last executing test programs:

3.220084949s ago: executing program 1 (id=104):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x4ee59ce4, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_CPUID(r5, 0x4008ae8a, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000070000ed0100000000000000"])
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2e00000010008188040f80ec51acbc0413a1810039000000000bf0ffff2101000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x4)
getpid()
socket$kcm(0x11, 0x3, 0x0)
r6 = open(0x0, 0x40, 0x0)
r7 = creat(&(0x7f0000000200)='./bus\x00', 0x84)
write$FUSE_NOTIFY_STORE(r7, &(0x7f0000000240)=ANY=[@ANYBLOB='+\x00\x00\x00', @ANYRES32=r6], 0x2b)
sendfile(0xffffffffffffffff, r6, 0x0, 0x4000000053d2)
r8 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000000)={'syzkaller0\x00', 0x7101})
r9 = socket(0x400000000010, 0x2, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, 0x0, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0xd2b, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r11, {0x9}, {0xc, 0x10}, {0x7, 0xf}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0xe, 0xe}}]}}]}, 0x3c}}, 0x24044094)
r12 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r13 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r12, r13, 0x0, 0x201f00)

2.702455684s ago: executing program 3 (id=107):
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
socket(0x2, 0x1, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2004cb, 0x200000000040, 0xb96b, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0xff], 0x0, 0x200})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f00000002c0)={0xbe, 0x0, 0x1})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2.279525064s ago: executing program 3 (id=109):
pipe2(&(0x7f00000004c0), 0x800)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
dup(r0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000040))
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r3 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0, 0x13f, 0xa}}, 0xfe2f)
ioctl$SNDRV_PCM_IOCTL_RESET(r3, 0x4141, 0x0)

2.178616453s ago: executing program 1 (id=111):
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000200)=0x1, 0x12)

2.120267152s ago: executing program 1 (id=112):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x840000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x2, @in=@local, 0x6, 0x1, 0x3}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4000040}, 0x0)
sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0xa, 0x4e26, 0x0, @mcast2}, 0x1c, 0x0}, 0x10)

2.119863608s ago: executing program 1 (id=113):
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000018c0), &(0x7f0000001900)=0xc)
syz_open_dev$MSR(0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x7, 0x0, 0x34324142, 0x2, 0x9, 0x1, 0xb, 0x8, 0x0, 0x2, 0x0, 0x2}})
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000001940)=ANY=[@ANYBLOB="00080000b8b1e6f894ad15157d0688c4ec396af42776d3a24b19e634a7e5ba035f7e9b75ac0ebd197e0ee56beb324b2247a28b1e52794e6e44b041513ba8e48f686e777bf7d0b7c3ef77303b42f2e70e52051aa6ad16b31d2587ee0d1f0837177bfeb5672126e23c5b602413c6445909a4363342aaa59b14ec931be10d4f", @ANYRES16=0x0, @ANYBLOB="01001fff0000000000000100000014000180060001000200000008000300ac1414aa"], 0x28}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x26004808)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000300)={&(0x7f0000001b40)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200029bd7000fbdbdf250b0300010000000800020005000000b53a7d3cd0d4de05000500ac000000050005000900000055aa8adfc7e29ade1e0815dee83ebe5e96f971c2a88725704b507c653b9d7a0e3241e8cd64d0daf423d86ef5c3be324f437c2a1bc320c2a5bb1f467b7370baa51d7c2f0839115e271d699fcf3ddf5cf2343a881c"], 0x3c}, 0x1, 0x0, 0x0, 0x4081}, 0x8800)
rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0)
clock_settime(0x0, 0x0)
r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x902, 0x0)
ioctl$CDROMEJECT(r0, 0x5309)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')

1.88945244s ago: executing program 1 (id=115):
socket(0x1e, 0x2, 0x0)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x1000000000, 0x7, 0xfa11, 0xffffffff}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0})
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$alg(0x26, 0x5, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000000)={0x5, 0x4, {<r3=>0xffffffffffffffff}, {0xee01}, 0x5})
ptrace$peekuser(0x3, r3, 0xb)
bind$alg(r2, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'stdrng\x00'}, 0x58)
r4 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0xbcb8, 0x0, 0x1, 0x1000}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000300)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x0, r2, 0x0})
io_uring_enter(r4, 0x3516, 0x3e44, 0x8, 0x0, 0x0)

1.853722104s ago: executing program 2 (id=117):
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000d80)={0x1, &(0x7f0000000d40)=[{0x6, 0x6, 0x38, 0x7fffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
socket(0x2, 0x1, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2004cb, 0x200000000040, 0xb96b, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0xff], 0x0, 0x200})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f00000002c0)={0xbe, 0x0, 0x1})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1.711950031s ago: executing program 3 (id=119):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000040)='./bus\x00', 0x34)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(0x0)
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1214c2, 0x10)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000280)={0xffffff7f00000000, 0x0, 0x0, 0x1, 0x2, r1, &(0x7f0000000140)='i', 0x1, 0xfffffffc}])

1.702972614s ago: executing program 0 (id=127):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x4ee59ce4, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_CPUID(r5, 0x4008ae8a, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000070000ed0100000000000000"])
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2e00000010008188040f80ec51acbc0413a1810039000000000bf0ffff2101000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x4)
getpid()
socket$kcm(0x11, 0x3, 0x0)
r6 = open(0x0, 0x40, 0x0)
r7 = creat(&(0x7f0000000200)='./bus\x00', 0x84)
write$FUSE_NOTIFY_STORE(r7, &(0x7f0000000240)=ANY=[@ANYBLOB='+\x00\x00\x00', @ANYRES32=r6], 0x2b)
sendfile(0xffffffffffffffff, r6, 0x0, 0x4000000053d2)
r8 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000000)={'syzkaller0\x00', 0x7101})
r9 = socket(0x400000000010, 0x2, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0xd2b, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r11, {0x9}, {0xc, 0x10}, {0x7, 0xf}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0xe, 0xe}}]}}]}, 0x3c}}, 0x24044094)
r12 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r13 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r12, r13, 0x0, 0x201f00)

1.60841917s ago: executing program 2 (id=120):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, 0x0, 0x0, 0x2003, 0x0, 0x0, 0x0, 0x19}, 0x94)
r0 = syz_io_uring_setup(0x53f, &(0x7f0000000440)={0x0, 0x807734, 0x80, 0x8, 0xfc}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f00000002c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x3e)

1.599534565s ago: executing program 3 (id=121):
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000200)=0x1, 0x12)

1.479698884s ago: executing program 2 (id=122):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x840000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x2, @in=@local, 0x6, 0x1, 0x3}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4000040}, 0x0)
sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0xa, 0x4e26, 0x0, @mcast2}, 0x1c, 0x0}, 0x10)

1.461258842s ago: executing program 3 (id=123):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x6d, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r3=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x3, 0x261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r3}, 0x48)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r1, 0x80047213, &(0x7f0000000000))
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000780)={'netdevsim0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x3f, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x40}}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000005, 0x80010, 0xffffffffffffffff, 0x0)

1.36970075s ago: executing program 2 (id=124):
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000d80)={0x0, 0x0})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
socket(0x2, 0x1, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2004cb, 0x200000000040, 0xb96b, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0xff], 0x0, 0x200})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f00000002c0)={0xbe, 0x0, 0x1})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1.219578215s ago: executing program 2 (id=125):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x4ee59ce4, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_CPUID(r5, 0x4008ae8a, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000070000ed010000000000"])
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2e00000010008188040f80ec51acbc0413a1810039000000000bf0ffff2101000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x4)
getpid()
r6 = open(&(0x7f0000000380)='./bus\x00', 0x40, 0x0)
r7 = creat(&(0x7f0000000200)='./bus\x00', 0x84)
write$FUSE_NOTIFY_STORE(r7, &(0x7f0000000240)=ANY=[@ANYBLOB='+\x00\x00\x00', @ANYRES32=r6], 0x2b)
sendfile(0xffffffffffffffff, r6, 0x0, 0x4000000053d2)
r8 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000000)={'syzkaller0\x00', 0x7101})
r9 = socket(0x400000000010, 0x2, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r11, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x3, 0xc06a2f6, 0x1, 0x7}, 0x6, 0x0, 0xa, 0x4, 0x6, 0x7, 0x18, 0x9, 0x3, 0x8, {0x0, 0x2, 0x9, 0x800, 0x8704, 0x27000000}}}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0xd2b, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r11, {0x9}, {0xc, 0x10}, {0x7, 0xf}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0xe, 0xe}}]}}]}, 0x3c}}, 0x24044094)
r12 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r13 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r12, r13, 0x0, 0x201f00)

848.121543ms ago: executing program 1 (id=126):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000040))
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0, 0x13f, 0xa}}, 0xfe2f)
ioctl$SNDRV_PCM_IOCTL_RESET(r4, 0x4141, 0x0)

659.178451ms ago: executing program 0 (id=128):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
socket$inet_sctp(0x2, 0x1, 0x84)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000080)='./bus\x00', 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x2404c005)
syz_open_dev$sndpcmp(0x0, 0x8, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xc, 0x0, 0x0)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd74)
r4 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0)
ioctl$I2C_SMBUS(r4, 0x720, &(0x7f0000000080)={0xff, 0x0, 0x7, 0x0})
r5 = syz_io_uring_setup(0x16db, &(0x7f0000000400)={0x0, 0xe7aa, 0x1000, 0x8007ffe, 0x40024e}, &(0x7f0000000380)=<r6=>0x0, &(0x7f0000000200))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
io_uring_enter(r5, 0x3d0e, 0x4c1, 0x43, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYRES16=r6])
sendmsg$NL80211_CMD_SET_BEACON(r3, &(0x7f00000005c0)={&(0x7f0000000180), 0xc, &(0x7f0000000580)={&(0x7f0000000c40)=ANY=[], 0xbd0}}, 0x81)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x5220018, &(0x7f0000000680)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}], [{@subj_role={'subj_role', 0x3d, 'upperdir'}}]})
ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x102}})
ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x107, 0x100, 0x100, 0x1, 0x4000}})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x13, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

558.29189ms ago: executing program 3 (id=129):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x4ee59ce4, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_CPUID(r5, 0x4008ae8a, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000070000ed0100000000000000"])
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2e00000010008188040f80ec51acbc0413a1810039000000000bf0ffff2101000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x4)
getpid()
socket$kcm(0x11, 0x3, 0x0)
r6 = open(0x0, 0x40, 0x0)
r7 = creat(&(0x7f0000000200)='./bus\x00', 0x84)
write$FUSE_NOTIFY_STORE(r7, &(0x7f0000000240)=ANY=[@ANYBLOB='+\x00\x00\x00', @ANYRES32=r6], 0x2b)
sendfile(0xffffffffffffffff, r6, 0x0, 0x4000000053d2)
r8 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000000)={'syzkaller0\x00', 0x7101})
r9 = socket(0x400000000010, 0x2, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0xd2b, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r11, {0x9}, {0xc, 0x10}, {0x7, 0xf}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0xe, 0xe}}]}}]}, 0x3c}}, 0x24044094)
r12 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r13 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r12, r13, 0x0, 0x201f00)

310.271461ms ago: executing program 0 (id=130):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2000}, [@call={0x85, 0x0, 0x0, 0x75}]}, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

89.98954ms ago: executing program 0 (id=131):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000500)={0x50, r1, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x1}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x3}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40080}, 0x4000000)

89.592317ms ago: executing program 0 (id=132):
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000200)=0x1, 0x12)

59.341257ms ago: executing program 2 (id=133):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x4ee59ce4, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_CPUID(r5, 0x4008ae8a, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000070000ed0100000000000000"])
sendmsg$kcm(r2, 0x0, 0x4)
getpid()
r6 = open(0x0, 0x40, 0x0)
r7 = creat(&(0x7f0000000200)='./bus\x00', 0x84)
write$FUSE_NOTIFY_STORE(r7, &(0x7f0000000240)=ANY=[@ANYBLOB='+\x00\x00\x00', @ANYRES32=r6], 0x2b)
sendfile(0xffffffffffffffff, r6, 0x0, 0x4000000053d2)
r8 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000000)={'syzkaller0\x00', 0x7101})
r9 = socket(0x400000000010, 0x2, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r11, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x3, 0xc06a2f6, 0x1, 0x7}, 0x6, 0x0, 0xa, 0x4, 0x6, 0x7, 0x18, 0x9, 0x3, 0x8, {0x0, 0x2, 0x9, 0x800, 0x8704, 0x27000000}}}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0xd2b, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r11, {0x9}, {0xc, 0x10}, {0x7, 0xf}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0xe, 0xe}}]}}]}, 0x3c}}, 0x24044094)
r12 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r13 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r12, r13, 0x0, 0x201f00)

0s ago: executing program 0 (id=134):
r0 = fsopen(&(0x7f00000000c0)='hfs\x00', 0x1)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000100)={{0x0, 0xdddd1000, 0x8, 0x0, 0x8, 0x2, 0x0, 0x2, 0x0, 0x6, 0x9, 0x10}, {0xffff1000, 0x0, 0xc, 0x0, 0x0, 0x0, 0x40, 0x0, 0x7, 0x4}, {0x2000, 0x10000, 0x0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0x5000, 0xe, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee0000, 0x3000, 0x9, 0x0, 0xff, 0x4, 0x0, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x10, 0x80}, {0xdddd1000, 0x0, 0xa, 0x6, 0x0, 0x0, 0x2}, {0x8080000, 0xeeee8000, 0x4, 0x0, 0x0, 0x1, 0x10, 0xa, 0x26}, {0x5000}, {0x8080001, 0x3}, 0xddf8ffdb, 0x0, 0x0, 0xf0, 0x8, 0xdd00, 0x0, [0xe, 0x0, 0x1]})
ioctl$KVM_TRANSLATE(r3, 0xc018ae85, &(0x7f00000000c0))
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='0:,:\x00', 0x0)
rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0)
io_setup(0x8, &(0x7f0000004200)=<r4=>0x0)
pipe(&(0x7f0000000080)={<r5=>0xffffffffffffffff})
ioctl$KDGETMODE(r5, 0x4b3b, &(0x7f0000000140))
timer_create(0x0, &(0x7f0000000680)={0x0, 0x39, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100))
r6 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r6, 0x0, 0x0)
r8 = openat$cgroup_pressure(r7, &(0x7f0000000080)='io.pressure\x00', 0x2, 0x0)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
sendfile64(r9, r8, 0x0, 0x8)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
sched_setscheduler(0xffffffffffffffff, 0x3, &(0x7f0000000280)=0xfffffffc)
io_pgetevents(r4, 0x6, 0x0, &(0x7f0000000440), &(0x7f00000004c0)={0x0, 0x3938700}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:7049' (ED25519) to the list of known hosts.
[   41.301876][ T5891] cgroup: Unknown subsys name 'net'
[   41.478895][ T5891] cgroup: Unknown subsys name 'cpuset'
[   41.483990][ T5891] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   42.410008][ T5891] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   46.052423][ T5986] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   46.055421][ T5987] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   46.056047][ T5986] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   46.058603][ T5987] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   46.060647][ T5986] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   46.063155][ T5987] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   46.065371][ T5986] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   46.068542][ T5987] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   46.070173][ T5991] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   46.070673][ T5986] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   46.071164][ T5986] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   46.073496][   T63] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   46.073552][ T5987] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   46.077808][ T5986] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   46.086947][ T5986] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   46.090715][ T5986] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   46.094192][ T5986] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   46.097372][ T5993] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   46.102277][ T5993] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   46.107796][ T5987] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   46.325646][ T5978] chnl_net:caif_netlink_parms(): no params data found
[   46.441079][ T5988] chnl_net:caif_netlink_parms(): no params data found
[   46.449312][ T5982] chnl_net:caif_netlink_parms(): no params data found
[   46.474503][ T5975] chnl_net:caif_netlink_parms(): no params data found
[   46.498685][ T5978] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.501003][ T5978] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.503360][ T5978] bridge_slave_0: entered allmulticast mode
[   46.506452][ T5978] bridge_slave_0: entered promiscuous mode
[   46.538764][ T5978] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.540980][ T5978] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.543167][ T5978] bridge_slave_1: entered allmulticast mode
[   46.545800][ T5978] bridge_slave_1: entered promiscuous mode
[   46.648987][ T5978] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   46.654017][ T5978] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   46.791927][ T5988] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.794300][ T5988] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.796754][ T5988] bridge_slave_0: entered allmulticast mode
[   46.799369][ T5988] bridge_slave_0: entered promiscuous mode
[   46.803690][ T5978] team0: Port device team_slave_0 added
[   46.805845][ T5982] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.808709][ T5982] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.811515][ T5982] bridge_slave_0: entered allmulticast mode
[   46.814972][ T5982] bridge_slave_0: entered promiscuous mode
[   46.832411][ T5988] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.834767][ T5988] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.837638][ T5988] bridge_slave_1: entered allmulticast mode
[   46.840377][ T5988] bridge_slave_1: entered promiscuous mode
[   46.843881][ T5978] team0: Port device team_slave_1 added
[   46.846339][ T5982] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.849314][ T5982] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.852296][ T5982] bridge_slave_1: entered allmulticast mode
[   46.856218][ T5982] bridge_slave_1: entered promiscuous mode
[   46.860834][ T5975] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.863110][ T5975] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.866042][ T5975] bridge_slave_0: entered allmulticast mode
[   46.868833][ T5975] bridge_slave_0: entered promiscuous mode
[   46.916278][ T5975] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.918672][ T5975] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.920928][ T5975] bridge_slave_1: entered allmulticast mode
[   46.923621][ T5975] bridge_slave_1: entered promiscuous mode
[   46.989922][ T5988] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   46.993257][ T5978] batman_adv: batadv0: Adding interface: batadv_slave_0
[   46.995389][ T5978] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.003500][ T5978] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.010288][ T5982] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   47.035639][ T5988] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   47.039411][ T5978] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.041546][ T5978] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.049418][ T5978] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.054477][ T5982] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   47.060409][ T5975] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   47.107392][ T5975] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   47.133561][ T5988] team0: Port device team_slave_0 added
[   47.136989][ T5988] team0: Port device team_slave_1 added
[   47.217889][ T5982] team0: Port device team_slave_0 added
[   47.234927][ T5975] team0: Port device team_slave_0 added
[   47.262756][ T5988] batman_adv: batadv0: Adding interface: batadv_slave_0
[   47.265568][ T5988] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.276439][ T5988] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.282165][ T5982] team0: Port device team_slave_1 added
[   47.285621][ T5975] team0: Port device team_slave_1 added
[   47.311030][ T5988] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.313511][ T5988] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.323350][ T5988] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.371951][ T5978] hsr_slave_0: entered promiscuous mode
[   47.374956][ T5978] hsr_slave_1: entered promiscuous mode
[   47.412045][ T5975] batman_adv: batadv0: Adding interface: batadv_slave_0
[   47.414303][ T5975] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.424157][ T5975] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.429239][ T5975] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.431437][ T5975] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.439535][ T5975] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.447579][ T5982] batman_adv: batadv0: Adding interface: batadv_slave_0
[   47.450041][ T5982] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.463170][ T5982] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.468459][ T5982] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.470817][ T5982] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.479758][ T5982] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.584692][ T5988] hsr_slave_0: entered promiscuous mode
[   47.588477][ T5988] hsr_slave_1: entered promiscuous mode
[   47.590944][ T5988] debugfs: 'hsr0' already exists in 'hsr'
[   47.593008][ T5988] Cannot create hsr debugfs directory
[   47.671557][ T5975] hsr_slave_0: entered promiscuous mode
[   47.674619][ T5975] hsr_slave_1: entered promiscuous mode
[   47.677474][ T5975] debugfs: 'hsr0' already exists in 'hsr'
[   47.679825][ T5975] Cannot create hsr debugfs directory
[   47.690838][ T5982] hsr_slave_0: entered promiscuous mode
[   47.693040][ T5982] hsr_slave_1: entered promiscuous mode
[   47.695048][ T5982] debugfs: 'hsr0' already exists in 'hsr'
[   47.697105][ T5982] Cannot create hsr debugfs directory
[   48.019004][ T5978] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   48.024427][ T5978] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   48.029650][ T5978] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   48.041318][ T5978] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   48.074912][ T5975] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   48.079399][ T5975] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   48.083991][ T5975] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   48.089654][ T5975] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   48.096643][ T5987] Bluetooth: hci1: command tx timeout
[   48.136810][ T5982] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   48.150488][ T5982] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   48.164560][ T5982] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   48.170663][ T5982] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   48.176267][ T5987] Bluetooth: hci3: command tx timeout
[   48.186041][ T5987] Bluetooth: hci0: command tx timeout
[   48.186438][ T5339] Bluetooth: hci2: command tx timeout
[   48.227364][ T5988] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   48.233506][ T5988] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   48.238142][ T5988] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   48.244258][ T5988] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   48.302214][ T5975] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.321846][ T5975] 8021q: adding VLAN 0 to HW filter on device team0
[   48.328678][ T5978] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.341693][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.344072][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.354075][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.356559][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.381288][ T5978] 8021q: adding VLAN 0 to HW filter on device team0
[   48.387461][ T5982] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.403271][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.405465][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.420300][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.422499][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.427994][ T5982] 8021q: adding VLAN 0 to HW filter on device team0
[   48.438177][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.440402][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.457135][   T89] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.459586][   T89] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.477265][ T5988] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.491139][ T5988] 8021q: adding VLAN 0 to HW filter on device team0
[   48.509071][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.511257][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.520588][   T89] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.522804][   T89] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.567692][ T5975] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.596958][ T5978] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.629634][ T5975] veth0_vlan: entered promiscuous mode
[   48.638212][ T5978] veth0_vlan: entered promiscuous mode
[   48.642932][ T5975] veth1_vlan: entered promiscuous mode
[   48.649335][ T5978] veth1_vlan: entered promiscuous mode
[   48.669454][ T5975] veth0_macvtap: entered promiscuous mode
[   48.675022][ T5975] veth1_macvtap: entered promiscuous mode
[   48.693009][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.700057][ T5978] veth0_macvtap: entered promiscuous mode
[   48.706380][ T5978] veth1_macvtap: entered promiscuous mode
[   48.714023][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.722446][ T5982] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.728245][ T1139] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.734533][ T5988] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.738821][ T1139] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.745122][ T1139] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.748250][ T1139] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   48.753634][ T5978] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.771412][ T5978] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.788407][   T89] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.791375][   T89] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.808373][   T89] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.811084][   T89] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   48.831980][ T5982] veth0_vlan: entered promiscuous mode
[   48.837035][ T1140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.838012][ T5988] veth0_vlan: entered promiscuous mode
[   48.839623][ T1140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.856716][ T5982] veth1_vlan: entered promiscuous mode
[   48.859939][ T5988] veth1_vlan: entered promiscuous mode
[   48.879112][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.882010][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.894556][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.898497][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.913010][ T5975] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   48.918950][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   48.920309][ T5988] veth0_macvtap: entered promiscuous mode
[   48.922144][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.926229][ T5982] veth0_macvtap: entered promiscuous mode
[   48.933497][ T5982] veth1_macvtap: entered promiscuous mode
[   48.939326][ T5988] veth1_macvtap: entered promiscuous mode
[   48.957286][ T5988] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.960526][ T5982] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.971862][ T5982] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.979996][ T5988] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.988532][   T61] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.991544][   T61] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   49.003005][   T61] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   49.007612][   T61] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   49.011224][   T61] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   49.021676][   T61] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   49.036737][   T61] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   49.043240][   T61] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   49.204363][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.207912][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.242502][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.244929][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.263724][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.276016][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.283562][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.286576][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.399112][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   49.574865][ T6079] virtio-fs: tag </dev/md0> not found
[   49.911081][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   50.215876][ T5339] Bluetooth: hci1: command tx timeout
[   50.255889][ T5339] Bluetooth: hci2: command tx timeout
[   50.266329][ T5339] Bluetooth: hci0: command tx timeout
[   50.268040][ T5339] Bluetooth: hci3: command tx timeout
[   50.346982][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   50.350942][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   50.354755][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   50.396108][   T40] audit: type=1326 audit(1756893424.315:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6090 comm="syz.2.8" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000
[   50.403295][   T40] audit: type=1326 audit(1756893424.315:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6090 comm="syz.2.8" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000
[   50.410150][   T40] audit: type=1326 audit(1756893424.325:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6090 comm="syz.2.8" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf705e579 code=0x7ffc0000
[   50.423240][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   50.425818][   T40] audit: type=1326 audit(1756893424.325:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6090 comm="syz.2.8" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000
[   50.433361][   T40] audit: type=1326 audit(1756893424.325:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6090 comm="syz.2.8" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000
[   50.441031][   T40] audit: type=1326 audit(1756893424.325:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6090 comm="syz.2.8" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000
[   50.448049][   T40] audit: type=1326 audit(1756893424.325:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6090 comm="syz.2.8" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000
[   50.455955][   T40] audit: type=1326 audit(1756893424.325:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6090 comm="syz.2.8" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf705e579 code=0x7ffc0000
[   50.465205][   T40] audit: type=1326 audit(1756893424.335:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6090 comm="syz.2.8" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000
[   50.474065][   T40] audit: type=1326 audit(1756893424.335:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6090 comm="syz.2.8" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e579 code=0x7ffc0000
[   50.745941][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   50.755900][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[   50.785562][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   50.791528][    T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!!
[   51.156545][ T6102] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   51.171618][ T6102] kvm: pic: level sensitive irq not supported
[   51.172354][ T6102] kvm: pic: non byte read
[   51.180136][ T6102] kvm: pic: level sensitive irq not supported
[   51.181464][ T6102] kvm: pic: non byte read
[   51.197405][ T6102] kvm: pic: level sensitive irq not supported
[   51.198180][ T6102] kvm: pic: non byte read
[   51.208249][ T6102] kvm: pic: level sensitive irq not supported
[   51.210464][ T6102] kvm: pic: non byte read
[   52.255873][ T5987] Bluetooth: hci1: command tx timeout
[   52.310198][ T6129] overlayfs: missing 'workdir'
[   52.338786][ T5987] Bluetooth: hci3: command tx timeout
[   52.338828][ T5339] Bluetooth: hci0: command tx timeout
[   52.341005][ T5987] Bluetooth: hci2: command tx timeout
[   52.555028][ T6131] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   52.577238][ T6131] kvm: pic: level sensitive irq not supported
[   52.577945][ T6131] kvm: pic: non byte read
[   52.583363][ T6131] kvm: pic: level sensitive irq not supported
[   52.583635][ T6131] kvm: pic: non byte read
[   52.694881][ T6135] overlayfs: missing 'workdir'
[   52.886860][ T6140] input: syz0 as /devices/virtual/input/input5
[   54.335856][ T5990] Bluetooth: hci1: command tx timeout
[   54.415869][ T5990] Bluetooth: hci2: command tx timeout
[   54.425894][ T5990] Bluetooth: hci0: command tx timeout
[   54.427722][ T5990] Bluetooth: hci3: command tx timeout
[   54.643169][ T6175] syz.3.28 uses obsolete (PF_INET,SOCK_PACKET)
[   54.799903][ T6179] evm: overlay not supported
[   54.859581][   T24] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   55.016020][   T24] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   55.018776][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   55.021230][   T24] usb 5-1: Product: syz
[   55.022554][   T24] usb 5-1: Manufacturer: syz
[   55.024410][   T24] usb 5-1: SerialNumber: syz
[   55.031978][   T24] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   55.049879][ T6050] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   56.095855][ T6050] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[   56.099807][ T6050] ath9k_htc: Failed to initialize the device
[   56.124036][ T6050] usb 5-1: ath9k_htc: USB layer deinitialized
[   56.347314][ T6050] usb 5-1: USB disconnect, device number 2
[   56.436649][   T40] kauditd_printk_skb: 218 callbacks suppressed
[   56.436659][   T40] audit: type=1326 audit(1756893430.445:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6208 comm="syz.3.37" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x0
[   56.481102][   T40] audit: type=1326 audit(1756893430.485:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6200 comm="syz.2.34" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf705e579 code=0x0
[   56.573822][ T6217] hub 9-0:1.0: USB hub found
[   56.575579][ T6217] hub 9-0:1.0: 1 port detected
[   57.935120][ T6239] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   58.903442][ T6255] input: syz1 as /devices/virtual/input/input6
[   59.098393][ T6260] netlink: 4 bytes leftover after parsing attributes in process `syz.0.51'.
[   61.305845][ T1470] usb 8-1: new full-speed USB device number 2 using dummy_hcd
[   61.540102][ T1470] usb 8-1: config 0 has no interfaces?
[   61.543351][ T1470] usb 8-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[   61.546701][ T1470] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   61.549350][ T1470] usb 8-1: Product: syz
[   61.550674][ T1470] usb 8-1: Manufacturer: syz
[   61.552195][ T1470] usb 8-1: SerialNumber: syz
[   61.555029][ T1470] usb 8-1: config 0 descriptor??
[   61.692141][ T6335] block device autoloading is deprecated and will be removed.
[   62.631087][ T6391] netlink: 'syz.2.68': attribute type 10 has an invalid length.
[   62.639600][ T6391] macvlan0: entered promiscuous mode
[   62.653059][ T6391] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[   63.738075][ T5976] usb 8-1: USB disconnect, device number 2
[   64.396815][ T6428] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   64.542705][ T6439] netlink: 'syz.2.79': attribute type 10 has an invalid length.
[   65.939452][ T6471] input: syz1 as /devices/virtual/input/input7
[   66.209814][ T6483] netlink: 'syz.0.93': attribute type 10 has an invalid length.
[   66.214680][ T6483] macvlan0: entered promiscuous mode
[   66.236056][ T6483] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[   67.386217][ T6506] fuse: Unknown parameter 'user_id00000000000000000000'
[   67.426853][ T6508] input: syz1 as /devices/virtual/input/input8
[   67.736208][ T6522] netlink: 'syz.1.104': attribute type 10 has an invalid length.
[   67.741713][ T6522] macvlan0: entered promiscuous mode
[   67.758868][ T6522] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[   68.252691][ T6534] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   68.278601][ T6534] kvm: pic: level sensitive irq not supported
[   68.280585][ T6534] kvm: pic: non byte read
[   68.289340][ T6534] kvm: pic: level sensitive irq not supported
[   68.289761][ T6534] kvm: pic: non byte read
[   68.298937][ T6534] kvm: pic: level sensitive irq not supported
[   68.305375][ T6534] kvm: pic: non byte read
[   68.312067][ T6534] kvm: pic: level sensitive irq not supported
[   68.313636][ T6534] kvm: pic: non byte read
[   68.325552][ T6534] kvm: pic: level sensitive irq not supported
[   68.331464][ T6534] kvm: pic: non byte read
[   68.341816][ T6534] kvm: pic: level sensitive irq not supported
[   68.342171][ T6534] kvm: pic: non byte read
[   68.358810][ T6534] kvm: pic: level sensitive irq not supported
[   68.359085][ T6534] kvm: pic: non byte read
[   68.370567][ T6534] kvm: pic: level sensitive irq not supported
[   68.370934][ T6534] kvm: pic: non byte read
[   68.662574][ T6545] input: syz1 as /devices/virtual/input/input9
[   68.929008][ T6558] overlayfs: missing 'workdir'
[   69.027542][ T6561] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   69.046685][ T6561] kvm: pic: level sensitive irq not supported
[   69.047191][ T6561] kvm: pic: non byte read
[   69.051860][ T6561] kvm: pic: level sensitive irq not supported
[   69.052141][ T6561] kvm: pic: non byte read
[   69.317812][ T6576] netlink: 'syz.0.127': attribute type 10 has an invalid length.
[   69.468522][ T6585] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   69.846920][ T6594] netlink: 'syz.2.125': attribute type 10 has an invalid length.
[   70.438930][ T6608] netlink: 'syz.3.129': attribute type 10 has an invalid length.
[   70.442525][ T6608] macvlan0: entered promiscuous mode
[   70.465839][ T6608] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[   70.571342][ T6612] Zero length message leads to an empty skb
[   70.901188][ T1418] ieee802154 phy0 wpan0: encryption failed: -22
[   70.904495][ T1418] ieee802154 phy1 wpan1: encryption failed: -22
[   81.138661][   T34] cfg80211: failed to load regulatory.db
[   85.985772][ T1418] ==================================================================
[   85.988273][ T1418] BUG: KASAN: slab-use-after-free in handle_tx+0x5a5/0x630
[   85.990558][ T1418] Read of size 8 at addr ffff88806eba9020 by task aoe_tx0/1418
[   85.994711][ T1418] 
[   85.995517][ T1418] CPU: 2 UID: 0 PID: 1418 Comm: aoe_tx0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.995531][ T1418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.995539][ T1418] Call Trace:
[   85.995543][ T1418]  <TASK>
[   85.995548][ T1418]  dump_stack_lvl+0x116/0x1f0
[   85.995573][ T1418]  print_report+0xcd/0x630
[   85.995587][ T1418]  ? __virt_addr_valid+0x81/0x610
[   85.995602][ T1418]  ? __phys_addr+0xe8/0x180
[   85.995615][ T1418]  ? handle_tx+0x5a5/0x630
[   85.995627][ T1418]  kasan_report+0xe0/0x110
[   85.995642][ T1418]  ? handle_tx+0x5a5/0x630
[   85.995654][ T1418]  handle_tx+0x5a5/0x630
[   85.995667][ T1418]  dev_hard_start_xmit+0x97/0x740
[   85.995693][ T1418]  __dev_queue_xmit+0xa46/0x4490
[   85.995707][ T1418]  ? lockdep_hardirqs_on+0x7c/0x110
[   85.995722][ T1418]  ? finish_task_switch.isra.0+0x221/0xc10
[   85.995734][ T1418]  ? rcu_is_watching+0x12/0xc0
[   85.995746][ T1418]  ? __pfx___dev_queue_xmit+0x10/0x10
[   85.995758][ T1418]  ? __schedule+0x11a3/0x5de0
[   85.995771][ T1418]  ? __lock_acquire+0xb97/0x1ce0
[   85.995788][ T1418]  ? do_raw_spin_lock+0x12c/0x2b0
[   85.995805][ T1418]  ? find_held_lock+0x2b/0x80
[   85.995816][ T1418]  ? skb_dequeue+0x126/0x180
[   85.995826][ T1418]  ? find_held_lock+0x2b/0x80
[   85.995837][ T1418]  ? rcu_is_watching+0x12/0xc0
[   85.995849][ T1418]  tx+0xcc/0x190
[   85.995863][ T1418]  ? __pfx_tx+0x10/0x10
[   85.995876][ T1418]  kthread+0x1e1/0x3e0
[   85.995888][ T1418]  ? find_held_lock+0x2b/0x80
[   85.995899][ T1418]  ? __pfx_kthread+0x10/0x10
[   85.995911][ T1418]  ? __pfx_default_wake_function+0x10/0x10
[   85.995922][ T1418]  ? lockdep_hardirqs_on+0x7c/0x110
[   85.995936][ T1418]  ? __kthread_parkme+0x19e/0x250
[   85.995955][ T1418]  ? __pfx_kthread+0x10/0x10
[   85.995967][ T1418]  kthread+0x3c5/0x780
[   85.995982][ T1418]  ? __pfx_kthread+0x10/0x10
[   85.995998][ T1418]  ? rcu_is_watching+0x12/0xc0
[   85.996009][ T1418]  ? __pfx_kthread+0x10/0x10
[   85.996025][ T1418]  ret_from_fork+0x5d7/0x6f0
[   85.996041][ T1418]  ? __pfx_kthread+0x10/0x10
[   85.996057][ T1418]  ret_from_fork_asm+0x1a/0x30
[   85.996073][ T1418]  </TASK>
[   85.996077][ T1418] 
[   86.061494][ T1418] Allocated by task 6279:
[   86.062863][ T1418]  kasan_save_stack+0x33/0x60
[   86.064384][ T1418]  kasan_save_track+0x14/0x30
[   86.065905][ T1418]  __kasan_kmalloc+0xaa/0xb0
[   86.067382][ T1418]  alloc_tty_struct+0x96/0x8c0
[   86.068911][ T1418]  tty_init_dev.part.0+0x1e/0x500
[   86.070558][ T1418]  tty_open+0xa50/0xf90
[   86.071885][ T1418]  chrdev_open+0x231/0x6a0
[   86.073275][ T1418]  do_dentry_open+0x97f/0x1530
[   86.074784][ T1418]  vfs_open+0x82/0x3f0
[   86.076075][ T1418]  path_openat+0x1de4/0x2cb0
[   86.077597][ T1418]  do_filp_open+0x20b/0x470
[   86.079036][ T1418]  do_sys_openat2+0x11b/0x1d0
[   86.080567][ T1418]  __ia32_compat_sys_openat+0x16d/0x210
[   86.082268][ T1418]  __do_fast_syscall_32+0x7c/0x3a0
[   86.083868][ T1418]  do_fast_syscall_32+0x32/0x80
[   86.085392][ T1418]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   86.087356][ T1418] 
[   86.088116][ T1418] Freed by task 60:
[   86.089348][ T1418]  kasan_save_stack+0x33/0x60
[   86.090848][ T1418]  kasan_save_track+0x14/0x30
[   86.092337][ T1418]  kasan_save_free_info+0x3b/0x60
[   86.093890][ T1418]  __kasan_slab_free+0x60/0x70
[   86.095393][ T1418]  kfree+0x2b4/0x4d0
[   86.096619][ T1418]  process_one_work+0x9cf/0x1b70
[   86.098149][ T1418]  worker_thread+0x6c8/0xf10
[   86.099611][ T1418]  kthread+0x3c5/0x780
[   86.100932][ T1418]  ret_from_fork+0x5d7/0x6f0
[   86.102527][ T1418]  ret_from_fork_asm+0x1a/0x30
[   86.104060][ T1418] 
[   86.104828][ T1418] Last potentially related work creation:
[   86.106601][ T1418]  kasan_save_stack+0x33/0x60
[   86.108096][ T1418]  kasan_record_aux_stack+0xa7/0xc0
[   86.109739][ T1418]  insert_work+0x36/0x230
[   86.111171][ T1418]  __queue_work+0x97e/0x1160
[   86.112638][ T1418]  queue_work_on+0x1a4/0x1f0
[   86.114089][ T1418]  release_tty+0x4de/0x5d0
[   86.115499][ T1418]  tty_release_struct+0xb7/0xe0
[   86.117050][ T1418]  tty_release+0xe2d/0x1430
[   86.118495][ T1418]  __fput+0x3ff/0xb70
[   86.119801][ T1418]  task_work_run+0x14d/0x240
[   86.121546][ T1418]  do_exit+0x86f/0x2bf0
[   86.122860][ T1418]  do_group_exit+0xd3/0x2a0
[   86.124322][ T1418]  get_signal+0x2673/0x26d0
[   86.125753][ T1418]  arch_do_signal_or_restart+0x8f/0x790
[   86.127417][ T1418]  exit_to_user_mode_loop+0x84/0x110
[   86.129038][ T1418]  __do_fast_syscall_32+0x2ac/0x3a0
[   86.130705][ T1418]  do_fast_syscall_32+0x32/0x80
[   86.132200][ T1418]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   86.134109][ T1418] 
[   86.134895][ T1418] The buggy address belongs to the object at ffff88806eba9000
[   86.134895][ T1418]  which belongs to the cache kmalloc-cg-2k of size 2048
[   86.140075][ T1418] The buggy address is located 32 bytes inside of
[   86.140075][ T1418]  freed 2048-byte region [ffff88806eba9000, ffff88806eba9800)
[   86.144298][ T1418] 
[   86.145050][ T1418] The buggy address belongs to the physical page:
[   86.147005][ T1418] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6eba8
[   86.149763][ T1418] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   86.152353][ T1418] memcg:ffff888069086181
[   86.153650][ T1418] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[   86.156016][ T1418] page_type: f5(slab)
[   86.157233][ T1418] raw: 04fff00000000040 ffff88801b84c140 ffffea0001b39c00 dead000000000002
[   86.159861][ T1418] raw: 0000000000000000 0000000080080008 00000000f5000000 ffff888069086181
[   86.162508][ T1418] head: 04fff00000000040 ffff88801b84c140 ffffea0001b39c00 dead000000000002
[   86.165172][ T1418] head: 0000000000000000 0000000080080008 00000000f5000000 ffff888069086181
[   86.167792][ T1418] head: 04fff00000000003 ffffea0001baea01 00000000ffffffff 00000000ffffffff
[   86.170448][ T1418] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   86.173086][ T1418] page dumped because: kasan: bad access detected
[   86.175053][ T1418] page_owner tracks the page as allocated
[   86.176815][ T1418] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6086, tgid 6084 (syz.0.7), ts 50464120646, free_ts 0
[   86.182852][ T1418]  post_alloc_hook+0x1c0/0x230
[   86.184353][ T1418]  get_page_from_freelist+0x132b/0x38e0
[   86.186024][ T1418]  __alloc_frozen_pages_noprof+0x261/0x23f0
[   86.187850][ T1418]  alloc_pages_mpol+0x1fb/0x550
[   86.189241][ T1418]  new_slab+0x247/0x330
[   86.190506][ T1418]  ___slab_alloc+0xcf2/0x1740
[   86.192506][ T1418]  __slab_alloc.constprop.0+0x56/0xb0
[   86.194263][ T1418]  __kmalloc_cache_noprof+0xfb/0x3e0
[   86.195977][ T1418]  do_check_common+0x298/0xb410
[   86.197510][ T1418]  bpf_check+0x8763/0xc4d0
[   86.198916][ T1418]  bpf_prog_load+0xe41/0x2490
[   86.200477][ T1418]  __sys_bpf+0x4a3f/0x4de0
[   86.201891][ T1418]  __ia32_sys_bpf+0x76/0xe0
[   86.203344][ T1418]  __do_fast_syscall_32+0x7c/0x3a0
[   86.204970][ T1418]  do_fast_syscall_32+0x32/0x80
[   86.206495][ T1418]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   86.208476][ T1418] page_owner free stack trace missing
[   86.210128][ T1418] 
[   86.210963][ T1418] Memory state around the buggy address:
[   86.212672][ T1418]  ffff88806eba8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.215120][ T1418]  ffff88806eba8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.217685][ T1418] >ffff88806eba9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.220108][ T1418]                                ^
[   86.221915][ T1418]  ffff88806eba9080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.224499][ T1418]  ffff88806eba9100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.227524][ T1418] ==================================================================
[   86.230564][ T1418] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   86.232805][ T1418] CPU: 2 UID: 0 PID: 1418 Comm: aoe_tx0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.235440][ T1418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.238712][ T1418] Call Trace:
[   86.239820][ T1418]  <TASK>
[   86.240773][ T1418]  dump_stack_lvl+0x3d/0x1f0
[   86.242260][ T1418]  vpanic+0x6e8/0x7a0
[   86.243506][ T1418]  ? __pfx_vpanic+0x10/0x10
[   86.244928][ T1418]  ? handle_tx+0x5a5/0x630
[   86.246321][ T1418]  panic+0xca/0xd0
[   86.247466][ T1418]  ? __pfx_panic+0x10/0x10
[   86.248857][ T1418]  ? check_panic_on_warn+0x1f/0xb0
[   86.250459][ T1418]  check_panic_on_warn+0xab/0xb0
[   86.251987][ T1418]  end_report+0x107/0x170
[   86.253294][ T1418]  kasan_report+0xee/0x110
[   86.254703][ T1418]  ? handle_tx+0x5a5/0x630
[   86.256079][ T1418]  handle_tx+0x5a5/0x630
[   86.257396][ T1418]  dev_hard_start_xmit+0x97/0x740
[   86.258964][ T1418]  __dev_queue_xmit+0xa46/0x4490
[   86.260611][ T1418]  ? lockdep_hardirqs_on+0x7c/0x110
[   86.262224][ T1418]  ? finish_task_switch.isra.0+0x221/0xc10
[   86.263997][ T1418]  ? rcu_is_watching+0x12/0xc0
[   86.265493][ T1418]  ? __pfx___dev_queue_xmit+0x10/0x10
[   86.267151][ T1418]  ? __schedule+0x11a3/0x5de0
[   86.268617][ T1418]  ? __lock_acquire+0xb97/0x1ce0
[   86.270203][ T1418]  ? do_raw_spin_lock+0x12c/0x2b0
[   86.271855][ T1418]  ? find_held_lock+0x2b/0x80
[   86.273333][ T1418]  ? skb_dequeue+0x126/0x180
[   86.274785][ T1418]  ? find_held_lock+0x2b/0x80
[   86.276272][ T1418]  ? rcu_is_watching+0x12/0xc0
[   86.277772][ T1418]  tx+0xcc/0x190
[   86.278888][ T1418]  ? __pfx_tx+0x10/0x10
[   86.280217][ T1418]  kthread+0x1e1/0x3e0
[   86.281531][ T1418]  ? find_held_lock+0x2b/0x80
[   86.283002][ T1418]  ? __pfx_kthread+0x10/0x10
[   86.284414][ T1418]  ? __pfx_default_wake_function+0x10/0x10
[   86.286158][ T1418]  ? lockdep_hardirqs_on+0x7c/0x110
[   86.287742][ T1418]  ? __kthread_parkme+0x19e/0x250
[   86.289287][ T1418]  ? __pfx_kthread+0x10/0x10
[   86.290732][ T1418]  kthread+0x3c5/0x780
[   86.292032][ T1418]  ? __pfx_kthread+0x10/0x10
[   86.293482][ T1418]  ? rcu_is_watching+0x12/0xc0
[   86.294988][ T1418]  ? __pfx_kthread+0x10/0x10
[   86.296431][ T1418]  ret_from_fork+0x5d7/0x6f0
[   86.297855][ T1418]  ? __pfx_kthread+0x10/0x10
[   86.299334][ T1418]  ret_from_fork_asm+0x1a/0x30
[   86.300845][ T1418]  </TASK>
[   86.302417][ T1418] Kernel Offset: disabled
[   86.303769][ T1418] Rebooting in 86400 seconds..

VM DIAGNOSIS:
09:57:40  Registers:
info registers vcpu 0

CPU#0
RAX=dffffc0000000000 RBX=ffffc90006af7ad8 RCX=000000000000a343 RDX=1ffff92000d5ef5e
RSI=000000000000450d RDI=ffffc90006af7af0 RBP=0000000000000002 RSP=ffffc90006af78c0
R8 =0000000000000000 R9 =ffffed100fffae52 R10=ffff88807ffd6b80 R11=ffffc90006af7ae8
R12=ffff88807ffd6ba0 R13=000000000000a343 R14=000000000000450d R15=dffffc0000000000
RIP=ffffffff821350d7 RFL=00000a02 [-O-----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880974c0000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7445000 CR3=000000006e4cb000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000020210058
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffff0f0e0d0c
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000a1a2d7ff RBX=ffff88806dd08af0 RCX=000000005e2cee29 RDX=00000000e85f3c00
RSI=ffff88806dd08b18 RDI=00000000591bac3e RBP=0000000000000000 RSP=ffffc9000106f808
R8 =0000000000000000 R9 =0000000000000001 R10=0000000000000001 R11=0000000000000000
R12=ffff88806dd08b18 R13=ffff88806dd08000 R14=00000000e85f3c00 R15=0000000000000000
RIP=ffffffff8197439b RFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880975c0000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7404fe8 CR3=000000006da02000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000020210058
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffff0f0e0d0c
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000074 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85617a35 RDI=ffffffff9b0fc700 RBP=ffffffff9b0fc6c0 RSP=ffffc90007a1f458
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552
R12=0000000000000000 R13=0000000000000074 R14=ffffffff9b0fc6c0 R15=ffffffff856179d0
RIP=ffffffff85617a5f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880976c0000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7f4c000 CR3=000000000e380000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000001 RBX=ffff88807ffd6c58 RCX=0000000000000002 RDX=0000000000000000
RSI=ffffffff8212091f RDI=ffff88807ffd6c58 RBP=0000000000000002 RSP=ffffc90006cf77c8
R8 =0000000000000001 R9 =0000000000000000 R10=ffffffff90ab9297 R11=dffffc0000000000
R12=0000000000000001 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff82204700 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880977c0000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7445000 CR3=0000000051c2c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000020210058
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffff0f0e0d0c
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000