last executing test programs:

5.583279555s ago: executing program 2 (id=96):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0}], 0x1, 0x0)
recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000001480)=""/4087, 0xff7}], 0x1}}], 0x1, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r2, &(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000490}, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x6c, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_TIMEOUT={0x8}]}, 0x6c}}, 0x0)
socket$alg(0x26, 0x5, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000300))
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
timerfd_create(0x0, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000080)={0x0, 0x845d, 0x80, 0x2, 0x3b1}, 0x0, &(0x7f0000001a00)=<r4=>0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000180)=@IORING_OP_READ=@pass_buffer={0x16, 0x20, 0x2000, @fd=r0, 0x7, &(0x7f0000002480)=""/4096, 0x1000, 0x8})
syz_usb_connect$cdc_ncm(0x0, 0x97, 0x0, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r5, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg(r5, &(0x7f00000057c0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000004c0)="6b093db1947bc296cf697e335c7aa0e9afc07b5f0c819e3522eaad2a74224b7a5bed182fec91c96271033eec5d14ede20a6d1c36c3e7a445ccb5b158ffaec30b8b846de0d5b327a6b1d322a80d00b5c08428fb6ef0d6bdfef436fd9a0027a7cce11f65f633449199149e065a48b3f6bb51b5e305aa20ec347027ace732178271cb92f3e4bdda6732a10715efe7a7eae23413207a9cd1c24ea5ad8f333bfedf8e93e880fc51fb9051917d5488a13c22f1a575b1767424074c84444b29becb98de0e479ae50c12711cc5e26973d496458de4969e51dd5aee7ae9ca5da879f96737d626b447cdf675bc4af3e1ffec688c6945d0786b8ff146cab2e441e3438f3ddd2832b9ac4c9693141785b844f706c8137d0ebf12347ee82f9bd1968c51803a81998a149178952f712f57c09038a8f8a2e871a1f3b026ec617a77cb2163cea2164504b5ae989034b7ceb91545c2d968b9852181505afb7422606d1db2982240a7583260c32f5e3ea677edfeffc6cb30ef79c96938f7b571a3747042c4db17296ea799f65205b5cc2bf60f5921db65d28ae0a3ce76601fb0dfc04c7fa3900aff36af6c018df195fe6e97e6aa3a81c06130489c24b82c920681d3efb1fc33c73f8645ff0baa0be3a9a92b601f9602a2ef119e527c156bd8d8c91ec92baed92c43bc153fb5c7a5b08f8c8c03b0d266bcadbb061ae5e0f15eab9ba116923a27d961377383fae7b837a448e786371140ee20733f1fc82b565f4f1dc3859c49c5e9e18180e8511ddf854609ed7fcb50ca1c43934883488c9689e0de4f05ee35a254c900b2dee53673e959ae5adbc3f793917ad556654e4df993f2bbd4b9b9259efdcbd3c3c2d315cb1c92438cdea1792c390cef68d3926d44cd9361912518732211458bdc92f855c9c018e3a7b35da0d8c8f934dbc3cfba39a9fa99e1a76759d09e705e0e4d84a32987c661b2e3f58ca446ca835fabdaf163ae94f2a59481ab62298d4350ae9358fdbd2b1b20da4afaaf2982903c2805b6caf71719d0d74852ae8414baa491363af0d20a7ad133b81356c30e77d036ba519867fe35391c36ecd0464b40a3871637dc81af3c19f59f347749cb07ac25f96e0cbf84288d32aff6dcd9cd2ebbd905d53dc87b14002cf971df0b76c5171e392f78cd002fd34a28454a32531ab9fccb16820b462bd13005da9d2fbd0ed02a4a7527b9b40b939bbf0686d16fa3070f129ae48da709408dfdb12c661148e282d50794b34b2e15236bf2f967bba67a7c650a02743ec3b852b5511c1ab32efc7d85a97bb622935b72d5c06e7bde3f389172684a6e61c852f6ec2a323858f67f8f9dde9f9eaa26cfcf958dafe5ed23b6c06f094fa1550ce0a39447769218060cb9e78a0e6f61a08b629e2512d8972a2a337b0b6b97220d292af823b8800ef45e72089659a0b1cbc750d6491d55f9bde4d1c4abe796d6951be456b8ad327794ddc74042c9e303832ccbf2d2fcb6d01007b8cf0552b568af89adc9b198cbea6b8137ef70ad16919ade2bdbd29d23c78c04cce6dedf07598d33841d8f02f7ed5a349fddbc742ea7e742636a2cb4ff663192cb1102adcc019b92caac00f5a644afc2d03b68f933aa6b8eddd6c39a0de8913034a0b48ddabd39aee173350f3dfa0329c308fb94e3528e", 0x498}, {&(0x7f00000002c0)="e4d561e9744108000000e9b4ec081c8eb4534bc5b9284f843e2bc71745", 0x1d}, {&(0x7f0000000300)="d05d67afc746cff8fa10e483e9eaae867d31e22831b4bea09d2b9e867d06ab0eccd98dee45bbd11af441dc93334d0270f6527428cf0d1bef4f5789bf5acf2e44d415c2e774b8af25275915bdd38fe5a74b87a4d9a1848ed513f92bb0672d88425bcf9fdc7b07cdeb96451ccf522215e76dae12391d3fc0258ca86ea22eb857bfc7f9dc565f3e2dd7412060421997bb92", 0x90}, {&(0x7f0000000980)="21e35e62c07eb3b95754d4c8ae60419349648a512aab6c478d95c5f71f25ceb5079ce5da8adbc54a10dcc07e36d67d4b880ae396b5c3de2ab65094fa", 0x3c}], 0x4}}], 0x1, 0x0)
setsockopt$sock_int(r5, 0x1, 0x21, &(0x7f0000000040), 0x4)
sendmsg$sock(r5, &(0x7f0000001e40)={0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000400)="dcc1cb3ea8aec09f438ea15a9aa0b1827a560ca8d90c27daacd1af63fe0fe2549e280fd37046e27c05f93f1d46f91e20b8ffde6380e7894d5cb1fec5ecab2c87ac6d0724c440843960", 0x49}, {&(0x7f00000009c0)="c40283add233583b3b0b000000003454a3be0accba04ed89a22f5e0c1cbff582735318298c50730f664ce237334cde2a5f5b7956a34d16", 0x37}], 0x2}, 0x0)
shutdown(0xffffffffffffffff, 0x1)
r6 = syz_open_dev$video(&(0x7f0000000240), 0x717, 0x40)
ioctl$VIDIOC_CREATE_BUFS(r6, 0xc0f8565c, &(0x7f0000004500)={0x1, 0x5, 0x4, {0x4, @win={{0x9, 0x3f8b, 0x9, 0x9}, 0x0, 0x1, &(0x7f00000034c0)={{0x3ff, 0x3, 0x10000, 0xa}, &(0x7f0000003480)={{0x0, 0x7, 0x8, 0x5}, &(0x7f0000000280)={{0x1ff, 0x6, 0x10, 0x2}}}}, 0x1a000, &(0x7f0000003500)="687966b55838b8691f56b349238602d916054e3f48396e602eb6dd4e05529251ba3f00c8925edcde0addb83a1dc439089b897a9854beaf6aab4876ab21997a431b8d69fa229b4c79db1adc99c89887bb27beca12555b19d957e2ad9473ad2f22238715183a0586ff668c38a249ab98147028dbe750da134b47728b81c0b2741f6bb677f96cd67ab5423cb759971d42661ac80e02a7173f13c41bd513ed7bfaaeaf3242427a46c8f19af242106c19e836c2cfefd82d8db73ec819580cf9b87c9af114d1ce09ddaa303143130b8f50602fcffbc95f4dcb8d04b8ac98ca8bb600118c3fddd9278093893dbd871bb814ac9141a207b287d33e53d5d2db0403f08706828e886e9ce072ed96aabd62f31b4c6db7f6e0f9522d5d6957db7c44b514a10b4ff20b34258fb7c97598661ead5d578f5d211fca9ad10d3e26a00437d9e6cb031a2a134d7c09225c3c4cc2df84d1e87162cbe315f159d6756a3162af350ccd6192e21b72f082e3a1284ab58d2910ec988a9b6fb3934542a71710c52b09b99faaf77e2fd35307fbf2896a2e22592e5b86298eb0c0d462acbc8fd0b42761047fe901c92b713b9d82f9f02cb3e4a6ff59e126e67cfd39beb4ebe275678b26321be2ccc015551abc532ce42e95c3fc4e0e2da30556d99652fb581a316cae2e215dc51957e836e52acb156f3fb8597e5dd43133d3a37b60b06f4db97571fd284e09266382b2263a3d0eaf42f47453751e01370846ba611f2fe4b172b9a0e16112bd3b892ed85e793f641bf84627518f602f5d729ce31ab8504a430657015709a0385b37d6201f709a2c492211e4e28bd48bfd82dbc27f92dccbc11f24205083b04f50ebc8813c4daac2f6cb1d7b863537e6e466e12264ab5fe212580599badfbc61a7d88b6402126f244c85cf4ae2ef42c23a33711783920272a73a00154fbbd37176149289d35c20dc88d66b697cbfe9c0a7a8cbdb80cd5576dadc9dc12791d6227d683cffb603bfbd1b781b17b136bf468b0ba7a866302e089a9e70b05576706d79e31bffc2af10073d95d18a04cb7187788d28598f4e253d90314453a6d5780b836376161dc128a10a3ffb86dd161185ccf5525be0b3f17cd6c89b016d0cf1b9f34cda15c43fc96016f585c52f32c1418c36538e262a07441cc79111b2088f72bc9c50750b9b4cda88018e73ba6bb53179fe3f88a8f3afed011bfd15e7d213db0e8c0a495e5f04c9616bdc87146bd01e0746cbc2d46aab141ad14861309bd74335d6711548f4632858aabf244717374bbfc8f755fed41fad4aed8a0724c9bb46dc6546bf948db45eaef3fde09a20a345d342f8a77b2c329546ba391a9e898d4a5289c43dcc03b1f69f25912bea377e6fac19d8f092fc4567d52b3d46216ad5693e0a3a7bfb6d2c219104cd920984d1f7960893dbd3255ccc960d49f9ec084b5a8942b899952dd11e2ebde429f9a62e5a326adf7450dc76148380a787ac1031f3518c0aa8759d071d60055d5efdbb1a1f5df9a3b3ab173a227a486233f45190865ae41f8a7450f51cb35c80ea8f10ddc0a59040cbd6bb0b9993fe728b9c0875dc94fcb165c2e6015e30f68f518b06d44be455476c698e44b63b1b0cbee826280ca8351f2a3c14cfc60c61f99af091ca34b5d1b98cce993fa62fafac162de750938395e916c6990169d05bd26c92f855b8c8b727c6517059757dd3144d634b70f4309cc434f425ef29616435c04fd66f71b134ab28e92be6c34fa4be4c0aa6982647387ddb02012092eca5762036642d0f9db022be0dfddfd35c921a1c4ddcf5480b28916737f401e4a30177c6b8d6c8f202551d3966eaa4abfbcc7e0bbbcfc8abc26e6996771099928c9f9758bd6c56bdfff83470d8a4a5a1bcd0b5b3d46e29930278f86563bc1e77b74cd266ff65d90814823daed9998e864df8af26bf081b60241ca65e8dff5c15d98f8450a2ad8d41d1e7579219b462d727cbf7fd5d7dbfc797be6a0bab32ee5aacc1e13bf1aa68b542fbc345544359eb8e9d72aca2800387d10547c5271a73c7a7bd236782e319ca91c31d920976870284ce71b93fa6d36344d30185265639bae15a5a28b93469773bfc5e989fa03909fba9c6655b2719a4482349f31c4d543e6e0fc8066342f257ee3e8e7baf22af6b8077ac9ae9f1aa0974e470b64cc15c8ec75972b43df122c88a03d00c946a8a489fdd1c164f46211b7cc693ea3d17e143d08cf769433a3e75c49b5efb92bd776fbecae6b9c392d695c839732fde05c537a68963be37a565bf9b9654cb8abf89b4850145bf6f4bc0624bcd1cd2dcaab8bc443221a9cced624dca0490f73a0413e09580163160d3a1dfcedc8fcc2f20d1c3dd8529f4b9779c1dc03a721522e55469a20ff4d58d8131c399628638954a600d480e8802bc7f41a91711d01d8032b406c51a49c070f7bfaec64328df780ad4b7f8141ffcc013f1b7b88c3f6a146a0c75d6ed19424fe24011ad5a269bac6e66466af443b7f7265bce7502af178d5cf484ee1a26f6eeb4d576ecd8545414b18b7fc652e33f933faa73c09baac226a537da61dba6d600ade552654f38c5328394ebacd49e6cecbeb8d24f28ef7d1624db30e78fd8020fdc6085ad427760fdb24f641434ea1d1df0a27345eaf7802dbed821c9c0a6b19b2dee70e82dfd8cbf8ca42cb6fcc7fe96373ec2b8690682bd8055b388c23ddd78959925bc349a0808d496a0802dd9d39db791a1d7024d6871d4c28e949239fe62e20b9e96b9a0d6d2415d0bb67575f43a668a4546d7115fd123d0ad05f835470bd7e066c5be6f5e1cdd488d954a6beb6efd3891951dd54294dbe2fc82f0127c7980db88762297ea9c03c5b937b7280aedb897830d719f7ade0559f4e4dda0e537fbae2cd4bcc7d73200239c421281a8d9077e66390a6a5eca9cb3104d380c23e566a2ef46c121d118605f1835bb045f0b6925204ec4e7d7656b8c8f94733af993056200f5991c0cca6a62493fb0963c4402344ec43bbe2783ac1ecfdbc0cfd40fc7fa1657b5a043428a4ca07b3c75e3a3bdf67974b93a91f74ad5430ad2121745b753bb894b53449a9ec3263f7f2c8117b70a5ec11b302dc58043546a66e69c66744c59da4b322c6d360b6818f85070a4c8a2a634ea842b955bf6e20dfc35e540fac9d51262aaed0989df15e027a102356d25ab6a55b6aa6230bede0eac7bccbf0fdc066e25ea0563659ebf81ace4ccf3159d9bc3e938bacff16c68c82c8cb68c1f7b31e593a934c53e12a2036ce05d6579a4c53da5da480ae707e9b78bd2f1a099b545aa62eae3699f53ac246d35cc36d61e5b7b852c353b25d636054efe53414c7bd27b755f9445cbb1f784d72a3220eed4d803a5b0a968bfee516365a684f0197821261890d3d80e2ce521bf006213b93bbab20177c7e97964ae7b2113759189105bc8ac7e6c158b358217a83efed6fd8aa2e379c8696875ceabb617823c5d773cb7a0387c2de014e457895483048d09e79243d2cc60ea4658d528bea9ec9d92398bd4327744b73988acded5facb1d7ebd813e19e5676d5f3c68d81e041a97cf93e2df045dbe7ef9d03e0ce87f198451b1b409bb8d5bda26f43352baaa47aefeb4335563bf0afc2dfc22de3e20c71c1764c209f7f27a5896ec189a38b4ec3445df6984ad03f62552749d33237740efd82b4b6280a47ebe4c9cd69d37e9ae4d125f957e1370c93801de0ded2e59ec0cd9cf88431af03d9a9fc096d524bd622dce1ba995cb7ce3a98c5c3063e50e808b6f80b12b90775b6f8c1e7a1d2de2e5c9b5a9817cd4d29028499199697f811edfb6aa5f1faf83e3d8a21bc9f552a2d10438fe803cff8693d4cbbe0e5b4c54c63e91c600f25e60ffdafee4c018582892cc871f3e47e4160eea37e6d3129ea24ca9930bad440ec46e8f8c7c927ff1ec3f83703947cd925d7f0531867ce8049f1cd1a12e54fd0f31233ec14d3aa4f284e68dd1aa8b003ce8fb91e68e0c2ba32b4e1051a5e81eda8e5566f20f0a1e142360c1e5ec7725b4e4fc0437abcc403c3aea5a5af149bf3a576627e3318349afef3750ccdf99704d8508e45d0c1d828103ddc4eaad227eb6ce40baa56aa6397ae4e60b870bb51ced4fb57bad41c302b68223dbd194584e6f1386cab07514bc36d7ae1a41b42a131573e1fac23943e752fa19bce8112507a9090eb5fe7f96e868d3c36a5a8925d47e43c9af8a999fa11f84c3c0d9110125eca8ee53c31c227402d044e0b6b2ec198231380d06e3068018ba3c4c0742d240bfabff884ee662f4251333d6baefd35ac37bd9fac40e943bbdf0c23d0e131dc096fbc6f5d4dc3c946a40fc930d58ce8d793c11372219d68f28f712ef7463ee5dcc9cd341eabbb7cad58fc9e149dd7a1b961f468eee9eeedf19e040df7f672b910a1c525b40a083ea4556d1b9ed3cd04e1df8d55ff7223d6bc9c873880181e954fea85f2ed8905ed82dc9b2dc781e03863ec1ca6db7c848e55a4100fd6f4a15ac0e67a74b68c5dcfcb7a2b669bb3b1806526639d93f4da8373376c787458c17aab894322d9698d67ad101472b1b7d8f3977724210940c6dc44254df9d3ae2cd3fc4bcde686f206fc45f81b192db82a6cca2d0527ab0f4800882835cb46068de7d91dda1c52c80003463fe84f1f688bfa6134fd34819e850e27644f2ea80190e83dea6537b158e04e7dd8ff5fb3b8e4f1c462ad091b3e23888e8317e8e590e4b2ded79170f1ce3312fb8bbc39a0fb3abd273db870a28bdce566d21395decf72189df05aed30b811de0cb5963b019c634bdef8a2183e1bd888789612773e7423ae080413697ad32c730f0af5545328d81253df93a45bce4bc01047cda0482613ddd159327bc7cc1e75c08bb03e6e9e76fc9910b6cdff634061936a1fc115a05fb535db88d1d0ac39757266ac79466defc6530c078903ab41a587eaec632d93efc4507b72ce77a3b45e7a8285f67a8f0ffba8f79388baa33232546825d832634d116df289a02f0c4b0b6e0309e9d698a7bf4f172d863fe6f68532e7cbb6c031b9068b02205d1c7b0d1b8b539af4d74a5ed8dc7a856de15b52f236ca050cf0c3cb33cc5357e93add6573b592d1135414628ce5f26861df222634aeaf408cadce2f46a7d7364d6f18ab2f469a0f8f34cc052e504b8ff72e2a0bcdbd08e9671c43687cbb9b580f65f1e51f3c786f535ccb6cfb41d917859b083c1ef27039fcaa821ea4ec2103b240174af9191ce5d24e1fc7dd3fc5c22165b6ba0003d499a824d15797ae5e366ac7f791f4b6f085be94e2a53194b3318853f472e60209af3c9155033fb0d90ee5120988d4822308b3f51dcc53b07d224e3afc2209f29a925cfb1be9c0e2236c4a050872fdac7fdeb19bf3f3a237c1902da5099fbe42da7b7e3298135348824a06ffcd4e9395576a8d7ea925507daf23299dd3575130c95d6e93041e5b149a510c6fe84798fa51d332b52b309560c17b02e872dded9beb5e1719d1fc4b9ab00ebb29ef356c6496ee5fe539b8807ba51bb7ebf416c28395c8b780c5b43318b58331500e6879a6bc689d2ff1353cef5894633d998a7392446144e4417e4bd2d34a1953ce2b379abea9dae7e53f35e2a4a1a64e2d0ca1cb2ca2b4a1b03855cd8aa2f2d97794b6c5aa0fab44882d268050766486a0801a9ac977c422c880ad45a81cac5b706771f0f76df2556967570f448d6ab36dc9a92c4fc340da18eb9dbce2f8fa1a4971f285a2c8f0fb721872d198e16bbd557a0667bc30e451eba9297db0a360c9de7f1224ff53b1ec226e666", 0x52}}, 0x7})
recvmmsg(r5, &(0x7f00000048c0)=[{{0x0, 0x0, &(0x7f0000004a00)=[{&(0x7f0000000180)=""/160, 0xa0}, {&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000001ac0)=""/98, 0x62}], 0x3}}, {{0x0, 0x0, &(0x7f0000001cc0)=[{&(0x7f0000001b40)=""/164, 0xa4}, {&(0x7f0000001c00)=""/166, 0xa6}], 0x2}, 0xffff}], 0x2, 0x20, 0x0)
sendmsg$AUDIT_TTY_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x10, 0x3f8, 0x100, 0x70bd2a, 0x25dfdbfd, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x40000c4}, 0x0)
getdents64(0xffffffffffffff9c, &(0x7f00000004c0)=""/205, 0xcd)

3.582796499s ago: executing program 1 (id=114):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0x10, &(0x7f0000000600)=ANY=[@ANYRES16, @ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f00000005c0)=[{0x0, 0x1, 0x4, 0x8}], 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x6, &(0x7f0000000640)=0x1ff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(0xffffffffffffffff, 0x80045530, &(0x7f0000000380)=""/214)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000740)=0x2)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x2d41, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
brk(0x55555ede6000)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000280), 0x8400, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r3)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
write(0xffffffffffffffff, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/custom1\x00')
ioctl$SOUND_MIXER_READ_STEREODEVS(r2, 0x80044dfb, &(0x7f00000002c0))
r4 = syz_open_dev$sndctrl(&(0x7f0000000240), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc2c45513, &(0x7f0000000280)={{0xc, 0x1, 0x80000}, 0x0, [0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x10, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4000, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1007, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x800003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6b76f8d5, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x7, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2, 0x4]})
syz_open_dev$MSR(&(0x7f0000000000), 0x9, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')

3.152451908s ago: executing program 3 (id=120):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000700)='/proc/meminfo\x00', 0x0, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff})
r2 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x9)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x303}, "48af39015c3b3931", "fa8131adcbf31f7ae106bd79d15dc96d2b038bdbb1db36da7df63bf87f8b3eb0", "b1c519fe", "4bf2ab68836171fc"}, 0x38)
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
sendmsg$nl_route(r2, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
sendfile(r1, r0, 0x0, 0x2)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

2.529878637s ago: executing program 1 (id=122):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x10, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x1e, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf200000000000000700000008ffffffbd0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d4301000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9755ba08554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a6538b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c51231422bb8fab4d4d897db2c544c0ec50b8eac8c63d2b1cd06a39702bd547f5ebaa6954f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564b8f8a621483fb2a5ff221e0d831d64759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d8b570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91f0eb18e21dfdab3c84ec11377fbbfd1e000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

2.472901611s ago: executing program 1 (id=123):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil)
r2 = shmat(r1, &(0x7f0000ff7000/0x3000)=nil, 0x400c)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000000200009500001e00000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r4)
sendmsg$NFC_CMD_FW_DOWNLOAD(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x24, r5, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NFC_ATTR_FIRMWARE_NAME={0x5, 0x14, '\x00'}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x40000) (async)
sendmsg$NFC_CMD_FW_DOWNLOAD(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x24, r5, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NFC_ATTR_FIRMWARE_NAME={0x5, 0x14, '\x00'}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x40000)
shmdt(r2)

2.472446778s ago: executing program 2 (id=124):
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
listen(0xffffffffffffffff, 0xcbe)
r3 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r3, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x0, {0x41}}, 0x10, 0x0}, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x20001439)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002003f00850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d10bfe150a7487535f7866907dc6751dfb265a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59de7621e348955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8ae190a1fb5a315f8347fb0379659500000000000000000000000000000000000000002fdf0193ec79c90ed210ebc2fbed6d4216770c1b0dec886b388d138c2b69c6aacb714e7264093061c660a5100b7cc165889eb94c8d7c77b6fa06f1a4f8e4a6b6cb37e319c5c22f276b03cae853f42b07ca0b03b1eb32a6b1a81cd511fd0b59d57a11c6a3ebf9731464ad21f07f618efc31023ac60007426162b57e803519954d7c956fda392fa84be38e937d36af1c35138e05a9e8d6dc0272de72c41500000000304402e22af23437126f330f8eb4075daaeae3134ece35cd86d95bd9836bd186c4b6565e967a4e3e86f299b7400994ba136b4eccf3b0f001a266c0d160b3ce1182001d64b52a5ce7f506295d59eea6903b84ffbabf5a5b91c1d6ecce8728a224aec66c610e3becd60a35e848c224f8251947eed20e2b612cb099bfe8924d33ba7f0691fed04a43e9c64b7a1e3165e86cdb9871c678a6bbb14821f441c6c14d1bd78d8ffdfea12c19ea04264335d60b6b7a7da6fb83f33101db32f6ab137d943dd3c1e8db9f3e1263573dc721ae82fe0bc63598751a5092c9f7dbfc39d564834e3703492c2a651643d8ce5c36d97a4812cf73fc8ea0d68d7489cfcb0176"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r5}, 0xb)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000300), 0x20022, 0x0)
close(r4)
writev(r6, &(0x7f0000000840)=[{&(0x7f0000000280)="fa8e", 0x2}], 0x1)
syz_io_uring_setup(0xd2, 0x0, &(0x7f0000000040), &(0x7f0000000080))

2.412872081s ago: executing program 1 (id=125):
r0 = socket$packet(0x11, 0x2, 0x300)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
gettid()
connect$unix(r2, &(0x7f0000000480)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
io_setup(0x4082, &(0x7f0000000380))
r4 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r4, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
setsockopt$IP_VS_SO_SET_ZERO(r4, 0x0, 0x48f, &(0x7f0000000080)={0x4, @loopback, 0x4e22, 0x3, 'lc\x00', 0x1, 0x2, 0x71}, 0x2c)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x28, 0x40, 0x0, 0xfffff03b}]}, 0x8)

1.982548228s ago: executing program 0 (id=126):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
io_setup(0x60, &(0x7f0000000140))
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)=ANY=[@ANYBLOB="3800000003147df800000000000000000900020000007a32000000000800410072786500140033"], 0x38}}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(r3, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x3, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000]}, 0x45c)
ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r3, 0x4004556d, 0x3)
ioctl$UI_DEV_CREATE(r3, 0x5501)
write$uinput_user_dev(r3, &(0x7f0000000500)={'syz0\x00', {0x3, 0x5, 0x8, 0x8}, 0x41, [0x6, 0x8, 0x4, 0xd2f, 0x9, 0x51b, 0x2, 0x374ee73b, 0x1, 0x7fff, 0x8, 0xb04c, 0x2, 0x4, 0x80, 0x1, 0x6, 0x8, 0x0, 0x0, 0x4, 0x1ff, 0x3, 0x0, 0x2, 0xb8, 0x9, 0x9, 0x2, 0x158, 0x9, 0x8, 0x0, 0x4, 0x8, 0xfffffffb, 0x7ff, 0x6, 0xffffffff, 0xd372, 0x9, 0xffffffff, 0x5, 0xfc, 0x1, 0xd21, 0xb, 0x1, 0xfffffffa, 0x89c7, 0xfffffffd, 0xff, 0xf887, 0x101, 0x5, 0x3, 0x3, 0x10000, 0x0, 0x10000, 0x80000001, 0x0, 0xdffb], [0xe51d, 0x4e64, 0x8000, 0x5, 0x6, 0x1, 0x7b2, 0xff, 0x100, 0x2, 0xffff8000, 0x8001, 0x7fff, 0x560, 0x7, 0x80000000, 0x5, 0x5, 0x103d, 0x5, 0x4c3, 0x9, 0xfffffffe, 0x2e6f, 0x7f, 0x2, 0x400, 0x8, 0x2a, 0x7, 0x2, 0x80, 0x40, 0xd1, 0x7fffffff, 0x79d1, 0x9, 0x3ac, 0x4, 0xffffffff, 0xffffff81, 0x0, 0x4, 0x5, 0xa, 0x101, 0x0, 0x8000, 0xf04, 0x1b, 0x7fff, 0x9, 0x5, 0xf, 0x80, 0x66aa, 0x5, 0x6, 0x5, 0xffffffff, 0x7f, 0xc, 0x3, 0x4], [0xfffffffa, 0x81, 0x9, 0x5, 0x200, 0x1d85634d, 0x5, 0x0, 0xb, 0xffffffff, 0x2, 0x4, 0x8, 0x5, 0xe, 0x1, 0x800, 0x4, 0xc8b, 0x8, 0x8, 0xac37, 0x6, 0xfffffffa, 0x1, 0x989, 0x7, 0x80000001, 0x1400000, 0x7, 0x5, 0x6, 0xb4c1, 0x0, 0x2, 0x3, 0xffffd8da, 0x7, 0xffffffff, 0x2, 0x8, 0xfffff001, 0x9, 0x9, 0x8, 0x8, 0xffffffbf, 0x40, 0xffffffff, 0x101, 0xb, 0xf, 0x4, 0x1, 0xe0f1, 0x6, 0x1, 0xfffffff8, 0x4, 0x2e, 0x9, 0x0, 0x622, 0x8], [0x139b, 0x6, 0x9, 0x3e, 0x4, 0x6, 0x2, 0xfffffff9, 0x1, 0x8, 0x3, 0x3, 0x7fffffff, 0x0, 0x4, 0x2, 0xa, 0xd, 0x3, 0x2, 0x5, 0x9, 0x77, 0x8a6d, 0x7fffffff, 0x2, 0xad7, 0x2, 0x5, 0x0, 0x800, 0xffffc4e4, 0x7, 0x7, 0x4, 0xffffffff, 0x4, 0x7fff, 0xfffffff2, 0x1, 0x9, 0x3, 0x11cf7098, 0xd, 0xe, 0xfffffff8, 0xf, 0xc, 0x3, 0x2, 0x74, 0xfffffeff, 0x9, 0x80000001, 0x80, 0x5, 0x0, 0x401, 0x3b836a5b, 0x8, 0x0, 0x176, 0x1, 0x8]}, 0x45c)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x42280, 0x0)
close(0x4)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x2000, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
poll(&(0x7f0000000000), 0x0, 0x9)

1.940959679s ago: executing program 3 (id=127):
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x91, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6d, 0x8, 0x0, 0x0}}, 0x10)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r0)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000200000000000600000914000200fe8800000000000000000000000000010f00"], 0x4c}, 0x2, 0x34005}, 0x0)

1.852753873s ago: executing program 3 (id=128):
openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={0x0, 0x14}}, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r1)
sendmsg$TIPC_NL_NAME_TABLE_GET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), r1)
sendmsg$sock(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)="869b132bd023614380db065e0361c17ea4a123b3bb9e097016930f86e5770aad078c4c277a1395029b04e6e395582175a5a51337a9cca6caa5dbca7d39f50d3c0953ced75eb50ab4bd376a823a25e25fedb026cc0bfe050a853add29e084638e80ea15d545bc95fa88627d7655fabad382915947827999877ccda8219594061cf48fe5dab16ef146649e7e028814bfaf30cab93eb504eed401a2fb150716a6846135fbe3ed3b14696dfa17f7f4e2c25287e53088614a50682c0c2fc16acefd8d9efd4fda8c9e43260fc9fdfb1c88e806ed60f2ada4838b9121780a8f84cdbf51e94b168394c9548cf4ec13209f4c6b61f836", 0xf2}, {&(0x7f0000000180)="63dc795835b4abc3c66a6e43fea75ec65048efda024fdf35087571dc1d1b616c974a193938ab50c5a9040e493af0d8b3fd64c4b6c4e240f82c33fa04565e96627b710e1a1bed2b0bf3b639a0330dfd84769348c374bc3df81dcba87c805741808d97453f774927a7eac58c92dcb5bbe6c7f3c8928c6f67fce77871e66b", 0x7d}, {&(0x7f0000000200)="e6fa9509b3792cd8646ebb9e5cd3c4a3c0298aa2f0e9af3211b9955da6183790f633515fc57370dc7213c5344ed303e14a4df7bdf7c927fdba448e0f08f7279b9dcdeaf9da197bebd94e1cef1fdc75679ea9503c9d7d411ef4ec64f9f8c4cf89c9eb1c8ca62a1ee73ef25529b0a184249f2bef66", 0x74}, {&(0x7f0000000280)="bade6986c4232e27e3f99c07302eade2ff6d6f759679f4facdf6527ccd2990bf067d2035a5a40b89881da26e8e31b8a69542e9c28544292a9f7b98ed76ec55f43051e0f5c054e218f68921671d930e4482680ecdb7b48da951639612eb96e3f5dde849be9be09d7c4344", 0x6a}, {&(0x7f0000000300)="cbc573c9900f51448fab2864e1d1172045", 0x11}, {&(0x7f0000000600)="69696a2eb5907059f0370a5ba21355df079580fd33926bec09e99699f0960e85f9d91460b2947c904a8acf656c6e23a43f4dc3e92b7d77ec9aaaf088ca48ad96bfd101765a1adf01e755d2329b21aaac6149c57824de3ce43197564c77506f75a5add1ae48665fef0125251ee4be13d52411e1f3dfd3763e7a104fba0ba9b233a6ee231fe2ef568913742d92623204816163cabcc0061c63f76309014825a1c4c2c0f75ac60255441d5f7f88fcebfa8e030abe32f57f9728cb43b2388c2dd42f7d49d72377f1cdad2b0cb966817bdac2efa3c940d7d777e14a16155431b4ae91eeca06049ad60b0d2ddcee489f42a6bc48578dbc423f64cd8b3443aa60abfb7b3e02ec6e60f117bfaffa0b4fcb969bf68d77b2a41f8e436dbeb5eece3de20b8213029ad65cc9f5e75d1804b1871ba1023b337a486eaf18f323934e4322aa66406fe8c943406cfd0584e0ea68d2f2ef985c4c63de2b1601a6f4afe85fa1021e9124d2303069fd5223dec6a10ac6a329d3e4614c2e810c0a1f198cc8160793f0258fba6e870c16646c71cb6f142d7c8524476c2371f3e5d1a1d60a31245b8a2fbec5ef72d3b3e8a2b931e15de41bc3107b13dfaf16373c6af4ee6e9b1c063d09ef7a6804b7f6c4086113e7d05862aa141321d37287c4fc166dd91b73d662eb36b82b7667ec6ffebb707d5146440113b41b01646080f894a3015fa9aa17d85f4824dc7dfc32c8ccc7816ff9c2756306403e65018731978a9193579c71f7a5c0c6edd6823807873785cc8f25d281dc82657490e0b94e64051b587d70039b957cf98a4cface5be6ebf35c5dcba41a099574f750c02c59ef68d1dfd79b012f3e1f7b5801c67b196e9c6ff1defe0b8a73f7e22526a5d063c3d5ea5c0d746091a0d52923adf8c2fec2fe9d54a9e8f135842b38307253a399058403ff1761543a5cda1245f648e27d8bd2e7b8f6a93ccc46053690078b6897b1f0ccd351882ed4348a39b628e48ef87d962c6b1a138c80db1a132e005b5ce38a6c02837163a1db0115deba0244f255771a8629e106add608676c981cf63228f28b62b3d487538f69a2d776dbf8bf27824ed9c061df32a602d3ed4c2f9baff1b25ff492c522324ea33836bd873c24ff236538bca01103f2738082b6909fc30fdffe19cfe2a57904368b13543e97e453246f1349356cb8a3dd3b3941e1d9b6119a4ab87e90a17604c50411b3f93d2f8d4a0728", 0x367}], 0x6}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r0)

1.642702408s ago: executing program 0 (id=129):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = mq_open(&(0x7f000084dff0)='rmdF\x17\x16\xbc\xec', 0x6e93ebbbcc0884f2, 0x0, 0x0)
r4 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000600)={'team0\x00', <r5=>0x0})
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x4c, 0x0, 0x1, 0x0, 0x0, 0x4041}, 0xc801)
mq_notify(r3, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
sendmsg$nl_route_sched(r1, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)=@delqdisc={0x3c, 0x25, 0x2, 0x70bd2b, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0xfff3}, {0x2, 0xc}, {0x6, 0x3}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000841}, 0x40080)
write$bt_hci(r6, &(0x7f0000000580)=ANY=[@ANYBLOB="5300000002"], 0x8)
mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a0300000000000000000001000000000006002d1e31768d32799b3ee4f3dc563c93e04f499288be9eb0d611b8993d3f9886b5e323ed9d41f9587b6fad5f90fceb1f7e208d0de73d9c68af37ab0d0611def41daedfde26d136a84a0d31318174edba87aedf9d776cf365c80b35b17e50c27efc42e278e73218a33b9b7c85977774b4ef6502be2c35a0f34d7a5cb5b7648613b025ce41f3f1659314df002c3b30fce5b8b78d8411f71e38b8b025cfd0830c0a0a2416fcb9b1eb6fa7bb39d8988af554c0240f4e1586dba6e486af467dfde32e3975194e06cc69edb23ba8550376dbff004e04905ad47ff35153e0f0bd813f45dc4bde9ca0ef1809ef0b3d19309b3e63aa00efa20cb009c971c27a2a0030000000030a01010000000000000000010000000900030073797a3000000000040004800900010073797a3000000000ddfeffff1000010000000000000000000a00000a"], 0x78}}, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0)={0x0, r3}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32=r2], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xb0)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f00000000c0)=ANY=[@ANYBLOB="06000073a50000000500060200000100"], 0x10)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_buf(r7, 0x0, 0x30, &(0x7f0000000340)=""/225, &(0x7f0000000180)=0xe1)
unshare(0x68040200)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$IP6T_SO_GET_INFO(r8, 0x29, 0x40, &(0x7f0000000480)={'mangle\x00'}, &(0x7f0000000040)=0x54)
getsockopt$IP6T_SO_GET_INFO(r8, 0x29, 0x40, &(0x7f0000000140)={'nat\x00'}, &(0x7f0000000000)=0x54)

1.56989803s ago: executing program 2 (id=130):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x37, 0x301, 0x270bd24, 0x25dfdbf9, {0x5}}, 0x14}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r3=>0x0})
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r4, &(0x7f0000000040)={0x1d, r3, 0x2, {0x1, 0xf0, 0x3}, 0xff}, 0x18)
bind$can_j1939(r2, &(0x7f0000000240)={0x1d, r3, 0x1, {0x2, 0xf0}, 0x3}, 0x18)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000f00)=@newtfilter={0x24, 0x11, 0x1, 0x691522eb, 0x0, {0x0, 0x0, 0x74, r7, {0xfff1}, {}, {0xb}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001180)={0xac, 0x40, 0x9, 0xffffffff, 0x25dfdbfd, {0x1}, [@typed={0x4, 0x11f}, @nested={0x94, 0x1, 0x0, 0x1, [@generic="664daf258421409993b071068ff774eed479ee4e29250582681b6edd83f3af6cb8803c581cef8f169bc52f97b3ced597fe5a237df002de7f7dac8d812d5d21fa6fe19b7400a22e1694a2aa33b57d477772df85cbe8099645ce50ee1631df8cc496d2268707086d6ecaf8a8a2b9b426f2b471e2db1da41bd91d9ddb8b", @typed={0xc, 0x53, 0x0, 0x0, @u64=0xfffffffffffffffe}, @typed={0x8, 0xed, 0x0, 0x0, @u32}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
dup3(r9, r8, 0x0)
ppoll(&(0x7f0000000200)=[{r8, 0x30a}], 0x1, &(0x7f0000000240), 0x0, 0x0)
ioctl$BINDER_THREAD_EXIT(r9, 0x40046208, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x0)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r11, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)={0x70, 0x0, 0x9, 0x101, 0x0, 0x0, {}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x7ff}}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x6}, @NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$netlink(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="0a043cbf", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0)
r12 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r12, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
sendmmsg$sock(r12, &(0x7f0000000500)=[{{&(0x7f0000000080)=@phonet={0x23, 0x0, 0x0, 0x6}, 0x80, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)

1.452949987s ago: executing program 0 (id=131):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0x10, &(0x7f0000000600)=ANY=[@ANYRES16, @ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f00000005c0)=[{0x0, 0x1, 0x4, 0x8}], 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x6, &(0x7f0000000640)=0x1ff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(0xffffffffffffffff, 0x80045530, &(0x7f0000000380)=""/214)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000740)=0x2)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x2d41, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
brk(0x55555ede6000)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000280), 0x8400, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r3)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
write(0xffffffffffffffff, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/custom1\x00')
ioctl$SOUND_MIXER_READ_STEREODEVS(r2, 0x80044dfb, &(0x7f00000002c0))
r4 = syz_open_dev$sndctrl(&(0x7f0000000240), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc2c45513, &(0x7f0000000280)={{0xc, 0x1, 0x80000}, 0x0, [0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x10, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4000, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1007, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x800003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6b76f8d5, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x7, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2, 0x4]})
syz_open_dev$MSR(&(0x7f0000000000), 0x9, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')

1.447270956s ago: executing program 1 (id=132):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000100))
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x6)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f0000000c80)=ANY=[@ANYBLOB], 0x210)
getpid()
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000006c0)={'batadv0\x00', <r5=>0x0})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = userfaultfd(0x800)
ioctl$UFFDIO_COPY(r8, 0xc028aa03, &(0x7f00000002c0)={&(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, 0x3000, 0x3})
r9 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmmsg$inet_sctp(r9, &(0x7f00000014c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000001440)=[@authinfo={0x10, 0x84, 0x6, {0x8000}}], 0x10, 0x80}], 0x1, 0x8000)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r9, 0x84, 0x7c, &(0x7f0000000280)={0x0, 0x1, 0x8000}, 0x8)
ioctl$int_in(r6, 0x5452, &(0x7f00000000c0)=0x7f)
sendmsg$inet(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000780)='\x00', 0x1}], 0x1}, 0x4044881)
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=ANY=[@ANYRES16, @ANYBLOB="010000000000000000000f000000050033000100000008000300", @ANYRES32=r5], 0x24}}, 0x0)
r10 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r10, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r11=>0x0})
r12 = socket$nl_route(0x10, 0x3, 0x0)
openat$tcp_congestion(0xffffff9c, &(0x7f0000000300), 0x1, 0x0)
sendmsg$nl_route_sched(r12, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r11}}, 0x24}}, 0x0)

971.706008ms ago: executing program 3 (id=133):
syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x2000000000000376, &(0x7f00000000c0)=ANY=[@ANYRESHEX], &(0x7f00000003c0)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0xa, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0), 0x0, 0x10, 0x34, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000000000000040000000100000000000000000000000000000007000000050000004cb600000000000000000000000000000000000004000000050000000003000000da0800"/97])
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x800005d, 0x4810)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0xc102, 0x0)
sendfile(r6, r6, 0x0, 0x40008)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f00000004c0)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x4, 0xaa, &(0x7f00000004c0)=""/170, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
r7 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
prlimit64(r0, 0xc, &(0x7f0000000040)={0x0, 0xcd}, &(0x7f0000000080))
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r7, &(0x7f0000000140)='asymmetric\x00', &(0x7f0000000480)=@secondary)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="00140000000000000800000001", @ANYRESHEX=r6], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r8, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='mmap_lock_acquire_returned\x00', r9}, 0x10)
userfaultfd(0x801)

542.320975ms ago: executing program 0 (id=134):
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x10) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000340)=[{0x0, 0x1, 0xa, 0xb}, {0x5, 0x2, 0x13, 0x2}, {0x5, 0x5, 0x5, 0xa}], 0x10, 0x37, @void, @value}, 0x94) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async, rerun: 64)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) (async, rerun: 64)
getpid()
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x7000004, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xb}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async, rerun: 64)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) (async, rerun: 64)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async, rerun: 32)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) (rerun: 32)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$tty20(0xc, 0x4, 0x1) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="0301000000000000000000004b64ffec850000006d0000007c00000005000004950aa5c52777fefb"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff, @void, @value}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400), 0x0, &(0x7f0000008640)=[{&(0x7f0000008480)=""/94, 0x5e}], 0x1, 0x0) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_GET_CLOCK(r4, 0x8030ae7c, &(0x7f0000000580)) (async)
r5 = syz_open_dev$vim2m(&(0x7f0000000280), 0x8, 0x2)
ioctl$vim2m_VIDIOC_TRY_FMT(r5, 0xc0d05640, &(0x7f0000000040)={0x2, @sdr={0x4f424752}}) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000000306033f00000000000000000000e95b0500010007000000"], 0x1c}}, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)

501.759226ms ago: executing program 0 (id=135):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x4, 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="4800000010000305000000000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="00000000000000002000128008000100677470001400028008000100", @ANYRES32=r2, @ANYBLOB="04227061", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x48}}, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000080)={0x8, 0x1, 0x2, "5a309a426be809a48aa9bc68b9de658caf5999a76c019fefcf54e97d739d47b9", 0x39565559})

487.683442ms ago: executing program 2 (id=136):
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x91, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6d, 0x8, 0x0, 0x0}}, 0x10)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r0)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYBLOB="010000000200000000000600000914000200fe8800000000000000000000000000010f0007"], 0x4c}, 0x2, 0x34005}, 0x0)

350.731921ms ago: executing program 2 (id=137):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='mpol=patic:,'])
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000002c0)={'geneve0\x00', &(0x7f00000001c0)=@ethtool_drvinfo={0x3, "fb73fedf1e4fa103075039740000fa730b000200", "8d254475783a22d45063a182713167e313c87c347e1f4a655d6343256aa5945a", "2f6d1f536584e741184edeabc72c558691eabc7309e18b903e1ebb7b66c5fd3c", "c97801db9cb01b2d8aed0afe8fd867073942276dbc17aa368a0486e2e8ca7d24", "fc0000005853a17e969b131a4fc9c57658c649a6b2bfc5dff7e55f18d936c6f7", "78469bc9060706aa2763fb23"}})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'})
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0)
close(r2)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$alg(r4, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
read$alg(r4, &(0x7f0000000100)=""/88, 0x58)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200))
ioctl$SIOCSIFHWADDR(r2, 0x8b05, &(0x7f0000000000)={'wlan1\x00', @broadcast})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
listen(r5, 0x0)
accept4$rose(r5, 0x0, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@getaddr={0x14, 0x16, 0x100, 0x70bd25, 0x25dfdbfc, {}, ["", ""]}, 0x14}, 0x1, 0xba01, 0x0, 0x84}, 0x0)

252.928334ms ago: executing program 0 (id=138):
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
listen(0xffffffffffffffff, 0xcbe)
r3 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r3, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x0, {0x41}}, 0x10, 0x0}, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x20001439)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002ff8000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d10bfe150a7487535f7866907dc6751dfb265a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59de7621e348955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8ae190a1fb5a315f8347fb0379659500000000000000000000000000000000000000002fdf0193ec79c90ed210ebc2fbed6d4216770c1b0dec886b388d138c2b69c6aacb714e7264093061c660a5100b7cc165889eb94c8d7c77b6fa06f1a4f8e4a6b6cb37e319c5c22f276b03cae853f42b07ca0b03b1eb32a6b1a81cd511fd0b59d57a11c6a3ebf9731464ad21f07f618efc31023ac60007426162b57e803519954d7c956fda392fa84be38e937d36af1c35138e05a9e8d6dc0272de72c41500000000304402e22af23437126f330f8eb4075daaeae3134ece35cd86d95bd9836bd186c4b6565e967a4e3e86f299b7400994ba136b4eccf3b0f001a266c0d160b3ce1182001d64b52a5ce7f506295d59eea6903b84ffbabf5a5b91c1d6ecce8728a224aec66c610e3becd60a35e848c224f8251947eed20e2b612cb099bfe8924d33ba7f0691fed04a43e9c64b7a1e3165e86cdb9871c678a6bbb14821f441c6c14d1bd78d8ffdfea12c19ea04264335d60b6b7a7da6fb83f33101db32f6ab137d943dd3c1e8db9f3e1263573dc721ae82fe0bc63598751a5092c9f7dbfc39d564834e3703492c2a651643d8ce5c36d97a4812cf73fc8ea0d68d7489cfcb0176"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r5}, 0xb)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000300), 0x20022, 0x0)
close(r4)
writev(r6, &(0x7f0000000840)=[{&(0x7f0000000280)="fa8e", 0x2}], 0x1)
syz_io_uring_setup(0xd2, 0x0, &(0x7f0000000040), &(0x7f0000000080))

190.827428ms ago: executing program 1 (id=139):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1d00000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b210000000000e4ff14592bf7073efb4c4036a94e852993954df0771e73fe9267aaa92600000000000000000039b66369636da4b9f1571928e5bf155f2a714cf8bac1cb133ccffa81fa11d8", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
setgroups(0x0, 0x0)
mlockall(0x1)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(0xffffffffffffffff, 0x8927, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000500)=ANY=[], &(0x7f00000004c0)='syzkaller\x00', 0x11, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(0xffffffffffffffff, 0xc25c4110, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfe200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x14, 0xc, &(0x7f00000004c0)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ffffffff850000002d000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
stat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESDEC, @ANYRESOCT])
read$FUSE(0xffffffffffffffff, &(0x7f0000000a00)={0x2020}, 0xffffffffffffffc0)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0, <r6=>0x0}, &(0x7f00000001c0)=0x9)
lchown(&(0x7f0000000100)='./file0\x00', 0x0, r6)
setgroups(0x2, &(0x7f0000000100)=[r6, 0x0])
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r8, 0x4040ae79, &(0x7f00000005c0)={0xffffffffffffff0c, 0x3000, 0x4, 0xffffffffffffffff, 0x1})
getgroups(0x4, &(0x7f0000000400)=[r4, r6, 0x0, 0xee01])
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='spmi_write_begin\x00', r3}, 0x18)
munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0)

69.109191ms ago: executing program 3 (id=140):
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = epoll_create(0x400) (async)
r1 = eventfd(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000))
syz_open_procfs(0x0, &(0x7f00000001c0)='fdinfo/3\x00') (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket(0x10, 0x803, 0x0) (async)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
socket$inet_udp(0x2, 0x2, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket(0x11, 0x80a, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0) (async)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000840))
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000e40)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x8, 0x5ac, 0x24e, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x6, 0x40, 0x1, [{{0x9, 0x4, 0x0, 0x1, 0x1, 0x3, 0x1, 0x2, 0xaa, {0x9, 0x21, 0xff00, 0xa, 0x1, {0x22, 0xfa4}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x7f, 0x3, 0x3a}}}}}]}}]}}, 0x0) (async)
socket$pppl2tp(0x18, 0x1, 0x1)
fsopen(&(0x7f0000000740)='devtmpfs\x00', 0x0) (async)
syz_io_uring_setup(0x2293, &(0x7f0000000400)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0) (async)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
memfd_create(&(0x7f00000005c0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'\b\x00\x00\x00\x00\x00\x00\x00\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6&\xd0\x9daA\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xe2\x05\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\xbd\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7\x8en\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xef\x03Ga\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcaf2\x02F1\xc6\x82\x00E\xae\x9d\x17\x871N:\xb4\xea \x8e\xdelP\x83\x1f\'\xe2\xd6\xc0\xc3\xfc\xc9677u\xf3RUP@o>\xee\xb8\xa3\t\x02\xb7\\,\xebK\xed\x1b\xc9e\xb3\x16\xce\x9bI\xdb\xfa\x82\x85\t\x9bg\xd0s\xe2\f{\x8cp~;\xf8\x96\xf2\x91\x06\x89\xa6D\xce\xac\x03\xc1\x83\xd1\xe6 |\xa75\xd7\x80t\xfc\xf8\xd2\x12N\x1cB7^\xfd4\xae\xb0VFw\b!\xae\x1baTv\xc0z\x19\xc5\xc8w\xba\x97N\x9a`\x8f\xfc\x9ee\xf9\x00\x1cQA\x14]\r\xd4\"\xc2\x12GD\xdb{\x88\xaa\x81\xc8\xa2\xdeI\xa2\xbel\x0e\xec\x17fNI\x05\xff\x8d\xf4_\x1a\vqA\xb7\x0ed<\x98\xee\xb8\x19\xec\x9f\xee\xe1_\xacG\x8b\xa3\xc3\x13\x80\x0f\xf4I\xdeAwG\xbdkno\xa2\b\x126\x97\x9b\xf9|P\xd94\v\x15\xcb\xc0\x9d\x11\xf3\x18\xae!2\x1b\x12\xa9\xc8~\xb7S\x94\xb5\xc7;\xa90D>s\xe9\xa4N\xf8\xdb\xab\xa0\x94~\xa1]b\xa4\xe5\xe2e\x1c\x8b\xd2\xc7Md\x93\x02\xd8\xb0,\xeb\x03\xaa\v\xed\x9bR\x8a\x80\xc2\x1f\x17ej\x973wv\x83a\xe06\x96\xde\xbc%Uh;H\xf8S\xf1\xa1g\x02\xc4\xc3\xa4\xa8\x96\t\xfex\xa2?\xcb\\Y\x1e\xfe\xca\xa0i\x80O\x11\xac\xb7$\xdb\xbc\xb0\xcb\xacqU\xb5*\x00\x00\x00\x00\x00\x00\x00\f\xda\xf8oV\x89\xd3\x1f\x99+\xe5T\x8eM4\x1c\xc6\x7f\xd4\xf2\xcc\xd3\x94\xca\xd4\x00\x00\x00\x00\x00\x00\x00\x00\x00~A9\xf6IBu2L\x9e\xa2\xd0\x92\xd1\xbc\xb8\tJ\xa1\aN\x87\x95\xbb\xa9s\xab\x90\x06\xc6!p\x9e?~\xf9\xe6\xae*\v\xa3\xd9gxKN\'z]*\x93\xf7\b\x91\xd0\xff\xd9\xc6a\xb5q\x9c\xa1Go\xd58\x93\xe0,\x9f\xe4\xa9\xd9A\x9e\x95e\x98\xd0V\x9d\xed\x97\xf1\xc5\xce\xf5\x90!d\x9a\xd8\x10\xbbx\r8\xff\x8bNUK\xebA\xe5\x92f\xc4\xd1\xa8\x15\xbf\xb5iW\xdb.kbf*\x89\xf0\xecq m-~\xbbf?\xec=\xd2\xe2\x1e\x8d/o\xcd\xc8x\xdb\xe6\xd0W\xca\xc5kz\x8e9\xfa\x86\x0f\x96p', 0x3) (async)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x1}) (async)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)) (async)
write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[], 0x118) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})

269.949µs ago: executing program 2 (id=141):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000180), 0x8382, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = socket(0x1a, 0x3, 0xff)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000a850000000f000000850000009e0000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r3, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r4 = open(&(0x7f00000005c0)='./bus\x00', 0x145842, 0x0)
pwritev2(r4, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x100000}], 0x2, 0x0, 0x0, 0xb)

0s ago: executing program 3 (id=142):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0x10, &(0x7f0000000600)=ANY=[@ANYRES16, @ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f00000005c0)=[{0x0, 0x1, 0x4, 0x8}], 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x6, &(0x7f0000000640)=0x1ff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(0xffffffffffffffff, 0x80045530, &(0x7f0000000380)=""/214)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000740)=0x2)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x2d41, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
prctl$PR_GET_TSC(0x43, &(0x7f0000000040))
brk(0x55555ede6000)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000280), 0x8400, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00')
fchdir(r3)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
write(0xffffffffffffffff, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/custom1\x00')
ioctl$SOUND_MIXER_READ_STEREODEVS(r2, 0x80044dfb, &(0x7f00000002c0))
r4 = syz_open_dev$sndctrl(&(0x7f0000000240), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc2c45513, &(0x7f0000000280)={{0xc, 0x1, 0x80000}, 0x0, [0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x10, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4000, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1007, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x800003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6b76f8d5, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x7, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2, 0x4]})
syz_open_dev$MSR(&(0x7f0000000000), 0x9, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:56170' (ED25519) to the list of known hosts.
[   33.645786][ T5878] cgroup: Unknown subsys name 'net'
[   33.747603][ T5878] cgroup: Unknown subsys name 'cpuset'
[   33.751176][ T5878] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   34.529501][ T5878] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   37.281829][ T5963] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   37.284682][ T5963] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   37.286992][ T5963] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   37.289168][ T5963] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   37.291212][ T5963] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   37.293199][ T5963] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   37.294794][ T5965] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   37.298491][ T5965] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   37.300857][ T5965] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   37.303795][ T5966] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   37.305891][ T5965] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   37.309926][ T5965] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   37.310913][ T5966] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   37.312418][ T5965] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   37.313944][ T5966] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   37.316075][ T5965] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   37.319704][ T5965] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   37.321861][ T5965] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   37.350817][ T5327] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   37.353278][ T5327] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   37.355836][ T5327] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   37.358006][ T5327] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   37.360671][ T5327] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   37.362723][ T5327] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   37.441123][ T5960] chnl_net:caif_netlink_parms(): no params data found
[   37.545153][ T5960] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.547662][ T5960] bridge0: port 1(bridge_slave_0) entered disabled state
[   37.550270][ T5960] bridge_slave_0: entered allmulticast mode
[   37.552309][ T5960] bridge_slave_0: entered promiscuous mode
[   37.558115][ T5960] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.559989][ T5960] bridge0: port 2(bridge_slave_1) entered disabled state
[   37.561872][ T5960] bridge_slave_1: entered allmulticast mode
[   37.563861][ T5960] bridge_slave_1: entered promiscuous mode
[   37.586219][ T5968] chnl_net:caif_netlink_parms(): no params data found
[   37.591180][ T5959] chnl_net:caif_netlink_parms(): no params data found
[   37.608606][ T5960] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   37.614720][ T5960] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   37.688001][ T5960] team0: Port device team_slave_0 added
[   37.696892][ T5959] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.698741][ T5959] bridge0: port 1(bridge_slave_0) entered disabled state
[   37.700636][ T5959] bridge_slave_0: entered allmulticast mode
[   37.702618][ T5959] bridge_slave_0: entered promiscuous mode
[   37.721577][ T5960] team0: Port device team_slave_1 added
[   37.731267][ T5959] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.733199][ T5959] bridge0: port 2(bridge_slave_1) entered disabled state
[   37.735269][ T5959] bridge_slave_1: entered allmulticast mode
[   37.737611][ T5959] bridge_slave_1: entered promiscuous mode
[   37.750478][ T5972] chnl_net:caif_netlink_parms(): no params data found
[   37.755782][ T5968] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.757730][ T5968] bridge0: port 1(bridge_slave_0) entered disabled state
[   37.759743][ T5968] bridge_slave_0: entered allmulticast mode
[   37.761788][ T5968] bridge_slave_0: entered promiscuous mode
[   37.784275][ T5959] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   37.797732][ T5968] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.799673][ T5968] bridge0: port 2(bridge_slave_1) entered disabled state
[   37.801575][ T5968] bridge_slave_1: entered allmulticast mode
[   37.803779][ T5968] bridge_slave_1: entered promiscuous mode
[   37.814273][ T5960] batman_adv: batadv0: Adding interface: batadv_slave_0
[   37.816738][ T5960] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   37.823339][ T5960] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   37.828035][ T5959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   37.844656][ T5968] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   37.847522][ T5960] batman_adv: batadv0: Adding interface: batadv_slave_1
[   37.849471][ T5960] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   37.856160][ T5960] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   37.879115][ T5968] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   37.893674][ T5972] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.895895][ T5972] bridge0: port 1(bridge_slave_0) entered disabled state
[   37.897838][ T5972] bridge_slave_0: entered allmulticast mode
[   37.900161][ T5972] bridge_slave_0: entered promiscuous mode
[   37.926903][ T5972] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.928934][ T5972] bridge0: port 2(bridge_slave_1) entered disabled state
[   37.930819][ T5972] bridge_slave_1: entered allmulticast mode
[   37.932862][ T5972] bridge_slave_1: entered promiscuous mode
[   37.945119][ T5959] team0: Port device team_slave_0 added
[   37.948097][ T5968] team0: Port device team_slave_0 added
[   37.950768][ T5968] team0: Port device team_slave_1 added
[   37.961850][ T5972] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   37.965684][ T5959] team0: Port device team_slave_1 added
[   37.999887][ T5972] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   38.019636][ T5960] hsr_slave_0: entered promiscuous mode
[   38.021938][ T5960] hsr_slave_1: entered promiscuous mode
[   38.024669][ T5968] batman_adv: batadv0: Adding interface: batadv_slave_0
[   38.027093][ T5968] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.033657][ T5968] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   38.051813][ T5959] batman_adv: batadv0: Adding interface: batadv_slave_0
[   38.053847][ T5959] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.061335][ T5959] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   38.066066][ T5959] batman_adv: batadv0: Adding interface: batadv_slave_1
[   38.067900][ T5959] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.074495][ T5959] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   38.079368][ T5968] batman_adv: batadv0: Adding interface: batadv_slave_1
[   38.081185][ T5968] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.088181][ T5968] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   38.093154][ T5972] team0: Port device team_slave_0 added
[   38.109717][ T5972] team0: Port device team_slave_1 added
[   38.156422][ T5972] batman_adv: batadv0: Adding interface: batadv_slave_0
[   38.158270][ T5972] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.165047][ T5972] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   38.169889][ T5972] batman_adv: batadv0: Adding interface: batadv_slave_1
[   38.171721][ T5972] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.178620][ T5972] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   38.191885][ T5968] hsr_slave_0: entered promiscuous mode
[   38.193804][ T5968] hsr_slave_1: entered promiscuous mode
[   38.196385][ T5968] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   38.198508][ T5968] Cannot create hsr debugfs directory
[   38.214434][ T5959] hsr_slave_0: entered promiscuous mode
[   38.216563][ T5959] hsr_slave_1: entered promiscuous mode
[   38.218448][ T5959] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   38.220539][ T5959] Cannot create hsr debugfs directory
[   38.281463][ T5972] hsr_slave_0: entered promiscuous mode
[   38.283470][ T5972] hsr_slave_1: entered promiscuous mode
[   38.285899][ T5972] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   38.287990][ T5972] Cannot create hsr debugfs directory
[   38.383743][ T5960] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   38.391045][ T5960] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   38.406156][ T5960] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   38.412778][ T5960] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   38.433302][ T5959] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   38.437414][ T5959] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   38.445716][ T5960] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.447682][ T5960] bridge0: port 2(bridge_slave_1) entered forwarding state
[   38.449917][ T5960] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.451789][ T5960] bridge0: port 1(bridge_slave_0) entered forwarding state
[   38.454985][ T5959] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   38.458971][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.462137][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.485773][ T5959] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   38.496598][ T5968] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   38.499902][ T5968] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   38.503119][ T5968] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   38.507527][ T5968] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   38.535252][ T5972] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   38.538735][ T5972] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   38.550750][ T5972] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   38.553841][ T5972] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   38.581921][ T5960] 8021q: adding VLAN 0 to HW filter on device bond0
[   38.602216][ T5960] 8021q: adding VLAN 0 to HW filter on device team0
[   38.608327][ T5959] 8021q: adding VLAN 0 to HW filter on device bond0
[   38.618312][   T91] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.620228][   T91] bridge0: port 1(bridge_slave_0) entered forwarding state
[   38.630830][   T91] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.633492][   T91] bridge0: port 2(bridge_slave_1) entered forwarding state
[   38.648084][ T5959] 8021q: adding VLAN 0 to HW filter on device team0
[   38.657797][ T5968] 8021q: adding VLAN 0 to HW filter on device bond0
[   38.667006][   T91] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.668929][   T91] bridge0: port 1(bridge_slave_0) entered forwarding state
[   38.676698][ T5968] 8021q: adding VLAN 0 to HW filter on device team0
[   38.686005][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.687890][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   38.690473][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.692324][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   38.694839][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.696763][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   38.701671][ T5972] 8021q: adding VLAN 0 to HW filter on device bond0
[   38.726102][ T5972] 8021q: adding VLAN 0 to HW filter on device team0
[   38.733296][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.735246][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   38.744176][ T5959] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   38.748815][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.750891][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   38.780921][ T5972] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   38.786559][ T5960] 8021q: adding VLAN 0 to HW filter on device batadv0
[   38.812241][ T5960] veth0_vlan: entered promiscuous mode
[   38.820206][ T5960] veth1_vlan: entered promiscuous mode
[   38.827135][ T5959] 8021q: adding VLAN 0 to HW filter on device batadv0
[   38.838946][ T5968] 8021q: adding VLAN 0 to HW filter on device batadv0
[   38.846291][ T5960] veth0_macvtap: entered promiscuous mode
[   38.850517][ T5960] veth1_macvtap: entered promiscuous mode
[   38.863236][ T5960] batman_adv: batadv0: Interface activated: batadv_slave_0
[   38.872496][ T5968] veth0_vlan: entered promiscuous mode
[   38.878601][ T5960] batman_adv: batadv0: Interface activated: batadv_slave_1
[   38.884795][ T5959] veth0_vlan: entered promiscuous mode
[   38.888095][ T5968] veth1_vlan: entered promiscuous mode
[   38.894641][ T5960] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   38.897264][ T5960] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   38.899574][ T5960] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   38.901896][ T5960] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   38.908634][ T5959] veth1_vlan: entered promiscuous mode
[   38.911212][ T5972] 8021q: adding VLAN 0 to HW filter on device batadv0
[   38.926991][ T5968] veth0_macvtap: entered promiscuous mode
[   38.931148][ T5968] veth1_macvtap: entered promiscuous mode
[   38.951035][ T5968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   38.953819][ T5968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.957592][ T5968] batman_adv: batadv0: Interface activated: batadv_slave_0
[   38.960621][ T5959] veth0_macvtap: entered promiscuous mode
[   38.960848][ T1136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   38.964419][ T1136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   38.966499][ T5968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   38.969296][ T5968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.972342][ T5968] batman_adv: batadv0: Interface activated: batadv_slave_1
[   38.979708][ T5959] veth1_macvtap: entered promiscuous mode
[   38.982222][ T5968] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   38.984500][ T5968] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   38.987321][ T5968] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   38.989628][ T5968] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   39.006162][ T5972] veth0_vlan: entered promiscuous mode
[   39.008566][ T1136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   39.011123][ T1136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   39.018254][ T5959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   39.020979][ T5959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.023558][ T5959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   39.027017][ T5959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.030108][ T5959] batman_adv: batadv0: Interface activated: batadv_slave_0
[   39.032291][ T5972] veth1_vlan: entered promiscuous mode
[   39.042269][ T5959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   39.045840][ T5959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.048415][ T5959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   39.051118][ T5959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.054589][ T5959] batman_adv: batadv0: Interface activated: batadv_slave_1
[   39.060997][ T5960] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   39.066761][   T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   39.068891][   T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   39.071574][ T5959] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   39.073929][ T5959] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   39.076827][ T5959] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   39.079104][ T5959] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   39.114135][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   39.118299][   T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   39.118311][   T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   39.118574][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   39.126109][ T5972] veth0_macvtap: entered promiscuous mode
[   39.130910][ T5972] veth1_macvtap: entered promiscuous mode
[   39.138719][   T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   39.141439][   T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   39.149274][ T5972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   39.152065][ T5972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.154706][ T5972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   39.157817][ T5972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.160429][ T5972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   39.163715][ T5972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.167766][ T5972] batman_adv: batadv0: Interface activated: batadv_slave_0
[   39.172884][ T5972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   39.176053][ T5972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.178605][ T5972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   39.181305][ T5972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.185865][ T5972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   39.188548][ T5972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.192085][ T5972] batman_adv: batadv0: Interface activated: batadv_slave_1
[   39.196193][ T5972] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   39.198482][ T5972] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   39.200730][ T5972] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   39.203624][ T5972] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   39.234277][ T1136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   39.238551][ T1136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   39.248339][   T91] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   39.250391][   T91] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   39.255407][    T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!!
[   39.265118][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   39.295230][    T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!!
[   39.311032][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   39.324349][ T6027] bridge1: entered promiscuous mode
[   39.333831][ T5327] Bluetooth: hci1: command tx timeout
[   39.345536][ T5965] Bluetooth: hci0: command tx timeout
[   39.410167][ T5327] Bluetooth: hci3: command tx timeout
[   39.412648][ T5327] Bluetooth: hci2: command tx timeout
[   39.687256][ T6032] NILFS (nullb0): couldn't find nilfs on the device
[   39.720697][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   39.870697][ T6037] wireguard0: entered promiscuous mode
[   39.872452][ T6037] wireguard0: entered allmulticast mode
[   39.925596][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   39.927887][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   40.232514][ T6041] input: syz0 as /devices/virtual/input/input5
[   40.373448][ T6048] syz.0.9 uses obsolete (PF_INET,SOCK_PACKET)
[   40.466719][ T6045] usb usb9: usbfs: process 6045 (syz.2.8) did not claim interface 10 before use
[   40.484443][ T6053] netlink: 24 bytes leftover after parsing attributes in process `syz.0.11'.
[   40.492715][ T6045] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   40.496345][ T6045] batadv_slave_0: entered promiscuous mode
[   40.502674][ T6053] netlink: 'syz.0.11': attribute type 9 has an invalid length.
[   40.546414][ T6057] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   40.555293][ T6057] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   40.558687][ T6057] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[   41.228143][ T6076] binder: 6075:6076 ioctl c0306201 20000080 returned -14
[   41.405734][ T5965] Bluetooth: hci1: command tx timeout
[   41.407209][ T5965] Bluetooth: hci0: command tx timeout
[   41.461517][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   41.485166][ T5327] Bluetooth: hci2: command tx timeout
[   41.485493][ T5965] Bluetooth: hci3: command tx timeout
[   41.496847][ T6084] syz.1.19: attempt to access beyond end of device
[   41.496847][ T6084] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0
[   41.500350][ T6084] syz.1.19: attempt to access beyond end of device
[   41.500350][ T6084] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0
[   41.503656][ T6084] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[   41.506989][ T6084] syz.1.19: attempt to access beyond end of device
[   41.506989][ T6084] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0
[   41.510297][ T6084] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[   41.512713][ T6084] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found
[   41.514679][ T6084] UDF-fs: Scanning with blocksize 512 failed
[   41.517177][ T6084] syz.1.19: attempt to access beyond end of device
[   41.517177][ T6084] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0
[   41.521317][ T6084] syz.1.19: attempt to access beyond end of device
[   41.521317][ T6084] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0
[   41.524568][ T6084] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[   41.527953][ T6084] syz.1.19: attempt to access beyond end of device
[   41.527953][ T6084] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0
[   41.531237][ T6084] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[   41.533679][ T6084] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found
[   41.535696][ T6084] UDF-fs: Scanning with blocksize 1024 failed
[   41.537834][ T6084] syz.1.19: attempt to access beyond end of device
[   41.537834][ T6084] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0
[   41.541127][ T6084] syz.1.19: attempt to access beyond end of device
[   41.541127][ T6084] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0
[   41.544428][ T6084] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[   41.547008][ T6084] syz.1.19: attempt to access beyond end of device
[   41.547008][ T6084] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0
[   41.550328][ T6084] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[   41.552763][ T6084] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found
[   41.554744][ T6084] UDF-fs: Scanning with blocksize 2048 failed
[   41.556761][ T6084] syz.1.19: attempt to access beyond end of device
[   41.556761][ T6084] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[   41.560057][ T6084] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[   41.562529][ T6084] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[   41.565776][ T6084] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found
[   41.567727][ T6084] UDF-fs: Scanning with blocksize 4096 failed
[   41.569336][ T6084] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[   41.871130][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   41.873350][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   42.042531][ T6093] netlink: 8 bytes leftover after parsing attributes in process `syz.1.21'.
[   42.082530][ T6093] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   42.085286][ T6093] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   42.087631][ T6093] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   42.089949][ T6093] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   42.093211][ T6093] vxlan0: entered promiscuous mode
[   42.094875][ T6093] vxlan0: entered allmulticast mode
[   42.097487][ T6094] netlink: 8 bytes leftover after parsing attributes in process `syz.1.21'.
[   42.207932][ T6095] netlink: 24 bytes leftover after parsing attributes in process `syz.2.20'.
[   42.264099][ T6095] overlayfs: failed to resolve 'context=sysadm_u': -2
[   42.289090][ T6095] random: crng reseeded on system resumption
[   42.685325][   T25] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   42.846374][   T25] usb 8-1: Using ep0 maxpacket: 16
[   42.850578][   T25] usb 8-1: config 0 has no interfaces?
[   42.854482][   T25] usb 8-1: New USB device found, idVendor=0bfd, idProduct=0106, bcdDevice=ec.89
[   42.856912][   T25] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   42.865404][   T25] usb 8-1: Product: syz
[   42.866567][   T25] usb 8-1: Manufacturer: syz
[   42.870600][   T25] usb 8-1: SerialNumber: syz
[   42.884081][   T25] usb 8-1: config 0 descriptor??
[   42.906659][ T6107] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[   42.909545][ T6107] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[   42.913305][ T6107] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found
[   42.915508][ T6107] UDF-fs: Scanning with blocksize 512 failed
[   42.918687][ T6107] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[   42.921601][ T6107] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[   42.924260][ T6107] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found
[   42.926421][ T6107] UDF-fs: Scanning with blocksize 1024 failed
[   42.929076][ T6107] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[   42.932581][ T6107] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[   42.935565][ T6107] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found
[   42.937620][ T6107] UDF-fs: Scanning with blocksize 2048 failed
[   42.940559][ T6107] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[   42.943229][ T6107] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[   42.945842][ T6107] UDF-fs: warning (device nbd1): udf_load_vrs: No anchor found
[   42.947831][ T6107] UDF-fs: Scanning with blocksize 4096 failed
[   42.949817][ T6107] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[   43.001692][ T6110] netlink: 4 bytes leftover after parsing attributes in process `syz.1.26'.
[   43.102926][ T6101] overlayfs: missing 'lowerdir'
[   43.218634][ T6114] Process accounting resumed
[   43.449905][ T5969] usb 8-1: USB disconnect, device number 2
[   43.495834][ T5965] Bluetooth: hci0: command tx timeout
[   43.497401][ T5965] Bluetooth: hci1: command tx timeout
[   43.575170][ T5327] Bluetooth: hci3: command tx timeout
[   43.576831][ T5965] Bluetooth: hci2: command tx timeout
[   44.353510][ T6133] MINIX-fs: unable to read superblock
[   44.717416][ T6144] process 'syz.1.34' launched './file2' with NULL argv: empty string added
[   45.567402][ T5965] Bluetooth: hci0: command tx timeout
[   45.567430][ T5327] Bluetooth: hci1: command tx timeout
[   45.655072][ T5327] Bluetooth: hci2: command tx timeout
[   45.656539][ T5327] Bluetooth: hci3: command tx timeout
[   46.090661][ T6163] netlink: 4 bytes leftover after parsing attributes in process `syz.2.38'.
[   47.109012][ T6183] FAULT_INJECTION: forcing a failure.
[   47.109012][ T6183] name failslab, interval 1, probability 0, space 0, times 1
[   47.112899][ T6184] netlink: 8 bytes leftover after parsing attributes in process `syz.3.41'.
[   47.113534][ T6183] CPU: 3 UID: 0 PID: 6183 Comm: syz.1.43 Not tainted 6.12.0-syzkaller-10553-gb86545e02e8c #0
[   47.119343][ T6183] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   47.123054][ T6183] Call Trace:
[   47.124244][ T6183]  <TASK>
[   47.125292][ T6183]  dump_stack_lvl+0x16c/0x1f0
[   47.127021][ T6183]  should_fail_ex+0x497/0x5b0
[   47.128722][ T6183]  should_failslab+0xc2/0x120
[   47.130365][ T6183]  kmem_cache_alloc_noprof+0x6e/0x3b0
[   47.130748][ T6184] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   47.132229][ T6183]  ? __pskb_pull_tail+0xa78/0x1740
[   47.134407][ T6184] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   47.136219][ T6183]  ? skb_ext_add+0x5b3/0x7f0
[   47.136256][ T6183]  skb_ext_add+0x5b3/0x7f0
[   47.136284][ T6183]  secpath_set+0xfb/0x1f0
[   47.138490][ T6184] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   47.140315][ T6183]  esp6_gro_receive+0x5b1/0xfb0
[   47.141515][ T6184] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   47.143114][ T6183]  ? __pfx_esp6_gro_receive+0x10/0x10
[   47.146225][ T6184] vxlan0: entered promiscuous mode
[   47.147055][ T6183]  ? __pskb_pull_tail+0xa78/0x1740
[   47.149406][ T6184] vxlan0: entered allmulticast mode
[   47.151246][ T6183]  ? __pfx_esp6_gro_receive+0x10/0x10
[   47.158410][ T6183]  ipv6_gro_receive+0x153b/0x18a0
[   47.160137][ T6183]  ? lock_acquire+0x2f/0xb0
[   47.161707][ T6183]  ? __pfx_ipv6_gro_receive+0x10/0x10
[   47.163587][ T6183]  dev_gro_receive+0x12ca/0x2c40
[   47.165339][ T6183]  ? eth_get_headlen+0x14c/0x1f0
[   47.167108][ T6183]  ? eth_get_headlen+0x158/0x1f0
[   47.168857][ T6183]  napi_gro_frags+0x7bd/0x11d0
[   47.170519][ T6183]  ? lock_acquire+0x2f/0xb0
[   47.172098][ T6183]  ? tun_get_user+0x2b9f/0x3e30
[   47.173789][ T6183]  tun_get_user+0x2baf/0x3e30
[   47.175461][ T6183]  ? __pfx_tun_get_user+0x10/0x10
[   47.177285][ T6183]  ? find_held_lock+0x2d/0x110
[   47.178990][ T6183]  ? __pfx_lock_release+0x10/0x10
[   47.180846][ T6183]  tun_chr_write_iter+0xdc/0x210
[   47.182616][ T6183]  do_iter_readv_writev+0x532/0x7f0
[   47.184593][ T6183]  ? __pfx_do_iter_readv_writev+0x10/0x10
[   47.186671][ T6183]  ? bpf_lsm_file_permission+0x9/0x10
[   47.188544][ T6183]  ? security_file_permission+0x71/0x210
[   47.190482][ T6183]  vfs_writev+0x363/0xdd0
[   47.192048][ T6183]  ? find_held_lock+0x2d/0x110
[   47.193756][ T6183]  ? __pfx_vfs_writev+0x10/0x10
[   47.195495][ T6183]  ? find_held_lock+0x2d/0x110
[   47.197219][ T6183]  ? __pfx_lock_release+0x10/0x10
[   47.198992][ T6183]  ? trace_lock_acquire+0x146/0x1e0
[   47.200783][ T6183]  ? __fget_files+0x206/0x3a0
[   47.202435][ T6183]  ? do_writev+0x133/0x340
[   47.203953][ T6183]  do_writev+0x133/0x340
[   47.205389][ T6183]  ? __pfx_do_writev+0x10/0x10
[   47.207021][ T6183]  __do_fast_syscall_32+0x73/0x120
[   47.208789][ T6183]  do_fast_syscall_32+0x32/0x80
[   47.210439][ T6183]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   47.212557][ T6183] RIP: 0023:0xf7fc5579
[   47.213967][ T6183] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   47.220374][ T6183] RSP: 002b:00000000f512557c EFLAGS: 00000292 ORIG_RAX: 0000000000000092
[   47.223297][ T6183] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000200002c0
[   47.225720][ T6183] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[   47.227809][ T6183] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   47.229744][ T6183] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   47.231799][ T6183] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   47.233761][ T6183]  </TASK>
[   47.235573][   T63] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   47.262917][ T6184] netlink: 8 bytes leftover after parsing attributes in process `syz.3.41'.
[   47.395104][   T63] usb 5-1: Using ep0 maxpacket: 16
[   47.401249][   T63] usb 5-1: config 0 has no interfaces?
[   47.418166][   T63] usb 5-1: New USB device found, idVendor=0bfd, idProduct=0106, bcdDevice=ec.89
[   47.421226][   T63] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   47.423920][   T63] usb 5-1: Product: syz
[   47.425960][   T63] usb 5-1: Manufacturer: syz
[   47.427498][   T63] usb 5-1: SerialNumber: syz
[   47.430527][   T63] usb 5-1: config 0 descriptor??
[   47.508044][ T6188] netlink: 24 bytes leftover after parsing attributes in process `syz.1.44'.
[   47.513361][ T6188] overlayfs: failed to resolve 'context=sysadm_u': -2
[   47.516867][ T6188] random: crng reseeded on system resumption
[   47.647806][ T6176] overlayfs: missing 'lowerdir'
[   47.765463][ T6189] Process accounting resumed
[   48.017752][ T6193] netlink: 'syz.2.46': attribute type 21 has an invalid length.
[   48.019855][ T6193] netlink: 128 bytes leftover after parsing attributes in process `syz.2.46'.
[   48.022222][ T6193] netlink: 'syz.2.46': attribute type 4 has an invalid length.
[   48.024188][ T6193] netlink: 'syz.2.46': attribute type 3 has an invalid length.
[   48.026204][ T6193] netlink: 3 bytes leftover after parsing attributes in process `syz.2.46'.
[   48.038679][ T6195] netlink: 'syz.2.46': attribute type 21 has an invalid length.
[   48.040820][ T6195] netlink: 128 bytes leftover after parsing attributes in process `syz.2.46'.
[   48.044053][ T6195] netlink: 'syz.2.46': attribute type 4 has an invalid length.
[   48.048202][ T6195] netlink: 'syz.2.46': attribute type 3 has an invalid length.
[   48.050446][ T6195] netlink: 3 bytes leftover after parsing attributes in process `syz.2.46'.
[   48.062129][ T6198] usb usb8: usbfs: process 6198 (syz.3.45) did not claim interface 0 before use
[   48.156766][ T6200] netlink: 36 bytes leftover after parsing attributes in process `syz.2.47'.
[   48.229220][ T3228] usb 5-1: USB disconnect, device number 2
[   48.328417][ T6205] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   48.353654][ T6202] netlink: 4 bytes leftover after parsing attributes in process `syz.2.48'.
[   48.593545][ T6216] FAULT_INJECTION: forcing a failure.
[   48.593545][ T6216] name failslab, interval 1, probability 0, space 0, times 0
[   48.597058][ T6216] CPU: 3 UID: 0 PID: 6216 Comm: syz.2.52 Not tainted 6.12.0-syzkaller-10553-gb86545e02e8c #0
[   48.599684][ T6216] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   48.602547][ T6216] Call Trace:
[   48.603451][ T6216]  <TASK>
[   48.604231][ T6216]  dump_stack_lvl+0x16c/0x1f0
[   48.605652][ T6216]  should_fail_ex+0x497/0x5b0
[   48.606811][ T6216]  should_failslab+0xc2/0x120
[   48.608018][ T6216]  kmem_cache_alloc_noprof+0x6e/0x3b0
[   48.609495][ T6216]  ? __pskb_pull_tail+0xa78/0x1740
[   48.610805][ T6216]  ? skb_ext_add+0x5b3/0x7f0
[   48.612056][ T6216]  skb_ext_add+0x5b3/0x7f0
[   48.613242][ T6216]  secpath_set+0xfb/0x1f0
[   48.614379][ T6216]  esp6_gro_receive+0x5b1/0xfb0
[   48.615805][ T6216]  ? __pfx_esp6_gro_receive+0x10/0x10
[   48.617286][ T6216]  ? __pskb_pull_tail+0xa78/0x1740
[   48.618629][ T6216]  ? __pfx_esp6_gro_receive+0x10/0x10
[   48.620119][ T6216]  ipv6_gro_receive+0x153b/0x18a0
[   48.621431][ T6216]  ? lock_acquire+0x2f/0xb0
[   48.622634][ T6216]  ? __pfx_ipv6_gro_receive+0x10/0x10
[   48.624083][ T6216]  dev_gro_receive+0x12ca/0x2c40
[   48.625347][ T6216]  ? eth_get_headlen+0x14c/0x1f0
[   48.626665][ T6216]  ? eth_get_headlen+0x158/0x1f0
[   48.628053][ T6216]  napi_gro_frags+0x7bd/0x11d0
[   48.629321][ T6216]  ? lock_acquire+0x2f/0xb0
[   48.630513][ T6216]  ? tun_get_user+0x2b9f/0x3e30
[   48.631804][ T6216]  tun_get_user+0x2baf/0x3e30
[   48.633053][ T6216]  ? __pfx_tun_get_user+0x10/0x10
[   48.634389][ T6216]  ? find_held_lock+0x2d/0x110
[   48.635792][ T6216]  ? __pfx_lock_release+0x10/0x10
[   48.637286][ T6216]  tun_chr_write_iter+0xdc/0x210
[   48.638593][ T6216]  do_iter_readv_writev+0x532/0x7f0
[   48.640031][ T6216]  ? __pfx_do_iter_readv_writev+0x10/0x10
[   48.641605][ T6216]  ? bpf_lsm_file_permission+0x9/0x10
[   48.643015][ T6216]  ? security_file_permission+0x71/0x210
[   48.644472][ T6216]  vfs_writev+0x363/0xdd0
[   48.645638][ T6216]  ? find_held_lock+0x2d/0x110
[   48.646974][ T6216]  ? __pfx_vfs_writev+0x10/0x10
[   48.648253][ T6216]  ? find_held_lock+0x2d/0x110
[   48.649486][ T6216]  ? __pfx_lock_release+0x10/0x10
[   48.650868][ T6216]  ? trace_lock_acquire+0x146/0x1e0
[   48.652246][ T6216]  ? __fget_files+0x206/0x3a0
[   48.653471][ T6216]  ? do_writev+0x133/0x340
[   48.654583][ T6216]  do_writev+0x133/0x340
[   48.655792][ T6216]  ? __pfx_do_writev+0x10/0x10
[   48.657082][ T6216]  __do_fast_syscall_32+0x73/0x120
[   48.658430][ T6216]  do_fast_syscall_32+0x32/0x80
[   48.659739][ T6216]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   48.661459][ T6216] RIP: 0023:0xf7fa3579
[   48.662550][ T6216] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   48.667694][ T6216] RSP: 002b:00000000f510557c EFLAGS: 00000292 ORIG_RAX: 0000000000000092
[   48.669888][ T6216] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000200002c0
[   48.672070][ T6216] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[   48.674146][ T6216] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   48.676495][ T6216] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   48.678567][ T6216] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   48.680721][ T6216]  </TASK>
[   50.338217][ T6234] orangefs_mount: mount request failed with -4
[   50.484519][ T6246] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   50.516024][ T6247] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0.
[   50.521874][ T6246] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0.
[   51.015167][ T6261] Zero length message leads to an empty skb
[   51.213845][ T6271] IPVS: set_ctl: invalid protocol: 60 172.20.20.170:20003
[   51.226037][ T6272] FAULT_INJECTION: forcing a failure.
[   51.226037][ T6272] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   51.229727][ T6272] CPU: 3 UID: 0 PID: 6272 Comm: syz.2.64 Not tainted 6.12.0-syzkaller-10553-gb86545e02e8c #0
[   51.232366][ T6272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   51.235238][ T6272] Call Trace:
[   51.236145][ T6272]  <TASK>
[   51.236933][ T6272]  dump_stack_lvl+0x16c/0x1f0
[   51.238180][ T6272]  should_fail_ex+0x497/0x5b0
[   51.239427][ T6272]  _copy_to_user+0x32/0xd0
[   51.240618][ T6272]  simple_read_from_buffer+0xd0/0x160
[   51.242143][ T6272]  proc_fail_nth_read+0x198/0x270
[   51.243461][ T6272]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   51.244899][ T6272]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   51.246327][ T6272]  vfs_read+0x1df/0xbe0
[   51.247420][ T6272]  ? __fget_files+0x1fc/0x3a0
[   51.248639][ T6272]  ? __pfx___mutex_lock+0x10/0x10
[   51.249968][ T6272]  ? __pfx_vfs_read+0x10/0x10
[   51.251206][ T6272]  ? __fget_files+0x206/0x3a0
[   51.252439][ T6272]  ksys_read+0x12b/0x250
[   51.253530][ T6272]  ? __pfx_ksys_read+0x10/0x10
[   51.254800][ T6272]  __do_fast_syscall_32+0x73/0x120
[   51.256161][ T6272]  do_fast_syscall_32+0x32/0x80
[   51.257443][ T6272]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   51.259090][ T6272] RIP: 0023:0xf7fa3579
[   51.260161][ T6272] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   51.265112][ T6272] RSP: 002b:00000000f51055b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   51.267281][ T6272] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f5105620
[   51.269406][ T6272] RDX: 000000000000000f RSI: 00000000f7430ff4 RDI: 0000000000000000
[   51.271614][ T6272] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   51.273679][ T6272] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[   51.275783][ T6272] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   51.277849][ T6272]  </TASK>
[   51.978552][   T39] audit: type=1326 audit(1732800738.778:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6299 comm="syz.0.72" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f44579 code=0x0
[   52.292063][ T6305] __nla_validate_parse: 4 callbacks suppressed
[   52.292106][ T6305] netlink: 36 bytes leftover after parsing attributes in process `syz.2.73'.
[   52.406425][ T6311] tipc: Started in network mode
[   52.407754][ T6311] tipc: Node identity ac1414aa, cluster identity 4711
[   52.410382][ T6311] tipc: Enabled bearer <udp:s>, priority 10
[   52.415790][ T6312] netlink: 4 bytes leftover after parsing attributes in process `syz.2.75'.
[   52.419500][ T6312] netlink: 20 bytes leftover after parsing attributes in process `syz.2.75'.
[   52.598558][ T6318] netlink: 'syz.1.78': attribute type 1 has an invalid length.
[   52.604583][ T6312] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   52.606666][ T6312] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   52.618784][ T6312] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   52.623615][ T6312] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   52.626011][ T6312] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   52.629483][ T6312] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   52.635095][ T6312] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   52.637252][ T6312] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   52.640068][ T6312] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   52.647169][ T6312] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   52.649245][ T6312] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   52.652037][ T6312] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   52.660606][ T6319] trusted_key: encrypted_key: insufficient parameters specified
[   52.785485][ T6326] netlink: 36 bytes leftover after parsing attributes in process `syz.1.79'.
[   53.002941][ T6335] unsupported nlmsg_type 40
[   53.394799][ T6347] netlink: 4 bytes leftover after parsing attributes in process `syz.1.82'.
[   53.397229][ T6347] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   53.399203][ T6347] batman_adv: batadv0: Removing interface: batadv_slave_0
[   53.401897][ T6347] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   53.403881][ T6347] batman_adv: batadv0: Removing interface: batadv_slave_1
[   53.445048][ T6346] =======================================================
[   53.445048][ T6346] WARNING: The mand mount option has been deprecated and
[   53.445048][ T6346]          and is ignored by this kernel. Remove the mand
[   53.445048][ T6346]          option from the mount to silence this warning.
[   53.445048][ T6346] =======================================================
[   53.490961][ T6346] erofs (device erofs): cannot find valid erofs superblock
[   53.529234][   T35] tipc: Node number set to 2886997162
[   53.620671][ T6335] orangefs_mount: mount request failed with -4
[   53.698250][ T6355] 9pnet_virtio: no channels available for device syz
[   53.716349][ T6355] lo speed is unknown, defaulting to 1000
[   53.717968][ T6355] lo speed is unknown, defaulting to 1000
[   53.722219][ T6355] lo speed is unknown, defaulting to 1000
[   53.729067][ T6355] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   53.740586][ T6355] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   53.801782][ T6355] lo speed is unknown, defaulting to 1000
[   53.808529][ T6356] 9pnet: Could not find request transport: fdFrfdno=0x0000000000000008
[   53.813098][ T6355] lo speed is unknown, defaulting to 1000
[   53.820907][ T6355] lo speed is unknown, defaulting to 1000
[   53.825298][ T6355] lo speed is unknown, defaulting to 1000
[   53.838547][ T6359] warning: `syz.0.87' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   53.986138][ T6362] netlink: 4 bytes leftover after parsing attributes in process `syz.2.89'.
[   54.535051][ T5327] Bluetooth: hci1: command 0x0c1a tx timeout
[   54.685093][ T5327] Bluetooth: hci3: command 0x0405 tx timeout
[   54.695077][ T5965] Bluetooth: hci0: command 0x0c1a tx timeout
[   54.697089][ T5327] Bluetooth: hci2: command 0x0c1a tx timeout
[   54.759659][ T6385] input: syz0 as /devices/virtual/input/input6
[   55.931563][ T6399] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[   56.138991][ T6424] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[   56.204457][ T6435] netlink: 20 bytes leftover after parsing attributes in process `syz.1.109'.
[   56.324548][ T5327] Bluetooth: hci0: SCO packet for unknown connection handle 200
[   56.324584][ T5327] Bluetooth: hci0: SCO packet for unknown connection handle 200
[   56.605355][ T5327] Bluetooth: hci1: command 0x0c1a tx timeout
[   56.765186][ T5327] Bluetooth: hci2: command 0x0c1a tx timeout
[   56.765290][ T5965] Bluetooth: hci3: command 0x0405 tx timeout
[   57.084873][ T6459] capability: warning: `syz.3.116' uses 32-bit capabilities (legacy support in use)
[   57.161331][ T6470] netlink: 20 bytes leftover after parsing attributes in process `syz.0.118'.
[   57.578022][ T6496] binder: 6486:6496 ioctl c0046209 0 returned -22
[   58.372987][ T6511] input: syz0 as /devices/virtual/input/input7
[   58.457534][ T6521] netlink: 20 bytes leftover after parsing attributes in process `syz.3.127'.
[   58.686070][ T5965] Bluetooth: hci1: command 0x0c1a tx timeout
[   58.688554][   T56] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[   58.690275][   T56] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[   58.789410][ T6544] Bluetooth: MGMT ver 1.23
[   58.789476][ T6553] netlink: 4 bytes leftover after parsing attributes in process `syz.2.130'.
[   58.792356][ T6544] netlink: 12 bytes leftover after parsing attributes in process `syz.0.129'.
[   58.822574][ T6544] lo speed is unknown, defaulting to 1000
[   58.845093][   T66] Bluetooth: hci3: command 0x0405 tx timeout
[   58.846762][ T5327] Bluetooth: hci2: command 0x0c1a tx timeout
[   58.849134][ T6562] netlink: zone id is out of range
[   58.850859][ T6562] netlink: zone id is out of range
[   58.852196][ T6562] netlink: zone id is out of range
[   58.853720][ T6562] netlink: zone id is out of range
[   58.856074][ T6562] netlink: zone id is out of range
[   58.857401][ T6562] netlink: zone id is out of range
[   58.858837][ T6562] netlink: zone id is out of range
[   58.860133][ T6562] netlink: zone id is out of range
[   58.861464][ T6562] netlink: zone id is out of range
[   58.863056][ T6562] netlink: zone id is out of range
[   58.878388][ T6562] netlink: 'syz.2.130': attribute type 1 has an invalid length.
[   58.880519][ T6562] netlink: 'syz.2.130': attribute type 2 has an invalid length.
[   58.883180][ T6562] netlink: 'syz.2.130': attribute type 27 has an invalid length.
[   58.941849][ T6562] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.944772][ T6562] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.027757][ T6562] batadv_slave_0: left promiscuous mode
[   59.036368][ T6562] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   59.121291][ T6562] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   59.123760][ T6562] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   59.126636][ T6562] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   59.129289][ T6562] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   59.150329][ T6575] netlink: 4 bytes leftover after parsing attributes in process `syz.1.132'.
[   59.171498][ T6513] lo speed is unknown, defaulting to 1000
[   59.610368][ T6562] syz.2.130 (6562) used greatest stack depth: 21152 bytes left
[   59.887812][ T6590] netlink: 8 bytes leftover after parsing attributes in process `syz.0.135'.
[   60.005796][ T6595] tmpfs: Bad value for 'mpol'
[   60.158981][   T39] audit: type=1326 audit(1732800746.958:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6601 comm="syz.1.139" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000
[   60.169746][   T39] audit: type=1326 audit(1732800746.958:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6601 comm="syz.1.139" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000
[   60.175769][   T39] audit: type=1326 audit(1732800746.958:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6601 comm="syz.1.139" exe="/syz-executor" sig=0 arch=40000003 syscall=81 compat=1 ip=0xf7fc5579 code=0x7ffc0000
[   60.181307][   T39] audit: type=1326 audit(1732800746.958:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6601 comm="syz.1.139" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000
[   60.189649][   T39] audit: type=1326 audit(1732800746.958:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6601 comm="syz.1.139" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000
[   60.195290][   T39] audit: type=1326 audit(1732800746.958:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6601 comm="syz.1.139" exe="/syz-executor" sig=0 arch=40000003 syscall=152 compat=1 ip=0xf7fc5579 code=0x7ffc0000
[   60.765185][   T56] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[   60.766959][   T56] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[   60.774148][ T5965] ==================================================================
[   60.776316][ T5965] BUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0xe2/0xf0
[   60.778563][ T5965] Read of size 8 at addr ffff88804b350498 by task kworker/u33:3/5965
[   60.782087][ T5965] 
[   60.783052][ T5965] CPU: 1 UID: 0 PID: 5965 Comm: kworker/u33:3 Not tainted 6.12.0-syzkaller-10553-gb86545e02e8c #0
[   60.785823][ T5965] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   60.788694][ T5965] Workqueue: hci0 hci_cmd_sync_work
[   60.790007][ T5965] Call Trace:
[   60.790910][ T5965]  <TASK>
[   60.791700][ T5965]  dump_stack_lvl+0x116/0x1f0
[   60.792979][ T5965]  print_report+0xc3/0x620
[   60.794174][ T5965]  ? __virt_addr_valid+0x5e/0x590
[   60.795516][ T5965]  ? __phys_addr+0xc6/0x150
[   60.796722][ T5965]  kasan_report+0xd9/0x110
[   60.797897][ T5965]  ? mgmt_remove_adv_monitor_sync+0xe2/0xf0
[   60.799484][ T5965]  ? mgmt_remove_adv_monitor_sync+0xe2/0xf0
[   60.801053][ T5965]  mgmt_remove_adv_monitor_sync+0xe2/0xf0
[   60.802584][ T5965]  hci_cmd_sync_work+0x1a4/0x410
[   60.803902][ T5965]  process_one_work+0x958/0x1b30
[   60.805209][ T5965]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   60.806706][ T5965]  ? __pfx_process_one_work+0x10/0x10
[   60.808137][ T5965]  ? rcu_is_watching+0x12/0xc0
[   60.809427][ T5965]  ? assign_work+0x1a0/0x250
[   60.810683][ T5965]  worker_thread+0x6c8/0xf00
[   60.811940][ T5965]  ? __pfx_worker_thread+0x10/0x10
[   60.813313][ T5965]  kthread+0x2c1/0x3a0
[   60.814391][ T5965]  ? _raw_spin_unlock_irq+0x23/0x50
[   60.815963][ T5965]  ? __pfx_kthread+0x10/0x10
[   60.817198][ T5965]  ret_from_fork+0x45/0x80
[   60.818388][ T5965]  ? __pfx_kthread+0x10/0x10
[   60.819666][ T5965]  ret_from_fork_asm+0x1a/0x30
[   60.820948][ T5965]  </TASK>
[   60.821810][ T5965] 
[   60.822446][ T5965] Allocated by task 6544:
[   60.823571][ T5965]  kasan_save_stack+0x33/0x60
[   60.824795][ T5965]  kasan_save_track+0x14/0x30
[   60.826016][ T5965]  __kasan_kmalloc+0xaa/0xb0
[   60.827266][ T5965]  mgmt_pending_new+0x5b/0x290
[   60.828537][ T5965]  mgmt_pending_add+0x36/0x160
[   60.829802][ T5965]  remove_adv_monitor+0x124/0x1b0
[   60.831097][ T5965]  hci_sock_sendmsg+0x1528/0x25e0
[   60.832431][ T5965]  sock_write_iter+0x4fe/0x5b0
[   60.833643][ T5965]  vfs_write+0x5ae/0x1150
[   60.834771][ T5965]  ksys_write+0x207/0x250
[   60.835887][ T5965]  __do_fast_syscall_32+0x73/0x120
[   60.837220][ T5965]  do_fast_syscall_32+0x32/0x80
[   60.838482][ T5965]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   60.840277][ T5965] 
[   60.840909][ T5965] Freed by task 56:
[   60.841927][ T5965]  kasan_save_stack+0x33/0x60
[   60.843148][ T5965]  kasan_save_track+0x14/0x30
[   60.844379][ T5965]  kasan_save_free_info+0x3b/0x60
[   60.845689][ T5965]  __kasan_slab_free+0x51/0x70
[   60.846958][ T5965]  kfree+0x14f/0x4b0
[   60.847977][ T5965]  cmd_complete_rsp+0x16d/0x1e0
[   60.849243][ T5965]  mgmt_pending_foreach+0xdf/0x140
[   60.850570][ T5965]  __mgmt_power_off+0x12f/0x2c0
[   60.851852][ T5965]  hci_dev_close_sync+0xd37/0x1250
[   60.853194][ T5965]  hci_dev_do_close+0x2e/0x90
[   60.854427][ T5965]  hci_rfkill_set_block+0x225/0x360
[   60.855785][ T5965]  rfkill_set_block+0x203/0x560
[   60.857062][ T5965]  rfkill_epo+0x8e/0x1d0
[   60.858198][ T5965]  rfkill_op_handler+0x25a/0x270
[   60.859501][ T5965]  process_one_work+0x958/0x1b30
[   60.860811][ T5965]  worker_thread+0x6c8/0xf00
[   60.862028][ T5965]  kthread+0x2c1/0x3a0
[   60.863102][ T5965]  ret_from_fork+0x45/0x80
[   60.864289][ T5965]  ret_from_fork_asm+0x1a/0x30
[   60.865549][ T5965] 
[   60.866178][ T5965] The buggy address belongs to the object at ffff88804b350480
[   60.866178][ T5965]  which belongs to the cache kmalloc-96 of size 96
[   60.869692][ T5965] The buggy address is located 24 bytes inside of
[   60.869692][ T5965]  freed 96-byte region [ffff88804b350480, ffff88804b3504e0)
[   60.873236][ T5965] 
[   60.873866][ T5965] The buggy address belongs to the physical page:
[   60.875557][ T5965] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4b350
[   60.877855][ T5965] anon flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   60.879870][ T5965] page_type: f5(slab)
[   60.880946][ T5965] raw: 04fff00000000000 ffff88801ac42280 ffffea00012cc9c0 dead000000000005
[   60.883198][ T5965] raw: 0000000000000000 0000000000200020 00000001f5000000 0000000000000000
[   60.885426][ T5965] page dumped because: kasan: bad access detected
[   60.887106][ T5965] page_owner tracks the page as allocated
[   60.888592][ T5965] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1136, tgid 1136 (kworker/u32:8), ts 40777235011, free_ts 40555379481
[   60.893652][ T5965]  post_alloc_hook+0x2d1/0x350
[   60.894919][ T5965]  get_page_from_freelist+0xfce/0x2f80
[   60.896348][ T5965]  __alloc_pages_noprof+0x223/0x25a0
[   60.897724][ T5965]  alloc_pages_mpol_noprof+0x2c9/0x610
[   60.899194][ T5965]  new_slab+0x2c9/0x410
[   60.900278][ T5965]  ___slab_alloc+0xd1d/0x16e0
[   60.901521][ T5965]  __slab_alloc.constprop.0+0x56/0xb0
[   60.902958][ T5965]  __kmalloc_cache_noprof+0xf6/0x420
[   60.904342][ T5965]  nsim_fib_event_nb+0x1b6/0xec0
[   60.905642][ T5965]  notifier_call_chain+0xb7/0x410
[   60.906950][ T5965]  atomic_notifier_call_chain+0x71/0x1c0
[   60.908417][ T5965]  call_fib_notifiers+0x33/0x70
[   60.909700][ T5965]  fib6_add+0x25ee/0x4b20
[   60.910870][ T5965]  ip6_ins_rt+0xb6/0x110
[   60.911992][ T5965]  __ipv6_ifa_notify+0x9de/0xc30
[   60.913304][ T5965]  addrconf_dad_completed+0x19d/0x1060
[   60.914744][ T5965] page last free pid 16 tgid 16 stack trace:
[   60.916300][ T5965]  free_unref_page+0x661/0x1080
[   60.917707][ T5965]  __folio_put+0x32a/0x450
[   60.918926][ T5965]  free_page_and_swap_cache+0x249/0x2c0
[   60.920397][ T5965]  tlb_remove_table_rcu+0x89/0xe0
[   60.921754][ T5965]  rcu_core+0x79d/0x14d0
[   60.922872][ T5965]  handle_softirqs+0x213/0x8f0
[   60.924096][ T5965]  run_ksoftirqd+0x3a/0x60
[   60.925244][ T5965]  smpboot_thread_fn+0x661/0xa30
[   60.926520][ T5965]  kthread+0x2c1/0x3a0
[   60.927529][ T5965]  ret_from_fork+0x45/0x80
[   60.928535][ T5965]  ret_from_fork_asm+0x1a/0x30
[   60.929789][ T5965] 
[   60.930422][ T5965] Memory state around the buggy address:
[   60.931883][ T5965]  ffff88804b350380: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   60.933954][ T5965]  ffff88804b350400: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   60.936027][ T5965] >ffff88804b350480: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   60.938115][ T5965]                             ^
[   60.939393][ T5965]  ffff88804b350500: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   60.941467][ T5965]  ffff88804b350580: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   60.943618][ T5965] ==================================================================
[   60.947993][ T6612] 9pnet_fd: Insufficient options for proto=fd
[   60.956380][ T5965] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   60.958340][ T5965] CPU: 2 UID: 0 PID: 5965 Comm: kworker/u33:3 Not tainted 6.12.0-syzkaller-10553-gb86545e02e8c #0
[   60.961092][ T5965] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   60.964192][ T5965] Workqueue: hci0 hci_cmd_sync_work
[   60.965607][ T5965] Call Trace:
[   60.966503][ T5965]  <TASK>
[   60.967309][ T5965]  dump_stack_lvl+0x3d/0x1f0
[   60.968544][ T5965]  panic+0x71d/0x800
[   60.969590][ T5965]  ? __pfx_panic+0x10/0x10
[   60.970813][ T5965]  ? preempt_schedule_thunk+0x1a/0x30
[   60.972301][ T5965]  ? preempt_schedule_common+0x44/0xc0
[   60.973921][ T5965]  ? check_panic_on_warn+0x1f/0xb0
[   60.975318][ T5965]  check_panic_on_warn+0xab/0xb0
[   60.976798][ T5965]  end_report+0x117/0x180
[   60.977997][ T5965]  kasan_report+0xe9/0x110
[   60.979199][ T5965]  ? mgmt_remove_adv_monitor_sync+0xe2/0xf0
[   60.980778][ T5965]  ? mgmt_remove_adv_monitor_sync+0xe2/0xf0
[   60.982345][ T5965]  mgmt_remove_adv_monitor_sync+0xe2/0xf0
[   60.983844][ T5965]  hci_cmd_sync_work+0x1a4/0x410
[   60.985181][ T5965]  process_one_work+0x958/0x1b30
[   60.986481][ T5965]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   60.987957][ T5965]  ? __pfx_process_one_work+0x10/0x10
[   60.989368][ T5965]  ? rcu_is_watching+0x12/0xc0
[   60.990645][ T5965]  ? assign_work+0x1a0/0x250
[   60.991852][ T5965]  worker_thread+0x6c8/0xf00
[   60.993107][ T5965]  ? __pfx_worker_thread+0x10/0x10
[   60.994460][ T5965]  kthread+0x2c1/0x3a0
[   60.995561][ T5965]  ? _raw_spin_unlock_irq+0x23/0x50
[   60.996951][ T5965]  ? __pfx_kthread+0x10/0x10
[   60.998190][ T5965]  ret_from_fork+0x45/0x80
[   60.999377][ T5965]  ? __pfx_kthread+0x10/0x10
[   61.000641][ T5965]  ret_from_fork_asm+0x1a/0x30
[   61.001954][ T5965]  </TASK>
[   61.003572][ T5965] Kernel Offset: disabled
[   61.004737][ T5965] Rebooting in 86400 seconds..

VM DIAGNOSIS:
13:32:27  Registers:
info registers vcpu 0

CPU#0
RAX=00000000001be2d7 RBX=0000000000000000 RCX=ffffffff8b20bce9 RDX=0000000000000000
RSI=ffffffff8b6cd8a0 RDI=ffffffff8bd167e0 RBP=fffffbfff1b92f00 RSP=ffffffff8dc07e20
R8 =0000000000000001 R9 =ffffed1005686fed R10=ffff88802b437f6b R11=0000000000000000
R12=0000000000000000 R13=ffffffff8dc97800 R14=ffffffff903e5e90 R15=0000000000000000
RIP=ffffffff8b20d0cf RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000000c2b100e CR3=000000004ba4a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8509ed75 RDI=ffffffff9a8a3280 RBP=ffffffff9a8a3240 RSP=ffffc900035af698
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3362343038386552
R12=0000000000000000 R13=0000000000000020 R14=ffffffff8509ed10 R15=0000000000000000
RIP=ffffffff8509ed9f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b500000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000020020000 CR3=0000000059a18000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000080000 RBX=0000000000000001 RCX=0000000000000008 RDX=0000000000000000
RSI=0000000000000000 RDI=0000000000000000 RBP=0000000000000002 RSP=ffffc90025ab7a18
R8 =ffffc90025ab7b50 R9 =ffffc90025ab7d70 R10=0000000000000002 R11=0000000000000000
R12=0000000000000000 R13=0000000000000008 R14=ffffc90025ab7b50 R15=ffffc90025ab7d70
RIP=ffffffff848d3750 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055cfbad5b8e8 CR3=0000000059a18000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=9390c6569390c656 9390c6569390c656 9390c6569390c656 9390c6569390c656 9390c6569390c656 9390c6569390c656 9390c6569390c656 9390c6569390c656
ZMM22=d198f09ad198f09a d198f09ad198f09a d198f09ad198f09a d198f09ad198f09a d198f09ad198f09a d198f09ad198f09a d198f09ad198f09a d198f09ad198f09a
ZMM23=28717ca228717ca2 28717ca228717ca2 28717ca228717ca2 28717ca228717ca2 28717ca228717ca2 28717ca228717ca2 28717ca228717ca2 28717ca228717ca2
ZMM24=88dc178688dc1786 88dc178688dc1786 88dc178688dc1786 88dc178688dc1786 88dc178688dc1786 88dc178688dc1786 88dc178688dc1786 88dc178688dc1786
ZMM25=595d1d26595d1d26 595d1d26595d1d26 595d1d26595d1d26 595d1d26595d1d26 595d1d26595d1d26 595d1d26595d1d26 595d1d26595d1d26 595d1d26595d1d26
ZMM26=fbfd4b09fbfd4b09 fbfd4b09fbfd4b09 fbfd4b09fbfd4b09 fbfd4b09fbfd4b09 fbfd4b09fbfd4b09 fbfd4b09fbfd4b09 fbfd4b09fbfd4b09 fbfd4b09fbfd4b09
ZMM27=7bfa41357bfa4135 7bfa41357bfa4135 7bfa41357bfa4135 7bfa41357bfa4135 7bfa41357bfa4135 7bfa41357bfa4135 7bfa41357bfa4135 7bfa41357bfa4135
ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=bb020000bb020000 bb020000bb020000 bb020000bb020000 bb020000bb020000 bb020000bb020000 bb020000bb020000 bb020000bb020000 bb020000bb020000
info registers vcpu 3

CPU#3
RAX=0000000000080000 RBX=ffffc9002579f968 RCX=ffffc9000cf71000 RDX=0000000000080000
RSI=ffffffff81dd8a3d RDI=ffff88806c9130c0 RBP=ffff888068cc7920 RSP=ffffc9002579f878
R8 =ffffc9002579f9e8 R9 =0000000000000000 R10=000000006b4d4007 R11=0000000000000002
R12=ffffc9002579f9e8 R13=0000000024917000 R14=ffff88806c8dd7c0 R15=fff0000000000fff
RIP=ffffffff818e016a RFL=00000216 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b700000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000020000080 CR3=000000006c152000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000