last executing test programs:

13.248096572s ago: executing program 1 (id=873):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtfilter={0x94, 0x2c, 0xd27, 0x170bd2c, 0x2, {0x0, 0x0, 0x0, r4, {0xb, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1a29d}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x2, 0x7f, 0xffffffffffffffff, 0xc9d, 0xd155}, 0x5f}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0x4894}, 0x2)
close(r2)
socket(0x40000000015, 0x5, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r5, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r5, &(0x7f0000000280)={&(0x7f0000000440)=@xdp={0x2c, 0x0, r4, 0x42}, 0x80, &(0x7f0000003300)=[{&(0x7f00000001c0)="27030200dc0f14000e0000000024c10200000084125ce882cbf400930bf4533f00429c65112a093bbf60b85bcb06", 0x2e}], 0x1}, 0x4005)

7.489310671s ago: executing program 1 (id=879):
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000000)={r1, 0x0, 0x4, 0x0, 0x1000000000000})
syz_genetlink_get_family_id$gtp(&(0x7f0000000200), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x4)
r2 = socket(0x8, 0x6, 0x0)
sendmsg$nl_route_sched_retired(r2, &(0x7f0000000680)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000640)={&(0x7f0000000480)=@delqdisc={0x158, 0x25, 0x92a, 0x70bf2a, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xfff6, 0xffe0}, {0x2, 0xf}, {0x2, 0x5}}, [@q_dsmark={{0xb}, {0xc, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x6}]}}, @q_dsmark={{0xb}, {0x24, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x5}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x3}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x11}]}}, @q_dsmark={{0xb}, {0x28, 0x2, [@TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x8001}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x9}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x100}]}}, @q_dsmark={{0xb}, {0x30, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x7}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x1}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x10}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x20}]}}, @q_dsmark={{0xb}, {0x3c, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x9}, @TCA_DSMARK_INDICES={0x6}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x40}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x20}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x7}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0xe}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x13}]}}, @q_dsmark={{0xb}, {0xc, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x6}]}}, @q_dsmark={{0xb}, {0x10, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x9}, @TCA_DSMARK_SET_TC_INDEX={0x4}]}}]}, 0x158}, 0x1, 0x0, 0x0, 0x800}, 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r2)
add_key$user(&(0x7f00000000c0), &(0x7f0000000240)={'syz', 0x0}, &(0x7f0000000380)="7ccd08", 0x3, 0xfffffffffffffffc)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=@newtaction={0x10c8, 0x30, 0x200, 0x0, 0x0, {}, [{0x10b4, 0x1, [@m_tunnel_key={0x1068, 0x1e, 0x0, 0x0, {{0xf}, {0x38, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @mcast1}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @remote}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @local}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @remote}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @local}]}, {0x1004, 0x6, "fee31a95ba2838c7845c1149e9642259acf7620410ab8b597fcfb24a33fb84e0700d5a97e9c6cbefb26e11b98d4209d22ab1b6b2b4e2c8fd1a8ad2b470db84f345a34fdf3abd5941956b98e727a1a98c059eb515f97973984dbbed3d164cbcb5bad9aed27f025bae7d8d5ae12ef5a8674d7e987b3e39a31097df55b2c22ac8a7fded9df824345006c05c7a494b3aa7bbdba1290c785f51eed4fbc00522e9036c1e7c9f05cc65925582015a4c92e2671d1cb25c491fb83106373a00774ffacbe7bdd74600ee1e31bb462ab55d53ec3a7ac61a82e11a378ab1467b2158f07f852ba350db67ad70ebef826e5a0cc8fb6ee73cbf653834b638b84c65ee6c5c7d1ae01774de9d5b6805ea370d5e81992a0487b6a806eceaffdaceb125c9eaba7a8ab88758d15491ca7bd2c4f97e0ba79b453a518b2b3efe45c0f9c4d6a2c1ccc28f797e251b2263bd05d47758501cd396869ecd784a04ba45a68fd2afc218c2a65e97c29bf14093b1491618de13f34d1c93320091abfcc3b046588fdc9b39c086fe9a8978bcaf93c8f8a37f0b7b66ddece04050c7bbd740f2292688e3d0837e1d5b69abff92f2179ece8ffa96ed17e1380680cf5c32b6f8dbaed46b17f384fdd81942b051de2912735d26da361cfc2967596d108d8b5181bd7891013e97e2550b2c5c14dfc3c51635b24288864a72860c2d44251e844ac6c39dae880049e5ebfc3b66903dfdafedd4fb2e6212ef44aa5bf4cc9201c3212fe9f17bbaf9b02155d8f2cbbf7f877656062328aaf058d75882a7c0030908b12799786e8638d776e247dc77a82e266177ee3e20f9ebac4e2f929720759e72328e0d31838e1012d42231168482e80d042cf20d2bece4f8ab7de5ff0a8e25a001ec1f0ac8e6ca2946efd1fd043f5a2995c38ea0f9c7a095297bca58284b402a70915bc6122e51c0ec4162df25e3a0a7f5949a33bf9220caf82527a9610860158b6b8a371c4be7d404639deec0597e2eb1b953892b61c5f9227aa64067c149cd1d63b584f40630e9df27f10e565aae85b085d2c339ed7c88e21dfcc607fd3eec3c256823863e488b6c5c8a794bc1c42351af591820afe34ddcc7531a5819ed861d671fdb326963893e3e7642b2a3d901b24061a538a66f57040d8f53b8e54260a2aee1b869a3cc494856deae4a10df71b6221389fbdde144a071512f19370e665a18afa68b85e85709cc4973af94543bcd9a94f86991ec91acff27b8cc2c88d5f80407c1be50b5ceb325079d8662607932cb67f2cfc164d6d0e1350c4f8f6b9827da848764d0696262eb0b43d64e67628e2e972f3d6a7e6e9382c800ad9e2da5613b3b2a066e54398c9f83be6cfdf9a1a93db5a14ffb5fdb2121f7d0ee52057bf16200ac1908fdffbaa87840cadf7df860e55b5903008296c6cb07325f1e1685c6a3aff84c1cbeff060079667207903103daf4f71d1d2c606ca5630a49a7f37b1b2c5d2d8438a3674bb5e195caaaf8179991c446b6688560b2a598e3533f2e2a836fb8f2a7763d52ac0f3aeb6898a90777d7612440efee3ecf558422d36894293879c0c112fc26c6309cadb8c05734bd542f13dd099d752c0264c11506b058756bb78b10b262410ee685f1f2774bb4ff2cfe272f6bafa88c2736ccc7a0906b12a1cc44d6780799dab818beacb57eb5cd0f1619a480507db891f4832bb975c099f19c5f1bbe4d7d5291c4994d8396ab32d154486616ea66ffb7729e8e4d919efb8dc8477d871a24a5cbf31ffb0f497c9a3f8002fa73b99d277b8400a18b0a0aee8abcab6e8754c06ed828ab2d15ffc50c1a60d66e8b6de7b7242eaada6fd31c1c9d8e11104305f130c30a942364c7d6a5356fb6898f4931c5e2f1f548571478157a4f15b94ce6516487a4b4ee3e01c4deb05633f1e023fe206fa9d641e9a784e52cdffbe762887a5a9b5acecfe3988be6d99192e071f549028d83b606d1adde5225730a46466d26b36b78a773b8dfb20ab6cd5cc3b622ba461c75d9a9d8baac56ad0db791d337f8f0e305e416d780022134b4553fb4594c394c0a47d8e3c3e510e5bfbda42a68a78785db6832c00db08e348594c8acabdf2a51b87d657a0b6ba337d81507b7ccb91a24be0f25f1ad0bd0c6f5ba163eebf0f58700006e8b7be1a475c40767cbdd1c001286c8d7eff36d981c22ece9d905c254f1a02958cb43a42748568adddcdfa77456a8ed16d86974c659522f610ca2e11352bbda83766943c708351bcf918d49eb6d5a32c027d40dd8fad6a818b9cf7d18308fd7130d55878a825f4f800e9f220521e90f49497ad887bf20d719058fe9e700fe651777d713a71236bf1618145d94b86f1981b1c9c477e3eab9c0afcccdd959035cfbb3e70a357a6ebf033af47567565661414281c1232e0e31f780c176c8466727b87f6caa3b9bf476673bdb207cd5fac3072f1881393ff99dc742a094aaec46f16ee319831c45c095472beeb9c5af43abf5b12e0a97a25f0881b65f59e050f086b0b65cc0ac9d0acc331ed8c6a90e46adb5ed4048f1ba8e6988b74895aef596b1814cb08c5e347c3daa37565853198aeeacef7776767c90bca1c743de5ee6f5363aa87664028fa0cfb77b3148ad0771b7eaccf20383480a308e892fb4c4706dfcbecb32c39895a644306d7a3d5541dbbded13d262a2eb58cedaeef5574734cbc47f1c65967516d1311a1ef6bfadf19422c9df4d7c4916c9c04f604ad93f86adb7709529df3fc6f9a306a70130557e0ef29afc77c6ba8cae60a0263914e5102d984be8c667ed0329f69480fb1c122214370b500a5283cc2dd4e85d84dead008b0095b50d6ba6ad493fe4356954002294baaa4e952439e9a1844c6ae634d53b88ed83af5e85b8a559f0dbb9af503ce535075e31b97ef461f249808d6a1112b4551f9179d2502db1783294f15fd01b8a5dc9728ffd3ec0e4c945e9551680aa0c96f068b85b1bae4f9197746d805d031cf51b27e8b3472af84ab70ea36c27d0ae07e04265ae9679475072fb6ba62fc74a3845ebb138cae0ba81901e3630ce2ff66a348930b8faaaf87536aab99569adef22e19ce8912cefc746323ebd000a1268cb1898322315847e319852dca936469ab86edf45a201da166f125dd5241961e55521ffef8402481adb2e6e3f493f35ce2076e1c5c04d260eda42fb2369e21c10882caee264b265ba8c43edfcba19961c190cb15f7a854f90660aeeb00342ad037e8f6d9158cb9ea8a9a4be40df4d8b2b9cca2f057082b3c7d651709c307796a40ded86cbdbf419e8d85a855bade7e70c775d4ea9fa0c90264e3f75348609bc617bccac8b131a8480791071d80edb30edb78ba296c3f2bd0d58134ed3c661aef4a3a5d284a860e435c47dd5e6691535165bbdcd83ada05107b0d82a440155255dfcba929c3d97ff5cf72bc7748e84e7b9e4172300a72f763ab516fdee98f34fa3265d8a134c94bb9096fdae6f06ae11831fb6e48a36a65d8fafc02281916da6b496763911083a96805ba07fd7127a5a3ca24335d25126eea1e8b51d6396907301929f93475c3564f73ff561f2e316d4b132510cfc5fadc82e7bdba338d6faa044d48aa2da3eb94c48346cb2efe158c1bcf5198ce55813574d0949cbf755c55eb8c3e8b2f56c5e85ddbd6bd16bb9429aabdb183d911e5fc146bdc0b70a3a5be7730d0c125c15a0b9d9653275de88862c501c251a42af4c042505c57a570de417b9da3b3a001c7b9817fd33ccfd240246e3fc01d68b029dc2d77f450a40f87cca8b35ec36a0d4db51ca3a44ca8a141cdf82276e4a90dbfe7bc8a2e181ddf539917daa4cd07e1c567f08d229847e4c9c1044be4d453e5a778d0547a5a01a97d65c1964621b9221afedae01aa2cc9b159b8dffa822772dce9f5181079d6b0a64271c5702b74edccfc1f63d7936fb2cd448095e22e8824734bfdaa2a7db262fcf57fa0c9cb832f12e32cfac7cdb84d6e1d9459b2b3cf45dc18d0bc5a9241d709423d17def50810e8a02d337c788914378b937e2ea5ae7343936c5f1fb98e3a4ed55322d88afba143831a4d8aabbd7223d078017fbf6c8de264311fe454e27821368aabdf8ab7720e4df5adcac3065aa5980fb4830a41ab82d0426f686ed0fd75bba754d183ccb2801c859a3104a1b828e08941e9849630ac64019f0aaf795193d17e5a4ed4f95daa5f7ff5d913ba8fb9262748094ce39371da63d71b21fd4adffa90b3e991d2ee9e3fad52831d8b0a30ccedb7d631e5c93273b79e862cef2d1ed6b7b59a8c1e650adb46ec43d8ee65358dfb56dd932c1b1c4236d47ad58107a61ce8a6f36d42d4b92fdb93a8d8edb8100e799f56ae56bad57073dbbaea4f49bb15d22acfecc4d88073992b5cda6a5451637ee05a13c75a37d64216e899dc20a5ab8c261ec2ec0aa9a78bac5581ab725122878574e4865a4e0cb295282ee3936cc4144c8b2299aa462eac668c9644c4d0e2f27fc46c700f86669bfff796bb5b1f0350d39c36ffad0907ad00da3ada8a3f1066836d0e14ea114163435ae90fdb130f53974efce1abd1663e67d17f8d01d7c0219b806916a9aaae8584bb546bc774d0df0284444d000f09f1610be81f224d26de8cb5c01cd48c60172c978e5e8487fa5823a40cd2baa4843df1e351b6034afd59de23e41cf96386a4e8cec4b5e49ec60ba6a3ad1248719c4a09fefe53cda3b660a6f439ab9c4c4634233948f3848f6c27dd017141776ac31e7585e6b301a273f4ccadf75fa0c1758baaa4328b1096c329ef0cce019456573a19aa574ba96525406f55a6e66055a652b52a08e3a867d0c25051f813993e7a067a63e07b51b0011dc6005a6775c316ea07f8ce6d4d060efad075cd7d59b0b399177780aaf2e6b2817f794ba943417567cdb96974285f92333e0d68b0586e2c8eeeee185b33ab8b11d356ba89c310028522bbb4f7af38616b012537db25f6a05c5048c1ae105f8485630cc6efcfd052785ad0dce594ddf47aaf0f82729cf111fb493139468664113c41a83b3d7e1ea52347a05ca24ad4c958a8b21d42c759e37b7efc88546f0ac50f15f287408323d573662bfb4933c8346a4a37c6274adcf999b841c45323517c24fe0fe73a74eb2161a5a17414d1d859288e59cb5d697c0762ce829297c09e921a068339ea1ed78d2bb5ee2c5ff1c54dcc34dc977aa08f313afa8d17c1f3b7e16f18ffa7b2e909b255c064b32a3667822cedb3c433e7e95c4247e16223bfb085ef55e43d27b42ff2ca81b053a1509d73d99f41655552eacc22bd4e65dbc64be718a72294c3fe6521c2b61cd2abc8f7bfd89cf5ef65cff2bc6912b9ff79c7922ae1306d9647618b929f53e6031dce13b05822990b74f8d77e525394aa6625a54377e7be246c84dd5455563240145a96b7a88a3d89e60ee45c0df5c62e5d7a0af664d911c9c6ec75de6737d2684fc840eac793593f87508d14377f4e4a1d965aa7c1200b549bb3aaf3263046a049db1ea9a0c80be1a1def8291244f658785fcf31384c7375c5c0ef21f0309338763586aa38bdb495825cba21972ab342f902a825f4c06d8734c7e7c4557343819c505fdfbe718a401f1cac2727dba718b4cdaa5c4fd9e41265f45d7406e6796c73ba83da74fb24e5d17e0b6a0b75d9fcfc0676dee22e4528c5abf83c814cc5310e43970d38699f362d02796b9b259798245cc91486d8f75c6528e6ddc461e0274d80d68cfb57fdebeff71525a916d491f60481952fd16d424fb56e3f4b0cbc09d3c6b7d88285506e7ddbb06c42446e8e73c0e5a78bff45c64df6"}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_ife={0x48, 0x0, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x10c8}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0)
r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r6, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c0000002000010000000000000000000220000000000000000000000500190002000000080009000000000008000b0005000000080017004e214e22080001"], 0x5c}}, 0x0)

6.835225297s ago: executing program 2 (id=884):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockname$unix(r1, &(0x7f0000000400)=@abs, &(0x7f00000004c0)=0x6e)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000300)=0x48)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x80400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f0000000180)={'pcl812\x00', [0x5, 0xf, 0xd0, 0x2, 0x5, 0x100, 0x3, 0x20000000, 0x8, 0xb, 0x0, 0x7, 0x1, 0x401, 0x10001, 0x1, 0x0, 0x8, 0xfe9, 0x401, 0x7, 0x2, 0x7, 0x9, 0x48, 0x9, 0x7, 0x6a77, 0x5, 0x7, 0x8]})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0b0000001f0000000200000022bf000001000000", @ANYRES32, @ANYBLOB="08000000dd0000000000000000c8d0", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r5 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r5, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e20, @local}}, 0x80, 0x0, 0x0, &(0x7f0000001240)}, 0x40)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000400), 0x401, r4, 0x0, 0xa002a0}, 0x38)
syz_80211_inject_frame(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="50000000080211000001080211000000505050505050000000000000000000000004010000060202020202"], 0x36)

6.247366388s ago: executing program 3 (id=887):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, &(0x7f0000000080))
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0xa8301, 0x0)
ioctl$FBIOPUT_CON2FBMAP(r1, 0x4610, &(0x7f00000001c0)={0x2e})
socket$pppl2tp(0x18, 0x1, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'veth0\x00', <r4=>0x0})
setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000180)=0x19ca, 0x4)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r3, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, 0x0, 0x400c010)
socket$nl_route(0x10, 0x3, 0x0)
r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
add_key$fscrypt_provisioning(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
ioctl$sock_ifreq(r6, 0x8910, &(0x7f0000000000)={'dvmrp0\x00', @ifru_ivalue=0x7})
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0)
pselect6(0x40, &(0x7f0000000240)={0xfffffffffffffffc, 0x0, 0x1ff, 0x7d, 0xf, 0x8000, 0x4, 0x1}, 0x0, &(0x7f0000000140)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x40000000004, 0xf, 0x80000006}, 0x0, 0x0)
syz_open_dev$video4linux(&(0x7f0000001380), 0x5, 0x0)

5.26478189s ago: executing program 3 (id=892):
r0 = fsopen(&(0x7f0000000040)='hpfs\x00', 0x1)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000080)='nomand\x00', 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NLBL_MGMT_C_REMOVEDEF(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x4c, r2, 0x132, 0x70bd2b, 0x25dfdbfe, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @loopback}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @private=0xa010102}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @private1}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @loopback}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x10)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2, 0x1010, r0, 0xe49d5000)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r5=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {0x1}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0xfffffffb}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x58}}, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r7 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r8, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7})
ioctl$sock_netdev_private(r8, 0x8943, &(0x7f0000000000))
connect$x25(r7, &(0x7f0000000a80), 0x12)
sendmsg$NL80211_CMD_NEW_KEY(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010829bd7000000000000b00000008000300", @ANYRES32=r5, @ANYBLOB="60005080110001004abee339084eeef16f162471f4000000080003000cac0f00050002"], 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x0)

5.100373425s ago: executing program 2 (id=893):
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[], 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async, rerun: 32)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) (async, rerun: 32)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0xc0105b08, &(0x7f0000000040))

5.099625303s ago: executing program 1 (id=895):
openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x40}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000280), 0x46ac01, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
r4 = syz_open_dev$dri(0x0, 0x1ff, 0x80800)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r4, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f0000000340)})
mount(&(0x7f00000001c0)=@sr0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000200)='ext2\x00', 0x21000d, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x24}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0xe}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0xf, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r5, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe)
setsockopt$bt_BT_SECURITY(r5, 0x112, 0x4, &(0x7f0000000280)={0x3, 0x6}, 0x2)
connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)

4.845046788s ago: executing program 3 (id=896):
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, 0x9, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x4008080)
socket$inet_smc(0x2b, 0x1, 0x0)
r0 = syz_open_procfs(0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) (async)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) (async)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
read$char_usb(0xffffffffffffffff, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="850000002f000000840000000000000095000000000000008560fc2b2062f611fc2f864ef177d634e46e8dcfe61b4fb9f600344d592fee49e176fe6ad28fbcb1f9259bfc63e9030971917e30b6f42e8f9dd6ab0ce07312a135cd363aa7e5bcef8fd0e8c7d2082584156c52ebfd69e8e13b7a8b477abc86468e11b6242133ce882f05e16b91c37b3437347f6058b4489c759783b9d4dfb55d0085a26e41201a6d8c8ced33e10048e756a40538b32bf653fa3c831a4e60599ed7a0f999d18de9984522a7cdb6fc30015633a0132c9578b7da5bd7280a5f7e28fd858ba712020b23ef8a2785b6c146c48b48ca7e232d0489661396e9303b38aa5d26d06e2e676795fd2733f95da570bab301000000ffffffff2a2792a630d8fcdc"], &(0x7f0000000180)='GPL\x00'}, 0x48)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000a00)=r5, 0x4) (async)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000a00)=r5, 0x4)
getsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f00000001c0)={@multicast1, @dev, <r7=>0x0}, &(0x7f0000000240)=0xc)
sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000a40)=ANY=[@ANYBLOB="28030000280013070300000000000000ac1414aa000000000000000000000000fe8000000000000000000000000300bb00000000000000f9ffffffff83000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="2001000000000000000000000000000100000000320000007f00000100000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000e0000600ac1414aa000000000000000000000000fe8800000000000000000000000001014e2300004e210006020080a001000000", @ANYRES32=r7, @ANYRES32=0x0, @ANYBLOB="fc020000000000000000000000000000000004d6000000000a01010100000000000000000000000000080000000000000900000000000000ba0f00000000000000800000000000000300000000000000f8ffffffffffffff0900000000000000c02700000000000009000000000000000900000000000000010000000000000008000000000000000700000080000000030000002cbd7000073500000a00018e0200000008001800ac0000001c000400feff4e244e200000ffffffff0000000000000000000000000c00150059073500040000002a010200636861636861323000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001007000094fa6abbe01a7195027e799b261269ca21dd5ca26324917f0f1e0534f8920970dff206d552439b5babc2e4bf0b9e5b83581db64cc2a5840b9b35d32dec2d5e86570506a5933eeaa3cc102f5b3abce629d683ab646691ab197e2fdb16a6e9da86945ff000f8ef0236aca83b9e8ab86d1fbe185e79021f7fe8fc1a938426dc7fe68f3def07ad5449f98b2feb6e2345fc074f7e8f0e7412de7af59d74fc6822a73aaa418eb26b915fe6e914a9c633a4fa71e242deb9c92ee0a26f001cf00e04d263bda46e37e3e549eff6d15da6ca6acd1b0c2f7a5560329eb2294c3cf3dd572d8d7bed0000"], 0x328}}, 0x8000)
ioctl$KVM_NMI(r3, 0xae9a)
r8 = getpid()
syz_pidfd_open(r8, 0x0) (async)
r9 = syz_pidfd_open(r8, 0x0)
setns(r9, 0x24020000) (async)
setns(r9, 0x24020000)
mount$9p_xen(0x0, &(0x7f0000000300)='.\x00', 0x0, 0x44000, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_STATUS32(0xffffffffffffffff, 0xc0245720, &(0x7f0000000080)={0x1})

3.819104578s ago: executing program 0 (id=898):
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000340)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r1, 0x7b1, &(0x7f0000000040)={0x0, 0x3, 0x0, 0xff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newqdisc={0x38, 0x24, 0x400, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r2, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4c840)
r3 = openat$vcsa(0xffffff9c, &(0x7f0000000180), 0x10000, 0x0)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000240), r0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x4)
pipe2(&(0x7f0000000740)={<r6=>0xffffffffffffffff}, 0x80080)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={&(0x7f0000000400)="dc1338a9c398312f6dcc0a46035baf0539ea441bebd003b2eb9a4fdaf5b5e6ea23312e436d78e376f5cd8219a9a493cd", &(0x7f0000000440)=""/185, &(0x7f0000000600)="02fc22093418c88e967e633801bedad3666706909a06248cd9df7712614534e17924afe11e4c633d5b07ca862d13dfe357b803e113437f517296843472a915dd408533a291d86cb821aa598907bf04494c4ee1956619bbda7fa2d7bcf2fba2774d3445bf97c3904acbe7356652c823fcad940b07bfa8373b00d44fef816d6d3b14b32be78c4d060bc5fc09ea9bc4de6cae161ad8d02f4984c72da9", &(0x7f00000006c0)="9eb8df325009dc880ff3400305ca87cb89dae1bc616b65a45729466aa2acaa9b8d8a7e52938ba84e4d4324ce82bfebeb83bed1270c8bb41034efc693ac3fefbec6a085505b2ae081c57143786963601de8565ef256c8cbb6adcc0ff28f6fde012b533e84819b8a78c1929e73bf818846", 0x82a1, r6, 0x4}, 0x38)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
ioctl$KVM_X86_SET_MCE(r8, 0x4040ae9e, &(0x7f00000002c0)={0xe400000000000000, 0x5000, 0xfffffffffffffffd})
ioctl$KVM_X86_SET_MCE(r8, 0x4040ae9e, &(0x7f0000000140)={0xd200000000000000, 0x58000, 0x5, 0x3})
sendmsg$IPVS_CMD_GET_DAEMON(r3, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x80, r4, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x50, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xfffffffe}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wrr\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x5}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e24}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x200080e1}, 0x800)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000008c0)=@newtfilter={0xdc, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xb, 0xfff3}, {0x0, 0xfff3}, {0xd, 0x4}}, [@filter_kind_options=@f_basic={{0xa}, {0xac, 0x2, [@TCA_BASIC_EMATCHES={0x98, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x74, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x2, 0x8, 0x4cbf}, {0xffffffffffffffff, 0x1, 0x1}}}, @TCF_EM_IPT={0x50, 0x2, 0x0, 0x0, {{0x3ff, 0x9, 0x92}, [@TCA_EM_IPT_MATCH_DATA={0x44, 0x5, "9b9cd2c9b5296dbef8b1474bd5ee4b3013e8d6196276b8a4c189a6897b210955ae8f0372cfb0d59f1832672639e1a7b52c9dc52ce50349c246e857ed2f1fb5ea"}]}}, @TCF_EM_NBYTE={0x10, 0x3, 0x0, 0x0, {{0x9, 0x2, 0x23}, {0x40, 0x0, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_META={0x1c, 0x1, 0x0, 0x0, {{0xfff9, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0xe, 0x1}, {0x0, 0xc0, 0x2}}}, @TCA_EM_META_RVALUE={0x4}]}}]}]}, @TCA_BASIC_CLASSID={0x8, 0x1, {0x6, 0xe}}, @TCA_BASIC_CLASSID={0x8, 0x1, {0x9, 0x7}}]}}]}, 0xdc}, 0x1, 0x0, 0x0, 0x20041090}, 0x0)
lsetxattr$security_ima(&(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040), &(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00'], 0x9, 0x0)
openat$vga_arbiter(0xffffff9c, &(0x7f00000000c0), 0x80, 0x0)

3.710423381s ago: executing program 3 (id=899):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000000ffffe0038000000380000000300000001000000000000010000000000000000000000000000000105000000100000000000000000000003000000000100000002"], 0x0, 0x53}, 0x28)

3.659853267s ago: executing program 3 (id=900):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfbffffff, {0x0, 0x0, 0x0, r4, {0x8, 0x1}, {0xffff, 0xffff}, {0xfff3, 0xb}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_AUTORATE={0x8}]}}]}, 0x3c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000700)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0xffff, 0x5}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x8, 0x7, 0x0, 0xa, 0x3}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}}, 0x800)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
clock_gettime(0x0, &(0x7f00000099c0)={<r6=>0x0, <r7=>0x0})
recvmmsg(r1, &(0x7f00000098c0)=[{{&(0x7f0000000180)=@nl, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000440)=""/173, 0xad}, {&(0x7f00000007c0)=""/219, 0xdb}, {&(0x7f00000008c0)=""/112, 0x70}, {&(0x7f0000000980)=""/51, 0x33}, {&(0x7f00000009c0)=""/120, 0x78}, {&(0x7f0000000a40)=""/25, 0x19}, {&(0x7f0000000a80)=""/44, 0x2c}, {&(0x7f0000000ac0)=""/172, 0xac}, {&(0x7f0000000b80)=""/248, 0xf8}], 0x9}, 0x7}, {{&(0x7f0000000d00)=@sco={0x1f, @none}, 0x80, &(0x7f00000032c0)=[{&(0x7f0000000d80)=""/29, 0x1d}, {&(0x7f0000000dc0)=""/9, 0x9}, {&(0x7f00000022c0)=""/4096, 0x1000}], 0x3, &(0x7f0000003300)=""/8, 0x8}, 0x2}, {{0x0, 0x0, &(0x7f00000057c0)=[{&(0x7f0000003340)=""/4096, 0x1000}, {&(0x7f0000004340)=""/250, 0xfa}, {&(0x7f0000004440)=""/88, 0x58}, {&(0x7f00000044c0)=""/170, 0xaa}, {&(0x7f0000004580)=""/194, 0xc2}, {&(0x7f0000004680)=""/241, 0xf1}, {&(0x7f0000004780)=""/4096, 0x1000}, {&(0x7f0000005780)=""/23, 0x17}], 0x8}}, {{&(0x7f0000005800)=@sco, 0x80, &(0x7f0000008c00)=[{&(0x7f0000005880)=""/155, 0x9b}, {&(0x7f0000005940)=""/247, 0xf7}, {&(0x7f0000005a40)=""/4096, 0x1000}, {&(0x7f0000006a40)=""/4096, 0x1000}, {&(0x7f0000007a40)}, {&(0x7f0000007a80)=""/4096, 0x1000}, {&(0x7f0000008a80)=""/208, 0xd0}, {&(0x7f0000008b80)=""/122, 0x7a}], 0x8, &(0x7f0000008c40)=""/106, 0x6a}, 0x1000}, {{0x0, 0x0, &(0x7f0000008dc0)=[{&(0x7f0000008cc0)=""/66, 0x42}, {&(0x7f0000008d40)=""/110, 0x6e}], 0x2, &(0x7f0000008e00)=""/71, 0x47}, 0x9}, {{&(0x7f0000008e80)=@x25, 0x80, &(0x7f0000009180)=[{&(0x7f0000008f00)=""/192, 0xc0}, {&(0x7f0000008fc0)=""/77, 0x4d}, {&(0x7f0000009040)=""/12, 0xc}, {&(0x7f0000009080)=""/254, 0xfe}], 0x4, &(0x7f00000091c0)=""/100, 0x64}, 0x1ff}, {{&(0x7f0000009240)=@isdn, 0x80, &(0x7f0000009340)=[{&(0x7f00000092c0)=""/81, 0x51}], 0x1, &(0x7f0000009380)=""/1, 0x1}, 0x100}, {{&(0x7f00000093c0)=@generic, 0x80, &(0x7f0000009840)=[{&(0x7f0000009440)=""/227, 0xe3}, {&(0x7f0000009540)=""/8, 0x8}, {&(0x7f0000009580)=""/76, 0x4c}, {&(0x7f0000009600)=""/10, 0xa}, {&(0x7f0000009640)=""/173, 0xad}, {&(0x7f0000009700)=""/132, 0x84}, {&(0x7f00000097c0)=""/105, 0x69}], 0x7, &(0x7f0000009880)=""/8, 0x8}, 0x6}], 0x8, 0x2100, &(0x7f0000009a00)={r6, r7+10000000})
close(r5)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @broadcast})
r8 = socket$kcm(0x11, 0x3, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0)
openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000140)={0x10881, 0x0, 0x25}, 0x18)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', &(0x7f0000000140)={0x474082, 0x5c, 0x8}, 0x18)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
openat2(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', &(0x7f0000000340)={0xc03, 0x18, 0x14}, 0x18)
sendmsg$kcm(r8, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r9, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000140)='\r', 0x1}], 0x1}, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r10 = openat$ptmx(0xffffff9c, &(0x7f0000000500), 0x6400, 0x0)
ioctl$TIOCSETD(r10, 0x5423, &(0x7f0000000540)=0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
getresgid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080))
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x10, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="ac4a20a51dd3228e1e2a218ed6f3668212307cace120ef4135446815472439273b92"], &(0x7f0000000940)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)

3.558763071s ago: executing program 1 (id=901):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockname$unix(r1, &(0x7f0000000400)=@abs, &(0x7f00000004c0)=0x6e)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000300)=0x48)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x80400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f0000000180)={'pcl812\x00', [0x5, 0xf, 0xd0, 0x2, 0x5, 0x100, 0x3, 0x20000000, 0x8, 0xb, 0x0, 0x7, 0x1, 0x401, 0x10001, 0x1, 0x0, 0x8, 0xfe9, 0x401, 0x7, 0x2, 0x7, 0x9, 0x48, 0x9, 0x7, 0x6a77, 0x5, 0x7, 0x8]})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0b0000001f0000000200000022bf000001000000", @ANYRES32, @ANYBLOB="08000000dd0000000000000000c8d0", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r5 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r5, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e20, @local}}, 0x80, 0x0, 0x0, &(0x7f0000001240)}, 0x40)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000400), 0x401, r4, 0x0, 0xa002a0}, 0x38)
syz_80211_inject_frame(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="50000000080211000001080211000000505050505050000000000000000000000004010000060202020202"], 0x36)

3.305924888s ago: executing program 0 (id=902):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x403, 0x2, 0x0, {0x0, 0x0, 0x4, 0x0, 0x300}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_MULTI_BOOLOPT={0xc, 0x2e, {0x1}}]}}}]}, 0x40}, 0x1, 0xa1, 0x0, 0x4}, 0x8044)

3.2103174s ago: executing program 0 (id=903):
syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000002480)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000003740)={0x0, 0x0, &(0x7f0000003700)={&(0x7f0000000080)={0x54, r2, 0x1, 0x70bd2a, 0x25dfdc00, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x38, 0x33, @deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x1}, {0xd}, @broadcast, @device_a, @from_mac=@broadcast, {0x3, 0x7}}, 0x41, @val={0x8c, 0x18, {0x4f, "a38623f938cd", @long="5221078e3bc0a45327db238f45df1783"}}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x2c04c010)

1.967132984s ago: executing program 1 (id=904):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0, 0xfff3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840)
sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=@newtfilter={0xa0, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x6}, {}, {0xa, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x74, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'vcan0\x00'}, @TCA_U32_SEL={0x54, 0x5, {0xd, 0x7, 0x1, 0x3d3f, 0x11, 0xfff, 0xb70b, 0x58f, [{0xe, 0x1ff, 0x7, 0x8}, {0x867, 0x5, 0x4, 0x9}, {0x9, 0x2, 0x4, 0xffffff00}, {0x10000, 0x80000000, 0x1, 0x6}]}}, @TCA_U32_LINK={0x8}]}}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084)

1.966801502s ago: executing program 2 (id=905):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000040)=0x8002, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x64048005, &(0x7f0000000100)={0xa, 0x4e21, 0x0, @loopback, 0x8001}, 0x1c)
socket$kcm(0x11, 0x3, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x1a, &(0x7f0000000000)=0x6, 0x4)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newlink={0x38, 0x10, 0x403, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD1={0x8, 0x2, @udp6=r4}]}}}]}, 0x38}, 0x1, 0xba01, 0x0, 0x4000050}, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff8000}]})
socket$nl_generic(0x10, 0x3, 0x10)
socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000080)={0xa, 0xe64, 0x6, @loopback, 0x201}, 0x1c)
ioctl$BTRFS_IOC_BALANCE(r6, 0x5000940c, 0x0)
close_range(r5, 0xffffffffffffffff, 0x200000000000000)

519.843833ms ago: executing program 0 (id=906):
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802)
fsetxattr$security_capability(r0, &(0x7f00000000c0), 0x0, 0x0, 0x0) (async)
fsetxattr$security_capability(r0, &(0x7f00000000c0), 0x0, 0x0, 0x0)
io_uring_setup(0x653, &(0x7f0000000000)={0x0, 0x804, 0x4000, 0x4, 0x4000176}) (async)
r1 = io_uring_setup(0x653, &(0x7f0000000000)={0x0, 0x804, 0x4000, 0x4, 0x4000176})
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r1, 0xf, &(0x7f0000000540)={0x1002, 0x0, 0x0, 0x0, 0x28}, 0x20)
r2 = openat$qrtrtun(0xffffff9c, &(0x7f0000000180), 0x40)
mmap$qrtrtun(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2000004, 0x10, r2, 0x6)
r3 = openat$hpet(0xffffff9c, &(0x7f0000000100), 0x5c3300, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x37, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000006880)=[{{0x0, 0x0, &(0x7f0000002ac0)=[{0x0}, {&(0x7f00000015c0)=""/245, 0xf5}], 0x2}, 0xb2}], 0x1, 0x102, 0x0)
r4 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) (async)
connect$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r4, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
recvmmsg(r4, &(0x7f0000001740)=[{{0x0, 0xc4, &(0x7f0000001400)=[{&(0x7f0000000400)=""/4096, 0x10c4}], 0x1}}], 0x4000210, 0x2, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0xd000}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000200), 0x5, 0x86100)
ioctl$LOOP_CHANGE_FD(r5, 0x4c06, 0xffffffffffffffff) (async)
ioctl$LOOP_CHANGE_FD(r5, 0x4c06, 0xffffffffffffffff)
getdents64(r3, &(0x7f0000000140)=""/39, 0x27) (async)
getdents64(r3, &(0x7f0000000140)=""/39, 0x27)

453.435982ms ago: executing program 2 (id=907):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x137b}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x1000000}, 0x40800)

448.654277ms ago: executing program 1 (id=908):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB], 0x0}, 0x94)
r2 = syz_open_dev$loop(0x0, 0x3, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.idle_time\x00', 0x275a, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44004000)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x80, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x50, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x40, 0x2, 0x0, 0x1, [@NFTA_TARGET_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TARGET_INFO={0x2c, 0x3, "7339f2f10455afb9fdd672bad09dfb78c7699c74e891a0c7000000f500"/40}, @NFTA_TARGET_NAME={0x8, 0x1, 'TEE\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa8}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
close(0xffffffffffffffff)
socket(0x400000000010, 0x3, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@multicast, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0xff6f}}}}}}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x400c010)
socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_misc(r3, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r3, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad44afac11d875397bdb22d0000b420a1a93c5240f45f819ef6167d3d458dd4992861ac00", "f4bd00ac6700000000000000000000c2888e7d52164ec480e79200000100", [0x0, 0x2000000000001]}})
ioctl$XFS_IOC_SCRUBV_METADATA(r0, 0xc0285840, &(0x7f0000000000)={0xd22, 0x200, 0x5, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff})
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x4, 0xf, 0x80000006}, 0x0, 0x0)
r6 = syz_open_dev$video4linux(&(0x7f0000001380), 0x5, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r6, 0xc0305602, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1})

390.283076ms ago: executing program 3 (id=909):
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000080)={0x0, 0x300})
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000080)=0xb0000)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280), 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r2}, 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x56, &(0x7f0000000000)={@local, @link_local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, '\x00', 0x20, 0x0, 0x0, @local, @mcast2, {[@hopopts={0x5c, 0x2, '\x00', [@calipso={0x7, 0x8, {0x2, 0x0, 0x8, 0x9f}}, @calipso={0x7, 0x8, {0x1, 0x0, 0x1, 0x4}}]}]}}}}}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r5 = socket(0x10, 0x3, 0x0)
write(r5, &(0x7f0000000240)="1400000052004f7fb3e45f2024d2f1c9fb470000", 0x14)
openat$kvm(0xffffffffffffff9c, 0x0, 0x800, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66)
sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32, @ANYBLOB="36000e008000fc00ffffffffffff08021100000008021100000000000000000000000000640003082503008401710701ffff0000546800003c000e800400010031000200931efb985ae41e347eec3cec1bcc50c51d6cadf120c8186ffce879a0525972369bce61cca9eb62b3029f02bb7600000008000c006400000008000d00fdffffff"], 0xa0}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x6, &(0x7f0000000640)=@framed={{}, [@map_fd={0x18, 0x0, 0x2, 0x0, r2}, @ldst={0x1, 0x0, 0x4}]}, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000100)={@host})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000040)={{@local, 0x200001}, @local, 0x8, 0x6, 0x347, 0x80000004, 0x24b, 0x10001, 0x9})

389.90365ms ago: executing program 0 (id=910):
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000340)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r1, 0x7b1, &(0x7f0000000040)={0x0, 0x3, 0x0, 0xff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newqdisc={0x38, 0x24, 0x400, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r2, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4c840)
r3 = openat$vcsa(0xffffff9c, &(0x7f0000000180), 0x10000, 0x0)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000240), r0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendfile(r0, r3, 0x0, 0x4)
pipe2(&(0x7f0000000740)={<r6=>0xffffffffffffffff}, 0x80080)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={&(0x7f0000000400)="dc1338a9c398312f6dcc0a46035baf0539ea441bebd003b2eb9a4fdaf5b5e6ea23312e436d78e376f5cd8219a9a493cd", &(0x7f0000000440)=""/185, &(0x7f0000000600)="02fc22093418c88e967e633801bedad3666706909a06248cd9df7712614534e17924afe11e4c633d5b07ca862d13dfe357b803e113437f517296843472a915dd408533a291d86cb821aa598907bf04494c4ee1956619bbda7fa2d7bcf2fba2774d3445bf97c3904acbe7356652c823fcad940b07bfa8373b00d44fef816d6d3b14b32be78c4d060bc5fc09ea9bc4de6cae161ad8d02f4984c72da9", &(0x7f00000006c0)="9eb8df325009dc880ff3400305ca87cb89dae1bc616b65a45729466aa2acaa9b8d8a7e52938ba84e4d4324ce82bfebeb83bed1270c8bb41034efc693ac3fefbec6a085505b2ae081c57143786963601de8565ef256c8cbb6adcc0ff28f6fde012b533e84819b8a78c1929e73bf818846", 0x82a1, r6, 0x4}, 0x38)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
ioctl$KVM_X86_SET_MCE(r8, 0x4040ae9e, &(0x7f00000002c0)={0xe400000000000000, 0x5000, 0xfffffffffffffffd})
ioctl$KVM_X86_SET_MCE(r8, 0x4040ae9e, &(0x7f0000000140)={0xd200000000000000, 0x58000, 0x5, 0x3})
sendmsg$IPVS_CMD_GET_DAEMON(r3, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x80, r4, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x50, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xfffffffe}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wrr\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x5}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e24}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x200080e1}, 0x800)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000008c0)=@newtfilter={0xdc, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xb, 0xfff3}, {0x0, 0xfff3}, {0xd, 0x4}}, [@filter_kind_options=@f_basic={{0xa}, {0xac, 0x2, [@TCA_BASIC_EMATCHES={0x98, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x74, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x2, 0x8, 0x4cbf}, {0xffffffffffffffff, 0x1, 0x1}}}, @TCF_EM_IPT={0x50, 0x2, 0x0, 0x0, {{0x3ff, 0x9, 0x92}, [@TCA_EM_IPT_MATCH_DATA={0x44, 0x5, "9b9cd2c9b5296dbef8b1474bd5ee4b3013e8d6196276b8a4c189a6897b210955ae8f0372cfb0d59f1832672639e1a7b52c9dc52ce50349c246e857ed2f1fb5ea"}]}}, @TCF_EM_NBYTE={0x10, 0x3, 0x0, 0x0, {{0x9, 0x2, 0x23}, {0x40, 0x0, 0x2}}}]}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_META={0x1c, 0x1, 0x0, 0x0, {{0xfff9, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0xe, 0x1}, {0x0, 0xc0, 0x2}}}, @TCA_EM_META_RVALUE={0x4}]}}]}]}, @TCA_BASIC_CLASSID={0x8, 0x1, {0x6, 0xe}}, @TCA_BASIC_CLASSID={0x8, 0x1, {0x9, 0x7}}]}}]}, 0xdc}, 0x1, 0x0, 0x0, 0x20041090}, 0x0)
lsetxattr$security_ima(&(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040), &(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00'], 0x9, 0x0)
openat$vga_arbiter(0xffffff9c, &(0x7f00000000c0), 0x80, 0x0)

287.84174ms ago: executing program 2 (id=911):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'wlc\x00', 0x79, 0x4000ffc, 0x4a}, 0x2c)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000007000000000003000000400001802c0004001400010002000000ac1414aa00000000000000001400020002000000e000000200000000000004000d0001007564703a73"], 0x54}}, 0x0)

79.313235ms ago: executing program 2 (id=912):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, &(0x7f0000000080))
socket$pppl2tp(0x18, 0x1, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.idle_time\x00', 0x275a, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth0\x00'})
setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000180)=0x19ca, 0x4)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r2, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0x48, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, 0x0, 0x400c010)
socket$nl_route(0x10, 0x3, 0x0)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r4, 0x8910, &(0x7f0000000000)={'dvmrp0\x00', @ifru_ivalue=0x7})
ioctl$sock_netdev_private(r4, 0x8949, &(0x7f0000000000))
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x4, 0xf, 0x80000006}, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, &(0x7f0000000100)={0x0, 0x1, 0x201b, 0x1})

0s ago: executing program 0 (id=913):
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$SOUND_MIXER_WRITE_VOLUME(0xffffffffffffffff, 0xc0044d0a, &(0x7f00000001c0)=0x52)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000080)={0x50, r2, 0x801, 0x400, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee33908f8eef16f162471f4"}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac06}]}]}, 0x50}}, 0x0)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000480), r1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
r7 = socket$can_bcm(0x1d, 0x2, 0x2)
accept4(r7, 0x0, 0x0, 0x80000)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f0000000600)={'comedi_parport\x00', [0x78, 0xfffffffe, 0x0, 0xc, 0x8, 0x6, 0x100002, 0x3e1, 0x5, 0x100, 0x4, 0x1, 0x1, 0x4020003, 0x0, 0x101, 0x83, 0x80000000, 0x3, 0x1b18, 0x16, 0x4, 0x0, 0xffffffff, 0xb, 0x4, 0x3b, 0xc, 0x10000006, 0x664, 0xfffffff8]})
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="010026bd7000fcdbdf2502000000080001"], 0x1c}}, 0x840)
write$nci(r0, &(0x7f0000000100)=ANY=[], 0x4)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
io_setup(0x2, &(0x7f0000002400)=<r9=>0x0)
io_submit(r9, 0x1, &(0x7f0000000040)=[&(0x7f00000010c0)={0x0, 0x0, 0x0, 0x5, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x2}])
getresuid(&(0x7f0000000040), &(0x7f0000000100)=<r10=>0x0, &(0x7f0000000140))
r11 = getgid()
fchownat(r8, &(0x7f0000000000)='./file0\x00', r10, r11, 0x1000)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

t stack depth: 18936 bytes left
[  131.099434][   T57] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  131.143044][ T7100] comedi comedi3: pcl812: I/O base address not correctly aligned
[  131.492214][ T7089] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  131.630825][    C2] bridge0: port 2(bridge_slave_1) entered forwarding state
[  131.630863][    C2] bridge0: topology change detected, propagating
[  131.631314][    C2] bridge0: port 1(bridge_slave_0) entered forwarding state
[  131.631330][    C2] bridge0: topology change detected, propagating
[  131.631420][    C2] bridge0: port 3(batadv1) entered forwarding state
[  131.631433][    C2] bridge0: topology change detected, propagating
[  131.659919][   T57] usb 7-1: device descriptor read/8, error -71
[  131.952693][ T7111] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) !
[  131.974575][ T7111] syzkaller0: entered promiscuous mode
[  131.976361][ T7111] syzkaller0: entered allmulticast mode
[  131.981590][ T7108] Can't find a SQUASHFS superblock on nullb0
[  132.178415][ T7113] netlink: 44 bytes leftover after parsing attributes in process `syz.1.359'.
[  132.190487][ T7113] bridge0: port 3(batadv1) entered disabled state
[  132.192974][ T7113] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.195124][ T7113] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.211344][   T40] audit: type=1326 audit(1780003616.401:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7132 comm="syz.3.367" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf709ef7c code=0x0
[  133.237653][ T7134] netlink: 4 bytes leftover after parsing attributes in process `syz.1.366'.
[  133.326720][ T7134] netlink: 4 bytes leftover after parsing attributes in process `syz.1.366'.
[  133.635358][ T7139] Can't find a SQUASHFS superblock on nullb0
[  134.622556][ T7126] Can't find a SQUASHFS superblock on nullb0
[  135.391926][ T7148] gre1: entered promiscuous mode
[  135.637796][ T7162] binder: 7156:7162 ioctl c0285840 80000000 returned -22
[  135.668173][ T7161] Can't find a SQUASHFS superblock on nullb0
[  135.742567][ T1220] Bluetooth: hci4: Frame reassembly failed (-84)
[  135.831438][ T7155] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  135.913191][ T7166] wg2 speed is unknown, defaulting to 1000
[  135.953453][ T7167] netlink: 8 bytes leftover after parsing attributes in process `syz.2.379'.
[  137.341356][ T7181] capability: warning: `syz.2.384' uses deprecated v2 capabilities in a way that may be insecure
[  137.402478][ T1435] ieee802154 phy0 wpan0: encryption failed: -22
[  137.405018][ T1435] ieee802154 phy1 wpan1: encryption failed: -22
[  137.505806][ T7192] netlink: 4 bytes leftover after parsing attributes in process `syz.2.387'.
[  137.757014][ T7198] Can't find a SQUASHFS superblock on nullb0
[  137.789517][   T62] Bluetooth: hci4: command 0x1003 tx timeout
[  137.792081][ T5102] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  139.271609][ T7217] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  139.274172][ T7217] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  139.286933][ T7217] vhci_hcd vhci_hcd.0: Device attached
[  139.526741][ T7217] rdma_rxe: rxe_newlink: failed to add wg2
[  139.579520][ T5532] usb 38-1: SetAddress Request (10) to port 0
[  139.582297][ T5532] usb 38-1: new SuperSpeed USB device number 10 using vhci_hcd
[  139.668898][ T7225] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  139.674548][ T7218] vhci_hcd: connection reset by peer
[  139.676335][ T1162] Bluetooth: hci4: Frame reassembly failed (-84)
[  139.678944][   T85] vhci_hcd vhci_hcd.0: stop threads
[  139.680652][   T85] vhci_hcd vhci_hcd.0: release socket
[  139.683341][  T189] Bluetooth: hci4: Frame reassembly failed (-84)
[  139.683367][   T85] vhci_hcd vhci_hcd.0: disconnect device
[  139.761168][ T7228] comedi comedi3: pcl812: I/O base address not correctly aligned
[  139.910480][ T7230] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  139.913529][ T7230] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  139.938509][ T7230] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  139.943955][ T7230] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  139.945795][ T7230] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  139.993408][ T7230] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  140.004932][ T7230] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  140.009023][ T7230] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  140.018933][ T7230] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  140.025638][ T7230] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  140.028305][ T7230] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  140.038713][ T7230] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  140.395981][ T7239] Can't find a SQUASHFS superblock on nullb0
[  140.400193][ T7220] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  141.084169][ T7241] FAULT_INJECTION: forcing a failure.
[  141.084169][ T7241] name failslab, interval 1, probability 0, space 0, times 0
[  141.089492][ T7241] CPU: 1 UID: 0 PID: 7241 Comm: syz.0.403 Not tainted syzkaller #0 PREEMPT(full) 
[  141.089507][ T7241] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  141.089526][ T7241] Call Trace:
[  141.089531][ T7241]  <TASK>
[  141.089536][ T7241]  dump_stack_lvl+0x100/0x190
[  141.089559][ T7241]  should_fail_ex.cold+0x5/0xa
[  141.089573][ T7241]  should_failslab+0xc2/0x120
[  141.089587][ T7241]  __kmalloc_cache_noprof+0x7a/0x6f0
[  141.089603][ T7241]  ? fuse_direct_IO+0x270/0xf10
[  141.089615][ T7241]  ? lockdep_init_map_type+0x5c/0x250
[  141.089637][ T7241]  fuse_direct_IO+0x270/0xf10
[  141.089655][ T7241]  ? __pfx_fuse_direct_IO+0x10/0x10
[  141.089667][ T7241]  ? generic_write_check_limits+0x1ef/0x280
[  141.089683][ T7241]  ? __pfx_down_write+0x10/0x10
[  141.089701][ T7241]  ? aa_file_perm+0x7f3/0x14d0
[  141.089720][ T7241]  fuse_direct_write_iter+0x4bb/0x810
[  141.089735][ T7241]  ? __pfx_fuse_direct_write_iter+0x10/0x10
[  141.089749][ T7241]  ? __lock_acquire+0x4a5/0x2630
[  141.089767][ T7241]  ? __pfx___might_resched+0x10/0x10
[  141.089786][ T7241]  fuse_file_write_iter+0x5c5/0x990
[  141.089801][ T7241]  aio_write+0x3ba/0x920
[  141.089817][ T7241]  ? __pfx_aio_write+0x10/0x10
[  141.089831][ T7241]  ? __lock_acquire+0x4a5/0x2630
[  141.089856][ T7241]  ? __might_fault+0xc5/0x140
[  141.089876][ T7241]  ? io_submit_one+0x1142/0x1fb0
[  141.089890][ T7241]  io_submit_one+0x1142/0x1fb0
[  141.089907][ T7241]  ? __lock_acquire+0x4a5/0x2630
[  141.089925][ T7241]  ? __pfx_io_submit_one+0x10/0x10
[  141.089945][ T7241]  ? __might_fault+0xc5/0x140
[  141.089965][ T7241]  ? __ia32_compat_sys_io_submit+0x1a7/0x3b0
[  141.089982][ T7241]  __ia32_compat_sys_io_submit+0x1a7/0x3b0
[  141.089998][ T7241]  ? __fget_files+0x21f/0x3d0
[  141.090012][ T7241]  ? __pfx___ia32_compat_sys_io_submit+0x10/0x10
[  141.090031][ T7241]  ? ksys_write+0x1ac/0x250
[  141.090044][ T7241]  ? rcu_is_watching+0x12/0xc0
[  141.090059][ T7241]  __do_fast_syscall_32+0xe7/0x970
[  141.090075][ T7241]  ? lockdep_hardirqs_on+0x78/0x100
[  141.090091][ T7241]  do_fast_syscall_32+0x32/0x70
[  141.090108][ T7241]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  141.090122][ T7241] RIP: 0023:0xf6fcef7c
[  141.090131][ T7241] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  141.090141][ T7241] RSP: 002b:00000000f53bd50c EFLAGS: 00000292 ORIG_RAX: 00000000000000f8
[  141.090152][ T7241] RAX: ffffffffffffffda RBX: 00000000f5373000 RCX: 0000000000000002
[  141.090158][ T7241] RDX: 0000000080000780 RSI: 0000000000000000 RDI: 0000000000000000
[  141.090164][ T7241] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  141.090170][ T7241] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  141.090176][ T7241] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  141.090189][ T7241]  </TASK>
[  141.408516][ T7245] Can't find a SQUASHFS superblock on nullb0
[  141.709585][   T62] Bluetooth: hci4: command 0x1003 tx timeout
[  141.713365][ T5102] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  141.920681][ T7250] vivid-000: disconnect
[  141.950686][   T62] Bluetooth: hci0: command 0x0c1a tx timeout
[  141.953344][ T5102] Bluetooth: hci1: command 0x0c1a tx timeout
[  142.031248][ T5102] Bluetooth: hci3: command 0x0c1a tx timeout
[  142.033857][ T5102] Bluetooth: hci2: command 0x0c1a tx timeout
[  142.256931][ T7255] FAULT_INJECTION: forcing a failure.
[  142.256931][ T7255] name failslab, interval 1, probability 0, space 0, times 0
[  142.261662][ T7255] CPU: 0 UID: 0 PID: 7255 Comm: syz.3.407 Not tainted syzkaller #0 PREEMPT(full) 
[  142.261678][ T7255] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  142.261684][ T7255] Call Trace:
[  142.261690][ T7255]  <TASK>
[  142.261695][ T7255]  dump_stack_lvl+0x100/0x190
[  142.261718][ T7255]  should_fail_ex.cold+0x5/0xa
[  142.261733][ T7255]  should_failslab+0xc2/0x120
[  142.261752][ T7255]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  142.261770][ T7255]  ? io_submit_one+0x124/0x1fb0
[  142.261788][ T7255]  io_submit_one+0x124/0x1fb0
[  142.261805][ T7255]  ? __lock_acquire+0x4a5/0x2630
[  142.261822][ T7255]  ? irqentry_exit+0x24d/0x970
[  142.261837][ T7255]  ? lockdep_hardirqs_on+0x78/0x100
[  142.261853][ T7255]  ? __pfx_io_submit_one+0x10/0x10
[  142.261873][ T7255]  ? __might_fault+0xc5/0x140
[  142.261893][ T7255]  ? __ia32_compat_sys_io_submit+0x1a7/0x3b0
[  142.261909][ T7255]  __ia32_compat_sys_io_submit+0x1a7/0x3b0
[  142.261926][ T7255]  ? __fget_files+0x21f/0x3d0
[  142.261939][ T7255]  ? __pfx___ia32_compat_sys_io_submit+0x10/0x10
[  142.261959][ T7255]  ? ksys_write+0x1ac/0x250
[  142.261972][ T7255]  ? rcu_is_watching+0x12/0xc0
[  142.261986][ T7255]  __do_fast_syscall_32+0xe7/0x970
[  142.262003][ T7255]  ? lockdep_hardirqs_on+0x78/0x100
[  142.262019][ T7255]  do_fast_syscall_32+0x32/0x70
[  142.262035][ T7255]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  142.262049][ T7255] RIP: 0023:0xf709ef7c
[  142.262058][ T7255] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  142.262069][ T7255] RSP: 002b:00000000f544b50c EFLAGS: 00000292 ORIG_RAX: 00000000000000f8
[  142.262079][ T7255] RAX: ffffffffffffffda RBX: 00000000f7fcc000 RCX: 0000000000000001
[  142.262086][ T7255] RDX: 0000000080000440 RSI: 0000000000000000 RDI: 0000000000000000
[  142.262092][ T7255] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  142.262098][ T7255] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  142.262104][ T7255] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  142.262117][ T7255]  </TASK>
[  142.791320][ T7261] comedi comedi3: pcl812: I/O base address not correctly aligned
[  142.808398][ T7249] vivid-000: reconnect
[  143.227936][ T7257] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  144.029742][   T62] Bluetooth: hci1: command 0x0c1a tx timeout
[  144.032418][ T5102] Bluetooth: hci0: command 0x0c1a tx timeout
[  144.109758][ T5102] Bluetooth: hci2: command 0x0c1a tx timeout
[  144.112268][   T62] Bluetooth: hci3: command 0x0c1a tx timeout
[  144.441262][ T7283] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  144.443309][ T7283] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  144.474007][ T7283] vhci_hcd vhci_hcd.0: Device attached
[  144.545506][ T7283] rdma_rxe: rxe_newlink: failed to add wg2
[  144.681323][ T5532] usb 38-1: device descriptor read/8, error -110
[  144.836961][ T1039] usb 42-1: SetAddress Request (6) to port 0
[  144.846422][ T1039] usb 42-1: new SuperSpeed USB device number 6 using vhci_hcd
[  144.859506][ T7284] vhci_hcd: connection closed
[  144.860915][ T7285] vhci_hcd: sendmsg failed!, ret=-32 for 48
[  144.864960][   T85] vhci_hcd vhci_hcd.2: stop threads
[  144.866653][   T85] vhci_hcd vhci_hcd.2: release socket
[  144.868462][   T85] vhci_hcd vhci_hcd.2: disconnect device
[  145.085019][ T7307] comedi comedi3: pcl812: I/O base address not correctly aligned
[  145.165037][ T5532] usb usb38-port1: attempt power cycle
[  145.625505][ T7302] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  145.809905][ T5532] usb usb38-port1: unable to enumerate USB device
[  145.888363][ T7319] comedi comedi3: pcl812: I/O base address not correctly aligned
[  146.109559][   T62] Bluetooth: hci0: command 0x0c1a tx timeout
[  146.112517][ T5102] Bluetooth: hci1: command 0x0c1a tx timeout
[  146.184839][ T7331] syzkaller0: entered promiscuous mode
[  146.187120][ T7331] syzkaller0: entered allmulticast mode
[  146.189573][ T5102] Bluetooth: hci3: command 0x0c1a tx timeout
[  146.189599][ T5102] Bluetooth: hci2: command 0x0c1a tx timeout
[  146.373945][   T62] Bluetooth: hci0: unexpected event for opcode 0x0000
[  146.508273][ T7309] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  147.258604][ T7354] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  147.261193][ T7354] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  147.264761][ T7366] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(8)
[  147.267458][ T7366] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  147.272425][ T7354] vhci_hcd vhci_hcd.0: Device attached
[  147.304502][ T7366] vhci_hcd vhci_hcd.0: Device attached
[  147.401468][   T62] Bluetooth: hci3: unexpected event for opcode 0x0000
[  147.559453][ T5532] usb 43-1: new low-speed USB device number 2 using vhci_hcd
[  147.632799][ T7379] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  147.638658][ T7368] vhci_hcd: connection closed
[  147.638933][ T1162] vhci_hcd vhci_hcd.3: stop threads
[  147.639741][   T13] Bluetooth: hci4: Frame reassembly failed (-84)
[  147.643470][ T1162] vhci_hcd vhci_hcd.3: release socket
[  147.655645][ T7367] vhci_hcd: connection reset by peer
[  147.655673][ T1162] vhci_hcd vhci_hcd.3: disconnect device
[  147.662679][ T1162] vhci_hcd vhci_hcd.3: stop threads
[  147.664373][ T1162] vhci_hcd vhci_hcd.3: release socket
[  147.675763][ T1162] vhci_hcd vhci_hcd.3: disconnect device
[  148.399301][ T7389] syzkaller0: entered promiscuous mode
[  148.401131][ T7389] syzkaller0: entered allmulticast mode
[  148.753684][ T7403] fuse: Bad value for 'fd'
[  149.044603][ T7412] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  149.047069][ T7412] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  149.061409][ T7412] vhci_hcd vhci_hcd.0: Device attached
[  149.110468][ T7412] syz2: rxe_newlink: already configured on wg2
[  149.185302][ T7419] can0: slcan on ttyprintk.
[  149.261187][ T7419] can0 (unregistered): slcan off ttyprintk.
[  149.519083][ T7414] vhci_hcd: connection closed
[  149.519577][   T13] vhci_hcd vhci_hcd.3: stop threads
[  149.522841][   T13] vhci_hcd vhci_hcd.3: release socket
[  149.525823][   T13] vhci_hcd vhci_hcd.3: disconnect device
[  149.705084][ T7437] Can't find a SQUASHFS superblock on nullb0
[  149.721153][   T62] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  149.723444][ T5102] Bluetooth: hci4: command 0x1003 tx timeout
[  149.869467][ T1039] usb 42-1: device descriptor read/8, error -110
[  150.199571][ T7444] netlink: 'syz.2.471': attribute type 2 has an invalid length.
[  150.205034][ T7444] ‚#{6c: entered promiscuous mode
[  150.208688][ T7444] netlink: 28 bytes leftover after parsing attributes in process `syz.2.471'.
[  150.214230][ T7444] netlink: 208 bytes leftover after parsing attributes in process `syz.2.471'.
[  150.272100][ T7448] netlink: 8 bytes leftover after parsing attributes in process `syz.2.472'.
[  150.295161][ T1039] usb usb42-port1: attempt power cycle
[  150.429209][   T85] Bluetooth: hci4: Frame reassembly failed (-84)
[  150.435516][ T7460] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  150.437751][   T85] Bluetooth: hci4: Frame reassembly failed (-84)
[  150.440650][ T5102] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  150.445001][ T5102] Bluetooth: hci0: Injecting HCI hardware error event
[  150.447691][ T5102] Bluetooth: hci0: hardware error 0x00
[  150.619427][   T57] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  150.629108][ T5743] Bluetooth: hci3: unexpected event for opcode 0x001b
[  150.777007][   T57] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  150.789534][   T57] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  150.793771][   T57] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  150.797483][   T57] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  150.814197][   T57] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  150.819023][   T57] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  150.829469][   T57] usb 8-1: Manufacturer: syz
[  150.835528][   T57] usb 8-1: config 0 descriptor??
[  150.901498][ T1039] usb usb42-port1: unable to enumerate USB device
[  151.047016][ T7474] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  151.049715][ T7474] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  151.070485][ T7474] vhci_hcd vhci_hcd.0: Device attached
[  151.093413][ T7478] netlink: 4 bytes leftover after parsing attributes in process `syz.3.475'.
[  151.100750][ T7479] netlink: 4 bytes leftover after parsing attributes in process `syz.3.475'.
[  151.298010][   T57] usbhid 8-1:0.0: can't add hid device: -71
[  151.300782][   T57] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  151.311472][   T57] usb 8-1: USB disconnect, device number 2
[  151.411947][ T1039] usb 38-1: SetAddress Request (14) to port 0
[  151.414039][ T1039] usb 38-1: new SuperSpeed USB device number 14 using vhci_hcd
[  151.696005][ T5826] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  151.737787][ T7470] rdma_rxe: rxe_newlink: failed to add wg2
[  151.782526][   T40] audit: type=1326 audit(1780003634.971:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7471 comm="syz.1.483" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef7c code=0x7fc00000
[  151.872982][ T7475] vhci_hcd: connection reset by peer
[  151.880170][ T1220] vhci_hcd vhci_hcd.0: stop threads
[  151.885051][ T1220] vhci_hcd vhci_hcd.0: release socket
[  151.889525][ T1220] vhci_hcd vhci_hcd.0: disconnect device
[  152.000520][ T5743] Bluetooth: hci3: unexpected event for opcode 0x041b
[  152.440618][   T62] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  152.440754][ T5743] Bluetooth: hci4: command 0x1003 tx timeout
[  152.519507][ T5102] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  152.659507][ T5532] vhci_hcd vhci_hcd.3: vhci_device speed not set
[  153.920467][   T39] usb usb44-port1: attempt power cycle
[  154.490443][   T39] usb usb44-port1: unable to enumerate USB device
[  156.749548][ T1039] usb 38-1: device descriptor read/8, error -110
[  157.139913][ T1039] usb usb38-port1: attempt power cycle
[  157.700738][ T1039] usb usb38-port1: unable to enumerate USB device
[  158.153382][ T7547] Can't find a SQUASHFS superblock on nullb0
[  158.898222][ T5826] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  158.927122][   T40] audit: type=1326 audit(1780003642.091:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7545 comm="syz.0.497" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fcef7c code=0x7fc00000
[  158.952770][   T40] audit: type=1326 audit(1780003642.091:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7545 comm="syz.0.497" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf6fcef7c code=0x7fc00000
[  159.004744][   T40] audit: type=1326 audit(1780003642.091:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7545 comm="syz.0.497" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fcef7c code=0x7fc00000
[  159.043252][   T40] audit: type=1326 audit(1780003642.091:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7545 comm="syz.0.497" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fcef7c code=0x7fc00000
[  159.080674][   T40] audit: type=1326 audit(1780003642.091:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7545 comm="syz.0.497" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fcef7c code=0x7fc00000
[  159.118717][   T40] audit: type=1326 audit(1780003642.091:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7545 comm="syz.0.497" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fcef7c code=0x7fc00000
[  159.168177][   T40] audit: type=1326 audit(1780003642.091:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7545 comm="syz.0.497" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fcef7c code=0x7fc00000
[  159.208361][   T40] audit: type=1326 audit(1780003642.091:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7545 comm="syz.0.497" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fcef7c code=0x7fc00000
[  159.250741][   T40] audit: type=1326 audit(1780003642.091:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7545 comm="syz.0.497" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fcef7c code=0x7fc00000
[  159.299250][   T40] audit: type=1326 audit(1780003642.091:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7545 comm="syz.0.497" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fcef7c code=0x7fc00000
[  159.972814][ T7581] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  159.975377][   T85] Bluetooth: hci4: Frame reassembly failed (-84)
[  160.291697][ T7590] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  160.293861][ T7590] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  160.323199][ T7590] vhci_hcd vhci_hcd.0: Device attached
[  160.385561][ T7590] rdma_rxe: rxe_newlink: failed to add wg2
[  161.088929][ T7591] vhci_hcd: connection closed
[  161.089251][  T189] vhci_hcd vhci_hcd.2: stop threads
[  161.098945][  T189] vhci_hcd vhci_hcd.2: release socket
[  161.100496][   T39] usb 42-1: SetAddress Request (10) to port 0
[  161.103033][   T39] usb 42-1: new SuperSpeed USB device number 10 using vhci_hcd
[  161.104423][  T189] vhci_hcd vhci_hcd.2: disconnect device
[  161.119881][   T39] usb 42-1: enqueue for inactive port 0
[  161.299086][ T7609] FAULT_INJECTION: forcing a failure.
[  161.299086][ T7609] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  161.304888][ T7609] CPU: 1 UID: 0 PID: 7609 Comm: syz.0.511 Not tainted syzkaller #0 PREEMPT(full) 
[  161.304913][ T7609] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  161.304923][ T7609] Call Trace:
[  161.304930][ T7609]  <TASK>
[  161.304939][ T7609]  dump_stack_lvl+0x100/0x190
[  161.304979][ T7609]  should_fail_ex.cold+0x5/0xa
[  161.305003][ T7609]  _copy_from_user+0x2e/0xd0
[  161.305029][ T7609]  get_compat_msghdr+0xb3/0x4b0
[  161.305052][ T7609]  ? __pfx_get_compat_msghdr+0x10/0x10
[  161.305083][ T7609]  ___sys_sendmsg+0x1b6/0x1e0
[  161.305112][ T7609]  ? __pfx____sys_sendmsg+0x10/0x10
[  161.305147][ T7609]  ? find_held_lock+0x2b/0x80
[  161.305186][ T7609]  __sys_sendmsg+0x170/0x220
[  161.305207][ T7609]  ? __pfx___sys_sendmsg+0x10/0x10
[  161.305225][ T7609]  ? __fget_files+0x21f/0x3d0
[  161.305255][ T7609]  ? ksys_write+0x1ac/0x250
[  161.305279][ T7609]  ? rcu_is_watching+0x12/0xc0
[  161.305305][ T7609]  __do_fast_syscall_32+0xe7/0x970
[  161.305333][ T7609]  ? lockdep_hardirqs_on+0x78/0x100
[  161.305360][ T7609]  do_fast_syscall_32+0x32/0x70
[  161.305387][ T7609]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  161.305410][ T7609] RIP: 0023:0xf6fcef7c
[  161.305426][ T7609] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  161.305442][ T7609] RSP: 002b:00000000f53bd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  161.305461][ T7609] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040
[  161.305471][ T7609] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  161.305481][ T7609] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  161.305491][ T7609] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  161.305501][ T7609] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  161.305522][ T7609]  </TASK>
[  161.510205][   T39] usb usb42-port1: attempt power cycle
[  162.030873][ T5102] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  162.072436][   T39] usb usb42-port1: unable to enumerate USB device
[  162.244038][ T7642] netlink: 8 bytes leftover after parsing attributes in process `syz.3.518'.
[  162.316359][ T5826] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  163.678447][ T7640] smc: removing ib device syz2
[  163.919689][ T7643] netlink: 8 bytes leftover after parsing attributes in process `syz.2.517'.
[  164.078416][ T7640] smbdirect: ib_dev[syz2] removed
[  164.883130][ T7671] comedi comedi3: pcl812: I/O base address not correctly aligned
[  165.144940][ T7676] Can't find a SQUASHFS superblock on nullb0
[  166.095934][ T7682] Can't find a SQUASHFS superblock on nullb0
[  166.680500][ T7658] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  167.111059][   T40] kauditd_printk_skb: 74 callbacks suppressed
[  167.111074][   T40] audit: type=1326 audit(1780003650.301:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7689 comm="syz.3.525" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf709ef7c code=0x0
[  167.370023][ T7697] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  168.503054][ T5819] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  168.939672][   T40] audit: type=1326 audit(1780003652.131:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7698 comm="syz.3.528" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef7c code=0x7fc00000
[  169.389540][   T62] Bluetooth: hci4: command 0x1003 tx timeout
[  169.389566][ T5102] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  174.686030][ T7720] Can't find a SQUASHFS superblock on nullb0
[  175.635307][ T7716] fuse: Unknown parameter 'fd?0x0000000000000004'
[  176.456623][ T7726] comedi comedi3: pcl812: I/O base address not correctly aligned
[  176.622797][ T7717] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  178.598747][ T7765] dlm: Unknown command passed to DLM device : 3
[  178.598747][ T7765] 
[  178.667165][ T7766] random: crng reseeded on system resumption
[  179.369507][ T7775] FAULT_INJECTION: forcing a failure.
[  179.369507][ T7775] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  179.374949][ T7775] CPU: 2 UID: 0 PID: 7775 Comm: syz.2.541 Not tainted syzkaller #0 PREEMPT(full) 
[  179.374975][ T7775] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  179.374986][ T7775] Call Trace:
[  179.374993][ T7775]  <TASK>
[  179.375001][ T7775]  dump_stack_lvl+0x100/0x190
[  179.375034][ T7775]  should_fail_ex.cold+0x5/0xa
[  179.375056][ T7775]  _copy_from_iter+0x1f4/0x1690
[  179.375083][ T7775]  ? __asan_memset+0x23/0x50
[  179.375108][ T7775]  ? __pfx__copy_from_iter+0x10/0x10
[  179.375131][ T7775]  ? __pfx___alloc_skb+0x10/0x10
[  179.375147][ T7775]  ? __pfx___might_resched+0x10/0x10
[  179.375175][ T7775]  netlink_sendmsg+0x808/0xda0
[  179.375203][ T7775]  ? __pfx_netlink_sendmsg+0x10/0x10
[  179.375227][ T7775]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  179.375249][ T7775]  ____sys_sendmsg+0x9e1/0xb70
[  179.375270][ T7775]  ? __pfx_netlink_sendmsg+0x10/0x10
[  179.375293][ T7775]  ? __pfx_____sys_sendmsg+0x10/0x10
[  179.375325][ T7775]  ___sys_sendmsg+0x190/0x1e0
[  179.375358][ T7775]  ? __pfx____sys_sendmsg+0x10/0x10
[  179.375391][ T7775]  ? find_held_lock+0x2b/0x80
[  179.375428][ T7775]  __sys_sendmsg+0x170/0x220
[  179.375448][ T7775]  ? __pfx___sys_sendmsg+0x10/0x10
[  179.375465][ T7775]  ? __fget_files+0x21f/0x3d0
[  179.375517][ T7775]  ? ksys_write+0x1ac/0x250
[  179.375540][ T7775]  ? rcu_is_watching+0x12/0xc0
[  179.375564][ T7775]  __do_fast_syscall_32+0xe7/0x970
[  179.375591][ T7775]  ? lockdep_hardirqs_on+0x78/0x100
[  179.375617][ T7775]  do_fast_syscall_32+0x32/0x70
[  179.375642][ T7775]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  179.375668][ T7775] RIP: 0023:0xf7f27f7c
[  179.375684][ T7775] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  179.375701][ T7775] RSP: 002b:00000000f53e650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  179.375720][ T7775] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  179.375731][ T7775] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000
[  179.375741][ T7775] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  179.375751][ T7775] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  179.375762][ T7775] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  179.375784][ T7775]  </TASK>
[  179.636439][ T7781] syzkaller0: entered promiscuous mode
[  179.639020][ T7781] syzkaller0: entered allmulticast mode
[  179.939587][ T7785] comedi comedi3: pcl812: I/O base address not correctly aligned
[  180.328944][ T7796] netlink: 4 bytes leftover after parsing attributes in process `syz.0.548'.
[  180.516923][ T7803] comedi comedi3: pcl812: I/O base address not correctly aligned
[  180.537609][ T7804] Cannot find set identified by id 0 to match
[  180.671342][ T7804] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  180.678481][ T7804] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  180.683120][ T7804] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  180.684893][ T7761] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  180.875379][ T7815] netlink: 'syz.0.554': attribute type 10 has an invalid length.
[  181.147105][ T7788] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  181.506090][ T7821] netlink: 'syz.0.557': attribute type 1 has an invalid length.
[  181.537318][ T7821] bond1: entered promiscuous mode
[  181.540172][ T7821] 8021q: adding VLAN 0 to HW filter on device bond1
[  181.638059][ T7826] FAULT_INJECTION: forcing a failure.
[  181.638059][ T7826] name failslab, interval 1, probability 0, space 0, times 0
[  181.642767][ T7826] CPU: 2 UID: 0 PID: 7826 Comm: syz.1.559 Not tainted syzkaller #0 PREEMPT(full) 
[  181.642786][ T7826] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  181.642812][ T7826] Call Trace:
[  181.642819][ T7826]  <TASK>
[  181.642825][ T7826]  dump_stack_lvl+0x100/0x190
[  181.642851][ T7826]  should_fail_ex.cold+0x5/0xa
[  181.642868][ T7826]  ? tomoyo_encode2+0xfb/0x3c0
[  181.642911][ T7826]  should_failslab+0xc2/0x120
[  181.642927][ T7826]  __kmalloc_noprof+0xe0/0x850
[  181.642939][ T7826]  ? d_absolute_path+0x136/0x1b0
[  181.642955][ T7826]  tomoyo_encode2+0xfb/0x3c0
[  181.642975][ T7826]  tomoyo_encode+0x29/0x50
[  181.642992][ T7826]  tomoyo_realpath_from_path+0x18c/0x690
[  181.643015][ T7826]  tomoyo_path_number_perm+0x23c/0x580
[  181.643030][ T7826]  ? tomoyo_path_number_perm+0x22e/0x580
[  181.643047][ T7826]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  181.643069][ T7826]  ? get_pid_task+0x106/0x250
[  181.643112][ T7826]  ? find_held_lock+0x2b/0x80
[  181.643134][ T7826]  ? __fget_files+0x215/0x3d0
[  181.643150][ T7826]  ? hook_file_ioctl_common+0x149/0x410
[  181.643163][ T7826]  ? __fget_files+0x215/0x3d0
[  181.643179][ T7826]  ? __fget_files+0x21f/0x3d0
[  181.643194][ T7826]  security_file_ioctl_compat+0xd3/0x230
[  181.643210][ T7826]  __ia32_compat_sys_ioctl+0xc2/0x360
[  181.643224][ T7826]  __do_fast_syscall_32+0xe7/0x970
[  181.643241][ T7826]  ? lockdep_hardirqs_on+0x78/0x100
[  181.643257][ T7826]  do_fast_syscall_32+0x32/0x70
[  181.643274][ T7826]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  181.643288][ T7826] RIP: 0023:0xf706ef7c
[  181.643298][ T7826] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  181.643309][ T7826] RSP: 002b:00000000f545d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  181.643320][ T7826] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0405602
[  181.643327][ T7826] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
[  181.643333][ T7826] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  181.643340][ T7826] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  181.643346][ T7826] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  181.643359][ T7826]  </TASK>
[  181.643409][ T7826] ERROR: Out of memory at tomoyo_realpath_from_path.
[  181.719784][ T7824] can0: slcan on ttynull.
[  182.119603][ T2318] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  182.123660][ T7837] comedi comedi3: comedi_config --init_data is deprecated
[  182.285571][ T2318] usb 8-1: config 0 has no interfaces?
[  182.291891][ T2318] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  182.298397][ T2318] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.456247][ T7845] hpfs: Bad magic ... probably not HPFS
[  182.461909][ T7845] hpfs: Bad magic ... probably not HPFS
[  182.500880][ T2318] usb 8-1: config 0 descriptor??
[  182.602010][ T7850] FAULT_INJECTION: forcing a failure.
[  182.602010][ T7850] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  182.608019][ T7850] CPU: 0 UID: 0 PID: 7850 Comm: syz.2.566 Not tainted syzkaller #0 PREEMPT(full) 
[  182.608043][ T7850] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  182.608053][ T7850] Call Trace:
[  182.608077][ T7850]  <TASK>
[  182.608087][ T7850]  dump_stack_lvl+0x100/0x190
[  182.608120][ T7850]  should_fail_ex.cold+0x5/0xa
[  182.608138][ T7850]  ? prepare_alloc_pages+0x16d/0x5f0
[  182.608160][ T7850]  should_fail_alloc_page+0xeb/0x140
[  182.608181][ T7850]  prepare_alloc_pages+0x1f0/0x5f0
[  182.608206][ T7850]  __alloc_frozen_pages_noprof+0x19a/0x2bc0
[  182.608245][ T7850]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  182.608288][ T7850]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  182.608313][ T7850]  ? policy_nodemask+0xed/0x4f0
[  182.608334][ T7850]  alloc_pages_mpol+0x1fb/0x540
[  182.608362][ T7850]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  182.608380][ T7850]  ? __lock_acquire+0x4a5/0x2630
[  182.608411][ T7850]  folio_alloc_mpol_noprof+0x36/0x260
[  182.608434][ T7850]  shmem_alloc_folio+0x135/0x160
[  182.608457][ T7850]  shmem_alloc_and_add_folio+0x371/0xd40
[  182.608490][ T7850]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  182.608518][ T7850]  ? shmem_allowable_huge_orders+0x2bd/0x400
[  182.608541][ T7850]  shmem_get_folio_gfp+0x6ab/0x1900
[  182.608561][ T7850]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  182.608578][ T7850]  ? filemap_map_pages+0x9c1/0x2140
[  182.608608][ T7850]  shmem_fault+0x1f9/0xa20
[  182.608626][ T7850]  ? __pfx_shmem_fault+0x10/0x10
[  182.608647][ T7850]  ? __pfx_filemap_map_pages+0x10/0x10
[  182.608675][ T7850]  ? find_held_lock+0x2b/0x80
[  182.608693][ T7850]  __do_fault+0x10b/0x440
[  182.608709][ T7850]  do_fault+0xa99/0x1750
[  182.608730][ T7850]  __handle_mm_fault+0x187d/0x2a00
[  182.608757][ T7850]  ? mt_find+0x45e/0x8e0
[  182.608781][ T7850]  ? __pfx___handle_mm_fault+0x10/0x10
[  182.608801][ T7850]  ? __pfx_mt_find+0x10/0x10
[  182.608834][ T7850]  ? find_vma+0xbf/0x140
[  182.608851][ T7850]  ? __pfx_find_vma+0x10/0x10
[  182.608870][ T7850]  handle_mm_fault+0x37b/0xa30
[  182.608899][ T7850]  do_user_addr_fault+0x74c/0x12f0
[  182.608921][ T7850]  ? trace_page_fault_kernel+0x7a/0x200
[  182.608941][ T7850]  exc_page_fault+0x6f/0xd0
[  182.608965][ T7850]  asm_exc_page_fault+0x26/0x30
[  182.608981][ T7850] RIP: 0010:copy_compat_iovec_from_user+0x101/0x180
[  182.609005][ T7850] Code: 48 89 6b 08 41 83 c5 01 49 83 c4 08 48 83 c3 10 44 8b 74 24 04 44 89 ee 44 89 f7 e8 09 5a 13 fd 45 39 ee 74 5a e8 0f 60 13 fd <41> 8b 2c 24 e8 06 60 13 fd 45 8b 74 24 fc e8 fc 5f 13 fd 31 ff 89
[  182.609019][ T7850] RSP: 0018:ffffc9000ecff8c8 EFLAGS: 00050293
[  182.609034][ T7850] RAX: 0000000000000000 RBX: ffff888057d78d00 RCX: ffffffff84f49ce7
[  182.609044][ T7850] RDX: ffff8880245b8000 RSI: ffffffff84f49cf1 RDI: ffff8880245b8000
[  182.609054][ T7850] RBP: 0000000000000000 R08: 0000000000000004 R09: 0000000000000171
[  182.609064][ T7850] R10: 00000000000000d0 R11: 0000000000000000 R12: 0000000080004004
[  182.609073][ T7850] R13: 00000000000000d0 R14: 0000000000000171 R15: dffffc0000000000
[  182.609088][ T7850]  ? copy_compat_iovec_from_user+0xf7/0x180
[  182.609110][ T7850]  ? copy_compat_iovec_from_user+0x101/0x180
[  182.609134][ T7850]  ? copy_compat_iovec_from_user+0x101/0x180
[  182.609159][ T7850]  iovec_from_user+0x129/0x140
[  182.609184][ T7850]  __import_iovec+0x81/0x640
[  182.609205][ T7850]  ? __might_fault+0xc5/0x140
[  182.609234][ T7850]  import_iovec+0x82/0xb0
[  182.609259][ T7850]  get_compat_msghdr+0x2ea/0x4b0
[  182.609280][ T7850]  ? __pfx_get_compat_msghdr+0x10/0x10
[  182.609301][ T7850]  ? _kstrtoull+0x13c/0x1f0
[  182.609316][ T7850]  ? __pfx__kstrtoull+0x10/0x10
[  182.609334][ T7850]  ___sys_sendmsg+0x1b6/0x1e0
[  182.609368][ T7850]  ? __pfx____sys_sendmsg+0x10/0x10
[  182.609390][ T7850]  ? __lock_acquire+0x4a5/0x2630
[  182.609442][ T7850]  __sys_sendmmsg+0x2ff/0x430
[  182.609464][ T7850]  ? __pfx___sys_sendmmsg+0x10/0x10
[  182.609491][ T7850]  ? __fget_files+0x215/0x3d0
[  182.609522][ T7850]  ? fput+0x79/0x100
[  182.609546][ T7850]  ? ksys_write+0x1ac/0x250
[  182.609590][ T7850]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  182.609613][ T7850]  ? lockdep_hardirqs_on+0x78/0x100
[  182.609637][ T7850]  __do_fast_syscall_32+0xe7/0x970
[  182.609661][ T7850]  ? lockdep_hardirqs_on+0x78/0x100
[  182.609687][ T7850]  do_fast_syscall_32+0x32/0x70
[  182.609741][ T7850]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  182.609763][ T7850] RIP: 0023:0xf7f27f7c
[  182.609778][ T7850] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  182.609793][ T7850] RSP: 002b:00000000f53c550c EFLAGS: 00000292 ORIG_RAX: 0000000000000159
[  182.609810][ T7850] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080003cc0
[  182.609820][ T7850] RDX: 0000000000000172 RSI: 0000000004001c00 RDI: 0000000000000000
[  182.609831][ T7850] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  182.609840][ T7850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  182.609850][ T7850] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  182.609872][ T7850]  </TASK>
[  182.669623][   T62] Bluetooth: hci1: command 0x0c1a tx timeout
[  182.765120][ T5102] Bluetooth: hci3: command 0x0c1a tx timeout
[  182.765245][ T5747] Bluetooth: hci2: command 0x0c1a tx timeout
[  183.340612][   T39] usb 8-1: USB disconnect, device number 3
[  183.489899][ T7852] can0 (unregistered): slcan off ttynull.
[  183.560138][ T5747] Bluetooth: hci1: unexpected event for opcode 0x0000
[  184.054819][ T7887] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.058625][ T7887] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.642185][ T5747] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  187.663344][ T5747] Bluetooth: hci1: Injecting HCI hardware error event
[  187.675310][ T5102] Bluetooth: hci1: hardware error 0x00
[  189.706331][ T7930] netlink: 44 bytes leftover after parsing attributes in process `syz.1.588'.
[  189.710796][ T7928] netlink: 8 bytes leftover after parsing attributes in process `syz.0.587'.
[  189.725288][ T7928] netlink: 20 bytes leftover after parsing attributes in process `syz.0.587'.
[  189.732751][ T5102] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  189.882827][ T7935] netlink: 8 bytes leftover after parsing attributes in process `syz.0.590'.
[  189.943997][ T7939] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  190.027136][ T7942] comedi comedi3: pcl812: I/O base address not correctly aligned
[  190.059599][ T5102] Bluetooth: hci3: unexpected event for opcode 0x0000
[  190.380898][ T7950] syzkaller0: entered promiscuous mode
[  190.384015][ T7950] syzkaller0: entered allmulticast mode
[  190.452291][ T7931] comedi comedi3: pcl812: I/O base address not correctly aligned
[  190.742004][ T7921] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  192.395271][ T7904] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  193.164383][ T7976] syzkaller0: entered promiscuous mode
[  193.167244][ T7976] syzkaller0: entered allmulticast mode
[  193.383581][ T7982] FAULT_INJECTION: forcing a failure.
[  193.383581][ T7982] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  193.396512][ T7982] CPU: 3 UID: 0 PID: 7982 Comm: syz.1.607 Not tainted syzkaller #0 PREEMPT(full) 
[  193.396537][ T7982] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  193.396547][ T7982] Call Trace:
[  193.396554][ T7982]  <TASK>
[  193.396560][ T7982]  dump_stack_lvl+0x100/0x190
[  193.396595][ T7982]  should_fail_ex.cold+0x5/0xa
[  193.396618][ T7982]  _copy_from_user+0x2e/0xd0
[  193.396642][ T7982]  get_compat_msghdr+0xb3/0x4b0
[  193.396662][ T7982]  ? __pfx_get_compat_msghdr+0x10/0x10
[  193.396689][ T7982]  ___sys_sendmsg+0x1b6/0x1e0
[  193.396714][ T7982]  ? __pfx____sys_sendmsg+0x10/0x10
[  193.396746][ T7982]  ? find_held_lock+0x2b/0x80
[  193.396781][ T7982]  __sys_sendmsg+0x170/0x220
[  193.396799][ T7982]  ? __pfx___sys_sendmsg+0x10/0x10
[  193.396815][ T7982]  ? __fget_files+0x21f/0x3d0
[  193.396843][ T7982]  ? ksys_write+0x1ac/0x250
[  193.396866][ T7982]  ? rcu_is_watching+0x12/0xc0
[  193.396891][ T7982]  __do_fast_syscall_32+0xe7/0x970
[  193.396916][ T7982]  ? lockdep_hardirqs_on+0x78/0x100
[  193.396942][ T7982]  do_fast_syscall_32+0x32/0x70
[  193.396977][ T7982]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  193.396999][ T7982] RIP: 0023:0xf706ef7c
[  193.397015][ T7982] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  193.397033][ T7982] RSP: 002b:00000000f545d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  193.397052][ T7982] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300
[  193.397064][ T7982] RDX: 0000000020004800 RSI: 0000000000000000 RDI: 0000000000000000
[  193.397076][ T7982] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  193.397086][ T7982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  193.397098][ T7982] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  193.397123][ T7982]  </TASK>
[  193.948400][ T7994] syzkaller0: entered promiscuous mode
[  193.952942][ T7994] syzkaller0: entered allmulticast mode
[  194.082855][ T5102] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  194.091101][ T5102] Bluetooth: hci3: Injecting HCI hardware error event
[  194.106859][ T5102] Bluetooth: hci3: hardware error 0x00
[  194.362943][ T5747] Bluetooth: hci2: unexpected event for opcode 0x0000
[  194.662825][ T7992] comedi comedi3: pcl812: I/O base address not correctly aligned
[  195.134253][ T7985] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  195.298730][ T8013] netlink: 4 bytes leftover after parsing attributes in process `syz.1.618'.
[  195.317387][ T8013] macvtap1: entered promiscuous mode
[  195.320634][ T8013] dummy0: entered promiscuous mode
[  195.324749][ T8013] macvtap1: entered allmulticast mode
[  195.327152][ T8013] dummy0: entered allmulticast mode
[  195.830044][ T5826] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  196.184539][   T40] audit: type=1326 audit(1780003679.351:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8011 comm="syz.2.617" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f27f7c code=0x7fc00000
[  196.209704][ T5102] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  196.262515][ T8029] batadv0: entered promiscuous mode
[  196.267254][ T8029] macsec1: entered promiscuous mode
[  196.270661][ T8029] macsec1: entered allmulticast mode
[  196.273121][ T8029] batadv0: entered allmulticast mode
[  196.276563][ T8029] 8021q: adding VLAN 0 to HW filter on device macsec1
[  196.296299][ T8029] batadv0: left allmulticast mode
[  196.297459][ T5847] IPVS: starting estimator thread 0...
[  196.308404][ T8029] batadv0: left promiscuous mode
[  196.461762][ T8037] syzkaller0: entered promiscuous mode
[  196.469447][ T8037] syzkaller0: entered allmulticast mode
[  196.502604][ T8032] IPVS: using max 31 ests per chain, 74400 per kthread
[  196.884994][ T8044] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  196.914875][ T8046] netlink: 56 bytes leftover after parsing attributes in process `syz.3.628'.
[  197.037854][ T8050] netlink: 104 bytes leftover after parsing attributes in process `syz.3.630'.
[  197.374607][ T8065] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  197.378297][ T8065] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  197.382386][ T8065] vhci_hcd vhci_hcd.0: Device attached
[  197.461897][ T8069] syzkaller0: entered promiscuous mode
[  197.464530][ T8069] syzkaller0: entered allmulticast mode
[  197.539572][ T7116] usb 5-1: new low-speed USB device number 2 using dummy_hcd
[  197.561186][ T8066] vhci_hcd: connection closed
[  197.566180][   T12] vhci_hcd vhci_hcd.1: stop threads
[  197.572704][   T12] vhci_hcd vhci_hcd.1: release socket
[  197.576712][   T12] vhci_hcd vhci_hcd.1: disconnect device
[  197.669573][ T7116] usb 5-1: device descriptor read/64, error -71
[  197.989654][ T7116] usb 5-1: new low-speed USB device number 3 using dummy_hcd
[  198.129811][ T7116] usb 5-1: device descriptor read/64, error -71
[  198.280047][ T7116] usb usb5-port1: attempt power cycle
[  198.429705][ T5102] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  198.433789][ T5102] Bluetooth: hci2: Injecting HCI hardware error event
[  198.440519][ T5102] Bluetooth: hci2: hardware error 0x00
[  198.519605][ T8081] netlink: 76 bytes leftover after parsing attributes in process `syz.1.642'.
[  198.524625][ T8081] netlink: 76 bytes leftover after parsing attributes in process `syz.1.642'.
[  198.540957][ T8081] netlink: 33 bytes leftover after parsing attributes in process `syz.1.642'.
[  198.620710][ T7116] usb 5-1: new low-speed USB device number 4 using dummy_hcd
[  198.650538][ T7116] usb 5-1: device descriptor read/8, error -71
[  198.652654][ T8085] comedi comedi3: pcl812: I/O base address not correctly aligned
[  198.846970][ T1435] ieee802154 phy0 wpan0: encryption failed: -22
[  198.855744][ T1435] ieee802154 phy1 wpan1: encryption failed: -22
[  198.899792][ T7116] usb 5-1: new low-speed USB device number 5 using dummy_hcd
[  198.931186][ T7116] usb 5-1: device descriptor read/8, error -71
[  199.034702][ T8076] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  199.072212][ T7116] usb usb5-port1: unable to enumerate USB device
[  199.501534][ T8092] syzkaller0: entered promiscuous mode
[  199.504552][ T8092] syzkaller0: entered allmulticast mode
[  200.521092][ T5102] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  200.550383][ T8108] netlink: 8 bytes leftover after parsing attributes in process `syz.0.649'.
[  200.567341][ T8108] netlink: 16 bytes leftover after parsing attributes in process `syz.0.649'.
[  201.474962][ T8116] netlink: 64 bytes leftover after parsing attributes in process `syz.1.652'.
[  201.967067][ T8121] netlink: 8 bytes leftover after parsing attributes in process `syz.3.653'.
[  203.272590][ T8130] comedi comedi3: pcl812: I/O base address not correctly aligned
[  203.709786][ T8122] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  205.940838][ T8163] FAULT_INJECTION: forcing a failure.
[  205.940838][ T8163] name failslab, interval 1, probability 0, space 0, times 0
[  205.946083][ T8163] CPU: 0 UID: 0 PID: 8163 Comm: syz.0.667 Not tainted syzkaller #0 PREEMPT(full) 
[  205.946110][ T8163] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  205.946123][ T8163] Call Trace:
[  205.946131][ T8163]  <TASK>
[  205.946137][ T8163]  dump_stack_lvl+0x100/0x190
[  205.946177][ T8163]  should_fail_ex.cold+0x5/0xa
[  205.946204][ T8163]  ? __alloc_empty_sheaf+0x35/0x50
[  205.946233][ T8163]  should_failslab+0xc2/0x120
[  205.946259][ T8163]  __kmalloc_noprof+0xe0/0x850
[  205.946278][ T8163]  ? __pcs_replace_empty_main+0x13a/0x650
[  205.946333][ T8163]  ? __pcs_replace_empty_main+0x13a/0x650
[  205.946366][ T8163]  __alloc_empty_sheaf+0x35/0x50
[  205.946392][ T8163]  __pcs_replace_empty_main+0x3e8/0x650
[  205.946428][ T8163]  kmem_cache_alloc_noprof+0x480/0x6e0
[  205.946460][ T8163]  ? io_submit_one+0x124/0x1fb0
[  205.946492][ T8163]  io_submit_one+0x124/0x1fb0
[  205.946522][ T8163]  ? __lock_acquire+0x4a5/0x2630
[  205.946553][ T8163]  ? find_held_lock+0x2b/0x80
[  205.946577][ T8163]  ? __pfx_io_submit_one+0x10/0x10
[  205.946614][ T8163]  ? __might_fault+0xc5/0x140
[  205.946650][ T8163]  ? __ia32_compat_sys_io_submit+0x1a7/0x3b0
[  205.946679][ T8163]  __ia32_compat_sys_io_submit+0x1a7/0x3b0
[  205.946708][ T8163]  ? __fget_files+0x21f/0x3d0
[  205.946734][ T8163]  ? __pfx___ia32_compat_sys_io_submit+0x10/0x10
[  205.946769][ T8163]  ? ksys_write+0x1ac/0x250
[  205.946791][ T8163]  ? rcu_is_watching+0x12/0xc0
[  205.946843][ T8163]  __do_fast_syscall_32+0xe7/0x970
[  205.946872][ T8163]  ? lockdep_hardirqs_on+0x78/0x100
[  205.946901][ T8163]  do_fast_syscall_32+0x32/0x70
[  205.946929][ T8163]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  205.946955][ T8163] RIP: 0023:0xf6fcef7c
[  205.946973][ T8163] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  205.946992][ T8163] RSP: 002b:00000000f537b50c EFLAGS: 00000292 ORIG_RAX: 00000000000000f8
[  205.947022][ T8163] RAX: ffffffffffffffda RBX: 00000000f7eff000 RCX: 0000000000000001
[  205.947033][ T8163] RDX: 0000000080000440 RSI: 0000000000000000 RDI: 0000000000000000
[  205.947045][ T8163] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  205.947057][ T8163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  205.947068][ T8163] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  205.947093][ T8163]  </TASK>
[  206.700453][ T8170] comedi comedi3: pcl812: I/O base address not correctly aligned
[  206.977524][ T8174] syz.1.669 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  207.334938][ T8165] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  207.394671][ T8178] syzkaller0: entered promiscuous mode
[  207.396753][ T8178] syzkaller0: entered allmulticast mode
[  207.559570][ T1039] usb 8-1: new low-speed USB device number 4 using dummy_hcd
[  207.593548][ T5888] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  207.737753][ T1039] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  207.747425][ T1039] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2
[  207.760108][ T1039] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8
[  207.771811][ T1039] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  207.779685][ T1039] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.848511][ T8176] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  207.910136][ T1039] hub 8-1:1.0: bad descriptor, ignoring hub
[  207.912688][ T1039] hub 8-1:1.0: probe with driver hub failed with error -5
[  207.917500][ T1039] cdc_wdm 8-1:1.0: skipping garbage
[  207.950296][ T1039] cdc_wdm 8-1:1.0: skipping garbage
[  207.994873][ T1039] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  208.010468][ T1039] cdc_wdm 8-1:1.0: Unknown control protocol
[  208.089588][ T2318] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  208.167006][    C1] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  208.170428][    C1] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  208.173406][    C1] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  208.176662][    C1] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  208.192625][    C1] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  208.195469][    C1] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  208.198370][    C1] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  208.201672][    C1] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  208.205138][    C1] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  208.207979][    C1] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  208.212211][    C1] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  208.215133][    C1] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  208.219588][    C1] cdc_wdm 8-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1
[  208.280584][  T856] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  208.469529][  T856] usb 7-1: Using ep0 maxpacket: 8
[  208.515234][  T856] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  208.522839][  T856] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  208.530833][  T856] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  208.535991][  T856] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024
[  208.544946][  T856] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  208.550226][  T856] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  208.555811][  T856] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  208.561041][ T5888] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  208.561097][ T5888] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.572439][  T856] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.695234][ T5888] usb 6-1: config 0 descriptor??
[  208.741265][ T5819] usb 8-1: USB disconnect, device number 4
[  208.794623][  T856] usb 7-1: usb_control_msg returned -32
[  208.809576][  T856] usbtmc 7-1:16.0: can't read capabilities
[  208.905473][ T5888] cp210x 6-1:0.0: cp210x converter detected
[  208.989598][ T5819] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  209.059984][ T8199] binder: 8198:8199 ioctl c0306201 80000080 returned -14
[  209.067000][ T8199] binder: 8198:8199 ioctl c0306201 800003c0 returned -14
[  209.159909][ T5819] usb 8-1: Using ep0 maxpacket: 8
[  209.170015][ T5819] usb 8-1: config 0 has no interfaces?
[  209.172790][ T5819] usb 8-1: New USB device found, idVendor=2801, idProduct=0201, bcdDevice=2a.d5
[  209.178662][ T5819] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  209.184144][ T5819] usb 8-1: config 0 descriptor??
[  209.297441][ T5888] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -121
[  209.657886][ T5819] usb 8-1: USB disconnect, device number 5
[  210.590467][ T5888] cp210x 6-1:0.0: failed to get vendor val 0x370c size 73: -71
[  210.594266][ T5888] cp210x 6-1:0.0: GPIO initialisation failed: -71
[  210.603220][ T5888] usb 6-1: cp210x converter now attached to ttyUSB0
[  210.613151][ T5888] usb 6-1: USB disconnect, device number 2
[  210.631337][ T5888] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  210.635046][ T5888] cp210x 6-1:0.0: device disconnected
[  210.689541][ T8217] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  210.696929][  T189] Bluetooth: hci4: Frame reassembly failed (-84)
[  210.890866][ T8220] netlink: 16 bytes leftover after parsing attributes in process `syz.1.686'.
[  211.237765][ T8231] syzkaller0: entered promiscuous mode
[  211.241899][ T8231] syzkaller0: entered allmulticast mode
[  211.399690][ T8240] FAULT_INJECTION: forcing a failure.
[  211.399690][ T8240] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  211.406352][ T8240] CPU: 1 UID: 0 PID: 8240 Comm: syz.1.692 Not tainted syzkaller #0 PREEMPT(full) 
[  211.406376][ T8240] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  211.406385][ T8240] Call Trace:
[  211.406393][ T8240]  <TASK>
[  211.406400][ T8240]  dump_stack_lvl+0x100/0x190
[  211.406430][ T8240]  should_fail_ex.cold+0x5/0xa
[  211.406464][ T8240]  _copy_from_user+0x2e/0xd0
[  211.406488][ T8240]  get_compat_msghdr+0xb3/0x4b0
[  211.406506][ T8240]  ? __pfx_get_compat_msghdr+0x10/0x10
[  211.406529][ T8240]  ___sys_sendmsg+0x1b6/0x1e0
[  211.406551][ T8240]  ? __pfx____sys_sendmsg+0x10/0x10
[  211.406581][ T8240]  ? find_held_lock+0x2b/0x80
[  211.406612][ T8240]  __sys_sendmsg+0x170/0x220
[  211.406628][ T8240]  ? __pfx___sys_sendmsg+0x10/0x10
[  211.406641][ T8240]  ? __fget_files+0x21f/0x3d0
[  211.406663][ T8240]  ? ksys_write+0x1ac/0x250
[  211.406681][ T8240]  ? rcu_is_watching+0x12/0xc0
[  211.406701][ T8240]  __do_fast_syscall_32+0xe7/0x970
[  211.406728][ T8240]  ? lockdep_hardirqs_on+0x78/0x100
[  211.406751][ T8240]  do_fast_syscall_32+0x32/0x70
[  211.406772][ T8240]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  211.406791][ T8240] RIP: 0023:0xf706ef7c
[  211.406805][ T8240] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  211.406819][ T8240] RSP: 002b:00000000f545d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  211.406836][ T8240] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300
[  211.406846][ T8240] RDX: 0000000020004800 RSI: 0000000000000000 RDI: 0000000000000000
[  211.406855][ T8240] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  211.406863][ T8240] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  211.406872][ T8240] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  211.406892][ T8240]  </TASK>
[  211.583078][ T8243] warning: `syz.3.693' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  212.346579][ T8247] FAULT_INJECTION: forcing a failure.
[  212.346579][ T8247] name failslab, interval 1, probability 0, space 0, times 0
[  212.353336][ T8247] CPU: 1 UID: 0 PID: 8247 Comm: syz.3.695 Not tainted syzkaller #0 PREEMPT(full) 
[  212.353380][ T8247] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  212.353392][ T8247] Call Trace:
[  212.353399][ T8247]  <TASK>
[  212.353405][ T8247]  dump_stack_lvl+0x100/0x190
[  212.353440][ T8247]  should_fail_ex.cold+0x5/0xa
[  212.353464][ T8247]  should_failslab+0xc2/0x120
[  212.353487][ T8247]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  212.353518][ T8247]  ? __alloc_skb+0x140/0x710
[  212.353536][ T8247]  ? __alloc_skb+0x5b7/0x710
[  212.353556][ T8247]  __alloc_skb+0x140/0x710
[  212.353571][ T8247]  ? __alloc_skb+0x5b7/0x710
[  212.353589][ T8247]  ? __pfx___alloc_skb+0x10/0x10
[  212.353613][ T8247]  netlink_alloc_large_skb+0x69/0x150
[  212.353640][ T8247]  netlink_sendmsg+0x680/0xda0
[  212.353667][ T8247]  ? __pfx_netlink_sendmsg+0x10/0x10
[  212.353694][ T8247]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  212.353720][ T8247]  ____sys_sendmsg+0x9e1/0xb70
[  212.353743][ T8247]  ? __pfx_netlink_sendmsg+0x10/0x10
[  212.353770][ T8247]  ? __pfx_____sys_sendmsg+0x10/0x10
[  212.353808][ T8247]  ___sys_sendmsg+0x190/0x1e0
[  212.353838][ T8247]  ? __pfx____sys_sendmsg+0x10/0x10
[  212.353877][ T8247]  ? find_held_lock+0x2b/0x80
[  212.353914][ T8247]  __sys_sendmsg+0x170/0x220
[  212.353934][ T8247]  ? __pfx___sys_sendmsg+0x10/0x10
[  212.353952][ T8247]  ? __fget_files+0x21f/0x3d0
[  212.353980][ T8247]  ? ksys_write+0x1ac/0x250
[  212.354006][ T8247]  ? rcu_is_watching+0x12/0xc0
[  212.354031][ T8247]  __do_fast_syscall_32+0xe7/0x970
[  212.354057][ T8247]  ? lockdep_hardirqs_on+0x78/0x100
[  212.354084][ T8247]  do_fast_syscall_32+0x32/0x70
[  212.354112][ T8247]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  212.354136][ T8247] RIP: 0023:0xf709ef7c
[  212.354152][ T8247] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  212.354174][ T8247] RSP: 002b:00000000f548d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  212.354193][ T8247] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000180
[  212.354208][ T8247] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  212.354219][ T8247] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  212.354230][ T8247] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  212.354241][ T8247] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  212.354276][ T8247]  </TASK>
[  212.486729][ T8249] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  212.493861][   T85] Bluetooth: hci5: Frame reassembly failed (-84)
[  212.754542][ T5102] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  212.757929][   T62] Bluetooth: hci4: command 0x1003 tx timeout
[  213.226439][ T8268] netlink: 20 bytes leftover after parsing attributes in process `syz.0.702'.
[  213.303131][ T8269] input: syz1 as /devices/virtual/input/input10
[  214.546478][ T8286] FAULT_INJECTION: forcing a failure.
[  214.546478][ T8286] name failslab, interval 1, probability 0, space 0, times 0
[  214.550182][ T5102] Bluetooth: hci5: command 0x1003 tx timeout
[  214.552788][ T8286] CPU: 1 UID: 0 PID: 8286 Comm: syz.0.708 Not tainted syzkaller #0 PREEMPT(full) 
[  214.552812][ T8286] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  214.552822][ T8286] Call Trace:
[  214.552829][ T8286]  <TASK>
[  214.552836][ T8286]  dump_stack_lvl+0x100/0x190
[  214.552880][ T8286]  should_fail_ex.cold+0x5/0xa
[  214.552903][ T8286]  should_failslab+0xc2/0x120
[  214.552924][ T8286]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  214.552950][ T8286]  ? skb_clone+0x190/0x400
[  214.552973][ T8286]  skb_clone+0x190/0x400
[  214.552991][ T8286]  netlink_deliver_tap+0xaed/0xcc0
[  214.553018][ T8286]  netlink_unicast+0x6a5/0x850
[  214.553043][ T8286]  ? __pfx_netlink_unicast+0x10/0x10
[  214.553065][ T8286]  ? __asan_memcpy+0x3c/0x60
[  214.553089][ T8286]  ? nla_put_64bit+0x11a/0x160
[  214.553111][ T8286]  nl80211_tx_mgmt+0xd75/0xf30
[  214.553134][ T8286]  ? __pfx_nl80211_tx_mgmt+0x10/0x10
[  214.553153][ T8286]  ? __pfx_netdev_run_todo+0x10/0x10
[  214.553189][ T8286]  ? nl80211_pre_doit+0x19a/0xae0
[  214.553216][ T8286]  genl_family_rcv_msg_doit+0x214/0x300
[  214.553272][ T8286]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  214.553300][ T8286]  ? genl_get_cmd+0x3e7/0x760
[  214.553328][ T8286]  ? bpf_lsm_capable+0x9/0x10
[  214.553345][ T8286]  ? security_capable+0x80/0x260
[  214.553362][ T8286]  ? ns_capable+0xd2/0xf0
[  214.553384][ T8286]  genl_rcv_msg+0x560/0x800
[  214.553411][ T8286]  ? __pfx_genl_rcv_msg+0x10/0x10
[  214.553433][ T8286]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  214.553484][ T8286]  ? __pfx_nl80211_tx_mgmt+0x10/0x10
[  214.553502][ T8286]  ? __pfx_nl80211_post_doit+0x10/0x10
[  214.553534][ T8286]  netlink_rcv_skb+0x159/0x420
[  214.553556][ T8286]  ? __pfx_genl_rcv_msg+0x10/0x10
[  214.553581][ T8286]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  214.553613][ T8286]  ? netlink_deliver_tap+0x1ae/0xcc0
[  214.553636][ T8286]  genl_rcv+0x28/0x40
[  214.553657][ T8286]  netlink_unicast+0x585/0x850
[  214.553685][ T8286]  ? __pfx_netlink_unicast+0x10/0x10
[  214.553716][ T8286]  netlink_sendmsg+0x8b0/0xda0
[  214.553742][ T8286]  ? __pfx_netlink_sendmsg+0x10/0x10
[  214.553767][ T8286]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  214.553789][ T8286]  ____sys_sendmsg+0x9e1/0xb70
[  214.553809][ T8286]  ? __pfx_netlink_sendmsg+0x10/0x10
[  214.553831][ T8286]  ? __pfx_____sys_sendmsg+0x10/0x10
[  214.553862][ T8286]  ___sys_sendmsg+0x190/0x1e0
[  214.553887][ T8286]  ? __pfx____sys_sendmsg+0x10/0x10
[  214.553922][ T8286]  ? find_held_lock+0x2b/0x80
[  214.553959][ T8286]  __sys_sendmsg+0x170/0x220
[  214.553978][ T8286]  ? __pfx___sys_sendmsg+0x10/0x10
[  214.553993][ T8286]  ? __fget_files+0x21f/0x3d0
[  214.554021][ T8286]  ? ksys_write+0x1ac/0x250
[  214.554042][ T8286]  ? rcu_is_watching+0x12/0xc0
[  214.554064][ T8286]  __do_fast_syscall_32+0xe7/0x970
[  214.554087][ T8286]  ? lockdep_hardirqs_on+0x78/0x100
[  214.554111][ T8286]  do_fast_syscall_32+0x32/0x70
[  214.554135][ T8286]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  214.554156][ T8286] RIP: 0023:0xf6fcef7c
[  214.554171][ T8286] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  214.554241][ T8286] RSP: 002b:00000000f53bd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  214.554261][ T8286] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  214.554271][ T8286] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000000000000
[  214.554281][ T8286] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  214.554290][ T8286] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  214.554299][ T8286] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  214.554324][ T8286]  </TASK>
[  214.604001][ T5747] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  214.751461][ T8209] usbtmc 7-1:16.0: usb_control_msg returned -110
[  214.895920][ T5888] usb 7-1: USB disconnect, device number 6
[  214.971765][ T8294] hsr0 speed is unknown, defaulting to 1000
[  215.002569][ T8294] hsr0 speed is unknown, defaulting to 1000
[  215.007715][ T8294] hsr0 speed is unknown, defaulting to 1000
[  215.015050][ T8294] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000
[  215.050619][ T8294] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6
[  215.058389][ T8294] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008
[  215.076930][ T8294] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  215.110170][ T8294] hsr0 speed is unknown, defaulting to 1000
[  215.112729][ T8304] netlink: 92 bytes leftover after parsing attributes in process `syz.0.716'.
[  215.123976][ T8304] netlink: 92 bytes leftover after parsing attributes in process `syz.0.716'.
[  215.130091][ T8294] hsr0 speed is unknown, defaulting to 1000
[  215.132900][ T8299] FAULT_INJECTION: forcing a failure.
[  215.132900][ T8299] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  215.132931][ T8299] CPU: 0 UID: 0 PID: 8299 Comm: syz.2.714 Not tainted syzkaller #0 PREEMPT(full) 
[  215.132950][ T8299] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  215.132960][ T8299] Call Trace:
[  215.132966][ T8299]  <TASK>
[  215.132973][ T8299]  dump_stack_lvl+0x100/0x190
[  215.133005][ T8299]  should_fail_ex.cold+0x5/0xa
[  215.133027][ T8299]  _copy_to_user+0x32/0xd0
[  215.133052][ T8299]  msr_read+0x14e/0x250
[  215.133077][ T8299]  ? __pfx_msr_read+0x10/0x10
[  215.133098][ T8299]  ? bpf_lsm_file_permission+0x9/0x10
[  215.133114][ T8299]  ? security_file_permission+0x76/0x210
[  215.133135][ T8299]  ? rw_verify_area+0xce/0x6d0
[  215.133152][ T8299]  ? __pfx_msr_read+0x10/0x10
[  215.133175][ T8299]  vfs_read+0x1e4/0xb30
[  215.133195][ T8299]  ? __pfx_vfs_read+0x10/0x10
[  215.133211][ T8299]  ? find_held_lock+0x2b/0x80
[  215.133231][ T8299]  ? __fget_files+0x215/0x3d0
[  215.133278][ T8299]  ? __fget_files+0x215/0x3d0
[  215.133298][ T8299]  ? __fget_files+0x21f/0x3d0
[  215.133323][ T8299]  ksys_read+0x12a/0x250
[  215.133340][ T8299]  ? __pfx_ksys_read+0x10/0x10
[  215.133357][ T8299]  ? ksys_write+0x1ac/0x250
[  215.133377][ T8299]  ? rcu_is_watching+0x12/0xc0
[  215.133398][ T8299]  __do_fast_syscall_32+0xe7/0x970
[  215.133422][ T8299]  ? lockdep_hardirqs_on+0x78/0x100
[  215.133447][ T8299]  do_fast_syscall_32+0x32/0x70
[  215.133487][ T8299]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  215.133510][ T8299] RIP: 0023:0xf7f27f7c
[  215.133524][ T8299] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  215.133539][ T8299] RSP: 002b:00000000f53e650c EFLAGS: 00000292 ORIG_RAX: 0000000000000003
[  215.133556][ T8299] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080019680
[  215.133566][ T8299] RDX: 0000000000018ff8 RSI: 0000000000000000 RDI: 0000000000000000
[  215.133576][ T8299] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  215.133586][ T8299] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  215.133595][ T8299] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  215.133618][ T8299]  </TASK>
[  215.197431][ T8310] fuse: Bad value for 'fd'
[  215.200014][ T8294] hsr0 speed is unknown, defaulting to 1000
[  215.271479][ T8294] hsr0 speed is unknown, defaulting to 1000
[  215.610211][ T8322] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  215.621674][ T1224] Bluetooth: hci4: Frame reassembly failed (-84)
[  215.743422][ T8324] netlink: 32 bytes leftover after parsing attributes in process `syz.2.719'.
[  216.043360][ T8326] FAULT_INJECTION: forcing a failure.
[  216.043360][ T8326] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  216.051608][ T8326] CPU: 1 UID: 0 PID: 8326 Comm: syz.1.722 Not tainted syzkaller #0 PREEMPT(full) 
[  216.051650][ T8326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  216.051661][ T8326] Call Trace:
[  216.051668][ T8326]  <TASK>
[  216.051676][ T8326]  dump_stack_lvl+0x100/0x190
[  216.051710][ T8326]  should_fail_ex.cold+0x5/0xa
[  216.051732][ T8326]  save_fsave_header+0x14c/0x2f0
[  216.051758][ T8326]  ? __pfx_save_fsave_header+0x10/0x10
[  216.051790][ T8326]  ? copy_fpstate_to_sigframe+0x2b8/0xb00
[  216.051813][ T8326]  ? rcu_is_watching+0x12/0xc0
[  216.051833][ T8326]  ? copy_fpstate_to_sigframe+0x2b8/0xb00
[  216.051857][ T8326]  ? __local_bh_enable_ip+0x9e/0x120
[  216.051881][ T8326]  copy_fpstate_to_sigframe+0x76a/0xb00
[  216.051910][ T8326]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  216.051938][ T8326]  ? __sigqueue_free+0xc3/0x2a0
[  216.051964][ T8326]  ? collect_signal+0x271/0x550
[  216.051988][ T8326]  ? x86_task_fpu+0x5f/0x90
[  216.052012][ T8326]  get_sigframe+0x3fb/0x940
[  216.052040][ T8326]  ? __pfx_get_sigframe+0x10/0x10
[  216.052059][ T8326]  ? rcu_is_watching+0x12/0xc0
[  216.052078][ T8326]  ? _raw_spin_unlock_irq+0x23/0x50
[  216.052099][ T8326]  ? siginfo_layout+0x156/0x290
[  216.052135][ T8326]  ? get_signal+0x169/0x2210
[  216.052159][ T8326]  ia32_setup_frame+0xe5/0x990
[  216.052182][ T8326]  ? __pfx_ia32_setup_frame+0x10/0x10
[  216.052200][ T8326]  ? rcu_is_watching+0x12/0xc0
[  216.052219][ T8326]  ? kasan_quarantine_put+0x104/0x240
[  216.052240][ T8326]  arch_do_signal_or_restart+0x571/0x7a0
[  216.052265][ T8326]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  216.052288][ T8326]  ? __ia32_sys_mount+0x239/0x310
[  216.052325][ T8326]  ? rcu_is_watching+0x12/0xc0
[  216.052347][ T8326]  exit_to_user_mode_loop+0x98/0x670
[  216.052373][ T8326]  ? rcu_is_watching+0x12/0xc0
[  216.052395][ T8326]  __do_fast_syscall_32+0x701/0x970
[  216.052419][ T8326]  ? lockdep_hardirqs_on+0x78/0x100
[  216.052443][ T8326]  do_fast_syscall_32+0x32/0x70
[  216.052466][ T8326]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  216.052488][ T8326] RIP: 0023:0xf706ef7c
[  216.052502][ T8326] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  216.052518][ T8326] RSP: 002b:00000000f545d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000015
[  216.052535][ T8326] RAX: fffffffffffffffc RBX: 0000000000000000 RCX: 0000000080000140
[  216.052546][ T8326] RDX: 0000000000000000 RSI: 0000000000020000 RDI: 0000000000000000
[  216.052556][ T8326] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  216.052565][ T8326] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  216.052575][ T8326] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  216.052597][ T8326]  </TASK>
[  216.636505][ T8340] FAULT_INJECTION: forcing a failure.
[  216.636505][ T8340] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  216.643786][ T8340] CPU: 1 UID: 0 PID: 8340 Comm: syz.0.727 Not tainted syzkaller #0 PREEMPT(full) 
[  216.643811][ T8340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  216.643822][ T8340] Call Trace:
[  216.643830][ T8340]  <TASK>
[  216.643839][ T8340]  dump_stack_lvl+0x100/0x190
[  216.643874][ T8340]  should_fail_ex.cold+0x5/0xa
[  216.643897][ T8340]  _copy_from_user+0x2e/0xd0
[  216.643924][ T8340]  kstrtouint_from_user+0xd6/0x1d0
[  216.643943][ T8340]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  216.643960][ T8340]  ? __lock_acquire+0x4a5/0x2630
[  216.643998][ T8340]  proc_fail_nth_write+0x83/0x220
[  216.644027][ T8340]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  216.644062][ T8340]  vfs_write+0x2aa/0x1070
[  216.644084][ T8340]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  216.644113][ T8340]  ? __pfx_vfs_write+0x10/0x10
[  216.644130][ T8340]  ? find_held_lock+0x2b/0x80
[  216.644151][ T8340]  ? __fget_files+0x215/0x3d0
[  216.644177][ T8340]  ? __fget_files+0x21f/0x3d0
[  216.644205][ T8340]  ksys_write+0x12a/0x250
[  216.644224][ T8340]  ? __pfx_ksys_write+0x10/0x10
[  216.644245][ T8340]  ? rcu_is_watching+0x12/0xc0
[  216.644269][ T8340]  do_int80_emulation+0x14b/0x720
[  216.644298][ T8340]  asm_int80_emulation+0x1a/0x20
[  216.644315][ T8340] RIP: 0023:0xf71061ab
[  216.644331][ T8340] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  216.644347][ T8340] RSP: 002b:00000000f53bd4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[  216.644365][ T8340] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f53bd5d0
[  216.644377][ T8340] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  216.644386][ T8340] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  216.644396][ T8340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  216.644405][ T8340] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  216.644429][ T8340]  </TASK>
[  216.919369][ T8345] netlink: 'syz.0.728': attribute type 2 has an invalid length.
[  216.925288][ T8345] ‚#{6c: entered promiscuous mode
[  216.929066][ T8345] netlink: 'syz.0.728': attribute type 2 has an invalid length.
[  216.932048][ T8345] ‚#{6c: left promiscuous mode
[  217.014023][ T8346] netlink: 208 bytes leftover after parsing attributes in process `syz.0.728'.
[  217.633564][ T5747] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  217.639185][ T5102] Bluetooth: hci4: command 0x1003 tx timeout
[  217.705747][ T8354] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future
[  217.772113][ T8354] 9p: Bad value for 'wfdno'
[  218.431354][ T8376] netlink: 20 bytes leftover after parsing attributes in process `syz.3.739'.
[  218.437389][ T8376] netlink: 4 bytes leftover after parsing attributes in process `syz.3.739'.
[  219.018088][ T8381] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  219.515968][ T8387] netlink: 332 bytes leftover after parsing attributes in process `syz.3.744'.
[  219.520015][ T8387] netlink: 'syz.3.744': attribute type 9 has an invalid length.
[  219.524511][ T8387] netlink: 108 bytes leftover after parsing attributes in process `syz.3.744'.
[  219.528489][ T8387] netlink: 32 bytes leftover after parsing attributes in process `syz.3.744'.
[  219.949855][ T8397] FAULT_INJECTION: forcing a failure.
[  219.949855][ T8397] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  219.957060][ T8397] CPU: 0 UID: 0 PID: 8397 Comm: syz.3.747 Not tainted syzkaller #0 PREEMPT(full) 
[  219.957100][ T8397] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  219.957110][ T8397] Call Trace:
[  219.957117][ T8397]  <TASK>
[  219.957123][ T8397]  dump_stack_lvl+0x100/0x190
[  219.957154][ T8397]  should_fail_ex.cold+0x5/0xa
[  219.957201][ T8397]  _copy_from_user+0x2e/0xd0
[  219.957240][ T8397]  get_compat_msghdr+0xb3/0x4b0
[  219.957259][ T8397]  ? __pfx_get_compat_msghdr+0x10/0x10
[  219.957279][ T8397]  ? rcu_is_watching+0x12/0xc0
[  219.957298][ T8397]  ? ___sys_recvmsg+0x177/0x1a0
[  219.957323][ T8397]  ? kfree+0x1dd/0x6c0
[  219.957351][ T8397]  ___sys_recvmsg+0x193/0x1a0
[  219.957373][ T8397]  ? __pfx____sys_recvmsg+0x10/0x10
[  219.957410][ T8397]  ? __pfx___might_resched+0x10/0x10
[  219.957433][ T8397]  do_recvmmsg+0x563/0x760
[  219.957458][ T8397]  ? __pfx_do_recvmmsg+0x10/0x10
[  219.957477][ T8397]  ? __schedule+0x325e/0x67a0
[  219.957495][ T8397]  ? __schedule+0x325e/0x67a0
[  219.957509][ T8397]  ? trace_sched_exit_tp+0x11c/0x160
[  219.957535][ T8397]  __sys_recvmmsg+0x21f/0x270
[  219.957548][ T8397]  ? __pfx___sys_recvmmsg+0x10/0x10
[  219.957561][ T8397]  ? exit_to_user_mode_loop+0xf3/0x670
[  219.957580][ T8397]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  219.957595][ T8397]  ? __do_fast_syscall_32+0x98/0x970
[  219.957611][ T8397]  ? lockdep_hardirqs_on+0x78/0x100
[  219.957626][ T8397]  __do_fast_syscall_32+0xe7/0x970
[  219.957642][ T8397]  ? lockdep_hardirqs_on+0x78/0x100
[  219.957658][ T8397]  do_fast_syscall_32+0x32/0x70
[  219.957674][ T8397]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  219.957691][ T8397] RIP: 0023:0xf709ef7c
[  219.957701][ T8397] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  219.957712][ T8397] RSP: 002b:00000000f546c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000151
[  219.957723][ T8397] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000900
[  219.957730][ T8397] RDX: 00000000040002e9 RSI: 0000000000000002 RDI: 0000000000000000
[  219.957736][ T8397] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  219.957742][ T8397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  219.957748][ T8397] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  219.957761][ T8397]  </TASK>
[  221.075704][ T5102] Bluetooth: hci4: command 0x1003 tx timeout
[  221.081197][ T5747] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  221.649016][ T8433] FAULT_INJECTION: forcing a failure.
[  221.649016][ T8433] name failslab, interval 1, probability 0, space 0, times 0
[  221.659500][ T8433] CPU: 3 UID: 0 PID: 8433 Comm: syz.0.756 Not tainted syzkaller #0 PREEMPT(full) 
[  221.659521][ T8433] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  221.659529][ T8433] Call Trace:
[  221.659536][ T8433]  <TASK>
[  221.659544][ T8433]  dump_stack_lvl+0x100/0x190
[  221.659571][ T8433]  should_fail_ex.cold+0x5/0xa
[  221.659588][ T8433]  ? tomoyo_realpath_from_path+0xb6/0x690
[  221.659608][ T8433]  should_failslab+0xc2/0x120
[  221.659624][ T8433]  __kmalloc_noprof+0xe0/0x850
[  221.659665][ T8433]  ? kfree+0x1dd/0x6c0
[  221.659688][ T8433]  tomoyo_realpath_from_path+0xb6/0x690
[  221.659713][ T8433]  tomoyo_path_number_perm+0x23c/0x580
[  221.659729][ T8433]  ? tomoyo_path_number_perm+0x22e/0x580
[  221.659745][ T8433]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  221.659762][ T8433]  ? get_pid_task+0x106/0x250
[  221.659794][ T8433]  ? find_held_lock+0x2b/0x80
[  221.659811][ T8433]  ? __fget_files+0x215/0x3d0
[  221.659825][ T8433]  ? hook_file_ioctl_common+0x149/0x410
[  221.659840][ T8433]  ? __fget_files+0x215/0x3d0
[  221.659858][ T8433]  ? __fget_files+0x21f/0x3d0
[  221.659876][ T8433]  security_file_ioctl_compat+0xd3/0x230
[  221.659893][ T8433]  __ia32_compat_sys_ioctl+0xc2/0x360
[  221.659909][ T8433]  __do_fast_syscall_32+0xe7/0x970
[  221.659929][ T8433]  ? lockdep_hardirqs_on+0x78/0x100
[  221.659949][ T8433]  do_fast_syscall_32+0x32/0x70
[  221.659968][ T8433]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  221.659985][ T8433] RIP: 0023:0xf6fcef7c
[  221.659996][ T8433] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  221.660009][ T8433] RSP: 002b:00000000f53bd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  221.660022][ T8433] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c008561c
[  221.660030][ T8433] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  221.660037][ T8433] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  221.660044][ T8433] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  221.660051][ T8433] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  221.660067][ T8433]  </TASK>
[  221.660073][ T8433] ERROR: Out of memory at tomoyo_realpath_from_path.
[  221.871364][ T1162] Bluetooth: hci4: Frame reassembly failed (-84)
[  221.878820][ T8441] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  222.748290][ T8485] FAULT_INJECTION: forcing a failure.
[  222.748290][ T8485] name failslab, interval 1, probability 0, space 0, times 0
[  222.753703][ T8485] CPU: 0 UID: 0 PID: 8485 Comm: syz.1.768 Not tainted syzkaller #0 PREEMPT(full) 
[  222.753743][ T8485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  222.753752][ T8485] Call Trace:
[  222.753759][ T8485]  <TASK>
[  222.753766][ T8485]  dump_stack_lvl+0x100/0x190
[  222.753798][ T8485]  should_fail_ex.cold+0x5/0xa
[  222.753819][ T8485]  should_failslab+0xc2/0x120
[  222.753839][ T8485]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  222.753865][ T8485]  ? security_file_alloc+0x34/0x2c0
[  222.753885][ T8485]  ? trace_kmem_cache_alloc+0xd5/0x100
[  222.753907][ T8485]  security_file_alloc+0x34/0x2c0
[  222.753930][ T8485]  init_file+0x95/0x480
[  222.753954][ T8485]  alloc_empty_file+0x79/0x1c0
[  222.753979][ T8485]  path_openat+0xe8/0x31a0
[  222.753998][ T8485]  ? kasan_save_stack+0x3f/0x50
[  222.754013][ T8485]  ? kasan_save_stack+0x30/0x50
[  222.754026][ T8485]  ? kasan_save_track+0x14/0x30
[  222.754041][ T8485]  ? __kasan_slab_alloc+0x89/0x90
[  222.754056][ T8485]  ? kmem_cache_alloc_noprof+0x241/0x6e0
[  222.754079][ T8485]  ? do_getname+0x35/0x390
[  222.754102][ T8485]  ? do_int80_emulation+0x14b/0x720
[  222.754125][ T8485]  ? asm_int80_emulation+0x1a/0x20
[  222.754144][ T8485]  ? __pfx_path_openat+0x10/0x10
[  222.754169][ T8485]  do_file_open+0x20e/0x430
[  222.754190][ T8485]  ? __pfx_do_file_open+0x10/0x10
[  222.754225][ T8485]  ? _raw_spin_unlock+0x28/0x50
[  222.754244][ T8485]  ? alloc_fd+0x476/0x790
[  222.754271][ T8485]  do_sys_openat2+0x10d/0x1e0
[  222.754296][ T8485]  ? __pfx_do_sys_openat2+0x10/0x10
[  222.754326][ T8485]  __ia32_compat_sys_openat+0x12d/0x210
[  222.754352][ T8485]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  222.754376][ T8485]  ? ksys_write+0x1ac/0x250
[  222.754396][ T8485]  ? rcu_is_watching+0x12/0xc0
[  222.754418][ T8485]  do_int80_emulation+0x14b/0x720
[  222.754443][ T8485]  asm_int80_emulation+0x1a/0x20
[  222.754459][ T8485] RIP: 0023:0xf71a61ab
[  222.754472][ T8485] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  222.754487][ T8485] RSP: 002b:00000000f541b3cc EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  222.754505][ T8485] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f541b490
[  222.754515][ T8485] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  222.754524][ T8485] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  222.754533][ T8485] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  222.754542][ T8485] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  222.754562][ T8485]  </TASK>
[  223.656192][ T8497] netlink: 16 bytes leftover after parsing attributes in process `syz.1.771'.
[  223.665165][ T8497] capability: warning: `syz.1.771' uses 32-bit capabilities (legacy support in use)
[  223.932637][ T5102] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  223.936447][ T5747] Bluetooth: hci4: command 0x1003 tx timeout
[  224.331049][ T8502] FAULT_INJECTION: forcing a failure.
[  224.331049][ T8502] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  224.336415][ T8502] CPU: 0 UID: 0 PID: 8502 Comm: syz.1.773 Not tainted syzkaller #0 PREEMPT(full) 
[  224.336451][ T8502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  224.336461][ T8502] Call Trace:
[  224.336468][ T8502]  <TASK>
[  224.336474][ T8502]  dump_stack_lvl+0x100/0x190
[  224.336508][ T8502]  should_fail_ex.cold+0x5/0xa
[  224.336530][ T8502]  _copy_from_user+0x2e/0xd0
[  224.336559][ T8502]  get_compat_msghdr+0xb3/0x4b0
[  224.336580][ T8502]  ? __pfx_get_compat_msghdr+0x10/0x10
[  224.336600][ T8502]  ? rcu_is_watching+0x12/0xc0
[  224.336619][ T8502]  ? ___sys_recvmsg+0x177/0x1a0
[  224.336641][ T8502]  ? kfree+0x1dd/0x6c0
[  224.336668][ T8502]  ___sys_recvmsg+0x193/0x1a0
[  224.336692][ T8502]  ? __pfx____sys_recvmsg+0x10/0x10
[  224.336728][ T8502]  ? __pfx___might_resched+0x10/0x10
[  224.336751][ T8502]  do_recvmmsg+0x563/0x760
[  224.336778][ T8502]  ? __pfx_do_recvmmsg+0x10/0x10
[  224.336805][ T8502]  ? ksys_write+0x190/0x250
[  224.336823][ T8502]  ? ksys_write+0x190/0x250
[  224.336848][ T8502]  ? __fget_files+0x215/0x3d0
[  224.336867][ T8502]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  224.336897][ T8502]  __sys_recvmmsg+0x21f/0x270
[  224.336914][ T8502]  ? __pfx___sys_recvmmsg+0x10/0x10
[  224.336933][ T8502]  ? ksys_write+0x1ac/0x250
[  224.336954][ T8502]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  224.336976][ T8502]  ? __do_fast_syscall_32+0x98/0x970
[  224.337000][ T8502]  ? lockdep_hardirqs_on+0x78/0x100
[  224.337023][ T8502]  __do_fast_syscall_32+0xe7/0x970
[  224.337046][ T8502]  ? lockdep_hardirqs_on+0x78/0x100
[  224.337070][ T8502]  do_fast_syscall_32+0x32/0x70
[  224.337095][ T8502]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  224.337138][ T8502] RIP: 0023:0xf706ef7c
[  224.337153][ T8502] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  224.337169][ T8502] RSP: 002b:00000000f543c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000151
[  224.337185][ T8502] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080000900
[  224.337196][ T8502] RDX: 00000000040002e9 RSI: 0000000000000002 RDI: 0000000000000000
[  224.337205][ T8502] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  224.337215][ T8502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  224.337224][ T8502] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  224.337246][ T8502]  </TASK>
[  224.716962][ T8505] tmpfs: Bad value for 'mpol'
[  224.981067][ T8507] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  225.508125][ T8519] netlink: 4 bytes leftover after parsing attributes in process `syz.2.775'.
[  225.514147][ T8519] netlink: 4 bytes leftover after parsing attributes in process `syz.2.775'.
[  225.768199][ T8527] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  225.777738][   T12] Bluetooth: hci4: Frame reassembly failed (-84)
[  225.799927][ T5827] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  226.059499][ T5827] usb 7-1: Using ep0 maxpacket: 16
[  226.064377][ T5827] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  226.069068][ T5827] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  226.073624][ T5827] usb 7-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00
[  226.078037][ T5827] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.085557][ T5827] usb 7-1: config 0 descriptor??
[  226.812050][ T8544] syzkaller0: entered promiscuous mode
[  226.814517][ T8544] syzkaller0: entered allmulticast mode
[  226.837900][ T8544] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  226.843794][ T8543] tipc: Resetting bearer <eth:syzkaller0>
[  226.862367][ T8543] tipc: Disabling bearer <eth:syzkaller0>
[  226.999022][ T8547] netlink: 4 bytes leftover after parsing attributes in process `syz.2.775'.
[  227.007362][ T8547] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  227.016411][ T8547] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  227.806994][ T5747] Bluetooth: hci4: command 0x1003 tx timeout
[  227.816520][ T5102] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  227.835484][ T8553] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  227.838210][ T8553] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  227.891675][ T8553] vhci_hcd vhci_hcd.0: Device attached
[  227.973995][ T8559] FAULT_INJECTION: forcing a failure.
[  227.973995][ T8559] name failslab, interval 1, probability 0, space 0, times 0
[  227.978720][ T8559] CPU: 1 UID: 0 PID: 8559 Comm: syz.0.794 Not tainted syzkaller #0 PREEMPT(full) 
[  227.978743][ T8559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  227.978754][ T8559] Call Trace:
[  227.978760][ T8559]  <TASK>
[  227.978767][ T8559]  dump_stack_lvl+0x100/0x190
[  227.978802][ T8559]  should_fail_ex.cold+0x5/0xa
[  227.978826][ T8559]  should_failslab+0xc2/0x120
[  227.978847][ T8559]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  227.978875][ T8559]  ? sk_prot_alloc+0x60/0x2a0
[  227.978902][ T8559]  sk_prot_alloc+0x60/0x2a0
[  227.978925][ T8559]  sk_alloc+0x36/0xe80
[  227.978943][ T8559]  pn_socket_create+0x22d/0x560
[  227.978976][ T8559]  __sock_create+0x339/0x860
[  227.979004][ T8559]  __sys_socket+0x14d/0x260
[  227.979028][ T8559]  ? __pfx___sys_socket+0x10/0x10
[  227.979051][ T8559]  ? fput+0x79/0x100
[  227.979074][ T8559]  ? ksys_write+0x1ac/0x250
[  227.979098][ T8559]  __ia32_sys_socket+0x72/0xb0
[  227.979121][ T8559]  ? lockdep_hardirqs_on+0x78/0x100
[  227.979145][ T8559]  __do_fast_syscall_32+0xe7/0x970
[  227.979171][ T8559]  ? lockdep_hardirqs_on+0x78/0x100
[  227.979195][ T8559]  do_fast_syscall_32+0x32/0x70
[  227.979221][ T8559]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  227.979243][ T8559] RIP: 0023:0xf6fcef7c
[  227.979258][ T8559] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  227.979275][ T8559] RSP: 002b:00000000f53bd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000167
[  227.979293][ T8559] RAX: ffffffffffffffda RBX: 0000000000000023 RCX: 0000000000000005
[  227.979304][ T8559] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  227.979314][ T8559] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  227.979324][ T8559] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  227.979352][ T8559] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  227.979379][ T8559]  </TASK>
[  228.241452][ T8553] rdma_rxe: rxe_newlink: failed to add wg2
[  228.305334][   T39] usb 40-1: SetAddress Request (3) to port 0
[  228.325290][   T39] usb 40-1: new SuperSpeed USB device number 3 using vhci_hcd
[  228.471807][ T8554] vhci_hcd: connection reset by peer
[  228.478471][  T105] vhci_hcd vhci_hcd.1: stop threads
[  228.484726][  T105] vhci_hcd vhci_hcd.1: release socket
[  228.491968][  T105] vhci_hcd vhci_hcd.1: disconnect device
[  228.863167][ T5827] usb 7-1: USB disconnect, device number 7
[  229.496745][ T8576] netlink: 20 bytes leftover after parsing attributes in process `syz.1.797'.
[  229.501799][ T8576] netlink: 4 bytes leftover after parsing attributes in process `syz.1.797'.
[  229.884808][ T8586] can0: slcan on ttyS3.
[  229.992526][ T8594] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  230.000673][ T5747] Bluetooth: hci4: sending frame failed (-49)
[  230.004333][ T5102] Bluetooth: hci4: Opcode 0x1003 failed: -49
[  230.167104][ T8586] can0 (unregistered): slcan off ttyS3.
[  230.799617][ T8603] netlink: 48 bytes leftover after parsing attributes in process `syz.0.805'.
[  231.015581][ T8608] FAULT_INJECTION: forcing a failure.
[  231.015581][ T8608] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  231.022342][ T8608] CPU: 2 UID: 0 PID: 8608 Comm: syz.1.807 Not tainted syzkaller #0 PREEMPT(full) 
[  231.022367][ T8608] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  231.022376][ T8608] Call Trace:
[  231.022384][ T8608]  <TASK>
[  231.022391][ T8608]  dump_stack_lvl+0x100/0x190
[  231.022424][ T8608]  should_fail_ex.cold+0x5/0xa
[  231.022447][ T8608]  _copy_from_user+0x2e/0xd0
[  231.022471][ T8608]  ip_tunnel_parm_from_user+0xa5/0x370
[  231.022495][ T8608]  ? __pfx_ip_tunnel_parm_from_user+0x10/0x10
[  231.022521][ T8608]  ? kernel_text_address+0x8d/0x100
[  231.022537][ T8608]  ? __pfx_widen_string+0x10/0x10
[  231.022554][ T8608]  ? __kernel_text_address+0xd/0x30
[  231.022570][ T8608]  ? unwind_get_return_address+0x59/0xa0
[  231.022616][ T8608]  ip_tunnel_siocdevprivate+0xa1/0x1b0
[  231.022642][ T8608]  ? __pfx_ip_tunnel_siocdevprivate+0x10/0x10
[  231.022670][ T8608]  ? __pfx_stack_trace_save+0x10/0x10
[  231.022693][ T8608]  ? stack_depot_save_flags+0x27/0x9d0
[  231.022724][ T8608]  ipip6_tunnel_siocdevprivate+0x364/0x16a0
[  231.022756][ T8608]  ? __pfx_ipip6_tunnel_siocdevprivate+0x10/0x10
[  231.022782][ T8608]  ? __ia32_compat_sys_ioctl+0xc2/0x360
[  231.022800][ T8608]  ? __do_fast_syscall_32+0xe7/0x970
[  231.022825][ T8608]  ? do_fast_syscall_32+0x32/0x70
[  231.022848][ T8608]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  231.022874][ T8608]  ? lock_acquire+0x1b1/0x370
[  231.022905][ T8608]  ? full_name_hash+0xbc/0x100
[  231.022935][ T8608]  ? dev_ifsioc+0xc2f/0x1f10
[  231.022951][ T8608]  dev_ifsioc+0xc2f/0x1f10
[  231.022969][ T8608]  ? __pfx_dev_ifsioc+0x10/0x10
[  231.022983][ T8608]  ? __pfx___mutex_lock+0x10/0x10
[  231.023016][ T8608]  ? dev_load+0x8e/0x240
[  231.023030][ T8608]  ? dev_load+0x8e/0x240
[  231.023051][ T8608]  dev_ioctl+0x70e/0x1070
[  231.023070][ T8608]  sock_ioctl+0x494/0x6b0
[  231.023093][ T8608]  ? __pfx_sock_ioctl+0x10/0x10
[  231.023122][ T8608]  ? do_vfs_ioctl+0x226/0x13e0
[  231.023139][ T8608]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  231.023159][ T8608]  compat_sock_ioctl+0x400/0x760
[  231.023187][ T8608]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  231.023209][ T8608]  ? hook_file_ioctl_common+0x149/0x410
[  231.023236][ T8608]  ? __fget_files+0x21f/0x3d0
[  231.023262][ T8608]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  231.023286][ T8608]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  231.023307][ T8608]  __do_fast_syscall_32+0xe7/0x970
[  231.023330][ T8608]  ? lockdep_hardirqs_on+0x78/0x100
[  231.023355][ T8608]  do_fast_syscall_32+0x32/0x70
[  231.023380][ T8608]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  231.023402][ T8608] RIP: 0023:0xf706ef7c
[  231.023417][ T8608] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  231.023434][ T8608] RSP: 002b:00000000f545d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  231.023452][ T8608] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000089f2
[  231.023464][ T8608] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  231.023474][ T8608] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  231.023484][ T8608] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  231.023494][ T8608] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  231.023516][ T8608]  </TASK>
[  231.273480][ T8621] FAULT_INJECTION: forcing a failure.
[  231.273480][ T8621] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  231.287852][ T8621] CPU: 1 UID: 0 PID: 8621 Comm: syz.0.808 Not tainted syzkaller #0 PREEMPT(full) 
[  231.287872][ T8621] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  231.287880][ T8621] Call Trace:
[  231.287885][ T8621]  <TASK>
[  231.287890][ T8621]  dump_stack_lvl+0x100/0x190
[  231.287916][ T8621]  should_fail_ex.cold+0x5/0xa
[  231.287933][ T8621]  _copy_from_iter+0x1f4/0x1690
[  231.287954][ T8621]  ? __asan_memset+0x23/0x50
[  231.287975][ T8621]  ? __pfx__copy_from_iter+0x10/0x10
[  231.287993][ T8621]  ? __pfx___alloc_skb+0x10/0x10
[  231.288005][ T8621]  ? __pfx___might_resched+0x10/0x10
[  231.288025][ T8621]  netlink_sendmsg+0x808/0xda0
[  231.288048][ T8621]  ? __pfx_netlink_sendmsg+0x10/0x10
[  231.288067][ T8621]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  231.288088][ T8621]  ____sys_sendmsg+0x9e1/0xb70
[  231.288110][ T8621]  ? __pfx_netlink_sendmsg+0x10/0x10
[  231.288139][ T8621]  ? __pfx_____sys_sendmsg+0x10/0x10
[  231.288178][ T8621]  ___sys_sendmsg+0x190/0x1e0
[  231.288207][ T8621]  ? __pfx____sys_sendmsg+0x10/0x10
[  231.288247][ T8621]  ? find_held_lock+0x2b/0x80
[  231.288290][ T8621]  __sys_sendmsg+0x170/0x220
[  231.288314][ T8621]  ? __pfx___sys_sendmsg+0x10/0x10
[  231.288335][ T8621]  ? __fget_files+0x21f/0x3d0
[  231.288368][ T8621]  ? ksys_write+0x1ac/0x250
[  231.288394][ T8621]  ? rcu_is_watching+0x12/0xc0
[  231.288422][ T8621]  __do_fast_syscall_32+0xe7/0x970
[  231.288449][ T8621]  ? lockdep_hardirqs_on+0x78/0x100
[  231.288479][ T8621]  do_fast_syscall_32+0x32/0x70
[  231.288510][ T8621]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  231.288538][ T8621] RIP: 0023:0xf6fcef7c
[  231.288555][ T8621] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  231.288573][ T8621] RSP: 002b:00000000f539c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  231.288592][ T8621] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[  231.288604][ T8621] RDX: 0000000000000880 RSI: 0000000000000000 RDI: 0000000000000000
[  231.288615][ T8621] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  231.288627][ T8621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  231.288638][ T8621] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  231.288659][ T8621]  </TASK>
[  231.307486][ T1220] Bluetooth: hci4: Frame reassembly failed (-84)
[  231.468624][ T8629] FAULT_INJECTION: forcing a failure.
[  231.468624][ T8629] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  231.473763][ T8629] CPU: 0 UID: 0 PID: 8629 Comm: syz.0.814 Not tainted syzkaller #0 PREEMPT(full) 
[  231.473786][ T8629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  231.473794][ T8629] Call Trace:
[  231.473800][ T8629]  <TASK>
[  231.473807][ T8629]  dump_stack_lvl+0x100/0x190
[  231.473836][ T8629]  should_fail_ex.cold+0x5/0xa
[  231.473856][ T8629]  _copy_from_iter+0x1f4/0x1690
[  231.473883][ T8629]  ? __pfx__copy_from_iter+0x10/0x10
[  231.473903][ T8629]  ? find_held_lock+0x2b/0x80
[  231.473922][ T8629]  ? packet_cached_dev_get+0x14b/0x320
[  231.473942][ T8629]  ? packet_cached_dev_get+0x14b/0x320
[  231.473966][ T8629]  packet_sendmsg+0x1bb3/0x5100
[  231.473994][ T8629]  ? __pfx___might_resched+0x10/0x10
[  231.474014][ T8629]  ? aa_sk_perm+0x309/0xaa0
[  231.474034][ T8629]  ? __pfx_packet_sendmsg+0x10/0x10
[  231.474052][ T8629]  ? __pfx_aa_sk_perm+0x10/0x10
[  231.474075][ T8629]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  231.474131][ T8629]  ____sys_sendmsg+0x9e1/0xb70
[  231.474157][ T8629]  ? __pfx_packet_sendmsg+0x10/0x10
[  231.474177][ T8629]  ? __pfx_____sys_sendmsg+0x10/0x10
[  231.474204][ T8629]  ___sys_sendmsg+0x190/0x1e0
[  231.474226][ T8629]  ? __pfx____sys_sendmsg+0x10/0x10
[  231.474255][ T8629]  ? find_held_lock+0x2b/0x80
[  231.474286][ T8629]  __sys_sendmsg+0x170/0x220
[  231.474302][ T8629]  ? __pfx___sys_sendmsg+0x10/0x10
[  231.474316][ T8629]  ? __fget_files+0x21f/0x3d0
[  231.474339][ T8629]  ? ksys_write+0x1ac/0x250
[  231.474358][ T8629]  ? rcu_is_watching+0x12/0xc0
[  231.474378][ T8629]  __do_fast_syscall_32+0xe7/0x970
[  231.474400][ T8629]  ? lockdep_hardirqs_on+0x78/0x100
[  231.474423][ T8629]  do_fast_syscall_32+0x32/0x70
[  231.474444][ T8629]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  231.474464][ T8629] RIP: 0023:0xf6fcef7c
[  231.474476][ T8629] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  231.474491][ T8629] RSP: 002b:00000000f53bd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  231.474507][ T8629] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040
[  231.474516][ T8629] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  231.474525][ T8629] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  231.474533][ T8629] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  231.474543][ T8629] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  231.474566][ T8629]  </TASK>
[  231.582898][ T8634] tmpfs: Bad value for 'mpol'
[  231.648097][ T8631] syzkaller0: entered promiscuous mode
[  231.670333][ T8631] syzkaller0: entered allmulticast mode
[  233.044699][ T8656] FAULT_INJECTION: forcing a failure.
[  233.044699][ T8656] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  233.062073][ T8656] CPU: 2 UID: 0 PID: 8656 Comm: syz.0.822 Not tainted syzkaller #0 PREEMPT(full) 
[  233.062099][ T8656] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  233.062109][ T8656] Call Trace:
[  233.062115][ T8656]  <TASK>
[  233.062123][ T8656]  dump_stack_lvl+0x100/0x190
[  233.062182][ T8656]  should_fail_ex.cold+0x5/0xa
[  233.062204][ T8656]  _copy_to_user+0x32/0xd0
[  233.062230][ T8656]  simple_read_from_buffer+0xcb/0x170
[  233.062252][ T8656]  proc_fail_nth_read+0x1af/0x230
[  233.062279][ T8656]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  233.062306][ T8656]  ? rw_verify_area+0xce/0x6d0
[  233.062323][ T8656]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  233.062347][ T8656]  vfs_read+0x1e4/0xb30
[  233.062370][ T8656]  ? __pfx_vfs_read+0x10/0x10
[  233.062386][ T8656]  ? find_held_lock+0x2b/0x80
[  233.062408][ T8656]  ? __fget_files+0x215/0x3d0
[  233.062432][ T8656]  ? __fget_files+0x21f/0x3d0
[  233.062457][ T8656]  ksys_read+0x12a/0x250
[  233.062482][ T8656]  ? __pfx_ksys_read+0x10/0x10
[  233.062502][ T8656]  ? rcu_is_watching+0x12/0xc0
[  233.062523][ T8656]  ? rcu_is_watching+0x12/0xc0
[  233.062547][ T8656]  do_int80_emulation+0x14b/0x720
[  233.062578][ T8656]  asm_int80_emulation+0x1a/0x20
[  233.062597][ T8656] RIP: 0023:0xf71061ab
[  233.062612][ T8656] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  233.062630][ T8656] RSP: 002b:00000000f53bd4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  233.062648][ T8656] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f53bd5d0
[  233.062682][ T8656] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  233.062695][ T8656] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  233.062705][ T8656] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  233.062715][ T8656] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  233.062741][ T8656]  </TASK>
[  233.310303][ T5747] Bluetooth: hci4: command 0x1003 tx timeout
[  233.334979][ T5102] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  233.421145][   T39] usb 40-1: device descriptor read/8, error -110
[  233.536487][ T8667] netlink: 8 bytes leftover after parsing attributes in process `syz.0.827'.
[  233.855555][   T39] usb usb40-port1: attempt power cycle
[  234.419012][ T8683] FAULT_INJECTION: forcing a failure.
[  234.419012][ T8683] name failslab, interval 1, probability 0, space 0, times 0
[  234.432032][ T8683] CPU: 2 UID: 0 PID: 8683 Comm: syz.1.831 Not tainted syzkaller #0 PREEMPT(full) 
[  234.432059][ T8683] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  234.432070][ T8683] Call Trace:
[  234.432076][ T8683]  <TASK>
[  234.432084][ T8683]  dump_stack_lvl+0x100/0x190
[  234.432129][ T8683]  should_fail_ex.cold+0x5/0xa
[  234.432156][ T8683]  should_failslab+0xc2/0x120
[  234.432180][ T8683]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  234.432208][ T8683]  ? skb_clone+0x190/0x400
[  234.432232][ T8683]  skb_clone+0x190/0x400
[  234.432251][ T8683]  netlink_deliver_tap+0xaed/0xcc0
[  234.432278][ T8683]  netlink_unicast+0x62b/0x850
[  234.432298][ T8683]  ? __pfx_netlink_unicast+0x10/0x10
[  234.432318][ T8683]  netlink_sendmsg+0x8b0/0xda0
[  234.432336][ T8683]  ? __pfx_netlink_sendmsg+0x10/0x10
[  234.432354][ T8683]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  234.432370][ T8683]  ____sys_sendmsg+0x9e1/0xb70
[  234.432385][ T8683]  ? __pfx_netlink_sendmsg+0x10/0x10
[  234.432409][ T8683]  ? __pfx_____sys_sendmsg+0x10/0x10
[  234.432442][ T8683]  ___sys_sendmsg+0x190/0x1e0
[  234.432467][ T8683]  ? __pfx____sys_sendmsg+0x10/0x10
[  234.432506][ T8683]  ? find_held_lock+0x2b/0x80
[  234.432545][ T8683]  __sys_sendmsg+0x170/0x220
[  234.432563][ T8683]  ? __pfx___sys_sendmsg+0x10/0x10
[  234.432575][ T8683]  ? __fget_files+0x21f/0x3d0
[  234.432594][ T8683]  ? ksys_write+0x1ac/0x250
[  234.432608][ T8683]  ? rcu_is_watching+0x12/0xc0
[  234.432627][ T8683]  __do_fast_syscall_32+0xe7/0x970
[  234.432645][ T8683]  ? lockdep_hardirqs_on+0x78/0x100
[  234.432664][ T8683]  do_fast_syscall_32+0x32/0x70
[  234.432680][ T8683]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  234.432695][ T8683] RIP: 0023:0xf706ef7c
[  234.432704][ T8683] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  234.432715][ T8683] RSP: 002b:00000000f545d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  234.432726][ T8683] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000900
[  234.432733][ T8683] RDX: 0000000004048806 RSI: 0000000000000000 RDI: 0000000000000000
[  234.432739][ T8683] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  234.432745][ T8683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  234.432752][ T8683] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  234.432765][ T8683]  </TASK>
[  234.557153][   T39] usb usb40-port1: unable to enumerate USB device
[  234.680316][   T34] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  234.849677][   T34] usb 5-1: Using ep0 maxpacket: 16
[  234.858710][   T34] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  234.863142][   T34] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.867424][   T34] usb 5-1: Product: syz
[  234.869601][   T34] usb 5-1: Manufacturer: syz
[  234.871623][   T34] usb 5-1: SerialNumber: syz
[  234.873235][ T8688] syzkaller0: entered promiscuous mode
[  234.875690][ T8688] syzkaller0: entered allmulticast mode
[  234.885941][   T34] usb 5-1: config 0 descriptor??
[  235.608081][   T34] dvb_usb_dtv5100 5-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110
[  235.892566][ T5888] hid (null): unknown global tag 0xe
[  235.895388][ T5888] hid (null): invalid report_count 1932077467
[  235.983216][ T5888] hid-generic 0006:0009:0003.0002: reserved main item tag 0xe
[  235.986641][ T5888] hid-generic 0006:0009:0003.0002: unknown global tag 0xe
[  235.989573][ T5888] hid-generic 0006:0009:0003.0002: item 0 0 1 14 parsing failed
[  235.998856][ T5888] hid-generic 0006:0009:0003.0002: probe with driver hid-generic failed with error -22
[  238.254360][ T8680] netlink: 12 bytes leftover after parsing attributes in process `syz.0.832'.
[  238.317407][  T856] usb 5-1: USB disconnect, device number 7
[  238.484197][ T8724] FAULT_INJECTION: forcing a failure.
[  238.484197][ T8724] name failslab, interval 1, probability 0, space 0, times 0
[  238.492033][ T8724] CPU: 0 UID: 0 PID: 8724 Comm: syz.2.839 Not tainted syzkaller #0 PREEMPT(full) 
[  238.492069][ T8724] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  238.492081][ T8724] Call Trace:
[  238.492088][ T8724]  <TASK>
[  238.492095][ T8724]  dump_stack_lvl+0x100/0x190
[  238.492135][ T8724]  should_fail_ex.cold+0x5/0xa
[  238.492161][ T8724]  should_failslab+0xc2/0x120
[  238.492187][ T8724]  __kmalloc_cache_noprof+0x7a/0x6f0
[  238.492216][ T8724]  ? kvm_assign_ioeventfd_idx+0xac/0xa80
[  238.492253][ T8724]  kvm_assign_ioeventfd_idx+0xac/0xa80
[  238.492283][ T8724]  ? find_held_lock+0x2b/0x80
[  238.492324][ T8724]  ? __might_fault+0xc5/0x140
[  238.492357][ T8724]  kvm_ioeventfd+0x194/0x330
[  238.492385][ T8724]  kvm_vm_ioctl+0xd62/0x4050
[  238.492408][ T8724]  ? tomoyo_path_number_perm+0x46d/0x580
[  238.492431][ T8724]  ? stack_trace_save+0x8e/0xc0
[  238.492453][ T8724]  ? __pfx_stack_trace_save+0x10/0x10
[  238.492476][ T8724]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  238.492496][ T8724]  ? __lock_acquire+0x4a5/0x2630
[  238.492522][ T8724]  ? tomoyo_path_number_perm+0x46d/0x580
[  238.492542][ T8724]  ? kasan_save_stack+0x3f/0x50
[  238.492558][ T8724]  ? kasan_save_stack+0x30/0x50
[  238.492573][ T8724]  ? kasan_save_track+0x14/0x30
[  238.492589][ T8724]  ? kasan_save_free_info+0x3b/0x70
[  238.492611][ T8724]  ? __kasan_slab_free+0x5f/0x80
[  238.492627][ T8724]  ? kfree+0x223/0x6c0
[  238.492648][ T8724]  ? tomoyo_path_number_perm+0x46d/0x580
[  238.492667][ T8724]  ? security_file_ioctl_compat+0xd3/0x230
[  238.492687][ T8724]  ? __ia32_compat_sys_ioctl+0xc2/0x360
[  238.492704][ T8724]  ? __do_fast_syscall_32+0xe7/0x970
[  238.492729][ T8724]  ? kvm_arch_vm_compat_ioctl+0x2d0/0x470
[  238.492755][ T8724]  ? __pfx_kvm_arch_vm_compat_ioctl+0x10/0x10
[  238.492802][ T8724]  ? kasan_quarantine_put+0x104/0x240
[  238.492818][ T8724]  ? lockdep_hardirqs_on+0x78/0x100
[  238.492841][ T8724]  ? find_held_lock+0x2b/0x80
[  238.492861][ T8724]  ? tomoyo_path_number_perm+0x28f/0x580
[  238.492880][ T8724]  ? tomoyo_path_number_perm+0x28f/0x580
[  238.492929][ T8724]  ? tomoyo_path_number_perm+0x188/0x580
[  238.492954][ T8724]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  238.492975][ T8724]  ? get_pid_task+0x106/0x250
[  238.493005][ T8724]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  238.493030][ T8724]  ? do_vfs_ioctl+0x226/0x13e0
[  238.493047][ T8724]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  238.493072][ T8724]  kvm_vm_compat_ioctl+0x2f7/0x3f0
[  238.493094][ T8724]  ? __pfx_kvm_vm_compat_ioctl+0x10/0x10
[  238.493118][ T8724]  ? find_held_lock+0x2b/0x80
[  238.493137][ T8724]  ? __fget_files+0x215/0x3d0
[  238.493156][ T8724]  ? hook_file_ioctl_common+0x149/0x410
[  238.493182][ T8724]  ? __fget_files+0x21f/0x3d0
[  238.493206][ T8724]  ? __pfx_kvm_vm_compat_ioctl+0x10/0x10
[  238.493228][ T8724]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  238.493248][ T8724]  __do_fast_syscall_32+0xe7/0x970
[  238.493272][ T8724]  ? lockdep_hardirqs_on+0x78/0x100
[  238.493297][ T8724]  do_fast_syscall_32+0x32/0x70
[  238.493321][ T8724]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  238.493343][ T8724] RIP: 0023:0xf7f27f7c
[  238.493358][ T8724] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  238.493375][ T8724] RSP: 002b:00000000f53e650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  238.493393][ T8724] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000004040ae79
[  238.493403][ T8724] RDX: 0000000080000240 RSI: 0000000000000000 RDI: 0000000000000000
[  238.493413][ T8724] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  238.493422][ T8724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  238.493432][ T8724] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  238.493454][ T8724]  </TASK>
[  239.080162][ T8717] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  239.092458][ T8717] syzkaller0: entered promiscuous mode
[  239.097286][ T8717] syzkaller0: entered allmulticast mode
[  239.228923][   T40] audit: type=1326 audit(1780003722.391:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8729 comm="syz.0.841" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fcef7c code=0x7ffc0000
[  239.260135][   T40] audit: type=1326 audit(1780003722.391:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8729 comm="syz.0.841" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fcef7c code=0x7ffc0000
[  239.313339][   T40] audit: type=1326 audit(1780003722.401:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8729 comm="syz.0.841" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf6fcef7c code=0x7ffc0000
[  239.368687][ T8736] trusted_key: encrypted_key: keyword 'update' not allowed when called from .instantiate method
[  239.406076][   T40] audit: type=1326 audit(1780003722.401:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8729 comm="syz.0.841" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fcef7c code=0x7ffc0000
[  239.488693][   T40] audit: type=1326 audit(1780003722.401:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8729 comm="syz.0.841" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fcef7c code=0x7ffc0000
[  239.509546][   T40] audit: type=1326 audit(1780003722.401:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8729 comm="syz.0.841" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf71061ab code=0x7ffc0000
[  239.522922][   T40] audit: type=1326 audit(1780003722.401:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8729 comm="syz.0.841" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fcef7c code=0x7ffc0000
[  239.535504][   T40] audit: type=1326 audit(1780003722.401:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8729 comm="syz.0.841" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fcef7c code=0x7ffc0000
[  239.549469][   T40] audit: type=1326 audit(1780003722.401:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8729 comm="syz.0.841" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf6fcef7c code=0x7ffc0000
[  239.597459][   T40] audit: type=1326 audit(1780003722.401:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8729 comm="syz.0.841" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fcef7c code=0x7ffc0000
[  240.126823][ T8746] syzkaller0: entered promiscuous mode
[  240.130696][ T8746] syzkaller0: entered allmulticast mode
[  240.263966][ T8749] netlink: 24 bytes leftover after parsing attributes in process `syz.0.845'.
[  243.485415][ T8756] netlink: 8 bytes leftover after parsing attributes in process `syz.3.849'.
[  243.797497][ T8767] netlink: 48 bytes leftover after parsing attributes in process `syz.2.852'.
[  243.940963][ T8775] comedi comedi3: pcl812: I/O base address not correctly aligned
[  244.284219][ T8783] syzkaller0: entered promiscuous mode
[  244.288082][ T8783] syzkaller0: entered allmulticast mode
[  244.425131][ T8758] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  246.560302][ T8800] input: syz0 as /devices/virtual/input/input11
[  246.590427][ T8800] netlink: 4 bytes leftover after parsing attributes in process `syz.3.861'.
[  246.831661][    C1] vcan0: j1939_tp_rxtimer: 0xffff88800b959c00: rx timeout, send abort
[  247.327055][ T8805] FAULT_INJECTION: forcing a failure.
[  247.327055][ T8805] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  247.332165][ T8805] CPU: 1 UID: 0 PID: 8805 Comm: syz.0.862 Not tainted syzkaller #0 PREEMPT(full) 
[  247.332189][ T8805] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  247.332199][ T8805] Call Trace:
[  247.332206][ T8805]  <TASK>
[  247.332214][ T8805]  dump_stack_lvl+0x100/0x190
[  247.332253][ T8805]  should_fail_ex.cold+0x5/0xa
[  247.332274][ T8805]  _copy_to_user+0x32/0xd0
[  247.332299][ T8805]  simple_read_from_buffer+0xcb/0x170
[  247.332322][ T8805]  proc_fail_nth_read+0x1af/0x230
[  247.332348][ T8805]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  247.332374][ T8805]  ? rw_verify_area+0xce/0x6d0
[  247.332389][ T8805]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  247.332413][ T8805]  vfs_read+0x1e4/0xb30
[  247.332434][ T8805]  ? __pfx_vfs_read+0x10/0x10
[  247.332450][ T8805]  ? find_held_lock+0x2b/0x80
[  247.332470][ T8805]  ? __fget_files+0x215/0x3d0
[  247.332493][ T8805]  ? __fget_files+0x21f/0x3d0
[  247.332518][ T8805]  ksys_read+0x12a/0x250
[  247.332539][ T8805]  ? __pfx_ksys_read+0x10/0x10
[  247.332556][ T8805]  ? rcu_is_watching+0x12/0xc0
[  247.332576][ T8805]  ? rcu_is_watching+0x12/0xc0
[  247.332599][ T8805]  do_int80_emulation+0x14b/0x720
[  247.332629][ T8805]  asm_int80_emulation+0x1a/0x20
[  247.332648][ T8805] RIP: 0023:0xf71061ab
[  247.332662][ T8805] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  247.332678][ T8805] RSP: 002b:00000000f53bd4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  247.332696][ T8805] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f53bd5d0
[  247.332707][ T8805] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  247.332716][ T8805] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  247.332726][ T8805] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  247.332736][ T8805] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  247.332759][ T8805]  </TASK>
[  247.337591][    C1] vcan0: j1939_tp_rxtimer: 0xffff88800b959c00: abort rx timeout. Force session deactivation
[  247.427016][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805d821c00: rx timeout, send abort
[  247.515349][ T8807] netlink: 'syz.0.863': attribute type 1 has an invalid length.
[  247.934619][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805d821c00: abort rx timeout. Force session deactivation
[  248.925133][ T8807] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[  249.183738][ T8812] netlink: 8 bytes leftover after parsing attributes in process `syz.0.864'.
[  249.399072][ T8819] netlink: 12 bytes leftover after parsing attributes in process `syz.3.866'.
[  249.773245][ T5888] libceph: connect (1)[c::]:6789 error -101
[  249.776537][ T5888] libceph: mon0 (1)[c::]:6789 connect error
[  249.849423][ T8827] ceph: No mds server is up or the cluster is laggy
[  250.046545][ T5888] libceph: connect (1)[c::]:6789 error -101
[  250.049144][ T5888] libceph: mon0 (1)[c::]:6789 connect error
[  250.277160][ T8831] netlink: 8 bytes leftover after parsing attributes in process `syz.1.867'.
[  250.434538][ T8841] syzkaller0: entered promiscuous mode
[  250.437573][ T8841] syzkaller0: entered allmulticast mode
[  253.351225][ T1160] wlan1: Trigger new scan to find an IBSS to join
[  255.279683][ T8859] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  255.283141][ T8859] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  255.301775][ T8859] vhci_hcd vhci_hcd.0: Device attached
[  255.643369][ T8861] vhci_hcd: connection closed
[  255.643528][ T1160] vhci_hcd vhci_hcd.2: stop threads
[  255.647054][ T1160] vhci_hcd vhci_hcd.2: release socket
[  255.648993][ T1160] vhci_hcd vhci_hcd.2: disconnect device
[  255.669568][   T39] usb 42-1: enqueue for inactive port 0
[  256.134739][ T8864] netlink: 8 bytes leftover after parsing attributes in process `syz.0.878'.
[  256.160951][   T39] usb usb42-port1: attempt power cycle
[  256.231444][ T8867] netlink: 4 bytes leftover after parsing attributes in process `syz.0.878'.
[  256.534908][ T8872] netlink: 8 bytes leftover after parsing attributes in process `syz.2.881'.
[  256.770709][   T39] usb usb42-port1: unable to enumerate USB device
[  257.060317][ T8880] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9)
[  257.063709][ T8880] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  257.147983][ T8880] vhci_hcd vhci_hcd.0: Device attached
[  257.195251][ T8891] bond1 (unregistering): Released all slaves
[  257.195850][ T8880] netlink: 24 bytes leftover after parsing attributes in process `syz.1.879'.
[  257.245815][ T1160] wlan1: Trigger new scan to find an IBSS to join
[  257.398629][ T8881] vhci_hcd: connection closed
[  257.400033][ T1160] vhci_hcd vhci_hcd.1: stop threads
[  257.410395][ T1160] vhci_hcd vhci_hcd.1: release socket
[  257.414139][ T1160] vhci_hcd vhci_hcd.1: disconnect device
[  257.439603][   T39] usb 40-1: enqueue for inactive port 0
[  257.553461][ T8902] comedi comedi3: pcl812: I/O base address not correctly aligned
[  257.663370][ T8878] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  258.030699][   T39] usb usb40-port1: attempt power cycle
[  258.244429][   T40] kauditd_printk_skb: 10 callbacks suppressed
[  258.244516][   T40] audit: type=1326 audit(1780003741.431:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8894 comm="syz.3.887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef7c code=0x7fc00000
[  258.307099][   T40] audit: type=1326 audit(1780003741.451:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8894 comm="syz.3.887" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf709ef7c code=0x7fc00000
[  258.307935][  T105] wlan1: Creating new IBSS network, BSSID e2:64:cd:b7:b1:b5
[  258.333235][   T40] audit: type=1326 audit(1780003741.451:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8894 comm="syz.3.887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef7c code=0x7fc00000
[  258.343416][   T40] audit: type=1326 audit(1780003741.451:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8894 comm="syz.3.887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef7c code=0x7fc00000
[  258.368780][   T40] audit: type=1326 audit(1780003741.451:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8894 comm="syz.3.887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef7c code=0x7fc00000
[  258.380295][   T40] audit: type=1326 audit(1780003741.451:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8894 comm="syz.3.887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef7c code=0x7fc00000
[  258.391275][   T40] audit: type=1326 audit(1780003741.451:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8894 comm="syz.3.887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef7c code=0x7fc00000
[  258.406061][   T40] audit: type=1326 audit(1780003741.451:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8894 comm="syz.3.887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef7c code=0x7fc00000
[  258.417429][   T40] audit: type=1326 audit(1780003741.451:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8894 comm="syz.3.887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef7c code=0x7fc00000
[  258.429768][   T40] audit: type=1326 audit(1780003741.451:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8894 comm="syz.3.887" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef7c code=0x7fc00000
[  258.580587][   T39] usb usb40-port1: unable to enumerate USB device
[  259.036803][ T8923] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  259.040284][ T8923] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  259.044327][ T8923] vhci_hcd vhci_hcd.0: Device attached
[  259.134352][ T2318] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  259.233895][ T1160] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  259.239809][ T1160] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  259.256373][ T8923] EXT4-fs (sr0): VFS: Can't find ext4 filesystem
[  259.279490][ T2318] usb 7-1: device descriptor read/64, error -71
[  259.441674][ T8924] vhci_hcd: connection closed
[  259.448848][  T105] vhci_hcd vhci_hcd.1: stop threads
[  259.454754][  T105] vhci_hcd vhci_hcd.1: release socket
[  259.457231][  T105] vhci_hcd vhci_hcd.1: disconnect device
[  259.529492][ T2318] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  259.669724][ T2318] usb 7-1: device descriptor read/64, error -71
[  259.779817][ T2318] usb usb7-port1: attempt power cycle
[  260.112823][ T8938] syzkaller0: entered promiscuous mode
[  260.115392][ T8938] syzkaller0: entered allmulticast mode
[  260.139606][ T2318] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  260.172271][ T2318] usb 7-1: device descriptor read/8, error -71
[  260.298209][ T1435] ieee802154 phy0 wpan0: encryption failed: -22
[  260.301271][ T1435] ieee802154 phy1 wpan1: encryption failed: -22
[  260.318514][ T8947] bridge1: entered promiscuous mode
[  260.323201][ T8947] bridge1: entered allmulticast mode
[  260.419475][ T2318] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  260.450638][ T2318] usb 7-1: device descriptor read/8, error -71
[  260.468457][ T1220] Bluetooth: hci4: Frame reassembly failed (-84)
[  260.569805][ T2318] usb usb7-port1: unable to enumerate USB device
[  260.683278][ T8945] comedi comedi3: pcl812: I/O base address not correctly aligned
[  260.913836][ T8943] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  262.434112][ T5102] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  263.305938][  T856] IPVS: starting estimator thread 0...
[  263.358400][ T8973] tipc: Started in network mode
[  263.361132][ T8973] tipc: Node identity ac1414aa, cluster identity 4711
[  263.364916][ T8973] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  263.371506][ T8973] tipc: Enabled bearer <udp:s>, priority 10
[  263.399625][ T8974] IPVS: using max 26 ests per chain, 62400 per kthread
[  263.448260][ T8977] binder: 8975:8977 ioctl c0285840 80000000 returned -22
[  263.509572][    C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  263.649580][    C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  263.789515][    C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  263.929500][    C1] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  264.040900][  T856] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  264.044905][   T12] list_del corruption, ffff88804f5eed80->next is NULL
[  264.048983][   T12] ------------[ cut here ]------------
[  264.051245][   T12] kernel BUG at lib/list_debug.c:52!
[  264.053429][   T12] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[  264.056093][   T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u32:0 Not tainted syzkaller #0 PREEMPT(full) 
[  264.062336][   T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  264.066709][   T12] Workqueue: events_unbound linkwatch_event
[  264.069180][   T12] RIP: 0010:__list_del_entry_valid_or_report.cold+0x22/0x24
[  264.072133][   T12] Code: e8 07 1d ec ff 90 0f 0b 48 89 de 48 c7 c7 00 47 1c 8c e8 f5 1c ec ff 90 0f 0b 48 89 de 48 c7 c7 a0 46 1c 8c e8 e3 1c ec ff 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 57 31 f6
[  264.080597][   T12] RSP: 0000:ffffc900001e7860 EFLAGS: 00010082
[  264.083298][   T12] RAX: 0000000000000033 RBX: ffff88804f5eed80 RCX: 0000000000000000
[  264.086443][   T12] RDX: 0000000000000033 RSI: ffffffff81e6b379 RDI: fffff5200003cefd
[  264.089494][   T12] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
[  264.092296][   T12] R10: 0000000000000202 R11: 0000000000000000 R12: 0000000000000000
[  264.095229][   T12] R13: ffffc900001e78b0 R14: ffff888029d1c6b8 R15: 0000000000000000
[  264.098581][   T12] FS:  0000000000000000(0000) GS:ffff88809728d000(0000) knlGS:0000000000000000
[  264.102304][   T12] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  264.104706][   T12] CR2: 0000000033d07ff8 CR3: 0000000042c47000 CR4: 0000000000352ef0
[  264.107603][   T12] Call Trace:
[  264.108985][   T12]  <TASK>
[  264.110155][   T12]  ref_tracker_free+0x1a7/0x6c0
[  264.112199][   T12]  ? __pfx_ref_tracker_free+0x10/0x10
[  264.114656][   T12]  ? dev_deactivate_many+0x293/0xff0
[  264.116655][   T12]  ? dev_deactivate+0x109/0x1d0
[  264.118487][   T12]  ? linkwatch_do_dev+0xd3/0x120
[  264.120466][   T12]  ? __linkwatch_run_queue+0x3a9/0x900
[  264.122680][   T12]  ? linkwatch_event+0x8f/0xc0
[  264.124642][   T12]  ? process_one_work+0xa0e/0x1980
[  264.126666][   T12]  ? worker_thread+0x5ef/0xe50
[  264.128508][   T12]  ? kthread+0x370/0x450
[  264.130186][   T12]  ? ret_from_fork+0x72b/0xd50
[  264.131994][   T12]  ? ret_from_fork_asm+0x1a/0x30
[  264.133753][   T12]  ? netif_freeze_queues+0x183/0x1f0
[  264.135836][   T12]  dev_deactivate_many+0x293/0xff0
[  264.137831][   T12]  ? kfree+0x141/0x6c0
[  264.139430][   T12]  ? __pfx_dev_deactivate_many+0x10/0x10
[  264.141601][   T12]  ? ref_tracker_free+0x37e/0x6c0
[  264.143683][   T12]  ? __pfx_ref_tracker_free+0x10/0x10
[  264.145778][   T12]  dev_deactivate+0x109/0x1d0
[  264.147538][   T12]  ? __pfx_dev_deactivate+0x10/0x10
[  264.149464][   T12]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  264.151808][   T12]  linkwatch_do_dev+0xd3/0x120
[  264.153630][   T12]  __linkwatch_run_queue+0x3a9/0x900
[  264.155408][   T12]  ? __pfx___linkwatch_run_queue+0x10/0x10
[  264.157309][   T12]  linkwatch_event+0x8f/0xc0
[  264.158811][   T12]  ? __pfx_linkwatch_event+0x10/0x10
[  264.160470][   T12]  ? rcu_is_watching+0x12/0xc0
[  264.161980][   T12]  process_one_work+0xa0e/0x1980
[  264.163535][   T12]  ? __pfx_process_one_work+0x10/0x10
[  264.165182][   T12]  ? __pfx_linkwatch_event+0x10/0x10
[  264.166874][   T12]  worker_thread+0x5ef/0xe50
[  264.168459][   T12]  ? kthread+0x13a/0x450
[  264.170043][   T12]  ? __pfx_worker_thread+0x10/0x10
[  264.171781][   T12]  kthread+0x370/0x450
[  264.173184][   T12]  ? __pfx_kthread+0x10/0x10
[  264.174609][   T12]  ret_from_fork+0x72b/0xd50
[  264.176318][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  264.178181][   T12]  ? __switch_to+0x800/0x1100
[  264.179664][   T12]  ? __pfx_kthread+0x10/0x10
[  264.181241][   T12]  ret_from_fork_asm+0x1a/0x30
[  264.182838][   T12]  </TASK>
[  264.183837][   T12] Modules linked in:
[  264.185068][   T12] ---[ end trace 0000000000000000 ]---
[  264.186749][   T12] RIP: 0010:__list_del_entry_valid_or_report.cold+0x22/0x24
[  264.188971][   T12] Code: e8 07 1d ec ff 90 0f 0b 48 89 de 48 c7 c7 00 47 1c 8c e8 f5 1c ec ff 90 0f 0b 48 89 de 48 c7 c7 a0 46 1c 8c e8 e3 1c ec ff 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 57 31 f6
[  264.195036][   T12] RSP: 0000:ffffc900001e7860 EFLAGS: 00010082
[  264.197078][   T12] RAX: 0000000000000033 RBX: ffff88804f5eed80 RCX: 0000000000000000
[  264.199497][   T12] RDX: 0000000000000033 RSI: ffffffff81e6b379 RDI: fffff5200003cefd
[  264.201927][   T12] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
[  264.204345][   T12] R10: 0000000000000202 R11: 0000000000000000 R12: 0000000000000000
[  264.206809][   T12] R13: ffffc900001e78b0 R14: ffff888029d1c6b8 R15: 0000000000000000
[  264.209366][   T12] FS:  0000000000000000(0000) GS:ffff88809728d000(0000) knlGS:0000000000000000
[  264.212312][   T12] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  264.214369][   T12] CR2: 0000000033d07ff8 CR3: 0000000042c47000 CR4: 0000000000352ef0
[  264.216853][   T12] Kernel panic - not syncing: Fatal exception in interrupt
[  265.311024][   T12] Shutting down cpus with NMI
[  265.313823][   T12] Kernel Offset: disabled
[  265.315618][   T12] Rebooting in 86400 seconds..

VM DIAGNOSIS:
21:29:07  Registers:
info registers vcpu 0

CPU#0
RAX=0000003d7d3f10b4 RBX=0000003d7d3f10b4 RCX=0000003deda13095 RDX=0000000000000006
RSI=0000000000000001 RDI=ffffffff940f7000 RBP=1ffff92000721ef3 RSP=ffffc9000390f758
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000003 R11=ffffffff81d4bd62
R12=ffffffff90d761c4 R13=ffff88802b23bfe8 R14=ffff88802b23bf60 R15=0000000008080000
RIP=ffffffff81acb461 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88809718d000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080001000 CR3=0000000042c47000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff857c2df5 RDI=ffffffff9b44a300 RBP=ffffffff9b44a2c0 RSP=ffffc900001e7148
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552031203a555043
R12=0000000000000000 R13=0000000000000020 R14=0000000000000010 R15=ffffffff857c2d90
RIP=ffffffff857c2e1f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809728d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000033d07ff8 CR3=0000000042c47000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=0000000000000003 RCX=ffffffff81b69d33 RDX=ffff888026d02540
RSI=ffffffff81b6cfec RDI=ffff888026d02540 RBP=ffff888029d1c658 RSP=ffffc90004baf808
R8 =0000000000000000 R9 =0000000000000003 R10=0000000000000003 R11=0000000000000000
R12=0000000000000003 R13=0000000000000003 R14=ffff88802b43c380 R15=0000000000000000
RIP=ffffffff81b6cfed RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809738d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c33da24 CR3=000000006dc49000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000254154 RBX=ffff88801c3ca540 RCX=ffffffff8b868285 RDX=0000000000000001
RSI=ffffffff8c1c4300 RDI=ffffffff81dd6a04 RBP=0000000000000000 RSP=ffffc9000048fdf0
R8 =0000000000000000 R9 =ffffed10056a67b5 R10=ffff88802b533dab R11=ffffffff940b4607
R12=0000000000000003 R13=ffffed10038794a8 R14=0000000000000003 R15=ffffffff90d72e50
RIP=ffffffff8b8668df RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809748d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080003000 CR3=000000006dc49000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000f000000000 0000000300000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000