], 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r2}, 0x18)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
setpriority(0x0, 0x0, 0xacf0165)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x6a, 0x1)
iopl(0x4)

1.70697479s ago: executing program 1 (id=980):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44004000)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0xfc}, 0x18)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x1}, 0x1c)
ioctl$UFFDIO_COPY(r5, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0})
r7 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a03000000000000000000070000000900010073797a300000000064000000090a010400000000000000000700000008000a40000000000900020073797ac8d80000000900010073797a3000000000080005400000001f280011800a00010071756f7461000000180002800c000140000000000000002c0800024000000016140000001000010000000000000000000084000a"], 0xac}, 0x1, 0x0, 0x0, 0xc}, 0x20008844)
ioctl$sock_bt_hidp_HIDPCONNDEL(r7, 0x400448c9, 0x0)
setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f0000000180)={'nat\x00', 0x0, 0x0, 0x0, [0x3, 0x8, 0x9bc6, 0x8, 0x4, 0x9], 0x1, 0x0, 0x0, [{}]}, 0x60)

1.706661407s ago: executing program 2 (id=981):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c00000011000100900051230000400007000000", @ANYRES32, @ANYBLOB="00000000000000001c001a801800058014000680080001"], 0x3c}}, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001300290a000000000000000007000300", @ANYRES32=r1, @ANYBLOB="00000132ae57f60014001a80100005800c0005"], 0x34}, 0x1, 0x0, 0x0, 0x4000801}, 0x0)

1.639975223s ago: executing program 2 (id=982):
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
close(0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x64)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@getchain={0x23, 0x66, 0xfcd66a900070b359}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x40026102, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x20000000}, 0x4c)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r4, &(0x7f0000000000)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r1, &(0x7f0000000300)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x4000001}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48)
r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000180)=0x5)
ioctl$TIOCGLCKTRMIOS(r6, 0x5456, 0x0)
listen(r5, 0x46)
sendmsg$nl_generic(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40001}, 0x0)
socket$packet(0x11, 0x3, 0x300)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)

1.399437972s ago: executing program 3 (id=983):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44004000)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0xfc}, 0x18)
fanotify_init(0x40, 0x40000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x1}, 0x1c)
ioctl$UFFDIO_COPY(r5, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0})
r7 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a03000000000000000000070000000900010073797a300000000064000000090a010400000000000000000700000008000a40000000000900020073797ac8d80000000900010073797a3000000000080005400000001f280011800a00010071756f7461000000180002800c000140000000000000002c0800024000000016140000001000010000000000000000000084000a"], 0xac}, 0x1, 0x0, 0x0, 0xc}, 0x20008844)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x8001})
ioctl$sock_bt_hidp_HIDPCONNDEL(r7, 0x400448c9, 0x0)
setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f0000000180)={'nat\x00', 0x0, 0x0, 0x0, [0x3, 0x8, 0x9bc6, 0x8, 0x4, 0x9], 0x1, 0x0, 0x0, [{}]}, 0x60)

1.279549411s ago: executing program 2 (id=984):
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
fchdir(r0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
close(0x3)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$rxrpc(0x21, 0x2, 0xa)
io_setup(0x2, &(0x7f0000000000)=<r5=>0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5)
syz_clone3(&(0x7f0000000300)={0x23800000, &(0x7f0000000040)=<r6=>0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_submit(r5, 0x1, &(0x7f00000001c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r6, 0x0}])
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x3c, 0x2, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x0}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4004800}, 0x20004000)
semctl$SEM_INFO(0x0, 0x2, 0x13, &(0x7f0000000140)=""/26)
r8 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r8, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r9 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0xa5a1, 0x400, 0x7, 0x285}, &(0x7f00000004c0)=<r10=>0x0, &(0x7f0000000280)=<r11=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r10, r11, 0x0)
io_uring_enter(r9, 0x40f9, 0x217, 0xa5, 0x0, 0xf5)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)

1.217081161s ago: executing program 2 (id=985):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0xfffffffd, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newqdisc={0x118, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xffe0}, {0xffff, 0xffff}, {0xfff1, 0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}, @qdisc_kind_options=@q_tbf={{0x8}, {0x4}}, @qdisc_kind_options=@q_pie={{0x8}, {0x2c, 0x2, [@TCA_PIE_TARGET={0x8, 0x1, 0x5b}, @TCA_PIE_BETA={0x8, 0x5, 0x17}, @TCA_PIE_TARGET={0x8, 0x1, 0x9}, @TCA_PIE_ALPHA={0x8, 0x4, 0x3}, @TCA_PIE_TARGET={0x8, 0x1, 0x9}]}}, @TCA_RATE={0x6, 0x5, {0x9, 0x5}}, @TCA_STAB={0x9c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x2, 0x2, 0x3ff, 0x200000, 0x0, 0x2, 0x4}}, {0x4}}, {{0x1c, 0x1, {0x6, 0x80, 0xffff, 0x400, 0x1, 0x6, 0xa0, 0x1}}, {0x6, 0x2, [0x3]}}, {{0x1c, 0x1, {0x2, 0xe, 0x8, 0x8, 0x1, 0x9, 0x2, 0x8}}, {0x14, 0x2, [0x6, 0x5, 0x81, 0xfff8, 0x800, 0x2, 0xd, 0x5]}}, {{0x1c, 0x1, {0xe1, 0x2, 0x401, 0x7, 0x2, 0x2, 0x1a06, 0x1}}, {0x6, 0x2, [0x9]}}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x8001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r8, {0xf000, 0xffff}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0x4}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={0x0, 0x40}}, 0x0)
r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000040)=0x14)

1.21159292s ago: executing program 1 (id=986):
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x44004000)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
r1 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0xfc}, 0x18)
fanotify_init(0x40, 0x40000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r5 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x1}, 0x1c)
ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a03000000000000000000070000000900010073797a300000000064000000090a010400000000000000000700000008000a40000000000900020073797ac8d80000000900010073797a3000000000080005400000001f280011800a00010071756f7461000000180002800c000140000000000000002c0800024000000016140000001000010000000000000000000084000a"], 0xac}, 0x1, 0x0, 0x0, 0xc}, 0x20008844)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x8001})
setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000180)={'nat\x00', 0x0, 0x0, 0x0, [0x3, 0x8, 0x9bc6, 0x8, 0x4, 0x9], 0x1, 0x0, 0x0, [{}]}, 0x60)

659.089997ms ago: executing program 0 (id=987):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1e, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x7, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x10000000}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57)
r4 = add_key$user(&(0x7f00000001c0), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000240)="b1", 0x1, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000140)=@secondary)
keyctl$KEYCTL_MOVE(0x1e, r4, 0xffffffffffffffff, 0x0, 0x0)
r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x0)
fchdir(r6)
r7 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
ftruncate(r7, 0x2007ffb)
sendfile(r7, r7, 0x0, 0x1000000201005)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
mq_timedsend(r7, 0x0, 0x0, 0x7, &(0x7f0000000000)={0x77359400})

448.439504ms ago: executing program 0 (id=988):
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket(0xa, 0x3, 0x3a)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000000700000006000000000000100000000000612e615f2e00"], 0x0, 0x2b, 0x0, 0x8, 0x6}, 0x28)
setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private0, 0x809}, {0xa, 0x8, 0x0, @empty}, 0x2, {[0x0, 0x1, 0xfffffffe, 0x0, 0xffffffff]}}, 0x5c)
setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, 0x0, {[0x1, 0x0, 0x0, 0x0, 0x9]}}, 0x5c)
setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f00000001c0)={{0xa, 0x0, 0x6, @remote}, {0xa, 0x4e24, 0x4, @mcast1}, 0x0, {[0x0, 0x7, 0x1000, 0x0, 0x0, 0x0, 0x3]}}, 0x5c)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001840)={0x0}}, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000300))
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r5 = dup3(r4, 0xffffffffffffffff, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0xfff)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000580), 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002140)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
preadv(r7, &(0x7f0000000180)=[{&(0x7f0000000240)=""/52, 0x34}], 0x1, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x2, &(0x7f0000000440)=ANY=[@ANYBLOB="8500d6c8c8bc4fe997f99e710000ae008c281a89017c24c4879747c9b1c8027c437b7edba295c6c1f902f61c5366e811d66fb900a58d97db05734bf2a9b2605dab7c93fb8ad85830456b0b7e8b1ceaa7d64d3cd4589b4ed4306b5a35368f9e4699f771aca7f69a5c4ee23d223de4d0171e0b9a15334165b89dc165e160fc46c000e93ae934dd54e4395ea5050f637e8f40a9ea15f8bbef4a79a82e461d61f4f4f52b95513d31255b56b28e5533583a8d72ef95"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)

289.859767ms ago: executing program 3 (id=989):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x6, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x4854}, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff30, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r4 = dup(r3)
write$6lowpan_enable(r4, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@ipv4_delroute={0x4c, 0x19, 0x901, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x1}, [@RTA_DST={0x8, 0x1, @dev}, @RTA_GATEWAY={0x8, 0x5, @private=0xa010102}, @RTA_ENCAP={0x18, 0x16, 0x0, 0x1, @LWTUNNEL_IP6_SRC={0x14, 0x3, @local}}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x4}]}, 0x4c}}, 0x0)

79.831625ms ago: executing program 1 (id=990):
r0 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x1)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000580)={0x0, 0xc, 0x1, 0x0})

0s ago: executing program 1 (id=991):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi0\x00', 0x400, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
capset(0x0, &(0x7f0000000140))
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dffefffffffffffffff60a64c9f4080003fe060100000400020011b53631", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x44010)
prctl$PR_SET_PTRACER(0x59616d61, r2)
prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffd000/0x2000)=nil)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c)
r5 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$vim2m_VIDIOC_QUERYBUF(r5, 0xc044560f, &(0x7f0000000080)=@mmap={0x0, 0x2, 0x4, 0x0, 0x7, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10110401"}})
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c, &(0x7f0000000380)=[{0x0}], 0x1}, 0x4048043)
dup(0xffffffffffffffff)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f00000000c0)={'comedi_bond\x00', [0x2f, 0x80, 0x10006, 0x4, 0x1, 0xcc7, 0x8, 0x17, 0xa, 0x24c, 0xfff, 0x7, 0x5, 0x5, 0x4, 0x105, 0x8, 0x2, 0x2009, 0x1, 0x89, 0x6, 0x0, 0x20001e5a, 0x1000b, 0x7, 0x9, 0x8, 0x6, 0x401, 0xfffffffd]})
getsockname$packet(r0, &(0x7f0000000600)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r6, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="6c000000100003052dad7000000000", @ANYRES32=0x0, @ANYBLOB="0000000000100000140012800800010067726500080002800400120008000a00", @ANYRES32=r6, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x2000000)

kernel console output (not intermixed with test programs):

t 1(bridge_slave_0) entered blocking state
[   52.728383][ T5947] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.731691][ T5947] bridge_slave_0: entered allmulticast mode
[   52.735711][ T5947] bridge_slave_0: entered promiscuous mode
[   52.739361][ T5938] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.741876][ T5938] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.744613][ T5938] bridge_slave_0: entered allmulticast mode
[   52.747279][ T5938] bridge_slave_0: entered promiscuous mode
[   52.754123][ T5938] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.757242][ T5938] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.760481][ T5938] bridge_slave_1: entered allmulticast mode
[   52.764079][ T5938] bridge_slave_1: entered promiscuous mode
[   52.778695][ T5947] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.781708][ T5947] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.784730][ T5947] bridge_slave_1: entered allmulticast mode
[   52.787676][ T5947] bridge_slave_1: entered promiscuous mode
[   52.909227][ T5947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   52.935382][ T5938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   52.956228][ T5942] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.958737][ T5942] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.961788][ T5942] bridge_slave_0: entered allmulticast mode
[   52.964839][ T5942] bridge_slave_0: entered promiscuous mode
[   52.969001][ T5947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.002007][ T5938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.006231][ T5942] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.008852][ T5942] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.012060][ T5942] bridge_slave_1: entered allmulticast mode
[   53.016650][ T5942] bridge_slave_1: entered promiscuous mode
[   53.041480][ T5951] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.045105][ T5951] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.048028][ T5951] bridge_slave_0: entered allmulticast mode
[   53.051919][ T5951] bridge_slave_0: entered promiscuous mode
[   53.056705][ T5951] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.059895][ T5951] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.063271][ T5951] bridge_slave_1: entered allmulticast mode
[   53.067203][ T5951] bridge_slave_1: entered promiscuous mode
[   53.188578][ T5942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.192558][ T5947] team0: Port device team_slave_0 added
[   53.220962][ T5951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.228728][ T5938] team0: Port device team_slave_0 added
[   53.234728][ T5942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.239504][ T5947] team0: Port device team_slave_1 added
[   53.243851][ T5951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.249305][ T5938] team0: Port device team_slave_1 added
[   53.407133][ T5942] team0: Port device team_slave_0 added
[   53.410708][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_0
[   53.413137][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   53.421511][ T5947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   53.427792][ T5951] team0: Port device team_slave_0 added
[   53.431170][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_0
[   53.434249][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   53.444765][ T5938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   53.451094][ T5942] team0: Port device team_slave_1 added
[   53.454897][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_1
[   53.457764][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   53.470079][ T5947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   53.476151][ T5951] team0: Port device team_slave_1 added
[   53.478635][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_1
[   53.481678][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   53.492476][ T5938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   53.567868][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_0
[   53.570090][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   53.579234][ T5942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   53.584290][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_1
[   53.587223][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   53.596102][ T5942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   53.600433][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_0
[   53.603846][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   53.615483][ T5951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   53.652294][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_1
[   53.655492][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   53.666402][ T5951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   53.695955][ T5947] hsr_slave_0: entered promiscuous mode
[   53.699341][ T5947] hsr_slave_1: entered promiscuous mode
[   53.738566][ T5938] hsr_slave_0: entered promiscuous mode
[   53.741918][ T5938] hsr_slave_1: entered promiscuous mode
[   53.745900][ T5938] debugfs: 'hsr0' already exists in 'hsr'
[   53.747923][ T5938] Cannot create hsr debugfs directory
[   53.780957][ T5942] hsr_slave_0: entered promiscuous mode
[   53.783342][ T5942] hsr_slave_1: entered promiscuous mode
[   53.785409][ T5942] debugfs: 'hsr0' already exists in 'hsr'
[   53.787299][ T5942] Cannot create hsr debugfs directory
[   53.843716][ T5951] hsr_slave_0: entered promiscuous mode
[   53.846179][ T5951] hsr_slave_1: entered promiscuous mode
[   53.848517][ T5951] debugfs: 'hsr0' already exists in 'hsr'
[   53.850482][ T5951] Cannot create hsr debugfs directory
[   54.103506][ T5944] Bluetooth: hci1: command tx timeout
[   54.112893][ T5944] Bluetooth: hci3: command tx timeout
[   54.112950][   T64] Bluetooth: hci0: command tx timeout
[   54.115066][ T5939] Bluetooth: hci2: command tx timeout
[   54.257266][ T5947] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   54.265770][ T5947] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   54.273244][ T5947] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   54.286045][ T5947] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   54.318019][ T5942] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   54.324708][ T5942] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   54.333236][ T5942] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   54.339565][ T5942] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   54.399250][ T5938] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   54.405934][ T5938] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   54.412149][ T5938] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   54.418856][ T5938] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   54.511553][ T5951] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   54.518474][ T5951] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   54.525566][ T5951] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   54.532037][ T5951] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   54.555887][ T5947] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.576787][ T5942] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.590757][ T5947] 8021q: adding VLAN 0 to HW filter on device team0
[   54.607767][ T1178] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.610280][ T1178] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.621900][ T5942] 8021q: adding VLAN 0 to HW filter on device team0
[   54.628616][ T5938] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.653835][ T1178] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.656686][ T1178] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.660852][ T1178] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.663718][ T1178] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.668949][ T1178] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.671511][ T1178] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.677621][ T5938] 8021q: adding VLAN 0 to HW filter on device team0
[   54.685645][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.687896][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.703459][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.706218][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.765961][ T5951] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.788423][ T5951] 8021q: adding VLAN 0 to HW filter on device team0
[   54.802076][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.805055][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.817102][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.820363][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.948917][ T5942] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.973183][ T5947] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.976496][ T5938] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.999832][ T5942] veth0_vlan: entered promiscuous mode
[   55.019376][ T5942] veth1_vlan: entered promiscuous mode
[   55.034767][ T5938] veth0_vlan: entered promiscuous mode
[   55.044216][ T5951] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.050829][ T5938] veth1_vlan: entered promiscuous mode
[   55.071260][ T5947] veth0_vlan: entered promiscuous mode
[   55.083483][ T5942] veth0_macvtap: entered promiscuous mode
[   55.086646][ T5947] veth1_vlan: entered promiscuous mode
[   55.097817][ T5942] veth1_macvtap: entered promiscuous mode
[   55.106886][ T5938] veth0_macvtap: entered promiscuous mode
[   55.121239][ T5951] veth0_vlan: entered promiscuous mode
[   55.125297][ T5938] veth1_macvtap: entered promiscuous mode
[   55.138648][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.148369][ T5951] veth1_vlan: entered promiscuous mode
[   55.154774][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.161750][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.173938][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.177961][ T5947] veth0_macvtap: entered promiscuous mode
[   55.191890][   T61] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.198059][   T61] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.206525][ T5947] veth1_macvtap: entered promiscuous mode
[   55.217049][   T61] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.231580][   T61] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.236246][   T61] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.244755][   T61] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.247621][   T61] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.254032][   T61] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.261592][ T5951] veth0_macvtap: entered promiscuous mode
[   55.274549][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.286252][ T5951] veth1_macvtap: entered promiscuous mode
[   55.294127][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.318307][ T1178] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.321069][ T1178] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.333706][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.336571][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.341656][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.345623][   T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.348258][   T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.351498][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.354230][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.357451][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.379864][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.383594][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.393010][   T96] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.396627][   T96] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.403416][ T1178] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.407986][ T1178] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.414355][   T96] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.431779][   T96] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.442305][   T96] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.447181][   T96] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.453261][ T5942] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   55.476576][   T96] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.480221][   T96] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.509996][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.515807][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.550339][   T96] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.559857][   T96] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.582780][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   55.586421][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   56.185968][   T64] Bluetooth: hci0: command tx timeout
[   56.189131][   T64] Bluetooth: hci3: command tx timeout
[   56.191129][ T5939] Bluetooth: hci2: command tx timeout
[   56.193050][ T5939] Bluetooth: hci1: command tx timeout
[   56.530730][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   57.232751][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   57.554771][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   57.615352][ T6049] capability: warning: `syz.3.5' uses deprecated v2 capabilities in a way that may be insecure
[   58.023029][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   58.032675][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   58.035983][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   58.042619][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   58.045204][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   58.262533][ T5944] Bluetooth: hci0: command tx timeout
[   58.272942][ T5944] Bluetooth: hci3: command tx timeout
[   58.273089][   T64] Bluetooth: hci1: command tx timeout
[   58.274976][ T5944] Bluetooth: hci2: command tx timeout
[   58.377037][ T6059] Zero length message leads to an empty skb
[   58.382844][ T6059] binder_alloc: 6055: binder_alloc_buf, no vma
[   60.342565][ T5944] Bluetooth: hci2: command tx timeout
[   60.342643][ T5939] Bluetooth: hci0: command tx timeout
[   60.353405][ T5939] Bluetooth: hci1: command tx timeout
[   60.356372][ T5939] Bluetooth: hci3: command tx timeout
[   61.082591][    T9] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[   61.119718][ T6088] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   61.820556][ T6103] netlink: 52 bytes leftover after parsing attributes in process `syz.3.21'.
[   61.834554][ T6103] netlink: 4 bytes leftover after parsing attributes in process `syz.3.21'.
[   61.901850][    T9] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   61.906131][    T9] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   61.911485][    T9] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   61.922209][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   62.649932][    T9] usb 7-1: usb_control_msg returned -32
[   62.652110][    T9] usbtmc 7-1:16.0: can't read capabilities
[   62.660823][ T6115] netlink: 'syz.2.18': attribute type 1 has an invalid length.
[   62.683851][ T6115] bond1: entered promiscuous mode
[   62.686167][ T6115] bond1: entered allmulticast mode
[   63.486871][ T6129] netlink: 12 bytes leftover after parsing attributes in process `syz.0.24'.
[   63.925126][  T912] usb 7-1: USB disconnect, device number 2
[   65.401573][ T6152] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.405777][ T6152] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.568947][ T6152] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   65.580139][ T6152] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   65.748327][   T13] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   65.752283][   T13] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   65.760592][   T13] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   65.773027][   T13] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   66.327127][ T6172] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[   66.330033][ T6172] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[   67.824854][   T53] libceph: connect (1)[c::]:6789 error -101
[   67.827232][   T53] libceph: mon0 (1)[c::]:6789 connect error
[   67.874379][   T53] libceph: connect (1)[b::]:6789 error -101
[   67.876588][   T53] libceph: mon0 (1)[b::]:6789 connect error
[   68.093906][   T53] libceph: connect (1)[c::]:6789 error -101
[   68.096094][   T53] libceph: mon0 (1)[c::]:6789 connect error
[   68.134862][   T53] libceph: connect (1)[b::]:6789 error -101
[   68.137532][   T53] libceph: mon0 (1)[b::]:6789 connect error
[   68.179617][ T6223] lo speed is unknown, defaulting to 1000
[   68.181740][ T6223] lo speed is unknown, defaulting to 1000
[   68.189368][ T6223] lo speed is unknown, defaulting to 1000
[   68.200730][ T6223] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   68.221924][ T6223] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   68.389613][ T6223] lo speed is unknown, defaulting to 1000
[   68.393926][ T6223] lo speed is unknown, defaulting to 1000
[   68.396800][ T6223] lo speed is unknown, defaulting to 1000
[   68.403125][ T6223] lo speed is unknown, defaulting to 1000
[   68.602789][   T53] libceph: connect (1)[c::]:6789 error -101
[   68.616799][   T53] libceph: mon0 (1)[c::]:6789 connect error
[   68.787743][   T53] libceph: connect (1)[b::]:6789 error -101
[   68.790140][ T6216] ceph: No mds server is up or the cluster is laggy
[   68.792561][ T6213] ceph: No mds server is up or the cluster is laggy
[   68.793274][   T53] libceph: mon0 (1)[b::]:6789 connect error
[   70.840858][ T6254] blktrace: Concurrent blktraces are not allowed on nullb0
[   70.933919][ T6260] netlink: 4 bytes leftover after parsing attributes in process `syz.1.46'.
[   71.985508][ T6277] ieee802154 phy0 wpan0: encryption failed: -22
[   72.058078][ T6277] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   72.221634][ T5943] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   72.590904][ T5943] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   72.595183][ T5943] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   72.598145][ T5943] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   72.606275][ T5943] usb 8-1: config 0 descriptor??
[   72.937827][ T6289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   72.953288][ T6289] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   73.205202][ T5943] usbhid 8-1:0.0: can't add hid device: -71
[   73.208296][ T5943] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[   73.220162][ T5943] usb 8-1: USB disconnect, device number 2
[   73.641764][ T6293] blktrace: Concurrent blktraces are not allowed on nullb0
[   73.645473][ T6293] netlink: 4 bytes leftover after parsing attributes in process `syz.1.64'.
[   73.649622][ T6293] netlink: 12 bytes leftover after parsing attributes in process `syz.1.64'.
[   73.832854][ T6306] netlink: 52 bytes leftover after parsing attributes in process `syz.3.59'.
[   73.838078][ T6304] binder_alloc: 6298: binder_alloc_buf, no vma
[   73.839710][ T6306] netlink: 4 bytes leftover after parsing attributes in process `syz.3.59'.
[   76.038105][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[   76.040794][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[   76.917247][ T6356] blktrace: Concurrent blktraces are not allowed on nullb0
[   76.974543][ T6358] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.977170][ T6358] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.980864][ T6361] netlink: 4 bytes leftover after parsing attributes in process `syz.2.68'.
[   77.054784][ T6356] netlink: 12 bytes leftover after parsing attributes in process `syz.2.68'.
[   77.065361][ T6358] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   77.073663][ T6358] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   77.174255][ T1178] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   77.194696][ T1178] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   77.197685][ T1178] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   77.209617][ T1178] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   77.507049][ T6375] binder_alloc: 6370: binder_alloc_buf, no vma
[   81.207296][ T6446] blktrace: Concurrent blktraces are not allowed on nullb0
[   81.215530][ T6445] netlink: 4 bytes leftover after parsing attributes in process `syz.0.81'.
[   81.219388][ T6445] netlink: 12 bytes leftover after parsing attributes in process `syz.0.81'.
[   81.283874][ T6449] netlink: 12 bytes leftover after parsing attributes in process `syz.1.90'.
[   81.509697][ T6459] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[   81.519684][ T6459] VFS: Can't find a romfs filesystem on dev nullb0.
[   81.519684][ T6459] 
[   81.531640][ T6459] Bluetooth: MGMT ver 1.23
[   81.784422][ T6466] binder: BINDER_SET_CONTEXT_MGR already set
[   81.786778][ T6466] binder: 6460:6466 ioctl 4018620d 80000040 returned -16
[   81.910232][ T6472] blktrace: Concurrent blktraces are not allowed on nullb0
[   81.976256][ T6476] netlink: 4 bytes leftover after parsing attributes in process `syz.3.87'.
[   83.183996][ T6494] blktrace: Concurrent blktraces are not allowed on nullb0
[   83.244643][ T6495] netlink: 4 bytes leftover after parsing attributes in process `syz.2.93'.
[   83.250551][ T6495] netlink: 12 bytes leftover after parsing attributes in process `syz.2.93'.
[   83.542508][   T34] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   84.114856][   T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   84.118424][   T34] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   84.121411][   T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.126979][   T34] usb 5-1: config 0 descriptor??
[   84.483357][ T6498] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   84.487698][ T6498] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   84.515295][   T34] usbhid 5-1:0.0: can't add hid device: -71
[   84.518073][   T34] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[   84.534333][   T34] usb 5-1: USB disconnect, device number 2
[   85.363247][   T34] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   85.512595][ T6023] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   85.522834][ T6526] netlink: 40 bytes leftover after parsing attributes in process `syz.2.102'.
[   85.533949][   T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   85.537533][   T34] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   85.540510][   T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   85.547361][   T34] usb 5-1: config 0 descriptor??
[   85.674545][ T6023] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   85.678252][ T6023] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   85.681374][ T6023] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   85.685713][ T6023] usb 6-1: config 0 descriptor??
[   85.835264][ T6520] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   85.839302][ T6520] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   85.974400][ T6531] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   85.978318][ T6531] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   86.002710][ T6023] usbhid 6-1:0.0: can't add hid device: -71
[   86.007183][ T6023] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[   86.017382][ T6023] usb 6-1: USB disconnect, device number 2
[   86.063835][   T34] usbhid 5-1:0.0: can't add hid device: -71
[   86.065872][   T34] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[   86.070683][   T34] usb 5-1: USB disconnect, device number 3
[   86.265109][   T10] cfg80211: failed to load regulatory.db
[   86.688020][ T6542] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[   86.691814][ T6542] VFS: Can't find a romfs filesystem on dev nullb0.
[   86.691814][ T6542] 
[   87.420712][ T6556] binder_alloc: 6554: binder_alloc_buf, no vma
[   89.847831][ T6588] Illegal XDP return value 583499776 on prog  (id 8) dev syz_tun, expect packet loss!
[   89.856206][ T6588] geneve2: entered promiscuous mode
[   90.521590][ T6595] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[   90.524763][ T6595] VFS: Can't find a romfs filesystem on dev nullb0.
[   90.524763][ T6595] 
[   90.791544][ T6603] binder_alloc: 6598: binder_alloc_buf, no vma
[   91.982521][ T6023] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   92.151342][ T6023] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   92.156077][ T6023] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   92.160663][ T6023] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.170387][ T6023] usb 5-1: config 0 descriptor??
[   92.447853][ T6615] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   92.504026][ T6615] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   93.353675][ T6023] usbhid 5-1:0.0: can't add hid device: -71
[   93.356468][ T6023] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[   93.373537][ T6023] usb 5-1: USB disconnect, device number 4
[   93.404216][ T6642] netlink: 40 bytes leftover after parsing attributes in process `syz.2.133'.
[   93.804499][ T6653] binder_alloc: 6651: binder_alloc_buf, no vma
[   94.637629][ T6657] netlink: 40 bytes leftover after parsing attributes in process `syz.0.145'.
[   94.982549][ T1334] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[   95.144461][ T1334] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   95.156558][ T1334] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   95.167571][ T1334] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   95.181139][ T1334] usb 7-1: config 0 descriptor??
[   95.482295][ T6671] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   95.493373][ T6671] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   95.717656][ T6682] netlink: 52 bytes leftover after parsing attributes in process `syz.1.143'.
[   95.717831][ T1334] usbhid 7-1:0.0: can't add hid device: -71
[   95.727026][ T1334] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[   95.731489][ T1334] usb 7-1: USB disconnect, device number 3
[   95.751496][ T6682] netlink: 4 bytes leftover after parsing attributes in process `syz.1.143'.
[   96.854490][ T6708] binder: BINDER_SET_CONTEXT_MGR already set
[   96.856515][ T6708] binder: 6704:6708 ioctl 4018620d 80000040 returned -16
[   96.922699][ T6710] netlink: 40 bytes leftover after parsing attributes in process `syz.1.151'.
[   97.258175][ T6716] netlink: 52 bytes leftover after parsing attributes in process `syz.2.152'.
[   97.269021][ T6716] netlink: 4 bytes leftover after parsing attributes in process `syz.2.152'.
[   97.409564][ T6722] binder_alloc: 6719: binder_alloc_buf, no vma
[   97.817738][ T6729] netlink: 4 bytes leftover after parsing attributes in process `syz.3.156'.
[   97.822611][ T6729] netlink: 12 bytes leftover after parsing attributes in process `syz.3.156'.
[   99.876116][ T6768] netlink: 52 bytes leftover after parsing attributes in process `syz.3.166'.
[   99.883840][ T6768] netlink: 4 bytes leftover after parsing attributes in process `syz.3.166'.
[  100.095377][ T6776] netlink: 40 bytes leftover after parsing attributes in process `syz.2.168'.
[  100.712546][ T5979] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  100.863490][ T5979] usb 8-1: Using ep0 maxpacket: 8
[  100.869291][ T5979] usb 8-1: unable to get BOS descriptor or descriptor too short
[  100.879009][ T5979] usb 8-1: config 0 has no interfaces?
[  100.883472][ T5979] usb 8-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  100.892183][ T5979] usb 8-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[  100.897678][ T5979] usb 8-1: Manufacturer: syz
[  100.901316][ T5979] usb 8-1: SerialNumber: syz
[  100.908533][ T5979] usb 8-1: config 0 descriptor??
[  101.015883][ T6793] netlink: 40 bytes leftover after parsing attributes in process `syz.2.180'.
[  101.121012][ T6774] input: syz1 as /devices/virtual/input/input5
[  101.887180][ T6807] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  101.890664][ T6807] VFS: Can't find a romfs filesystem on dev nullb0.
[  101.890664][ T6807] 
[  102.145885][ T6812] netlink: 52 bytes leftover after parsing attributes in process `syz.0.176'.
[  102.158179][ T6812] netlink: 4 bytes leftover after parsing attributes in process `syz.0.176'.
[  103.029238][ T6353] usb 8-1: USB disconnect, device number 3
[  103.373453][ T6836] netlink: 40 bytes leftover after parsing attributes in process `syz.1.183'.
[  103.844839][ T6842] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  103.847402][ T6842] VFS: Can't find a romfs filesystem on dev nullb0.
[  103.847402][ T6842] 
[  104.452601][ T6862] netlink: 52 bytes leftover after parsing attributes in process `syz.1.188'.
[  104.496772][ T6859] netlink: 4 bytes leftover after parsing attributes in process `syz.1.188'.
[  104.730331][ T6865] binder_alloc: 6863: binder_alloc_buf, no vma
[  105.064092][ T6872] netlink: 4 bytes leftover after parsing attributes in process `syz.3.192'.
[  105.067524][ T6872] netlink: 12 bytes leftover after parsing attributes in process `syz.3.192'.
[  105.108263][ T6874] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  105.111588][ T6874] VFS: Can't find a romfs filesystem on dev nullb0.
[  105.111588][ T6874] 
[  105.223246][ T6882] netlink: 52 bytes leftover after parsing attributes in process `syz.1.197'.
[  105.226761][ T6882] netlink: 4 bytes leftover after parsing attributes in process `syz.1.197'.
[  106.814626][ T6912] netlink: 4 bytes leftover after parsing attributes in process `syz.2.203'.
[  106.817940][ T6912] netlink: 12 bytes leftover after parsing attributes in process `syz.2.203'.
[  107.195005][ T6930] netlink: 52 bytes leftover after parsing attributes in process `syz.0.206'.
[  107.204353][ T6930] netlink: 4 bytes leftover after parsing attributes in process `syz.0.206'.
[  109.066526][ T6965] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  109.070046][ T6965] VFS: Can't find a romfs filesystem on dev nullb0.
[  109.070046][ T6965] 
[  109.091953][   T34] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  109.244651][   T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  109.249683][   T34] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  109.254491][   T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.264404][   T34] usb 5-1: config 0 descriptor??
[  109.281342][ T6971] netlink: 52 bytes leftover after parsing attributes in process `syz.2.218'.
[  109.286254][ T6971] netlink: 4 bytes leftover after parsing attributes in process `syz.2.218'.
[  109.603911][   T34] usbhid 5-1:0.0: can't add hid device: -71
[  109.606451][   T34] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  109.610304][   T34] usb 5-1: USB disconnect, device number 5
[  109.653753][ T6977] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  109.656413][ T6977] VFS: Can't find a romfs filesystem on dev nullb0.
[  109.656413][ T6977] 
[  109.794869][ T6980] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  109.797332][ T6980] VFS: Can't find a romfs filesystem on dev nullb0.
[  109.797332][ T6980] 
[  111.947865][ T7015] netlink: 52 bytes leftover after parsing attributes in process `syz.2.228'.
[  111.951574][ T7015] netlink: 4 bytes leftover after parsing attributes in process `syz.2.228'.
[  112.174085][ T7026] ieee802154 phy0 wpan0: encryption failed: -22
[  112.182541][ T6024] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  112.344073][ T6024] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  112.347819][ T6024] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  112.354204][ T6024] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.363784][ T6024] usb 5-1: config 0 descriptor??
[  114.652624][ T6024] usbhid 5-1:0.0: can't add hid device: -71
[  114.654676][ T6024] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  114.659236][ T6024] usb 5-1: USB disconnect, device number 6
[  115.013122][ T7057] netlink: 52 bytes leftover after parsing attributes in process `syz.3.240'.
[  115.017498][ T7057] netlink: 4 bytes leftover after parsing attributes in process `syz.3.240'.
[  115.592558][   T56] usb 8-1: new full-speed USB device number 4 using dummy_hcd
[  115.744565][   T56] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  115.747741][   T56] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  115.752281][   T56] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  115.755322][   T56] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.975155][   T56] usb 8-1: usb_control_msg returned -32
[  115.979923][   T56] usbtmc 8-1:16.0: can't read capabilities
[  116.016952][ T7085] binder_alloc: 7080: binder_alloc_buf, no vma
[  116.395852][ T7092] netlink: 'syz.3.245': attribute type 1 has an invalid length.
[  116.420059][ T7092] bond1: entered promiscuous mode
[  116.424920][ T7092] bond1: entered allmulticast mode
[  118.289541][ T7108] netlink: 52 bytes leftover after parsing attributes in process `syz.0.253'.
[  118.294639][ T7108] netlink: 4 bytes leftover after parsing attributes in process `syz.0.253'.
[  118.346849][ T6024] usb 8-1: USB disconnect, device number 4
[  119.434188][   T34] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  119.594763][   T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  119.599294][   T34] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  119.603649][   T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.611943][   T34] usb 5-1: config 0 descriptor??
[  120.714153][ T7122] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  120.718216][ T7122] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  121.055023][   T34] usbhid 5-1:0.0: can't add hid device: -71
[  121.057325][   T34] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  121.063151][   T34] usb 5-1: USB disconnect, device number 7
[  121.414136][ T7156] netlink: 52 bytes leftover after parsing attributes in process `syz.0.265'.
[  121.417862][ T7156] netlink: 4 bytes leftover after parsing attributes in process `syz.0.265'.
[  121.592822][ T5979] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  121.623627][ T7163] netlink: 40 bytes leftover after parsing attributes in process `syz.3.268'.
[  121.763640][ T5979] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  121.767391][ T5979] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  121.770471][ T5979] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.775590][ T5979] usb 6-1: config 0 descriptor??
[  122.056180][ T7153] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  122.060173][ T7153] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  122.166078][ T5979] usbhid 6-1:0.0: can't add hid device: -71
[  122.168158][ T5979] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  122.175155][ T5979] usb 6-1: USB disconnect, device number 3
[  122.357641][ T7177] binder_alloc: 7175: binder_alloc_buf, no vma
[  123.431650][ T7197] netlink: 52 bytes leftover after parsing attributes in process `syz.2.276'.
[  123.441649][ T7197] netlink: 4 bytes leftover after parsing attributes in process `syz.2.276'.
[  124.300077][ T7216] binder_alloc: 7214: binder_alloc_buf, no vma
[  124.482056][ T7224] binder: BINDER_SET_CONTEXT_MGR already set
[  124.484243][ T7224] binder: 7219:7224 ioctl 4018620d 80000040 returned -16
[  124.931978][ T7231] blktrace: Concurrent blktraces are not allowed on nullb0
[  124.988656][ T7232] netlink: 12 bytes leftover after parsing attributes in process `syz.3.287'.
[  125.152114][ T7234] netlink: 52 bytes leftover after parsing attributes in process `syz.0.288'.
[  125.171698][ T7234] netlink: 4 bytes leftover after parsing attributes in process `syz.0.288'.
[  125.463201][   T34] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  125.634916][   T34] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  125.640098][   T34] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  125.644374][   T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.649306][   T34] usb 7-1: config 0 descriptor??
[  125.903835][   T34] usbhid 7-1:0.0: can't add hid device: -71
[  125.905879][   T34] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  125.910182][   T34] usb 7-1: USB disconnect, device number 4
[  126.305353][ T7263] binder: BINDER_SET_CONTEXT_MGR already set
[  126.307813][ T7263] binder: 7261:7263 ioctl 4018620d 80000040 returned -16
[  126.324951][ T7265] blktrace: Concurrent blktraces are not allowed on nullb0
[  126.387708][ T7266] netlink: 12 bytes leftover after parsing attributes in process `syz.3.297'.
[  126.888078][ T7272] netlink: 52 bytes leftover after parsing attributes in process `syz.1.299'.
[  126.892860][ T7272] netlink: 4 bytes leftover after parsing attributes in process `syz.1.299'.
[  127.113621][ T7281] binder_alloc: 7277: binder_alloc_buf, no vma
[  127.382806][ T5979] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  127.436289][ T7288] binder_alloc: 7286: binder_alloc_buf, no vma
[  127.492958][ T5943] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  127.541432][ T5979] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  127.546538][ T5979] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  127.550382][ T5979] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.555890][ T5979] usb 6-1: config 0 descriptor??
[  127.655396][ T5943] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  127.657144][ T7293] blktrace: Concurrent blktraces are not allowed on nullb0
[  127.660306][ T5943] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  127.665136][ T5943] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.673430][ T5943] usb 8-1: config 0 descriptor??
[  127.717085][ T7294] netlink: 4 bytes leftover after parsing attributes in process `syz.0.306'.
[  127.721702][ T7294] netlink: 12 bytes leftover after parsing attributes in process `syz.0.306'.
[  127.812176][ T5979] usbhid 6-1:0.0: can't add hid device: -71
[  127.819017][ T5979] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  127.834392][ T5979] usb 6-1: USB disconnect, device number 4
[  128.214076][ T5943] usbhid 8-1:0.0: can't add hid device: -71
[  128.219324][ T5943] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  128.232157][ T5943] usb 8-1: USB disconnect, device number 5
[  128.565566][ T7314] binder: BINDER_SET_CONTEXT_MGR already set
[  128.568236][ T7314] binder: 7310:7314 ioctl 4018620d 80000040 returned -16
[  129.619275][ T7334] blktrace: Concurrent blktraces are not allowed on nullb0
[  129.675856][ T7335] __nla_validate_parse: 2 callbacks suppressed
[  129.675868][ T7335] netlink: 4 bytes leftover after parsing attributes in process `syz.3.315'.
[  129.683181][ T7335] netlink: 12 bytes leftover after parsing attributes in process `syz.3.315'.
[  129.947081][ T7343] binder: BINDER_SET_CONTEXT_MGR already set
[  129.949161][ T7343] binder: 7338:7343 ioctl 4018620d 80000040 returned -16
[  131.233489][ T7356] netlink: 52 bytes leftover after parsing attributes in process `syz.3.322'.
[  131.257052][ T7356] netlink: 4 bytes leftover after parsing attributes in process `syz.3.322'.
[  131.259937][ T7359] binder: BINDER_SET_CONTEXT_MGR already set
[  131.262890][ T7359] binder: 7354:7359 ioctl 4018620d 80000040 returned -16
[  131.512024][ T7365] blktrace: Concurrent blktraces are not allowed on nullb0
[  131.517785][ T7366] binder_alloc: 7362: binder_alloc_buf, no vma
[  131.568932][ T7367] netlink: 4 bytes leftover after parsing attributes in process `syz.1.325'.
[  131.577480][ T7367] netlink: 12 bytes leftover after parsing attributes in process `syz.1.325'.
[  131.659563][ T7372] netlink: 52 bytes leftover after parsing attributes in process `syz.2.326'.
[  131.902748][ T7381] netlink: 'syz.0.329': attribute type 1 has an invalid length.
[  131.924971][ T7381] 8021q: adding VLAN 0 to HW filter on device bond1
[  131.952098][ T7381] 8021q: adding VLAN 0 to HW filter on device bond1
[  131.962740][ T7381] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  131.966549][ T7381] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  132.017642][ T7383] bond2: entered promiscuous mode
[  132.022114][ T7383] bond2 (unregistering): Released all slaves
[  132.099570][ T7387] binder_alloc: 7385: binder_alloc_buf, no vma
[  132.347024][ T7399] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  132.350896][ T7399] VFS: Can't find a romfs filesystem on dev nullb0.
[  132.350896][ T7399] 
[  132.407042][ T7401] blktrace: Concurrent blktraces are not allowed on nullb0
[  132.465749][ T7402] netlink: 4 bytes leftover after parsing attributes in process `syz.0.336'.
[  132.470187][ T7402] netlink: 12 bytes leftover after parsing attributes in process `syz.0.336'.
[  133.784177][ T7430] ptrace attach of "/syz-executor exec"[5942] was attempted by "�s��;F�\x09y*����sU���\x5c��r��O��Au��m��q/`#�N�*$�}��\x09F�5�$��Dr�zp��~F3hѓ;�֕��\x22&h��~\x0a�˜m!%\x09n��4��3��=�-�x��yM$���Z<�� z���os+��N� ���0����y*zq��8m�\x22���d���Y ������tE>����^ÜG!���bb�f����%H�\x5c�“���z��N�����Y�� �sL�\x0dp�����~ E�A�p��D�g��X�Q�����$�=Sk��`����<\x1b��
!k�*ޫ��c�u!�^��������:$_bx�}�;T:�-lն�l0#��H���2�JC\x07���b�a�*U7ii�`_
,��]yX�\x0d��G�֪N��6���l,8����̃T�G�Q��jH�n >83�d�\x0c�\x0aE�
�C����0D�\x1b��,a&�܇��盾���ҍ4;?Yk�p`��O,�H\x5c���?>2�uC#7r���t���Uc=Ȑ���A?g;��
�b��.��8`6h�����$S�z�D^x�G�H��†\x0a�ʗ>��U����jJ=���ź�k��:z�&��;����h��rP6��F���j���E���Rx9S�2uR�/O��8��#�d��T�n\x0c`�p2{-=�v$�y����Z�ni�5~'V�x�J3��<#͞��
;Q�ɶc2A�W�
�M$�VM,ہL�Ku��\x09��yɯh@�c�|'0�|����\x07:��� \x09��5�\x1b\x07!�8\x07*�b~M�^�w$��C�>�B8�Wt�b7��x=�,�+�㓺��U[{u�
�1������V\x1b\x0c���0f��p��sj԰\x0c��O��Z_X�k\x0a���#q[�a��^�&�L!��
[  133.798237][ T7430] syz.2.344 uses obsolete (PF_INET,SOCK_PACKET)
[  133.838718][ T7432] 9pnet_fd: Insufficient options for proto=fd
[  134.354329][ T7446] blktrace: Concurrent blktraces are not allowed on nullb0
[  134.410958][ T7447] netlink: 4 bytes leftover after parsing attributes in process `syz.1.350'.
[  135.092938][ T7464] syzkaller0: entered promiscuous mode
[  135.095506][ T7464] syzkaller0: entered allmulticast mode
[  135.401846][ T7470] __nla_validate_parse: 2 callbacks suppressed
[  135.401869][ T7470] netlink: 4 bytes leftover after parsing attributes in process `syz.0.358'.
[  135.427434][ T7473] blktrace: Concurrent blktraces are not allowed on nullb0
[  135.493708][ T7474] netlink: 4 bytes leftover after parsing attributes in process `syz.1.359'.
[  135.498385][ T7474] netlink: 12 bytes leftover after parsing attributes in process `syz.1.359'.
[  135.651278][ T7477] binder_alloc: 7475: binder_alloc_buf, no vma
[  135.786137][ T7482] =======================================================
[  135.786137][ T7482] WARNING: The mand mount option has been deprecated and
[  135.786137][ T7482]          and is ignored by this kernel. Remove the mand
[  135.786137][ T7482]          option from the mount to silence this warning.
[  135.786137][ T7482] =======================================================
[  135.836777][ T7484] netlink: 'syz.3.363': attribute type 1 has an invalid length.
[  135.868773][ T7484] 8021q: adding VLAN 0 to HW filter on device bond2
[  135.887743][ T7484] bond2: (slave gretap1): making interface the new active one
[  135.894283][ T7484] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  136.196064][ T7495] program syz.2.365 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  136.414115][ T7501] netlink: 40 bytes leftover after parsing attributes in process `syz.2.368'.
[  136.471498][ T7504] blktrace: Concurrent blktraces are not allowed on nullb0
[  136.529041][ T7505] netlink: 4 bytes leftover after parsing attributes in process `syz.0.369'.
[  137.271027][ T7516] netlink: 44 bytes leftover after parsing attributes in process `syz.2.373'.
[  137.321720][ T7518] FAULT_INJECTION: forcing a failure.
[  137.321720][ T7518] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  137.326547][ T7518] CPU: 0 UID: 0 PID: 7518 Comm: syz.3.374 Not tainted syzkaller #0 PREEMPT(full) 
[  137.326562][ T7518] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  137.326568][ T7518] Call Trace:
[  137.326573][ T7518]  <TASK>
[  137.326577][ T7518]  dump_stack_lvl+0x16c/0x1f0
[  137.326595][ T7518]  should_fail_ex+0x512/0x640
[  137.326615][ T7518]  _copy_from_user+0x2e/0xd0
[  137.326633][ T7518]  get_compat_msghdr+0xa7/0x170
[  137.326645][ T7518]  ? __pfx_get_compat_msghdr+0x10/0x10
[  137.326666][ T7518]  ___sys_sendmsg+0x1ae/0x1d0
[  137.326679][ T7518]  ? __pfx____sys_sendmsg+0x10/0x10
[  137.326697][ T7518]  ? find_held_lock+0x2b/0x80
[  137.326718][ T7518]  __sys_sendmsg+0x16d/0x220
[  137.326729][ T7518]  ? __pfx___sys_sendmsg+0x10/0x10
[  137.326746][ T7518]  ? rcu_is_watching+0x12/0xc0
[  137.326761][ T7518]  __do_fast_syscall_32+0x7c/0x300
[  137.326777][ T7518]  do_fast_syscall_32+0x32/0x80
[  137.326792][ T7518]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  137.326805][ T7518] RIP: 0023:0xf707d579
[  137.326814][ T7518] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  137.326824][ T7518] RSP: 002b:00000000f546d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  137.326835][ T7518] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[  137.326841][ T7518] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  137.326847][ T7518] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  137.326853][ T7518] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  137.326859][ T7518] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  137.326873][ T7518]  </TASK>
[  137.465881][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[  137.468970][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  137.541916][ T7522] netlink: 44 bytes leftover after parsing attributes in process `syz.3.376'.
[  138.668878][ T7537] netlink: 40 bytes leftover after parsing attributes in process `syz.0.381'.
[  138.698886][ T7539] netlink: 52 bytes leftover after parsing attributes in process `syz.3.382'.
[  138.708747][ T7539] netlink: 4 bytes leftover after parsing attributes in process `syz.3.382'.
[  139.239677][ T7574] loop2: detected capacity change from 0 to 7
[  139.262794][ T7574] Dev loop2: unable to read RDB block 7
[  139.264955][ T7574]  loop2: unable to read partition table
[  139.267080][ T7574] loop2: partition table beyond EOD, truncated
[  139.276768][ T7574] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  139.542550][   T53] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  139.702570][   T53] usb 8-1: Using ep0 maxpacket: 16
[  139.709976][   T53] usb 8-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0
[  139.714067][   T53] usb 8-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0
[  139.717212][   T53] usb 8-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  139.729154][   T53] usb 8-1: config 1 interface 0 has no altsetting 0
[  139.744897][   T53] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  139.747858][   T53] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.758661][   T53] usb 8-1: Product: syz
[  139.760397][   T53] usb 8-1: Manufacturer: syz
[  139.762050][   T53] usb 8-1: SerialNumber: syz
[  139.911195][ T5352] Dev loop2: unable to read RDB block 7
[  139.913724][ T5352]  loop2: unable to read partition table
[  139.916312][ T5352] loop2: partition table beyond EOD, truncated
[  141.364039][ T7586] binder: BINDER_SET_CONTEXT_MGR already set
[  141.366134][ T7586] binder: 7584:7586 ioctl 4018620d 80000040 returned -16
[  141.493549][ T5352] Dev loop2: unable to read RDB block 7
[  141.495551][ T5352]  loop2: unable to read partition table
[  141.498687][ T5352] loop2: partition table beyond EOD, truncated
[  141.516625][ T7596] netlink: 'syz.2.397': attribute type 11 has an invalid length.
[  141.538768][ T7593] netlink: 52 bytes leftover after parsing attributes in process `syz.0.395'.
[  141.543621][ T7593] netlink: 4 bytes leftover after parsing attributes in process `syz.0.395'.
[  141.684174][ T7596] netlink: 20 bytes leftover after parsing attributes in process `syz.2.397'.
[  141.738644][ T7605] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  141.741715][ T7605] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  142.043961][   T53] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 6 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8
[  142.065295][   T53] usb 8-1: USB disconnect, device number 6
[  142.077806][   T53] usblp0: removed
[  143.190700][ T7626] netlink: 40 bytes leftover after parsing attributes in process `syz.3.404'.
[  143.474019][ T7635] netlink: 52 bytes leftover after parsing attributes in process `syz.2.406'.
[  143.478335][ T7635] netlink: 4 bytes leftover after parsing attributes in process `syz.2.406'.
[  143.864080][   T40] audit: type=1400 audit(1763455982.780:2): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="#(%#{//&@\)//&" pid=7640 comm="syz.2.409"
[  143.922929][ T7648] netfs: Couldn't get user pages (rc=-14)
[  145.408920][ T7667] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  145.415105][ T7667] VFS: Can't find a romfs filesystem on dev nullb0.
[  145.415105][ T7667] 
[  145.916939][ T7677] loop7: detected capacity change from 0 to 7
[  145.947457][    C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  145.950620][    C2] Buffer I/O error on dev loop7, logical block 0, async page read
[  145.953681][    C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  145.956674][    C2] Buffer I/O error on dev loop7, logical block 0, async page read
[  145.965276][ T7674] block device autoloading is deprecated and will be removed.
[  145.968847][    C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  145.972872][    C2] Buffer I/O error on dev loop7, logical block 0, async page read
[  145.976382][    C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  145.979713][    C3] Buffer I/O error on dev loop7, logical block 0, async page read
[  145.980185][    C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  145.986335][    C3] Buffer I/O error on dev loop7, logical block 0, async page read
[  145.989413][    C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  145.992608][    C3] Buffer I/O error on dev loop7, logical block 0, async page read
[  145.995515][    C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  145.998730][    C3] Buffer I/O error on dev loop7, logical block 0, async page read
[  146.001505][ T5941] ldm_validate_partition_table(): Disk read failed.
[  146.004708][    C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  146.007872][    C3] Buffer I/O error on dev loop7, logical block 0, async page read
[  146.010711][    C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  146.013889][    C3] Buffer I/O error on dev loop7, logical block 0, async page read
[  146.017121][    C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  146.020997][    C3] Buffer I/O error on dev loop7, logical block 0, async page read
[  146.024845][ T5941] Dev loop7: unable to read RDB block 0
[  146.027248][ T5941]  loop7: unable to read partition table
[  146.029401][ T5941] loop7: partition table beyond EOD, truncated
[  146.055696][ T7677] ldm_validate_partition_table(): Disk read failed.
[  146.074790][ T7677] Dev loop7: unable to read RDB block 0
[  146.083784][ T7677]  loop7: unable to read partition table
[  146.091707][ T7677] loop7: partition table beyond EOD, truncated
[  146.098680][ T7677] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  146.273832][ T7683] netlink: 40 bytes leftover after parsing attributes in process `syz.2.420'.
[  146.800213][ T7696] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  146.810121][ T7696] VFS: Can't find a romfs filesystem on dev nullb0.
[  146.810121][ T7696] 
[  147.944149][ T7711] binder: BINDER_SET_CONTEXT_MGR already set
[  147.946205][ T7711] binder: 7707:7711 ioctl 4018620d 80000040 returned -16
[  148.477805][ T7717] loop6: detected capacity change from 0 to 524287999
[  148.533266][ T7721] netlink: 36 bytes leftover after parsing attributes in process `syz.0.434'.
[  148.633859][ T7728] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  148.637408][ T7728] VFS: Can't find a romfs filesystem on dev nullb0.
[  148.637408][ T7728] 
[  148.692385][ T7730] netlink: 40 bytes leftover after parsing attributes in process `syz.0.436'.
[  148.793228][   T40] audit: type=1326 audit(1763455987.710:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7736 comm="syz.1.438" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf709d579 code=0x0
[  149.782835][ T7755] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  149.786319][ T7755] VFS: Can't find a romfs filesystem on dev nullb0.
[  149.786319][ T7755] 
[  151.033194][ T7774] netlink: 40 bytes leftover after parsing attributes in process `syz.0.450'.
[  151.662113][ T7786] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  151.679725][ T7786] VFS: Can't find a romfs filesystem on dev nullb0.
[  151.679725][ T7786] 
[  152.152502][ T6024] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  152.343754][ T6024] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  152.347629][ T6024] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  152.350867][ T6024] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  152.362499][ T6024] usb 5-1: config 0 descriptor??
[  152.893357][ T7805] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.459'.
[  152.903288][ T7807] loop7: detected capacity change from 0 to 16384
[  153.051939][ T6024] usbhid 5-1:0.0: can't add hid device: -71
[  153.058550][ T6024] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  153.070672][ T6024] usb 5-1: USB disconnect, device number 8
[  153.191767][ T7817] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  153.194553][ T7817] VFS: Can't find a romfs filesystem on dev nullb0.
[  153.194553][ T7817] 
[  153.279770][ T7819] netlink: 40 bytes leftover after parsing attributes in process `syz.3.463'.
[  153.340606][ T7822] binder: BINDER_SET_CONTEXT_MGR already set
[  153.342886][ T7822] binder: 7820:7822 ioctl 4018620d 80000040 returned -16
[  153.572562][ T6024] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  153.732583][ T6024] usb 5-1: Using ep0 maxpacket: 8
[  153.736896][ T6024] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  153.740670][ T6024] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.782094][ T6024] pvrusb2: Hardware description: Terratec Grabster AV400
[  153.796260][ T6024] pvrusb2: **********
[  153.798580][ T6024] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  153.804884][ T6024] pvrusb2: Important functionality might not be entirely working.
[  153.807743][ T6024] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  153.812240][ T6024] pvrusb2: **********
[  153.991007][ T2490] pvrusb2: Invalid write control endpoint
[  154.068479][ T2490] pvrusb2: Invalid write control endpoint
[  154.082909][ T2490] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  154.088550][ T2490] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  154.091950][ T2490] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  154.098320][ T2490] pvrusb2: Device being rendered inoperable
[  154.106668][ T2490] cx25840 2-0044: Unable to detect h/w, assuming cx23887
[  154.110914][ T2490] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  154.128093][ T2490] pvrusb2: Attached sub-driver cx25840
[  154.133089][ T2490] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  154.138798][ T2490] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  154.188242][ T7814] pvrusb2: Attempted to execute control transfer when device not ok
[  154.207183][   T53] usb 5-1: USB disconnect, device number 9
[  154.899952][ T7849] lo speed is unknown, defaulting to 1000
[  155.182568][   T57] usb 8-1: new low-speed USB device number 7 using dummy_hcd
[  155.352534][   T57] usb 8-1: Invalid ep0 maxpacket: 16
[  155.473692][ T5943] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  155.492722][   T57] usb 8-1: new low-speed USB device number 8 using dummy_hcd
[  155.630700][ T5943] usb 5-1: Using ep0 maxpacket: 8
[  155.644434][ T5943] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  155.647771][ T5943] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  155.653044][ T5943] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  155.660353][ T5943] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  155.662924][   T57] usb 8-1: Invalid ep0 maxpacket: 16
[  155.667944][ T5943] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  155.673259][ T5943] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  155.674808][   T57] usb usb8-port1: attempt power cycle
[  155.678264][ T5943] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  155.678292][ T5943] usb 5-1: config 168 interface 0 has no altsetting 0
[  155.679520][ T5943] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  155.694248][ T5943] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  155.699096][ T5943] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  155.705717][ T5943] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  155.710876][ T5943] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  155.727029][ T5943] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  155.732349][ T5943] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  155.740040][ T5943] usb 5-1: config 168 interface 0 has no altsetting 0
[  155.745401][ T5943] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  155.748851][ T5943] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  155.754037][ T5943] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  155.759912][ T5943] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  155.776443][ T5943] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  155.781625][ T5943] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  155.786960][ T5943] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  155.792955][ T5943] usb 5-1: config 168 interface 0 has no altsetting 0
[  155.799590][ T5943] usb 5-1: string descriptor 0 read error: -22
[  155.803444][ T5943] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  155.807411][ T5943] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  155.864254][ T5943] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  156.022933][   T57] usb 8-1: new low-speed USB device number 9 using dummy_hcd
[  156.043264][   T57] usb 8-1: Invalid ep0 maxpacket: 16
[  156.153300][ T6024] usb 5-1: USB disconnect, device number 10
[  156.182841][   T57] usb 8-1: new low-speed USB device number 10 using dummy_hcd
[  156.213258][   T57] usb 8-1: Invalid ep0 maxpacket: 16
[  156.216079][   T57] usb usb8-port1: unable to enumerate USB device
[  156.352700][   T56] usb 8-1: new low-speed USB device number 11 using dummy_hcd
[  156.522546][   T56] usb 8-1: Invalid ep0 maxpacket: 16
[  156.672567][   T56] usb 8-1: new low-speed USB device number 12 using dummy_hcd
[  156.824134][   T56] usb 8-1: Invalid ep0 maxpacket: 16
[  156.828644][   T56] usb usb8-port1: attempt power cycle
[  157.145187][ T7893] netlink: 12 bytes leftover after parsing attributes in process `syz.0.484'.
[  157.157155][ T7893] netlink: 40 bytes leftover after parsing attributes in process `syz.0.484'.
[  157.185024][   T56] usb 8-1: new low-speed USB device number 13 using dummy_hcd
[  157.213493][   T56] usb 8-1: Invalid ep0 maxpacket: 16
[  157.342546][   T56] usb 8-1: new low-speed USB device number 14 using dummy_hcd
[  157.363157][   T56] usb 8-1: Invalid ep0 maxpacket: 16
[  157.365875][   T56] usb usb8-port1: unable to enumerate USB device
[  157.750380][ T7903] blktrace: Concurrent blktraces are not allowed on nullb0
[  157.807235][ T7904] netlink: 4 bytes leftover after parsing attributes in process `syz.1.486'.
[  157.811995][ T7904] netlink: 28 bytes leftover after parsing attributes in process `syz.1.486'.
[  157.839462][ T7906] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  157.842959][ T7906] /dev/nullb0: Can't open blockdev
[  157.846842][ T7906] netlink: 12 bytes leftover after parsing attributes in process `syz.2.487'.
[  157.888399][ T7908] netlink: 40 bytes leftover after parsing attributes in process `syz.2.488'.
[  157.901509][ T7910] netlink: 52 bytes leftover after parsing attributes in process `syz.1.489'.
[  157.906230][ T7910] netlink: 4 bytes leftover after parsing attributes in process `syz.1.489'.
[  158.137386][ T7920] binder: BINDER_SET_CONTEXT_MGR already set
[  158.140305][ T7920] binder: 7916:7920 ioctl 4018620d 80000040 returned -16
[  159.009663][ T7936] blktrace: Concurrent blktraces are not allowed on nullb0
[  159.067591][ T7937] netlink: 4 bytes leftover after parsing attributes in process `syz.3.495'.
[  159.080666][ T7937] netlink: 28 bytes leftover after parsing attributes in process `syz.3.495'.
[  159.140927][ T7939] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  159.145280][ T7939] /dev/nullb0: Can't open blockdev
[  160.134874][ T7953] binder: BINDER_SET_CONTEXT_MGR already set
[  160.137567][ T7953] binder: 7947:7953 ioctl 4018620d 80000040 returned -16
[  161.135340][ T7970] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  161.137995][ T7970] VFS: Can't find a romfs filesystem on dev nullb0.
[  161.137995][ T7970] 
[  161.476239][ T7979] binder: BINDER_SET_CONTEXT_MGR already set
[  161.479007][ T7979] binder: 7975:7979 ioctl 4018620d 80000040 returned -16
[  161.921917][ T7997] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  161.926309][ T7997] VFS: Can't find a romfs filesystem on dev nullb0.
[  161.926309][ T7997] 
[  162.076752][ T8001] binder: BINDER_SET_CONTEXT_MGR already set
[  162.081891][ T8001] binder: 7998:8001 ioctl 4018620d 80000040 returned -16
[  162.289026][ T8005] __nla_validate_parse: 5 callbacks suppressed
[  162.289042][ T8005] netlink: 40 bytes leftover after parsing attributes in process `syz.1.517'.
[  162.877933][ T8012] netlink: 52 bytes leftover after parsing attributes in process `syz.3.520'.
[  163.936052][ T8036] 9pnet_fd: Insufficient options for proto=fd
[  163.950661][ T8036] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.525'.
[  163.960002][ T8037] binder: BINDER_SET_CONTEXT_MGR already set
[  163.972732][ T8037] binder: 8033:8037 ioctl 4018620d 80000040 returned -16
[  164.353295][ T8047] netlink: 52 bytes leftover after parsing attributes in process `syz.1.530'.
[  164.525342][ T8052] netlink: 40 bytes leftover after parsing attributes in process `syz.1.531'.
[  165.494808][ T8067] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  165.498256][ T8067] VFS: Can't find a romfs filesystem on dev nullb0.
[  165.498256][ T8067] 
[  166.564310][ T8087] binder: BINDER_SET_CONTEXT_MGR already set
[  166.567016][ T8087] binder: 8075:8087 ioctl 4018620d 80000040 returned -16
[  167.357803][ T8096] netlink: 40 bytes leftover after parsing attributes in process `syz.2.543'.
[  167.415483][ T8102] netlink: 4 bytes leftover after parsing attributes in process `syz.1.540'.
[  167.537085][ T8106] binder: BINDER_SET_CONTEXT_MGR already set
[  167.540096][ T8106] binder: 8103:8106 ioctl 4018620d 80000040 returned -16
[  168.429880][ T8113] blktrace: Concurrent blktraces are not allowed on nullb0
[  168.494137][ T8114] netlink: 4 bytes leftover after parsing attributes in process `syz.1.548'.
[  168.498651][ T8114] netlink: 24 bytes leftover after parsing attributes in process `syz.1.548'.
[  169.871735][ T8138] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  169.874142][ T8138] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  169.877970][ T8138] vhci_hcd vhci_hcd.0: Device attached
[  169.883093][ T8138] netlink: 8 bytes leftover after parsing attributes in process `syz.3.553'.
[  169.886439][ T8138] netlink: 'syz.3.553': attribute type 10 has an invalid length.
[  169.889166][ T8138] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  169.894076][ T8138] batman_adv: batadv0: Removing interface: batadv_slave_0
[  169.903986][ T8138] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[  170.195055][   T53] usb 44-1: SetAddress Request (2) to port 0
[  170.207098][   T53] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd
[  170.403917][ T8140] vhci_hcd: connection reset by peer
[  170.410423][   T46] vhci_hcd: stop threads
[  170.412818][   T46] vhci_hcd: release socket
[  170.415033][   T46] vhci_hcd: disconnect device
[  171.117099][ T8160] blktrace: Concurrent blktraces are not allowed on nullb0
[  171.132524][ T8162] MTD: Attempt to mount non-MTD device "/dev/nbd2"
[  171.149196][ T8162] ptrace attach of "/syz-executor exec"[5942] was attempted by "/syz-executor exec"[8162]
[  171.173864][ T8163] netlink: 4 bytes leftover after parsing attributes in process `syz.3.559'.
[  171.186939][ T8163] netlink: 24 bytes leftover after parsing attributes in process `syz.3.559'.
[  171.318534][ T8173] netlink: 40 bytes leftover after parsing attributes in process `syz.3.565'.
[  171.542761][   T10] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  171.702511][   T10] usb 5-1: device descriptor read/64, error -71
[  171.832513][ T6023] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  171.952569][   T10] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  171.962751][ T6023] usb 6-1: device descriptor read/64, error -71
[  172.082566][   T10] usb 5-1: device descriptor read/64, error -71
[  172.202633][ T6023] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  172.204700][   T10] usb usb5-port1: attempt power cycle
[  172.248673][ T8183] binder: BINDER_SET_CONTEXT_MGR already set
[  172.250764][ T8183] binder: 8179:8183 ioctl 4018620d 80000040 returned -16
[  172.332706][ T6023] usb 6-1: device descriptor read/64, error -71
[  172.443303][ T6023] usb usb6-port1: attempt power cycle
[  172.552689][   T10] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  172.583101][   T10] usb 5-1: device descriptor read/8, error -71
[  172.793827][ T6023] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  172.823480][ T6023] usb 6-1: device descriptor read/8, error -71
[  172.840063][   T10] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  172.848741][ T8193] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  172.851240][ T8193] VFS: Can't find a romfs filesystem on dev nullb0.
[  172.851240][ T8193] 
[  172.935280][ T8199] blktrace: Concurrent blktraces are not allowed on nullb0
[  172.993325][ T8200] netlink: 4 bytes leftover after parsing attributes in process `syz.3.573'.
[  173.006617][ T8199] netlink: 12 bytes leftover after parsing attributes in process `syz.3.573'.
[  173.092504][ T6023] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  173.124532][ T6023] usb 6-1: device descriptor read/8, error -71
[  173.232807][ T6023] usb usb6-port1: unable to enumerate USB device
[  173.882918][   T10] usb 5-1: device descriptor read/8, error -71
[  173.923425][ T8207] netlink: 40 bytes leftover after parsing attributes in process `syz.2.575'.
[  173.992721][   T10] usb usb5-port1: unable to enumerate USB device
[  174.554548][ T8217] binder: BINDER_SET_CONTEXT_MGR already set
[  174.556447][ T8217] binder: 8215:8217 ioctl 4018620d 80000040 returned -16
[  175.116612][ T8227] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  175.120025][ T8227] VFS: Can't find a romfs filesystem on dev nullb0.
[  175.120025][ T8227] 
[  175.170307][ T8232] blktrace: Concurrent blktraces are not allowed on nullb0
[  175.253619][ T8233] netlink: 4 bytes leftover after parsing attributes in process `syz.3.582'.
[  175.259218][ T8233] netlink: 12 bytes leftover after parsing attributes in process `syz.3.582'.
[  175.305382][   T53] usb 44-1: device descriptor read/8, error -110
[  175.319089][ T8243] netlink: 52 bytes leftover after parsing attributes in process `syz.1.583'.
[  175.323197][ T8235] netlink: 4 bytes leftover after parsing attributes in process `syz.1.583'.
[  175.392582][ T5949] Bluetooth: hci3: command 0x0406 tx timeout
[  175.396633][ T5950] Bluetooth: hci1: command 0x0406 tx timeout
[  175.396652][ T5302] Bluetooth: hci2: command 0x0406 tx timeout
[  175.692537][   T56] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  175.842535][   T56] usb 8-1: device descriptor read/64, error -71
[  176.102551][   T56] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  176.242645][   T56] usb 8-1: device descriptor read/64, error -71
[  176.247753][ T8252] binder: BINDER_SET_CONTEXT_MGR already set
[  176.250330][ T8252] binder: 8250:8252 ioctl 4018620d 80000040 returned -16
[  176.352752][   T56] usb usb8-port1: attempt power cycle
[  176.413678][ T8254] netlink: 40 bytes leftover after parsing attributes in process `syz.2.588'.
[  176.487200][ T8258] binder: BINDER_SET_CONTEXT_MGR already set
[  176.489921][ T8258] binder: 8255:8258 ioctl 4018620d 80000040 returned -16
[  176.653506][   T53] usb usb44-port1: attempt power cycle
[  176.662993][ T8260] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  176.666696][ T8260] VFS: Can't find a romfs filesystem on dev nullb0.
[  176.666696][ T8260] 
[  176.712932][   T56] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[  176.735338][   T56] usb 8-1: device descriptor read/8, error -71
[  176.972540][   T56] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  176.993425][   T56] usb 8-1: device descriptor read/8, error -71
[  177.102910][   T56] usb usb8-port1: unable to enumerate USB device
[  177.135134][ T8271] blktrace: Concurrent blktraces are not allowed on nullb0
[  177.192708][ T8272] netlink: 4 bytes leftover after parsing attributes in process `syz.0.594'.
[  177.197248][ T8272] netlink: 12 bytes leftover after parsing attributes in process `syz.0.594'.
[  177.303507][   T53] usb usb44-port1: unable to enumerate USB device
[  177.713384][ T8284] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  177.716153][ T8284] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  177.719403][ T8284] vhci_hcd vhci_hcd.0: Device attached
[  177.724334][ T8285] vhci_hcd: unknown pdu 2
[  177.727503][   T13] vhci_hcd: stop threads
[  177.729315][   T13] vhci_hcd: release socket
[  177.731209][   T13] vhci_hcd: disconnect device
[  179.310064][ T8304] __nla_validate_parse: 2 callbacks suppressed
[  179.310080][ T8304] netlink: 40 bytes leftover after parsing attributes in process `syz.1.603'.
[  179.455814][ T8310] blktrace: Concurrent blktraces are not allowed on nullb0
[  179.543868][ T8311] netlink: 4 bytes leftover after parsing attributes in process `syz.0.604'.
[  179.557510][ T8311] netlink: 12 bytes leftover after parsing attributes in process `syz.0.604'.
[  180.038520][ T8318] netlink: 52 bytes leftover after parsing attributes in process `syz.3.607'.
[  180.043293][ T8318] netlink: 4 bytes leftover after parsing attributes in process `syz.3.607'.
[  181.005074][ T8347] blktrace: Concurrent blktraces are not allowed on nullb0
[  181.060981][ T8349] netlink: 4 bytes leftover after parsing attributes in process `syz.3.613'.
[  181.065752][ T8349] netlink: 12 bytes leftover after parsing attributes in process `syz.3.613'.
[  181.475290][ T8361] input: syz1 as /devices/virtual/input/input6
[  182.626848][ T8374] netlink: 52 bytes leftover after parsing attributes in process `syz.2.618'.
[  182.642815][ T8369] netlink: 4 bytes leftover after parsing attributes in process `syz.2.618'.
[  182.705680][ T8373] syzkaller0: entered promiscuous mode
[  182.708323][ T8373] syzkaller0: entered allmulticast mode
[  183.429450][ T8392] blktrace: Concurrent blktraces are not allowed on nullb0
[  183.485809][ T8393] netlink: 4 bytes leftover after parsing attributes in process `syz.0.623'.
[  184.241739][ T8409] overlayfs: failed to resolve './file0': -2
[  184.572924][ T8417] __nla_validate_parse: 1 callbacks suppressed
[  184.572940][ T8417] netlink: 52 bytes leftover after parsing attributes in process `syz.1.628'.
[  184.605709][ T8414] netlink: 4 bytes leftover after parsing attributes in process `syz.1.628'.
[  184.645151][ T8420] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  184.648479][ T8420] VFS: Can't find a romfs filesystem on dev nullb0.
[  184.648479][ T8420] 
[  184.991217][ T8435] blktrace: Concurrent blktraces are not allowed on nullb0
[  185.053759][ T8437] netlink: 4 bytes leftover after parsing attributes in process `syz.3.632'.
[  185.062777][ T8437] netlink: 12 bytes leftover after parsing attributes in process `syz.3.632'.
[  185.235943][ T8443] FAULT_INJECTION: forcing a failure.
[  185.235943][ T8443] name failslab, interval 1, probability 0, space 0, times 1
[  185.240272][ T8443] CPU: 2 UID: 0 PID: 8443 Comm: syz.3.635 Not tainted syzkaller #0 PREEMPT(full) 
[  185.240286][ T8443] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  185.240292][ T8443] Call Trace:
[  185.240297][ T8443]  <TASK>
[  185.240302][ T8443]  dump_stack_lvl+0x16c/0x1f0
[  185.240319][ T8443]  should_fail_ex+0x512/0x640
[  185.240337][ T8443]  ? fs_reclaim_acquire+0xae/0x150
[  185.240362][ T8443]  should_failslab+0xc2/0x120
[  185.240378][ T8443]  __kmalloc_noprof+0xdd/0x880
[  185.240395][ T8443]  ? kfree+0x252/0x6d0
[  185.240403][ T8443]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  185.240419][ T8443]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  185.240432][ T8443]  tomoyo_realpath_from_path+0xc2/0x6e0
[  185.240449][ T8443]  tomoyo_check_open_permission+0x2ab/0x3c0
[  185.240461][ T8443]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  185.240494][ T8443]  ? do_raw_spin_lock+0x12c/0x2b0
[  185.240516][ T8443]  tomoyo_file_open+0x6b/0x90
[  185.240531][ T8443]  security_file_open+0x84/0x1e0
[  185.240545][ T8443]  do_dentry_open+0x596/0x1530
[  185.240562][ T8443]  vfs_open+0x82/0x3f0
[  185.240580][ T8443]  path_openat+0x1de4/0x2cb0
[  185.240597][ T8443]  ? __pfx_path_openat+0x10/0x10
[  185.240614][ T8443]  do_filp_open+0x20b/0x470
[  185.240626][ T8443]  ? __pfx_do_filp_open+0x10/0x10
[  185.240649][ T8443]  ? _raw_spin_unlock+0x28/0x50
[  185.240660][ T8443]  ? alloc_fd+0x471/0x7d0
[  185.240676][ T8443]  do_sys_openat2+0x11b/0x1d0
[  185.240692][ T8443]  ? __pfx_do_sys_openat2+0x10/0x10
[  185.240710][ T8443]  ? __fget_files+0x20e/0x3c0
[  185.240719][ T8443]  ? handle_mm_fault+0x250/0xd10
[  185.240740][ T8443]  __ia32_compat_sys_openat+0x16d/0x210
[  185.240757][ T8443]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  185.240774][ T8443]  ? ksys_write+0x1ac/0x250
[  185.240788][ T8443]  ? rcu_is_watching+0x12/0xc0
[  185.240802][ T8443]  __do_fast_syscall_32+0x7c/0x300
[  185.240819][ T8443]  do_fast_syscall_32+0x32/0x80
[  185.240833][ T8443]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  185.240847][ T8443] RIP: 0023:0xf707d579
[  185.240856][ T8443] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  185.240866][ T8443] RSP: 002b:00000000f544c100 EFLAGS: 00000293 ORIG_RAX: 0000000000000127
[  185.240877][ T8443] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f544c150
[  185.240883][ T8443] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000f7416ff4
[  185.240889][ T8443] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  185.240895][ T8443] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  185.240901][ T8443] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  185.240915][ T8443]  </TASK>
[  185.240920][ T8443] ERROR: Out of memory at tomoyo_realpath_from_path.
[  185.691551][ T8449] overlayfs: failed to resolve './file0': -2
[  187.201559][ T8473] netlink: 52 bytes leftover after parsing attributes in process `syz.1.641'.
[  187.208675][ T8473] netlink: 4 bytes leftover after parsing attributes in process `syz.1.641'.
[  187.376310][ T8477] blktrace: Concurrent blktraces are not allowed on nullb0
[  187.441297][ T8479] netlink: 4 bytes leftover after parsing attributes in process `syz.1.643'.
[  187.460799][ T8479] netlink: 12 bytes leftover after parsing attributes in process `syz.1.643'.
[  187.882707][ T8488] overlayfs: failed to resolve './file0': -2
[  188.385529][ T8497] syz_tun: entered allmulticast mode
[  188.389116][ T8497] lo: entered allmulticast mode
[  188.394097][ T8496] syz_tun: left allmulticast mode
[  188.396715][ T8496] lo: left allmulticast mode
[  188.731274][ T8502] process 'syz.2.650' launched './file1' with NULL argv: empty string added
[  188.748769][ T8505] netlink: 52 bytes leftover after parsing attributes in process `syz.0.651'.
[  188.752641][ T8505] netlink: 4 bytes leftover after parsing attributes in process `syz.0.651'.
[  188.963079][ T8513] blktrace: Concurrent blktraces are not allowed on nullb0
[  189.195087][ T8522] overlayfs: failed to resolve './file1': -2
[  190.801726][ T8549] blktrace: Concurrent blktraces are not allowed on nullb0
[  190.847341][ T8551] __nla_validate_parse: 2 callbacks suppressed
[  190.847354][ T8551] netlink: 52 bytes leftover after parsing attributes in process `syz.0.661'.
[  190.853586][ T8553] overlayfs: failed to resolve './file1': -2
[  190.854822][ T8551] netlink: 4 bytes leftover after parsing attributes in process `syz.0.661'.
[  190.864940][ T8554] netlink: 4 bytes leftover after parsing attributes in process `syz.2.663'.
[  190.870113][ T8554] netlink: 16 bytes leftover after parsing attributes in process `syz.2.663'.
[  191.029220][ T8561] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  191.035611][ T8561] VFS: Can't find a romfs filesystem on dev nullb0.
[  191.035611][ T8561] 
[  192.060767][ T8581] netlink: 'syz.3.665': attribute type 10 has an invalid length.
[  192.347230][ T8581] batman_adv: batadv0: Adding interface: team0
[  192.350010][ T8581] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  192.360800][ T8581] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  192.409009][ T8591] blktrace: Concurrent blktraces are not allowed on nullb0
[  192.478610][ T8594] netlink: 4 bytes leftover after parsing attributes in process `syz.2.675'.
[  192.503324][ T8594] netlink: 16 bytes leftover after parsing attributes in process `syz.2.675'.
[  192.635759][ T8597] overlayfs: failed to resolve './file1': -2
[  192.648562][ T8599] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  192.652100][ T8599] VFS: Can't find a romfs filesystem on dev nullb0.
[  192.652100][ T8599] 
[  192.722551][ T8603] netlink: 40 bytes leftover after parsing attributes in process `syz.2.678'.
[  192.891599][ T8609] tunl0: entered promiscuous mode
[  192.894961][ T8609] netlink: 'syz.3.680': attribute type 4 has an invalid length.
[  192.897685][ T8609] netlink: 9 bytes leftover after parsing attributes in process `syz.3.680'.
[  193.648746][ T8622] syzkaller0: entered promiscuous mode
[  193.650678][ T8622] syzkaller0: entered allmulticast mode
[  193.670282][ T8622] tipc: Started in network mode
[  193.672116][ T8622] tipc: Node identity 42fd4f2a301e, cluster identity 4711
[  193.675547][ T8622] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  193.685098][ T8621] tipc: Resetting bearer <eth:syzkaller0>
[  193.712161][ T8621] tipc: Disabling bearer <eth:syzkaller0>
[  193.802544][ T8624] blktrace: Concurrent blktraces are not allowed on nullb0
[  193.890014][ T8631] netlink: 4 bytes leftover after parsing attributes in process `syz.1.684'.
[  193.895494][ T8631] netlink: 16 bytes leftover after parsing attributes in process `syz.1.684'.
[  194.009601][ T8633] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  194.012776][ T8633] /dev/nullb0: Can't open blockdev
[  194.191976][ T8628] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  194.194254][ T8628] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  194.197123][ T8628] vhci_hcd vhci_hcd.0: Device attached
[  194.201570][ T8628] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(8)
[  194.204412][ T8628] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  194.208046][ T8628] vhci_hcd vhci_hcd.0: Device attached
[  194.222606][ T8628] vhci_hcd vhci_hcd.0: pdev(3) rhport(2) sockfd(10)
[  194.224823][ T8628] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  194.227566][ T8628] vhci_hcd vhci_hcd.0: Device attached
[  194.230792][ T8628] vhci_hcd vhci_hcd.0: pdev(3) rhport(3) sockfd(12)
[  194.232980][ T8628] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  194.236121][ T8628] vhci_hcd vhci_hcd.0: Device attached
[  194.240703][ T8628] vhci_hcd vhci_hcd.0: pdev(3) rhport(4) sockfd(14)
[  194.242905][ T8628] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  194.246188][ T8628] vhci_hcd vhci_hcd.0: Device attached
[  194.281247][ T8646] vhci_hcd: connection closed
[  194.281445][ T1178] vhci_hcd: stop threads
[  194.284602][ T1178] vhci_hcd: release socket
[  194.286111][ T1178] vhci_hcd: disconnect device
[  194.289644][ T8644] vhci_hcd: connection closed
[  194.289891][ T8642] vhci_hcd: connection closed
[  194.293121][ T8640] vhci_hcd: connection closed
[  194.295813][ T1178] vhci_hcd: stop threads
[  194.299079][ T1178] vhci_hcd: release socket
[  194.300820][ T1178] vhci_hcd: disconnect device
[  194.303279][ T8637] vhci_hcd: connection closed
[  194.323338][ T1178] vhci_hcd: stop threads
[  194.328129][ T1178] vhci_hcd: release socket
[  194.329670][ T1178] vhci_hcd: disconnect device
[  194.333278][ T1178] vhci_hcd: stop threads
[  194.334749][ T1178] vhci_hcd: release socket
[  194.346858][ T1178] vhci_hcd: disconnect device
[  194.353026][ T1178] vhci_hcd: stop threads
[  194.354553][ T1178] vhci_hcd: release socket
[  194.359063][ T1178] vhci_hcd: disconnect device
[  196.131760][ T8678] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  196.135265][ T8678] VFS: Can't find a romfs filesystem on dev nullb0.
[  196.135265][ T8678] 
[  198.917849][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[  198.932575][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  200.224354][ T8716] binder: BINDER_SET_CONTEXT_MGR already set
[  200.226829][ T8716] binder: 8710:8716 ioctl 4018620d 80000040 returned -16
[  200.388999][ T8718] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  200.392747][ T8718] VFS: Can't find a romfs filesystem on dev nullb0.
[  200.392747][ T8718] 
[  201.562623][ T6023] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  201.716925][ T6023] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  201.721219][ T6023] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  201.729838][ T6023] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  201.744660][ T6023] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.756737][ T6023] usb 7-1: config 0 descriptor??
[  202.923589][   T56] usb 7-1: USB disconnect, device number 5
[  203.359507][ T8767] __nla_validate_parse: 2 callbacks suppressed
[  203.359707][ T8767] netlink: 48 bytes leftover after parsing attributes in process `syz.2.718'.
[  203.716678][ T8775] netlink: 4 bytes leftover after parsing attributes in process `syz.1.719'.
[  204.487159][ T8775] 9pnet_fd: p9_fd_create_tcp (8775): problem connecting socket to 127.0.0.1
[  204.773215][  T912] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  205.374249][  T912] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  205.382369][  T912] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  205.390031][  T912] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  205.394520][  T912] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.400971][  T912] usb 6-1: config 0 descriptor??
[  205.407996][  T912] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  205.453914][ T8801] netlink: 12 bytes leftover after parsing attributes in process `syz.2.727'.
[  205.477258][ T8801] netlink: 12 bytes leftover after parsing attributes in process `syz.2.727'.
[  205.513477][ T8805] netlink: 40 bytes leftover after parsing attributes in process `syz.2.727'.
[  205.539193][ T8801] netlink: 12 bytes leftover after parsing attributes in process `syz.2.727'.
[  205.821503][ T5979] usb 6-1: USB disconnect, device number 9
[  206.408139][ T8822] netlink: 4 bytes leftover after parsing attributes in process `syz.2.732'.
[  208.082853][  T912] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  208.186856][ T8848] netlink: 12 bytes leftover after parsing attributes in process `syz.0.740'.
[  208.209303][ T8848] netlink: 12 bytes leftover after parsing attributes in process `syz.0.740'.
[  208.234908][  T912] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  208.239472][  T912] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  208.254835][  T912] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  208.257928][  T912] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.263329][ T8853] netlink: 40 bytes leftover after parsing attributes in process `syz.0.740'.
[  208.268480][  T912] usb 7-1: config 0 descriptor??
[  208.281456][  T912] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  208.486758][   T53] usb 7-1: USB disconnect, device number 6
[  209.852507][   T34] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  210.004775][   T34] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  210.009908][   T34] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  210.022691][   T34] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  210.032401][   T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.048253][   T34] usb 8-1: config 0 descriptor??
[  210.070099][   T34] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  210.535892][ T5979] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  210.566665][ T8907] __nla_validate_parse: 1 callbacks suppressed
[  210.566675][ T8907] netlink: 40 bytes leftover after parsing attributes in process `syz.2.755'.
[  210.576288][   T34] usb 8-1: USB disconnect, device number 19
[  210.639001][ T8909] trusted_key: encrypted_key: master key parameter 'defaul�' is invalid
[  210.645033][ T8909] trusted_key: encrypted_key: keylen parameter is missing
[  210.712509][ T5979] usb 6-1: Using ep0 maxpacket: 8
[  210.722826][ T5979] usb 6-1: config 0 interface 0 has no altsetting 0
[  210.725198][ T5979] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  210.728841][ T5979] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.738945][ T8915] binder: BINDER_SET_CONTEXT_MGR already set
[  210.741750][ T8915] binder: 8911:8915 ioctl 4018620d 80000040 returned -16
[  210.757268][ T5979] usb 6-1: config 0 descriptor??
[  211.169874][ T5979] mcp2221 0003:04D8:00DD.0002: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  212.177796][ T8949] FAULT_INJECTION: forcing a failure.
[  212.177796][ T8949] name failslab, interval 1, probability 0, space 0, times 0
[  212.183046][ T8949] CPU: 0 UID: 0 PID: 8949 Comm: syz.0.768 Not tainted syzkaller #0 PREEMPT(full) 
[  212.183074][ T8949] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  212.183081][ T8949] Call Trace:
[  212.183085][ T8949]  <TASK>
[  212.183090][ T8949]  dump_stack_lvl+0x16c/0x1f0
[  212.183108][ T8949]  should_fail_ex+0x512/0x640
[  212.183125][ T8949]  ? __kvmalloc_node_noprof+0x12e/0x9c0
[  212.183141][ T8949]  should_failslab+0xc2/0x120
[  212.183157][ T8949]  __kvmalloc_node_noprof+0x141/0x9c0
[  212.183171][ T8949]  ? __nf_hook_entries_try_shrink+0x164/0x400
[  212.183187][ T8949]  ? __nf_hook_entries_try_shrink+0x164/0x400
[  212.183199][ T8949]  __nf_hook_entries_try_shrink+0x164/0x400
[  212.183216][ T8949]  __nf_unregister_net_hook+0x2e5/0x680
[  212.183230][ T8949]  nf_unregister_net_hook+0xa8/0x110
[  212.183241][ T8949]  __nf_tables_unregister_hook+0x1a3/0x220
[  212.183254][ T8949]  nf_tables_abort+0x279e/0x3e90
[  212.183274][ T8949]  ? __pfx_nf_tables_abort+0x10/0x10
[  212.183290][ T8949]  ? __nla_parse+0x40/0x60
[  212.183305][ T8949]  nfnetlink_rcv_batch+0x11c7/0x2350
[  212.183330][ T8949]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  212.183348][ T8949]  ? __local_bh_enable_ip+0xa4/0x120
[  212.183362][ T8949]  ? __dev_queue_xmit+0xaf1/0x4490
[  212.183377][ T8949]  ? __dev_queue_xmit+0xb12/0x4490
[  212.183400][ T8949]  ? __pfx___dev_queue_xmit+0x10/0x10
[  212.183431][ T8949]  ? __nla_parse+0x40/0x60
[  212.183445][ T8949]  nfnetlink_rcv+0x3c1/0x430
[  212.183461][ T8949]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  212.183480][ T8949]  netlink_unicast+0x5aa/0x870
[  212.183495][ T8949]  ? __pfx_netlink_unicast+0x10/0x10
[  212.183513][ T8949]  netlink_sendmsg+0x8c8/0xdd0
[  212.183528][ T8949]  ? __pfx_netlink_sendmsg+0x10/0x10
[  212.183542][ T8949]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  212.183562][ T8949]  ____sys_sendmsg+0xa98/0xc70
[  212.183578][ T8949]  ? __pfx_____sys_sendmsg+0x10/0x10
[  212.183592][ T8949]  ? get_compat_msghdr+0x11a/0x170
[  212.183610][ T8949]  ___sys_sendmsg+0x134/0x1d0
[  212.183622][ T8949]  ? __pfx____sys_sendmsg+0x10/0x10
[  212.183641][ T8949]  ? find_held_lock+0x2b/0x80
[  212.183663][ T8949]  __sys_sendmsg+0x16d/0x220
[  212.183674][ T8949]  ? __pfx___sys_sendmsg+0x10/0x10
[  212.183693][ T8949]  ? rcu_is_watching+0x12/0xc0
[  212.183707][ T8949]  __do_fast_syscall_32+0x7c/0x300
[  212.183723][ T8949]  do_fast_syscall_32+0x32/0x80
[  212.183738][ T8949]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  212.183752][ T8949] RIP: 0023:0xf702d579
[  212.183760][ T8949] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  212.183771][ T8949] RSP: 002b:00000000f541d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  212.183781][ T8949] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800000c0
[  212.183788][ T8949] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  212.183794][ T8949] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  212.183799][ T8949] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  212.183805][ T8949] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  212.183820][ T8949]  </TASK>
[  212.247019][ T8952] overlayfs: missing 'lowerdir'
[  212.304041][ T5979] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  212.343982][ T8956] binder: BINDER_SET_CONTEXT_MGR already set
[  212.356954][ T8956] binder: 8953:8956 ioctl 4018620d 80000040 returned -16
[  212.455102][ T5979] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  212.458762][ T5979] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  212.463140][ T5979] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  212.466324][ T5979] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.476134][ T5979] usb 8-1: config 0 descriptor??
[  212.490753][ T5979] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  212.634898][ T8961] netlink: 40 bytes leftover after parsing attributes in process `syz.0.772'.
[  212.694154][ T1334] usb 8-1: USB disconnect, device number 20
[  212.914805][ T1334] usb 6-1: USB disconnect, device number 10
[  213.411413][ T8974] netlink: 4 bytes leftover after parsing attributes in process `syz.1.776'.
[  213.727870][ T8984] overlayfs: missing 'lowerdir'
[  215.022639][   T10] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  215.283046][   T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  215.293477][   T10] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  215.304875][   T10] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  215.312802][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  215.329105][   T10] usb 7-1: config 0 descriptor??
[  215.448588][   T10] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  215.724729][   T53] usb 7-1: USB disconnect, device number 7
[  215.784712][ T9005] netlink: 40 bytes leftover after parsing attributes in process `syz.1.785'.
[  215.840635][ T9007] netlink: 4 bytes leftover after parsing attributes in process `syz.3.784'.
[  215.891205][ T9016] overlayfs: missing 'lowerdir'
[  216.539875][ T9040] ubi0: attaching mtd0
[  216.543960][ T9040] ubi0: scanning is finished
[  216.545670][ T9040] ubi0: empty MTD device detected
[  216.699407][ T9040] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  216.702566][ T9040] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  216.706205][ T9040] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  216.709674][ T9040] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  216.712488][ T9040] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  216.724143][ T9040] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  216.731609][ T9040] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1469108819
[  216.743703][ T9040] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  216.753421][ T9041] ubi0: detaching mtd0
[  216.754296][ T9047] ubi0: background thread "ubi_bgt0d" started, PID 9047
[  216.774353][ T9041] ubi0: mtd0 is detached
[  216.776874][ T9050] overlayfs: missing 'lowerdir'
[  217.020334][ T9060] Invalid source name
[  217.152704][ T9062] mkiss: ax0: crc mode is auto.
[  217.339470][   T34] IPVS: starting estimator thread 0...
[  217.345495][ T9065] tmpfs: Unknown parameter 'usrquota@'
[  217.349495][ T9065] futex_wake_op: syz.3.802 tries to shift op by -1; fix this program
[  217.422987][ T9066] IPVS: using max 43 ests per chain, 103200 per kthread
[  217.423538][ T9065] Invalid logical block size (2)
[  217.596121][ T9070] netlink: 40 bytes leftover after parsing attributes in process `syz.0.804'.
[  218.402063][ T9089] blktrace: Concurrent blktraces are not allowed on nullb0
[  218.465217][ T9090] netlink: 4 bytes leftover after parsing attributes in process `syz.0.809'.
[  218.489206][ T9089] netlink: 8 bytes leftover after parsing attributes in process `syz.0.809'.
[  218.701052][ T9092] lo speed is unknown, defaulting to 1000
[  219.296199][ T9102] netlink: 52 bytes leftover after parsing attributes in process `syz.2.812'.
[  219.917233][ T9114] netlink: 4 bytes leftover after parsing attributes in process `syz.2.815'.
[  220.052345][ T1143] tipc: Subscription rejected, illegal request
[  220.078680][ T9121] netlink: 40 bytes leftover after parsing attributes in process `syz.0.817'.
[  220.087540][ T9123] blktrace: Concurrent blktraces are not allowed on nullb0
[  220.145529][ T9126] netlink: 4 bytes leftover after parsing attributes in process `syz.2.818'.
[  220.153278][ T9126] netlink: 8 bytes leftover after parsing attributes in process `syz.2.818'.
[  221.163941][ T9153] netlink: 48 bytes leftover after parsing attributes in process `syz.1.822'.
[  225.359064][ T9152] syz.1.822 (9152) used greatest stack depth: 19720 bytes left
[  225.410591][ T9168] blktrace: Concurrent blktraces are not allowed on nullb0
[  225.485250][ T9170] netlink: 4 bytes leftover after parsing attributes in process `syz.0.827'.
[  225.498290][ T9170] netlink: 28 bytes leftover after parsing attributes in process `syz.0.827'.
[  225.970147][ T9187] netlink: 40 bytes leftover after parsing attributes in process `syz.3.831'.
[  226.487651][ T9194] netlink: 52 bytes leftover after parsing attributes in process `syz.2.832'.
[  226.508574][ T9194] netlink: 4 bytes leftover after parsing attributes in process `syz.2.832'.
[  226.952581][   T53] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  227.104189][   T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  227.109145][   T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  227.113610][   T53] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  227.117094][   T53] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.122515][   T53] usb 7-1: config 0 descriptor??
[  227.913090][   T53] usbhid 7-1:0.0: can't add hid device: -71
[  227.920515][   T53] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  227.940457][   T53] usb 7-1: USB disconnect, device number 8
[  228.052153][ T9219] blktrace: Concurrent blktraces are not allowed on nullb0
[  228.123310][ T9222] netlink: 4 bytes leftover after parsing attributes in process `syz.0.838'.
[  228.161277][ T9222] netlink: 28 bytes leftover after parsing attributes in process `syz.0.838'.
[  229.069253][ T9231] binder: BINDER_SET_CONTEXT_MGR already set
[  229.071387][ T9231] binder: 9227:9231 ioctl 4018620d 80000040 returned -16
[  229.244947][ T9240] netlink: 52 bytes leftover after parsing attributes in process `syz.3.842'.
[  229.256622][ T9240] netlink: 4 bytes leftover after parsing attributes in process `syz.3.842'.
[  229.382333][ T9240] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  229.455829][ T9245] netlink: 40 bytes leftover after parsing attributes in process `syz.1.844'.
[  229.623230][ T9252] binder: BINDER_SET_CONTEXT_MGR already set
[  229.625251][ T9252] binder: 9247:9252 ioctl 4018620d 80000040 returned -16
[  230.345282][ T9262] blktrace: Concurrent blktraces are not allowed on nullb0
[  230.412600][   T57] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  230.420164][ T9264] netlink: 4 bytes leftover after parsing attributes in process `syz.1.857'.
[  230.439743][ T9264] netlink: 12 bytes leftover after parsing attributes in process `syz.1.857'.
[  230.574370][   T57] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  230.579203][   T57] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  230.584853][   T57] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  230.588892][   T57] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.596256][   T57] usb 7-1: config 0 descriptor??
[  230.822680][   T57] usbhid 7-1:0.0: can't add hid device: -71
[  230.827255][   T57] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  230.834221][   T57] usb 7-1: USB disconnect, device number 9
[  230.946473][ T9268] blktrace: Concurrent blktraces are not allowed on nullb0
[  231.025962][ T9270] netlink: 4 bytes leftover after parsing attributes in process `syz.1.859'.
[  232.094568][ T9289] __nla_validate_parse: 1 callbacks suppressed
[  232.094583][ T9289] netlink: 52 bytes leftover after parsing attributes in process `syz.0.854'.
[  232.103261][ T9289] netlink: 4 bytes leftover after parsing attributes in process `syz.0.854'.
[  232.439620][ T9296] netlink: 40 bytes leftover after parsing attributes in process `syz.1.858'.
[  233.462173][ T9308] binder: BINDER_SET_CONTEXT_MGR already set
[  233.464845][ T9308] binder: 9306:9308 ioctl 4018620d 80000040 returned -16
[  233.642602][   T56] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  233.794754][   T56] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  233.802669][   T56] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  233.805913][   T56] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  233.809272][   T56] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  233.816970][   T56] usb 7-1: config 0 descriptor??
[  236.045824][   T56] usbhid 7-1:0.0: can't add hid device: -71
[  236.047843][   T56] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  236.051340][   T56] usb 7-1: USB disconnect, device number 10
[  236.085721][ T9332] netlink: 52 bytes leftover after parsing attributes in process `syz.0.866'.
[  236.089322][ T9332] netlink: 4 bytes leftover after parsing attributes in process `syz.0.866'.
[  236.471807][ T9344] netlink: 40 bytes leftover after parsing attributes in process `syz.3.871'.
[  237.138535][ T9354] netlink: 12 bytes leftover after parsing attributes in process `syz.1.874'.
[  237.180241][ T9354] netlink: 40 bytes leftover after parsing attributes in process `syz.1.874'.
[  237.434479][ T9361] netlink: 52 bytes leftover after parsing attributes in process `syz.2.877'.
[  237.439036][ T9361] netlink: 4 bytes leftover after parsing attributes in process `syz.2.877'.
[  237.482539][   T56] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  237.612527][   T57] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  237.645080][   T56] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  237.649044][   T56] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  237.652318][   T56] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  237.657688][   T56] usb 5-1: config 0 descriptor??
[  237.793864][   T57] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  237.797504][   T57] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  237.801140][   T57] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  237.813928][   T57] usb 8-1: config 0 descriptor??
[  237.938096][ T9356] syz.0.875: page allocation failure: order:0, mode:0x340cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_THISNODE), nodemask=(null),cpuset=/,mems_allowed=0-1
[  237.943315][ T9356] CPU: 1 UID: 0 PID: 9356 Comm: syz.0.875 Not tainted syzkaller #0 PREEMPT(full) 
[  237.943330][ T9356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  237.943336][ T9356] Call Trace:
[  237.943340][ T9356]  <TASK>
[  237.943345][ T9356]  dump_stack_lvl+0x16c/0x1f0
[  237.943373][ T9356]  warn_alloc+0x248/0x3a0
[  237.943388][ T9356]  ? __pfx_warn_alloc+0x10/0x10
[  237.943398][ T9356]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  237.943435][ T9356]  __alloc_frozen_pages_noprof+0xe9b/0x2470
[  237.943451][ T9356]  ? sched_clock_cpu+0x6c/0x530
[  237.943468][ T9356]  ? __lock_acquire+0xb8a/0x1c90
[  237.943483][ T9356]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  237.943520][ T9356]  __folio_alloc_noprof+0x11/0x220
[  237.943544][ T9356]  alloc_migration_target+0x24a/0x660
[  237.943562][ T9356]  migrate_pages_batch+0x3bc/0x3bb0
[  237.943579][ T9356]  ? page_table_check_set+0x5e0/0x750
[  237.943593][ T9356]  ? __pfx_alloc_migration_target+0x10/0x10
[  237.943609][ T9356]  ? page_table_check_set+0x631/0x750
[  237.943629][ T9356]  ? __pfx_migrate_pages_batch+0x10/0x10
[  237.943647][ T9356]  ? do_pte_missing+0x8a3/0x3ba0
[  237.943671][ T9356]  migrate_pages_sync+0x12d/0x8a0
[  237.943688][ T9356]  ? __pfx_alloc_migration_target+0x10/0x10
[  237.943707][ T9356]  ? __handle_mm_fault+0x5a8/0x2aa0
[  237.943724][ T9356]  ? __pfx_migrate_pages_sync+0x10/0x10
[  237.943741][ T9356]  ? mt_find+0x3e2/0xa20
[  237.943761][ T9356]  migrate_pages+0x1b5f/0x23a0
[  237.943781][ T9356]  ? __pfx_alloc_migration_target+0x10/0x10
[  237.943802][ T9356]  ? __pfx_migrate_pages+0x10/0x10
[  237.943822][ T9356]  ? __lock_acquire+0xb8a/0x1c90
[  237.943838][ T9356]  ? mtree_load+0x315/0xa30
[  237.943853][ T9356]  move_pages_and_store_status+0xf1/0x230
[  237.943872][ T9356]  ? __pfx_move_pages_and_store_status+0x10/0x10
[  237.943891][ T9356]  ? __might_fault+0x13b/0x190
[  237.943907][ T9356]  kernel_move_pages+0xbbb/0x12f0
[  237.943941][ T9356]  ? __pfx_kernel_move_pages+0x10/0x10
[  237.943962][ T9356]  ? find_held_lock+0x2b/0x80
[  237.943973][ T9356]  ? __might_fault+0xe3/0x190
[  237.943984][ T9356]  ? __might_fault+0x13b/0x190
[  237.943998][ T9356]  __ia32_sys_move_pages+0xdd/0x1b0
[  237.944015][ T9356]  ? syscall_trace_enter+0xee/0x240
[  237.944033][ T9356]  __do_fast_syscall_32+0x7c/0x300
[  237.944049][ T9356]  do_fast_syscall_32+0x32/0x80
[  237.944063][ T9356]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  237.944077][ T9356] RIP: 0023:0xf702d579
[  237.944086][ T9356] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  237.944096][ T9356] RSP: 002b:00000000f541d55c EFLAGS: 00000296 ORIG_RAX: 000000000000013d
[  237.944107][ T9356] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000002064
[  237.944113][ T9356] RDX: 0000000080000040 RSI: 0000000080001180 RDI: 0000000080000000
[  237.944120][ T9356] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  237.944126][ T9356] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  237.944132][ T9356] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  237.944147][ T9356]  </TASK>
[  237.944324][ T9356] Mem-Info:
[  238.051216][ T9356] active_anon:24683 inactive_anon:14305 isolated_anon:1
[  238.051216][ T9356]  active_file:2337 inactive_file:3065 isolated_file:0
[  238.051216][ T9356]  unevictable:1768 dirty:166 writeback:0
[  238.051216][ T9356]  slab_reclaimable:6225 slab_unreclaimable:54619
[  238.051216][ T9356]  mapped:28230 shmem:1804 pagetables:1973
[  238.051216][ T9356]  sec_pagetables:317 bounce:0
[  238.051216][ T9356]  kernel_misc_reclaimable:0
[  238.051216][ T9356]  free:38843 free_pcp:219 free_cma:0
[  238.065670][ T9356] Node 0 active_anon:104kB inactive_anon:24kB active_file:4kB inactive_file:136kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:4kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:9264kB pagetables:1408kB sec_pagetables:1140kB all_unreclaimable? no Balloon:0kB
[  238.077034][ T9356] Node 1 active_anon:98628kB inactive_anon:57196kB active_file:9344kB inactive_file:12124kB unevictable:3536kB isolated(anon):4kB isolated(file):0kB mapped:112904kB dirty:660kB writeback:0kB shmem:3680kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB kernel_stack:4764kB pagetables:6484kB sec_pagetables:128kB all_unreclaimable? no Balloon:0kB
[  238.088435][ T9356] Node 0 DMA free:4kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:1812kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  238.098192][ T9356] lowmem_reserve[]: 0 294 294 294 294
[  238.101041][ T9356] Node 0 DMA32 free:872kB boost:30252kB min:43700kB low:47060kB high:50420kB reserved_highatomic:0KB free_highatomic:0KB active_anon:104kB inactive_anon:24kB active_file:4kB inactive_file:136kB unevictable:3536kB writepending:4kB zspages:27080kB present:1032196kB managed:301132kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  238.205663][ T9356] lowmem_reserve[]: 0 0 0 0 0
[  238.207311][ T9356] Node 1 DMA32 free:137896kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:2048KB free_highatomic:212KB active_anon:110128kB inactive_anon:57196kB active_file:9344kB inactive_file:12124kB unevictable:3536kB writepending:660kB zspages:69020kB present:1048432kB managed:948220kB mlocked:0kB bounce:0kB free_pcp:6468kB local_pcp:4972kB free_cma:0kB
[  238.222545][ T9356] lowmem_reserve[]: 0 0 0 0 0
[  238.234290][ T9356] Node 0 DMA: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB
[  238.238101][ T9356] Node 0 DMA32: 50*4kB (UM) 6*8kB (M) 7*16kB (UM) 16*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 872kB
[  238.242762][   T57] usbhid 8-1:0.0: can't add hid device: -71
[  238.250476][   T57] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  238.252606][ T9356] Node 1 DMA32: 129*4kB (UMEH) 464*8kB (UMEH) 649*16kB (UMEH) 371*32kB (UMEH) 210*64kB (UME) 107*128kB (UME) 61*256kB (UME) 26*512kB (UM) 20*1024kB (M) 13*2048kB (M) 2*4096kB (M) = 137844kB
[  238.261314][ T9356] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  238.264567][ T9356] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  238.267575][ T9356] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  238.270836][ T9356] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  238.274054][   T57] usb 8-1: USB disconnect, device number 21
[  238.274126][ T9356] 11289 total pagecache pages
[  238.278228][ T9356] 1217 pages in swap cache
[  238.279722][ T9356] Free swap  = 240kB
[  238.281049][ T9356] Total swap = 124996kB
[  238.282522][ T9356] 524155 pages RAM
[  238.289997][ T9356] 0 pages HighMem/MovableOnly
[  238.292194][ T9356] 207977 pages reserved
[  238.294439][ T9356] 0 pages cma reserved
[  238.488221][   T56] usbhid 5-1:0.0: can't add hid device: -71
[  238.490285][   T56] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  238.505332][   T56] usb 5-1: USB disconnect, device number 15
[  238.650209][ T9382] binder: BINDER_SET_CONTEXT_MGR already set
[  238.652237][ T9382] binder: 9379:9382 ioctl 4018620d 80000040 returned -16
[  239.129995][   T40] audit: type=1326 audit(1763456078.040:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9386 comm="syz.1.884" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf709d579 code=0x0
[  239.331712][ T9396] netlink: 52 bytes leftover after parsing attributes in process `syz.2.886'.
[  239.340030][ T9396] netlink: 4 bytes leftover after parsing attributes in process `syz.2.886'.
[  239.620128][ T9401] binder_alloc: 9400: binder_alloc_buf, no vma
[  240.989951][ T9423] binder: BINDER_SET_CONTEXT_MGR already set
[  240.992942][ T9423] binder: 9419:9423 ioctl 4018620d 80000040 returned -16
[  241.073405][ T9425] netlink: 80 bytes leftover after parsing attributes in process `syz.3.896'.
[  241.077911][ T9425] netlink: 4 bytes leftover after parsing attributes in process `syz.3.896'.
[  241.190484][ T9425] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  241.547732][ T9436] blktrace: Concurrent blktraces are not allowed on nullb0
[  241.703195][ T9438] netlink: 4 bytes leftover after parsing attributes in process `syz.3.905'.
[  241.761344][ T9436] netlink: 12 bytes leftover after parsing attributes in process `syz.3.905'.
[  243.298689][ T9466] binder: BINDER_SET_CONTEXT_MGR already set
[  243.301301][ T9466] binder: 9463:9466 ioctl 4018620d 80000040 returned -16
[  245.003217][ T9496] binder: BINDER_SET_CONTEXT_MGR already set
[  245.006338][ T9496] binder: 9492:9496 ioctl 4018620d 80000040 returned -16
[  246.222889][ T9505] binder: BINDER_SET_CONTEXT_MGR already set
[  246.224912][ T9505] binder: 9503:9505 ioctl 4018620d 80000040 returned -16
[  246.280713][ T9507] blktrace: Concurrent blktraces are not allowed on nullb0
[  246.344435][ T9508] netlink: 4 bytes leftover after parsing attributes in process `syz.3.919'.
[  246.353526][ T9508] netlink: 12 bytes leftover after parsing attributes in process `syz.3.919'.
[  247.166839][ T9524] binder: BINDER_SET_CONTEXT_MGR already set
[  247.169026][ T9524] binder: 9522:9524 ioctl 4018620d 80000040 returned -16
[  247.222529][ T6023] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  247.374191][ T6023] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  247.377919][ T6023] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  247.381043][ T6023] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  247.385043][ T6023] usb 6-1: config 0 descriptor??
[  247.388799][ T6023] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  247.729716][    T9] usb 6-1: USB disconnect, device number 11
[  248.033208][ T9548] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  248.035367][ T9548] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  248.038133][ T9548] vhci_hcd vhci_hcd.0: Device attached
[  248.152568][ T6023] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  248.312567][    T9] usb 38-1: SetAddress Request (2) to port 0
[  248.314825][    T9] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd
[  248.324496][ T6023] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  248.328941][ T6023] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  248.331894][ T6023] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.340916][ T6023] usb 8-1: config 0 descriptor??
[  248.756402][ T6023] usbhid 8-1:0.0: can't add hid device: -71
[  248.759287][ T6023] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  248.765318][ T9550] vhci_hcd: connection reset by peer
[  248.769023][   T61] vhci_hcd: stop threads
[  248.770994][   T61] vhci_hcd: release socket
[  248.773313][   T61] vhci_hcd: disconnect device
[  248.783924][ T6023] usb 8-1: USB disconnect, device number 22
[  248.794170][ T9557] netlink: 40 bytes leftover after parsing attributes in process `syz.1.934'.
[  249.594657][ T9573] binder: BINDER_SET_CONTEXT_MGR already set
[  249.596999][ T9573] binder: 9572:9573 ioctl 4018620d 80000040 returned -16
[  249.913014][   T10] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  250.064589][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  250.070587][   T10] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  250.073770][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.081256][   T10] usb 6-1: config 0 descriptor??
[  250.520399][   T10] usbhid 6-1:0.0: can't add hid device: -71
[  250.529276][   T10] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  250.539546][   T10] usb 6-1: USB disconnect, device number 12
[  252.021595][ T9610] netlink: 40 bytes leftover after parsing attributes in process `syz.2.951'.
[  252.104013][   T40] audit: type=1326 audit(1763456091.020:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9613 comm="syz.1.952" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf709d579 code=0x0
[  253.023607][   T29] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  253.193819][   T29] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  253.197385][   T29] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  253.200342][   T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  253.216606][   T29] usb 5-1: config 0 descriptor??
[  253.386757][    T9] usb 38-1: device descriptor read/8, error -110
[  253.676534][   T29] usbhid 5-1:0.0: can't add hid device: -71
[  253.678675][   T29] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  253.694316][   T29] usb 5-1: USB disconnect, device number 16
[  253.792985][    T9] usb usb38-port1: attempt power cycle
[  254.356407][    T9] usb usb38-port1: unable to enumerate USB device
[  254.492976][   T34] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  254.606191][ T9654] netlink: 40 bytes leftover after parsing attributes in process `syz.1.964'.
[  254.674673][   T34] usb 7-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  254.679447][   T34] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  254.692590][   T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  254.699410][   T34] usb 7-1: config 0 descriptor??
[  254.706617][   T34] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  254.913720][    T9] usb 7-1: USB disconnect, device number 11
[  255.001516][   T40] audit: type=1326 audit(1763456093.910:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9658 comm="syz.2.966" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70ed579 code=0x0
[  255.604681][ T9669] netlink: 20 bytes leftover after parsing attributes in process `syz.0.969'.
[  256.082783][    T9] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  256.102903][ T9678] loop7: detected capacity change from 16384 to 0
[  256.103842][    C0] blk_print_req_error: 25 callbacks suppressed
[  256.103853][    C0] I/O error, dev loop7, sector 11776 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 2
[  256.109617][   T13] buffer_io_error: 27 callbacks suppressed
[  256.109629][   T13] Buffer I/O error on dev loop7, logical block 831, lost async page write
[  256.242591][    T9] usb 6-1: Using ep0 maxpacket: 8
[  256.246005][    T9] usb 6-1: config 0 interface 0 has no altsetting 0
[  256.248672][    T9] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  256.252142][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.258404][    T9] usb 6-1: config 0 descriptor??
[  256.284809][ T9684] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  256.287161][ T9684] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  256.290275][ T9684] vhci_hcd vhci_hcd.0: Device attached
[  256.303251][ T9685] vhci_hcd: connection closed
[  256.303564][   T61] vhci_hcd: stop threads
[  256.306899][   T61] vhci_hcd: release socket
[  256.308580][   T61] vhci_hcd: disconnect device
[  256.323352][ T9689] netlink: 12 bytes leftover after parsing attributes in process `syz.2.973'.
[  256.338352][ T9689] mkiss: ax0: crc mode is auto.
[  256.622507][ T6023] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  256.680909][    T9] mcp2221 0003:04D8:00DD.0003: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  256.772561][ T6023] usb 8-1: Using ep0 maxpacket: 32
[  256.776779][ T6023] usb 8-1: config 1 has an invalid descriptor of length 129, skipping remainder of the config
[  256.781214][ T6023] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  256.787710][ T6023] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  256.791701][ T6023] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  256.795459][ T6023] usb 8-1: Product: ӿ
[  256.797483][ T6023] usb 8-1: Manufacturer: ꩠ좙曍朲묚믾캠ṓཽꟅ铃ᦕ꒟슯秢㓧윿㫥秆鿈匳ꑵ荆椭閟ᅍ攳䵽ᓃᝮ﹠欛鶩도䝅ቛ稔塼ச읧缁栋㑲羛䲝폭㳿៙啃㝝徉㨸楳ㇾ⇹샋퇥鞴经翾ﴸ⸆렔ꪓ鈦䣢⠧ԏ膏㈇䴔
[  256.808123][ T6023] usb 8-1: SerialNumber: ⅞㥪础쪲Ϗ댵췥랠뀶둛ꨅ莱蘭萑⛴ᙟ쁂梡霐쫍쏚쩎ݸ턈趬ၿ臀➿侮깎⽙탳ⓩㄨ靪륉㯉癬↕騝ꭿǍ
[  256.878416][ T1334] usb 6-1: USB disconnect, device number 13
[  257.227400][ T9691] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.974'.
[  257.232669][ T6023] usb 8-1: 0:2 : does not exist
[  257.257964][ T6023] usb 8-1: USB disconnect, device number 23
[  257.455221][ T9705] binder: BINDER_SET_CONTEXT_MGR already set
[  257.458160][ T9705] binder: 9704:9705 ioctl 4018620d 80000040 returned -16
[  257.502126][   T40] audit: type=1326 audit(1763456096.410:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9708 comm="syz.0.979" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf702d579 code=0x0
[  257.627755][ T9713] mkiss: ax0: crc mode is auto.
[  259.447454][ T9757] comedi comedi0: Minor 47 could not be opened
[  259.450968][ T9757] netlink: 'syz.1.991': attribute type 1 has an invalid length.
[  259.505905][ T9757] bond1: entered promiscuous mode
[  259.519723][ T9757] 8021q: adding VLAN 0 to HW filter on device bond1
[  260.354498][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[  260.357105][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  260.361511][ T1417] ==================================================================
[  260.364900][ T1417] BUG: KASAN: slab-use-after-free in tty_write_room+0x7d/0x90
[  260.368069][ T1417] Read of size 8 at addr ffff888012b87020 by task aoe_tx0/1417
[  260.372902][ T1417] 
[  260.373721][ T1417] CPU: 3 UID: 0 PID: 1417 Comm: aoe_tx0 Not tainted syzkaller #0 PREEMPT(full) 
[  260.373735][ T1417] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  260.373742][ T1417] Call Trace:
[  260.373763][ T1417]  <TASK>
[  260.373768][ T1417]  dump_stack_lvl+0x116/0x1f0
[  260.373785][ T1417]  print_report+0xcd/0x630
[  260.373800][ T1417]  ? __virt_addr_valid+0x81/0x610
[  260.373814][ T1417]  ? __phys_addr+0xe8/0x180
[  260.373828][ T1417]  ? tty_write_room+0x7d/0x90
[  260.373844][ T1417]  kasan_report+0xe0/0x110
[  260.373858][ T1417]  ? tty_write_room+0x7d/0x90
[  260.373875][ T1417]  tty_write_room+0x7d/0x90
[  260.373891][ T1417]  handle_tx+0x14f/0x630
[  260.373903][ T1417]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  260.373918][ T1417]  dev_hard_start_xmit+0x97/0x740
[  260.373936][ T1417]  __dev_queue_xmit+0xa46/0x4490
[  260.373952][ T1417]  ? lockdep_hardirqs_on+0x7c/0x110
[  260.373966][ T1417]  ? finish_task_switch.isra.0+0x221/0xc10
[  260.373978][ T1417]  ? rcu_is_watching+0x12/0xc0
[  260.373990][ T1417]  ? __pfx___dev_queue_xmit+0x10/0x10
[  260.374006][ T1417]  ? __schedule+0x11a3/0x5de0
[  260.374018][ T1417]  ? __lock_acquire+0xb8a/0x1c90
[  260.374033][ T1417]  ? __lock_acquire+0xb8a/0x1c90
[  260.374050][ T1417]  ? do_raw_spin_lock+0x12c/0x2b0
[  260.374070][ T1417]  ? rcu_is_watching+0x12/0xc0
[  260.374082][ T1417]  tx+0xcc/0x190
[  260.374098][ T1417]  ? __pfx_tx+0x10/0x10
[  260.374112][ T1417]  kthread+0x1e4/0x3e0
[  260.374126][ T1417]  ? find_held_lock+0x2b/0x80
[  260.374137][ T1417]  ? __pfx_kthread+0x10/0x10
[  260.374150][ T1417]  ? __pfx_default_wake_function+0x10/0x10
[  260.374162][ T1417]  ? lockdep_hardirqs_on+0x7c/0x110
[  260.374175][ T1417]  ? __kthread_parkme+0x19e/0x250
[  260.374190][ T1417]  ? __pfx_kthread+0x10/0x10
[  260.374203][ T1417]  kthread+0x3c5/0x780
[  260.374218][ T1417]  ? __pfx_kthread+0x10/0x10
[  260.374234][ T1417]  ? rcu_is_watching+0x12/0xc0
[  260.374246][ T1417]  ? __pfx_kthread+0x10/0x10
[  260.374261][ T1417]  ret_from_fork+0x675/0x7d0
[  260.374278][ T1417]  ? __pfx_kthread+0x10/0x10
[  260.374294][ T1417]  ret_from_fork_asm+0x1a/0x30
[  260.374312][ T1417]  </TASK>
[  260.374316][ T1417] 
[  260.443301][ T1417] Allocated by task 9730:
[  260.444749][ T1417]  kasan_save_stack+0x33/0x60
[  260.446315][ T1417]  kasan_save_track+0x14/0x30
[  260.447923][ T1417]  __kasan_kmalloc+0xaa/0xb0
[  260.449485][ T1417]  alloc_tty_struct+0x96/0x8c0
[  260.451051][ T1417]  tty_init_dev.part.0+0x1e/0x500
[  260.452711][ T1417]  tty_init_dev+0x60/0x80
[  260.454131][ T1417]  ptmx_open+0x10d/0x360
[  260.455533][ T1417]  chrdev_open+0x234/0x6a0
[  260.457059][ T1417]  do_dentry_open+0x982/0x1530
[  260.458787][ T1417]  vfs_open+0x82/0x3f0
[  260.460200][ T1417]  path_openat+0x1de4/0x2cb0
[  260.461752][ T1417]  do_filp_open+0x20b/0x470
[  260.463351][ T1417]  do_sys_openat2+0x11b/0x1d0
[  260.464783][ T1417]  __ia32_compat_sys_openat+0x16d/0x210
[  260.466612][ T1417]  __do_fast_syscall_32+0x7c/0x300
[  260.468304][ T1417]  do_fast_syscall_32+0x32/0x80
[  260.469942][ T1417]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  260.472013][ T1417] 
[  260.472836][ T1417] Freed by task 29:
[  260.474104][ T1417]  kasan_save_stack+0x33/0x60
[  260.475665][ T1417]  kasan_save_track+0x14/0x30
[  260.477299][ T1417]  __kasan_save_free_info+0x3b/0x60
[  260.479005][ T1417]  __kasan_slab_free+0x5f/0x80
[  260.480595][ T1417]  kfree+0x2b8/0x6d0
[  260.481892][ T1417]  process_one_work+0x9cf/0x1b70
[  260.483529][ T1417]  worker_thread+0x6c8/0xf10
[  260.485073][ T1417]  kthread+0x3c5/0x780
[  260.486431][ T1417]  ret_from_fork+0x675/0x7d0
[  260.488007][ T1417]  ret_from_fork_asm+0x1a/0x30
[  260.489616][ T1417] 
[  260.490428][ T1417] Last potentially related work creation:
[  260.492275][ T1417]  kasan_save_stack+0x33/0x60
[  260.493851][ T1417]  kasan_record_aux_stack+0xa7/0xc0
[  260.495558][ T1417]  insert_work+0x36/0x230
[  260.497057][ T1417]  __queue_work+0x97e/0x1160
[  260.498680][ T1417]  queue_work_on+0x1a4/0x1f0
[  260.500251][ T1417]  release_tty+0x4de/0x5d0
[  260.501746][ T1417]  tty_release_struct+0xb7/0xe0
[  260.503355][ T1417]  tty_release+0xe2d/0x1430
[  260.504871][ T1417]  __fput+0x402/0xb70
[  260.506209][ T1417]  task_work_run+0x150/0x240
[  260.507781][ T1417]  exit_to_user_mode_loop+0xec/0x130
[  260.509540][ T1417]  __do_fast_syscall_32+0x240/0x300
[  260.511245][ T1417]  do_fast_syscall_32+0x32/0x80
[  260.512918][ T1417]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  260.514985][ T1417] 
[  260.515788][ T1417] The buggy address belongs to the object at ffff888012b87000
[  260.515788][ T1417]  which belongs to the cache kmalloc-cg-2k of size 2048
[  260.520192][ T1417] The buggy address is located 32 bytes inside of
[  260.520192][ T1417]  freed 2048-byte region [ffff888012b87000, ffff888012b87800)
[  260.524582][ T1417] 
[  260.525385][ T1417] The buggy address belongs to the physical page:
[  260.527515][ T1417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12b80
[  260.530356][ T1417] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  260.533151][ T1417] memcg:ffff88801b211001
[  260.534559][ T1417] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  260.537176][ T1417] page_type: f5(slab)
[  260.538523][ T1417] raw: 00fff00000000040 ffff88801b44c140 0000000000000000 dead000000000001
[  260.541315][ T1417] raw: 0000000000000000 0000000000080008 00000000f5000000 ffff88801b211001
[  260.544096][ T1417] head: 00fff00000000040 ffff88801b44c140 0000000000000000 dead000000000001
[  260.546940][ T1417] head: 0000000000000000 0000000000080008 00000000f5000000 ffff88801b211001
[  260.549882][ T1417] head: 00fff00000000003 ffffea00004ae001 00000000ffffffff 00000000ffffffff
[  260.552708][ T1417] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  260.555528][ T1417] page dumped because: kasan: bad access detected
[  260.557764][ T1417] page_owner tracks the page as allocated
[  260.559624][ T1417] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 7849, tgid 7844 (syz.2.471), ts 154976547080, free_ts 138771884871
[  260.566443][ T1417]  post_alloc_hook+0x1c0/0x230
[  260.568043][ T1417]  get_page_from_freelist+0x10a3/0x3a30
[  260.569870][ T1417]  __alloc_frozen_pages_noprof+0x25f/0x2470
[  260.571814][ T1417]  alloc_pages_mpol+0x1fb/0x550
[  260.573387][ T1417]  new_slab+0x24a/0x360
[  260.574775][ T1417]  ___slab_alloc+0xd79/0x1a50
[  260.576330][ T1417]  __slab_alloc.constprop.0+0x63/0x110
[  260.578189][ T1417]  __kmalloc_node_track_caller_noprof+0x4db/0x8a0
[  260.580288][ T1417]  kmemdup_noprof+0x29/0x60
[  260.581806][ T1417]  neigh_sysctl_register+0xb2/0x670
[  260.583522][ T1417]  devinet_sysctl_register+0xb6/0x200
[  260.585307][ T1417]  inetdev_init+0x2b8/0x5a0
[  260.586819][ T1417]  inetdev_event+0xc5f/0x18a0
[  260.588390][ T1417]  notifier_call_chain+0xbc/0x410
[  260.590084][ T1417]  call_netdevice_notifiers_info+0xbe/0x140
[  260.592034][ T1417]  register_netdevice+0x182e/0x2270
[  260.593793][ T1417] page last free pid 7556 tgid 7555 stack trace:
[  260.595865][ T1417]  __free_frozen_pages+0x7df/0x1160
[  260.597710][ T1417]  __put_partials+0x130/0x170
[  260.599377][ T1417]  qlist_free_all+0x4d/0x120
[  260.600961][ T1417]  kasan_quarantine_reduce+0x195/0x1e0
[  260.602821][ T1417]  __kasan_slab_alloc+0x69/0x90
[  260.604505][ T1417]  kmem_cache_alloc_lru_noprof+0x254/0x6e0
[  260.606445][ T1417]  alloc_inode+0x64/0x240
[  260.607927][ T1417]  new_inode+0x22/0x1c0
[  260.609337][ T1417]  __debugfs_create_file+0x11c/0x6b0
[  260.611069][ T1417]  debugfs_create_file_full+0x41/0x60
[  260.612909][ T1417]  kvm_dev_ioctl+0x1708/0x1a80
[  260.614487][ T1417]  __ia32_compat_sys_ioctl+0x242/0x370
[  260.616223][ T1417]  __do_fast_syscall_32+0x7c/0x300
[  260.617936][ T1417]  do_fast_syscall_32+0x32/0x80
[  260.619526][ T1417]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  260.621638][ T1417] 
[  260.622449][ T1417] Memory state around the buggy address:
[  260.624284][ T1417]  ffff888012b86f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  260.626919][ T1417]  ffff888012b86f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  260.629575][ T1417] >ffff888012b87000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  260.632161][ T1417]                                ^
[  260.633879][ T1417]  ffff888012b87080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  260.636577][ T1417]  ffff888012b87100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  260.639339][ T1417] ==================================================================
[  260.642263][ T1417] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  260.644622][ T1417] CPU: 3 UID: 0 PID: 1417 Comm: aoe_tx0 Not tainted syzkaller #0 PREEMPT(full) 
[  260.647563][ T1417] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  260.651060][ T1417] Call Trace:
[  260.652180][ T1417]  <TASK>
[  260.653198][ T1417]  dump_stack_lvl+0x3d/0x1f0
[  260.654733][ T1417]  vpanic+0x640/0x6f0
[  260.656065][ T1417]  panic+0xca/0xd0
[  260.657395][ T1417]  ? __pfx_panic+0x10/0x10
[  260.658893][ T1417]  ? check_panic_on_warn+0x1f/0xb0
[  260.660601][ T1417]  check_panic_on_warn+0xab/0xb0
[  260.662190][ T1417]  end_report+0x107/0x170
[  260.663616][ T1417]  kasan_report+0xee/0x110
[  260.665110][ T1417]  ? tty_write_room+0x7d/0x90
[  260.666700][ T1417]  tty_write_room+0x7d/0x90
[  260.668219][ T1417]  handle_tx+0x14f/0x630
[  260.669739][ T1417]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  260.671651][ T1417]  dev_hard_start_xmit+0x97/0x740
[  260.673341][ T1417]  __dev_queue_xmit+0xa46/0x4490
[  260.674951][ T1417]  ? lockdep_hardirqs_on+0x7c/0x110
[  260.676699][ T1417]  ? finish_task_switch.isra.0+0x221/0xc10
[  260.678666][ T1417]  ? rcu_is_watching+0x12/0xc0
[  260.680278][ T1417]  ? __pfx___dev_queue_xmit+0x10/0x10
[  260.682136][ T1417]  ? __schedule+0x11a3/0x5de0
[  260.683764][ T1417]  ? __lock_acquire+0xb8a/0x1c90
[  260.685421][ T1417]  ? __lock_acquire+0xb8a/0x1c90
[  260.687095][ T1417]  ? do_raw_spin_lock+0x12c/0x2b0
[  260.688787][ T1417]  ? rcu_is_watching+0x12/0xc0
[  260.690381][ T1417]  tx+0xcc/0x190
[  260.691570][ T1417]  ? __pfx_tx+0x10/0x10
[  260.692941][ T1417]  kthread+0x1e4/0x3e0
[  260.694266][ T1417]  ? find_held_lock+0x2b/0x80
[  260.695819][ T1417]  ? __pfx_kthread+0x10/0x10
[  260.697410][ T1417]  ? __pfx_default_wake_function+0x10/0x10
[  260.699217][ T1417]  ? lockdep_hardirqs_on+0x7c/0x110
[  260.700964][ T1417]  ? __kthread_parkme+0x19e/0x250
[  260.702642][ T1417]  ? __pfx_kthread+0x10/0x10
[  260.704187][ T1417]  kthread+0x3c5/0x780
[  260.705579][ T1417]  ? __pfx_kthread+0x10/0x10
[  260.707168][ T1417]  ? rcu_is_watching+0x12/0xc0
[  260.708780][ T1417]  ? __pfx_kthread+0x10/0x10
[  260.710330][ T1417]  ret_from_fork+0x675/0x7d0
[  260.711878][ T1417]  ? __pfx_kthread+0x10/0x10
[  260.713443][ T1417]  ret_from_fork_asm+0x1a/0x30
[  260.715021][ T1417]  </TASK>
[  260.716834][ T1417] Kernel Offset: disabled
[  260.718252][ T1417] Rebooting in 86400 seconds..

VM DIAGNOSIS:
08:54:59  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000391b75 RBX=0000000000000000 RCX=ffffffff8b5d92a9 RDX=0000000000000000
RSI=ffffffff8da2917b RDI=ffffffff8bf078c0 RBP=fffffbfff1c12f40 RSP=ffffffff8e007df8
R8 =0000000000000001 R9 =ffffed1005646655 R10=ffff88802b2332ab R11=0000000000000001
R12=0000000000000000 R13=ffffffff8e097a00 R14=ffffffff90824ad0 R15=0000000000000000
RIP=ffffffff8b5d7d5f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809780d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000804b9000 CR3=0000000057a93000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000005504a5 RBX=0000000000000001 RCX=ffffffff8b5d92a9 RDX=0000000000000000
RSI=ffffffff8da2917b RDI=ffffffff8bf078c0 RBP=ffffed1003b5e490 RSP=ffffc9000046fde8
R8 =0000000000000001 R9 =ffffed1005666655 R10=ffff88802b3332ab R11=0000000000000001
R12=0000000000000001 R13=ffff88801daf2480 R14=ffffffff90824ad0 R15=0000000000000000
RIP=ffffffff8b5d7d5f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809790d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002fc24220 CR3=0000000053b1f000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=0000000000000004 RCX=ffffffff84aab196 RDX=ffff88802acbc900
RSI=0000000000000004 RDI=0000000000000005 RBP=ffffc900033df2f0 RSP=ffffc900033df1b0
R8 =0000000000000005 R9 =0000000000000004 R10=0000000000000001 R11=0000000000000001
R12=1ffff9200067be40 R13=ffff88805939fb18 R14=0000000000000001 R15=ffffffff8bf0a251
RIP=ffffffff81bc5111 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f87ecf62300 ffffffff 00c00000
GS =0000 ffff888097a0d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000055e9aaff1000 CR3=0000000049426000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12 0000003000000012 0004000000080024 0000000000280034
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000003e7 0000001800000000 0000000000000000 0000000000000015
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f01ffffffffffff ffffe7080280032a 000008a600000004 0000000100000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 060110b40108001a f80320808010001a e8030910001ad803 02cc9008001ad003
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 048208001ac80304 808204001ac00300 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ffffffffffffffff bf081a8003000400
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 048080808081aa84 080002800201c708 00080049e0003062 6c6c756e2f766564
ZMM24=dad575d4dad575d4 dad575d4dad575d4 dad575d4dad575d4 dad575d4dad575d4 dad575d4dad575d4 dad575d4dad575d4 dad575d4dad575d4 dad575d4dad575d4
ZMM25=51cc9f1c51cc9f1c 51cc9f1c51cc9f1c 51cc9f1c51cc9f1c 51cc9f1c51cc9f1c 51cc9f1c51cc9f1c 51cc9f1c51cc9f1c 51cc9f1c51cc9f1c 51cc9f1c51cc9f1c
ZMM26=7dc4fbd07dc4fbd0 7dc4fbd07dc4fbd0 7dc4fbd07dc4fbd0 7dc4fbd07dc4fbd0 7dc4fbd07dc4fbd0 7dc4fbd07dc4fbd0 7dc4fbd07dc4fbd0 7dc4fbd07dc4fbd0
ZMM27=5ca96d2c5ca96d2c 5ca96d2c5ca96d2c 5ca96d2c5ca96d2c 5ca96d2c5ca96d2c 5ca96d2c5ca96d2c 5ca96d2c5ca96d2c 5ca96d2c5ca96d2c 5ca96d2c5ca96d2c
ZMM28=000000300000002f 0000002e0000002d 0000002c0000002b 0000002a00000029 0000002800000027 0000002600000025 0000002400000023 0000002200000021
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=3a0800003a080000 3a0800003a080000 3a0800003a080000 3a0800003a080000 3a0800003a080000 3a0800003a080000 3a0800003a080000 3a0800003a080000
info registers vcpu 3

CPU#3
RAX=0000000000000037 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85269d55 RDI=ffffffff9adc5de0 RBP=ffffffff9adc5da0 RSP=ffffc9000776f428
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552
R12=0000000000000000 R13=0000000000000037 R14=ffffffff9adc5da0 R15=ffffffff85269cf0
RIP=ffffffff85269d7f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097b0d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f73e9154 CR3=00000000652eb000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000