last executing test programs:

11.781025471s ago: executing program 0 (id=195):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x1df67, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000002004000b7080000000000007b8af8ff00000000b7080000000200007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000001823", @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000340)=[{0x0, 0x1, 0xa, 0xb}, {0x2, 0x2, 0xf, 0x7}, {0x5, 0x2, 0x13, 0x2}, {0x5, 0x5, 0x5, 0x9}], 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = syz_clone(0x800c000, &(0x7f0000001480), 0x0, 0x0, 0x0, 0x0)
kcmp(r1, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x110, r6, 0xbd65d000)
r7 = syz_io_uring_setup(0x10d, &(0x7f0000000440), &(0x7f0000000380)=<r8=>0x0, &(0x7f0000000280)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xb, 0x0, 0xffffffffffffffff, 0x0, 0x0})
r10 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
ioctl$BTRFS_IOC_SCRUB_CANCEL(r10, 0x941c, 0x0)
io_uring_enter(r7, 0x3f70, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x441, 0x0)

10.669830168s ago: executing program 0 (id=196):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="50010000100013070000000000000000ac1414bb000000000000000000000000000000000000000000000000000000004e2200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb0000000000000000000000000000000032000000ac000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017000100000000000000ffffffff000000000000000000000000432b9936111787cce0d7f6d1db00"/277], 0x150}}, 0x0)
ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000000)={0x3, 0x62b, 0x5})
syz_init_net_socket$ax25(0x3, 0x5, 0x0)
creat(&(0x7f0000000200)='./file0\x00', 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r3=>0x0})
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0xffffffffffffffdc, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="5400000010000104000000000000000100000000", @ANYRES32=0x0, @ANYBLOB="fff00000000000002c0012800e00010069703667726574617000000018000280140007002001000000000000000000000000000208000a00", @ANYRES32=r3, @ANYBLOB="7c750413a9e0e42c0149accab99be1f9f46ee94fa45c0dea3f2ef0accf9b56846389af56969b81b6866e7c792563a14abe1bd3f04ef1ab025289f9e0a8ef057244c88c58a5108b2153caf1bade12de5ff624b082a061ad3c0f6ace97d007fc952f8ea23b3a1d8ab66a70a6f56956ef466d98c80c671ff2e32de092469a2c788de943c917dc0cedbc"], 0x54}}, 0x0)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x6)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r5 = io_uring_setup(0x3eae, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x393})
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x1000000000000160)
socket$packet(0x11, 0x3, 0x300)
gettid()
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
sendmsg(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)=[{}], 0x1}, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
r6 = socket(0x10, 0x3, 0x0)
write(r6, &(0x7f0000000000)="240000001e00ff3bd90ea7eff078000000000000000000000000000008000f0016040000", 0x24)
readv(r6, &(0x7f0000000680)=[{&(0x7f0000000100)=""/215, 0xd7}], 0x1)

6.34353635s ago: executing program 0 (id=206):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sys_enter\x00'}, 0x55)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000040000000000000000380000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000ddffffff0000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xf, &(0x7f0000000140)=ANY=[@ANYBLOB="18b244a4000040000000ffffff18", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b00000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x90)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
msgsnd(0x0, &(0x7f0000001580)=ANY=[@ANYBLOB], 0x54, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffff43)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_FORWARD(0xffffffffffffffff, 0x40044149, &(0x7f0000000440)=0xa)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000140)=0x7)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000080)=0xff)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f00000003c0))
keyctl$clear(0x11, 0xfffffffffffffffd)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
copy_file_range(r3, &(0x7f0000000280)=0x1, r6, &(0x7f0000000400)=0x100, 0x4577, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x5)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, &(0x7f0000001600)={{0x1, 0x0, 0x80, {0x3000, 0x3000, 0x1}}, "6a75623f7b4d3550358408d4cef6cc565d8d759a8786cc3471506bc0dd5c2dc9863d40a8988437400c01eff7480ab44079f4f2f093e1b3851f7b6ab3920eda71bad0a7cd981d853f7aa22761ebfcb5b687f7c81dd4a9b65ca7bc49a2110190072629553ba7fe94914c947f3ea792eeadd9b2f8417d068c138f1558a7f5f54dcc55c70e65a8b4a0eac5e4d7302761d734ddf9220be741085099812f1952070faed06817201ab09f2bbac196199e2058741331fabded6d644d3ddda59df778fd0a87a8a30514009e9f8f4b597b48248af17c72eb6722a96cdfb4e672d04c0b53c874262eae5c9b115b8b4411195fa117cb03c83ab10a4b13f8f7ece95f797d4b476ad76d178ecdd01ad0ddeb77fd0aead46529a28fb086d4e1a90aafb3012513d6417dacbd2b213e53bd1092c3c5de0b3c6c82bd4fa8621a097593c528cbf841918c6a6bc4ab45efd7b76c206df74e522810c0ec8b8378533f9dbd9a43f574399dbb4d74714d92c840cb0b3cafc7ebce00448802918a78784d271f46eae4024af7441022edf70ad1a380b0990e110adfb27b14a7f533601ea5ac00e7d21c4eb586bc0e5803b7ca2a98eafb8fca3906ab0b37863cc3721921b9e3a0822b823755fa3315536bd66aad3154a0c716a010c04ab493b275334023100376296c9e13ed7747376ef39028e2e7852e8478c576f9629d31718c1c770543540bd38c5b4f27fe910afba3f82682cdb1fc02cd19988343636a70b01531d4d5ffd5e2e25701fc8ce47b8f0e80392dd236eea49d59f86454e682507ba455fa6387dd83ae6182f9e15e2948f8757d4935438795ecb243bc4250f5177087da50d092a4d341142f15bd9e730068d8b8c989c4a591693ac1ca962b30e7fcf81ac63a9137cc190cf5b5553e85319b15c2b9844f16168ef49843c4eb3700b5cfab90f11feb632b1dec7c9a8323e23f13b9a09948d461d2ced2053c7d842b2dac6e27d154349da0cbca0ed1358dc2e4c207ab6e4e62de29be71e42fad2c56d172627d3c47ac47bd0ceddc1511c2f95a29d32be8f4daa651cd7547ca706a42563598797b69b447d67fd525c9cbb5518c3dbba3c005ea2571acb3c43a2f8cc7e9115c74c0ab5699fa4517a30beb076f84b1b4d0632059502b06e1f378ffd0e3b2b8ec19e1b9a9bef1a9adc0d87b1430ac17b5b185a798f7e350784dfcaa98da5244887641222de60e69fe8a261abd0da63d57f521ad7e1cd04cff047be64003b1efad9972947458938e4d980c13d7ee121e366d844a23fa91f7173122d8fbd5dafe30cc2f18143fe287352ad02e56fbabfbbe82475d3f585a7a6f158c5a6fae65b766f93d56e31856460770c089f2f679bf75aef2dd90e3658c9aca525a381e4c5d3a54d28e944cc32c0868293fcf194edb4305feece0ba59c8eca0582ab9b82dbb4879d7e8dbacc29f83fb04d8c96efa205f316477f87f81dd2ae05d4f0879c3a55e7587608716a7a802aef85083f79e53be8ec960736d3a0a0661579f9d7ca2c5d5c4d4d949c5ef3ef4583aaf6ec373da9ad39e0f3d218467a2105e0aeca14d241df905907a2552327776df07a53cd379c655273d24fa00a7ed41ee908a6e22d7112cf5f6906173d1488ce8f7764e83ea1c80d0603911b18bf3a27e8e63529368189af561ced25c14f1f8904b21f44a5848660fb7ad01f12543787ac546c682864c8e15eb31816d89902cb3ff5bd8871e80f0bde2e84c5218119d9bf171efee9386af3f2aa9aaef5a41ef09d78cd3340f17bfa4e9a423415c70cc54603f85e8fa6b3425ea4f0cd8464486237b0cf8cbe65be1c1ac4aae7b95a4bf798904f61a684731859815984a4cebfc16ea11ec3bca50ccc3e93fb1d4188d315b24a6546a01d1fbd576a8307a28e71b731a98f7a676f0bdb8ae809a936485bec9a5f2c4f80b54163c535714a1598d6bdb135b78de09c8ddfff0b6ecd106f7b1a66bcf8e4d2fee86017ed71f40174af92df5000f20d7a8754d4e47bc6754c4c18bb8da28066f04fe3a791f2aba5f4bcc1e93bf106a49199d418e59b122d462eea229267438d2ce89883c9dbc6bf0af699238d2ed04da7c6d3c930801ce6c8d0c13f3020cc734b8f384313b7bdba0b01eb172e0840d25010afa63253ba2078c63c805ac67d164db46d8b92887aa778640fbaa5ceb81a77cb2926543aa87475bd1e0932a72b032df9838a4c4a1f5820565496c7f7eb690173a0e167c7a24e4163e574e085e4a761f235a583602dedd80b6702b3ef530ad07d0e8b63002f966c93f452cd2c6b3eeefc8a6945b423a166089969213ede5583cb88d34d2d9f1cc3aeabbe38c1e1e3c7e4f3d86065d94d3b4ef0129636de20cbdb8e774eb12294679a198ca71a3d5f59c7c4f971436fa5bacff71fa7c4d03a142a30e789aa3925c6faad60a340c3587431e2ebcb3abe4994b41f54866f9edfe28f6c7ad379e6358319dfa1da7f5c516077164cdf47bd316f97603894186f7e4b58853bd42ed07ce432eac15c573ec25bff66cc935814f93001daee9f9f7bf19cbeafd86bb1aacedf001064271de71cd36919ec3e6b13417740ed13c6cb19031229c7b20f116b90620a056bb5b6d123c405764b7c06cd566d42016e4213c6d6136c30dff7b785e4eaad417b0b127ef9be22cba38c208483decedbb51259dac0ed0b175f042d6d7ded6da139b892e552d89c250a2cd1d25ddc850d4ccd0c8e96e0942387c37da7622041014a87dcd6eb307932e90a4653b1061edbb31c21719c6b3542acf32a79b7f1a76a563be745957b77ff7668c3cfc1fc74abd31831316fd64420ee4a884b1db4bf1adc5d7b429dc8529759ecc77b5ad515e93fb2dc7cd6d8c54c0ab895ccf98d7852edeb248f5fbe2ef0173e7fc4c539a61c26b252fbc05c20084c57b5755b182a246d45d31c98ea253269b42260a5b57833ad93076b8ee3a7225a6c5b51dc2238701d34833e64924a6ceb69bcdb76924d212363f689313463aba8af2637362c99d25c34bf3a148a70e7d368625f0e48fa67f739b32ce6c4e7591fee24950a40fcd80e6c4d6d08ca6085639913759dd431f4692193fbe6d6898d9cd1df2023c1b209fdd2b1a3e0892649a6f7e16b7f7d9753c529ead7b7683f0495f929ecb0450a71a8df77506088f59e886126cbefb09b008b851a4cd961045b4c93f7e08360a832e4a50a150954ca1c915423d5866cb4d1a1132b9c0e7946c9d61b1f6bd2f4fea29049e02bc69eadcecd4e284b87c97487faa2bb5e9389ff1679c167959bbfd716cf6785ab60024f1bd37705ff1a1f378eaacce4b30f28569015d39a67f3cf952a1e1cef58cc05f9f40192298cb17382710435a3f189cd1786411a3a39bfa98d1e7d7aa2c8e520ab304ef0b42f6737f77861eba0a0d6c33a59438503213e0e695e9f1510d0004fded3978af1661c4b2e009ed985408f229212847504b3e7a7d9adba2002b7cfec4cd509a39f358d75c3104c11a987c75cc9f6316e7dd6461cbf025ed7a8d495da23e280c68dbdbb7f10cf93f2ba484d6b9044a2b5cea4b94d51c4c92e6a6d1575961e882e7655bd087df4fff12391059d7851e01efb8605c76dff698dfa16cc87ac3fc42c6ec071f1c0b1cec1cb7c870bd15ac1e7c7d03d2f33dac3d1f850da1b89657f4d813992106bba2ef098e581a4233d565bc213b3d92a03dc261f728b51bfa08ced5ef54d19b8c4ecea99b631914204aca76f130a39c6705c28c4f3bfa8bd3eb4b0deff6365b5a3d0d06673151528f787f4760f37916c54ce44f8398b0c05a41d75e5b8e6b64206e19680afb3b772394fe2dcdd8844bb4b451217e9e2c99f7d8c41407b4634c90d01a0a933fc3397f5743fdac55227481f44fb4bce1238349d5ea3cd7c2f3084b63c02048f998d3333d0a56b87feb8472f2bd16fb302ade0f3ddc62b6c88eb41baf65d1a51439ef322e0574eaa277f126bc7b1a5142a3bd72f49d17a7af39d2b23294455a18f0b8c4228ee092f057c63699136222c058c9a69bbf8a3a780d83fbf5fde1ed1b1de66c609772e04aa3a43405f2915923a4bc0b4817a31487078aacb2707b21debd21b95bb9c4931ea3bbc491ecd166054df500f42c4e2e6ec8ec1b1131787687daebf37002c567aaf3a7c851b568bd67564210c7e8de3902e7f101721a2f7f751d1ac2b87a7dde9788bd05023d0ff5ca5adab83db697f8e411ac5cf80e90391a6fa5fd087b67b0024c3434687a4699e54a763d6f6285f41fd49afaa0ae59c22914c91882261d4fb8a889f13db5cd204df7850caced20b77d32cb8d5f8a121eee594c07578e27a03045288fbdb0914da3d90640cd67f8cdc1fea8f5e7d71496c60e432189dc7a7b097b2af7a0ac228fb8ba2fe0d08a6abc4ae264bf76c5b7e6f9795c14d1f8a9d5ce4e2acf8edca4b344747eceef47fcceb1d182f434172ca2b3fb29db0d38d00371fee781449112e7ea59801dfb22a6cbb23aafd7b1ada499d6c263a11f70aa52016105995931b685173f7042e748155e88b0af4ab85b43c0d7aa891775830a1a7694882fc3d3125835911822908d6ad2af32150cd3abd8720edf7b2582b3a8c79c8078b11f845dcb34a6439049166b5ee75da771416ee178ea38d9eebcb7c3796d369ae6dff032f272e96e0af0e182acba1cc8f70aa6c0c95cc41a190bd9baf93cc9e77fdf8009b04b885025cb6c96dc037cd5f9aac843d111dd585d83ca134eef35809d449c93f5ba4958180bc5b43c6f11c78db8c0f51b278bee6ceb2743eaa7cf54567d8cc0e711d7899af034ae7164836ada355f81b9ec33a7acd464319e45a3f83f6f4e696e46716e1e7824df7f3d43b119158aeb2ad8a31ea2acdbb49623797048eb13d064f29f69fe60a9ab2260845dfb963b1ed2a2fdacd0da5a295f012ce5b43d49b5676494b6d22f1998922101413a9f3ef5f115564a73dc552088756bf7a6f8a411ddc003e06f51d1e21690899c8ae298fbe5a51f9ab3920e7d15528f26f826a92b48ce2c48a0d79bf0c5605f370c010f70a8108cac26856ebf1a347822ca34199b8b24367d58d0a2d29f0ae826df8d6fba2420f08659a0331d982937b03d74f061291b871ac7bf09bf33228930204c9e5ebc0a8362da3f29146ce5f802054386e14213ad989a590bdfc01c725db4e18faaaf415ddfe12817d4deb78d12288ac6ad2592f3747413cd32f29ded98e01683e42f7d8992f7faf2a0e9fb673a51c6371aa4e50783ef2c1798ff788839e60da3f9c9de4eb33bf60a7f7a708a54ebd73bee624721cc9c17d628db31832019cc69ec68638d6fc30aff1d0a90098286cbb126df4a957445958221d3c32543a8549d3ee7a023a5ffe0fc24e3789622f5bb981d1224166282fca86c06c601dade536a6903f35844be24e2b66759e98efae01367a53928af3cb4ef406e4c4984f6760d8ca96b9f5b000b786a6e1f829a4664eb3beecb6381cf6f0b9105f6d0a9f2ac55694c61f476d77f83832d69bc700f117e91d0a6798e53bcc1d5cf89adf00cab044f3d072ec6a37314051c8904f23c35ea3ff6379182ab4dbff3d85b8d87bcf0ce98bf02ea50f73f271b21281e8bdd7ca9789f79d5a29ebcae2f0ffac2f5f312bc534130d3736e16700140cecddfb673ce8b0aa168e9a46fa47ce4fdda65894b59f4db96eecda00049756d7e2ac28f6835d732d9d1ace7e7ea7f5a4d42229810b7dcfe82693721214a19444c336d2ebc240130870a2205a98c1e8468d691b830da6ac010d1e63cdc26086e32acb5172808d2cd98a92a73d8bd75d8689b232e38", "fb839c8c91d478b6da44f07d9b88eb4cad4b0eadd1ee8ffaf7bc0c7cde5fd0e10e651614deed21e3941cc9d09bd89e3778aa954e736f48e48ca0c9711e8127a25d52a014c17bdb0a48ac782426468f73738486964546b30f04b0e480abef0f5fe6beeb23de6b571d100bcbfbad52f7b3461db21001fe5b3dab583fd77cdb658323dbb0e1c7d11b1408fdc73879f3fe67eec86ecc7af5301eb32b81c0451d7ecc68804912bc448333721002ef50f97f86ce0b63e16d323c135b170ad9124d6455bc6cc8a6da87d37ac18893e9d02b5bc10506586438ba4992cd861a7ad2b5eedf7f3b45190f29068f0fbcc268f41f3db2e1dc6dfe13040239f253c582801471355b076c3573f5c705e1eb21eedf5fb54f1170c9320fb3a83bdb1ded441ad9708b70524befa9f5d107901ab1c815fb72f5f771e713bc4bf3e8e56efa1d3b05dc9190bc69ba3029d7a2cd1b9ba985852660ca0c8f540301ea2854cca2ef31b2effb12cf84920fb0b5d3929ff6486be7dedac2678d5b2f70704dedb9fe7851169e59a7bcf53293842bc5fa1c6750560dac0bfcb12f6ca39ca0a5c2f809723cc8310695b56ce2e08011ba22a567b7ab8513b65eeb2b97d1af1cdec1f9cdf3bde8b881711f02a20988546432e6f486828becde2b5e0a85550a97ce3cb67ba5a5246c8c9579756ed43afa175fac3c8d495dc0904868e0b4bd8c0d046a74460ec2e8fad3a0af7c6e4789728163b5e32eb858474b0607ef531ff3501447048332a6bc5d37b84991eb7c28f8f46f484ca9691c0af7969257f47bc87a39de21d3e1a280bc82c6ddadc439c4b926949b8522260dd3743bbb304177a5013f3df049d47e890122e4679821297cb7c46d444a3d771cff9c46217c56809eaaad8f9e1bd4a83bc8ec3fd97c6c4850540569b6899950ef4e17033d0a68a1dc68b866c38e86d17daf095e9cc5f0e87fa7e8513b1c30b8cc3ba58b1c4cb128948f166a062513a7bae4fa74490e0a0228cc2cea8cf47a46b49bff9f243004a164c600bd71be7162e80e0fbadc3fd256701f9fcb04eff499a48b5b540346ef640558ad43e16c82abc7292810917b9cf840c07f146d649607416fc8de0490eaa1849ccd986e8ef67b1dad03b7cfaecadaf26d129ddbed545d027d633e10aecaa5c5bac57b89c31e5f58fc8a33dbab671d815789f6a08ac700df329d5e34dcc1c83bfeac795a1d063797422f7ca7f0a4363eabe22b5edf293333d91392ae99a7d4d1b793e25b896517e7a870ee9210264c52a63bc7406730d01a30bf5d27ed38b73c38397464d4c49f2d81dfd36df73b92787e35d3016d130bf8de7a16edf0c9f1d2a8fbb5f42a4ee3a8c84e7410ae5b62dd6722b5614f90fb8594a76202a43e7b7375bae6e8044591e50e43bc9556c488cd29c11d24c2157e0ef40bc1e949e36ff716e198d5762cbdcaab2011c0e5276f75bf7a52ab981807bf7d87143c284c4c151f8179e161217fc0c3e0e8e1a79973f5e9ceb48df5108168fbd861c25403d472c1aac918809378c98e12dcb37f8304a0dd1a71b7170d7c1fe844f3139069f32b86c2fe3cae4caffbb3d34cdba2244a3abd62615d88d55e7fe249376bfa0f978653f3e7af9085e5906b925d249915d0ccc627dc2f04f38122df3f0246868ceec68c845d9a2209b08c9df79d0beb26fd7162ccd4fa86fad272a1bc9a04ae6ee094b8bb261cd5eb9d0d1ac3e1ae0f1a46a99716400031a16be2450e6ff1662ffa0c8af6c0d135f8ccc371d481de6eec8ecf78df716f825535e0fc1280c6fef8a0f1859085abaa94932e1752a787d9316316e0681db5052ff9f86f363d5d720ebbff8c2a8078be3fd2ecb9f1d022472b741941090e6d5ca8d61bbf620518e648fe3af6a64073fe57f89077b5b4a194ab74f3128cafb80d19380325e31622a3e3885c4d20fcdd3ac2d4a548f8d56eb089aab4ab9a3062d3b68e1ec492d7ddc644a8e70855d0ef5303f20c829a18e535d5020599f0ced403ed8863f3aaa20bee3fdb8b9141b09f4e644b7dad131aaeaea40e46508225e86123e9e32afb2b79ccb362fc1ddc26f200bd9114a11d648aa9e5ad8c77e31a0546081f7720ad717a56e3ebfd3c7a71c9654989145234a08017b281a048523728020613fc83cefb6e172628c709ec4345342182b7bfd07f780290711f275991f2bfb68c71a92d409850cb040b11955c4703e8d8c146e346ebb9d4ec2321428bd008bac467931cf37461c29eead327f112b2ee8de45f7bf85bdc6e1528fb13ca02887d65ec9b399efd8503a38ad5aa6126e5cae3e32436a4fc4a135948d6a0cc94f64181522c5c35febafc9fc935247c9183527651ffac747e77393a91b6bce3c500d56beee4e45c6de90a47c3b062094f687bb71775d05d228ef2dfb9a502f8c7adca8333c1a026ab18a2cf94084fbed435111e9cb677d7ce9d17ee1f5e7f39afc85f3d745ed8895e99406b017f5e93aa8b2b998b097ed10b9027afb12419a976bce66b6853557a270c05790d25a6ec5931b292b0f320d9e69514978b94dee6ca3f0793247459d42de6e3242ada4d7667de5dc3a7348bdc4fb297759c2251958ee96fcb1dd0b6d4ad1bb3e17619e213c1c8d47d363c15fa6261ef9117ca45977368e8ce89f6df42f6547d609bb880bf75961bac7d3f43c0772fe81983f3f25f6655dec353196193170a0513e67357188ad4c82e3b43fd7f7c2a2f15e0d24391d8395a6e36b404c55ac775743037f62fe11cf965e3a39986f0195dfe594f5f1a1769a07fddfa8cf30105164e2ddaa1e0338a816fcb2c970fd635c2567a2e39b1918ac330e22e8d559d1246fff7752f6f8cb3bb6bc00f76bdbe349c4605f24e329698148e8d35ac89bf4a6bb241f2d5b8f8da0763197b6e0429cb1a4bca8f4a8e4e7d1a95bdac1f9aa69af810b567bbd0e788d11b3442d8e37d12946f9c0ef453bc70fdd4e454a60633329e95b116931bfad772831e517136ec609c542ac8510a15c7dbd10104378412888ab69b030d8acc94ea9f8d5976574487c59c87f44a737e2c238d55ab7fdc114333f42b194f3a634f2ea00a36604d4decf6293428ff2821459930c2573772e03fc81ae808c45644c6c73ecdb2ac60a1c8dd9e6f4302f9b85f82e6011c41970cf4bce8d304b18600e24d83a3139f883d145f5f25cda636d6740bd39c286195cad3d48c8c9fabcb35e401142f8ea20cccd74cd7b5b358f570611fa950a56be4a7c97b60f767fb9e9b12502b045d93ce17b12a255843eb9d65c25e3a24b9a21a1ccb9bae54194e1ec35f9bb74c3483ee38bd89176f35a06a9947c546790dcb367dbe7e95effaa19fdfe70989de6325b1965ae24fb9cbc009d7e143dbd674cc9842f1d9aa79d0b5ab3cc85a8bc521de1e192620164b79ead8cad3280f13e62ea33e28acef76d46ab151dcf0cac2e087cf8ea8b8cf177daedd23d31b4b70c00b0d6801ce6d42173cc0f0f6c2cf6cd75299d4cfd1e0e42e9f37be2c955035adf4a3b41e287856f0027890d40bff2645ddb9c6f50e3fdbc66418dcdea5a09d05a7b693432745d27de6310b9fa2461799a7dec0f9e8b55ed03084058f5238c93453fdd3424b7d0face33a1269c7024cea2b5cfd04c7d5b0578113073b912d25905194d42e0057fff9241e27e7322a66bbc9794fdf2116dd8dcbdfa9868f7ee6d98921017ebc808d9fa42c1d54b28555f0ca896b1a0583873e2d3738f37696bf8aece5fc020c23428f83b8e4df445c564578f5645d3da439c45e0328575e1737e4bc84b91137d67d064ad2609bef5d51eccaacb6d39748fd6b2827214fb1d51e68e6bb012c3d6ae6aa98a9b49656399ce1f7f76d0555f83694225288cbc8c3d4a45b64225e866ce3f2b86ccca9cc22aaab04392a79bbb06da06381a5b36160aaa521eefcfaea39582b00c7680a7eb0d7fe53f4a28a6c5c6ed1a50776a4cf659e4f0c871d8914d1bd2226754bccce1fea7594f5c5b1e0bbc112a59c999450c91f8e813851baed9ada61dd82f555bf3541c4198fa9338d2525a530fa9333bbce52c851934c246baeb5895800c4ab9bbf0d89e656f84e567234e694148e3cfd032ac1d47153e77afdea83dcc84a891e7af452580497272765672d2de97a421a6916f95f95c0000c91bd88e32263c40faa4cbbd3f4424329a70b1d70e31925e1696a1c23486b356887429e0b070f2ad88f38441a7d16e47cf735a6b46f8af8712dae687a3ae947afcfc8ec3f5f1ae2578de5b2c2758b4275d1e5ceca823ff4b8e009d94f4361d6693284d852b55d957d23413275b096b5ca01b60708239a8355ef71e20cbcf670f7af74aa9195fe38743c3cf0e9e057ee69f9ff5d5ae5a2e01d04ccde184814ee2a37acc48a3570a494760efd48482d5ffac9613e79b9609bf55d3be87bacd2d17960a20bd63b9a367ad368f9a6118d34d9ca7ee60d5d9016e364f36086ba9944cb651e1820a67e553f4aee561dd2761abc2a546c97e403dbb7440b45e72c32977f265e8b4c54d1ac6c8124df72af74e216e91f88678da9f242f584d6dcd473ffc3b746af4a8e38ccaa375a34a68e6271b9f0c56fd644fb85c197192429167f2307be86b95e984fcf54c772265edf9726ebe99327ef68b679f98e72a2377c86c319f2d830a02a1e2e5109ccd4860616f91f669eadff73040e6a9b8c28ee76dcd31fb0ac4eb1bdb9f1bdf2d068da7ac14b692e4496fc1960c6fc49e098540b3fde5a4cebb8c9268f6e03c7b0d11843c2cf9e97d80f452fe9d2043f1c30eb4542179852f46105e2c4df4bcd5b8edd1d363f2de73147134ce0699b18227481c49aa10697eda55b582a5e36cdda88564c6b7aff8c78c4b5b93bcf1f5fd8708e6e8c64b5968c32ee8c39c311f80924d59060c0bda4cb8f86e0888d7bbe497672bfd3df90cc7277882c3844b24f7f6b2cd522c972f89ddbc4d8cb36d0d5f82fa6f975dc6ea473a23721cd1900b6ea7229c03ea7886eecb3a2d9db69386bc0d2bb1fdfa3b7a971764a522cc624464a45977abfb06a24104813ba500098bb25ef1cf13c7f816105a9b40e9edc9ea3dfa6a5045a59ca545760be3cb62a1e6b5b4ba2c3c1711a311a83f517fcb853e2fba20ddf4eb4b0401bb63a091b474f0da1ff15791a2b0223702ac5a3c566f6467291e081fa0d194f5afd85a06519cebcaf674ad38e2eefa292c3dd118555a5d8080c54d9b3049a05f5478afe39476303acf3d06b3b95b1ab5003fa255dd0462d5c21b8bccd862d16d506ec4f272f204ce184d1a862d9205fb0a1ca20160260e4b8f088fff4adaa0fb280d519421ba9a6b00525c619ed2f9011bd82432e0a80be2b16011d133207c2100b863bfc855e0bfbd19f5c58bdcde6f93908748647ea5d4a33813001f68dd631d903f3456ebba81c27190a7a8367b1d45bd64b86fb37f2f0cc7d7e63f56f46d1dceeaf946074b7c809bd24276218510db5f90d0b0bf29192b92a3ae9ad5bae590aebac90f647c585331e93a367a68870bce159386d511ce127062b733991a0d06f9ec9b23001826e6008bc5519bdc59e0cbb3f91230c9f248ae10c1ff75c33398edc3ed7829e86705d1793b80d5186bdbe6e1a6d3c0f13d4c437933bd92d8abb9633e3f7620f635d4866fbd466d92277dae8b02f73fc7cdabea207e790c052a7c3edab8ab21a83583ab523a1fa4597b40ed9ff7879e9842e075191401879a755c676be124e6a592eba848e82c8c994f5ff97c0ff0e7d6730d162ff1c156299757f199001010633d3bdf2551092c2004eba053c38f8be3a1349fc"})
ioctl$VT_RESIZEX(r6, 0x560a, &(0x7f0000000100)={0xcbb9, 0x0, 0x5, 0xe, 0x93, 0xff})
r7 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x0)
ioctl$I2C_PEC(r7, 0x708, 0x2)

6.211060557s ago: executing program 1 (id=207):
rseq(0x0, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
syz_open_dev$evdev(&(0x7f0000000000), 0xc0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = getpid()
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000001000)=ANY=[@ANYBLOB='trans=virtio,noextend,access=any,cache=fscache,version=9p2000.u'])
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
open(&(0x7f0000000380)='./file0\x00', 0x0, 0x0)
r2 = getpgrp(r1)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd, 0x0, 0x20000000, 0x8020, 0x0, 0x0, {0x2}})
tkill(r2, 0x3c)
r3 = syz_io_uring_setup(0x0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1000}, 0x0, &(0x7f0000000440))
io_uring_enter(r3, 0xa3d, 0x0, 0x0, 0x0, 0x0)
memfd_create(0x0, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x4, 0x0)
r4 = dup3(r0, r0, 0x0)
io_setup(0x1, &(0x7f00000000c0))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='svcrdma_sq_post_err\x00', r4}, 0xffffffffffffff07)
r5 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030023000b63d25a80648c2594f90124fc60100c030000040009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
unshare(0x68060200)

5.6208459s ago: executing program 3 (id=209):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0)
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x0})
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r1, &(0x7f0000000280)={0xa, 0x4e23, 0x4000000, @dev={0xfe, 0x80, '\x00', 0xe}, 0x4}, 0x1c)
setsockopt$sock_int(r1, 0x6, 0x9, 0x0, 0x0)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x70, 0x3, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000800)

5.309463027s ago: executing program 2 (id=210):
socket$nl_rdma(0x10, 0x3, 0x14)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x0, "f3c492eb0165203d36bec7080089b42c000004002231a110000000005900", <r1=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000100)={"9fcaa0504b38d5004b9277c079417ff857dc9b7ac770169aed764b4d2ada8bde", r1, <r2=>0xffffffffffffffff})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)={0x44, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x26, 0x33, @action={{{}, {}, @device_b}, @channel_switch={0x0, 0x4, {{0x3b, 0x3}, @val={0x3e, 0x1}, @void}}}}]}, 0x44}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(0xffffffffffffffff, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000080)={"fe0d1acc7f00001f0000000000000000000000fbffffff00", r2, <r7=>0xffffffffffffffff})
ioctl$SYNC_IOC_FILE_INFO(r7, 0xc0383e04, &(0x7f0000000280)={""/32, 0x0, 0x0, 0x7, 0x0, &(0x7f00000004c0)=[{}, {}, {}, {}, {}, {}, {}]})
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
r9 = syz_io_uring_setup(0x24f5, &(0x7f0000000280)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r10=>0x0, &(0x7f0000000140)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r9, 0xa3d, 0x0, 0x0, 0x0, 0x0)
ioctl$TCSETS(r8, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "00009200000000000000000000000058b200"})
r12 = syz_open_dev$video(&(0x7f0000000040), 0x6, 0x2000)
ioctl$VIDIOC_G_CTRL(r12, 0xc008561b, &(0x7f0000000180)={0x10000, 0x71d6705c})
write(r8, &(0x7f00000001c0)='u', 0x1)
r13 = syz_open_pts(r8, 0x88a40)
dup(r13)

5.101650499s ago: executing program 1 (id=211):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f00000002c0)={'tunl0\x00', {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x5, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x97}, @call]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x0, 0x28, 0xe80, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = timerfd_create(0x0, 0x0)
read(r4, &(0x7f0000000140)=""/196, 0xc4)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10)
timerfd_settime(r4, 0x0, &(0x7f00000000c0)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
ioctl$FS_IOC_SETFLAGS(r7, 0xc0086c43, &(0x7f0000000080))
ioctl$sock_inet_SIOCGIFNETMASK(r7, 0x891b, &(0x7f0000000080)={'pimreg\x00', {0x2, 0x0, @initdev}})
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={0x0, <r8=>0x0}, &(0x7f0000000000)=0xc)
mount$tmpfs(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={[{@uid={'uid', 0x3d, r8}}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r9, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
syz_emit_ethernet(0x4a, &(0x7f0000000840)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}}, 0x0)
ptrace$getregset(0x4204, r0, 0x200, &(0x7f0000000740)={0x0, 0x3f00})

5.020624229s ago: executing program 2 (id=212):
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef42b000000e3bd6efb010511000b0002000d000000ba8000001241", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x0)
r1 = getpid()
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00'}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r1, &(0x7f00000000c0), 0x0, &(0x7f0000008640), 0x0, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301)
ioctl$MEDIA_IOC_G_TOPOLOGY(0xffffffffffffffff, 0xc0487c04, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f0000000640), 0x2, 0x0, &(0x7f00000005c0)=[{}, {}], 0x0, 0x0, &(0x7f00000000c0)})
ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc01c7c02, &(0x7f0000000980)={0x80000000, &(0x7f0000000380), &(0x7f0000000900)=[{{0x80000000, <r4=>0x0}}, {{}, {<r5=>0x80000000}}]})
ioctl$USBDEVFS_CONNECTINFO(r3, 0x80045520, 0x0)
capset(&(0x7f0000000080)={0x20080522, r1}, &(0x7f0000000040)={0xffffffff, 0x10, 0x4df8, 0x0, 0x1})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r6, 0x6, 0x19, &(0x7f0000000040)=0xb7, 0x4)
bind$inet(r6, &(0x7f0000003900)={0x2, 0x4e24, @multicast1}, 0x10)
connect$inet(r6, &(0x7f0000000480)={0x2, 0x4e24, @empty}, 0x10)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'erspan0\x00', 0x0})
sendto$inet(r6, &(0x7f0000000100)="f4188a9876a9431deeb98e3edfaafa03a11300e3aebb41020000000a0034c5d2af03a5f261a35c07d07d371a4402394549d78c3f511bb4793daf4b4e28410e598769487fb27044ece0b4e738bcc7e1ce3aa7a3df2572a082809f406467bc0f0b47872a2ecc399861b90da1ffcfb35a8f5579b72e3cde817a2a78ff205c6fee57f9177bbeeb2f3d121b9c508660c2d90b0dc3f2412b62e7d99a7dfa6960b663bb8e14764efb33f9465c242b84b75a436ef9af2492b19a15bb9108656d828553e1719de91aa29cb5bf187a0162d50e234b6207725486c9e828d756ff9b6d4f5c4960469dd3a48b4e525f0cbf7158f95d603a37c272f874ee3b5c6e56", 0xfffffffffffffdb0, 0x4040004, 0x0, 0xfffffffb)
close(0xffffffffffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000001020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x20008000)
sendmsg$NFT_BATCH(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYRESDEC=r2, @ANYRES64, @ANYBLOB="35628afa087a06db326cb5779540b723ea493b67d4a2709aa2d13ecec35df9364ca68e6acbf5fd3d28b94af00ddcc5d6535669c3ef2ceb3c52ac2de60860f65716dee80cd8e885f1be019211b86d30a91e9229ba51a9785823cef2c10dd72bdd973cc05344acbc9c01824538d8e36a90a2836263df58156350adc7be16e684478e123a8acd222d4dad7c228079bceeb84e37984d958bc6285281e2e457bf350f98eac4f902f47e48f4f41bca432e521c4867b1fddc", @ANYRES32, @ANYRESDEC=r5, @ANYBLOB="6bd09be65900f1d5e05e8ec1af6908657b0c9c2d1451006e0167c4e658bb384414285902f4dc06946c730f39d17990ceffdccafbdb856a9ff403516fdc5f9afdd4423faf6bbed86c9a6514193b0e5194ca6789", @ANYRESDEC=r5, @ANYRESOCT=r7, @ANYRES64=r4, @ANYBLOB="bd89ca684f939142b55ba75b01ef07dfa270ad591e7236b54fcc5a760cffc5de412f1ccdfb6a51a16591529648aab992f92036dcaf7b3692b63f0137ff0dd6313b76366787b487901ecaf2a2e5fcf3db327a2bb0a1cda14f21e461c63e8e059c02ce1937a527481a2ccb1457", @ANYRES8], 0x94}}, 0x20000041)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)

4.660423481s ago: executing program 3 (id=213):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000400), 0x8)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x9, 0x7, 0xfff, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, @void, @value, @void, @value}, 0x50)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@acquire={0x128, 0x16, 0x1, 0x0, 0x0, {{@in6=@empty}, @in6=@loopback, {@in=@multicast2, @in=@multicast2, 0x0, 0x0, 0x3200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee01}, {{@in6=@private1, @in=@multicast2}, {}, {}, 0x0, 0x6e6bbe}, 0x0, 0xfffffffc}}, 0x128}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@acquire={0x128, 0x16, 0x1, 0x0, 0x0, {{@in6=@mcast1}, @in6=@loopback, {@in6=@empty, @in=@empty, 0x0, 0x0, 0x3200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@private1, @in=@multicast2}}}}, 0x128}}, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000280)={'wg2\x00'})
r3 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
r8 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000bbdffc))
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r9, 0x5607, 0x38)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000280)=ANY=[@ANYBLOB="010000000000000073000040"])
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r11}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r12=>0xffffffffffffffff})
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000004c0)={@map=r10, r11, 0x16, 0xc, 0x0, @void, @value=r0}, 0x20)
ioctl$SIOCSIFHWADDR(r12, 0x8914, &(0x7f0000000040)={'wg2\x00', @multicast})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x51, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0xfffffecd, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
getsockopt$inet_tcp_int(r1, 0x6, 0xc, &(0x7f0000000380), &(0x7f00000003c0)=0x4)

4.560873072s ago: executing program 1 (id=214):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0x3, 0x9, 0x0, 0x8, 0xffffff89}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x8, 0x2, 0x0, r0}, {}, {0x46, 0x0, 0x0, 0x76}}], {{}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (fail_nth: 12)

4.122839549s ago: executing program 3 (id=215):
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000000300)=""/102400, 0x19000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/address_bits', 0x0, 0x104)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000019480)={0x8, 0x0, &(0x7f0000019440), &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r1, &(0x7f0000000200), 0x10)
syz_open_dev$usbmon(0x0, 0x0, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400600142603600e1208000b0000000401a8001600a400014009000200036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277c", 0x5f}], 0x1}, 0x0)
syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
madvise(&(0x7f0000d38000/0x3000)=nil, 0x3000, 0xe)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r3, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r3, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
shutdown(r3, 0x1)
recvmmsg(r3, &(0x7f0000003e40)=[{{0x0, 0x3, 0x0, 0x0, &(0x7f00000035c0)=""/241, 0xfffffffffffffc93}}, {{&(0x7f0000000540)=@un=@abs, 0xcbff, &(0x7f0000003780)=[{&(0x7f0000003740)=""/4, 0x7ffff}], 0x15, &(0x7f00000037c0)=""/236, 0xec}}, {{0x0, 0x0, &(0x7f0000003bc0)=[{0x0, 0xe00000000000000}, {&(0x7f0000003a00)=""/190, 0xbe}, {&(0x7f0000003ac0)=""/131, 0x83}, {0x0}], 0x4, &(0x7f0000003c00)=""/65, 0x49}}, {{&(0x7f0000003c80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, 0x0, 0x0, &(0x7f0000003e00)=""/48, 0x30}}], 0x4, 0x40000121, 0x0)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
madvise(&(0x7f0000f7c000/0x3000)=nil, 0x3000, 0x14)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000019380), 0x107000, 0x0)

3.621107633s ago: executing program 1 (id=216):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'lo\x00'})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000884}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}}, 0x0)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000000)='system.posix_acl_default\x00', 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$evdev(0x0, 0x6, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = io_uring_setup(0x6db7, &(0x7f0000000180))
r3 = syz_io_uring_setup(0x353b, &(0x7f0000000100)={0x0, 0x0, 0x2}, &(0x7f0000000180), &(0x7f0000000380))
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r3, 0x13, &(0x7f0000001200), 0x2)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, 0x0, &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000440)='rxrpc_local\x00', r4}, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000440)='rxrpc_local\x00', r5}, 0x10)
r6 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r6, &(0x7f0000000400)=@in6={0x21, 0x0, 0x2, 0x1c, {0x2, 0x106, 0x0, @private1}}, 0x24)
syz_open_dev$vcsu(&(0x7f0000000300), 0x3, 0x410082)
close_range(r2, 0xffffffffffffffff, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0xa, 0x6, 0xcd, 0xe8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000002300)={0x0, 0x0, &(0x7f0000000240), &(0x7f0000002380), 0x806, r7}, 0x38)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000800)={r7, &(0x7f0000000a00), 0x20000000, 0x2}, 0x20)
socket(0x8, 0x3, 0x81)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r7, &(0x7f0000000080), &(0x7f0000000140)=@tcp6}, 0x1c)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000140), 0x0)

2.57999485s ago: executing program 3 (id=217):
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
sendmmsg$inet(r0, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f0000000140))
pselect6(0x40, &(0x7f00000000c0)={0x9}, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x8, 0x8000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=@ipv4_delroute={0x24, 0x18, 0x901, 0x70bd27, 0x0, {0x2, 0x18, 0x0, 0x0, 0xff, 0x0, 0x0, 0x8}, [@RTA_DST={0x8, 0x1, @dev}]}, 0x24}}, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)=ANY=[@ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESDEC=r5])
syz_emit_vhci(&(0x7f0000000540)=@HCI_ACLDATA_PKT={0x2, {0x0, 0x2, 0x3, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_rsp={{0x15, 0x1, 0xa}, {0x9, 0x9, 0x4f1, 0x7, 0x7}}}}, 0x17)
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x7, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x35)
r7 = socket$alg(0x26, 0x5, 0x0)
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x101842, 0x0)
ioctl$PPPIOCNEWUNIT(r8, 0xc004743e, &(0x7f0000000040)=0xffffffff)
ioctl$F2FS_IOC_ABORT_ATOMIC_WRITE(r8, 0x80047441, 0x0)
bind$alg(r7, &(0x7f0000001dc0)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-clmulni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x3, 0x0, 0x1, 0x8000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x200, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)

2.579494668s ago: executing program 0 (id=218):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x68)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000840)=[{&(0x7f0000000180)=""/197, 0xc5}, {&(0x7f0000000280)=""/15, 0xf}, {&(0x7f00000003c0)=""/7, 0x7}, {&(0x7f0000000440)=""/148, 0x94}, {&(0x7f0000000500)=""/139, 0x8b}, {&(0x7f00000005c0)=""/67, 0x43}, {&(0x7f0000000640)=""/11, 0xb}, {&(0x7f0000000680)=""/183, 0xb7}, {&(0x7f0000000740)=""/233, 0xe9}], 0x9, 0x0, 0x1ff)
socket(0x0, 0x2, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd='])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000}, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001439)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f0000000380)={0x0, 0x0})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)={0x14, 0x4, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x200}}, 0x14}}, 0x44005)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r4 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r5 = open(&(0x7f0000000140)='./bus\x00', 0x80200, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @printk={@i}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x37)
write$binfmt_elf64(r4, 0x0, 0xfe3c)
dup2(r5, r4)
finit_module(r1, 0x0, 0x0)
socket$kcm(0x11, 0x200000000000002, 0x300)

2.142501792s ago: executing program 0 (id=219):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="50010000100013070000000000000000ac1414bb000000000000000000000000000000000000000000000000000000004e2200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb0000000000000000000000000000000032000000ac000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017000100000000000000ffffffff000000000000000000000000432b9936111787cce0d7f6d1db00"/277], 0x150}}, 0x0)
ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000000)={0x3, 0x62b, 0x5})
syz_init_net_socket$ax25(0x3, 0x5, 0x0)
creat(&(0x7f0000000200)='./file0\x00', 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r3=>0x0})
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0xffffffffffffffdc, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="5400000010000104000000000000000100000000", @ANYRES32=0x0, @ANYBLOB="fff00000000000002c0012800e00010069703667726574617000000018000280140007002001000000000000000000000000000208000a00", @ANYRES32=r3, @ANYBLOB="7c750413a9e0e42c0149accab99be1f9f46ee94fa45c0dea3f2ef0accf9b56846389af56969b81b6866e7c792563a14abe1bd3f04ef1ab025289f9e0a8ef057244c88c58a5108b2153caf1bade12de5ff624b082a061ad3c0f6ace97d007fc952f8ea23b3a1d8ab66a70a6f56956ef466d98c80c671ff2e32de092469a2c788de943c917dc0cedbc"], 0x54}}, 0x0)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r5 = io_uring_setup(0x3eae, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x393})
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x1000000000000160)
socket$packet(0x11, 0x3, 0x300)
r6 = socket$inet6(0xa, 0x3, 0x8000000003c)
gettid()
connect$inet6(r6, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
writev(r6, 0x0, 0x0)
r7 = socket(0x10, 0x3, 0x0)
write(r7, &(0x7f0000000000)="240000001e00ff3bd90ea7eff078000000000000000000000000000008000f0016040000", 0x24)
pipe2$9p(&(0x7f0000000240), 0x0)

1.657169219s ago: executing program 2 (id=220):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x5, 0x0, 0xf0ffff, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x58}}, 0x0)

1.550024263s ago: executing program 2 (id=221):
creat(0x0, 0x0)
shutdown(0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="180100000000001d9eaac5e91d11e3ec850000006d000040670000000500000095812c6fa667892001f497e91f3fcdc4f6a72fc592cf00d4f6876e96ad2779fbad0be2dd66db5369def84a528d16000000000000000275abbe"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000006180)=""/152, 0x98}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000050000000090a010400000000000000000100000008000a40000000000900020073797a32140000000900010073797a300000000008000340000000100c0009800800014000003c1f080005400000002d"], 0x98}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000207010000f8ffffffb702000008000000b70300000000000085000000061000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r3, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'bridge0\x00'})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
userfaultfd(0x80801)
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
sendto$inet6(r5, 0x0, 0x0, 0x4098884, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
recvmmsg(r5, &(0x7f0000008880), 0x45b, 0x44000102, 0x0)
sendto$inet6(r5, 0x0, 0x0, 0x0, 0x0, 0x0)
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)

1.398846498s ago: executing program 0 (id=222):
socket$nl_route(0x10, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='fd\x00')
r0 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x682e}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
sendmsg$NL80211_CMD_DEL_KEY(0xffffffffffffffff, 0x0, 0x4008800)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f0000000000))
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/timers\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f00000045c0)={0x2020}, 0x2020)
ioctl$VIDIOC_S_FMT(r0, 0xc0d05640, &(0x7f0000000340)={0x9, @pix_mp={0x7, 0x3ff, 0x30314752, 0x2, 0x2, [{0x6, 0x30000000}, {0x80, 0x8}, {0x8, 0x3}, {0x8, 0x1}, {0x3ff, 0x7fff}, {0x5, 0x8}, {0xc9e, 0x1}, {0x8, 0x9}], 0x9, 0x1, 0x0, 0x2, 0x5}})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'veth1_to_bridge\x00'})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = io_uring_setup(0x5091, &(0x7f0000000040)={0x0, 0x2, 0x2})
r5 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r6 = fcntl$dupfd(r5, 0x0, r5)
ioctl$TCFLSH(r6, 0x5608, 0x1)
io_uring_register$IORING_UNREGISTER_FILES(r4, 0x3, 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r7 = creat(&(0x7f0000000600)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r7, &(0x7f0000000040), 0x4)

1.269065273s ago: executing program 2 (id=223):
r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
close(r0)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x181)
fcntl$setlease(r1, 0x400, 0x1)
execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0x541b, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
r4 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$apparmor_exec(r4, &(0x7f0000000080)=ANY=[@ANYBLOB='stack :'], 0xb1)
close_range(r3, 0xffffffffffffffff, 0x0)
r5 = syz_io_uring_setup(0x10f, &(0x7f0000000300)={0x0, 0x4941, 0x0, 0x0, 0x0, 0x0, r3}, &(0x7f0000000240)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x50, 0x4004, @fd, 0x0, 0x0})
io_uring_enter(r5, 0x5951, 0x7a89, 0x0, 0x0, 0x0) (fail_nth: 63)

1.030953429s ago: executing program 3 (id=224):
rseq(0x0, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
syz_open_dev$evdev(&(0x7f0000000000), 0xc0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = getpid()
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000001000)=ANY=[@ANYBLOB='trans=virtio,noextend,access=any,cache=fscache,version=9p2000.u'])
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
open(&(0x7f0000000380)='./file0\x00', 0x0, 0x0)
r2 = getpgrp(r1)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd, 0x0, 0x20000000, 0x8020, 0x0, 0x0, {0x2}})
tkill(r2, 0x3c)
r3 = syz_io_uring_setup(0x0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1000}, 0x0, &(0x7f0000000440))
io_uring_enter(r3, 0xa3d, 0x0, 0x0, 0x0, 0x0)
memfd_create(0x0, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x4, 0x0)
r4 = dup3(r0, r0, 0x0)
io_setup(0x1, &(0x7f00000000c0))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='svcrdma_sq_post_err\x00', r4}, 0xffffffffffffff07)
r5 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030023000b63d25a80648c2594f90124fc60100c030000040009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
unshare(0x68060200)

949.904911ms ago: executing program 2 (id=225):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="50010000100013070000000000000000ac1414bb000000000000000000000000000000000000000000000000000000004e2200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb0000000000000000000000000000000032000000ac000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017000100000000000000ffffffff000000000000000000000000432b9936111787cce0d7f6d1db00"/277], 0x150}}, 0x0)
ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000000)={0x3, 0x62b, 0x5})
syz_init_net_socket$ax25(0x3, 0x5, 0x0)
creat(&(0x7f0000000200)='./file0\x00', 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r3=>0x0})
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0xffffffffffffffdc, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="5400000010000104000000000000000100000000", @ANYRES32=0x0, @ANYBLOB="fff00000000000002c0012800e00010069703667726574617000000018000280140007002001000000000000000000000000000208000a00", @ANYRES32=r3, @ANYBLOB="7c750413a9e0e42c0149accab99be1f9f46ee94fa45c0dea3f2ef0accf9b56846389af56969b81b6866e7c792563a14abe1bd3f04ef1ab025289f9e0a8ef057244c88c58a5108b2153caf1bade12de5ff624b082a061ad3c0f6ace97d007fc952f8ea23b3a1d8ab66a70a6f56956ef466d98c80c671ff2e32de092469a2c788de943c917dc0cedbc"], 0x54}}, 0x0)
bpf$PROG_BIND_MAP(0xa, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x6)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r5 = io_uring_setup(0x3eae, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x393})
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x1000000000000160)
r6 = socket$inet6(0xa, 0x3, 0x8000000003c)
gettid()
connect$inet6(r6, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
sendmsg(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)=[{}], 0x1}, 0x0)
writev(r6, 0x0, 0x0)
r7 = socket(0x10, 0x3, 0x0)
write(r7, &(0x7f0000000000)="240000001e00ff3bd90ea7eff078000000000000000000000000000008000f0016040000", 0x24)
readv(r7, &(0x7f0000000680)=[{&(0x7f0000000100)=""/215, 0xd7}], 0x1)

29.709994ms ago: executing program 1 (id=226):
socket$nl_rdma(0x10, 0x3, 0x14)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x0, "f3c492eb0165203d36bec7080089b42c000004002231a110000000005900", <r1=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000100)={"9fcaa0504b38d5004b9277c079417ff857dc9b7ac770169aed764b4d2ada8bde", r1, <r2=>0xffffffffffffffff})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)={0x44, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x26, 0x33, @action={{{}, {}, @device_b}, @channel_switch={0x0, 0x4, {{0x3b, 0x3}, @val={0x3e, 0x1}, @void}}}}]}, 0x44}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(0xffffffffffffffff, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000080)={"fe0d1acc7f00001f0000000000000000000000fbffffff00", r2, <r7=>0xffffffffffffffff})
ioctl$SYNC_IOC_FILE_INFO(r7, 0xc0383e04, &(0x7f0000000280)={""/32, 0x0, 0x0, 0x7, 0x0, &(0x7f00000004c0)=[{}, {}, {}, {}, {}, {}, {}]})
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
r9 = syz_io_uring_setup(0x24f5, &(0x7f0000000280)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r10=>0x0, &(0x7f0000000140)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r9, 0xa3d, 0x0, 0x0, 0x0, 0x0)
ioctl$TCSETS(r8, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "00009200000000000000000000000058b200"})
r12 = syz_open_dev$video(&(0x7f0000000040), 0x6, 0x2000)
ioctl$VIDIOC_G_CTRL(r12, 0xc008561b, &(0x7f0000000180)={0x10000, 0x71d6705c})
write(r8, &(0x7f00000001c0)='u', 0x1)
r13 = syz_open_pts(r8, 0x88a40)
dup(r13)

2.747399ms ago: executing program 3 (id=227):
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r3 = userfaultfd(0x1)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
clock_adjtime(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x9, 0x0, 0x100, 0x1, 0x4, 0x8})
ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f0000000480)={"8d515ad0d4959e52f84c77371936d145c84bd6924b2d4aab3d227d8ac8e59dc4f25f3b73319df60a62f18f50cae3514d464e6a20121017689f1c90d4df627e50f686017425ebd3f906fcc7b307772a0dc0cd86a311f911fd367f28b865f1dbc554aec5e91cbec5ab49160a95498d58d7d7034c0d1de5bbeacd2ab66a0128d8932368e955a212756b67c42dab89795885d71402af44a8b1248fb3e9e7fda04dd2fe8618ebdaee73b5405dd452b4cee4dac8d56e1ab1f102053193d082eae2e7c41aa70a97d25fab38192f3f8cad809d15a9ec01e194301c085eeb9b957fededc9715c8938291066e2ddf61d2b245ca67fa3404394524470f0c26d44f3d0a1193abeaf20beba7d2608ee88c99fef7b1bac18fbb6140f581d140c1763f80016d87c0502dd59ca2f5b098f7923d78d3b5e8335df5c64e07e2b4935749ad00ed900d26bb2605ebfe7e22ca91bc0ae9da1b94d26e0e710f241bcf88e5840a3f5d82a39d927f4ff9dd8671ec8b976313ae4e59090b82040d8afee13705889f03ddb17d4c3d1a2b149d2cf704c5cd3437bc7ad5624a24b860f5268c5416baae33a73519184c9e974ab12aeb868ff553b74ae703f709d6fc0e741f66359555ee442107693765be13553a60a934a36e0d21625aefbd7041bf27401380b8a0a2648827036541fa49f1126413f74aead0c51e492dc449ecb0908dcd1fe0177e757189068150ddbaf5ca785b32581a2bb5dd020f0fd4633862b8bd3affa184da71a823ee2eb65fb7546a99df0847224683a6d26cec014eca68b38cdcab06a7758c482fdc3a541aa6a53f8b001072162bf681ce5caeaf4113db9603e7064ca49b16d87b75ee0479e81b0bca69094b445058f5ad9c71ef285b0ba402de783a54146443e16d8a8d8f0cb2b51ddceb95005ffa953d48f285d232ef2b4c1603a6f8cdd30b3a6f918a4dc25167072e24c6ec2091eb25a6581125f0b6dfa6dbc10e53790b7bb2c4f73c4ee36868c7eaced3f7a63eba8719ae74e96c369ff1a0e90d8be00a0e1fbeeb9d264c15abe04e96d9fcfb8b6b0c1daf50d692253e4bad865cf28989509f13264dacab6b6e3f74f873f5e4c3a0be77442dde349ca0e9988b95715733e48b308b417ee3d1efeeb7fe713478d33c803dcf79452fd56dbdab9f9e25dc0feba5a1397317075deb54933ac8e609583e8dfa4424881eefea63d20f1ca8fa6b239bdfe05a8a432fc74dd6478525312505d03d30bf8425595c015c3a5a1cca8fe9070b24323f5630a846f88f0131e641dd17a755bdeb74c300cd00918efc5a0cfb82dd5619410838cb19ba48ce48a4d8bce5460473e85c43609b22fdbdbc602ac148b849e5a3a530b0ad3d4dbd89faec2f29f11e0047c0e775e3b6dbf5d9803542983896fab203975b2d1ea7edd3592441ba9a944de75af4769106daeaf0b7a9bf023136c7a"})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="540000000206010800000000000000000700000a050004000200000005f1000000000000000005000c00000013000300686173683a6e65742c69666163650000140007800800064000000007050003002500000023a6d3cd6824ff8bbb3a8700fa89056684cba0c5fa07ddbd8393bfcfebeeae5888"], 0x54}, 0x1, 0x0, 0x0, 0x20000004}, 0x4)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000000)={&(0x7f0000218000/0x2000)=nil, &(0x7f000055e000/0x3000)=nil, 0x2000})
r7 = syz_open_dev$vim2m(&(0x7f0000000340), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
ioctl$vim2m_VIDIOC_DQBUF(r7, 0xc044560f, &(0x7f0000000280)=@mmap={0x0, 0x1, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "37bb54f0"}})
close_range(r2, 0xffffffffffffffff, 0x0)
io_setup(0x3ff, &(0x7f0000000500)=<r8=>0x0)
io_submit(r8, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f00000001c0)='m', 0xfffffdfc}])
io_destroy(r8)
fcntl$setstatus(r1, 0x4, 0x42800)
read$FUSE(r0, &(0x7f0000003240)={0x2020}, 0x2020)

0s ago: executing program 1 (id=228):
r0 = socket$kcm(0x10, 0x3, 0x10)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
listxattr(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000000000002100004000000000ff"])
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_BOOT_CPU_ID(r2, 0xae78, &(0x7f0000000140)=0x2)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="020300030e000000000700000000000004000900a0000000e9255bb992464e73a02159d3720df19f7a1dfec30000000003000600000000000200000000000000000000000000000002000100000000fffffffbfd00000000030005000000000002"], 0x70}, 0x1, 0x7}, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0000000000000000000001000000000800090000000000060002000221d0cac8c9f490c2bdbf0ffd08"], 0x34}}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b10000600", 0x33fe0}], 0x1}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:28659' (ED25519) to the list of known hosts.
[   43.413981][ T5332] cgroup: Unknown subsys name 'net'
[   43.701984][ T5332] cgroup: Unknown subsys name 'cpuset'
[   43.715141][ T5332] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   44.800945][ T5332] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   47.649652][ T5349] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   47.653348][ T5354] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   47.655476][ T5351] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   47.659237][ T5351] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   47.661624][ T5351] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   47.664051][ T5351] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   47.666570][ T5351] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   47.667167][ T5357] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   47.669025][ T5351] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   47.672325][ T5357] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   47.673906][ T5351] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   47.676223][ T5357] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   47.680063][ T5360] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   47.682414][ T5357] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   47.685482][ T5360] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   47.685901][ T5357] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   47.685941][ T5361] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   47.686528][ T5361] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   47.688624][ T5360] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   47.694964][ T5357] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   47.698857][ T5360] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   47.702125][ T4779] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   47.703153][ T5354] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   47.711338][ T4779] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   47.902664][ T5345] chnl_net:caif_netlink_parms(): no params data found
[   47.936193][ T5348] chnl_net:caif_netlink_parms(): no params data found
[   47.985734][ T5356] chnl_net:caif_netlink_parms(): no params data found
[   48.149757][ T5345] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.152313][ T5345] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.155076][ T5345] bridge_slave_0: entered allmulticast mode
[   48.158012][ T5345] bridge_slave_0: entered promiscuous mode
[   48.162161][ T5355] chnl_net:caif_netlink_parms(): no params data found
[   48.207926][ T5345] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.211302][ T5345] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.213738][ T5345] bridge_slave_1: entered allmulticast mode
[   48.216228][ T5345] bridge_slave_1: entered promiscuous mode
[   48.230101][ T5348] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.232444][ T5348] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.234492][ T5348] bridge_slave_0: entered allmulticast mode
[   48.236929][ T5348] bridge_slave_0: entered promiscuous mode
[   48.249138][ T5356] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.251135][ T5356] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.253038][ T5356] bridge_slave_0: entered allmulticast mode
[   48.255810][ T5356] bridge_slave_0: entered promiscuous mode
[   48.272749][ T5345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   48.294232][ T5348] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.296903][ T5348] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.299741][ T5348] bridge_slave_1: entered allmulticast mode
[   48.302559][ T5348] bridge_slave_1: entered promiscuous mode
[   48.317876][ T5356] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.320500][ T5356] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.322957][ T5356] bridge_slave_1: entered allmulticast mode
[   48.325633][ T5356] bridge_slave_1: entered promiscuous mode
[   48.329474][ T5345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   48.365795][ T5348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   48.462585][ T5348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   48.469085][ T5356] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   48.474495][ T5345] team0: Port device team_slave_0 added
[   48.478543][ T5356] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   48.516326][ T5345] team0: Port device team_slave_1 added
[   48.557067][ T5355] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.560185][ T5355] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.562716][ T5355] bridge_slave_0: entered allmulticast mode
[   48.565434][ T5355] bridge_slave_0: entered promiscuous mode
[   48.617529][ T5356] team0: Port device team_slave_0 added
[   48.620519][ T5355] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.623006][ T5355] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.625461][ T5355] bridge_slave_1: entered allmulticast mode
[   48.628228][ T5355] bridge_slave_1: entered promiscuous mode
[   48.637830][ T5348] team0: Port device team_slave_0 added
[   48.641438][ T5345] batman_adv: batadv0: Adding interface: batadv_slave_0
[   48.644022][ T5345] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   48.652483][ T5345] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   48.658259][ T5356] team0: Port device team_slave_1 added
[   48.685750][ T5348] team0: Port device team_slave_1 added
[   48.687875][ T5345] batman_adv: batadv0: Adding interface: batadv_slave_1
[   48.689869][ T5345] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   48.696348][ T5345] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   48.724246][ T5355] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   48.746894][ T5356] batman_adv: batadv0: Adding interface: batadv_slave_0
[   48.749293][ T5356] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   48.757661][ T5356] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   48.763491][ T5355] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   48.766829][ T5348] batman_adv: batadv0: Adding interface: batadv_slave_0
[   48.769631][ T5348] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   48.778601][ T5348] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   48.784038][ T5348] batman_adv: batadv0: Adding interface: batadv_slave_1
[   48.786408][ T5348] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   48.795031][ T5348] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   48.799793][ T5356] batman_adv: batadv0: Adding interface: batadv_slave_1
[   48.801922][ T5356] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   48.810187][ T5356] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   48.835412][ T5355] team0: Port device team_slave_0 added
[   48.839960][ T5355] team0: Port device team_slave_1 added
[   48.867759][ T5345] hsr_slave_0: entered promiscuous mode
[   48.870774][ T5345] hsr_slave_1: entered promiscuous mode
[   48.929737][ T5355] batman_adv: batadv0: Adding interface: batadv_slave_0
[   48.931621][ T5355] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   48.938205][ T5355] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   49.000882][ T5355] batman_adv: batadv0: Adding interface: batadv_slave_1
[   49.002961][ T5355] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   49.010353][ T5355] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   49.025725][ T5356] hsr_slave_0: entered promiscuous mode
[   49.028239][ T5356] hsr_slave_1: entered promiscuous mode
[   49.030674][ T5356] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   49.032841][ T5356] Cannot create hsr debugfs directory
[   49.036783][ T5348] hsr_slave_0: entered promiscuous mode
[   49.042301][ T5348] hsr_slave_1: entered promiscuous mode
[   49.044607][ T5348] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   49.047025][ T5348] Cannot create hsr debugfs directory
[   49.097451][ T5355] hsr_slave_0: entered promiscuous mode
[   49.099856][ T5355] hsr_slave_1: entered promiscuous mode
[   49.102198][ T5355] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   49.104783][ T5355] Cannot create hsr debugfs directory
[   49.300484][ T5345] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   49.306181][ T5345] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   49.310765][ T5345] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   49.315357][ T5345] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   49.343916][ T5348] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   49.350303][ T5348] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   49.353558][ T5348] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   49.357136][ T5348] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   49.391911][ T5356] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   49.397539][ T5356] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   49.409973][ T5356] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   49.420932][ T5356] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   49.474079][ T5355] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   49.479011][ T5355] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   49.495087][ T5355] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   49.500972][ T5355] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   49.532588][ T5345] 8021q: adding VLAN 0 to HW filter on device bond0
[   49.564291][ T5345] 8021q: adding VLAN 0 to HW filter on device team0
[   49.569224][ T5348] 8021q: adding VLAN 0 to HW filter on device bond0
[   49.591393][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.594187][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.603790][ T5348] 8021q: adding VLAN 0 to HW filter on device team0
[   49.613987][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.616928][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.633152][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.635235][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.639546][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.642307][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.653740][ T5356] 8021q: adding VLAN 0 to HW filter on device bond0
[   49.715028][ T5348] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   49.719700][ T5348] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   49.735210][ T5356] 8021q: adding VLAN 0 to HW filter on device team0
[   49.745385][ T1098] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.747467][ T1098] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.764439][ T1098] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.767057][ T1098] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.771621][ T5349] Bluetooth: hci3: command tx timeout
[   49.771627][ T4779] Bluetooth: hci0: command tx timeout
[   49.772022][ T4779] Bluetooth: hci2: command tx timeout
[   49.774024][ T5349] Bluetooth: hci1: command tx timeout
[   49.789114][ T5355] 8021q: adding VLAN 0 to HW filter on device bond0
[   49.802933][ T5355] 8021q: adding VLAN 0 to HW filter on device team0
[   49.809339][   T96] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.812259][   T96] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.835199][   T91] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.838403][   T91] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.878423][ T5345] 8021q: adding VLAN 0 to HW filter on device batadv0
[   49.911174][ T5348] 8021q: adding VLAN 0 to HW filter on device batadv0
[   49.946928][ T5345] veth0_vlan: entered promiscuous mode
[   49.966024][ T5348] veth0_vlan: entered promiscuous mode
[   49.969817][ T5345] veth1_vlan: entered promiscuous mode
[   49.975351][ T5356] 8021q: adding VLAN 0 to HW filter on device batadv0
[   49.982848][ T5348] veth1_vlan: entered promiscuous mode
[   50.016296][ T5348] veth0_macvtap: entered promiscuous mode
[   50.023448][ T5345] veth0_macvtap: entered promiscuous mode
[   50.028448][ T5345] veth1_macvtap: entered promiscuous mode
[   50.035947][ T5348] veth1_macvtap: entered promiscuous mode
[   50.049956][ T5345] batman_adv: batadv0: Interface activated: batadv_slave_0
[   50.059501][ T5345] batman_adv: batadv0: Interface activated: batadv_slave_1
[   50.065603][ T5355] 8021q: adding VLAN 0 to HW filter on device batadv0
[   50.072618][ T5345] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   50.075667][ T5345] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   50.078611][ T5345] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   50.081833][ T5345] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   50.090269][ T5356] veth0_vlan: entered promiscuous mode
[   50.102316][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   50.105175][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.108544][ T5348] batman_adv: batadv0: Interface activated: batadv_slave_0
[   50.117200][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   50.121554][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.125745][ T5348] batman_adv: batadv0: Interface activated: batadv_slave_1
[   50.128829][ T5356] veth1_vlan: entered promiscuous mode
[   50.144176][ T5348] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   50.147370][ T5348] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   50.150712][ T5348] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   50.153373][ T5348] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   50.189952][   T96] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.193303][   T96] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.221513][ T5355] veth0_vlan: entered promiscuous mode
[   50.222146][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.225983][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.251318][ T5356] veth0_macvtap: entered promiscuous mode
[   50.254532][ T1098] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.257338][ T1098] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.257477][ T5355] veth1_vlan: entered promiscuous mode
[   50.269481][ T5356] veth1_macvtap: entered promiscuous mode
[   50.288555][ T5345] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   50.291723][ T1098] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.296275][ T1098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.296336][ T5355] veth0_macvtap: entered promiscuous mode
[   50.308142][ T5356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   50.313554][ T5356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.316894][ T5356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   50.321809][ T5356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.326131][ T5356] batman_adv: batadv0: Interface activated: batadv_slave_0
[   50.340019][ T5355] veth1_macvtap: entered promiscuous mode
[   50.348567][ T5356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   50.351823][ T5356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.354961][ T5356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   50.358595][ T5356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.365339][ T5356] batman_adv: batadv0: Interface activated: batadv_slave_1
[   50.378115][ T5356] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   50.382778][ T5356] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   50.385790][ T5356] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   50.389107][ T5356] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   50.403015][ T5355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   50.406756][ T5355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.413163][ T5355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   50.415932][ T5355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.418330][ T5355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   50.419463][ T5415] random: crng reseeded on system resumption
[   50.422811][ T5355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.428384][ T5355] batman_adv: batadv0: Interface activated: batadv_slave_0
[   50.455776][ T5355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   50.459950][ T5355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.463722][ T5355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   50.467290][ T5355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.470915][ T5355] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   50.474523][ T5355] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.480636][ T5355] batman_adv: batadv0: Interface activated: batadv_slave_1
[   50.522112][ T5419] random: crng reseeded on system resumption
[   50.529748][ T5355] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   50.533287][ T5355] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   50.533331][ T5355] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   50.533358][ T5355] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   50.539296][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.539313][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.567172][ T5420] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   50.579516][   T96] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.584038][   T96] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.594934][   T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.597618][   T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.613577][ T1098] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.616029][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   50.616243][ T1098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.656659][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   50.656856][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   50.659996][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   50.660186][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   50.666360][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   50.666549][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   50.692172][ T5425] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2'.
[   50.692184][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   50.694905][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   50.695359][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   50.711428][ T5425] batman_adv: batadv0: Adding interface: ip6gretap1
[   50.743107][ T5425] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   50.743138][ T5425] batman_adv: batadv0: Interface activated: ip6gretap1
[   51.902177][ T5440] netlink: 100 bytes leftover after parsing attributes in process `syz.3.8'.
[   51.946664][ T5440] batman_adv: batadv0: Adding interface: ip6gretap1
[   51.946683][ T5440] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   51.946708][ T5440] batman_adv: batadv0: Interface activated: ip6gretap1
[   51.972567][ T5349] Bluetooth: hci1: command tx timeout
[   51.972596][ T5349] Bluetooth: hci2: command tx timeout
[   51.972613][ T5349] Bluetooth: hci3: command tx timeout
[   51.972636][ T5349] Bluetooth: hci0: command tx timeout
[   52.995631][ T5445] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10'.
[   53.249185][ T5457] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13'.
[   53.368898][   T39] audit: type=1326 audit(1728191800.578:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5444 comm="syz.0.10" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73fe579 code=0x0
[   53.514403][   T39] audit: type=1326 audit(1728191800.728:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5456 comm="syz.2.13" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x0
[   54.009202][ T5357] Bluetooth: hci0: command tx timeout
[   54.009268][ T5349] Bluetooth: hci3: command tx timeout
[   54.011201][ T5349] Bluetooth: hci2: command tx timeout
[   54.013194][ T5357] Bluetooth: hci1: command tx timeout
[   54.269115][ T5467] netlink: 12 bytes leftover after parsing attributes in process `syz.2.15'.
[   54.598874][   T62] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   54.759181][   T62] usb 7-1: Using ep0 maxpacket: 16
[   54.761216][   T62] usb 7-1: config 0 has an invalid descriptor of length 185, skipping remainder of the config
[   54.761242][   T62] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   54.763181][   T62] usb 7-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[   54.763208][   T62] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   54.763226][   T62] usb 7-1: Product: syz
[   54.763239][   T62] usb 7-1: Manufacturer: syz
[   54.763253][   T62] usb 7-1: SerialNumber: syz
[   54.779630][   T62] usb 7-1: config 0 descriptor??
[   54.855453][ T5471] netlink: 4 bytes leftover after parsing attributes in process `syz.3.17'.
[   54.909858][ T4779] Bluetooth: min 6 > max 0
[   55.431144][ T5490] netlink: 100 bytes leftover after parsing attributes in process `syz.3.19'.
[   56.089723][ T4779] Bluetooth: hci1: command tx timeout
[   56.089842][ T5357] Bluetooth: hci2: command tx timeout
[   56.091947][ T5349] Bluetooth: hci0: command tx timeout
[   56.093068][ T5357] Bluetooth: hci3: command tx timeout
[   56.670905][ T5497] netlink: 100 bytes leftover after parsing attributes in process `syz.0.22'.
[   56.711903][ T5497] batman_adv: batadv0: Adding interface: ip6gretap1
[   56.713951][ T5497] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.722332][ T5497] batman_adv: batadv0: Interface activated: ip6gretap1
[   57.466367][   T62] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[   57.493339][   T62] usb 7-1: USB disconnect, device number 2
[   57.906731][ T5511] netlink: 8 bytes leftover after parsing attributes in process `syz.3.26'.
[   58.178787][ T5357] Bluetooth: hci1: command tx timeout
[   58.243313][   T39] audit: type=1326 audit(1728192061.462:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5510 comm="syz.3.26" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x0
[   59.021413][ T5524] capability: warning: `syz.3.29' uses deprecated v2 capabilities in a way that may be insecure
[   61.616671][ T5552] netlink: 4 bytes leftover after parsing attributes in process `syz.1.36'.
[   61.625527][ T5552] netlink: 12 bytes leftover after parsing attributes in process `syz.1.36'.
[   61.916730][ T5557] 9pnet_virtio: no channels available for device syz
[   61.928341][ T5557] overlayfs: overlapping lowerdir path
[   62.092949][ T5559] binder: 5558:5559 ioctl c0306201 20000140 returned -14
[   62.204661][ T5561] netlink: 100 bytes leftover after parsing attributes in process `syz.0.39'.
[   63.197419][ T5572] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   63.226057][ T5576] netlink: 8 bytes leftover after parsing attributes in process `syz.2.42'.
[   63.888463][   T39] audit: type=1326 audit(1728192323.099:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5575 comm="syz.2.42" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x0
[   65.868974][   T30] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   66.017581][ T5592] xt_connbytes: Forcing CT accounting to be enabled
[   66.019856][ T5592] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[   66.022271][   T30] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[   66.024663][   T30] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   66.026877][   T30] usb 6-1: Product: syz
[   66.028007][   T30] usb 6-1: Manufacturer: syz
[   66.029343][   T30] usb 6-1: SerialNumber: syz
[   66.049176][   T30] usb 6-1: config 0 descriptor??
[   66.417306][   T30] usb 6-1: USB disconnect, device number 2
[   66.702956][ T5613] Invalid option length (1031570) for dns_resolver key
[   67.044615][ T5625] netlink: 100 bytes leftover after parsing attributes in process `syz.0.52'.
[   67.395276][ T5630] netlink: 216 bytes leftover after parsing attributes in process `syz.1.55'.
[   67.582828][ T5643] netlink: 'syz.1.56': attribute type 1 has an invalid length.
[   67.586738][ T5643] netlink: 224 bytes leftover after parsing attributes in process `syz.1.56'.
[   67.607957][ T5643] IPv6: addrconf: prefix option has invalid lifetime
[   67.896467][ T5648] random: crng reseeded on system resumption
[   68.849760][ T5662] 9pnet_virtio: no channels available for device syz
[   68.876243][ T5662] overlayfs: overlapping lowerdir path
[   69.055261][ T5662] netlink: 'syz.3.61': attribute type 3 has an invalid length.
[   69.057498][ T5662] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.61'.
[   69.457982][ T5669] netlink: 28 bytes leftover after parsing attributes in process `syz.0.63'.
[   69.463348][ T5669] netlink: 28 bytes leftover after parsing attributes in process `syz.0.63'.
[   69.807319][ T5674] netlink: 100 bytes leftover after parsing attributes in process `syz.0.64'.
[   70.523577][ T5684] random: crng reseeded on system resumption
[   70.741980][ T1377] ieee802154 phy0 wpan0: encryption failed: -22
[   70.744305][ T1377] ieee802154 phy1 wpan1: encryption failed: -22
[   70.973771][ T5689] netlink: 100 bytes leftover after parsing attributes in process `syz.3.70'.
[   71.580670][ T5696] netlink: 100 bytes leftover after parsing attributes in process `syz.1.71'.
[   71.676057][ T5698] netlink: 100 bytes leftover after parsing attributes in process `syz.0.73'.
[   73.284520][ T5714] netlink: 8 bytes leftover after parsing attributes in process `syz.2.76'.
[   73.671796][   T39] audit: type=1326 audit(1728192844.894:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5713 comm="syz.2.76" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x0
[   74.603611][ T5721] netlink: 68 bytes leftover after parsing attributes in process `syz.2.77'.
[   75.113912][ T5721] netlink: 'syz.2.77': attribute type 10 has an invalid length.
[   75.116924][ T5721] bridge0: port 3(team0) entered blocking state
[   75.119504][ T5721] bridge0: port 3(team0) entered disabled state
[   75.122491][ T5721] team0: entered allmulticast mode
[   75.124532][ T5721] team_slave_0: entered allmulticast mode
[   75.126206][ T5721] team_slave_1: entered allmulticast mode
[   75.170500][ T5721] team0: entered promiscuous mode
[   75.172408][ T5721] team_slave_0: entered promiscuous mode
[   75.175424][ T5721] team_slave_1: entered promiscuous mode
[   75.181365][ T5721] bridge0: port 3(team0) entered blocking state
[   75.183699][ T5721] bridge0: port 3(team0) entered forwarding state
[   75.311642][ T5731] netlink: zone id is out of range
[   75.319640][ T5731] netlink: zone id is out of range
[   75.321527][ T5731] netlink: zone id is out of range
[   75.326642][ T5731] netlink: zone id is out of range
[   75.346020][ T5731] netlink: set zone limit has 4 unknown bytes
[   76.375007][ T5750] Bluetooth: MGMT ver 1.23
[   76.497637][ T5751] netlink: 8 bytes leftover after parsing attributes in process `syz.3.82'.
[   77.218985][ T5758] netlink: 24 bytes leftover after parsing attributes in process `syz.1.84'.
[   78.349125][ T5769] netlink: 100 bytes leftover after parsing attributes in process `syz.1.87'.
[   79.854184][ T5778] input: syz0 as /devices/virtual/input/input5
[   80.017941][ T5780] syz.0.90 uses obsolete (PF_INET,SOCK_PACKET)
[   80.533364][ T5788] netlink: 8 bytes leftover after parsing attributes in process `syz.3.92'.
[   80.555057][ T5786] vlan2: entered allmulticast mode
[   80.556524][ T5786] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[   80.579133][ T5786] mac80211_hwsim hwsim7 wlan1: left allmulticast mode
[   80.971481][   T56] cfg80211: failed to load regulatory.db
[   81.322747][   T39] audit: type=1326 audit(1728192852.514:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5787 comm="syz.3.92" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x0
[   82.848775][   T56] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[   83.018776][   T56] usb 6-1: Using ep0 maxpacket: 8
[   83.023793][   T56] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   83.027242][   T56] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   83.035023][   T56] usb 6-1: New USB device found, idVendor=04d8, idProduct=f372, bcdDevice= 0.00
[   83.040475][   T56] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   83.048220][   T56] usb 6-1: config 0 descriptor??
[   83.154431][ T5803] No control pipe specified
[   83.377541][ T5811] evm: overlay not supported
[   83.389240][ T5811] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   83.401792][ T5811] Zero length message leads to an empty skb
[   84.331403][ T5823] netlink: 4 bytes leftover after parsing attributes in process `syz.2.99'.
[   84.336947][ T5823] netlink: 12 bytes leftover after parsing attributes in process `syz.2.99'.
[   85.878295][   T56] usbhid 6-1:0.0: can't add hid device: -71
[   85.880031][   T56] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[   85.908752][   T56] usb 6-1: USB disconnect, device number 3
[   86.932211][ T5843] netlink: 100 bytes leftover after parsing attributes in process `syz.2.104'.
[   86.962508][ T5843] batman_adv: batadv0: Adding interface: ip6gretap1
[   86.962611][ T5843] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.962646][ T5843] batman_adv: batadv0: Interface activated: ip6gretap1
[   87.771617][ T5848] sp0: Synchronizing with TNC
[   88.028345][ T5853] netlink: 24 bytes leftover after parsing attributes in process `syz.1.107'.
[   88.085452][ T5855] =======================================================
[   88.085452][ T5855] WARNING: The mand mount option has been deprecated and
[   88.085452][ T5855]          and is ignored by this kernel. Remove the mand
[   88.085452][ T5855]          option from the mount to silence this warning.
[   88.085452][ T5855] =======================================================
[   88.741866][ T5860] mmap: syz.1.109 (5860) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   88.913625][ T5863] FAULT_INJECTION: forcing a failure.
[   88.913625][ T5863] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   88.918393][ T5863] CPU: 2 UID: 0 PID: 5863 Comm: syz.2.110 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0
[   88.921963][ T5863] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   88.925595][ T5863] Call Trace:
[   88.926730][ T5863]  <TASK>
[   88.927767][ T5863]  dump_stack_lvl+0x16c/0x1f0
[   88.929426][ T5863]  should_fail_ex+0x497/0x5b0
[   88.931005][ T5863]  _copy_from_iter+0x29b/0x13e0
[   88.932657][ T5863]  ? __pfx__copy_from_iter+0x10/0x10
[   88.934456][ T5863]  ? tun_build_skb.constprop.0+0x1b8/0x1120
[   88.936502][ T5863]  ? __pfx_lock_release+0x10/0x10
[   88.938203][ T5863]  ? trace_lock_acquire+0x14a/0x1d0
[   88.939959][ T5863]  copy_page_from_iter+0xa5/0x120
[   88.941609][ T5863]  tun_build_skb.constprop.0+0x294/0x1120
[   88.943520][ T5863]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[   88.945546][ T5863]  ? __pfx___lock_acquire+0x10/0x10
[   88.947298][ T5863]  ? __pfx___lock_acquire+0x10/0x10
[   88.949039][ T5863]  ? __lock_acquire+0xbdd/0x3ce0
[   88.950753][ T5863]  tun_get_user+0x872/0x3d70
[   88.952345][ T5863]  ? find_held_lock+0x2d/0x110
[   88.954036][ T5863]  ? __pfx_tun_get_user+0x10/0x10
[   88.955821][ T5863]  ? find_held_lock+0x2d/0x110
[   88.957462][ T5863]  ? __pfx_lock_release+0x10/0x10
[   88.959219][ T5863]  tun_chr_write_iter+0xdc/0x210
[   88.960895][ T5863]  vfs_write+0x6b5/0x1140
[   88.962267][ T5863]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   88.963994][ T5863]  ? trace_lock_acquire+0x14a/0x1d0
[   88.965720][ T5863]  ? __pfx_vfs_write+0x10/0x10
[   88.967291][ T5863]  ? __fget_files+0x40/0x3f0
[   88.968785][ T5863]  ksys_write+0x12f/0x260
[   88.970199][ T5863]  ? __pfx_ksys_write+0x10/0x10
[   88.971859][ T5863]  __do_fast_syscall_32+0x73/0x120
[   88.973655][ T5863]  do_fast_syscall_32+0x32/0x80
[   88.975378][ T5863]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   88.977546][ T5863] RIP: 0023:0xf742e579
[   88.978891][ T5863] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   88.985241][ T5863] RSP: 002b:00000000f5716530 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[   88.988002][ T5863] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000020000040
[   88.990576][ T5863] RDX: 0000000000000082 RSI: 00000000f741bff4 RDI: 0000000000000000
[   88.993292][ T5863] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   88.996031][ T5863] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   88.998682][ T5863] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   89.001304][ T5863]  </TASK>
[   89.969190][ T5880] netlink: 100 bytes leftover after parsing attributes in process `syz.3.118'.
[   90.334108][ T4779] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   90.343839][ T4779] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   90.347234][ T5885] overlayfs: empty lowerdir
[   90.347396][ T4779] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   90.378884][ T4779] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   90.394074][ T4779] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   90.396864][ T4779] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   90.770660][ T5887] chnl_net:caif_netlink_parms(): no params data found
[   90.817135][ T5887] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.820531][ T5887] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.822565][ T5887] bridge_slave_0: entered allmulticast mode
[   90.825032][ T5887] bridge_slave_0: entered promiscuous mode
[   90.827916][ T5887] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.830203][ T5887] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.832124][ T5887] bridge_slave_1: entered allmulticast mode
[   90.835098][ T5887] bridge_slave_1: entered promiscuous mode
[   90.858285][ T5887] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.863003][ T5887] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.919022][ T5901] netlink: 'syz.1.122': attribute type 3 has an invalid length.
[   90.921144][ T5901] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.122'.
[   90.934742][ T5887] team0: Port device team_slave_0 added
[   90.946639][ T5887] team0: Port device team_slave_1 added
[   91.030551][ T5887] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.032842][ T5887] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.040265][ T5887] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.047294][ T5887] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.051953][ T5887] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.058584][ T5887] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.205749][ T5887] hsr_slave_0: entered promiscuous mode
[   91.211426][ T5887] hsr_slave_1: entered promiscuous mode
[   91.229372][ T5887] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   91.231193][ T5887] Cannot create hsr debugfs directory
[   91.781793][ T5887] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.854199][ T5887] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.977850][ T5887] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.107532][ T5887] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.312004][ T5887] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   92.319578][ T5887] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   92.333243][ T5887] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   92.338001][ T5887] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   92.495984][ T5887] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.521118][ T5887] 8021q: adding VLAN 0 to HW filter on device team0
[   92.547566][   T96] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.549631][   T96] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.560651][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.563190][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.568815][ T5357] Bluetooth: hci4: command tx timeout
[   92.737795][ T5921] Driver unsupported XDP return value 0 on prog  (id 30) dev N/A, expect packet loss!
[   92.859535][ T5887] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.929404][ T5887] veth0_vlan: entered promiscuous mode
[   92.945915][ T5887] veth1_vlan: entered promiscuous mode
[   92.985045][ T5887] veth0_macvtap: entered promiscuous mode
[   92.989811][ T5887] veth1_macvtap: entered promiscuous mode
[   93.010794][ T5887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.029265][ T5887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.036845][ T5887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.049830][ T5887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.056373][ T5887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.062250][ T5887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.072557][ T5887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.080095][ T5887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.088155][ T5887] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.106068][ T5887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.116987][ T5887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.125010][ T5887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.131160][ T5887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.138471][ T5887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.150441][ T5887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.158331][ T5887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.169214][ T5887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.172702][ T5887] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.198505][ T5887] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.207070][ T5887] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.215185][ T5887] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.222561][ T5887] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.307991][   T96] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.312611][   T96] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.371015][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.376756][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.483911][ T5932] IPVS: set_ctl: invalid protocol: 135 255.255.255.255:20004
[   94.044577][ T5944] random: crng reseeded on system resumption
[   94.649156][ T5357] Bluetooth: hci4: command tx timeout
[   94.869820][ T5953] process 'syz.3.134' launched './file2' with NULL argv: empty string added
[   95.206604][ T5960] netlink: 20 bytes leftover after parsing attributes in process `syz.3.136'.
[   95.225113][ T5960] netlink: 4 bytes leftover after parsing attributes in process `syz.3.136'.
[   95.365791][ T5964] netlink: 201392 bytes leftover after parsing attributes in process `syz.1.135'.
[   95.377210][ T5964] netlink: 8 bytes leftover after parsing attributes in process `syz.1.135'.
[   95.726747][ T5968] xt_cluster: node mask cannot exceed total number of nodes
[   96.051653][ T5974] netlink: 16 bytes leftover after parsing attributes in process `syz.1.140'.
[   96.054458][ T5974] random: crng reseeded on system resumption
[   96.215077][ T5976] binder: 5975:5976 ioctl 810c9365 20000980 returned -22
[   96.728779][ T5357] Bluetooth: hci4: command tx timeout
[   97.131602][ T5357] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[   97.135436][ T5357] Bluetooth: hci1: Injecting HCI hardware error event
[   97.141389][ T4779] Bluetooth: hci1: hardware error 0x00
[   97.145766][ T5996] netlink: 'syz.0.146': attribute type 3 has an invalid length.
[   97.149019][ T5996] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.146'.
[   98.260714][ T6003] netlink: 28 bytes leftover after parsing attributes in process `syz.2.149'.
[   98.269831][ T6003] sp0: Synchronizing with TNC
[   98.672072][ T5357] Bluetooth: hci4: Malformed LE Event: 0x1d
[   98.674531][ T5357] Bluetooth: hci4: SCO packet for unknown connection handle 0
[   98.678031][ T6012] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   98.808744][ T5357] Bluetooth: hci4: command tx timeout
[   99.117534][ T6022] netlink: 100 bytes leftover after parsing attributes in process `syz.3.156'.
[   99.278824][ T4779] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  100.913889][ T4779] Bluetooth: Unexpected continuation frame (len 18)
[  100.916498][ T4779] Bluetooth: Unknown BR/EDR signaling command 0x0d
[  100.918284][ T4779] Bluetooth: Wrong link type (-22)
[  100.920261][ T4779] Bluetooth: Unknown BR/EDR signaling command 0x10
[  100.922045][ T4779] Bluetooth: Wrong link type (-22)
[  100.924315][ T4779] Bluetooth: hci3: link tx timeout
[  100.925927][ T4779] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[  101.052586][ T6057] netlink: 4 bytes leftover after parsing attributes in process `syz.3.162'.
[  101.058964][ T6057] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  101.060930][ T6057] batman_adv: batadv0: Removing interface: batadv_slave_0
[  101.117639][ T6057] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  101.120040][ T6057] batman_adv: batadv0: Removing interface: batadv_slave_1
[  101.123252][ T6057] batman_adv: batadv0: Interface deactivated: ip6gretap1
[  101.125089][ T6057] batman_adv: batadv0: Removing interface: ip6gretap1
[  101.220535][ T6063] netlink: 12 bytes leftover after parsing attributes in process `syz.2.167'.
[  101.430381][ T6074] FAULT_INJECTION: forcing a failure.
[  101.430381][ T6074] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  101.434837][ T6074] CPU: 1 UID: 0 PID: 6074 Comm: syz.2.170 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0
[  101.437610][ T6074] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  101.440509][ T6074] Call Trace:
[  101.441389][ T6074]  <TASK>
[  101.442167][ T6074]  dump_stack_lvl+0x16c/0x1f0
[  101.443413][ T6074]  should_fail_ex+0x497/0x5b0
[  101.444655][ T6074]  ? fs_reclaim_acquire+0xae/0x160
[  101.446217][ T6074]  should_fail_alloc_page+0xe7/0x130
[  101.447692][ T6074]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  101.449307][ T6074]  ? tipc_sk_rcv+0xa6d/0x1b60
[  101.450551][ T6074]  __alloc_pages_noprof+0x190/0x25c0
[  101.451947][ T6074]  ? __pfx_tipc_sk_rcv+0x10/0x10
[  101.453246][ T6074]  ? hlock_class+0x4e/0x130
[  101.454529][ T6074]  ? mark_lock+0xb5/0xc60
[  101.455677][ T6074]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  101.457178][ T6074]  ? __pfx_mark_lock+0x10/0x10
[  101.458440][ T6074]  ? hlock_class+0x4e/0x130
[  101.459661][ T6074]  ? mark_lock+0xb5/0xc60
[  101.460810][ T6074]  ? hlock_class+0x4e/0x130
[  101.462017][ T6074]  ? mark_lock+0xb5/0xc60
[  101.463173][ T6074]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  101.464727][ T6074]  ? policy_nodemask+0xea/0x4e0
[  101.466011][ T6074]  alloc_pages_mpol_noprof+0x2c9/0x610
[  101.467447][ T6074]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  101.469020][ T6074]  ? hlock_class+0x4e/0x130
[  101.470218][ T6074]  ? find_held_lock+0x2d/0x110
[  101.471501][ T6074]  folio_alloc_mpol_noprof+0x36/0xd0
[  101.472894][ T6074]  vma_alloc_folio_noprof+0xee/0x1b0
[  101.474283][ T6074]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  101.475836][ T6074]  ? __pfx___lock_acquire+0x10/0x10
[  101.477202][ T6074]  do_wp_page+0x10d1/0x4930
[  101.478400][ T6074]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  101.479926][ T6074]  ? __pfx_do_wp_page+0x10/0x10
[  101.481203][ T6074]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  101.482600][ T6074]  ? lock_acquire+0x2f/0xb0
[  101.483802][ T6074]  ? __handle_mm_fault+0xdcd/0x2a10
[  101.485163][ T6074]  __handle_mm_fault+0x1a93/0x2a10
[  101.486501][ T6074]  ? __pfx_mt_find+0x10/0x10
[  101.487723][ T6074]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  101.489195][ T6074]  ? __pfx___handle_mm_fault+0x10/0x10
[  101.490625][ T6074]  ? find_vma+0xc0/0x140
[  101.491748][ T6074]  ? __pfx_find_vma+0x10/0x10
[  101.492984][ T6074]  handle_mm_fault+0x3fa/0xaa0
[  101.494243][ T6074]  do_user_addr_fault+0x7a3/0x13f0
[  101.495593][ T6074]  exc_page_fault+0x5c/0xc0
[  101.496788][ T6074]  asm_exc_page_fault+0x26/0x30
[  101.498065][ T6074] RIP: 0010:__put_user_nocheck_4+0x7/0x20
[  101.499564][ T6074] Code: d9 0f 01 cb 89 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00
[  101.504735][ T6074] RSP: 0018:ffffc9002e9a7cd0 EFLAGS: 00050293
[  101.506330][ T6074] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000002000441c
[  101.508412][ T6074] RDX: 0000000020004400 RSI: ffffffff88e4911d RDI: 0000000000000005
[  101.510478][ T6074] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
[  101.512539][ T6074] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000800501d0
[  101.514578][ T6074] R13: 0000000020004400 R14: 0000000000000202 R15: 0000000000000203
[  101.516657][ T6074]  ? __sys_sendmmsg+0x2bd/0x450
[  101.517960][ T6074]  __sys_sendmmsg+0x2cc/0x450
[  101.519239][ T6074]  ? __pfx___sys_sendmmsg+0x10/0x10
[  101.520614][ T6074]  ? vfs_write+0x14d/0x1140
[  101.521822][ T6074]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  101.523554][ T6074]  ? fput+0x30/0x390
[  101.524598][ T6074]  ? ksys_write+0x1ad/0x260
[  101.525796][ T6074]  ? __pfx_ksys_write+0x10/0x10
[  101.527079][ T6074]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  101.528573][ T6074]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  101.530368][ T6074]  __do_fast_syscall_32+0x73/0x120
[  101.531723][ T6074]  do_fast_syscall_32+0x32/0x80
[  101.533005][ T6074]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  101.534658][ T6074] RIP: 0023:0xf742e579
[  101.535691][ T6074] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  101.540639][ T6074] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[  101.542794][ T6074] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020004400
[  101.544855][ T6074] RDX: 0000000000000203 RSI: 00000000000101d0 RDI: 0000000000000000
[  101.546906][ T6074] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  101.548918][ T6074] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  101.550953][ T6074] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  101.553022][ T6074]  </TASK>
[  102.655189][ T6089] FAULT_INJECTION: forcing a failure.
[  102.655189][ T6089] name failslab, interval 1, probability 0, space 0, times 0
[  102.682939][ T6089] CPU: 2 UID: 0 PID: 6089 Comm: syz.2.174 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0
[  102.685716][ T6089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  102.688528][ T6089] Call Trace:
[  102.689423][ T6089]  <TASK>
[  102.690210][ T6089]  dump_stack_lvl+0x16c/0x1f0
[  102.691478][ T6089]  should_fail_ex+0x497/0x5b0
[  102.692762][ T6089]  ? fs_reclaim_acquire+0xae/0x160
[  102.694265][ T6089]  should_failslab+0xc2/0x120
[  102.695549][ T6089]  __kmalloc_node_track_caller_noprof+0xcf/0x440
[  102.697249][ T6089]  ? ovl_parse_param+0x4cf/0x1030
[  102.698606][ T6089]  kstrdup+0x3c/0x80
[  102.699696][ T6089]  ovl_parse_param+0x4cf/0x1030
[  102.701003][ T6089]  ? __pfx_ovl_parse_param+0x10/0x10
[  102.702416][ T6089]  ? static_key_count+0x5a/0x70
[  102.703730][ T6089]  ? __pfx_ovl_parse_param+0x10/0x10
[  102.705127][ T6089]  vfs_parse_fs_param+0x208/0x3c0
[  102.706463][ T6089]  vfs_parse_fs_string+0xea/0x150
[  102.707897][ T6089]  ? __pfx_vfs_parse_fs_string+0x10/0x10
[  102.709487][ T6089]  ? ovl_next_opt+0x143/0x1c0
[  102.710743][ T6089]  ? __pfx_ovl_next_opt+0x10/0x10
[  102.712081][ T6089]  vfs_parse_monolithic_sep+0x171/0x1f0
[  102.713543][ T6089]  ? __pfx_vfs_parse_monolithic_sep+0x10/0x10
[  102.715159][ T6089]  ? alloc_fs_context+0x59b/0x9c0
[  102.716496][ T6089]  path_mount+0x69a/0x1f10
[  102.717680][ T6089]  ? kmem_cache_free+0x152/0x4b0
[  102.718951][ T6089]  ? __pfx_path_mount+0x10/0x10
[  102.720260][ T6089]  ? putname+0x12e/0x170
[  102.721386][ T6089]  __ia32_sys_mount+0x292/0x310
[  102.722674][ T6089]  ? __pfx___ia32_sys_mount+0x10/0x10
[  102.724109][ T6089]  __do_fast_syscall_32+0x73/0x120
[  102.725472][ T6089]  do_fast_syscall_32+0x32/0x80
[  102.726767][ T6089]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  102.728455][ T6089] RIP: 0023:0xf742e579
[  102.729544][ T6089] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  102.734587][ T6089] RSP: 002b:00000000f571656c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  102.736778][ T6089] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000140
[  102.738865][ T6089] RDX: 0000000020000180 RSI: 0000000000000000 RDI: 00000000200001c0
[  102.740953][ T6089] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  102.743023][ T6089] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  102.745126][ T6089] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  102.747220][ T6089]  </TASK>
[  102.968833][ T5357] Bluetooth: hci3: command 0x0406 tx timeout
[  103.124357][ T6091] netlink: 100 bytes leftover after parsing attributes in process `syz.2.175'.
[  103.343378][   T39] audit: type=1326 audit(1728193642.563:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6092 comm="syz.2.176" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x0
[  103.631334][ T6099] netlink: set zone limit has 4 unknown bytes
[  104.575259][ T6118] netlink: 'syz.2.183': attribute type 3 has an invalid length.
[  104.578223][ T6118] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.183'.
[  105.772568][ T6131] tipc: Started in network mode
[  105.774355][ T6131] tipc: Node identity 1, cluster identity 4711
[  105.776474][ T6131] tipc: Node number set to 1
[  106.852007][ T6144] netlink: 'syz.1.190': attribute type 9 has an invalid length.
[  106.858853][ T6144] netlink: 126448 bytes leftover after parsing attributes in process `syz.1.190'.
[  109.201646][ T6174] netlink: 4 bytes leftover after parsing attributes in process `syz.3.198'.
[  109.222546][ T6174] netlink: 293 bytes leftover after parsing attributes in process `syz.3.198'.
[  109.223415][ T6172] netlink: 100 bytes leftover after parsing attributes in process `syz.0.196'.
[  109.231154][ T6174] netlink: 293 bytes leftover after parsing attributes in process `syz.3.198'.
[  109.304866][ T6172] batman_adv: batadv0: Adding interface: ip6gretap1
[  109.306671][ T6172] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.329415][ T6172] batman_adv: batadv0: Interface activated: ip6gretap1
[  109.623232][ T6182] Cannot find add_set index 0 as target
[  113.191654][ T6208] sp0: Synchronizing with TNC
[  113.386195][ T6213] futex_wake_op: syz.3.208 tries to shift op by -1; fix this program
[  113.478613][ T6214] program syz.3.208 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  113.494579][ T6208] mkiss: ax0: crc mode is auto.
[  113.494770][ T6209] netlink: 'syz.1.207': attribute type 3 has an invalid length.
[  113.497981][ T6209] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.207'.
[  113.531550][ T6213] FAULT_INJECTION: forcing a failure.
[  113.531550][ T6213] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  113.536024][ T6213] CPU: 1 UID: 0 PID: 6213 Comm: syz.3.208 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0
[  113.539571][ T6213] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  113.543190][ T6213] Call Trace:
[  113.544300][ T6213]  <TASK>
[  113.545287][ T6213]  dump_stack_lvl+0x16c/0x1f0
[  113.546906][ T6213]  should_fail_ex+0x497/0x5b0
[  113.548536][ T6213]  _copy_from_user+0x30/0xf0
[  113.550118][ T6213]  input_event_from_user+0x22d/0x3b0
[  113.551871][ T6213]  ? __pfx_input_event_from_user+0x10/0x10
[  113.553849][ T6213]  ? input_inject_event+0x193/0x370
[  113.555637][ T6213]  evdev_write+0x377/0x750
[  113.557178][ T6213]  ? __pfx_evdev_write+0x10/0x10
[  113.558885][ T6213]  ? bpf_lsm_file_permission+0x9/0x10
[  113.560715][ T6213]  ? security_file_permission+0x71/0x210
[  113.562649][ T6213]  ? __pfx_evdev_write+0x10/0x10
[  113.564342][ T6213]  vfs_write+0x28e/0x1140
[  113.565843][ T6213]  ? __fget_files+0x23a/0x3f0
[  113.567453][ T6213]  ? __pfx_lock_release+0x10/0x10
[  113.569246][ T6213]  ? trace_lock_acquire+0x14a/0x1d0
[  113.570994][ T6213]  ? __pfx_vfs_write+0x10/0x10
[  113.572644][ T6213]  ? lock_acquire+0x2f/0xb0
[  113.574202][ T6213]  ? __fget_files+0x40/0x3f0
[  113.575814][ T6213]  ? __fget_files+0x244/0x3f0
[  113.577392][ T6213]  ksys_write+0x1fa/0x260
[  113.578854][ T6213]  ? __pfx_ksys_write+0x10/0x10
[  113.580510][ T6213]  __do_fast_syscall_32+0x73/0x120
[  113.582396][ T6213]  do_fast_syscall_32+0x32/0x80
[  113.584027][ T6213]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  113.586160][ T6213] RIP: 0023:0xf7f34579
[  113.587547][ T6213] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  113.593966][ T6213] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  113.596830][ T6213] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000020000040
[  113.599555][ T6213] RDX: 00000000000012d8 RSI: 0000000000000000 RDI: 0000000000000000
[  113.602039][ T6213] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  113.604589][ T6213] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  113.606958][ T6213] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  113.609379][ T6213]  </TASK>
[  113.664215][ T6214] netlink: 'syz.3.208': attribute type 1 has an invalid length.
[  114.374600][ T6223] netlink: 2 bytes leftover after parsing attributes in process `syz.2.212'.
[  114.379766][ T6223] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.385308][ T6223] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.390674][ T6223] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.396152][ T6223] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.401380][ T6223] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.406836][ T6223] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.415285][ T6223] batadv_slave_1: entered promiscuous mode
[  114.857829][ T6234] FAULT_INJECTION: forcing a failure.
[  114.857829][ T6234] name failslab, interval 1, probability 0, space 0, times 0
[  114.862555][ T6234] CPU: 2 UID: 0 PID: 6234 Comm: syz.1.214 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0
[  114.865593][ T6234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  114.868440][ T6234] Call Trace:
[  114.869377][ T6234]  <TASK>
[  114.870184][ T6234]  dump_stack_lvl+0x16c/0x1f0
[  114.871578][ T6234]  should_fail_ex+0x497/0x5b0
[  114.872983][ T6234]  ? fs_reclaim_acquire+0xae/0x160
[  114.874526][ T6234]  should_failslab+0xc2/0x120
[  114.876089][ T6234]  __kmalloc_node_noprof+0xd1/0x440
[  114.877654][ T6234]  ? __vmalloc_node_range_noprof+0x3d8/0x15a0
[  114.879606][ T6234]  __vmalloc_node_range_noprof+0x3d8/0x15a0
[  114.881471][ T6234]  ? find_held_lock+0x2d/0x110
[  114.883197][ T6234]  ? __pfx_lock_release+0x10/0x10
[  114.885025][ T6234]  ? bpf_check+0x201/0xc7c0
[  114.886634][ T6234]  ? __lruvec_stat_mod_folio+0xa4/0x370
[  114.888451][ T6234]  ? lock_acquire+0x2f/0xb0
[  114.890011][ T6234]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  114.892205][ T6234]  ? ___kmalloc_large_node+0x166/0x1b0
[  114.893948][ T6234]  ? lockdep_hardirqs_on+0x7c/0x110
[  114.895839][ T6234]  ? bpf_check+0x201/0xc7c0
[  114.897413][ T6234]  vzalloc_noprof+0x6b/0x90
[  114.898929][ T6234]  ? bpf_check+0x201/0xc7c0
[  114.900229][ T6234]  bpf_check+0x201/0xc7c0
[  114.901368][ T6234]  ? __pfx_bpf_check+0x10/0x10
[  114.902613][ T6234]  ? find_held_lock+0x2d/0x110
[  114.903891][ T6234]  ? ktime_get_with_offset+0x13a/0x240
[  114.905613][ T6234]  ? trace_lock_acquire+0x14a/0x1d0
[  114.907094][ T6234]  ? ktime_get_with_offset+0x13a/0x240
[  114.908499][ T6234]  ? timekeeping_debug_get_ns+0x3e0/0x5b0
[  114.909987][ T6234]  ? lockdep_hardirqs_on+0x7c/0x110
[  114.911363][ T6234]  ? read_tsc+0x9/0x20
[  114.912465][ T6234]  ? timekeeping_debug_get_ns+0x334/0x5b0
[  114.913954][ T6234]  ? bpf_obj_name_cpy+0x156/0x1b0
[  114.915366][ T6234]  bpf_prog_load+0xe3f/0x2670
[  114.916649][ T6234]  ? __pfx_bpf_prog_load+0x10/0x10
[  114.918011][ T6234]  ? find_held_lock+0x2d/0x110
[  114.919318][ T6234]  __sys_bpf+0x4c8c/0x5780
[  114.920478][ T6234]  ? ksys_write+0x21e/0x260
[  114.921659][ T6234]  ? __pfx___sys_bpf+0x10/0x10
[  114.922916][ T6234]  ? vfs_write+0x14d/0x1140
[  114.924167][ T6234]  ? __mutex_unlock_slowpath+0x164/0x650
[  114.926294][ T6234]  ? fput+0x30/0x390
[  114.927692][ T6234]  ? ksys_write+0x1ad/0x260
[  114.929292][ T6234]  ? __pfx_ksys_write+0x10/0x10
[  114.930774][ T6234]  __ia32_sys_bpf+0x76/0xe0
[  114.932002][ T6234]  __do_fast_syscall_32+0x73/0x120
[  114.933364][ T6234]  do_fast_syscall_32+0x32/0x80
[  114.934778][ T6234]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  114.936514][ T6234] RIP: 0023:0xf7f83579
[  114.937633][ T6234] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  114.942971][ T6234] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  114.945658][ T6234] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000840
[  114.948549][ T6234] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000
[  114.951357][ T6234] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  114.954247][ T6234] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  114.956590][ T6234] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  114.958832][ T6234]  </TASK>
[  114.961361][ T6234] syz.1.214: vmalloc error: size 4096, failed to allocated page array size 8, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  114.966007][ T6234] CPU: 3 UID: 0 PID: 6234 Comm: syz.1.214 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0
[  114.968808][ T6234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  114.971627][ T6234] Call Trace:
[  114.972517][ T6234]  <TASK>
[  114.973335][ T6234]  dump_stack_lvl+0x16c/0x1f0
[  114.974638][ T6234]  warn_alloc+0x24d/0x3a0
[  114.975891][ T6234]  ? __pfx_warn_alloc+0x10/0x10
[  114.977234][ T6234]  ? dump_stack_lvl+0x197/0x1f0
[  114.978551][ T6234]  ? dump_stack_lvl+0x1a1/0x1f0
[  114.979906][ T6234]  ? should_fail_ex+0x2de/0x5b0
[  114.981527][ T6234]  ? rcu_is_watching+0x12/0xc0
[  114.983363][ T6234]  ? trace_kmalloc+0x2d/0xe0
[  114.985013][ T6234]  ? __kmalloc_node_noprof+0x22f/0x440
[  114.986930][ T6234]  __vmalloc_node_range_noprof+0x114a/0x15a0
[  114.989065][ T6234]  ? find_held_lock+0x2d/0x110
[  114.990737][ T6234]  ? bpf_check+0x201/0xc7c0
[  114.992345][ T6234]  ? __lruvec_stat_mod_folio+0xa4/0x370
[  114.994274][ T6234]  ? lock_acquire+0x2f/0xb0
[  114.995539][ T6234]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  114.997259][ T6234]  ? ___kmalloc_large_node+0x166/0x1b0
[  114.998682][ T6234]  ? lockdep_hardirqs_on+0x7c/0x110
[  114.999951][ T6234]  ? bpf_check+0x201/0xc7c0
[  115.001214][ T6234]  vzalloc_noprof+0x6b/0x90
[  115.002700][ T6234]  ? bpf_check+0x201/0xc7c0
[  115.004200][ T6234]  bpf_check+0x201/0xc7c0
[  115.005750][ T6234]  ? __pfx_bpf_check+0x10/0x10
[  115.007492][ T6234]  ? find_held_lock+0x2d/0x110
[  115.008876][ T6234]  ? ktime_get_with_offset+0x13a/0x240
[  115.010391][ T6234]  ? trace_lock_acquire+0x14a/0x1d0
[  115.011895][ T6234]  ? ktime_get_with_offset+0x13a/0x240
[  115.013290][ T6234]  ? timekeeping_debug_get_ns+0x3e0/0x5b0
[  115.014755][ T6234]  ? lockdep_hardirqs_on+0x7c/0x110
[  115.016107][ T6234]  ? read_tsc+0x9/0x20
[  115.017152][ T6234]  ? timekeeping_debug_get_ns+0x334/0x5b0
[  115.018710][ T6234]  ? bpf_obj_name_cpy+0x156/0x1b0
[  115.020055][ T6234]  bpf_prog_load+0xe3f/0x2670
[  115.021324][ T6234]  ? __pfx_bpf_prog_load+0x10/0x10
[  115.022618][ T6234]  ? find_held_lock+0x2d/0x110
[  115.023881][ T6234]  __sys_bpf+0x4c8c/0x5780
[  115.025030][ T6234]  ? ksys_write+0x21e/0x260
[  115.026227][ T6234]  ? __pfx___sys_bpf+0x10/0x10
[  115.027473][ T6234]  ? vfs_write+0x14d/0x1140
[  115.028688][ T6234]  ? __mutex_unlock_slowpath+0x164/0x650
[  115.030186][ T6234]  ? fput+0x30/0x390
[  115.031490][ T6234]  ? ksys_write+0x1ad/0x260
[  115.033145][ T6234]  ? __pfx_ksys_write+0x10/0x10
[  115.034523][ T6234]  __ia32_sys_bpf+0x76/0xe0
[  115.035709][ T6234]  __do_fast_syscall_32+0x73/0x120
[  115.037267][ T6234]  do_fast_syscall_32+0x32/0x80
[  115.038547][ T6234]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  115.040197][ T6234] RIP: 0023:0xf7f83579
[  115.041367][ T6234] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  115.047316][ T6234] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  115.050385][ T6234] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000840
[  115.052576][ T6234] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000
[  115.054864][ T6234] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  115.057603][ T6234] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  115.060355][ T6234] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  115.062512][ T6234]  </TASK>
[  115.079780][ T6231] wg2: entered promiscuous mode
[  115.083010][ T6231] wg2: entered allmulticast mode
[  115.089067][ T6234] Mem-Info:
[  115.089996][ T6234] active_anon:3099 inactive_anon:5 isolated_anon:0
[  115.089996][ T6234]  active_file:15821 inactive_file:27365 isolated_file:0
[  115.089996][ T6234]  unevictable:768 dirty:315 writeback:0
[  115.089996][ T6234]  slab_reclaimable:4810 slab_unreclaimable:53844
[  115.089996][ T6234]  mapped:21148 shmem:850 pagetables:708
[  115.089996][ T6234]  sec_pagetables:314 bounce:0
[  115.089996][ T6234]  kernel_misc_reclaimable:0
[  115.089996][ T6234]  free:84111 free_pcp:1143 free_cma:0
[  115.120866][ T6234] Node 0 active_anon:0kB inactive_anon:4kB active_file:0kB inactive_file:52kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:6012kB dirty:52kB writeback:0kB shmem:940kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9696kB pagetables:1364kB sec_pagetables:1204kB all_unreclaimable? no
[  115.151531][ T6234] Node 1 active_anon:12396kB inactive_anon:16kB active_file:63284kB inactive_file:109408kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:78528kB dirty:1208kB writeback:0kB shmem:2464kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:1852kB pagetables:1528kB sec_pagetables:52kB all_unreclaimable? no
[  115.203156][ T6234] Node 0 DMA free:944kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:12kB free_cma:0kB
[  115.238873][ T6234] lowmem_reserve[]: 0 273 0 0 0
[  115.240914][ T6234] Node 0 DMA32 free:21600kB boost:0kB min:13904kB low:17380kB high:20856kB reserved_highatomic:4096KB active_anon:0kB inactive_anon:4kB active_file:0kB inactive_file:52kB unevictable:1536kB writepending:52kB present:1032196kB managed:306280kB mlocked:0kB bounce:0kB free_pcp:800kB local_pcp:492kB free_cma:0kB
[  115.277359][ T6234] lowmem_reserve[]: 0 0 0 0 0
[  115.285016][ T6234] Node 1 DMA32 free:314060kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB active_anon:12360kB inactive_anon:16kB active_file:63284kB inactive_file:109408kB unevictable:1536kB writepending:1256kB present:1048432kB managed:948252kB mlocked:0kB bounce:0kB free_pcp:3920kB local_pcp:756kB free_cma:0kB
[  115.331113][ T6234] lowmem_reserve[]: 0 0 0 0 0
[  115.339067][ T6234] Node 0 DMA: 86*4kB (U) 25*8kB (U) 1*16kB (U) 12*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 944kB
[  115.362601][ T6234] Node 0 DMA32: 209*4kB (UMEH) 44*8kB (UMH) 19*16kB (UEH) 42*32kB (UMEH) 42*64kB (UMEH) 26*128kB (UMEH) 9*256kB (ME) 10*512kB (UM) 1*1024kB (M) 2*2048kB (U) 0*4096kB = 21396kB
[  115.394220][ T6234] Node 1 DMA32: 2*4kB (ME) 214*8kB (UME) 489*16kB (UME) 353*32kB (UME) 277*64kB (UME) 86*128kB (UME) 32*256kB (UM) 27*512kB (UME) 17*1024kB (UME) 6*2048kB (UME) 51*4096kB (UM) = 310184kB
[  115.408817][ T6234] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  115.412193][ T6234] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  115.415476][ T6234] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  115.418238][ T6234] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  115.428016][ T6234] 44826 total pagecache pages
[  115.429969][ T6234] 789 pages in swap cache
[  115.431633][ T6234] Free swap  = 110524kB
[  115.433200][ T6234] Total swap = 124996kB
[  115.434802][ T6234] 524155 pages RAM
[  115.436287][ T6234] 0 pages HighMem/MovableOnly
[  115.438062][ T6234] 206682 pages reserved
[  115.439977][ T6234] 0 pages cma reserved
[  117.002843][ T6250] autofs: Bad value for 'fd'
[  117.018510][ T6252] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  117.088810][   T39] audit: type=1804 audit(1728193912.304:9): pid=6250 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.218" name="/newroot/13/bus/bus" dev="overlay" ino=100 res=1 errno=0
[  117.304109][ T6258] netlink: 100 bytes leftover after parsing attributes in process `syz.0.219'.
[  118.090365][ T1068] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[  118.092461][ T1068] ata1: failed to read log page 10h (errno=-5)
[  118.094021][ T1068] ata1.00: exception Emask 0x1 SAct 0x8000 SErr 0x0 action 0x0
[  118.098486][ T1068] ata1.00: irq_stat 0x40000000
[  118.104287][ T1068] ata1.00: failed command: WRITE FPDMA QUEUED
[  118.105922][ T1068] ata1.00: cmd 61/18:78:aa:07:10/00:00:00:00:00/40 tag 15 ncq dma 12288 out
[  118.105922][ T1068]          res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[  118.118736][ T1068] ata1.00: status: { DRDY }
[  118.125226][ T1068] ata1.00: configured for UDMA/100
[  118.127454][ T1068] ata1: EH complete
[  118.437283][ T6280] netlink: 100 bytes leftover after parsing attributes in process `syz.2.225'.
[  118.567686][ T6278] netlink: 'syz.3.224': attribute type 3 has an invalid length.
[  118.570308][ T6278] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.224'.
[  119.454426][ T6286] ------------[ cut here ]------------
[  119.456472][ T6286] kmem_cache of name '9p-fcall-cache' already exists
[  119.460649][ T6286] WARNING: CPU: 1 PID: 6286 at mm/slab_common.c:107 __kmem_cache_create_args+0xb0/0x3c0
[  119.464027][ T6286] Modules linked in:
[  119.465663][ T6286] CPU: 1 UID: 0 PID: 6286 Comm: syz.1.228 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0
[  119.471165][ T6286] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  119.474946][ T6286] RIP: 0010:__kmem_cache_create_args+0xb0/0x3c0
[  119.477222][ T6286] Code: 98 48 3d 10 bb f1 8d 74 25 48 8b 7b 60 48 89 ee e8 c5 68 34 09 85 c0 75 e0 90 48 c7 c7 e8 1f 58 8d 48 89 ee e8 41 b1 7e ff 90 <0f> 0b 90 90 be 20 00 00 00 48 89 ef e8 4f 6a 34 09 48 85 c0 0f 85
[  119.484240][ T6286] RSP: 0018:ffffc900061cf8f0 EFLAGS: 00010286
[  119.486334][ T6286] RAX: 0000000000000000 RBX: ffff8880225c08c0 RCX: ffffc90003b8b000
[  119.489175][ T6286] RDX: 0000000000040000 RSI: ffffffff814e28c6 RDI: 0000000000000001
[  119.491920][ T6286] RBP: ffffffff8ca1e320 R08: 0000000000000001 R09: 0000000000000000
[  119.494698][ T6286] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
[  119.497446][ T6286] R13: 0000000000020018 R14: ffffc900061cf9e0 R15: 0000000000020018
[  119.500337][ T6286] FS:  0000000000000000(0000) GS:ffff88802b500000(0063) knlGS:00000000f5706b40
[  119.503464][ T6286] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  119.505891][ T6286] CR2: 00000000f73cbad8 CR3: 0000000069df8000 CR4: 0000000000352ef0
[  119.508807][ T6286] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  119.511633][ T6286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  119.514473][ T6286] Call Trace:
[  119.515700][ T6286]  <TASK>
[  119.516765][ T6286]  ? __warn+0xea/0x3d0
[  119.518261][ T6286]  ? __kmem_cache_create_args+0xb0/0x3c0
[  119.520457][ T6286]  ? report_bug+0x3c0/0x580
[  119.522214][ T6286]  ? handle_bug+0x54/0xa0
[  119.523841][ T6286]  ? exc_invalid_op+0x17/0x50
[  119.525590][ T6286]  ? asm_exc_invalid_op+0x1a/0x20
[  119.527442][ T6286]  ? __warn_printk+0x1a6/0x350
[  119.529294][ T6286]  ? __kmem_cache_create_args+0xb0/0x3c0
[  119.531293][ T6286]  p9_client_create+0xe04/0x1150
[  119.533052][ T6286]  ? __pfx_p9_client_create+0x10/0x10
[  119.534983][ T6286]  ? __raw_spin_lock_init+0x3a/0x110
[  119.536910][ T6286]  v9fs_session_init+0x1f8/0x1a80
[  119.538874][ T6286]  ? __pfx_v9fs_session_init+0x10/0x10
[  119.540876][ T6286]  ? kasan_save_track+0x14/0x30
[  119.542679][ T6286]  v9fs_mount+0xc6/0xa50
[  119.544250][ T6286]  ? __pfx_v9fs_mount+0x10/0x10
[  119.546039][ T6286]  ? __pfx_v9fs_mount+0x10/0x10
[  119.547853][ T6286]  legacy_get_tree+0x109/0x220
[  119.549893][ T6286]  vfs_get_tree+0x8f/0x380
[  119.551522][ T6286]  path_mount+0x6e1/0x1f10
[  119.553164][ T6286]  ? kmem_cache_free+0x152/0x4b0
[  119.554964][ T6286]  ? __pfx_path_mount+0x10/0x10
[  119.556750][ T6286]  ? putname+0x12e/0x170
[  119.558297][ T6286]  __ia32_sys_mount+0x292/0x310
[  119.560381][ T6286]  ? __pfx___ia32_sys_mount+0x10/0x10
[  119.562328][ T6286]  __do_fast_syscall_32+0x73/0x120
[  119.564180][ T6286]  do_fast_syscall_32+0x32/0x80
[  119.565945][ T6286]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  119.568212][ T6286] RIP: 0023:0xf7f83579
[  119.569802][ T6286] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  119.577144][ T6286] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  119.580298][ T6286] RAX: ffffffffffffffda RBX: 00000000200001c0 RCX: 0000000020000480
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  119.583150][ T6286] RDX: 00000000200004c0 RSI: 0000000000000000 RDI: 0000000000000000
[  119.586223][ T6286] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  119.589651][ T6286] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  119.592966][ T6286] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  119.595835][ T6286]  </TASK>
[  119.596971][ T6286] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  119.599562][ T6286] CPU: 1 UID: 0 PID: 6286 Comm: syz.1.228 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0
[  119.603265][ T6286] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  119.607668][ T6286] Call Trace:
[  119.609047][ T6286]  <TASK>
[  119.610310][ T6286]  dump_stack_lvl+0x3d/0x1f0
[  119.612240][ T6286]  panic+0x71d/0x800
[  119.613805][ T6286]  ? __pfx_panic+0x10/0x10
[  119.615461][ T6286]  ? show_trace_log_lvl+0x29d/0x3d0
[  119.617341][ T6286]  ? __kmem_cache_create_args+0xb0/0x3c0
[  119.619385][ T6286]  check_panic_on_warn+0xab/0xb0
[  119.621167][ T6286]  __warn+0xf6/0x3d0
[  119.622577][ T6286]  ? __kmem_cache_create_args+0xb0/0x3c0
[  119.624587][ T6286]  report_bug+0x3c0/0x580
[  119.626163][ T6286]  handle_bug+0x54/0xa0
[  119.627773][ T6286]  exc_invalid_op+0x17/0x50
[  119.629639][ T6286]  asm_exc_invalid_op+0x1a/0x20
[  119.631671][ T6286] RIP: 0010:__kmem_cache_create_args+0xb0/0x3c0
[  119.634072][ T6286] Code: 98 48 3d 10 bb f1 8d 74 25 48 8b 7b 60 48 89 ee e8 c5 68 34 09 85 c0 75 e0 90 48 c7 c7 e8 1f 58 8d 48 89 ee e8 41 b1 7e ff 90 <0f> 0b 90 90 be 20 00 00 00 48 89 ef e8 4f 6a 34 09 48 85 c0 0f 85
[  119.640616][ T6286] RSP: 0018:ffffc900061cf8f0 EFLAGS: 00010286
[  119.642814][ T6286] RAX: 0000000000000000 RBX: ffff8880225c08c0 RCX: ffffc90003b8b000
[  119.645858][ T6286] RDX: 0000000000040000 RSI: ffffffff814e28c6 RDI: 0000000000000001
[  119.649468][ T6286] RBP: ffffffff8ca1e320 R08: 0000000000000001 R09: 0000000000000000
[  119.652285][ T6286] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
[  119.654940][ T6286] R13: 0000000000020018 R14: ffffc900061cf9e0 R15: 0000000000020018
[  119.657605][ T6286]  ? __warn_printk+0x1a6/0x350
[  119.659272][ T6286]  p9_client_create+0xe04/0x1150
[  119.660960][ T6286]  ? __pfx_p9_client_create+0x10/0x10
[  119.662875][ T6286]  ? __raw_spin_lock_init+0x3a/0x110
[  119.664807][ T6286]  v9fs_session_init+0x1f8/0x1a80
[  119.666827][ T6286]  ? __pfx_v9fs_session_init+0x10/0x10
[  119.668905][ T6286]  ? kasan_save_track+0x14/0x30
[  119.670614][ T6286]  v9fs_mount+0xc6/0xa50
[  119.672105][ T6286]  ? __pfx_v9fs_mount+0x10/0x10
[  119.673811][ T6286]  ? __pfx_v9fs_mount+0x10/0x10
[  119.675450][ T6286]  legacy_get_tree+0x109/0x220
[  119.677068][ T6286]  vfs_get_tree+0x8f/0x380
[  119.678584][ T6286]  path_mount+0x6e1/0x1f10
[  119.680186][ T6286]  ? kmem_cache_free+0x152/0x4b0
[  119.681930][ T6286]  ? __pfx_path_mount+0x10/0x10
[  119.683611][ T6286]  ? putname+0x12e/0x170
[  119.685193][ T6286]  __ia32_sys_mount+0x292/0x310
[  119.687047][ T6286]  ? __pfx___ia32_sys_mount+0x10/0x10
[  119.688946][ T6286]  __do_fast_syscall_32+0x73/0x120
[  119.690722][ T6286]  do_fast_syscall_32+0x32/0x80
[  119.692413][ T6286]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  119.694549][ T6286] RIP: 0023:0xf7f83579
[  119.695984][ T6286] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  119.702880][ T6286] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  119.705774][ T6286] RAX: ffffffffffffffda RBX: 00000000200001c0 RCX: 0000000020000480
[  119.708449][ T6286] RDX: 00000000200004c0 RSI: 0000000000000000 RDI: 0000000000000000
[  119.711060][ T6286] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  119.713680][ T6286] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  119.716364][ T6286] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  119.719344][ T6286]  </TASK>
[  119.721243][ T6286] Kernel Offset: disabled
[  119.723049][ T6286] Rebooting in 86400 seconds..

VM DIAGNOSIS:
05:17:46  Registers:
info registers vcpu 0

CPU#0
RAX=000000000270e9dd RBX=ffff888024cbc880 RCX=1ffffffff2039189 RDX=0000000000000000
RSI=ffffffff8b4cc8e0 RDI=ffffffff8bb12120 RBP=ffffc9000602fdd8 RSP=ffffc9000602fc40
R8 =0000000000000001 R9 =0000000000000001 R10=ffffffff901cce8f R11=0000000000000001
R12=ffff88802b43fa08 R13=0000000000000000 R14=0000000000000000 R15=ffff88802b43ee80
RIP=ffffffff8b13c45d RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00000000f73ca884 CR3=0000000069df8000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000007000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85034e45 RDI=ffffffff9a63a220 RBP=ffffffff9a63a1e0 RSP=ffffc900061cf258
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000020 R14=ffffffff85034de0 R15=0000000000000000
RIP=ffffffff85034e6f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f73cbad8 CR3=0000000069df8000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000007000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000007 RBX=ffff888029724900 RCX=0000000000000001 RDX=1ffff110052e492a
RSI=0000000000000000 RDI=ffff8880297249c0 RBP=000000000000020f RSP=ffffc90000487b10
R8 =00000000000000d5 R9 =fffffbfff20399d1 R10=ffffffff901cce8f R11=0000000000000001
R12=0000000000000001 R13=000000000000020f R14=ffff8880297249dc R15=0000000000000001
RIP=ffffffff8164a29e RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000057c8c99c CR3=0000000061372000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=dffffc0000000000 RBX=58c45258731f1bcf RCX=ffffffff8169f018 RDX=0000000000000000
RSI=0000000000000008 RDI=000000008c452585 RBP=0000000000000000 RSP=ffffc90000f0f580
R8 =0000000000000000 R9 =fffffbfff2d31588 R10=ffffffff9698ac47 R11=0000000000000002
R12=dffffc0000000000 R13=ffff88801e725388 R14=0000000000000004 R15=ffff88801e724880
RIP=ffffffff8169ed62 RFL=00000807 [-O---PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00000000320f2ff8 CR3=00000000691c4000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000