last executing test programs:

3m8.501307353s ago: executing program 1 (id=29):
r0 = openat$ttynull(0xffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$TCFLSH(r0, 0x40085500, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast1}, 0x10)
userfaultfd(0x801)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
exit(0x0)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x482)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x3}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f90124fc60", 0x14}], 0x1}, 0x80)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1})

3m7.015078906s ago: executing program 1 (id=33):
r0 = openat$ttynull(0xffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x19)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast1}, 0x10)
userfaultfd(0x801)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
exit(0x0)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x482)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x3}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$MEDIA_IOC_G_TOPOLOGY(0xffffffffffffffff, 0xc0487c04, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
dup(0xffffffffffffffff)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f90124fc60", 0x14}], 0x1}, 0x80)
recvmsg$kcm(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000002240)=[{&(0x7f00000011c0)=""/4080, 0xff67}, {&(0x7f00000000c0)=""/118, 0x76}, {&(0x7f0000000140)=""/70, 0x46}], 0x3}, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000080), 0x40100001, 0x20400)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1})

3m5.342503165s ago: executing program 1 (id=36):
socket$nl_generic(0x10, 0x3, 0x10)
socket$igmp6(0xa, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d00000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e20, 0x80000000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xf}, 0x1c)
ioctl$FBIOPUT_VSCREENINFO(r3, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x8, 0x3, 0x1ff, 0x3d, 0x5, 0x3, 0x53, 0x202, 0x1, 0xc})
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r5 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff)
r6 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000580)='X', 0x1, 0xfffffffffffffffe)
r7 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000080)={r6, r7, r5}, 0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)={'sha1-generic\x00'}})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r9, 0x5, 0x3000000, 0x600, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)

3m2.780795967s ago: executing program 1 (id=41):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x10, &(0x7f0000000480)=ANY=[@ANYRESDEC], &(0x7f0000000300)='syzkaller\x00', 0x8, 0xac, &(0x7f0000000140)=""/172, 0x41000, 0xb, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0), 0x0, 0x10, 0x3, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, 0x0, 0x0)
sendmsg$TIPC_NL_BEARER_GET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000340)={&(0x7f0000000500)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0x81}, {0x6}]}, 0x8)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000008c0)={r3, 0x20, &(0x7f00000004c0)={&(0x7f0000000700)=""/136, 0x88, <r5=>0x0, &(0x7f00000007c0)=""/242, 0xf2}}, 0x10)
r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000900)={0xffffffffffffffff, 0x8, 0x18}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x9, &(0x7f0000000080)=@raw=[@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @generic={0x8, 0x9, 0x5, 0x3, 0xf2be}, @map_idx={0x18, 0x3, 0x5, 0x0, 0x2}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0xd}], &(0x7f0000000240)='GPL\x00', 0x1, 0x7e, &(0x7f0000000680)=""/126, 0x40f00, 0x4, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000400)={0x5, 0xc, 0x0, 0x2ef}, 0x10, r5, 0xffffffffffffffff, 0x0, &(0x7f0000000940)=[r6], 0x0, 0x10, 0xbe4, @void, @value}, 0x94)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="0404190c4feefd25ad2983456cc952f1e6fc82"], 0xd)
ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4138ae84, &(0x7f0000000c40)=@arm64={0x0, 0x2, 0x2, '\x00', 0xffffffffffffffe0})
ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4400ae8f, &(0x7f0000000140)=@x86={0x3, 0x1, 0x2, 0x0, 0x1cf, 0x4, 0x6, 0x1, 0x2, 0x9, 0x9, 0x4, 0x0, 0x7ff, 0x3, 0x3b, 0x2, 0x9, 0x1, '\x00', 0x81, 0x100000001})
ioctl$EVIOCSMASK(0xffffffffffffffff, 0x40104593, &(0x7f0000000040)={0x17, 0x0, 0x0})
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)

2m58.037647296s ago: executing program 1 (id=49):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)=ANY=[@ANYRES32=0x0, @ANYRES32=0x1, @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYRES64=0x0, @ANYBLOB='\x00'/28], 0x50)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newqdisc={0x8c, 0x24, 0x400, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff3}, {0xfff3, 0x9}, {0xa, 0x2}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x2}, @qdisc_kind_options=@q_fq_pie={{0xb}, {0x4}}, @TCA_RATE={0x6, 0x5, {0xff, 0x8}}, @qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_ECN={0x8, 0x4, 0x1}]}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x7, 0x3, 0x2, 0x33c9, 0x0, 0x9, 0x6, 0x2}}, {0x8, 0x2, [0x7, 0x401]}}]}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x6}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(r1, 0x8, &(0x7f00000002c0)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QUERYBUF(r5, 0xc044560f, &(0x7f0000000080)=@mmap={0x0, 0x2, 0x4, 0x0, 0x7, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10110401"}})
sendmsg$nl_route(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000000300)=ANY=[@ANYRES64=r0], 0x24}}, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0x19, 0x20000000, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'syz_tun\x00'})
r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r6, &(0x7f0000000040)='./file0\x00', 0x0)
mount(&(0x7f0000000040)=@sr0, &(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000380)='ncpfs\x00', 0x984887, 0x0)
r7 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
ioctl$SIOCSIFHWADDR(r6, 0x8924, &(0x7f0000000180)={'veth0_to_bond\x00'})
landlock_restrict_self(r7, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0x5, &(0x7f0000000540)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000000000350000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142da7646c4fe02996b60cf81ebcd50fa9ea4318123f602000000000000de89e661168c1886d0d4d94f204e345c652fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340a1c8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d255be1ed66d9051f22614d1f62734d679039a97d2b74f9e8e997ccd314000f747f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736c819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480e5aee9c9e5f2e5a56a6d920335c8e8726fd8329d9a728995b1531bd20360d33d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c55969a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047050d7296cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed03a6fe7860b3e13c3173a60a1823cb7dde8212a8531bd9691dd4cc6a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a0000000000000001ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada186b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8f09c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3138e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39289f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c3e1f5a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba4664f35547cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a12105edebc5e3b8dad4c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e9300b0144fe040cf5fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f200000000000000000089de7f8485d9507164a187220b36ddc7fa645d4bd0c1414c30a416"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280))

2m56.512410641s ago: executing program 1 (id=53):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f00000005c0)=[{&(0x7f0000000640)=""/102396, 0x18ffc}, {&(0x7f0000000040)=""/23, 0x17}, {&(0x7f0000000540)=""/44, 0x2c}], 0x3, 0x9, 0x9)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default trusted:syz -9223372036854779533'], 0x2d, 0xfffffffffffffff9)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="cd336dedb111932400009f", @ANYRES16=r3, @ANYBLOB="010028bd7000ffdbdf2514a03e75ef0001000100000008001c00", @ANYRES32=0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000080)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000300)=0xf)
r4 = fcntl$dupfd(r0, 0x0, r0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r7, 0x4048ae9b, &(0x7f0000000200)={0x178003, 0x0, [0x40, 0x4, 0x3, 0xe3, 0xfffffffffffffffc, 0x7236, 0x200000001]})
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000100)=@x86={0x0, 0xe9, 0x6, 0x0, 0x7, 0xff, 0xfe, 0x81, 0x0, 0xb, 0x9, 0xd6, 0x0, 0x9, 0xc80, 0x5, 0x0, 0xff, 0x2, '\x00', 0x2, 0x6})
ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0xdddd1000, 0x59a35420, 0x20003, 0x10020f5b, 0x0, [{0x0, 0x9, 0x0, '\x00', 0x3a}, {0x0, 0x6}, {}, {0x0, 0x35}, {0x1d, 0x3}, {0x0, 0x0, 0x6}, {}, {0x2, 0x6}, {}, {0x73, 0x6, 0x2}, {0x0, 0x0, 0xfe}, {}, {}, {0x0, 0x0, 0x0, '\x00', 0xfe}, {0x7, 0x0, 0x0, '\x00', 0x39}, {0x0, 0x0, 0x0, '\x00', 0x8}, {0x0, 0x0, 0x0, '\x00', 0xff}, {0x0, 0x0, 0xfa}, {0x0, 0x0, 0x0, '\x00', 0x1}, {0x0, 0x0, 0x40}, {0x6, 0x0, 0x0, '\x00', 0x20}, {0x0, 0x0, 0x4, '\x00', 0xfc}, {0x0, 0x5}, {0x0, 0x0, 0x10}]}})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff)
ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000000)=0x60)
truncate(&(0x7f0000000180)='./file1\x00', 0x8000)

2m41.411332963s ago: executing program 32 (id=53):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f00000005c0)=[{&(0x7f0000000640)=""/102396, 0x18ffc}, {&(0x7f0000000040)=""/23, 0x17}, {&(0x7f0000000540)=""/44, 0x2c}], 0x3, 0x9, 0x9)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default trusted:syz -9223372036854779533'], 0x2d, 0xfffffffffffffff9)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="cd336dedb111932400009f", @ANYRES16=r3, @ANYBLOB="010028bd7000ffdbdf2514a03e75ef0001000100000008001c00", @ANYRES32=0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000080)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000300)=0xf)
r4 = fcntl$dupfd(r0, 0x0, r0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r7, 0x4048ae9b, &(0x7f0000000200)={0x178003, 0x0, [0x40, 0x4, 0x3, 0xe3, 0xfffffffffffffffc, 0x7236, 0x200000001]})
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000100)=@x86={0x0, 0xe9, 0x6, 0x0, 0x7, 0xff, 0xfe, 0x81, 0x0, 0xb, 0x9, 0xd6, 0x0, 0x9, 0xc80, 0x5, 0x0, 0xff, 0x2, '\x00', 0x2, 0x6})
ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0xdddd1000, 0x59a35420, 0x20003, 0x10020f5b, 0x0, [{0x0, 0x9, 0x0, '\x00', 0x3a}, {0x0, 0x6}, {}, {0x0, 0x35}, {0x1d, 0x3}, {0x0, 0x0, 0x6}, {}, {0x2, 0x6}, {}, {0x73, 0x6, 0x2}, {0x0, 0x0, 0xfe}, {}, {}, {0x0, 0x0, 0x0, '\x00', 0xfe}, {0x7, 0x0, 0x0, '\x00', 0x39}, {0x0, 0x0, 0x0, '\x00', 0x8}, {0x0, 0x0, 0x0, '\x00', 0xff}, {0x0, 0x0, 0xfa}, {0x0, 0x0, 0x0, '\x00', 0x1}, {0x0, 0x0, 0x40}, {0x6, 0x0, 0x0, '\x00', 0x20}, {0x0, 0x0, 0x4, '\x00', 0xfc}, {0x0, 0x5}, {0x0, 0x0, 0x10}]}})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff)
ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000000)=0x60)
truncate(&(0x7f0000000180)='./file1\x00', 0x8000)

1m55.249417412s ago: executing program 3 (id=231):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
listen(r0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x8e, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd600a843500580600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)

1m55.148369463s ago: executing program 3 (id=233):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e000f000000e8bd6efb250314000e000100240248ff05000500", 0x2c}, {&(0x7f00000019c0)="06bb", 0x2}], 0x2}, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000080)={{0x0, 0x1}})
ioctl$SNDRV_TIMER_IOCTL_INFO(r0, 0x40605414, &(0x7f0000000000)=""/30)

1m54.876555923s ago: executing program 3 (id=235):
r0 = socket$tipc(0x1e, 0x5, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000002060101000000000000000000bd000005000100070000000900020073797a3000000000140007800500150003000000080012400000000011000300686173683a69702c6d61726b000000000500050002000000050004"], 0x60}}, 0x0)
bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) (async)
r2 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000300)={0x10000043, 0x405, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)

1m54.749762097s ago: executing program 3 (id=236):
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mkdir(0x0, 0x1a0)
mount(0x0, 0x0, 0x0, 0x8, 0x0)
capset(0x0, &(0x7f00000000c0)={0x6, 0x1ffffd, 0x0, 0x0, 0x0, 0x2})
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x3)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0x2, 0xfffffff3, 0x9, 0x7f, 0x2, 0x1, 0x7f, 0x6, 0xfffffff9, 0xfffffff2, 0x5f, 0xa, 0x3, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0x4, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x9, 0x3, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3c, 0x91, 0x6, 0xfffffffd, 0x3, 0x5, 0x4, 0x8, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x8, 0x12f, 0x8000, 0x10, 0x8, 0x129432e2, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffe, 0x3, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0xa, 0x4, 0x4000, 0x7fff, 0x9, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0x1005, 0x47ff, 0x5f31, 0x2, 0x0, 0x6, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x5, 0x0, 0x1, 0x8000, 0xffff, 0x2, 0x400007f, 0x9, 0x5, 0x10003, 0x4, 0x1, 0x7, 0x5, 0x9, 0x48c93690, 0x3, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x1, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x1, 0x2, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x5, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2, 0x0, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x54fe12d2, 0xbf, 0x200, 0x3, 0x400002, 0xfffffff9, 0x0, 0x6, 0x5, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x3], [0x9, 0xbb2f, 0x3, 0x7, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x8ad, 0x5, 0x3, 0x7, 0x10000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x3, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x5, 0xffffffff, 0x7ffffffe, 0x5, 0x8, 0xc8, 0x3, 0x3, 0xffff, 0x3, 0x9, 0x100, 0x9622, 0xa, 0x4, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x18, 0x9, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xf7ff3441, 0xfff]}, 0x45c)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
finit_module(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
syz_io_uring_setup(0x9eb, &(0x7f0000000140)={0x0, 0xfad6}, &(0x7f0000000300)=<r1=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="9feb01001800000020"], &(0x7f00000000c0)=""/209, 0x1a, 0xd1, 0x1, 0x0, 0x0, @void, @value}, 0x28)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xba4930d83e89b22a, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r3, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a60274fcffffffffffffff14e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e006204df635e731a5bfcf142f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd400cfdfe756bc00d08e36655c00"})
ioctl$USBDEVFS_CLEAR_HALT(r3, 0x80045515, &(0x7f0000000380)={0x1, 0x1})
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r0, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r4=>r2, {0x1}}, './file0\x00'})
close(r4)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000100)={0x1d, 0x0, 0x0, {0x0, 0x0, 0x4}, 0x1}, 0x18)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYRES8, @ANYRES32, @ANYBLOB="0000000000000000400012800c0001"], 0x68}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1be)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000001c0)='./file0/file0\x00', 0x0, 0x31001, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x0, 0x0)
r5 = gettid()
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080)=r5, 0x12)
socket$kcm(0x2, 0xa, 0x2)

1m54.359649213s ago: executing program 3 (id=239):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x18, 0x2c, 0x1, 0x70bd26, 0x25dfdbfc, {0x4, 0x0, 0x2800}, [@typed={0x4, 0x1d, 0x0, 0x0, @binary}]}, 0x18}, 0x1, 0x0, 0x0, 0x404000c}, 0x40000)
r1 = socket$igmp6(0xa, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$vim2m(&(0x7f0000000040), 0x7f, 0x2)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d00000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
ioctl$FBIOPUT_VSCREENINFO(r3, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x8, 0x3, 0x1ff, 0x3d, 0x5, 0x3, 0x53, 0x202, 0x1, 0xc})
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
getsockopt$MRT6(r1, 0x29, 0xd0, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x3)
dup(r6)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000580)={0x1ff, 0x0, 0x0, 0x1000, &(0x7f0000456000/0x1000)=nil})

1m53.64604406s ago: executing program 3 (id=241):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
listen(r0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x8e, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd600a843500580600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)

1m53.128286828s ago: executing program 33 (id=241):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
listen(r0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x8e, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd600a843500580600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)

1m12.769989658s ago: executing program 5 (id=336):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_ro(r5, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00')
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, 0x0, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="020000000200000000000000", @ANYRES32, @ANYBLOB="7c57219ef1148943b89c73b778369e939ff4fd229543aa5417b7a2d179579ae57675d37fac00590c711b66e5d8fc1d92cfe315ef8a5afb9500d59a5ddbb1440cfe86cc30db6966f257281b82186c47d8ef9ed3d16dd873846b2a6374efd86e2dda5991b6de3c6ae410e29d3a433d3b97224bb387a5f89007a4fa42b116c3056c6e6bca0d29733059b7ec4cf6ecb5b4ef1d1eb56c9abdf8d3f6bd96ed1a4e22a709018ba656f4dd240a95671083cd88ebd3767276292a86b2aa9a6bfa533e7640aa1a800f59f6b1adfd76a97d920a0ec2482a2b95661c9de1a13456be7dad7f798aa0c4eb96e763de", @ANYRES64=0x0], 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYRES32=r0, @ANYRESHEX=r0, @ANYRES64, @ANYBLOB="e2cc9538532073bf22d9b9b86ae213da72583b8a56a4efd675c40c35b79a712e995b4d052b592b309a2da5", @ANYBLOB="6ed73995", @ANYRESDEC=r0], 0x1c}, 0x1, 0x0, 0x0, 0x8010}, 0x24000000)
r6 = getpgrp(0x0)
r7 = syz_open_procfs(r6, &(0x7f0000000040)='mounts\x00')
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(r7, 0x3b87, &(0x7f0000000000)={0x18, 0x0, 0x1, 0x0, 0x0, 0x55710c03})

1m12.6695471s ago: executing program 5 (id=337):
syz_open_dev$sndctrl(&(0x7f0000001440), 0x400000, 0x600000)
openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x4600, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffdd2)
syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x7079, 0x0, 0x4, 0x288}, &(0x7f0000000340), &(0x7f0000000280))
r2 = syz_open_dev$I2C(&(0x7f0000003000), 0x0, 0x0)
ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000003080)={0x1, 0x0, 0x6, 0x0})
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000080))
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0)
pipe(&(0x7f0000000000))
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x8)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r6, &(0x7f0000000600)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r7, @ANYBLOB="00001000252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="3c0000001000030500000000fcffffff00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001400128009000100626f6e64000000000400028008000a00", @ANYRES32=r7, @ANYBLOB="963905f393f2de4519cf4719096c36597e8c13af1a1d68049f59b4933e83e5bd8f29980c6382261e920c97cbcc31eb5ba84becb2a7412cf540f6341af803daee49253f070a5970069588a8fe952051c3ebf5d9301fbf621f77bb1c84f2208cd15c5376aeb023bff5fb8b54380183ce7139fa4f36984372dc1296763c570dd4d9a8e6574d01b433022cd68967fb7876b818eba5c176d66b43b850007fbddd542f35347b2a4e3b00"/178], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000900)=ANY=[@ANYBLOB="5c00000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=r8], 0x5c}}, 0x40)
r9 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r9, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
mmap(&(0x7f000014f000/0x2000)=nil, 0x2000, 0x6, 0x11, r9, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
r11 = socket(0x10, 0x803, 0x2)
getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r12, @ANYBLOB="0100000001000000"], 0x3c}}, 0x0)

1m11.850113808s ago: executing program 5 (id=341):
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r4)
sendmsg$IEEE802154_LLSEC_GETPARAMS(r4, &(0x7f00000005c0)={0x0, 0x6000, &(0x7f0000000580)={&(0x7f0000000500)={0x20, r5, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x20}}, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="5c00000042000b0023ad7000fedbdf25050000cee30002009866dadbf2f88febf99bbcd115c442ea3655f696b1a1298a078b2a5d86b4af7baa5bacb035864f25ed5d08ade33a0dac4c73f6417ccbf0", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4040084)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff, 0x3c, 0x0, @void}, 0x10)
r7 = shmget$private(0x0, 0x9000, 0x0, &(0x7f0000ff7000/0x9000)=nil)
shmat(r7, &(0x7f0000ffc000/0x2000)=nil, 0x4000)
shmat(r7, &(0x7f0000ff9000/0x1000)=nil, 0x5000)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8001, &(0x7f0000000000)=0x6, 0x8, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r0, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x54, 0x1, 0x8, 0x101, 0x0, 0x0, {0x0, 0x0, 0x8}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6558}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @sctp}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}, @CTA_TIMEOUT_DATA={0x2c, 0x4, 0x0, 0x1, @icmpv6=[@CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x80000001}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xffffffff}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xd}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8010}, 0x10)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000001000010001000000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="850b010000000000140003006d6163737263300000000000000000000a000100aaaaaaaaaaaa0000"], 0x40}, 0x1, 0x0, 0x0, 0x90}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={0x48, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}}, 0x0)
setsockopt(0xffffffffffffffff, 0x10d, 0xe, &(0x7f00001c9fff)="03", 0x1)

53.551391801s ago: executing program 5 (id=341):
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r4)
sendmsg$IEEE802154_LLSEC_GETPARAMS(r4, &(0x7f00000005c0)={0x0, 0x6000, &(0x7f0000000580)={&(0x7f0000000500)={0x20, r5, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x20}}, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="5c00000042000b0023ad7000fedbdf25050000cee30002009866dadbf2f88febf99bbcd115c442ea3655f696b1a1298a078b2a5d86b4af7baa5bacb035864f25ed5d08ade33a0dac4c73f6417ccbf0", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4040084)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff, 0x3c, 0x0, @void}, 0x10)
r7 = shmget$private(0x0, 0x9000, 0x0, &(0x7f0000ff7000/0x9000)=nil)
shmat(r7, &(0x7f0000ffc000/0x2000)=nil, 0x4000)
shmat(r7, &(0x7f0000ff9000/0x1000)=nil, 0x5000)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8001, &(0x7f0000000000)=0x6, 0x8, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r0, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x54, 0x1, 0x8, 0x101, 0x0, 0x0, {0x0, 0x0, 0x8}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6558}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @sctp}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}, @CTA_TIMEOUT_DATA={0x2c, 0x4, 0x0, 0x1, @icmpv6=[@CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x80000001}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xffffffff}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xd}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8010}, 0x10)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000001000010001000000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="850b010000000000140003006d6163737263300000000000000000000a000100aaaaaaaaaaaa0000"], 0x40}, 0x1, 0x0, 0x0, 0x90}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={0x48, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}}, 0x0)
setsockopt(0xffffffffffffffff, 0x10d, 0xe, &(0x7f00001c9fff)="03", 0x1)

34.574678567s ago: executing program 5 (id=341):
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r4)
sendmsg$IEEE802154_LLSEC_GETPARAMS(r4, &(0x7f00000005c0)={0x0, 0x6000, &(0x7f0000000580)={&(0x7f0000000500)={0x20, r5, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x20}}, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="5c00000042000b0023ad7000fedbdf25050000cee30002009866dadbf2f88febf99bbcd115c442ea3655f696b1a1298a078b2a5d86b4af7baa5bacb035864f25ed5d08ade33a0dac4c73f6417ccbf0", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4040084)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff, 0x3c, 0x0, @void}, 0x10)
r7 = shmget$private(0x0, 0x9000, 0x0, &(0x7f0000ff7000/0x9000)=nil)
shmat(r7, &(0x7f0000ffc000/0x2000)=nil, 0x4000)
shmat(r7, &(0x7f0000ff9000/0x1000)=nil, 0x5000)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8001, &(0x7f0000000000)=0x6, 0x8, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r0, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x54, 0x1, 0x8, 0x101, 0x0, 0x0, {0x0, 0x0, 0x8}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6558}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @sctp}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}, @CTA_TIMEOUT_DATA={0x2c, 0x4, 0x0, 0x1, @icmpv6=[@CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x80000001}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xffffffff}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xd}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8010}, 0x10)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000001000010001000000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="850b010000000000140003006d6163737263300000000000000000000a000100aaaaaaaaaaaa0000"], 0x40}, 0x1, 0x0, 0x0, 0x90}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={0x48, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}}, 0x0)
setsockopt(0xffffffffffffffff, 0x10d, 0xe, &(0x7f00001c9fff)="03", 0x1)

12.518728893s ago: executing program 5 (id=341):
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r4)
sendmsg$IEEE802154_LLSEC_GETPARAMS(r4, &(0x7f00000005c0)={0x0, 0x6000, &(0x7f0000000580)={&(0x7f0000000500)={0x20, r5, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x20}}, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="5c00000042000b0023ad7000fedbdf25050000cee30002009866dadbf2f88febf99bbcd115c442ea3655f696b1a1298a078b2a5d86b4af7baa5bacb035864f25ed5d08ade33a0dac4c73f6417ccbf0", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4040084)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff, 0x3c, 0x0, @void}, 0x10)
r7 = shmget$private(0x0, 0x9000, 0x0, &(0x7f0000ff7000/0x9000)=nil)
shmat(r7, &(0x7f0000ffc000/0x2000)=nil, 0x4000)
shmat(r7, &(0x7f0000ff9000/0x1000)=nil, 0x5000)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8001, &(0x7f0000000000)=0x6, 0x8, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r0, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x54, 0x1, 0x8, 0x101, 0x0, 0x0, {0x0, 0x0, 0x8}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6558}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @sctp}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}, @CTA_TIMEOUT_DATA={0x2c, 0x4, 0x0, 0x1, @icmpv6=[@CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x80000001}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xffffffff}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xd}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8010}, 0x10)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000001000010001000000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="850b010000000000140003006d6163737263300000000000000000000a000100aaaaaaaaaaaa0000"], 0x40}, 0x1, 0x0, 0x0, 0x90}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={0x48, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}}, 0x0)
setsockopt(0xffffffffffffffff, 0x10d, 0xe, &(0x7f00001c9fff)="03", 0x1)

10.649982317s ago: executing program 0 (id=478):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0100001004000000040000000500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
pipe2$9p(&(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x800)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000480), r0)
write$P9_RLERRORu(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="2100008507000000000000726370755f616c6c6f635f7065726370750008000000"], 0x21)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000035c0)={'veth0_vlan\x00', &(0x7f0000000080)=@ethtool_sfeatures={0x12}})
r5 = syz_genetlink_get_family_id$nbd(&(0x7f00000005c0), r0)
sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000008c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000600)={&(0x7f0000000840)={0x44, r5, 0x400, 0x70bd2c, 0x25dfdbfc, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x6}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x8001}]}, 0x44}, 0x1, 0x0, 0x0, 0x40}, 0xc001)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r3}, 0x10)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d083910000000000000a1180015000600142603600e120900210000000401a80016000400144006000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
r8 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r8, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r9, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d41200000000000000290000003b000000", 0xfe60)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='xprtrdma_fixup\x00', r7}, 0x18)
syz_io_uring_setup(0x7f18, &(0x7f0000000200)={0x0, 0x2d08, 0x10100, 0x1, 0xfffffffe}, &(0x7f0000002000), &(0x7f0000000000))
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r10, &(0x7f00000021c0)={0x2020, 0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000000040)={0x50, 0x0, r11, {0x7, 0x1f, 0x0, 0x10400}}, 0x50)
syz_fuse_handle_req(r10, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88, {0x0, 0x10}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r12 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
ioctl$PPPIOCSCOMPRESS(r12, 0x4010744d)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0xf, &(0x7f0000000900)=ANY=[@ANYBLOB="180000000800000000000000230400001811000075cccae85500f0ff00a8aa608928d4cecf5663d4ddda053371179a2c7e704da54922e43f3a20a6b43c85ba74bec380969517509a1f03cf9a6cdb29cc05537202348359f6890db85fbd1c277e36f8d1aa7abcc656b3e41da5890e99d51db7f00f1f0fb862fb2cabb1ec9628a950b46d477a6170ba6b60ff6385c6d4f1b7c1e6e09e12c5c089ac60481fb211a7c89e6e8694b8e4708b7d0b27698630800ec2ffe084560fab9bbf74fd0994f9dfe4b9985886e06000bb09dec06df6473e05dd59b77f18c5035600af2b28c1c1711c90b7063df1789df05ac5ef249e365850bdb8fc5dd3b4fc9a949e50790eb3c9719003", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

8.85248214s ago: executing program 2 (id=481):
umount2(&(0x7f0000000180)='./file0\x00', 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e64"])
openat$sequencer(0xffffff9c, &(0x7f00000000c0), 0x400, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'macvtap0\x00'})
socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
setsockopt$bt_BT_SECURITY(r1, 0x112, 0x4, &(0x7f0000003000)={0x2}, 0x2)

8.702972573s ago: executing program 2 (id=482):
syz_open_dev$ttys(0xc, 0x2, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000000c0), 0x2, 0x1c1101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x110)
ioctl$EVIOCSABS2F(r1, 0x401845ef, &(0x7f0000000080)={0x2, 0x9, 0x9, 0x80, 0x7, 0x6})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeed, 0x8031, 0xffffffffffffffff, 0xf6d0d000)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)

7.708833688s ago: executing program 2 (id=485):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$igmp6(0xa, 0x3, 0x2)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="98000095", @ANYRES16=0x0, @ANYBLOB="10002dbd7000ffdbdf2505000000840002800400040024000380080002000400000008000200070000000800010000"], 0x98}, 0x1, 0x0, 0x0, 0x40}, 0x10)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0))
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4138ae84, &(0x7f0000000080)=@x86={0x6, 0xa, 0x7, 0x0, 0x3, 0x8d, 0xce, 0x1c, 0x89, 0xa0, 0x7, 0x8, 0x0, 0xe56, 0xb, 0x2, 0x8, 0x2, 0x1, '\x00', 0x9, 0x3ff})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000100001000000f5ffffffffffffff000a14000000060a0000000000000000000002"], 0x3c}}, 0x0)
mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f00000000c0)='nfs\x00', 0x0, &(0x7f0000000000)='\x06\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xd9z\x81\x91\x8aP}I\xc6\x0e\xd9\v\xda\xbfS\x16 \x04\r\xcd\xdb\x9a\xd4\xaf\r\x11\xa0\xd7\xd7\xb6\x9bz\x99\xaf\xfd\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x00<r\xe9\x9cD\x90\xce\xe1\xc5\x85=\\!\xbbQ\xde\xc3\xe3\x7f\xcf\x1f\x17G\xa6\x13\xae\x92 \x1c\xbf\xfa\xe8e\x8cD\"\xa3w')
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000000000001000084ffffffff000000000200000006000000000000000000000903000000000000000000000602"], 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206010100000000000000000000000005000100070000000900020073797a30000000001400078005"], 0x5c}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c0000000306050000000000000000000000000105000100070002006ae9136f4e7a893a1c98d8df16f441b942fc7305"], 0x1c}, 0x1, 0x0, 0x0, 0x24040800}, 0x8d0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000002800000028000000020000000100000000000001e5ff0000400000000000000001000084080000000000000001"], 0x0, 0x42, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)

7.257113523s ago: executing program 0 (id=488):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000540)=@nat={'nat\x00', 0x8, 0x5, 0x4a0, 0xec, 0x208, 0xffffffff, 0x2f4, 0xec, 0x3d8, 0x3d8, 0xffffffff, 0x3d8, 0x3d8, 0x5, 0x0, {[{{@ipv6={@loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [], [], 'ip6erspan0\x00', 'wg2\x00'}, 0x0, 0xa4, 0xec}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x5, @ipv4=@private, @ipv4=@loopback}}}, {{@uncond, 0x0, 0xd4, 0x11c, 0x0, {}, [@common=@ah={{0x30}, {[0x4d6, 0x4d5], 0x5, 0xfd, 0x6}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x0, @ipv4=@private, @ipv6=@dev, @port=0x4e24}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev, [0x0, 0xffffff00], [], 'veth1_to_hsr\x00', 'veth0_vlan\x00', {}, {}, 0x29}, 0x0, 0xa4, 0xec}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv6=@dev, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @port, @gre_key}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @local, [], [], 'vlan0\x00', 'macvtap0\x00'}, 0x0, 0xa4, 0xe4}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "8100000000000000000000005b37f9ca83139d1d43f7ff00"}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x4fc)
sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x20, r1, 0x137807930df1d3d, 0x70bd2b, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000880}, 0x20004844)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r3)
sendmsg$IEEE802154_LLSEC_ADD_KEY(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x20, r4, 0x607, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x20004080}, 0x24044884)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0xece02be247bbc47b}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x4c, r4, 0x100, 0x70bd2c, 0x25dfdbfc, {}, [@IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x4}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x4}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x2}]}, 0x4c}, 0x1, 0x0, 0x0, 0xc2841}, 0x8051)

7.040703589s ago: executing program 0 (id=489):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="a5000000020603000000000000070000000900020073797a320000000005000100070000004000078005000300070000000c00028008000140ac1414aa0800084000000040080017400000000808000a4000000a0d060004404e20000005001400060000000900020073797a32000000000500050003000000"], 0x84}, 0x1, 0x0, 0x0, 0x40810}, 0x8140)
landlock_create_ruleset(&(0x7f00000003c0)={0x100}, 0x18, 0x2)
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x8001000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x354, 0x0, 0x11, 0x148, 0x0, 0x0, 0x2c0, 0x2a8, 0x2a8, 0x2c0, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x1c0, 0x208, 0x4003, {}, [@common=@inet=@hashlimit2={{0x150}, {'ip6_vti0\x00', {0x9, 0x3, 0x13, 0x3ff, 0x8, 0x6, 0x80000001, 0x18, 0x8}, {0x7}}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x5}}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00', {0xff}, {}, 0x0, 0x0, 0x1}, 0x0, 0x70, 0xb8}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00', 0x1, 0x4, {0x100}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x3b0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x63b5, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x20200, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x800, 0x34324152, 0x2, 0xb, [{}, {}, {0xfffffffd}, {0xfffffffd}, {}, {0x0, 0x1000000}], 0x0, 0x0, 0x0, 0x1}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20004080}, 0x4)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
sendmsg$NL80211_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040004}, 0x4000)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20)
connect$l2tp6(r2, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20)
syz_io_uring_submit(0x0, 0x0, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00'})

6.952084804s ago: executing program 4 (id=490):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22, 0x0, @rand_addr, 0x99f}, 0x1c)
prlimit64(0x0, 0xb, &(0x7f0000000140), 0x0)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

5.847997845s ago: executing program 4 (id=491):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r0 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f0000000080)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000611968400000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000380)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r1=>0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0)
io_submit(r1, 0x3, &(0x7f00000002c0)=[&(0x7f0000000280)={0xffffff7f00000000, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000140)='i', 0x1}])

5.611641693s ago: executing program 4 (id=492):
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000080)=ANY=[@ANYRESOCT=r0], 0x57)
r1 = socket$netlink(0x10, 0x3, 0x0)
writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="200000001300034700bb65e1c3e4ffff01000000010000005600000025000000", 0x20}], 0x1)
setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000014"], 0x30}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'macvlan0\x00', <r4=>0x0})
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=0x4)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bond0\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c00000010000304000000000000000000000400", @ANYRES32=r7, @ANYBLOB="60bc010004a701003c00128009000100626f6e64000000002c"], 0x5c}, 0x1, 0x0, 0x0, 0x11}, 0x4000044)
sendmsg$nl_route(r1, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f00000001c0)=@ipmr_newroute={0x160, 0x18, 0x100, 0x70bd25, 0x25dfdbfb, {0x80, 0x20, 0x10, 0x7, 0xfc, 0x0, 0xfd, 0x7, 0x2000}, [@RTA_NH_ID={0x8, 0x1e, 0x9}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @SEG6_LOCAL_TABLE={0x8, 0x3, 0x9}}, @RTA_PRIORITY={0x8, 0x6, 0x8}, @RTA_METRICS={0xee, 0x8, 0x0, 0x1, "73f8aafef389b3c8cb8544425d22e6f972e40df181bbd49478e81f280284d85bfd6c3a51d2347b470c559db26f5dbc61ebb4a7f0fe0fadaa9a2aab64748ba155855615fbc566504cd448f6fd0044717315b27e87f82a3339cd78299968e4221c05490e78ca95b3dd1f731d642942ad1521d70741a7785e51f4a993ba28b993d004d5bc0648c3a52be35f52513b5b0cdd19db9f68fb6925dc228247cf126d0b983758bde25ab718152a21f33ebb36c6f9ca383c54a191f30581c4a5e6b74c802d5ec67d6804bde87608d78aaa56dd8e3b3559a83688ad8ecadccf5fa60f2c307ba3a3b72565d2eb6a3c03"}, @RTA_PREFSRC={0x8, 0x7, @rand_addr=0x64010102}, @RTA_OIF={0x8, 0x4, r4}, @RTA_DST={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @RTA_NH_ID={0x8}, @RTA_MULTIPATH={0xc, 0x9, {0x2, 0x3, 0x1c, r5}}, @RTA_MULTIPATH={0xc, 0x9, {0x5, 0x0, 0xf8, r7}}]}, 0x160}, 0x1, 0x0, 0x0, 0x4000}, 0x20000881)

1.269884078s ago: executing program 4 (id=493):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) (async, rerun: 64)
r4 = socket$inet6(0xa, 0x2, 0x0) (rerun: 64)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00', 0x800, 0x0, 0x103, 0x1}, 0x20) (async)
sendmsg$inet6(r4, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0x0, @loopback}, 0x1c, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="5c000000290000000b0000000008000000000000c910fe880000000000000000000000000001cd10ff0200000000000000000000000000010720000000000600000000000000000000000000000000000000000000bcb0cd88de33ab9c257e8900000000000000"], 0x5c}, 0x0) (async, rerun: 32)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd27, 0x7ffa, {0x0, 0x0, 0x0, r3, {0x5, 0x7}, {}, {0x71022c39d5e9904c, 0xffff}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_CT_ZONE_MASK={0x6}, @TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x809f}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x200c0e9}, 0x20000004) (rerun: 32)

1.004789276s ago: executing program 0 (id=494):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x106, 0x5}}, 0x20)
write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f0000000180)={0x5, 0x10, 0xc7, {&(0x7f0000002200), r1}}, 0x18)
r2 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r2, 0x8)
r3 = accept4(r2, 0x0, 0x0, 0x0)
r4 = socket(0x22, 0x2, 0x24)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000001840)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="c7", 0x1}], 0x1, 0x0, 0x0, 0x8054}}], 0x1, 0x4000045)
sendto$inet(r3, &(0x7f00000002c0)="cc", 0x1, 0x880, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000100)={0x3}, 0x10)
sendto$inet(r3, &(0x7f0000000300)="b3", 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f00000003c0)={0x0, 0x4}, 0x8)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r5 = getpid()
process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendto$inet6(r3, &(0x7f00000001c0)="0000000096aafa630573a0778ce5093dd6ea7c4c7c6a6d4715c3ad3c99d7584292aabe4a7f5aa37b2ec0f62a050ef4cd1be0bee54c3c769abb1ead9fb585029a47ea44f92b6aaa5fe69f62c80d88529f300ef9f58ebcd3ede40bcda2cd9261f4dbb87bc13f71eed7a16928a505000000000000009f0656959127934f248dc784ff1df9ed3676be78f32c9e16c35f32827a2f1e01bd59eeca3b0e87dc3ecd917991914a722f", 0xa5, 0x8840, 0x0, 0x0)
close(r3)
msgget$private(0x0, 0x2)

921.575842ms ago: executing program 2 (id=495):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x106, 0x5}}, 0x20)
write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f0000000180)={0x5, 0x10, 0xfa00, {&(0x7f0000002200), r1}}, 0x18) (fail_nth: 4)
r2 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r2, 0x8)
r3 = accept4(r2, 0x0, 0x0, 0x0)
r4 = socket(0x22, 0x2, 0x24)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000001840)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="c7", 0x1}], 0x1, 0x0, 0x0, 0x8054}}], 0x1, 0x4000045)
sendto$inet(r3, &(0x7f00000002c0)="cc", 0x1, 0x880, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000100)={0x3}, 0x10)
sendto$inet(r3, &(0x7f0000000300)="b3", 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f00000003c0)={0x0, 0x4}, 0x8)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r5 = getpid()
process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendto$inet6(r3, &(0x7f00000001c0)="0000000096aafa630573a0778ce5093dd6ea7c4c7c6a6d4715c3ad3c99d7584292aabe4a7f5aa37b2ec0f62a050ef4cd1be0bee54c3c769abb1ead9fb585029a47ea44f92b6aaa5fe69f62c80d88529f300ef9f58ebcd3ede40bcda2cd9261f4dbb87bc13f71eed7a16928a505000000000000009f0656959127934f248dc784ff1df9ed3676be78f32c9e16c35f32827a2f1e01bd59eeca3b0e87dc3ecd917991914a722f", 0xa5, 0x8840, 0x0, 0x0)
close(r3)
msgget$private(0x0, 0x2)

438.027364ms ago: executing program 2 (id=496):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000d042abd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="01000000000000002400128009000100626f6e640000000014000280050001000600000005001b"], 0x44}}, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000e40)='ns\x00')
getdents64(r1, &(0x7f0000000e80)=""/4096, 0x1000)
getdents(r1, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010126bd7000000000002b00000008000300", @ANYRES32=r5, @ANYBLOB="0500343dcd692e633632e5c329017b2097bc00000008006b009d0000000000709cf9d1b9734e0da0b6e4d4dcb4e13d7bdf994827d87b743cf18a2f60353b238e495fd4493eabfcd435af22db492afac6be82bf8606776970a729409a62a25b5b16bd5fcf3f035168c841c6580984d5b76df4993807b6494ec6701a8063f568cbdf794bd3938dbdd65634fb9f8646f50fbf28f459a9781655cc0900feb90a8b960c6bdd75ef4dabe1153c2a86515ce13087226ad7b63fec128a15c79957ea16efe1d17a1db42db81cdc1c7f7199d4442723c760b041601c7658cf4d6ed7"], 0x34}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
sendmsg$NL80211_CMD_SET_QOS_MAP(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0xac, r2, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x7, 0x60}}}}, [@NL80211_ATTR_QOS_MAP={0x1c, 0xc7, {[{0xa, 0x4}, {0x6, 0x5}, {0x4, 0x2}, {0x2, 0x6}, {0x5, 0x4}, {0x3, 0x1}, {0xe}, {0x9}], "6b7d7e5a33dafd79"}}, @NL80211_ATTR_QOS_MAP={0x2e, 0xc7, {[{0x7f, 0x2}, {0xb}, {0x56, 0x7}, {0x9, 0x6}, {0x1, 0x3}, {0x4, 0x1}, {0x0, 0x3}, {0x7, 0x5}, {0x7f, 0x7}, {0x6, 0x7}, {0x0, 0x7}, {0x8, 0x3}, {0x0, 0x1}, {0x9, 0xff}, {0x8, 0x5}, {0x2, 0x3}, {0xb0}], "73214f70eae974c6"}}, @NL80211_ATTR_QOS_MAP={0x36, 0xc7, {[{0x6, 0x2}, {0x81, 0x7}, {0xa1, 0x6}, {0xd6, 0x2}, {0x71, 0x1}, {0xb0, 0x6}, {0x28, 0x1}, {0x5, 0x3}, {0x9}, {0xfa, 0x7}, {0x7, 0x4}, {0x1e, 0x6}, {0x5, 0x6}, {0x9, 0x3}, {0x2, 0x2}, {0xd, 0x3}, {0x4f, 0x6}, {0x8, 0x5}, {0x5, 0x3}, {0xc, 0x2}, {0x0, 0x4}], "c13db8ec91e5041c"}}]}, 0xac}, 0x1, 0x0, 0x0, 0x40000}, 0x8080)

358.957489ms ago: executing program 0 (id=497):
r0 = openat$rdma_cm(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0xffffffffffffffff, &(0x7f0000000100)={<r1=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_DISCONNECT(r0, &(0x7f0000000240)={0xa, 0x4, 0xfa00, {r1}}, 0xc)
syz_init_net_socket$ax25(0x3, 0x2, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xe, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x2c, 0x2, [@TCA_FQ_CODEL_TARGET={0x8, 0x1, 0x6}, @TCA_FQ_CODEL_QUANTUM={0x8, 0x6, 0xce}, @TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0x8000}, @TCA_FQ_CODEL_MEMORY_LIMIT={0x8, 0x9, 0x2}, @TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0xc}]}}]}, 0x60}}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_NOACK_MAP(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="090126bd7000ffdbdf255700000008000300", @ANYRES32=r4, @ANYBLOB="0600950001000000"], 0x24}}, 0x14)

358.542611ms ago: executing program 4 (id=498):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x38, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40004}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_ROLE={0x8}]}}}]}, 0x38}}, 0x0)
socket(0x10, 0x3, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000dc0)=ANY=[@ANYBLOB="b7000000a5517f5fbfa30000000000000703000028feffff720af0fff8ffffff71a4f0ff00000000b7060000000000012e400300000000006506020001cd00007118540000000000c3640000000000006b0a00fe00000000850000002e000000b7000000000000009500000000000000023bc065b7a379d179fc9e94af69912435f1b6a693172e6191a12bebf9f9804ea033388cd15b65877ad4b200000000000000000beca090f32050e436fe275daf51efd601b6bf01c8e8b1abe4fef3bef7074815ae98743d1ace4c46631256dd19aed0d600c0b6199fe3ff3128e599b0eaebbdbd7359a48f5b0afc3996792043a6787bac46aa7aa400000000000069669622208266f896ba2c9e73c2efeec2dc565fbafb2cb63f5fef9ab79ff8abaa8a08f54a062107e9bb3e980fff675c8d3e91df6648a7a6aebcb63e0867b75690152af27711f0cbb9c06018d21bf3f87b8eb65323b4267a526d53442db8e48dbc5ce47d67d07441a7975d5e41b14fd0154a8246249952a8b61633ce068220defe09d3b1136af6d03e9cf996c13d1bfcdc54567a9ca80dec2e943fe4ae7c617cc071f7add70cfbd48f8f6b50fe6a8297d88efa73e7e601040000b4a685969f28902bdecf66ef39755de79ed2c711477febc96231a53984d00877301d0ec62427a8e38618fdd1ce9aaed569ebc5f2e58d6028e66139a737cc7146a131d47dcebb32ed67021d76e983223c998aec22242ae54e87f438d26982876b58f9134366952f7399a733f07138a736924f3709000000e97f0c117ec439c6b7b965752bbc06eced08d97a32ae4b1ad4d11c5b6f68ee841975233e4cea13f3ef04b2cab9cc256d4539dbafd888c7097c1169e0bebcc81ca3da40bf34b6c9c1da2d6ed8acaf2a8091820ff4cf6be74ddca8bf2eed0e11b2139e8c3ec95436af5269d5792decda7d8b5dcf8640b504ba23c6d0a7f67cdfd27328100ebf9319a56f0f9cee17deecf747f3493f1dc39551f4c9a40b3e93fa80b8234ccbf39a9ef09bd97321f0dc20956f44ba2c5ec2e7569b05cf4690ddc189f174046a8b214acf23f42fb51ed4819e6b4cb5a8bf2b559d0c198fe0315483b8beb9801d06c58b22dd713fe3b7ef18e21081aacfd091b754125a488cea18255f79bebcb3051f622f8a1d9af1908e88a58774a24f35a4ccdbedea6212286c23dd89c2b4b90647f17231472af8dda7f3ab20f093aad3ce875f7458039ee6d0a50deb7bc8eb393f056a5e7725531c5485278e0362338e2e2710fe00465e0d182a322091022cf5b814eeb9b3cab21196581e4d92d0b6fe5525285eea359274f1f21d69233bbe94941f10ba292100000000000000000000000000000000c18e93a0c5231779f2ee201e9fe7e63e84b57b5f05ecd278919bad330ffcb594b8255b3085b352ca9533d6c31c1a30158c30352f8a126a65cb6582e58aa641007418611df53a601c3a8fb8d2286e86abf98136f345446730f68f5d6d1817a9e1b09e5650d2599fbe719a45337d29eb3fef5f7f565457660dec6fe903a1c2ea4f40a8ea1c179892afa219fc69a44163f0d731de418e9fd82a8c4661caea674b19242d1840d047882f640ea248457288c5ffb63e857da03ff5c0475c3cfff41c4806f1dc750eb1c45ec3a2a0b064834010604d6f88a29e8e9bda2bc9c18d1b53a08f25d62ccaa46bc0235c830a7b3fe64bc6031b431bcad6b698a1ba6027870ea9e55fafbbf140c5f82a33ee4ac793b989c12a5827a7957f4d8136cf918b7cbf5bc5fc64c8001992536584586edded6f65bdd371ac84fd5cc60ab79b84e9e85a1c54d5666a5d133e95eff121621dff14b9de7a188b8c5387f9da63c2cce405bc44079e34e2db2b275bfbb54841d647338cad74be91144b780cf381a6860f641446ef73bd11d45f5e4df8f3c6440d8425fd7382225cf8c2cada01bf3cd5cbc6a403173e0c89a491c75efc3c21b7825a521c6011945eef94abc3000000000000000000000000000000d71b794e9b4c145caf050429937eef4364d9e1cbe9150bccd9b2e73757f1f5e8ac50736cd3cbc029ede2869642841371bb4b9c1aaa8826889a909e6716b60e4b568b6761f8ccc7d35b0e66357746b10fc481b47e67f1e14408c1ef3e018a5e647e3f607654f3bf82bcfb42be038a272d82f8362944f608b3810000000019fda0b1b607f1ab34194ed954973f7a5accc0938d3364ab07574d0b32fc30f3ab73d012b63ee905e98ab6989ec2c840cd216eb18fedfb3b204e94e170bae930660368d3799c9b1bf7556ac57164966791626f06ad2e332341965f72141ec140b80efd7720ccdaa890b79bc4523386bd66553121543c9a35b7adcf2f6b257fefef1d6e1da2ee94d3f822bf45aad21e5b5a3788ab584090664065af39b0f43968dcd7c5f8e5a8dc6298691423fbf7e8e012260bc62f9422434a547ef7ca37953d435098d9b71edd1a03e46d0ade465d0c0db0a51f9e29cac05e5a04f94e"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x45, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) (async)
setsockopt$packet_int(r1, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_HEADER(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x14, 0xc, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4040000) (async)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='comm\x00')
writev(r3, &(0x7f0000000340)=[{&(0x7f0000000140)="a1", 0x1}, {0x0, 0x2}], 0x2) (async)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c) (async)
ioctl$SOUND_OLD_MIXER_INFO(r3, 0x80304d65, &(0x7f0000000200)) (async)
r5 = socket$inet6(0x10, 0x2, 0x4) (async, rerun: 64)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 64)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x80}, 0x1, 0x0, 0x0, 0x840}, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000380)='westwood\x00', 0x9) (async)
sendto$inet6(r5, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784006000000000000030038c88cc055c5ac27a6410135e6bf46d323452532005ad94af37ff4fee9bdb942352345807cb9cd278cbb792cd868b051", 0x4c, 0x20000000, 0x0, 0x0) (async, rerun: 64)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) (rerun: 64)
ioctl$PIO_UNIMAPCLR(r7, 0x4b68, 0x0)

120.640178ms ago: executing program 2 (id=499):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22, 0x0, @rand_addr, 0x99f}, 0x1c)
prlimit64(0x0, 0xb, &(0x7f0000000140), 0x0)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x3, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000000c0), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

206.701µs ago: executing program 4 (id=500):
r0 = openat$ttynull(0xffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x19)
ioctl$TCFLSH(r0, 0x40085500, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast1}, 0x10)
userfaultfd(0x801)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
exit(0x0)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x482)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x3}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$MEDIA_IOC_G_TOPOLOGY(0xffffffffffffffff, 0xc0487c04, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
dup(0xffffffffffffffff)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f90124fc60", 0x14}], 0x1}, 0x80)
recvmsg$kcm(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000002240)=[{&(0x7f00000011c0)=""/4080, 0xff67}, {&(0x7f00000000c0)=""/118, 0x76}, {&(0x7f0000000140)=""/70, 0x46}], 0x3}, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000080), 0x40100001, 0x20400)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1})

0s ago: executing program 0 (id=501):
umount2(&(0x7f0000000180)='./file0\x00', 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e64"])
ioctl$SNDCTL_SEQ_GETOUTCOUNT(0xffffffffffffffff, 0x80045104, &(0x7f0000000140))
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'macvtap0\x00'})
socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
setsockopt$bt_BT_SECURITY(r1, 0x112, 0x4, &(0x7f0000003000)={0x2}, 0x2)

kernel console output (not intermixed with test programs):

ank timer overrun
[  109.105500][ T6401] netlink: 32 bytes leftover after parsing attributes in process `syz.0.89'.
[  109.310361][ T5957] Bluetooth: hci4: command tx timeout
[  109.394885][ T1455] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  109.399734][ T1455] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  109.458529][ T1455] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  109.465899][ T1455] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  109.469971][ T1455] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  109.481439][ T6405] FAULT_INJECTION: forcing a failure.
[  109.481439][ T6405] name failslab, interval 1, probability 0, space 0, times 0
[  109.487598][ T6405] CPU: 0 UID: 0 PID: 6405 Comm: syz.2.90 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
[  109.487642][ T6405] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  109.487651][ T6405] Call Trace:
[  109.487659][ T6405]  <TASK>
[  109.487665][ T6405]  dump_stack_lvl+0x16c/0x1f0
[  109.487692][ T6405]  should_fail_ex+0x512/0x640
[  109.487711][ T6405]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  109.487730][ T6405]  should_failslab+0xc2/0x120
[  109.487751][ T6405]  __kmalloc_cache_noprof+0x6a/0x3e0
[  109.487768][ T6405]  ? __asan_memcpy+0x3c/0x60
[  109.487781][ T6405]  ? sctp_association_new+0xbb/0x2a00
[  109.487798][ T6405]  ? sctp_add_bind_addr+0x2a1/0x3f0
[  109.487821][ T6405]  sctp_association_new+0xbb/0x2a00
[  109.487842][ T6405]  sctp_connect_new_asoc+0x1b6/0x790
[  109.487863][ T6405]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  109.487886][ T6405]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  109.487905][ T6405]  sctp_sendmsg+0x15f9/0x1ee0
[  109.487930][ T6405]  ? __pfx_sctp_sendmsg+0x10/0x10
[  109.487958][ T6405]  ? __might_fault+0xe3/0x190
[  109.487978][ T6405]  ? __pfx_aa_sk_perm+0x10/0x10
[  109.488000][ T6405]  ? __pfx_sctp_sendmsg+0x10/0x10
[  109.488018][ T6405]  inet_sendmsg+0x119/0x140
[  109.488035][ T6405]  __sys_sendto+0x431/0x510
[  109.488055][ T6405]  ? __pfx___sys_sendto+0x10/0x10
[  109.488092][ T6405]  ? ksys_write+0x1b9/0x240
[  109.488110][ T6405]  ? __pfx_ksys_write+0x10/0x10
[  109.488129][ T6405]  __ia32_sys_sendto+0xdd/0x1b0
[  109.488148][ T6405]  ? lockdep_hardirqs_on+0x7c/0x110
[  109.488170][ T6405]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  109.488192][ T6405]  __do_fast_syscall_32+0x73/0x120
[  109.488215][ T6405]  do_fast_syscall_32+0x32/0x80
[  109.488237][ T6405]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  109.488256][ T6405] RIP: 0023:0xf70ae579
[  109.488270][ T6405] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  109.488291][ T6405] RSP: 002b:00000000f507d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000171
[  109.488307][ T6405] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800000c0
[  109.488318][ T6405] RDX: 0000000000000001 RSI: 000000000000c0fe RDI: 0000000080000100
[  109.488327][ T6405] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000
[  109.488336][ T6405] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  109.488345][ T6405] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  109.488365][ T6405]  </TASK>
[  109.507370][ T6377] team0: Port device team_slave_0 added
[  109.512172][ T1455] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  109.512213][ T1455] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  109.512232][ T1455] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  109.512250][ T1455] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  109.512268][ T1455] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  109.512295][ T1455] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  109.512314][ T1455] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  109.512332][ T1455] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  109.512350][ T1455] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  109.512367][ T1455] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  109.512385][ T1455] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  109.539822][ T1455] hid-generic FFF9:0000:0203.0002: hidraw1: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  109.558765][ T6377] team0: Port device team_slave_1 added
[  109.839900][ T6405] warning: `syz.2.90' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  109.977336][ T6377] batman_adv: batadv0: Adding interface: batadv_slave_0
[  109.981733][ T6377] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.000372][    C1] vkms_vblank_simulate: vblank timer overrun
[  110.004562][ T6377] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.042258][ T6377] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.045132][ T6377] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.086328][ T6377] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  110.245389][    C1] vkms_vblank_simulate: vblank timer overrun
[  110.409212][ T1136] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.443721][    C1] vkms_vblank_simulate: vblank timer overrun
[  110.751814][    C1] vkms_vblank_simulate: vblank timer overrun
[  110.783781][    C1] vkms_vblank_simulate: vblank timer overrun
[  110.806050][ T1454] Process accounting resumed
[  110.860244][ T1136] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.017800][ T6377] hsr_slave_0: entered promiscuous mode
[  111.036853][ T6377] hsr_slave_1: entered promiscuous mode
[  111.039796][ T6377] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  111.044508][ T6377] Cannot create hsr debugfs directory
[  111.205415][ T1136] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.440149][ T5957] Bluetooth: hci4: command tx timeout
[  111.451727][    C1] vkms_vblank_simulate: vblank timer overrun
[  111.615672][    C1] vkms_vblank_simulate: vblank timer overrun
[  111.832067][ T1136] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.129425][ T6432] FAULT_INJECTION: forcing a failure.
[  112.129425][ T6432] name failslab, interval 1, probability 0, space 0, times 0
[  112.138583][ T6432] CPU: 3 UID: 0 PID: 6432 Comm: syz.3.97 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
[  112.138608][ T6432] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  112.138618][ T6432] Call Trace:
[  112.138625][ T6432]  <TASK>
[  112.138632][ T6432]  dump_stack_lvl+0x16c/0x1f0
[  112.138659][ T6432]  should_fail_ex+0x512/0x640
[  112.138681][ T6432]  should_failslab+0xc2/0x120
[  112.138702][ T6432]  __kmalloc_cache_noprof+0x6a/0x3e0
[  112.138717][ T6432]  ? __pfx___might_resched+0x10/0x10
[  112.138734][ T6432]  ? __hw_addr_add_ex+0x3c9/0x7c0
[  112.138752][ T6432]  __hw_addr_add_ex+0x3c9/0x7c0
[  112.138770][ T6432]  ? __pfx___hw_addr_add_ex+0x10/0x10
[  112.138783][ T6432]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  112.138809][ T6432]  ? __pfx_macsec_setup+0x10/0x10
[  112.138823][ T6432]  dev_addr_init+0x161/0x250
[  112.138839][ T6432]  ? __pfx_dev_addr_init+0x10/0x10
[  112.138862][ T6432]  alloc_netdev_mqs+0x3d2/0x1570
[  112.138889][ T6432]  rtnl_create_link+0xc10/0xfa0
[  112.138912][ T6432]  rtnl_newlink+0xb69/0x2000
[  112.138939][ T6432]  ? __pfx_rtnl_newlink+0x10/0x10
[  112.138970][ T6432]  ? kfree_skbmem+0x1a4/0x1f0
[  112.138994][ T6432]  ? rcu_is_watching+0x12/0xc0
[  112.139010][ T6432]  ? trace_cap_capable+0x18d/0x200
[  112.139032][ T6432]  ? find_held_lock+0x2b/0x80
[  112.139046][ T6432]  ? __pfx_rtnl_newlink+0x10/0x10
[  112.139065][ T6432]  ? __pfx_rtnl_newlink+0x10/0x10
[  112.139083][ T6432]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  112.139105][ T6432]  ? __pfx_rtnl_newlink+0x10/0x10
[  112.139126][ T6432]  rtnetlink_rcv_msg+0x95b/0xe90
[  112.139148][ T6432]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  112.139189][ T6432]  netlink_rcv_skb+0x16a/0x440
[  112.139211][ T6432]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  112.139232][ T6432]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  112.139264][ T6432]  ? netlink_deliver_tap+0x1ae/0xd30
[  112.139288][ T6432]  netlink_unicast+0x53a/0x7f0
[  112.139311][ T6432]  ? __pfx_netlink_unicast+0x10/0x10
[  112.139337][ T6432]  netlink_sendmsg+0x8d1/0xdd0
[  112.139361][ T6432]  ? __pfx_netlink_sendmsg+0x10/0x10
[  112.139384][ T6432]  ? __import_iovec+0x1c8/0x660
[  112.139409][ T6432]  ____sys_sendmsg+0xa95/0xc70
[  112.139426][ T6432]  ? __pfx_____sys_sendmsg+0x10/0x10
[  112.139439][ T6432]  ? get_compat_msghdr+0x11a/0x170
[  112.139469][ T6432]  ___sys_sendmsg+0x134/0x1d0
[  112.139490][ T6432]  ? __pfx____sys_sendmsg+0x10/0x10
[  112.139537][ T6432]  __sys_sendmsg+0x16d/0x220
[  112.139557][ T6432]  ? __pfx___sys_sendmsg+0x10/0x10
[  112.139616][ T6432]  ? rcu_is_watching+0x12/0xc0
[  112.139636][ T6432]  __do_fast_syscall_32+0x73/0x120
[  112.139659][ T6432]  do_fast_syscall_32+0x32/0x80
[  112.139679][ T6432]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  112.139697][ T6432] RIP: 0023:0xf7f53579
[  112.139709][ T6432] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  112.139723][ T6432] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  112.139739][ T6432] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[  112.139747][ T6432] RDX: 0000000000008000 RSI: 0000000000000000 RDI: 0000000000000000
[  112.139755][ T6432] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  112.139764][ T6432] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  112.139772][ T6432] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  112.139791][ T6432]  </TASK>
[  112.299755][ T6377] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  112.465610][ T6377] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  112.538113][ T6377] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  112.613248][ T6377] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  112.649083][    C1] vkms_vblank_simulate: vblank timer overrun
[  112.698978][    C1] vkms_vblank_simulate: vblank timer overrun
[  112.951459][ T6377] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.982203][ T6377] 8021q: adding VLAN 0 to HW filter on device team0
[  113.044927][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.064447][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.069198][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.074184][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.085593][ T1136] bridge_slave_1: left allmulticast mode
[  113.088847][ T1136] bridge_slave_1: left promiscuous mode
[  113.091632][ T1136] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.147519][ T1136] bridge_slave_0: left allmulticast mode
[  113.150334][ T1136] bridge_slave_0: left promiscuous mode
[  113.152560][ T1136] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.480692][ T5957] Bluetooth: hci4: command tx timeout
[  113.690398][    C1] vkms_vblank_simulate: vblank timer overrun
[  113.912114][ T1136] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  113.945649][ T1136] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  113.970643][ T1136] bond0 (unregistering): Released all slaves
[  114.195460][ T6449] netlink: 32 bytes leftover after parsing attributes in process `syz.3.101'.
[  114.555316][ T6377] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.849757][    C1] vkms_vblank_simulate: vblank timer overrun
[  115.016257][    C1] vkms_vblank_simulate: vblank timer overrun
[  115.133994][    C1] vkms_vblank_simulate: vblank timer overrun
[  115.136311][ T6482] fuse: Invalid rootmode
[  115.206590][ T6486] netlink: 6 bytes leftover after parsing attributes in process `syz.0.104'.
[  115.339622][ T1136] hsr_slave_0: left promiscuous mode
[  115.342579][ T1136] hsr_slave_1: left promiscuous mode
[  115.345304][ T1136] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  115.348331][ T1136] batman_adv: batadv0: Removing interface: batadv_slave_0
[  115.352701][ T1136] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  115.355575][ T1136] batman_adv: batadv0: Removing interface: batadv_slave_1
[  115.391444][ T1136] veth1_macvtap: left allmulticast mode
[  115.409117][ T1136] veth1_macvtap: left promiscuous mode
[  115.421535][ T1136] veth0_macvtap: left promiscuous mode
[  115.424348][ T1136] veth1_vlan: left promiscuous mode
[  115.427430][ T1136] veth0_vlan: left promiscuous mode
[  115.560354][ T5957] Bluetooth: hci4: command tx timeout
[  116.931651][    C1] vkms_vblank_simulate: vblank timer overrun
[  117.634833][ T1136] team0 (unregistering): Port device team_slave_1 removed
[  117.783866][    C1] vkms_vblank_simulate: vblank timer overrun
[  117.839728][    C1] vkms_vblank_simulate: vblank timer overrun
[  117.922036][ T1136] team0 (unregistering): Port device team_slave_0 removed
[  118.383519][    C1] vkms_vblank_simulate: vblank timer overrun
[  118.590633][    C1] vkms_vblank_simulate: vblank timer overrun
[  118.731620][    C1] vkms_vblank_simulate: vblank timer overrun
[  119.035628][    C1] vkms_vblank_simulate: vblank timer overrun
[  119.269231][    C1] vkms_vblank_simulate: vblank timer overrun
[  120.232587][ T6377] veth0_vlan: entered promiscuous mode
[  120.256776][ T6377] veth1_vlan: entered promiscuous mode
[  120.403766][ T6377] veth0_macvtap: entered promiscuous mode
[  120.440781][ T6377] veth1_macvtap: entered promiscuous mode
[  120.496556][ T6377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  120.507422][ T6377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.520131][ T6377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  120.533076][ T6511] netlink: 8 bytes leftover after parsing attributes in process `syz.0.109'.
[  120.554576][ T6511] netlink: 8 bytes leftover after parsing attributes in process `syz.0.109'.
[  120.562350][ T6377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.567402][ T6377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  120.610409][ T6377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.629311][ T6377] batman_adv: batadv0: Interface activated: batadv_slave_0
[  120.637841][ T6377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.667533][ T6377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.678976][ T6377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.698099][ T6377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.704738][ T6377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.724071][ T6377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.738592][ T6377] batman_adv: batadv0: Interface activated: batadv_slave_1
[  120.832352][ T6377] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  120.855669][ T6377] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  120.859467][ T6377] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  120.887592][ T6377] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  121.050346][ T1455] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  121.261967][ T6524] netlink: 4 bytes leftover after parsing attributes in process `syz.0.112'.
[  121.292249][   T94] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.296707][   T94] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.301972][ T1455] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  121.310619][ T1455] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  121.315544][ T1455] usb 8-1: Product: syz
[  121.317946][ T1455] usb 8-1: Manufacturer: syz
[  121.321645][ T1455] usb 8-1: SerialNumber: syz
[  121.331367][ T1455] usb 8-1: config 0 descriptor??
[  121.422284][   T94] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.450114][   T94] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.556097][ T1455] usb 8-1: USB disconnect, device number 3
[  121.744444][ T1136] IPVS: stop unused estimator thread 0...
[  122.142684][ T6545] fuse: Invalid rootmode
[  122.211598][ T6547] netlink: 6 bytes leftover after parsing attributes in process `syz.4.116'.
[  125.398237][    C1] vkms_vblank_simulate: vblank timer overrun
[  125.903530][    C1] vkms_vblank_simulate: vblank timer overrun
[  126.063552][    C1] vkms_vblank_simulate: vblank timer overrun
[  126.185662][    C1] vkms_vblank_simulate: vblank timer overrun
[  126.275547][    C1] vkms_vblank_simulate: vblank timer overrun
[  126.411526][    C1] vkms_vblank_simulate: vblank timer overrun
[  126.444898][ T6575] netlink: 'syz.0.121': attribute type 3 has an invalid length.
[  126.448228][ T6575] netlink: 12 bytes leftover after parsing attributes in process `syz.0.121'.
[  127.020201][ T6021] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  127.223720][ T6021] usb 9-1: Using ep0 maxpacket: 8
[  127.229499][ T6021] usb 9-1: config 1 has an invalid descriptor of length 157, skipping remainder of the config
[  127.239182][ T6021] usb 9-1: config 1 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  127.251137][ T6021] usb 9-1: config 1 interface 0 has no altsetting 0
[  127.271572][    C1] vkms_vblank_simulate: vblank timer overrun
[  127.360650][ T6021] usb 9-1: New USB device found, idVendor=18d1, idProduct=502d, bcdDevice= 0.40
[  127.365680][ T6021] usb 9-1: New USB device strings: Mfr=67, Product=30, SerialNumber=3
[  127.372477][ T6021] usb 9-1: Product: syz
[  127.374837][ T6021] usb 9-1: Manufacturer: syz
[  127.377620][ T6021] usb 9-1: SerialNumber: syz
[  127.567755][ T5957] Bluetooth: min 0 < 6
[  127.796842][ T6021] usbhid 9-1:1.0: couldn't find an input interrupt endpoint
[  127.842368][ T6021] usb 9-1: USB disconnect, device number 2
[  127.846594][ T6608] FAULT_INJECTION: forcing a failure.
[  127.846594][ T6608] name failslab, interval 1, probability 0, space 0, times 0
[  127.883550][ T6608] CPU: 0 UID: 0 PID: 6608 Comm: syz.0.128 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
[  127.883575][ T6608] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  127.883585][ T6608] Call Trace:
[  127.883592][ T6608]  <TASK>
[  127.883599][ T6608]  dump_stack_lvl+0x16c/0x1f0
[  127.883628][ T6608]  should_fail_ex+0x512/0x640
[  127.883647][ T6608]  ? fs_reclaim_acquire+0xae/0x150
[  127.883676][ T6608]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  127.883698][ T6608]  should_failslab+0xc2/0x120
[  127.883720][ T6608]  __kmalloc_noprof+0xd2/0x510
[  127.883765][ T6608]  tomoyo_realpath_from_path+0xc2/0x6e0
[  127.883796][ T6608]  tomoyo_check_open_permission+0x2ab/0x3c0
[  127.883817][ T6608]  ? security_file_alloc+0x34/0x2b0
[  127.883839][ T6608]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  127.883858][ T6608]  ? ovl_path_open+0x198/0x1f0
[  127.883878][ T6608]  ? ovl_copy_up_flags+0x18d/0x200
[  127.883900][ T6608]  ? ovl_rename+0x7ee/0x1880
[  127.883942][ T6608]  ? do_raw_spin_lock+0x12c/0x2b0
[  127.883966][ T6608]  tomoyo_file_open+0x6b/0x90
[  127.883983][ T6608]  security_file_open+0x84/0x1e0
[  127.884005][ T6608]  do_dentry_open+0x596/0x1c10
[  127.884027][ T6608]  ? lockdep_init_map_type+0x5c/0x280
[  127.884054][ T6608]  vfs_open+0x82/0x3f0
[  127.884084][ T6608]  dentry_open+0x71/0xd0
[  127.884106][ T6608]  ovl_path_open+0x198/0x1f0
[  127.884128][ T6608]  ovl_copy_up_metadata+0x758/0x890
[  127.884152][ T6608]  ? __pfx_ovl_copy_up_metadata+0x10/0x10
[  127.884197][ T6608]  ovl_copy_up_one+0x1c67/0x38f0
[  127.884218][ T6608]  ? rcu_is_watching+0x12/0xc0
[  127.884237][ T6608]  ? __kasan_check_byte+0x13/0x50
[  127.884268][ T6608]  ? __pfx_ovl_copy_up_one+0x10/0x10
[  127.884289][ T6608]  ? __bfs+0x145/0x290
[  127.884312][ T6608]  ? check_irq_usage+0xcb/0x920
[  127.884382][ T6608]  ? dget_parent+0xf8/0x5e0
[  127.884414][ T6608]  ovl_copy_up_flags+0x18d/0x200
[  127.884441][ T6608]  ovl_rename+0x7ee/0x1880
[  127.884473][ T6608]  ? __pfx_ovl_rename+0x10/0x10
[  127.884499][ T6608]  ? down_write+0x14d/0x200
[  127.884524][ T6608]  ? __pfx_down_write+0x10/0x10
[  127.884556][ T6608]  vfs_rename+0xf61/0x2250
[  127.884590][ T6608]  ? __pfx_vfs_rename+0x10/0x10
[  127.895533][ T6608]  ? security_path_rename+0x136/0x3c0
[  127.895565][ T6608]  do_renameat2+0x82b/0xc90
[  127.895591][ T6608]  ? __pfx_do_renameat2+0x10/0x10
[  127.895608][ T6608]  ? find_held_lock+0x2b/0x80
[  127.895643][ T6608]  ? __might_fault+0xe3/0x190
[  127.895660][ T6608]  ? __might_fault+0x13b/0x190
[  127.895687][ T6608]  ? getname_flags.part.0+0x1c5/0x550
[  127.895711][ T6608]  __ia32_sys_renameat2+0xe7/0x130
[  127.895729][ T6608]  __do_fast_syscall_32+0x73/0x120
[  127.895752][ T6608]  do_fast_syscall_32+0x32/0x80
[  127.895771][ T6608]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  127.895788][ T6608] RIP: 0023:0xf710e579
[  127.895800][ T6608] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  127.895813][ T6608] RSP: 002b:00000000f50fe55c EFLAGS: 00000296 ORIG_RAX: 0000000000000161
[  127.895828][ T6608] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000a00
[  127.895836][ T6608] RDX: 00000000ffffff9c RSI: 0000000080000600 RDI: 0000000000000002
[  127.895844][ T6608] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  127.895852][ T6608] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  127.895859][ T6608] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  127.895878][ T6608]  </TASK>
[  128.355507][    C1] vkms_vblank_simulate: vblank timer overrun
[  128.387692][ T6608] ERROR: Out of memory at tomoyo_realpath_from_path.
[  128.390428][    C1] vkms_vblank_simulate: vblank timer overrun
[  129.017825][ T6635] netlink: 32 bytes leftover after parsing attributes in process `syz.3.130'.
[  129.116197][    C1] vkms_vblank_simulate: vblank timer overrun
[  129.463628][    C1] vkms_vblank_simulate: vblank timer overrun
[  129.501691][ T6642] trusted_key: encrypted_key: insufficient parameters specified
[  129.542847][ T6642] FAULT_INJECTION: forcing a failure.
[  129.542847][ T6642] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  129.572183][    C1] vkms_vblank_simulate: vblank timer overrun
[  129.641337][ T5957] Bluetooth: hci1: command tx timeout
[  129.643895][ T6642] CPU: 1 UID: 0 PID: 6642 Comm: syz.0.136 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
[  129.643921][ T6642] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  129.643931][ T6642] Call Trace:
[  129.643937][ T6642]  <TASK>
[  129.643943][ T6642]  dump_stack_lvl+0x16c/0x1f0
[  129.643970][ T6642]  should_fail_ex+0x512/0x640
[  129.643991][ T6642]  _copy_from_user+0x2e/0xd0
[  129.644012][ T6642]  generic_map_delete_batch+0x439/0x700
[  129.644040][ T6642]  ? __pfx_generic_map_delete_batch+0x10/0x10
[  129.644077][ T6642]  ? __pfx_generic_map_delete_batch+0x10/0x10
[  129.644102][ T6642]  bpf_map_do_batch+0x4af/0x670
[  129.644124][ T6642]  __sys_bpf+0x5fc/0x4d80
[  129.644148][ T6642]  ? __pfx___sys_bpf+0x10/0x10
[  129.644172][ T6642]  ? ksys_write+0x190/0x240
[  129.644192][ T6642]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  129.644226][ T6642]  ? fput+0x70/0xf0
[  129.644244][ T6642]  ? ksys_write+0x1b9/0x240
[  129.644260][ T6642]  ? __pfx_ksys_write+0x10/0x10
[  129.644280][ T6642]  __ia32_sys_bpf+0x76/0xe0
[  129.644296][ T6642]  __do_fast_syscall_32+0x73/0x120
[  129.644321][ T6642]  do_fast_syscall_32+0x32/0x80
[  129.644343][ T6642]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  129.644364][ T6642] RIP: 0023:0xf710e579
[  129.644378][ T6642] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  129.644392][ T6642] RSP: 002b:00000000f50fe55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  129.644409][ T6642] RAX: ffffffffffffffda RBX: 000000000000001b RCX: 0000000080000040
[  129.644419][ T6642] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000
[  129.644428][ T6642] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  129.644436][ T6642] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  129.644445][ T6642] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  129.644465][ T6642]  </TASK>
[  129.916684][ T6648] netlink: 4 bytes leftover after parsing attributes in process `syz.4.138'.
[  130.061002][    C1] vkms_vblank_simulate: vblank timer overrun
[  130.091443][ T6648] netlink: 'syz.4.138': attribute type 10 has an invalid length.
[  130.143287][ T6648] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.149765][ T6648] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.162132][ T6648] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.173210][ T6648] bridge0: port 2(bridge_slave_1) entered forwarding state
[  130.179123][ T6648] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.184387][ T6648] bridge0: port 1(bridge_slave_0) entered forwarding state
[  130.195925][ T6648] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  130.365642][ T6647] netlink: 'syz.4.138': attribute type 21 has an invalid length.
[  130.537434][ T6661] FAULT_INJECTION: forcing a failure.
[  130.537434][ T6661] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  130.545089][ T6661] CPU: 2 UID: 0 PID: 6661 Comm: syz.0.140 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
[  130.545114][ T6661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  130.545124][ T6661] Call Trace:
[  130.545133][ T6661]  <TASK>
[  130.545142][ T6661]  dump_stack_lvl+0x16c/0x1f0
[  130.545179][ T6661]  should_fail_ex+0x512/0x640
[  130.545205][ T6661]  _copy_to_user+0x32/0xd0
[  130.545229][ T6661]  simple_read_from_buffer+0xcb/0x170
[  130.545256][ T6661]  proc_fail_nth_read+0x197/0x270
[  130.545280][ T6661]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  130.545308][ T6661]  ? rw_verify_area+0xcf/0x680
[  130.545344][ T6661]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  130.545374][ T6661]  vfs_read+0x1de/0xc70
[  130.545402][ T6661]  ? __pfx___mutex_lock+0x10/0x10
[  130.545428][ T6661]  ? __pfx_vfs_read+0x10/0x10
[  130.545450][ T6661]  ? __fget_files+0x20e/0x3c0
[  130.545473][ T6661]  ksys_read+0x12a/0x240
[  130.545489][ T6661]  ? __pfx_ksys_read+0x10/0x10
[  130.545504][ T6661]  ? rcu_is_watching+0x12/0xc0
[  130.545523][ T6661]  ? rcu_is_watching+0x12/0xc0
[  130.545542][ T6661]  __do_fast_syscall_32+0x73/0x120
[  130.545567][ T6661]  do_fast_syscall_32+0x32/0x80
[  130.545590][ T6661]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  130.545609][ T6661] RIP: 0023:0xf710e579
[  130.545622][ T6661] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  130.545637][ T6661] RSP: 002b:00000000f50bc590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  130.545653][ T6661] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f50bc620
[  130.545663][ T6661] RDX: 000000000000000f RSI: 00000000f7472ff4 RDI: 0000000000000000
[  130.545672][ T6661] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  130.545681][ T6661] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  130.545690][ T6661] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  130.545712][ T6661]  </TASK>
[  131.056907][ T6670] fuse: Bad value for 'user_id'
[  131.059469][ T6670] fuse: Bad value for 'user_id'
[  131.331492][    C1] vkms_vblank_simulate: vblank timer overrun
[  131.363575][    C1] vkms_vblank_simulate: vblank timer overrun
[  131.437678][ T6675] netlink: 'syz.0.145': attribute type 11 has an invalid length.
[  131.464576][ T6675] netlink: 4 bytes leftover after parsing attributes in process `syz.0.145'.
[  131.736094][    C1] vkms_vblank_simulate: vblank timer overrun
[  131.740603][ T6675] input: syz0 as /devices/virtual/input/input7
[  132.030203][ T1454] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  132.200305][ T1454] usb 9-1: Using ep0 maxpacket: 32
[  132.247646][ T1454] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  132.393293][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  132.396175][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  132.499506][    C1] vkms_vblank_simulate: vblank timer overrun
[  132.661988][ T1454] usb 9-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  132.668240][ T1454] usb 9-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  132.710100][ T1454] usb 9-1: Product: syz
[  132.711560][ T1454] usb 9-1: Manufacturer: syz
[  132.754712][ T1454] usb 9-1: SerialNumber: syz
[  132.774289][ T1454] usb 9-1: config 0 descriptor??
[  132.810507][ T6699] netlink: 32 bytes leftover after parsing attributes in process `syz.3.150'.
[  132.923882][ T6681] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  133.141103][ T6681] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  133.148216][ T6681] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  133.231472][ T1454] usb 9-1: USB disconnect, device number 3
[  133.421951][    C1] vkms_vblank_simulate: vblank timer overrun
[  133.579526][    C1] vkms_vblank_simulate: vblank timer overrun
[  133.647461][    C1] vkms_vblank_simulate: vblank timer overrun
[  133.761626][ T6713] Driver unsupported XDP return value 0 on prog  (id 31) dev N/A, expect packet loss!
[  134.052433][ T6722] FAULT_INJECTION: forcing a failure.
[  134.052433][ T6722] name failslab, interval 1, probability 0, space 0, times 0
[  134.063174][ T6722] CPU: 1 UID: 0 PID: 6722 Comm: syz.3.157 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
[  134.063196][ T6722] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  134.063205][ T6722] Call Trace:
[  134.063211][ T6722]  <TASK>
[  134.063217][ T6722]  dump_stack_lvl+0x16c/0x1f0
[  134.063244][ T6722]  should_fail_ex+0x512/0x640
[  134.063262][ T6722]  ? __kvmalloc_node_noprof+0x122/0x600
[  134.063281][ T6722]  should_failslab+0xc2/0x120
[  134.063300][ T6722]  __kvmalloc_node_noprof+0x135/0x600
[  134.063316][ T6722]  ? bpf_test_init.isra.0+0x9e/0x140
[  134.063334][ T6722]  ? kasan_save_stack+0x42/0x60
[  134.063348][ T6722]  ? __pfx_kasan_save_stack+0x1/0x10
[  134.063362][ T6722]  ? bpf_test_run_xdp_live+0x16b/0x500
[  134.063403][ T6722]  ? __kasan_kmalloc+0xaa/0xb0
[  134.063422][ T6722]  ? bpf_test_run_xdp_live+0x16b/0x500
[  134.063437][ T6722]  bpf_test_run_xdp_live+0x16b/0x500
[  134.063459][ T6722]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  134.063485][ T6722]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  134.063522][ T6722]  ? _copy_from_user+0x59/0xd0
[  134.063540][ T6722]  ? bpf_test_init.isra.0+0x6b/0x140
[  134.063559][ T6722]  bpf_prog_test_run_xdp+0x824/0x1540
[  134.063587][ T6722]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  134.063607][ T6722]  ? __might_fault+0x30/0x190
[  134.063627][ T6722]  ? fput+0x70/0xf0
[  134.063645][ T6722]  ? __bpf_prog_get+0xa0/0x290
[  134.063663][ T6722]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  134.063683][ T6722]  __sys_bpf+0x1485/0x4d80
[  134.063727][ T6722]  ? __pfx___sys_bpf+0x10/0x10
[  134.063749][ T6722]  ? ksys_write+0x190/0x240
[  134.063767][ T6722]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  134.063801][ T6722]  ? fput+0x70/0xf0
[  134.063818][ T6722]  ? ksys_write+0x1b9/0x240
[  134.063832][ T6722]  ? __pfx_ksys_write+0x10/0x10
[  134.063850][ T6722]  __ia32_sys_bpf+0x76/0xe0
[  134.063863][ T6722]  __do_fast_syscall_32+0x73/0x120
[  134.063885][ T6722]  do_fast_syscall_32+0x32/0x80
[  134.063906][ T6722]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  134.063923][ T6722] RIP: 0023:0xf7f53579
[  134.063936][ T6722] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  134.063950][ T6722] RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  134.063964][ T6722] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000600
[  134.063973][ T6722] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  134.063982][ T6722] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  134.063990][ T6722] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  134.063998][ T6722] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  134.064023][ T6722]  </TASK>
[  134.193935][ T6729] netlink: 'syz.2.159': attribute type 11 has an invalid length.
[  134.196377][    C1] vkms_vblank_simulate: vblank timer overrun
[  134.211109][ T6730] netlink: 'syz.4.155': attribute type 10 has an invalid length.
[  134.265247][    C1] vkms_vblank_simulate: vblank timer overrun
[  134.302193][ T6730] netlink: 40 bytes leftover after parsing attributes in process `syz.4.155'.
[  134.312219][    C1] vkms_vblank_simulate: vblank timer overrun
[  134.318784][ T6730] dummy0: entered promiscuous mode
[  134.323239][ T6730] bridge0: port 3(dummy0) entered blocking state
[  134.326413][ T6730] bridge0: port 3(dummy0) entered disabled state
[  134.329437][ T6730] dummy0: entered allmulticast mode
[  134.341677][ T6729] netlink: 4 bytes leftover after parsing attributes in process `syz.2.159'.
[  134.371687][ T6730] bridge0: port 3(dummy0) entered blocking state
[  134.374952][ T6730] bridge0: port 3(dummy0) entered forwarding state
[  134.941472][ T6743] kvm: MONITOR instruction emulated as NOP!
[  134.944614][ T6743] FAULT_INJECTION: forcing a failure.
[  134.944614][ T6743] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  134.981041][ T6743] CPU: 2 UID: 0 PID: 6743 Comm: syz.4.162 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
[  134.981064][ T6743] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  134.981073][ T6743] Call Trace:
[  134.981078][ T6743]  <TASK>
[  134.981084][ T6743]  dump_stack_lvl+0x16c/0x1f0
[  134.981110][ T6743]  should_fail_ex+0x512/0x640
[  134.981131][ T6743]  __kvm_read_guest_page+0x16b/0x220
[  134.981157][ T6743]  kvm_fetch_guest_virt+0x128/0x1a0
[  134.981180][ T6743]  __do_insn_fetch_bytes+0x41b/0x6d0
[  134.981202][ T6743]  ? __pfx___do_insn_fetch_bytes+0x10/0x10
[  134.981222][ T6743]  ? init_srcu_struct_nodes+0xc10/0x1060
[  134.981243][ T6743]  ? trace_sched_exit_tp+0xde/0x130
[  134.981261][ T6743]  ? __schedule+0x1186/0x5de0
[  134.981282][ T6743]  x86_decode_insn+0xb90/0x5540
[  134.981303][ T6743]  ? vmx_segment_cache_test_set+0x14b/0x400
[  134.981323][ T6743]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  134.981345][ T6743]  ? __pfx_x86_decode_insn+0x10/0x10
[  134.981358][ T6743]  ? vmx_cache_reg+0x333/0x5e0
[  134.981373][ T6743]  ? kvm_register_read_raw+0xe9/0x240
[  134.981395][ T6743]  ? init_decode_cache+0xd/0x210
[  134.981408][ T6743]  ? init_emulate_ctxt+0x337/0x510
[  134.981420][ T6743]  ? __up_console_sem+0x8f/0xe0
[  134.981468][ T6743]  ? __pfx_init_emulate_ctxt+0x10/0x10
[  134.981487][ T6743]  ? tick_nohz_tick_stopped+0x6c/0xa0
[  134.981503][ T6743]  ? __irq_work_queue_local+0xdb/0x450
[  134.981528][ T6743]  x86_emulate_instruction+0x9b2/0x1a90
[  134.981549][ T6743]  ? __wake_up_klogd.part.0+0x99/0xf0
[  134.981570][ T6743]  ? vprintk_emit+0x1e6/0x6d0
[  134.981586][ T6743]  ? __pfx_vprintk_emit+0x10/0x10
[  134.981599][ T6743]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  134.981621][ T6743]  handle_ud+0x103/0x280
[  134.981640][ T6743]  ? __pfx_handle_ud+0x10/0x10
[  134.981664][ T6743]  ? rcu_is_watching+0x12/0xc0
[  134.981677][ T6743]  ? __vmx_complete_interrupts+0x111/0x4e0
[  134.981696][ T6743]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  134.981717][ T6743]  handle_exception_nmi+0x856/0x1740
[  134.981737][ T6743]  ? __pfx_handle_exception_nmi+0x10/0x10
[  134.981758][ T6743]  vmx_handle_exit+0x6ab/0x1cc0
[  134.981781][ T6743]  vcpu_run+0x304c/0x52d0
[  134.981812][ T6743]  ? __pfx_vcpu_run+0x10/0x10
[  134.981836][ T6743]  ? fpu_swap_kvm_fpstate+0x235/0x4a0
[  134.981855][ T6743]  ? __local_bh_enable_ip+0xa4/0x120
[  134.981878][ T6743]  ? kvm_arch_vcpu_ioctl_run+0x51c/0x18c0
[  134.981899][ T6743]  kvm_arch_vcpu_ioctl_run+0x51c/0x18c0
[  134.981926][ T6743]  kvm_vcpu_ioctl+0x5e9/0x1680
[  134.981951][ T6743]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  134.981980][ T6743]  ? tomoyo_path_number_perm+0x18d/0x580
[  134.981999][ T6743]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  134.982015][ T6743]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  134.982035][ T6743]  ? do_vfs_ioctl+0x512/0x1990
[  134.982057][ T6743]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  134.982096][ T6743]  kvm_vcpu_compat_ioctl+0x20f/0x3d0
[  134.982120][ T6743]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  134.982144][ T6743]  ? __fget_files+0x20e/0x3c0
[  134.982157][ T6743]  ? __fput_deferred+0x300/0x370
[  134.982179][ T6743]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  134.982203][ T6743]  __ia32_compat_sys_ioctl+0x24c/0x360
[  134.982226][ T6743]  __do_fast_syscall_32+0x73/0x120
[  134.982249][ T6743]  do_fast_syscall_32+0x32/0x80
[  134.982270][ T6743]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  134.982288][ T6743] RIP: 0023:0xf7fe5579
[  134.982301][ T6743] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  134.982315][ T6743] RSP: 002b:00000000f510655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  134.982329][ T6743] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[  134.982338][ T6743] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  134.982347][ T6743] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  134.982355][ T6743] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  134.982364][ T6743] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  134.982382][ T6743]  </TASK>
[  135.497585][ T6748] bridge0: port 3(vlan2) entered blocking state
[  135.500602][ T6748] bridge0: port 3(vlan2) entered disabled state
[  135.504431][ T6748] vlan2: entered allmulticast mode
[  135.507127][ T6748] bridge0: entered allmulticast mode
[  135.640607][ T6748] vlan2: left allmulticast mode
[  135.643994][ T6748] bridge0: left allmulticast mode
[  135.647471][    C1] vkms_vblank_simulate: vblank timer overrun
[  135.763237][ T6756] fuse: Bad value for 'rootmode'
[  135.819358][ T6760] netlink: 6 bytes leftover after parsing attributes in process `syz.0.167'.
[  136.247025][ T6769] netlink: 32 bytes leftover after parsing attributes in process `syz.2.166'.
[  136.643463][    C1] vkms_vblank_simulate: vblank timer overrun
[  138.479453][    C1] vkms_vblank_simulate: vblank timer overrun
[  138.485057][ T6814] fuse: Bad value for 'rootmode'
[  138.561776][ T6816] netlink: 6 bytes leftover after parsing attributes in process `syz.4.178'.
[  139.936981][ T6849] netlink: 32 bytes leftover after parsing attributes in process `syz.4.183'.
[  139.979370][ T5957] Bluetooth: hci1: unexpected subevent 0x05 length: 30 > 12
[  139.991419][    C1] vkms_vblank_simulate: vblank timer overrun
[  140.030231][    C1] vkms_vblank_simulate: vblank timer overrun
[  140.355474][    C1] vkms_vblank_simulate: vblank timer overrun
[  141.191533][    C1] vkms_vblank_simulate: vblank timer overrun
[  141.331504][    C1] vkms_vblank_simulate: vblank timer overrun
[  141.579547][    C1] vkms_vblank_simulate: vblank timer overrun
[  141.795459][    C1] vkms_vblank_simulate: vblank timer overrun
[  141.834997][    C1] vkms_vblank_simulate: vblank timer overrun
[  141.914255][    C1] vkms_vblank_simulate: vblank timer overrun
[  142.030571][ T5957] Bluetooth: hci1: command tx timeout
[  142.184151][ T6912] netlink: 'syz.0.197': attribute type 11 has an invalid length.
[  142.219441][ T6912] netlink: 4 bytes leftover after parsing attributes in process `syz.0.197'.
[  142.325012][  T834] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  142.372062][ T6915] input: syz0 as /devices/virtual/input/input9
[  142.415436][    C1] vkms_vblank_simulate: vblank timer overrun
[  142.475234][  T834] usb 7-1: device descriptor read/64, error -71
[  142.764026][  T834] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  142.910346][  T834] usb 7-1: device descriptor read/64, error -71
[  143.037373][  T834] usb usb7-port1: attempt power cycle
[  143.082881][ T6924] netlink: 32 bytes leftover after parsing attributes in process `syz.3.199'.
[  143.269329][    C1] vkms_vblank_simulate: vblank timer overrun
[  143.416782][  T834] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  143.492598][  T834] usb 7-1: device descriptor read/8, error -71
[  143.751883][  T834] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  143.790815][  T834] usb 7-1: device descriptor read/8, error -71
[  143.901707][  T834] usb usb7-port1: unable to enumerate USB device
[  144.487447][    C1] vkms_vblank_simulate: vblank timer overrun
[  144.889260][    C1] vkms_vblank_simulate: vblank timer overrun
[  145.418059][    C1] vkms_vblank_simulate: vblank timer overrun
[  145.563344][    C1] vkms_vblank_simulate: vblank timer overrun
[  145.634809][    C1] vkms_vblank_simulate: vblank timer overrun
[  145.683438][    C1] vkms_vblank_simulate: vblank timer overrun
[  145.698259][ T6955] netlink: 'syz.0.208': attribute type 6 has an invalid length.
[  145.763005][ T6957] netlink: 'syz.4.209': attribute type 11 has an invalid length.
[  145.795143][ T6957] netlink: 4 bytes leftover after parsing attributes in process `syz.4.209'.
[  145.867447][    C1] vkms_vblank_simulate: vblank timer overrun
[  145.947360][ T6960] input: syz0 as /devices/virtual/input/input10
[  146.153781][    C1] vkms_vblank_simulate: vblank timer overrun
[  146.257563][ T6955] netlink: 8 bytes leftover after parsing attributes in process `syz.0.208'.
[  146.258668][ T6955] netlink: 8 bytes leftover after parsing attributes in process `syz.0.208'.
[  147.129516][    C1] vkms_vblank_simulate: vblank timer overrun
[  147.259734][   T76] IPVS: starting estimator thread 0...
[  147.380281][ T6968] IPVS: using max 25 ests per chain, 60000 per kthread
[  147.917074][ T6963] netlink: 32 bytes leftover after parsing attributes in process `syz.3.210'.
[  148.170118][ T6979] netlink: 24 bytes leftover after parsing attributes in process `syz.0.211'.
[  148.175522][ T6979] netlink: 12 bytes leftover after parsing attributes in process `syz.0.211'.
[  148.229420][    C1] vkms_vblank_simulate: vblank timer overrun
[  149.179090][    C1] vkms_vblank_simulate: vblank timer overrun
[  149.285685][    C1] vkms_vblank_simulate: vblank timer overrun
[  150.399358][    C1] vkms_vblank_simulate: vblank timer overrun
[  151.445791][    C1] vkms_vblank_simulate: vblank timer overrun
[  151.535356][    C1] vkms_vblank_simulate: vblank timer overrun
[  151.615341][    C1] vkms_vblank_simulate: vblank timer overrun
[  152.379343][    C1] vkms_vblank_simulate: vblank timer overrun
[  152.513543][    C1] vkms_vblank_simulate: vblank timer overrun
[  152.699345][    C1] vkms_vblank_simulate: vblank timer overrun
[  152.885287][ T7042] fuse: Unknown parameter 'user_i00000000000000000000'
[  152.949335][ T7043] netlink: 6 bytes leftover after parsing attributes in process `syz.4.229'.
[  152.963082][ T7045] netlink: 8 bytes leftover after parsing attributes in process `syz.0.230'.
[  153.172956][ T7049] netlink: 'syz.0.232': attribute type 11 has an invalid length.
[  153.198033][ T7051] netlink: 'syz.3.233': attribute type 10 has an invalid length.
[  153.207275][ T7049] netlink: 4 bytes leftover after parsing attributes in process `syz.0.232'.
[  153.219727][ T7051] 8021q: adding VLAN 0 to HW filter on device batadv0
[  153.227946][ T7051] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  153.262163][ T7051] bond0: entered promiscuous mode
[  153.280685][ T7051] bond_slave_0: entered promiscuous mode
[  153.283824][ T7051] bond_slave_1: entered promiscuous mode
[  153.286258][ T7051] batadv0: entered promiscuous mode
[  153.433769][ T7057] input: syz0 as /devices/virtual/input/input11
[  153.744746][ T7065] netlink: 'syz.2.237': attribute type 58 has an invalid length.
[  153.748697][ T7065] netlink: 20 bytes leftover after parsing attributes in process `syz.2.237'.
[  153.750817][ T7063] usb usb1: usbfs: process 7063 (syz.3.236) did not claim interface 0 before use
[  153.831352][    C1] vkms_vblank_simulate: vblank timer overrun
[  153.871715][ T5957] Bluetooth: hci4: command tx timeout
[  153.963358][    C1] vkms_vblank_simulate: vblank timer overrun
[  154.133028][    C1] vkms_vblank_simulate: vblank timer overrun
[  154.195493][    C1] vkms_vblank_simulate: vblank timer overrun
[  154.319320][    C1] vkms_vblank_simulate: vblank timer overrun
[  154.466967][   T40] kauditd_printk_skb: 1245 callbacks suppressed
[  154.466984][   T40] audit: type=1800 audit(1745250443.758:1258): pid=7067 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.237" name="/" dev="fuse" ino=0 res=0 errno=0
[  154.737159][ T1136] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.127550][ T1136] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.488379][ T1136] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.567230][ T7090] fuse: Unknown parameter 'user_i00000000000000000000'
[  155.589798][ T5963] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  155.594392][ T5963] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  155.597973][ T5963] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  155.620293][ T5963] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  155.646634][ T5963] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  155.690324][ T7092] netlink: 6 bytes leftover after parsing attributes in process `syz.4.246'.
[  155.722127][ T1136] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.834936][ T7086] lo speed is unknown, defaulting to 1000
[  156.103301][    C1] vkms_vblank_simulate: vblank timer overrun
[  156.169483][    C1] vkms_vblank_simulate: vblank timer overrun
[  156.362348][ T7095] futex_wake_op: syz.0.247 tries to shift op by -33; fix this program
[  156.378593][ T1136] bridge_slave_1: left allmulticast mode
[  156.384675][ T1136] bridge_slave_1: left promiscuous mode
[  156.391149][ T1136] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.406502][ T7095] netdevsim netdevsim0: Direct firmware load for .
[  156.406502][ T7095]  failed with error -2
[  156.412816][ T7095] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[  156.412816][ T7095] 
[  156.490842][ T1136] bridge_slave_0: left allmulticast mode
[  156.523468][ T1136] bridge_slave_0: left promiscuous mode
[  156.591130][ T1136] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.593258][  T834] IPVS: starting estimator thread 0...
[  156.692951][ T7104] IPVS: using max 30 ests per chain, 72000 per kthread
[  156.978703][    C1] vkms_vblank_simulate: vblank timer overrun
[  157.078468][    C1] vkms_vblank_simulate: vblank timer overrun
[  157.151304][    C1] vkms_vblank_simulate: vblank timer overrun
[  157.233623][    C1] vkms_vblank_simulate: vblank timer overrun
[  157.370855][ T7117] netlink: 'syz.2.251': attribute type 11 has an invalid length.
[  157.412573][ T7117] netlink: 4 bytes leftover after parsing attributes in process `syz.2.251'.
[  157.576703][ T7120] input: syz0 as /devices/virtual/input/input12
[  157.725489][ T5963] Bluetooth: hci0: command tx timeout
[  157.778954][ T1136] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  157.793110][ T1136] bond_slave_0: left promiscuous mode
[  157.836608][ T1136] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  157.849518][ T1136] bond_slave_1: left promiscuous mode
[  157.855316][ T1136] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  157.862457][ T1136] batadv0: left promiscuous mode
[  157.865937][ T1136] bond0 (unregistering): Released all slaves
[  158.019329][    C1] vkms_vblank_simulate: vblank timer overrun
[  158.317866][ T7086] chnl_net:caif_netlink_parms(): no params data found
[  158.870415][ T7136] 9pnet_fd: p9_fd_create_unix (7136): problem connecting socket: ./file0/file0: -2
[  159.239695][ T7086] bridge0: port 1(bridge_slave_0) entered blocking state
[  159.245310][ T7086] bridge0: port 1(bridge_slave_0) entered disabled state
[  159.307478][ T7143] netlink: 8 bytes leftover after parsing attributes in process `syz.0.253'.
[  159.457192][ T7086] bridge_slave_0: entered allmulticast mode
[  159.461230][ T7086] bridge_slave_0: entered promiscuous mode
[  159.509408][ T7086] bridge0: port 2(bridge_slave_1) entered blocking state
[  159.521452][ T7086] bridge0: port 2(bridge_slave_1) entered disabled state
[  159.535194][ T7086] bridge_slave_1: entered allmulticast mode
[  159.542486][ T7086] bridge_slave_1: entered promiscuous mode
[  159.793581][ T5963] Bluetooth: hci0: command tx timeout
[  160.080433][ T1136] hsr_slave_0: left promiscuous mode
[  160.127420][ T1136] hsr_slave_1: left promiscuous mode
[  160.130480][ T1136] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  160.133728][ T1136] batman_adv: batadv0: Removing interface: batadv_slave_0
[  160.138443][ T1136] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  160.142309][ T1136] batman_adv: batadv0: Removing interface: batadv_slave_1
[  160.146911][ T7155] fuse: Unknown parameter 'user_i00000000000000000000'
[  160.226341][ T1136] veth1_macvtap: left promiscuous mode
[  160.238082][ T7157] netlink: 6 bytes leftover after parsing attributes in process `syz.4.255'.
[  160.242672][ T1136] veth0_macvtap: left promiscuous mode
[  160.246116][ T1136] veth1_vlan: left promiscuous mode
[  160.249174][ T1136] veth0_vlan: left promiscuous mode
[  161.870297][ T5963] Bluetooth: hci0: command tx timeout
[  161.905029][    C1] vkms_vblank_simulate: vblank timer overrun
[  162.451284][    C1] vkms_vblank_simulate: vblank timer overrun
[  162.751090][ T7174] netlink: 32 bytes leftover after parsing attributes in process `syz.2.259'.
[  163.283235][    C1] vkms_vblank_simulate: vblank timer overrun
[  163.661506][ T7181] netlink: 'syz.0.261': attribute type 11 has an invalid length.
[  163.700512][    C1] vkms_vblank_simulate: vblank timer overrun
[  163.719835][ T7181] netlink: 4 bytes leftover after parsing attributes in process `syz.0.261'.
[  163.776287][    C1] vkms_vblank_simulate: vblank timer overrun
[  163.834685][ T1136] team0 (unregistering): Port device team_slave_1 removed
[  163.928952][ T7184] input: syz0 as /devices/virtual/input/input13
[  163.950518][ T5963] Bluetooth: hci0: command tx timeout
[  164.095514][ T1136] team0 (unregistering): Port device team_slave_0 removed
[  164.201429][    C1] vkms_vblank_simulate: vblank timer overrun
[  164.268008][    C1] vkms_vblank_simulate: vblank timer overrun
[  164.339351][    C1] vkms_vblank_simulate: vblank timer overrun
[  165.685079][ T7186] netlink: 'syz.0.262': attribute type 3 has an invalid length.
[  165.687697][ T7186] netlink: 8 bytes leftover after parsing attributes in process `syz.0.262'.
[  166.238949][ T7086] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  166.382630][ T7086] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  166.578761][ T7086] team0: Port device team_slave_0 added
[  166.584138][ T7086] team0: Port device team_slave_1 added
[  166.883196][ T7086] batman_adv: batadv0: Adding interface: batadv_slave_0
[  166.905359][ T7086] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  166.931053][ T7086] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  167.050361][ T7086] batman_adv: batadv0: Adding interface: batadv_slave_1
[  167.059547][ T7210] random: crng reseeded on system resumption
[  167.065998][ T7086] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  167.122207][ T7086] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  167.607549][ T7211] netlink: 8 bytes leftover after parsing attributes in process `syz.0.266'.
[  167.615145][ T7211] netlink: 24 bytes leftover after parsing attributes in process `syz.0.266'.
[  167.736475][ T7086] hsr_slave_0: entered promiscuous mode
[  167.741145][ T7086] hsr_slave_1: entered promiscuous mode
[  167.745338][ T7086] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  167.752697][ T7086] Cannot create hsr debugfs directory
[  168.286123][ T7227] netlink: 'syz.0.269': attribute type 11 has an invalid length.
[  168.363110][ T7227] netlink: 4 bytes leftover after parsing attributes in process `syz.0.269'.
[  168.431238][    C0] vkms_vblank_simulate: vblank timer overrun
[  168.577712][   T57] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  168.596993][ T7086] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  168.627746][ T7086] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  168.637879][ T7231] input: syz0 as /devices/virtual/input/input14
[  168.667750][ T7086] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  168.692674][ T7086] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  168.704577][    C0] vkms_vblank_simulate: vblank timer overrun
[  168.763624][    C0] vkms_vblank_simulate: vblank timer overrun
[  168.834998][   T57] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  168.859567][   T57] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  168.905715][   T57] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  168.911160][    C0] vkms_vblank_simulate: vblank timer overrun
[  168.911634][   T57] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.946139][ T7224] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  168.971340][   T57] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  168.984455][ T7086] 8021q: adding VLAN 0 to HW filter on device bond0
[  169.082480][ T7086] 8021q: adding VLAN 0 to HW filter on device team0
[  169.122658][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  169.138161][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  169.196408][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  169.209684][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  169.335239][    C0] vkms_vblank_simulate: vblank timer overrun
[  169.342137][ T6021] usb 7-1: USB disconnect, device number 6
[  169.455143][    C0] vkms_vblank_simulate: vblank timer overrun
[  169.756277][    C0] vkms_vblank_simulate: vblank timer overrun
[  169.792916][ T7086] 8021q: adding VLAN 0 to HW filter on device batadv0
[  170.394594][ T7257] netlink: 24 bytes leftover after parsing attributes in process `syz.4.270'.
[  170.400683][ T7257] netlink: 12 bytes leftover after parsing attributes in process `syz.4.270'.
[  170.609419][ T7086] veth0_vlan: entered promiscuous mode
[  170.619220][ T7086] veth1_vlan: entered promiscuous mode
[  170.651577][ T7086] veth0_macvtap: entered promiscuous mode
[  170.666459][ T7086] veth1_macvtap: entered promiscuous mode
[  170.704898][ T7086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  170.720316][ T7086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  170.725297][ T7086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  170.750214][ T7086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  170.756647][ T7086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  170.773163][ T7086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  170.797578][ T7086] batman_adv: batadv0: Interface activated: batadv_slave_0
[  170.816603][ T7086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  170.826791][ T7086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  170.835531][ T7086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  170.840014][ T7086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  170.852294][ T7086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  170.885430][ T7086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  170.892792][ T7086] batman_adv: batadv0: Interface activated: batadv_slave_1
[  170.896842][ T7275] fuse: Unknown parameter 'user_id00000000000000000000'
[  170.916997][ T7086] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  170.924701][ T7086] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  170.929981][ T7086] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  170.936586][ T7086] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  170.960844][ T7269] netfs: Duplicate cookie detected
[  170.964946][ T7269] netfs: O-cookie c=00000006 [fl=5088 na=1 nA=0 s=-]
[  170.968741][ T7269] netfs: O-cookie V=00000005 [9p,syz,]
[  170.980321][ T7276] netlink: 6 bytes leftover after parsing attributes in process `syz.2.271'.
[  170.986883][ T7269] netfs: O-key=[8] '6001320200000000'
[  170.986920][ T7269] netfs: N-cookie c=00000008 [fl=8 na=0 nA=0 s=-]
[  170.986934][ T7269] netfs: N-cookie V=00000005 [9p,syz,]
[  170.986945][ T7269] netfs: N-key=[8] '6001320200000000'
[  171.195911][ T1228] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  171.203912][ T1228] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  171.292265][ T1135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  171.298215][ T1135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  171.427163][    C0] vkms_vblank_simulate: vblank timer overrun
[  171.491149][    C0] vkms_vblank_simulate: vblank timer overrun
[  171.869408][ T7292] netlink: 8 bytes leftover after parsing attributes in process `syz.4.274'.
[  171.875911][ T7292] netlink: 8 bytes leftover after parsing attributes in process `syz.4.274'.
[  172.355485][ T5963] Bluetooth: hci4: unexpected subevent 0x05 length: 30 > 12
[  173.270533][ T7326] netlink: 288 bytes leftover after parsing attributes in process `syz.2.281'.
[  173.591168][ T7328] netlink: 32 bytes leftover after parsing attributes in process `syz.0.282'.
[  173.920783][ T7335] fuse: Unknown parameter 'user_id00000000000000000000'
[  173.993865][ T7337] netlink: 6 bytes leftover after parsing attributes in process `syz.2.284'.
[  174.020228][ T6021] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  174.190602][ T6021] usb 10-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  174.195392][ T6021] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  174.198942][ T6021] usb 10-1: Product: syz
[  174.227285][ T6021] usb 10-1: Manufacturer: syz
[  174.229993][ T6021] usb 10-1: SerialNumber: syz
[  174.236315][ T6021] usb 10-1: config 0 descriptor??
[  174.440266][ T5963] Bluetooth: hci4: command tx timeout
[  174.509377][  T834] usb 10-1: USB disconnect, device number 2
[  174.655113][ T7334] netlink: 32 bytes leftover after parsing attributes in process `syz.4.285'.
[  174.779142][    C0] vkms_vblank_simulate: vblank timer overrun
[  174.871115][    C0] vkms_vblank_simulate: vblank timer overrun
[  175.389559][ T7345] netlink: 8 bytes leftover after parsing attributes in process `syz.2.288'.
[  175.404345][ T7345] netlink: 8 bytes leftover after parsing attributes in process `syz.2.288'.
[  175.425025][ T7346] netlink: 'syz.0.287': attribute type 11 has an invalid length.
[  175.443152][    C0] vkms_vblank_simulate: vblank timer overrun
[  175.730629][ T7351] input: syz0 as /devices/virtual/input/input15
[  175.990592][    C0] vkms_vblank_simulate: vblank timer overrun
[  177.331087][    C0] vkms_vblank_simulate: vblank timer overrun
[  177.447139][    C0] vkms_vblank_simulate: vblank timer overrun
[  177.883105][    C0] vkms_vblank_simulate: vblank timer overrun
[  178.074404][    C0] vkms_vblank_simulate: vblank timer overrun
[  179.299124][    C0] vkms_vblank_simulate: vblank timer overrun
[  179.745800][    C0] vkms_vblank_simulate: vblank timer overrun
[  180.152814][ T7377] fuse: Unknown parameter 'user_id00000000000000000000'
[  180.229029][ T7382] netlink: 6 bytes leftover after parsing attributes in process `syz.0.294'.
[  180.367070][    C0] vkms_vblank_simulate: vblank timer overrun
[  180.464131][ T6021] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  180.545098][ T5968] Bluetooth: hci2: command 0x0406 tx timeout
[  180.548310][ T5968] Bluetooth: hci3: command 0x0406 tx timeout
[  180.627631][ T7390] netlink: 288 bytes leftover after parsing attributes in process `syz.5.293'.
[  180.729726][ T6021] usb 7-1: config 0 has no interfaces?
[  180.734400][ T6021] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  180.744690][ T6021] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.748427][ T6021] usb 7-1: Product: syz
[  180.769667][ T6021] usb 7-1: Manufacturer: syz
[  180.773245][ T6021] usb 7-1: SerialNumber: syz
[  180.786984][ T6021] usb 7-1: config 0 descriptor??
[  180.923453][ T7402] netlink: 32 bytes leftover after parsing attributes in process `syz.4.298'.
[  180.940072][ T7403] netlink: 'syz.5.299': attribute type 11 has an invalid length.
[  181.040306][ T7403] netlink: 4 bytes leftover after parsing attributes in process `syz.5.299'.
[  181.077113][    C0] vkms_vblank_simulate: vblank timer overrun
[  181.110992][ T7403] input: syz0 as /devices/virtual/input/input16
[  182.063046][ T7423] loop2: detected capacity change from 0 to 7
[  182.068594][ T7423] Dev loop2: unable to read RDB block 7
[  182.072124][ T7423]  loop2: unable to read partition table
[  182.100327][ T7423] loop2: partition table beyond EOD, truncated
[  182.114987][ T7423] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  182.132732][   T40] audit: type=1326 audit(1745250471.428:1259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7419 comm="syz.4.302" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x0
[  182.515032][ T7429] netlink: 32 bytes leftover after parsing attributes in process `syz.5.304'.
[  183.789875][ T1015] usb 7-1: USB disconnect, device number 7
[  184.030325][ T5957] Bluetooth: hci0: command tx timeout
[  184.246744][ T7471] fuse: Bad value for 'fd'
[  184.310801][    C1] vkms_vblank_simulate: vblank timer overrun
[  184.531922][ T7472] netlink: 6 bytes leftover after parsing attributes in process `syz.4.308'.
[  184.828389][ T7479] netlink: 'syz.0.309': attribute type 11 has an invalid length.
[  184.888347][ T7479] netlink: 4 bytes leftover after parsing attributes in process `syz.0.309'.
[  184.942533][ T7479] input: syz0 as /devices/virtual/input/input17
[  185.641026][    C1] vkms_vblank_simulate: vblank timer overrun
[  185.727159][    C1] vkms_vblank_simulate: vblank timer overrun
[  185.779735][    C1] vkms_vblank_simulate: vblank timer overrun
[  185.793394][ T7498] netlink: 32 bytes leftover after parsing attributes in process `syz.4.310'.
[  186.007642][    C1] vkms_vblank_simulate: vblank timer overrun
[  186.179246][ T7504] 9pnet: p9_errstr2errno: server reported unknown error í<j
[  186.239068][    C1] vkms_vblank_simulate: vblank timer overrun
[  186.954988][    C1] vkms_vblank_simulate: vblank timer overrun
[  187.413651][ T7526] fuse: Bad value for 'fd'
[  187.480823][ T7527] netlink: 6 bytes leftover after parsing attributes in process `syz.5.319'.
[  187.671003][    C1] vkms_vblank_simulate: vblank timer overrun
[  188.046967][    C1] vkms_vblank_simulate: vblank timer overrun
[  188.135026][    C1] vkms_vblank_simulate: vblank timer overrun
[  190.455035][    C1] vkms_vblank_simulate: vblank timer overrun
[  190.805382][    C1] vkms_vblank_simulate: vblank timer overrun
[  191.106988][    C1] vkms_vblank_simulate: vblank timer overrun
[  191.347071][    C1] vkms_vblank_simulate: vblank timer overrun
[  191.593786][    C1] vkms_vblank_simulate: vblank timer overrun
[  191.657193][    C1] vkms_vblank_simulate: vblank timer overrun
[  191.838487][    C1] vkms_vblank_simulate: vblank timer overrun
[  192.554886][ T7574] netlink: 'syz.2.328': attribute type 11 has an invalid length.
[  192.697903][ T7574] netlink: 4 bytes leftover after parsing attributes in process `syz.2.328'.
[  192.770321][ T6021] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  192.853249][    C1] vkms_vblank_simulate: vblank timer overrun
[  192.923049][ T6021] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  192.928076][ T6021] usb 10-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  192.952664][ T6021] usb 10-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  192.957216][ T6021] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.976316][ T7570] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  192.991066][ T6021] usb 10-1: Quirk or no altset; falling back to MIDI 1.0
[  193.163918][ T7574] input: syz0 as /devices/virtual/input/input18
[  193.267499][  T834] usb 10-1: USB disconnect, device number 3
[  193.738324][    C1] vkms_vblank_simulate: vblank timer overrun
[  193.872038][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  193.875018][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  194.241232][    C1] vkms_vblank_simulate: vblank timer overrun
[  194.538108][    C1] vkms_vblank_simulate: vblank timer overrun
[  194.862935][    C1] vkms_vblank_simulate: vblank timer overrun
[  194.930322][    C1] vkms_vblank_simulate: vblank timer overrun
[  195.026947][    C1] vkms_vblank_simulate: vblank timer overrun
[  195.417720][ T7600] evm: overlay not supported
[  195.660376][ T7592] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  195.663728][ T7592] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  195.688446][ T7592] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  195.694478][ T7592] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  195.746884][ T7592] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  195.749584][ T7592] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  195.844035][ T7592] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  195.958269][ T5957] Bluetooth: hci3: unexpected subevent 0x05 length: 30 > 12
[  196.039845][    C1] vkms_vblank_simulate: vblank timer overrun
[  196.062509][   T40] audit: type=1326 audit(1745250485.348:1260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7609 comm="syz.0.339" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000
[  196.084293][   T40] audit: type=1326 audit(1745250485.348:1261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7609 comm="syz.0.339" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000
[  196.102496][   T40] audit: type=1326 audit(1745250485.348:1262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7609 comm="syz.0.339" exe="/syz-executor" sig=0 arch=40000003 syscall=163 compat=1 ip=0xf710e579 code=0x7ffc0000
[  196.112760][   T40] audit: type=1326 audit(1745250485.348:1263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7609 comm="syz.0.339" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000
[  196.128157][   T40] audit: type=1326 audit(1745250485.348:1264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7609 comm="syz.0.339" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000
[  196.138278][   T40] audit: type=1326 audit(1745250485.388:1265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7609 comm="syz.0.339" exe="/syz-executor" sig=0 arch=40000003 syscall=241 compat=1 ip=0xf710e579 code=0x7ffc0000
[  196.148999][   T40] audit: type=1326 audit(1745250485.388:1266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7609 comm="syz.0.339" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000
[  196.174328][   T40] audit: type=1326 audit(1745250485.388:1267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7609 comm="syz.0.339" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000
[  196.183458][   T40] audit: type=1326 audit(1745250485.398:1268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7609 comm="syz.0.339" exe="/syz-executor" sig=0 arch=40000003 syscall=156 compat=1 ip=0xf710e579 code=0x7ffc0000
[  196.208216][   T40] audit: type=1326 audit(1745250485.398:1269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7609 comm="syz.0.339" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000
[  196.616910][   T63] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.633893][ T7618] netlink: 16 bytes leftover after parsing attributes in process `syz.2.340'.
[  196.729470][ T7624] netlink: 44 bytes leftover after parsing attributes in process `syz.4.342'.
[  196.762081][ T7624] netlink: 43 bytes leftover after parsing attributes in process `syz.4.342'.
[  196.766929][ T7624] netlink: 'syz.4.342': attribute type 6 has an invalid length.
[  196.774345][ T7624] netlink: 'syz.4.342': attribute type 5 has an invalid length.
[  196.778948][ T7624] netlink: 43 bytes leftover after parsing attributes in process `syz.4.342'.
[  196.900834][ T7624] netlink: 'syz.4.342': attribute type 10 has an invalid length.
[  196.905595][ T7624] netlink: 40 bytes leftover after parsing attributes in process `syz.4.342'.
[  196.918722][   T63] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.979057][ T7628] openvswitch: netlink: Message has 8 unknown bytes.
[  197.058715][ T5963] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  197.065822][ T5963] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  197.080145][ T5963] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  197.081626][ T5964] Bluetooth: hci2: command 0x0406 tx timeout
[  197.085354][ T5963] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  197.089746][ T5963] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  197.133986][ T7624] team0: Port device geneve0 added
[  197.261454][   T63] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.312867][ T7629] lo speed is unknown, defaulting to 1000
[  197.372080][ T7634] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  197.376931][ T7634] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  197.541733][   T63] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.720242][ T5963] Bluetooth: hci3: command 0x0406 tx timeout
[  197.791003][ T5963] Bluetooth: hci4: command 0x0c1a tx timeout
[  198.251144][ T5963] Bluetooth: hci4: unexpected subevent 0x05 length: 30 > 12
[  198.365123][   T63] bridge_slave_1: left allmulticast mode
[  198.367668][   T63] bridge_slave_1: left promiscuous mode
[  198.370719][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.455700][   T63] bridge_slave_0: left allmulticast mode
[  198.458943][   T63] bridge_slave_0: left promiscuous mode
[  198.464090][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.739278][    C1] vkms_vblank_simulate: vblank timer overrun
[  199.026937][    C1] vkms_vblank_simulate: vblank timer overrun
[  199.160162][ T5963] Bluetooth: hci2: command 0x0406 tx timeout
[  199.165443][ T5963] Bluetooth: hci0: command tx timeout
[  199.177598][ T7678] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  199.238276][    C1] vkms_vblank_simulate: vblank timer overrun
[  199.790336][ T5957] Bluetooth: hci3: command 0x0406 tx timeout
[  199.818555][   T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  199.883710][ T5957] Bluetooth: hci4: command 0x0c1a tx timeout
[  200.057490][ T1141] Bluetooth: Error in BCSP hdr checksum
[  200.113507][ T1137] Bluetooth: Error in BCSP hdr checksum
[  200.176416][   T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  200.279272][   T63] bond0 (unregistering): Released all slaves
[  200.297183][ T7629] chnl_net:caif_netlink_parms(): no params data found
[  200.377343][ T1228] Bluetooth: Error in BCSP hdr checksum
[  200.638931][    C1] vkms_vblank_simulate: vblank timer overrun
[  200.644283][   T12] Bluetooth: Error in BCSP hdr checksum
[  200.910871][ T7629] bridge0: port 1(bridge_slave_0) entered blocking state
[  200.914291][ T7629] bridge0: port 1(bridge_slave_0) entered disabled state
[  200.917359][ T7629] bridge_slave_0: entered allmulticast mode
[  200.921581][ T7629] bridge_slave_0: entered promiscuous mode
[  200.938727][ T7629] bridge0: port 2(bridge_slave_1) entered blocking state
[  200.942340][ T7629] bridge0: port 2(bridge_slave_1) entered disabled state
[  200.954496][ T7629] bridge_slave_1: entered allmulticast mode
[  200.958973][ T7629] bridge_slave_1: entered promiscuous mode
[  201.250225][ T5957] Bluetooth: hci0: command tx timeout
[  201.267447][ T5957] Bluetooth: hci2: unexpected subevent 0x05 length: 30 > 12
[  201.355350][    C1] vkms_vblank_simulate: vblank timer overrun
[  201.464007][ T7629] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  201.473033][ T7629] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  201.580898][ T7629] team0: Port device team_slave_0 added
[  201.630184][ T5957] Bluetooth: hci1: command 0x1003 tx timeout
[  201.630308][ T5963] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  201.642454][ T7629] team0: Port device team_slave_1 added
[  201.821033][    C1] vkms_vblank_simulate: vblank timer overrun
[  201.831368][ T7629] batman_adv: batadv0: Adding interface: batadv_slave_0
[  201.849994][ T7629] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  201.878675][ T7629] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  201.886341][ T5963] Bluetooth: hci3: command 0x0406 tx timeout
[  201.942696][ T7629] batman_adv: batadv0: Adding interface: batadv_slave_1
[  201.959911][ T7629] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  201.960198][ T5963] Bluetooth: hci4: command 0x0c1a tx timeout
[  201.973437][ T7629] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  202.194460][    C1] vkms_vblank_simulate: vblank timer overrun
[  202.234962][   T63] hsr_slave_0: left promiscuous mode
[  202.239203][   T63] hsr_slave_1: left promiscuous mode
[  202.243479][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  202.247575][   T63] batman_adv: batadv0: Removing interface: batadv_slave_0
[  202.267498][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  202.273836][   T63] batman_adv: batadv0: Removing interface: batadv_slave_1
[  202.357194][   T63] veth1_macvtap: left promiscuous mode
[  202.368140][   T63] veth0_macvtap: left promiscuous mode
[  202.378854][   T63] veth1_vlan: left promiscuous mode
[  202.383134][   T63] veth0_vlan: left promiscuous mode
[  203.337230][ T5963] Bluetooth: hci2: command 0x0406 tx timeout
[  203.337280][ T5957] Bluetooth: hci0: command tx timeout
[  203.838886][    C1] vkms_vblank_simulate: vblank timer overrun
[  203.890410][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.060300][ T5957] Bluetooth: hci4: command 0x0c1a tx timeout
[  204.070855][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.046949][   T63] team0 (unregistering): Port device team_slave_1 removed
[  205.098849][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.359167][    C1] vkms_vblank_simulate: vblank timer overrun
[  205.380083][   T63] team0 (unregistering): Port device team_slave_0 removed
[  205.400575][ T5957] Bluetooth: hci0: command tx timeout
[  206.036981][    C1] vkms_vblank_simulate: vblank timer overrun
[  206.174938][    C1] vkms_vblank_simulate: vblank timer overrun
[  206.778930][    C1] vkms_vblank_simulate: vblank timer overrun
[  207.569364][ T5957] Bluetooth: hci3: unexpected subevent 0x05 length: 30 > 12
[  207.607240][ T7629] hsr_slave_0: entered promiscuous mode
[  207.610755][ T7629] hsr_slave_1: entered promiscuous mode
[  207.613846][ T7629] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  207.638519][ T7629] Cannot create hsr debugfs directory
[  207.847503][ T7774] netlink: 32 bytes leftover after parsing attributes in process `syz.0.364'.
[  207.920204][    C1] vkms_vblank_simulate: vblank timer overrun
[  209.460246][  T834] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  209.620972][  T834] usb 5-1: device descriptor read/64, error -71
[  209.633886][ T5957] Bluetooth: hci3: command 0x0406 tx timeout
[  209.902814][    C2] vkms_vblank_simulate: vblank timer overrun
[  209.905956][  T834] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  210.090427][  T834] usb 5-1: device descriptor read/64, error -71
[  210.239070][  T834] usb usb5-port1: attempt power cycle
[  210.533743][ T7629] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  210.557803][ T7629] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  210.583618][  T834] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  210.603470][  T834] usb 5-1: device descriptor read/8, error -71
[  210.677796][ T5957] Bluetooth: hci3: ACL packet for unknown connection handle 969
[  210.708731][ T7629] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  210.738089][ T7629] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  210.753865][    C2] vkms_vblank_simulate: vblank timer overrun
[  210.844628][  T834] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  210.870951][  T834] usb 5-1: device descriptor read/8, error -71
[  210.982738][  T834] usb usb5-port1: unable to enumerate USB device
[  211.038524][ T7629] 8021q: adding VLAN 0 to HW filter on device bond0
[  211.092662][ T7629] 8021q: adding VLAN 0 to HW filter on device team0
[  211.124262][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.127667][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state
[  211.136827][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.139852][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state
[  211.160143][ T7629] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  211.165055][ T7629] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  211.546967][ T7629] 8021q: adding VLAN 0 to HW filter on device batadv0
[  212.072239][ T7629] veth0_vlan: entered promiscuous mode
[  212.157350][ T7629] veth1_vlan: entered promiscuous mode
[  212.224272][    C2] vkms_vblank_simulate: vblank timer overrun
[  212.291094][ T7629] veth0_macvtap: entered promiscuous mode
[  212.327466][ T7629] veth1_macvtap: entered promiscuous mode
[  212.347853][ T5957] Bluetooth: hci4: unexpected subevent 0x05 length: 30 > 12
[  212.348976][ T7629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  212.355578][ T7629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.358981][ T7629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  212.363375][ T7629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.368010][ T7629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  212.399605][ T7629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.411494][ T7629] batman_adv: batadv0: Interface activated: batadv_slave_0
[  212.421575][ T7629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  212.427238][ T7629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.439285][ T7629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  212.449607][ T7629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.453457][ T7629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  212.458105][ T7629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.476286][ T7629] batman_adv: batadv0: Interface activated: batadv_slave_1
[  212.493459][ T7629] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  212.497911][ T7629] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  212.501765][ T7629] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  212.506531][ T7629] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  212.613792][ T7879] vlan2: entered allmulticast mode
[  212.615918][ T7879] bond0: entered allmulticast mode
[  212.633495][ T7879] bond_slave_0: entered allmulticast mode
[  212.637332][ T7879] bond_slave_1: entered allmulticast mode
[  212.878608][ T1135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  212.887805][ T1135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  212.972136][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  212.977161][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  213.070174][ T6000] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  213.226298][ T6000] usb 9-1: device descriptor read/64, error -71
[  213.312657][ T7900] netlink: 32 bytes leftover after parsing attributes in process `syz.0.385'.
[  213.503890][ T6000] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  213.574747][    C2] vkms_vblank_simulate: vblank timer overrun
[  213.670220][ T6000] usb 9-1: device descriptor read/64, error -71
[  213.781599][ T6000] usb usb9-port1: attempt power cycle
[  214.153571][ T6000] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  214.181502][ T6000] usb 9-1: device descriptor read/8, error -71
[  214.350312][ T5957] Bluetooth: hci4: command 0x0c1a tx timeout
[  214.858882][ T6000] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  214.877348][ T6000] usb 9-1: device descriptor read/8, error -71
[  214.923288][ T1135] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  215.003125][ T6000] usb usb9-port1: unable to enumerate USB device
[  215.348316][ T5968] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  215.367371][ T5968] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  215.376237][ T5968] Bluetooth: hci2: unexpected subevent 0x05 length: 30 > 12
[  215.377855][ T5957] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  215.393038][ T5957] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  215.398951][ T5957] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  215.535816][ T7916] lo speed is unknown, defaulting to 1000
[  215.861107][ T1135] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  215.883930][ T7916] chnl_net:caif_netlink_parms(): no params data found
[  216.017153][ T1135] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  216.301501][ T1135] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  216.370288][ T7916] bridge0: port 1(bridge_slave_0) entered blocking state
[  216.390228][ T7916] bridge0: port 1(bridge_slave_0) entered disabled state
[  216.418035][ T7940] netlink: 32 bytes leftover after parsing attributes in process `syz.0.403'.
[  216.449889][ T7916] bridge_slave_0: entered allmulticast mode
[  216.496669][ T7916] bridge_slave_0: entered promiscuous mode
[  216.532224][ T7916] bridge0: port 2(bridge_slave_1) entered blocking state
[  216.539043][ T7916] bridge0: port 2(bridge_slave_1) entered disabled state
[  216.550512][ T7916] bridge_slave_1: entered allmulticast mode
[  216.561975][ T7916] bridge_slave_1: entered promiscuous mode
[  216.904428][ T7916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  216.961953][ T7916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  217.372728][ T7916] team0: Port device team_slave_0 added
[  217.378690][ T7916] team0: Port device team_slave_1 added
[  217.402021][ T5964] Bluetooth: hci2: command 0x0406 tx timeout
[  217.483487][ T5964] Bluetooth: hci0: command tx timeout
[  217.678745][ T5964] Bluetooth: hci2: unexpected subevent 0x05 length: 30 > 12
[  217.727777][ T1135] bridge_slave_1: left allmulticast mode
[  217.731475][ T1135] bridge_slave_1: left promiscuous mode
[  217.733839][ T1135] bridge0: port 2(bridge_slave_1) entered disabled state
[  217.774242][ T1135] bridge_slave_0: left allmulticast mode
[  217.777951][ T1135] bridge_slave_0: left promiscuous mode
[  217.782967][ T1135] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.766183][ T1135] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  218.772163][ T1135] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  218.792113][ T1135] bond0 (unregistering): Released all slaves
[  218.844537][ T7916] batman_adv: batadv0: Adding interface: batadv_slave_0
[  218.848060][ T7916] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  218.859934][ T7916] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  218.924913][ T7916] batman_adv: batadv0: Adding interface: batadv_slave_1
[  218.927785][ T7916] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  218.940924][ T7916] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  219.175952][ T7916] hsr_slave_0: entered promiscuous mode
[  219.183324][ T7916] hsr_slave_1: entered promiscuous mode
[  219.187529][ T7916] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  219.199681][ T7916] Cannot create hsr debugfs directory
[  219.583502][ T5964] Bluetooth: hci0: command tx timeout
[  219.723291][ T5964] Bluetooth: hci2: command 0x0406 tx timeout
[  219.726833][    C1] vkms_vblank_simulate: vblank timer overrun
[  219.823916][    C1] vkms_vblank_simulate: vblank timer overrun
[  219.857746][ T7954] netlink: 32 bytes leftover after parsing attributes in process `syz.0.408'.
[  220.590703][    C1] vkms_vblank_simulate: vblank timer overrun
[  220.665311][ T1135] hsr_slave_0: left promiscuous mode
[  220.668233][ T1135] hsr_slave_1: left promiscuous mode
[  220.671108][ T1135] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  220.688972][ T1135] batman_adv: batadv0: Removing interface: batadv_slave_0
[  220.696984][ T1135] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  220.720393][ T1135] batman_adv: batadv0: Removing interface: batadv_slave_1
[  220.774093][    C1] vkms_vblank_simulate: vblank timer overrun
[  220.843685][ T1135] veth1_macvtap: left promiscuous mode
[  220.846878][ T1135] veth0_macvtap: left promiscuous mode
[  220.850850][ T1135] veth1_vlan: left promiscuous mode
[  220.854209][ T1135] veth0_vlan: left promiscuous mode
[  220.970637][    C1] vkms_vblank_simulate: vblank timer overrun
[  221.636426][ T5964] Bluetooth: hci0: command tx timeout
[  222.910221][   T64] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  223.070224][   T64] usb 5-1: Using ep0 maxpacket: 16
[  223.078219][   T64] usb 5-1: config 0 has no interfaces?
[  223.085428][   T64] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  223.099615][   T64] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  223.107523][   T64] usb 5-1: SerialNumber: syz
[  223.114487][   T64] usb 5-1: config 0 descriptor??
[  223.366939][    C1] vkms_vblank_simulate: vblank timer overrun
[  223.394185][   T64] usb 5-1: USB disconnect, device number 6
[  223.525743][ T1135] team0 (unregistering): Port device team_slave_1 removed
[  223.710241][ T5964] Bluetooth: hci0: command tx timeout
[  223.798799][ T1135] team0 (unregistering): Port device team_slave_0 removed
[  225.595749][    C1] vkms_vblank_simulate: vblank timer overrun
[  225.922485][    C1] vkms_vblank_simulate: vblank timer overrun
[  227.177042][ T8012] netlink: 32 bytes leftover after parsing attributes in process `syz.0.407'.
[  227.338691][    C1] vkms_vblank_simulate: vblank timer overrun
[  227.439094][ T7916] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  227.455669][ T7916] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  227.491173][ T7916] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  227.508204][ T7916] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  227.828400][ T7916] 8021q: adding VLAN 0 to HW filter on device bond0
[  227.887199][ T7916] 8021q: adding VLAN 0 to HW filter on device team0
[  227.956708][ T1228] bridge0: port 1(bridge_slave_0) entered blocking state
[  227.969911][ T1228] bridge0: port 1(bridge_slave_0) entered forwarding state
[  227.989725][ T1228] bridge0: port 2(bridge_slave_1) entered blocking state
[  227.992962][ T1228] bridge0: port 2(bridge_slave_1) entered forwarding state
[  228.240443][    C1] vkms_vblank_simulate: vblank timer overrun
[  228.262424][ T8043] netlink: 4 bytes leftover after parsing attributes in process `syz.0.412'.
[  228.439559][ T7916] 8021q: adding VLAN 0 to HW filter on device batadv0
[  228.707993][ T7916] veth0_vlan: entered promiscuous mode
[  228.717581][ T7916] veth1_vlan: entered promiscuous mode
[  228.765131][ T7916] veth0_macvtap: entered promiscuous mode
[  228.775274][ T7916] veth1_macvtap: entered promiscuous mode
[  228.792200][ T7916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.808378][ T7916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.813845][ T7916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.829047][ T7916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.836718][ T7916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.861908][ T7916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.920800][ T7916] batman_adv: batadv0: Interface activated: batadv_slave_0
[  228.967740][ T7916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  228.987229][ T7916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.999930][ T7916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  229.031835][ T7916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.050429][ T7916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  229.061870][ T7916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.108418][ T7916] batman_adv: batadv0: Interface activated: batadv_slave_1
[  229.134555][ T7916] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  229.138317][ T7916] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  229.141769][ T7916] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  229.158750][ T7916] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  229.233593][ T8056] lo speed is unknown, defaulting to 1000
[  229.238700][    C1] vkms_vblank_simulate: vblank timer overrun
[  229.355087][   T40] kauditd_printk_skb: 9 callbacks suppressed
[  229.355163][   T40] audit: type=1326 audit(1745250518.638:1279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8055 comm="syz.4.414" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe5579 code=0x0
[  229.557172][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  229.562681][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  229.581915][   T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  229.601959][   T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  231.478664][    C1] vkms_vblank_simulate: vblank timer overrun
[  232.058626][    C1] vkms_vblank_simulate: vblank timer overrun
[  232.246637][    C1] vkms_vblank_simulate: vblank timer overrun
[  232.575345][ T8087] netlink: 168 bytes leftover after parsing attributes in process `syz.2.422'.
[  232.724283][ T8091] netlink: 32 bytes leftover after parsing attributes in process `syz.4.420'.
[  233.740826][ T6021] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  233.831311][ T1228] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  233.932456][ T6021] usb 9-1: too many configurations: 9, using maximum allowed: 8
[  233.938505][ T6021] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  233.945849][ T6021] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  233.954249][ T6021] usb 9-1: config 0 interface 0 has no altsetting 0
[  233.962029][ T6021] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  233.980533][ T6021] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  233.988222][ T6021] usb 9-1: config 0 interface 0 has no altsetting 0
[  234.005158][ T6021] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  234.012294][ T6021] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  234.030554][ T6021] usb 9-1: config 0 interface 0 has no altsetting 0
[  234.040699][ T6021] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  234.046444][ T6021] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  234.064678][ T6021] usb 9-1: config 0 interface 0 has no altsetting 0
[  234.077141][ T6021] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  234.082931][ T6021] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  234.093041][ T6021] usb 9-1: config 0 interface 0 has no altsetting 0
[  234.113712][ T6021] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  234.149816][ T6021] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  234.159490][ T6021] usb 9-1: config 0 interface 0 has no altsetting 0
[  234.191968][ T6021] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  234.195929][ T6021] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  234.225167][ T6021] usb 9-1: config 0 interface 0 has no altsetting 0
[  234.255192][ T6021] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  234.260725][ T6021] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  234.265433][ T6021] usb 9-1: config 0 interface 0 has no altsetting 0
[  234.271203][ T6021] usb 9-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  234.275018][ T6021] usb 9-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  234.280870][ T6021] usb 9-1: Product: syz
[  234.283078][ T6021] usb 9-1: Manufacturer: syz
[  234.285538][ T6021] usb 9-1: SerialNumber: syz
[  234.289989][ T6021] usb 9-1: config 0 descriptor??
[  234.301001][ T6021] yurex 9-1:0.0: USB YUREX device now attached to Yurex #0
[  234.374938][ T1228] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  234.500571][ T1228] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  234.529919][ T5968] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  234.567313][    C3] usb 9-1: yurex_control_callback - control failed: -71
[  234.572218][ T6021] usb 9-1: USB disconnect, device number 8
[  234.574069][ T5968] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  234.590386][ T6021] yurex 9-1:0.0: USB YUREX #0 now disconnected
[  234.605136][ T5968] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  234.634450][ T5968] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  234.639266][ T5968] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  234.696192][ T1228] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  234.770881][ T8126] lo speed is unknown, defaulting to 1000
[  235.094880][ T1228] bridge_slave_1: left allmulticast mode
[  235.110290][ T1228] bridge_slave_1: left promiscuous mode
[  235.113170][ T1228] bridge0: port 2(bridge_slave_1) entered disabled state
[  235.177112][ T8134] netlink: 4 bytes leftover after parsing attributes in process `syz.2.427'.
[  235.191096][ T1228] bridge_slave_0: left allmulticast mode
[  235.200939][ T1228] bridge_slave_0: left promiscuous mode
[  235.209893][ T1228] bridge0: port 1(bridge_slave_0) entered disabled state
[  235.693876][ T8142] netlink: 4 bytes leftover after parsing attributes in process `syz.4.429'.
[  236.589937][ T1228] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  236.602807][ T1228] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  236.612112][ T1228] bond0 (unregistering): Released all slaves
[  236.777981][ T5964] Bluetooth: hci0: command tx timeout
[  237.230169][ T8150] netlink: 6 bytes leftover after parsing attributes in process `syz.0.431'.
[  237.711126][ T8126] chnl_net:caif_netlink_parms(): no params data found
[  237.810590][    C1] vkms_vblank_simulate: vblank timer overrun
[  238.088932][    C1] vkms_vblank_simulate: vblank timer overrun
[  238.091973][ T1228] hsr_slave_0: left promiscuous mode
[  238.119044][ T1228] hsr_slave_1: left promiscuous mode
[  238.126669][ T1228] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  238.129774][ T1228] batman_adv: batadv0: Removing interface: batadv_slave_0
[  238.189301][ T1228] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  238.194283][ T1228] batman_adv: batadv0: Removing interface: batadv_slave_1
[  238.394917][ T1228] veth1_macvtap: left promiscuous mode
[  238.397880][ T1228] veth0_macvtap: left promiscuous mode
[  238.401081][ T1228] veth1_vlan: left promiscuous mode
[  238.403866][ T1228] veth0_vlan: left promiscuous mode
[  238.600711][    C1] vkms_vblank_simulate: vblank timer overrun
[  238.764452][ T8171] netlink: 32 bytes leftover after parsing attributes in process `syz.0.432'.
[  238.834676][ T5964] Bluetooth: hci0: command tx timeout
[  238.954530][    C1] vkms_vblank_simulate: vblank timer overrun
[  239.506401][ T8175] netlink: 'syz.4.434': attribute type 33 has an invalid length.
[  239.513658][ T8175] netlink: 152 bytes leftover after parsing attributes in process `syz.4.434'.
[  239.656593][    C1] vkms_vblank_simulate: vblank timer overrun
[  239.989115][    C1] vkms_vblank_simulate: vblank timer overrun
[  240.654536][    C1] vkms_vblank_simulate: vblank timer overrun
[  240.838655][    C1] vkms_vblank_simulate: vblank timer overrun
[  240.890518][    C1] vkms_vblank_simulate: vblank timer overrun
[  240.921286][ T5964] Bluetooth: hci0: command tx timeout
[  241.019445][    C1] vkms_vblank_simulate: vblank timer overrun
[  241.094831][    C1] vkms_vblank_simulate: vblank timer overrun
[  241.226623][    C1] vkms_vblank_simulate: vblank timer overrun
[  241.820839][ T8189] netlink: 6 bytes leftover after parsing attributes in process `syz.2.439'.
[  241.874447][    C1] vkms_vblank_simulate: vblank timer overrun
[  241.925031][ T1228] team0 (unregistering): Port device team_slave_1 removed
[  242.157243][ T1228] team0 (unregistering): Port device team_slave_0 removed
[  242.480993][    C1] vkms_vblank_simulate: vblank timer overrun
[  242.573857][    C1] vkms_vblank_simulate: vblank timer overrun
[  242.992208][ T5964] Bluetooth: hci0: command tx timeout
[  243.442429][    C1] vkms_vblank_simulate: vblank timer overrun
[  244.194519][    C1] vkms_vblank_simulate: vblank timer overrun
[  244.756200][ T8126] bridge0: port 1(bridge_slave_0) entered blocking state
[  244.839038][ T8126] bridge0: port 1(bridge_slave_0) entered disabled state
[  244.866344][ T8126] bridge_slave_0: entered allmulticast mode
[  244.875888][ T8126] bridge_slave_0: entered promiscuous mode
[  245.027663][ T8126] bridge0: port 2(bridge_slave_1) entered blocking state
[  245.030829][ T8126] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.033980][ T8126] bridge_slave_1: entered allmulticast mode
[  245.041972][ T8126] bridge_slave_1: entered promiscuous mode
[  245.070284][ T5964] Bluetooth: hci0: command tx timeout
[  245.377204][ T8126] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  245.550471][    C1] vkms_vblank_simulate: vblank timer overrun
[  245.722446][    C1] vkms_vblank_simulate: vblank timer overrun
[  245.778491][ T8126] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  245.926437][    C1] vkms_vblank_simulate: vblank timer overrun
[  246.238450][    C1] vkms_vblank_simulate: vblank timer overrun
[  246.270473][    C1] vkms_vblank_simulate: vblank timer overrun
[  246.477612][ T8126] team0: Port device team_slave_0 added
[  246.503669][ T8126] team0: Port device team_slave_1 added
[  246.742652][    C1] vkms_vblank_simulate: vblank timer overrun
[  246.922468][    C1] vkms_vblank_simulate: vblank timer overrun
[  247.146440][    C1] vkms_vblank_simulate: vblank timer overrun
[  247.230473][    C1] vkms_vblank_simulate: vblank timer overrun
[  247.349544][ T8126] batman_adv: batadv0: Adding interface: batadv_slave_0
[  247.352983][ T8126] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  247.392695][ T8126] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  247.446956][ T8126] batman_adv: batadv0: Adding interface: batadv_slave_1
[  247.456743][ T8126] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  247.501328][ T8126] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  247.654850][    C1] vkms_vblank_simulate: vblank timer overrun
[  247.790500][    C1] vkms_vblank_simulate: vblank timer overrun
[  247.860148][ T8126] hsr_slave_0: entered promiscuous mode
[  247.863389][ T8126] hsr_slave_1: entered promiscuous mode
[  247.867536][ T8126] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  247.875721][ T8126] Cannot create hsr debugfs directory
[  248.340291][ T8255] netlink: 32 bytes leftover after parsing attributes in process `syz.0.450'.
[  248.646615][    C1] vkms_vblank_simulate: vblank timer overrun
[  248.842242][    C1] vkms_vblank_simulate: vblank timer overrun
[  248.870082][    C1] vkms_vblank_simulate: vblank timer overrun
[  248.954468][    C1] vkms_vblank_simulate: vblank timer overrun
[  248.990397][    C1] vkms_vblank_simulate: vblank timer overrun
[  249.349519][    C1] vkms_vblank_simulate: vblank timer overrun
[  249.903809][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.030444][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.960988][ T5964] Bluetooth: hci3: unexpected event for opcode 0x1804
[  251.135738][ T8126] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  251.144494][ T8126] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  251.195055][ T8126] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  251.268345][    C2] vkms_vblank_simulate: vblank timer overrun
[  251.285471][   T40] audit: type=1800 audit(1745250540.538:1280): pid=8304 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.461" name="bus" dev="tmpfs" ino=2 res=0 errno=0
[  251.300211][ T6000] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  251.300559][ T8126] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  251.470844][ T6000] usb 7-1: too many configurations: 9, using maximum allowed: 8
[  251.471772][ T8126] 8021q: adding VLAN 0 to HW filter on device bond0
[  251.476460][ T6000] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  251.494035][ T6000] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  251.500877][ T8126] 8021q: adding VLAN 0 to HW filter on device team0
[  251.513928][ T6000] usb 7-1: config 0 interface 0 has no altsetting 0
[  251.535229][   T94] bridge0: port 1(bridge_slave_0) entered blocking state
[  251.545332][ T6000] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  251.552518][   T94] bridge0: port 1(bridge_slave_0) entered forwarding state
[  251.559366][ T6000] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  251.579095][   T94] bridge0: port 2(bridge_slave_1) entered blocking state
[  251.603207][ T6000] usb 7-1: config 0 interface 0 has no altsetting 0
[  251.604972][   T94] bridge0: port 2(bridge_slave_1) entered forwarding state
[  251.616449][ T6000] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  251.619314][ T6000] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  251.623494][ T6000] usb 7-1: config 0 interface 0 has no altsetting 0
[  251.628442][ T6000] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  251.652461][ T6000] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  251.656950][ T6000] usb 7-1: config 0 interface 0 has no altsetting 0
[  251.672311][ T6000] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  251.678820][ T6000] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  251.685550][ T6000] usb 7-1: config 0 interface 0 has no altsetting 0
[  251.707603][ T6000] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  251.713591][ T6000] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  251.731074][ T6000] usb 7-1: config 0 interface 0 has no altsetting 0
[  251.743165][ T6000] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  251.758900][ T6000] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  251.768374][ T6000] usb 7-1: config 0 interface 0 has no altsetting 0
[  251.807562][ T6000] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  251.827409][ T8316] netlink: 32 bytes leftover after parsing attributes in process `syz.4.462'.
[  251.840757][ T6000] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  251.910820][ T6000] usb 7-1: config 0 interface 0 has no altsetting 0
[  251.917635][ T6000] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  251.940129][ T6000] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  251.962776][ T6000] usb 7-1: Product: syz
[  251.969607][ T6000] usb 7-1: Manufacturer: syz
[  251.972222][ T6000] usb 7-1: SerialNumber: syz
[  251.995585][ T6000] usb 7-1: config 0 descriptor??
[  252.002965][ T6000] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0
[  252.267722][    C2] usb 7-1: yurex_control_callback - control failed: -71
[  252.269468][ T6021] usb 7-1: USB disconnect, device number 8
[  252.312897][ T6021] yurex 7-1:0.0: USB YUREX #0 now disconnected
[  252.622355][ T8126] 8021q: adding VLAN 0 to HW filter on device batadv0
[  253.407733][ T8126] veth0_vlan: entered promiscuous mode
[  253.420890][ T8126] veth1_vlan: entered promiscuous mode
[  253.534730][ T8349] netlink: 4 bytes leftover after parsing attributes in process `syz.4.466'.
[  253.565886][ T8126] veth0_macvtap: entered promiscuous mode
[  253.584933][    C2] vkms_vblank_simulate: vblank timer overrun
[  253.669553][ T8126] veth1_macvtap: entered promiscuous mode
[  253.707074][ T8126] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  253.717032][ T8126] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.723425][ T8126] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  253.730551][ T8126] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.736781][ T8126] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  253.744007][ T8126] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.752971][ T8126] batman_adv: batadv0: Interface activated: batadv_slave_0
[  253.761346][ T8126] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  253.769901][ T8126] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.778033][ T8126] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  253.785497][ T8126] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.793285][ T8126] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  253.802855][ T8126] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.812442][ T8126] batman_adv: batadv0: Interface activated: batadv_slave_1
[  253.838585][ T8126] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  253.849758][ T8126] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  253.857151][ T8126] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  253.874045][ T8126] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  254.232526][ T1136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  254.282461][ T1136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  254.302399][    C2] vkms_vblank_simulate: vblank timer overrun
[  254.311856][ T1136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  254.320914][ T1136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  254.555811][ T8386] netlink: 28 bytes leftover after parsing attributes in process `syz.2.471'.
[  254.588378][    C2] vkms_vblank_simulate: vblank timer overrun
[  254.794484][    C2] vkms_vblank_simulate: vblank timer overrun
[  255.022855][ T5964] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  255.028017][ T5964] Bluetooth: hci3: Injecting HCI hardware error event
[  255.038665][ T5968] Bluetooth: hci3: hardware error 0x00
[  255.102338][    C2] vkms_vblank_simulate: vblank timer overrun
[  255.250756][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  255.254282][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  255.348280][ T8395] netlink: 32 bytes leftover after parsing attributes in process `syz.2.473'.
[  255.387825][    C2] vkms_vblank_simulate: vblank timer overrun
[  255.698467][    C2] vkms_vblank_simulate: vblank timer overrun
[  255.732437][    C2] vkms_vblank_simulate: vblank timer overrun
[  256.019347][   T12] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.190346][    C2] vkms_vblank_simulate: vblank timer overrun
[  256.442003][ T8398] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10)
[  256.445667][ T8398] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  256.455346][ T8398] vhci_hcd vhci_hcd.0: Device attached
[  256.468499][ T8400] vhci_hcd: cannot find a urb of seqnum 9 max seqnum 0
[  256.509526][ T1137] vhci_hcd: stop threads
[  256.513482][   T12] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.528724][ T1137] vhci_hcd: release socket
[  256.536850][ T1137] vhci_hcd: disconnect device
[  256.669076][ T5964] Bluetooth: hci4: unexpected subevent 0x05 length: 30 > 12
[  256.683791][    C2] vkms_vblank_simulate: vblank timer overrun
[  256.767716][    C2] vkms_vblank_simulate: vblank timer overrun
[  256.824431][   T12] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  257.036444][   T12] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  257.073855][ T5968] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  257.086384][ T5957] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  257.120946][ T5957] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  257.135115][ T5957] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  257.182415][    C2] vkms_vblank_simulate: vblank timer overrun
[  257.208700][    C2] vkms_vblank_simulate: vblank timer overrun
[  257.243616][ T5957] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  257.280827][ T5957] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  257.360758][ T8412] lo speed is unknown, defaulting to 1000
[  257.374432][    C2] vkms_vblank_simulate: vblank timer overrun
[  257.783956][ T8418] netlink: 'syz.0.478': attribute type 33 has an invalid length.
[  257.850349][ T8418] netlink: 152 bytes leftover after parsing attributes in process `syz.0.478'.
[  257.871727][   T12] bridge_slave_1: left allmulticast mode
[  257.875267][   T12] bridge_slave_1: left promiscuous mode
[  257.888363][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  257.978571][   T12] bridge_slave_0: left allmulticast mode
[  257.985623][   T12] bridge_slave_0: left promiscuous mode
[  257.989035][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  258.690526][ T5964] Bluetooth: hci4: command 0x0c1a tx timeout
[  259.056529][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  259.075986][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  259.081722][   T12] bond0 (unregistering): Released all slaves
[  259.152446][ T8412] chnl_net:caif_netlink_parms(): no params data found
[  259.350361][ T5964] Bluetooth: hci0: command tx timeout
[  260.002851][ T8455] netlink: 'syz.4.484': attribute type 10 has an invalid length.
[  260.033190][ T8455] 8021q: adding VLAN 0 to HW filter on device batadv0
[  260.062372][ T8455] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  260.066349][    C2] vkms_vblank_simulate: vblank timer overrun
[  260.156847][ T8412] bridge0: port 1(bridge_slave_0) entered blocking state
[  260.159634][ T8412] bridge0: port 1(bridge_slave_0) entered disabled state
[  260.163864][ T8412] bridge_slave_0: entered allmulticast mode
[  260.184809][ T8412] bridge_slave_0: entered promiscuous mode
[  260.205952][ T8412] bridge0: port 2(bridge_slave_1) entered blocking state
[  260.215743][ T8457] raw_sendmsg: syz.4.484 forgot to set AF_INET. Fix it!
[  260.216084][ T8412] bridge0: port 2(bridge_slave_1) entered disabled state
[  260.222687][ T8457] Invalid logical block size (64)
[  260.243066][ T8412] bridge_slave_1: entered allmulticast mode
[  260.256569][ T8412] bridge_slave_1: entered promiscuous mode
[  260.619485][ T8455] bond0: entered promiscuous mode
[  260.622347][ T8455] bond_slave_0: entered promiscuous mode
[  260.636379][ T8455] bond_slave_1: entered promiscuous mode
[  260.649643][ T8455] bridge0: entered promiscuous mode
[  260.654979][ T8455] batadv0: entered promiscuous mode
[  260.824898][    C2] vkms_vblank_simulate: vblank timer overrun
[  261.088107][ T8461] netlink: 32 bytes leftover after parsing attributes in process `syz.2.485'.
[  261.289948][   T12] hsr_slave_0: left promiscuous mode
[  261.317418][    C2] vkms_vblank_simulate: vblank timer overrun
[  261.334586][   T12] hsr_slave_1: left promiscuous mode
[  261.337335][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  261.340767][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  261.365867][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  261.369598][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  261.404299][ T5964] Bluetooth: hci0: command tx timeout
[  261.475528][   T12] veth1_macvtap: left promiscuous mode
[  261.477741][   T12] veth0_macvtap: left promiscuous mode
[  261.499187][   T12] veth1_vlan: left promiscuous mode
[  261.501589][   T12] veth0_vlan: left promiscuous mode
[  262.070381][    C2] vkms_vblank_simulate: vblank timer overrun
[  262.183204][    C2] vkms_vblank_simulate: vblank timer overrun
[  262.438321][    C2] vkms_vblank_simulate: vblank timer overrun
[  262.735163][    C2] vkms_vblank_simulate: vblank timer overrun
[  262.924427][    C2] vkms_vblank_simulate: vblank timer overrun
[  262.974307][    C2] vkms_vblank_simulate: vblank timer overrun
[  263.213232][ T8487] netlink: 28 bytes leftover after parsing attributes in process `syz.4.492'.
[  263.321649][    C2] vkms_vblank_simulate: vblank timer overrun
[  263.367581][    C2] vkms_vblank_simulate: vblank timer overrun
[  263.490382][ T5964] Bluetooth: hci0: command tx timeout
[  263.922607][    C2] vkms_vblank_simulate: vblank timer overrun
[  263.952630][    C2] vkms_vblank_simulate: vblank timer overrun
[  264.016508][    C2] vkms_vblank_simulate: vblank timer overrun
[  264.195169][    C2] vkms_vblank_simulate: vblank timer overrun
[  264.330222][    C2] vkms_vblank_simulate: vblank timer overrun
[  264.564393][   T12] team0 (unregistering): Port device team_slave_1 removed
[  264.780663][   T12] team0 (unregistering): Port device team_slave_0 removed
[  265.586037][ T5964] Bluetooth: hci0: command tx timeout
[  266.845593][ T8412] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  266.859509][ T8412] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  266.887008][ T8487] bond0: left promiscuous mode
[  266.894353][ T8487] bond_slave_0: left promiscuous mode
[  266.898611][ T8487] bond_slave_1: left promiscuous mode
[  266.901169][ T8487] bridge0: left promiscuous mode
[  266.926107][ T8487] batadv0: left promiscuous mode
[  267.411533][ T8500] FAULT_INJECTION: forcing a failure.
[  267.411533][ T8500] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  267.419613][ T8412] team0: Port device team_slave_0 added
[  267.428325][ T8500] CPU: 2 UID: 0 PID: 8500 Comm: syz.2.495 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
[  267.428353][ T8500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  267.428363][ T8500] Call Trace:
[  267.428371][ T8500]  <TASK>
[  267.428379][ T8500]  dump_stack_lvl+0x16c/0x1f0
[  267.428409][ T8500]  should_fail_ex+0x512/0x640
[  267.428434][ T8500]  should_fail_alloc_page+0xe7/0x130
[  267.428458][ T8500]  prepare_alloc_pages+0x3c2/0x610
[  267.428487][ T8500]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  267.428509][ T8500]  ? find_held_lock+0x2b/0x80
[  267.428527][ T8500]  ? is_bpf_text_address+0x8a/0x1a0
[  267.428548][ T8500]  ? bpf_ksym_find+0x124/0x1c0
[  267.428563][ T8500]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  267.428581][ T8500]  ? is_bpf_text_address+0x94/0x1a0
[  267.428672][ T8500]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  267.428692][ T8500]  ? __kernel_text_address+0xd/0x40
[  267.428706][ T8500]  ? unwind_get_return_address+0x59/0xa0
[  267.428726][ T8500]  ? arch_stack_walk+0xa6/0x100
[  267.428760][ T8500]  ? __lock_acquire+0x5ca/0x1ba0
[  267.428783][ T8500]  ? stack_trace_save+0x8e/0xc0
[  267.428800][ T8500]  ? __pfx_stack_trace_save+0x10/0x10
[  267.428815][ T8500]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  267.428840][ T8500]  ? policy_nodemask+0xea/0x4e0
[  267.428863][ T8500]  alloc_pages_mpol+0x1fb/0x550
[  267.428887][ T8500]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  267.428909][ T8500]  ? __lock_acquire+0x5ca/0x1ba0
[  267.428933][ T8500]  folio_alloc_mpol_noprof+0x36/0x2f0
[  267.429038][ T8500]  vma_alloc_folio_noprof+0xed/0x1e0
[  267.429103][ T8500]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  267.429136][ T8500]  do_pte_missing+0x223d/0x3fb0
[  267.429201][ T8500]  __handle_mm_fault+0x103d/0x2a40
[  267.429228][ T8500]  ? __pfx___handle_mm_fault+0x10/0x10
[  267.429260][ T8500]  ? find_vma+0xbf/0x140
[  267.429284][ T8500]  ? __pfx_find_vma+0x10/0x10
[  267.429310][ T8500]  handle_mm_fault+0x3fe/0xad0
[  267.429367][ T8500]  do_user_addr_fault+0x7a6/0x1370
[  267.429427][ T8500]  ? rcu_is_watching+0x12/0xc0
[  267.429443][ T8500]  exc_page_fault+0x5c/0xc0
[  267.429466][ T8500]  asm_exc_page_fault+0x26/0x30
[  267.429482][ T8500] RIP: 0010:_copy_to_user+0xb6/0xd0
[  267.429502][ T8500] Code: 89 ee 48 89 ef e8 0a 1e ee fc 4d 85 ff 75 a8 e8 50 23 ee fc 89 de 4c 89 e7 e8 d6 ad 52 fd 0f 01 cb 48 89 d9 48 89 ef 4c 89 e6 <f3> a4 0f 1f 00 0f 01 ca 48 89 cb eb 80 66 2e 0f 1f 84 00 00 00 00
[  267.429518][ T8500] RSP: 0018:ffffc90004417a70 EFLAGS: 00050246
[  267.429532][ T8500] RAX: 0000000000000001 RBX: 00000000000000d0 RCX: 00000000000000d0
[  267.429543][ T8500] RDX: fffff52000882f7c RSI: ffffc90004417b10 RDI: 0000000080002200
[  267.429553][ T8500] RBP: 0000000080002200 R08: 0000000000000000 R09: fffff52000882f7b
[  267.429563][ T8500] R10: ffffc90004417bdf R11: 0000000000000000 R12: ffffc90004417b10
[  267.429574][ T8500] R13: 00000000800022d0 R14: 00007ffffffff000 R15: 0000000000000000
[  267.429602][ T8500]  ucma_query_route+0x4ad/0xbc0
[  267.429666][ T8500]  ? __pfx_ucma_query_route+0x10/0x10
[  267.429681][ T8500]  ? __lock_acquire+0xaa4/0x1ba0
[  267.429728][ T8500]  ? __pfx_ucma_query_route+0x10/0x10
[  267.429748][ T8500]  ucma_write+0x1f8/0x330
[  267.429763][ T8500]  ? __pfx_ucma_write+0x10/0x10
[  267.429776][ T8500]  ? bpf_lsm_file_permission+0x9/0x10
[  267.429792][ T8500]  ? security_file_permission+0x71/0x210
[  267.429856][ T8500]  ? rw_verify_area+0xcf/0x680
[  267.429883][ T8500]  vfs_write+0x25c/0x1180
[  267.429897][ T8500]  ? __pfx_ucma_write+0x10/0x10
[  267.429994][ T8500]  ? __pfx_vfs_write+0x10/0x10
[  267.430070][ T8500]  ? find_held_lock+0x2b/0x80
[  267.430124][ T8500]  ? __fget_files+0x204/0x3c0
[  267.430147][ T8500]  ? __fget_files+0x20e/0x3c0
[  267.430191][ T8500]  ksys_write+0x205/0x240
[  267.430210][ T8500]  ? __pfx_ksys_write+0x10/0x10
[  267.430229][ T8500]  ? rcu_is_watching+0x12/0xc0
[  267.430249][ T8500]  __do_fast_syscall_32+0x73/0x120
[  267.430275][ T8500]  do_fast_syscall_32+0x32/0x80
[  267.430299][ T8500]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  267.430318][ T8500] RIP: 0023:0xf70ae579
[  267.430334][ T8500] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  267.430348][ T8500] RSP: 002b:00000000f509e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  267.430364][ T8500] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  267.430374][ T8500] RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000000
[  267.430383][ T8500] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  267.430391][ T8500] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  267.430399][ T8500] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  267.430421][ T8500]  </TASK>
[  267.634743][ T5964] Bluetooth: hci0: command tx timeout
[  267.663619][ T8412] team0: Port device team_slave_1 added
[  267.706077][ T8497] delete_channel: no stack
[  267.722791][ T8499] delete_channel: no stack
[  267.907458][ T8509] netlink: 16 bytes leftover after parsing attributes in process `syz.2.496'.
[  268.011173][ T8508] 8021q: adding VLAN 0 to HW filter on device bond1
[  268.197132][ T8412] batman_adv: batadv0: Adding interface: batadv_slave_0
[  268.216588][ T8412] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  268.241698][ T8412] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  268.269569][ T8412] batman_adv: batadv0: Adding interface: batadv_slave_1
[  268.280133][ T8412] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  268.306961][ T8412] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  268.402207][    C0] ==================================================================
[  268.406963][    C0] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0x3a/0x60
[  268.418328][    C0] Read of size 1 at addr ffff888012cc3418 by task kworker/u32:5/1135
[  268.433162][    C0] 
[  268.435597][    C0] CPU: 0 UID: 0 PID: 1135 Comm: kworker/u32:5 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
[  268.435615][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  268.435625][    C0] Workqueue: events_unbound toggle_allocation_gate
[  268.435646][    C0] Call Trace:
[  268.435652][    C0]  <IRQ>
[  268.435657][    C0]  dump_stack_lvl+0x116/0x1f0
[  268.435677][    C0]  print_report+0xc3/0x670
[  268.435691][    C0]  ? __virt_addr_valid+0x5e/0x590
[  268.435834][    C0]  ? __phys_addr+0xc6/0x150
[  268.435849][    C0]  ? _raw_spin_lock_irqsave+0x3a/0x60
[  268.435864][    C0]  kasan_report+0xe0/0x110
[  268.435879][    C0]  ? _raw_spin_lock_irqsave+0x3a/0x60
[  268.435895][    C0]  ? _raw_spin_lock_irqsave+0x3a/0x60
[  268.435909][    C0]  __kasan_check_byte+0x36/0x50
[  268.435923][    C0]  lock_acquire+0xfc/0x350
[  268.435940][    C0]  ? do_raw_spin_unlock+0x53/0x230
[  268.435951][    C0]  ? .slowpath+0x9/0x18
[  268.435966][    C0]  _raw_spin_lock_irqsave+0x3a/0x60
[  268.435980][    C0]  ? p9_req_put+0xaf/0x250
[  268.435996][    C0]  p9_req_put+0xaf/0x250
[  268.436011][    C0]  req_done+0x1dc/0x2e0
[  268.436026][    C0]  ? __pfx_req_done+0x10/0x10
[  268.436040][    C0]  ? __pfx_req_done+0x10/0x10
[  268.436053][    C0]  vring_interrupt+0x31b/0x400
[  268.436069][    C0]  ? __pfx_vring_interrupt+0x10/0x10
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  268.436085][    C0]  __handle_irq_event_percpu+0x229/0x7d0
[  268.436099][    C0]  handle_irq_event+0xab/0x1e0
[  268.436112][    C0]  handle_edge_irq+0x263/0xd10
[  268.436125][    C0]  __common_interrupt+0xdf/0x250
[  268.436143][    C0]  common_interrupt+0xba/0xe0
[  268.436156][    C0]  </IRQ>
[  268.436160][    C0]  <TASK>
[  268.436164][    C0]  asm_common_interrupt+0x26/0x40
[  268.436177][    C0] RIP: 0010:smp_call_function_many_cond+0x4a5/0x1290
[  268.436197][    C0] Code: 89 ee e8 ee 09 0c 00 85 ed 74 48 48 8b 44 24 20 49 89 c4 83 e0 07 49 c1 ec 03 48 89 c5 4d 01 f4 83 c5 03 e8 8d 0e 0c 00 f3 90 <41> 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 de 0b 00 00 8b 43 08 31
[  268.436210][    C0] RSP: 0018:ffffc90006df7938 EFLAGS: 00000293
[  268.436220][    C0] RAX: 0000000000000000 RBX: ffff88802b33f880 RCX: ffffffff81ae9b89
[  268.436228][    C0] RDX: ffff888025848000 RSI: ffffffff81ae9b63 RDI: 0000000000000005
[  268.436236][    C0] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000
[  268.436243][    C0] R10: 0000000000000001 R11: 0000000000000000 R12: ffffed1005667f11
[  268.436251][    C0] R13: 0000000000000001 R14: dffffc0000000000 R15: ffff88802b23b180
[  268.436261][    C0]  ? smp_call_function_many_cond+0x4c9/0x1290
[  268.436279][    C0]  ? smp_call_function_many_cond+0x4a3/0x1290
[  268.436298][    C0]  ? smp_call_function_many_cond+0x4a3/0x1290
[  268.436318][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  268.436332][    C0]  on_each_cpu_cond_mask+0x40/0x90
[  268.436350][    C0]  text_poke_bp_batch+0x566/0x760
[  268.436366][    C0]  ? __kmalloc_node_track_caller_noprof+0xec/0x510
[  268.436383][    C0]  ? __pfx_text_poke_bp_batch+0x10/0x10
[  268.436397][    C0]  ? __jump_label_patch+0x1db/0x400
[  268.436415][    C0]  ? arch_jump_label_transform_queue+0xc0/0x120
[  268.436432][    C0]  ? find_held_lock+0x2b/0x80
[  268.436446][    C0]  text_poke_finish+0x30/0x40
[  268.436460][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[  268.436478][    C0]  jump_label_update+0x376/0x550
[  268.436492][    C0]  static_key_enable_cpuslocked+0x1b7/0x270
[  268.436507][    C0]  static_key_enable+0x1a/0x20
[  268.436520][    C0]  toggle_allocation_gate+0xfa/0x280
[  268.436534][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  268.437926][    C0]  ? rcu_is_watching+0x12/0xc0
[  268.437941][    C0]  process_one_work+0x9cc/0x1b70
[  268.437957][    C0]  ? __pfx_bond_netdev_notify_work+0x10/0x10
[  268.437977][    C0]  ? __pfx_process_one_work+0x10/0x10
[  268.437991][    C0]  ? assign_work+0x1a0/0x250
[  268.438010][    C0]  worker_thread+0x6c8/0xf10
[  268.438026][    C0]  ? __pfx_worker_thread+0x10/0x10
[  268.438038][    C0]  kthread+0x3c2/0x780
[  268.438055][    C0]  ? __pfx_kthread+0x10/0x10
[  268.438071][    C0]  ? __pfx_kthread+0x10/0x10
[  268.438087][    C0]  ? __pfx_kthread+0x10/0x10
[  268.438103][    C0]  ? __pfx_kthread+0x10/0x10
[  268.438118][    C0]  ? rcu_is_watching+0x12/0xc0
[  268.438130][    C0]  ? __pfx_kthread+0x10/0x10
[  268.438166][    C0]  ret_from_fork+0x45/0x80
[  268.438179][    C0]  ? __pfx_kthread+0x10/0x10
[  268.438195][    C0]  ret_from_fork_asm+0x1a/0x30
[  268.438217][    C0]  </TASK>
[  268.438221][    C0] 
[  268.795270][    C0] Allocated by task 8527:
[  268.797894][    C0]  kasan_save_stack+0x33/0x60
[  268.800926][    C0]  kasan_save_track+0x14/0x30
[  268.803890][    C0]  __kasan_kmalloc+0xaa/0xb0
[  268.806752][    C0]  p9_client_create+0xc7/0x11c0
[  268.809357][    C0]  v9fs_session_init+0x1f7/0x1a80
[  268.811594][    C0]  v9fs_mount+0xc5/0xa30
[  268.813190][    C0]  legacy_get_tree+0x109/0x220
[  268.815059][    C0]  vfs_get_tree+0x8b/0x340
[  268.816691][    C0]  path_mount+0x14d4/0x1f30
[  268.818446][    C0]  __ia32_sys_mount+0x28b/0x310
[  268.820458][    C0]  __do_fast_syscall_32+0x73/0x120
[  268.822426][    C0]  do_fast_syscall_32+0x32/0x80
[  268.825259][    C0]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  268.828810][    C0] 
[  268.830380][    C0] Freed by task 8527:
[  268.832912][    C0]  kasan_save_stack+0x33/0x60
[  268.836294][    C0]  kasan_save_track+0x14/0x30
[  268.839375][    C0]  kasan_save_free_info+0x3b/0x60
[  268.843674][    C0]  __kasan_slab_free+0x51/0x70
[  268.847503][    C0]  kfree+0x2b6/0x4d0
[  268.849935][    C0]  p9_client_create+0xa28/0x11c0
[  268.852839][    C0]  v9fs_session_init+0x1f7/0x1a80
[  268.856410][    C0]  v9fs_mount+0xc5/0xa30
[  268.859277][    C0]  legacy_get_tree+0x109/0x220
[  268.862658][    C0]  vfs_get_tree+0x8b/0x340
[  268.865361][    C0]  path_mount+0x14d4/0x1f30
[  268.869278][    C0]  __ia32_sys_mount+0x28b/0x310
[  268.871927][    C0]  __do_fast_syscall_32+0x73/0x120
[  268.874815][    C0]  do_fast_syscall_32+0x32/0x80
[  268.877768][    C0]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  268.881660][    C0] 
[  268.883157][    C0] The buggy address belongs to the object at ffff888012cc3400
[  268.883157][    C0]  which belongs to the cache kmalloc-512 of size 512
[  268.892979][    C0] The buggy address is located 24 bytes inside of
[  268.892979][    C0]  freed 512-byte region [ffff888012cc3400, ffff888012cc3600)
[  268.901218][    C0] 
[  268.902598][    C0] The buggy address belongs to the physical page:
[  268.905945][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12cc0
[  268.910344][    C0] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  268.914852][    C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  268.919205][    C0] page_type: f5(slab)
[  268.921357][    C0] raw: 00fff00000000040 ffff88801b442c80 dead000000000100 dead000000000122
[  268.927502][    C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  268.934195][    C0] head: 00fff00000000040 ffff88801b442c80 dead000000000100 dead000000000122
[  268.939041][    C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  268.945782][    C0] head: 00fff00000000002 ffffea00004b3001 00000000ffffffff 00000000ffffffff
[  268.950374][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  268.954875][    C0] page dumped because: kasan: bad access detected
[  268.958223][    C0] page_owner tracks the page as allocated
[  268.961579][    C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5369, tgid 5369 (udevadm), ts 21029805272, free_ts 20864721393
[  268.970630][    C0]  post_alloc_hook+0x181/0x1b0
[  268.972977][    C0]  get_page_from_freelist+0x135c/0x3920
[  268.975685][    C0]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  268.978699][    C0]  alloc_pages_mpol+0x1fb/0x550
[  268.981629][    C0]  new_slab+0x244/0x340
[  268.985133][    C0]  ___slab_alloc+0xd9c/0x1940
[  268.988429][    C0]  __slab_alloc.constprop.0+0x56/0xb0
[  268.991843][    C0]  __kmalloc_cache_noprof+0xfb/0x3e0
[  268.994760][    C0]  kernfs_fop_open+0x244/0xda0
[  268.997696][    C0]  do_dentry_open+0x741/0x1c10
[  269.006914][    C0]  vfs_open+0x82/0x3f0
[  269.008654][    C0]  path_openat+0x1e5e/0x2d40
[  269.014168][    C0]  do_filp_open+0x20b/0x470
[  269.016921][    C0]  do_sys_openat2+0x11b/0x1d0
[  269.019596][    C0]  __x64_sys_openat+0x174/0x210
[  269.022262][    C0]  do_syscall_64+0xcd/0x230
[  269.026470][    C0] page last free pid 5369 tgid 5369 stack trace:
[  269.031396][    C0]  __free_frozen_pages+0x69d/0xff0
[  269.034745][    C0]  qlist_free_all+0x4e/0x120
[  269.037845][    C0]  kasan_quarantine_reduce+0x195/0x1e0
[  269.040384][    C0]  __kasan_slab_alloc+0x69/0x90
[  269.042917][    C0]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  269.046180][    C0]  getname_flags.part.0+0x4c/0x550
[  269.049706][    C0]  getname_flags+0x93/0xf0
[  269.051962][    C0]  do_readlinkat+0xb4/0x3a0
[  269.054356][    C0]  __x64_sys_readlink+0x78/0xc0
[  269.057318][    C0]  do_syscall_64+0xcd/0x230
[  269.060494][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.064912][    C0] 
[  269.066582][    C0] Memory state around the buggy address:
[  269.071335][    C0]  ffff888012cc3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  269.076066][    C0]  ffff888012cc3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  269.080817][    C0] >ffff888012cc3400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  269.086286][    C0]                             ^
[  269.089740][    C0]  ffff888012cc3480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  269.093800][    C0]  ffff888012cc3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  269.098415][    C0] ==================================================================
[  269.103043][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  269.107893][    C0] CPU: 0 UID: 0 PID: 1135 Comm: kworker/u32:5 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
[  269.117446][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  269.124110][    C0] Workqueue: events_unbound toggle_allocation_gate
[  269.127579][    C0] Call Trace:
[  269.129520][    C0]  <IRQ>
[  269.131525][    C0]  dump_stack_lvl+0x3d/0x1f0
[  269.134429][    C0]  panic+0x71c/0x800
[  269.137151][    C0]  ? __pfx_panic+0x10/0x10
[  269.139894][    C0]  ? __pfx__printk+0x10/0x10
[  269.142711][    C0]  ? end_report+0x4c/0x170
[  269.145550][    C0]  ? check_panic_on_warn+0x1f/0xb0
[  269.148630][    C0]  ? _raw_spin_lock_irqsave+0x3a/0x60
[  269.151783][    C0]  check_panic_on_warn+0xab/0xb0
[  269.155068][    C0]  end_report+0x107/0x170
[  269.157869][    C0]  kasan_report+0xee/0x110
[  269.160860][    C0]  ? _raw_spin_lock_irqsave+0x3a/0x60
[  269.164297][    C0]  ? _raw_spin_lock_irqsave+0x3a/0x60
[  269.167270][    C0]  __kasan_check_byte+0x36/0x50
[  269.169664][    C0]  lock_acquire+0xfc/0x350
[  269.171296][    C0]  ? do_raw_spin_unlock+0x53/0x230
[  269.173118][    C0]  ? .slowpath+0x9/0x18
[  269.174543][    C0]  _raw_spin_lock_irqsave+0x3a/0x60
[  269.176303][    C0]  ? p9_req_put+0xaf/0x250
[  269.177903][    C0]  p9_req_put+0xaf/0x250
[  269.180410][    C0]  req_done+0x1dc/0x2e0
[  269.182900][    C0]  ? __pfx_req_done+0x10/0x10
[  269.185662][    C0]  ? __pfx_req_done+0x10/0x10
[  269.188396][    C0]  vring_interrupt+0x31b/0x400
[  269.191152][    C0]  ? __pfx_vring_interrupt+0x10/0x10
[  269.193942][    C0]  __handle_irq_event_percpu+0x229/0x7d0
[  269.197030][    C0]  handle_irq_event+0xab/0x1e0
[  269.199745][    C0]  handle_edge_irq+0x263/0xd10
[  269.204079][    C0]  __common_interrupt+0xdf/0x250
[  269.207655][    C0]  common_interrupt+0xba/0xe0
[  269.211280][    C0]  </IRQ>
[  269.213843][    C0]  <TASK>
[  269.216797][    C0]  asm_common_interrupt+0x26/0x40
[  269.220764][    C0] RIP: 0010:smp_call_function_many_cond+0x4a5/0x1290
[  269.224743][    C0] Code: 89 ee e8 ee 09 0c 00 85 ed 74 48 48 8b 44 24 20 49 89 c4 83 e0 07 49 c1 ec 03 48 89 c5 4d 01 f4 83 c5 03 e8 8d 0e 0c 00 f3 90 <41> 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 de 0b 00 00 8b 43 08 31
[  269.236069][    C0] RSP: 0018:ffffc90006df7938 EFLAGS: 00000293
[  269.239293][    C0] RAX: 0000000000000000 RBX: ffff88802b33f880 RCX: ffffffff81ae9b89
[  269.243836][    C0] RDX: ffff888025848000 RSI: ffffffff81ae9b63 RDI: 0000000000000005
[  269.247791][    C0] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000
[  269.252765][    C0] R10: 0000000000000001 R11: 0000000000000000 R12: ffffed1005667f11
[  269.256192][    C0] R13: 0000000000000001 R14: dffffc0000000000 R15: ffff88802b23b180
[  269.259374][    C0]  ? smp_call_function_many_cond+0x4c9/0x1290
[  269.263535][    C0]  ? smp_call_function_many_cond+0x4a3/0x1290
[  269.266910][    C0]  ? smp_call_function_many_cond+0x4a3/0x1290
[  269.270833][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  269.273180][    C0]  on_each_cpu_cond_mask+0x40/0x90
[  269.274883][    C0]  text_poke_bp_batch+0x566/0x760
[  269.276517][    C0]  ? __kmalloc_node_track_caller_noprof+0xec/0x510
[  269.279666][    C0]  ? __pfx_text_poke_bp_batch+0x10/0x10
[  269.282540][    C0]  ? __jump_label_patch+0x1db/0x400
[  269.285856][    C0]  ? arch_jump_label_transform_queue+0xc0/0x120
[  269.290072][    C0]  ? find_held_lock+0x2b/0x80
[  269.293088][    C0]  text_poke_finish+0x30/0x40
[  269.295387][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[  269.297676][    C0]  jump_label_update+0x376/0x550
[  269.300021][    C0]  static_key_enable_cpuslocked+0x1b7/0x270
[  269.302257][    C0]  static_key_enable+0x1a/0x20
[  269.305106][    C0]  toggle_allocation_gate+0xfa/0x280
[  269.309106][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  269.313360][    C0]  ? rcu_is_watching+0x12/0xc0
[  269.316302][    C0]  process_one_work+0x9cc/0x1b70
[  269.322009][    C0]  ? __pfx_bond_netdev_notify_work+0x10/0x10
[  269.326194][    C0]  ? __pfx_process_one_work+0x10/0x10
[  269.330583][    C0]  ? assign_work+0x1a0/0x250
[  269.335567][    C0]  worker_thread+0x6c8/0xf10
[  269.339004][    C0]  ? __pfx_worker_thread+0x10/0x10
[  269.342307][    C0]  kthread+0x3c2/0x780
[  269.344786][    C0]  ? __pfx_kthread+0x10/0x10
[  269.347490][    C0]  ? __pfx_kthread+0x10/0x10
[  269.353284][    C0]  ? __pfx_kthread+0x10/0x10
[  269.358034][    C0]  ? __pfx_kthread+0x10/0x10
[  269.360530][    C0]  ? rcu_is_watching+0x12/0xc0
[  269.362696][    C0]  ? __pfx_kthread+0x10/0x10
[  269.364744][    C0]  ret_from_fork+0x45/0x80
[  269.366529][    C0]  ? __pfx_kthread+0x10/0x10
[  269.368792][    C0]  ret_from_fork_asm+0x1a/0x30
[  269.370885][    C0]  </TASK>
[  269.372927][    C0] Kernel Offset: disabled
[  269.374813][    C0] Rebooting in 86400 seconds..

VM DIAGNOSIS:
15:49:17  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000033 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff854aebb5 RDI=ffffffff9ae0cb80 RBP=ffffffff9ae0cb40 RSP=ffffc90000007768
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=6332313038386552
R12=0000000000000000 R13=0000000000000033 R14=ffffffff9ae0cb40 R15=ffffffff854aeb50
RIP=ffffffff854aebdf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977bf000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055754bfddf18 CR3=000000000e180000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000e8000000 Opmask01=0000000007e00000 Opmask02=0000000007ffffff Opmask03=0000000000000000
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055754bfd62f0 000055754bfd20c0
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff000000ff000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 ffffffffffffffff
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 06b545b7c6c2c536 737326036fdc1f12
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73737373737373e2 7373737373737373
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 000055754bfd3500 44455a494c414954 494e495f43455355
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6f742079373162 70616c2f74656e2f 6c6175747269762f 736563697665642f
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a4a51055c445757 440540495057055c 5744574a55484051 000f1a005b1a0f00
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000000 000000000000302d 78742f7365756575
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6574616470756372 000055754bfbb981 0000000000000031 0000000032336c6c
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 382433273f397b27 697a787c69303b7e 69305f474f5b647c 6930382433273f39
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 383a3a263d383a3a 263c383a3a263f38 3a3a263e383a3a26 39383a3a2638383a
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=31b8739a61f52000 RBX=ffff88806b1b4eb8 RCX=ffffc900041f79f4 RDX=0000000000000002
RSI=ffffffff8dbc437c RDI=ffffffff8bf44f00 RBP=0000000000000000 RSP=ffffc900041f79e8
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=ffffffff82030051 R13=0000000000000287 R14=ffff888023038000 R15=0000000000000003
RIP=ffffffff8197a403 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880978bf000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000562f376cca18 CR3=000000004d20c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=ffffc90007360000 RBX=0000000000000000 RCX=ffff888045551070 RDX=000000000000009d
RSI=ffffffff86959338 RDI=ffff8880455512d0 RBP=0000000000000001 RSP=ffffc90000538b80
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=0000000000000001 R13=0000000000004e20 R14=ffff888045551070 R15=0000000000000001
RIP=ffffffff86959375 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fc6301cf280 ffffffff 00c00000
GS =0000 ffff8880979bf000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080003000 CR3=0000000022f4c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000e8000000 Opmask01=0000000007e00000 Opmask02=0000000007ffffff Opmask03=0000000000000000
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055754bfd62f0 000055754bfd20c0
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff000000ff000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 ffffffffffffffff
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 06b545b7c6c2c536 737326036fdc1f12
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73737373737373e2 7373737373737373
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 000055754bfd3500 44455a494c414954 494e495f43455355
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6f742079373162 70616c2f74656e2f 6c6175747269762f 736563697665642f
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a4a51055c445757 440540495057055c 5744574a55484051 000f1a005b1a0f00
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000000 000000000000302d 78742f7365756575
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6574616470756372 000055754bfbb981 0000000000000031 0000000032336c6c
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 382433273f397b27 697a787c69303b7e 69305f474f5b647c 6930382433273f39
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 383a3a263d383a3a 263c383a3a263f38 3a3a263e383a3a26 39383a3a2638383a
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=ffffffff911f5bbc RBX=ffffffff909aa980 RCX=dffffc0000000000 RDX=0000000000000003
RSI=0000000000000000 RDI=ffffffff909aa97c RBP=ffffffff909aa97c RSP=ffffc900033e7428
R8 =ffffffff911f5c22 R9 =0000000000000000 R10=0000000000000002 R11=000000000000a68d
R12=ffffffff909aa984 R13=ffffffff81a68d2d R14=ffffffff909aa97c R15=ffffffff909aa97c
RIP=ffffffff81698fa3 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097abf000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7473230 CR3=000000004ab40000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000500000258 00000190ffffffdb
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000