last executing test programs:

30.091266672s ago: executing program 3 (id=110):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
r3 = socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
r4 = socket(0x1, 0x803, 0x0)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9)
socket(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCGIFADDR(r3, 0x8915, &(0x7f0000000040)={'veth1_to_batadv\x00', {0x2, 0x0, @initdev}})
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080))
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_BT_DEFER_SETUP(r6, 0x112, 0x7, &(0x7f0000000380), 0x4)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x700, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r5], 0x50}}, 0x0)

29.07476015s ago: executing program 3 (id=116):
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_GET_VERSION_NUM(r0, 0x2282, &(0x7f0000000080))
r1 = syz_open_dev$video4linux(&(0x7f0000000080), 0x5d7, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[], 0x40}}, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x5855, &(0x7f0000000380)={0x0, 0x5328, 0x10100, 0x1, 0xfffdfffc, 0x0, r3}, &(0x7f0000000180)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r4, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
fcntl$lock(r7, 0x6, &(0x7f0000002000)={0x1, 0x0, 0x0, 0x1})
fcntl$lock(r7, 0x26, &(0x7f00000031c0)={0x1, 0x0, 0x2})
r8 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r8, 0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="d7669943"])
fcntl$lock(r7, 0x26, &(0x7f0000000080))
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB, @ANYBLOB], 0x50)
r9 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r9, 0x40186f40, 0x20000502)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r11 = openat$cgroup_ro(r10, &(0x7f0000000080)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0)
preadv(r11, &(0x7f0000000fc0)=[{&(0x7f0000000ac0)=""/244, 0xf4}], 0x1, 0x0, 0x0)
ioctl$VIDIOC_QUERYCTRL(r1, 0xc0445624, &(0x7f00000000c0)={0x0, 0x0, "1ec4618f6538ecc26693065a2dcc26d92bb4f1030cd2c1011cdbf894a0839dc2"})
r12 = getpid()
sched_setscheduler(r12, 0x2, 0x0)
sched_setaffinity(r12, 0x8, &(0x7f0000000240)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x3, r12, 0x2, 0x0)

28.109438171s ago: executing program 3 (id=120):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000009500000008000009"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000003000000180001801400020073797a5f74756e0000000000000000000500050000000000"], 0x34}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='contention_end\x00', r0}, 0x10)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @loopback}, 0x4, 0x2, 0x0, 0x6}, 0x20)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
listen(r3, 0x8)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r4, 0x8b32, &(0x7f0000000040))
r5 = syz_open_dev$dri(&(0x7f00000002c0), 0x2, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x40000, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000007c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="9feb010006000000000000000c0000000c000000020000000000f8ff00000002020000000000"], 0x0, 0x26, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r7, 0x4068aea3, &(0x7f0000000200)={0x79, 0x0, 0x1})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
writev(r8, &(0x7f0000000240)=[{&(0x7f0000000800)='9', 0x1}], 0x1f)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064d1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0})

27.690318694s ago: executing program 3 (id=125):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x20)
mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./bus\x00', &(0x7f0000000340), 0x1, &(0x7f00000000c0)={[{@redirect_dir_on}, {@redirect_dir_follow}, {@metacopy_off}]})
chdir(&(0x7f00000003c0)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})

27.461015879s ago: executing program 3 (id=126):
r0 = userfaultfd(0x1)
timer_create(0x7, &(0x7f00000000c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0x0)
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140))
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)
epoll_create(0x400)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0xf, 0x4, 0x8, 0xcf6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)={0x24, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}}, 0x0)
syz_80211_join_ibss(&(0x7f0000000140)='wlan1\x00', 0x0, 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000004c0)={0xaa, 0xe0})
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0)
socketpair(0x3, 0x80007, 0x2, &(0x7f0000000040)={<r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000180)={'wlan0\x00'})
ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffc000/0x4000)=nil, 0x4000})

25.836081301s ago: executing program 3 (id=132):
fsopen(&(0x7f0000000040)='cifs\x00', 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000008c0)={<r0=>0xffffffffffffffff})
sendmsg$tipc(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="d5", 0x1}], 0x1}, 0x0)
ioctl$vim2m_VIDIOC_G_FMT(0xffffffffffffffff, 0xc0285629, 0x0)
r1 = getpid()
listen(0xffffffffffffffff, 0x0)
listen(0xffffffffffffffff, 0x0)
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r4, 0x4038ae7a, &(0x7f0000000040)={0x80, 0x8c8, 0x0, 0x0})
ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x400caed0, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r5, 0x4048aecb, &(0x7f0000000080))
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000003000/0x2000)=nil, r6, 0x0, 0x4000032, r5, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet_udp(0x2, 0x2, 0x0)

10.752759348s ago: executing program 32 (id=132):
fsopen(&(0x7f0000000040)='cifs\x00', 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000008c0)={<r0=>0xffffffffffffffff})
sendmsg$tipc(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="d5", 0x1}], 0x1}, 0x0)
ioctl$vim2m_VIDIOC_G_FMT(0xffffffffffffffff, 0xc0285629, 0x0)
r1 = getpid()
listen(0xffffffffffffffff, 0x0)
listen(0xffffffffffffffff, 0x0)
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r4, 0x4038ae7a, &(0x7f0000000040)={0x80, 0x8c8, 0x0, 0x0})
ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x400caed0, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r5, 0x4048aecb, &(0x7f0000000080))
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000003000/0x2000)=nil, r6, 0x0, 0x4000032, r5, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet_udp(0x2, 0x2, 0x0)

8.378342189s ago: executing program 1 (id=185):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
socket$kcm(0x10, 0x7, 0x10)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
recvmmsg(r3, 0x0, 0x0, 0x481559ff04fe49e8, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(0xffffffffffffffff, 0x40044102, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r4, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000001000030500"/20, @ANYRES32=0x0, @ANYRESDEC=r6, @ANYRESHEX=r0, @ANYBLOB="080004000001"], 0x4c}}, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010800"/20, @ANYRES32=r7, @ANYBLOB="00000000000000000c002b8008000100", @ANYRES32, @ANYBLOB="0800810000000000"], 0x34}}, 0x0)
r8 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
r9 = dup(r8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r9, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x3)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000b6f000/0x18000)=nil, &(0x7f0000000380)=[@text16={0x10, &(0x7f0000000540)="0f20e06635000002000f22e0d9fa66b9800000c00f326635010000000f3066b97a0800000f32ba2100b0a2ee0f221dbad104f00fc020ee0f6972ce3e660f3880150f30", 0x43}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

6.722039793s ago: executing program 1 (id=188):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000ac0)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000150600000fff070067060000200000006a0200000ee60000bf050000000000004e350000000000006507000002000000070700004a0000000f75000000000000bf5400000000000007040000040011002e53010000000000840400000000000005000000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1cc0800004537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5306f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c767030090a3967093b000e3806f825f1d0da2a304e06503b56d35235d78b7a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664a44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45b3fde43e42e150d4a2fddd9a976774ad68a50fc977859c9c6faebbb46bec1adb3e92797093af2bd9869c0309166f02abb842e1c391aecdf0022d7a02074bab65154752555dec6716a2c038e9b18d989186f01292c146cd01a5e6096f3f66ad4657074a5902421e87a1085784dce59e76f799a3ce0014276b5cf0265ba31675989f177f7def37411a3f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x2)
r2 = dup(r1)
fcntl$getown(0xffffffffffffffff, 0x9)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$RTC_PIE_ON(r3, 0x7005)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0x0, [{}, {}, {}, {0x1}, {}, {0xfffffffa, 0x6}], 0x0, 0x0, 0x8, 0x0, 0x1}})
socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$AUTOFS_IOC_EXPIRE(0xffffffffffffffff, 0x810c9365, 0x0)
r4 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000200)={@private0, 0x800, 0x0, 0xff, 0x5, 0x0, 0x8}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x40, 0x10, 0x503, 0x70bd28, 0xffffffff, {0x0, 0xcf, 0x0, 0x0, 0x808b}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x8, 0x6, @dev={0xac, 0x14, 0x14, 0x3a}}, @IFLA_GRE_REMOTE={0x8, 0x7, @multicast1=0xe000030a}]}}}]}, 0x40}}, 0x0)
syz_open_dev$vim2m(&(0x7f0000000180), 0x0, 0x2)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000380)={0x3ff}, 0x0, 0x0)
write$UHID_INPUT(r2, &(0x7f0000002080)={0x3, {"a2e3ad21ed0d52f91b5d390887f70e06d038e7ff7fc6e5539b3272298b1f9b07081b4d090890e0878f0e1ac6e7049b3366959bfc9a240d2567f3988f7ef319520100ffe8d178708c523c921b1b9b39070d075d0936cd3b78130d9b61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c9000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdc80c47ee4f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78ff95b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af0000807e0000000002d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b4051db55e0510a6e4114a53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a6d8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000040)={0x0, 0x9, 0x3, &(0x7f0000000000)={0x1c, "dc9c367ab9c02383bdd3d86f374b99d9cb233c6093aa3c63ed0f286898092a4771"}})
fcntl$notify(r0, 0x402, 0x2b)

4.752131733s ago: executing program 0 (id=194):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r1}, 0x18)
socket$can_j1939(0x1d, 0x2, 0x7)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r5 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r5, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

4.093496049s ago: executing program 2 (id=195):
socket(0x10, 0x80002, 0x0)
r0 = socket(0x200000000000011, 0x2, 0x400)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_virt_wifi\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xf, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffc, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0xffffffffffffff2f, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0x21}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
r5 = getegid()
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002540)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r6, &(0x7f000000af00)={0x2020, 0x0, 0x0, <r7=>0x0, <r8=>0x0}, 0x2020)
chown(&(0x7f0000000080)='./file0\x00', r7, r8)
setresgid(r5, r8, 0xffffffffffffffff)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x8)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r4, &(0x7f0000000fc0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001f80)="f4c44888112286b0fcc69bd757ce93cb07d0fc06a737181e6d631bd33a045797a61ef10ed40bacc74ba22a30e95fee563e80a7b72785c9228135c08735074fa67b37265ed7c02c4ef3daa92203a132a03495015e1851e0c1ae6dbc065e5ce1a13628125962461d87568872f86754722903d8ea82ad4cc576bf23aa3c6e7698d4b1782e73437f4d3764fa218a906fece5ac822b235c663e8bab4b2a97d17de35fed53d6c3975d49c1b70a818a3b4b0b817611fd3e35cb404fbae19a2ccd774555fa4114264ee3f816868884152efbe74d74e848d99bcd3dadb274deb9dc820c78eaf983dfc234154e0b719c1e0a07710ffed4e0b283973e0d045ba23381c5ece9a52bec1937d95cec17e6ea7c387eef4a3412c18a78678283c97d20cd5860f0bd35e629cb541a965d5c1437f2580abdc1153e58614d2e8fd41478a5ee9aca37864e0a9f918c95e5dc45e011d60e53fed228f181f9fa80b1c9737c484298652b92ef7a0508fde423e178c6acfc33b67fcf516c4d93475715e908451ecc559152b20ac01da50697da05effe671f960a5b4b5392a95dd99fbf0b7fb0bd9d8077dad3a5e268dd8a013ef4014b4f1c11e0072d8f537fd6590317c3e9435ef43a7093d87694d7cbf0a35edca939294e580f2a7b04dd2884186c0e5977b7c836749d00c6ffa8c0796a4be2db5b14d83f843b7df9dc8bd7d09b24ac70221284042898b1c60b863a3ee69a8d78c7c5f851beef3fb7f33a0556eac8156d78e9b4945fa403cd84d1da7617daa4e8007f3a8acd9f442d8b3a7f4900a9358c0bb195d713a63a7d74b353606789d5737ab41e20743341d63d62e3aa272b37af8cb203f165eb24f397707a931c8131ae900e53a0112c313363ec80ad3f150390459399e7018b4e25ee427a219ef31f618b3375082c43e89132b277452bcfba5c3ab0859c27e6b1d6827af1811e06eeb2e528d3c13fb3180f69a741802e6bc2ec61be51ae78f3813d56a1ade11d778b6e4c5c3bc648ad9a96b060178518b6191eff547597c4f0e4dbf332516b0366a37254994258a66182ad492bcb1cdfa8d68d2685acaabc679b6a4db24e6f2de5e5647ba49cbf4f331927d709c56f0927e9485961f1c6c8044439f80860533ae2de9bf5fdffe28f46f278b6ccab75445488565ddf38170cda172f270e19417e16f840fea8d09fdf85b539515566d7f7a696d9ce1de89fe5601ce6012a7b1b8384174f96762f3c705535580559faf2fa9e04fa2cb1dcac0001ea67198cb7d5c7d67360a47c85f2f1be4c636447a4c74f2ec833d931220fd263ca369bd24404da10ac003d4c8694f026b9d9c80373ec01cfcf612f2e6b6c276a4507896eaf3f65524c3bb20ebb8565f7c3d3a9a334f439336094b36b2891589a5fa457ce061d1cf2bb091d66740ba2203c386e9d902a0bc27223221236c2d080342890b108561e1e9dd8d876a2be8ac3952abecc89a87345a9cfa8da98d730e20c90bcafd5b6126803938182b049d6f37f4816218c79c0483b5653be3373808f0df220774515c12630e36b361ebd538ad4f3baffdeb5652b871b5382acf838914bc0c08b934c71851e5e9ec76fa78f24181020068165e398f290394a0b8ee17322ba2ae0cf12cd9e87057a663baa4b442f75a198d6b87ffc627e113a5499982c3bc116b8a70b5124a143e7f7519743143a08997f7c6b3012c039b2403dec7f1519504942978f6d337d606f83ce7c98599da9f30a1bef5468e291ce4cf5bc10b31db11624c4d3e85895ecc8297355d5412b9257cf1431edd64ff5b9a3039bf253f7beb25f1eae30f975584bf5d37576e88f9dcfd13237c1e10aff962a251ab10c00ebcb6baea71ffeb3f52be4a0e084cb79bdf0d334ed6c2c8603e7f61a753abacf737b688c90e063ba8ff09517d9d4023d561dec9425bd97b4566918e0db24eef422a6086e0c9a4b8f02c0ef41fc2c52b822ca85fb9c745bcd78c0908d38abd35e1018815abc48c233e88d382d9ad4d3ebd987d556136755f5e4e5b37e478463745684bbda54ce773d6126e2da331e4d658d167d8f9fb1e8fe7060cf9737f760fa3b32159afff0486156b0e27dae41b56e1faa4435912e722da9114b2fcf7d83c0b735aadfe3c5c8c8870d543ee77b5d1782f8baec1301b08b6f1dea3946b99f78c7649bd3ef4299d68c424037f4c1ab2dbfc2254b207d005ba487b761fae0bbf0190c7f1097890e1cbd0d52af8a1274dfaa8e0060e7da809367605476f97be470d08cf7f151df2735a36a5b02bd9576f23e100b9298525287dda12658e859092bcd082643b2445b708dcc0bd66b9eba18b3ee30b1e152431a37dc59c772df39e375d29f3c0d0578ee4ffb70da642b2b1c7531a5fb1a04831886a7c1abad2ae1c50b50ccea173a9739611a0470d1d259572e556370407f559390e3d3da13c46a0e2519a9c90125d0479d38d076265c10701b42b47b7e98e3d89aa1bb705e21636f98007957022fb578a8104cf57b14adf961500b625f", 0x6f4}, {0x0}], 0x2}}], 0x1, 0x0)
sendto$inet(r4, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)

3.894890287s ago: executing program 1 (id=196):
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x6)
mkdirat(r0, &(0x7f0000000080)='./file0\x00', 0x80)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000680), 0x200010, &(0x7f0000000700)={[{@verity_on}, {@metacopy_on}]})

3.738440366s ago: executing program 1 (id=197):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
socketpair(0x29, 0x2, 0x0, &(0x7f0000000a40)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r3=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x3, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000100)={'ip6gre0\x00', &(0x7f0000000080)={'ip6tnl0\x00', r3, 0x2f, 0x8, 0x6, 0x0, 0x1a, @local, @local, 0x7, 0x7, 0x0, 0x1000}})

3.538773677s ago: executing program 0 (id=198):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000000)={0xf0f027, 0x1})
open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', 0x0, 0x0, 0x101091, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x5)
r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
listen(r1, 0x7)
mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={[], [], 0x2f})
chdir(&(0x7f0000000080)='./file0\x00')
getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000005c40)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x5c, 0x30, 0x9, 0x0, 0x0, {}, [{0x48, 0x1, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x0, 0x0, 0x10000000}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, 0x0, 0x0)
preadv(r4, 0x0, 0x0, 0x0, 0x0)
r5 = socket(0x1e, 0x4, 0x0)
connect$tipc(r5, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x1, 0x4}}, 0x10)
r6 = openat$vcsa(0xffffff9c, &(0x7f0000000140), 0x101a82, 0x0)
getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000001c0)={<r7=>0x0, 0xe, 0xffffbd3d, 0xfffffffd}, &(0x7f0000000200)=0x10)
setsockopt$inet_sctp6_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000240)=@assoc_value={r7, 0x60}, 0x8)
sendmmsg$unix(r5, &(0x7f0000004400), 0x400000000000203, 0x0) (fail_nth: 3)

2.491837464s ago: executing program 0 (id=199):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$UHID_INPUT(r0, &(0x7f0000010140)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964ded28f79c862e674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a9786cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25ade162ba3c91bb844aaf6fd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e57060", 0x1000}}, 0x1006)
io_uring_enter(r0, 0x3a2f, 0xc37c, 0x0, &(0x7f0000000080)={[0x46, 0x3]}, 0x8)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r0, 0x0)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19)
r1 = socket$phonet(0x23, 0x2, 0x1)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000))
r2 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xff}, 0xf}, 0x1c)
socket$packet(0x11, 0x2, 0x300)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000200), 0x3)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000010140)=@gcm_128={{0x303, 0x38}, "faffffff0000003c", "82d7773879241628cb2d7129d5a01853", '\x00', "614db5b3ffffffff"}, 0x28)
preadv2(r2, &(0x7f0000003680)=[{&(0x7f0000000440)=""/29, 0x1d}], 0x1, 0x2, 0x0, 0x1)
r4 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r0, 0xffffffffffffffff, 0x25, 0x0, @val=@iter={&(0x7f00000000c0)=@map_fd=r0, 0x10}}, 0x18)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=@newtaction={0x68, 0x30, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0x23}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}, 0x2}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000140)={{0x1, 0x1, 0x18, r4}, './file0\x00'})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

2.300268373s ago: executing program 2 (id=200):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, &(0x7f00000002c0)=0x2, 0x4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x8, 0x0, 0x3f8, 0x0, 0x4, 0x0, 0xff}, 0x9c)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000002fc0)=@newqdisc={0x34, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)

2.157719052s ago: executing program 1 (id=201):
ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5001, 0x0)
io_uring_setup(0x1234, &(0x7f0000000080)={0x0, 0x893f, 0x800, 0x2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = gettid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000980)={r3, r2, 0x0, 0x0, 0x0}, 0x30)
getpid()
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
userfaultfd(0x1)
r4 = memfd_create(&(0x7f0000000300)=' \xc76\xbe\x91\x8d\x182)!\x9a%\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00r\xbb\xdd\xe8\x87\x05=\xfb\x8b}\xfc\x1d\x03\xe1\xfcm\x9b\xf7fo\"i\xa1hk\x1f\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94T\x81@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f\x19\xf7]#\xed,\xc7\x11\tp\xf4\xa3\xee\x00\x00\x00\x00\'}\x18\xe8O\xa8#K\xb6\xe4U\x92\xd2\x9d\xb8<X\xfa\xdd\x8a6\xa1\x82\xf7r\xd8z\x85\x8do\xa5\xed\xd4\xbc8U\x1e\xf2tl8\xfe\xd0\x94\xfe\xf5\x1c+\x00U\te\xfa6\xca\xb9\xb4Q\xd9\xee\r6\x861h{\xc7z\'F\xc7\x91\x06x\xe1`\xf1:\xcf+\xd5\f\xb2\xce\xa4\x06\x90\x90\x9b\x1d\xcaa\xf7\x8f\x9e\x80\x93\xafT\xdfl\xec\xc6\x8e\x96\r[n\xc6\x99\x1fr<\x06\xb3\xbcT\x00\xda6\x18/\x18l\xc1\x81\x8e8L\xcb*S_\xd0:\xa4V\xbd\xf1\xa4\x955\xa9\x9d\xe0\x9b\xd3\x95\xc88n:\x89>?2\xc8\xe7kovd\xa4\x1bl+\x14\x17\x14\x17C2! U\x04:\xd93F\xb9\xfc\x1b\xfd}\x05\xf9\x11\xf3)>q\x10\xd3\xf0\xaf>\xf8t(bX\xe3g\x05\xfe\b\xbcy\x95*\xca\a\xaf\xbb\xf9\xc3Y\xa2\x91\x90.\xc8\xbe\xb0\xa6\xbd\xbd\xfd\xfaf*\xb2&\x82\xa0\x17\xe7)\xf5\xa2\xccv\n\x1b\xd4\xf4\x11*\xc9\xc6*\xa4.\x94[$\xb8\xb3Q\xde\xd8A\xa4~c,`\x02\xb8\x01r\x89\x82\x13\xd0}C7\xfb\xf2\tM\x1e\xe9\xa5\v\xc5\xba(\x89\xb0l\x92H\x1cR\x1f>\xc4ie\xe0B\xf0[\xe2\xe1\x12\x1d\x8fR&\xd1\xa6#\xda.\x0f\xd7\xd7\xa4\x90\x14\x92I\xf82&\x16<\xf2RR\xc2\x02.Q\xef\x85\xef\xf9\xe5\x00\xe9\xca\xb1\x8c\x11\x11l\x9f\xc8\b\xf7A\xa6\x81\xad\xdc\x95\xc8\xef\x102\xa8\x87\x01\x00\\\xfee \n0F\xbc\x85\xc5C\xd0\x99\xe4\t\xab`\'t\xc2\xe9\x13\xcag\xea\xb3\xb5\x92\x00J\xc6y\x05\xcc\xde\xa0\xf6\xb9 \xe5\xdd\f\x18\xfc\xe0\xc3(\xd8\xeb\x1a6\xe6\xfa\x93\xc07R\x0f-\x9e\xf3\x87E\xa3\xd5o\x1bA\x88L/\xe7>45Q?\be\x7f\xa9\x9a\xcae\xd8Y\xdf]\x1bS\x825\xcb\x00\xa4}\x97\x84T\xad\x9b\x1e!\x8a\xbc\x02+#Q\xa9 \xe9\x05r\xe1\xec\x0f\xa7\xe6Of\x95\x02{', 0x4)
ftruncate(r4, 0x400000)
finit_module(r4, 0x0, 0x0)

2.157451958s ago: executing program 4 (id=181):
bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x2008, 0x1}, 0x8, 0x10, &(0x7f0000000080)={0x3, 0x10, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000340)=[{0x2, 0x2, 0xf, 0x7}], 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'})
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
chdir(&(0x7f0000000140)='./file0\x00')
r4 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x8, &(0x7f00000004c0)={[{@none}, {@name={'name', 0x3d, 'cgroup\x00'}}]})
openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
ioctl$FS_IOC_RESVSP(r4, 0x402c5828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x80000d})

2.016776678s ago: executing program 0 (id=202):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r0, &(0x7f00000000c0)="aa", 0x1, 0x20000000, &(0x7f0000000100)={0xa, 0x80fe, 0x4, @local, 0x4}, 0x1c)

1.895730998s ago: executing program 0 (id=203):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000003c0)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x14, 0x4, 0x4, 0x10002, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xffffffff, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f0000000680)={'sit0\x00', 0x0})
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x11)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x3, 0x3)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x12)

1.895045114s ago: executing program 2 (id=204):
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x4)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000001980)={0x9, {"a2e3ad084fc752f91b2909094bf70e0dd038e7ff7fc6e5539b324c078b089b33393b6d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b313020376d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df0784c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d618e462071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af44863c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000510b00", 0x1000}}, 0x1006)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000500)=@nat={'nat\x00', 0x2, 0x5, 0x468, 0x2dc, 0x0, 0xffffffff, 0xfc, 0x2dc, 0x3d4, 0x3d4, 0xffffffff, 0x3d4, 0x3d4, 0x5, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'pim6reg\x00', 'dvmrp0\x00', {}, {}, 0x5c}, 0xac030000, 0xc8, 0xfc, 0x0, {}, [@common=@inet=@l2tp={{0x2c}, {0x0, 0x3, 0x3, 0x1}}, @common=@inet=@udp={{0x2c}, {[0x4e20, 0x6], [0x4e23, 0x4e21], 0x3}}]}, @SNAT0={0x34, 'SNAT\x00', 0x0, {0x1, {0x0, @dev={0xac, 0x14, 0x14, 0x18}, @private=0xa010102, @gre_key=0x400, @gre_key=0x8}}}}, {{@uncond, 0x0, 0xb8, 0xec, 0x0, {}, [@common=@unspec=@state={{0x24}, {0x8}}, @common=@inet=@set2={{0x24}}]}, @MASQUERADE={0x34, 'MASQUERADE\x00', 0x0, {0x1, {0x0, @broadcast, @empty, @port, @gre_key}}}}, {{@uncond, 0x0, 0xc0, 0xf4, 0x0, {}, [@common=@inet=@multiport={{0x50}, {0x0, 0x20, [0x0, 0x0, 0x4e21, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x4e24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4e22]}}]}, @SNAT0={0x34, 'SNAT\x00', 0x0, {0x1, {0x0, @local, @local, @icmp_id, @port=0xffff}}}}, {{@uncond, 0x0, 0xc4, 0xf8, 0x0, {}, [@common=@addrtype={{0x2c}, {0x0, 0x0, 0x800}}, @common=@unspec=@cpu={{0x28}}]}, @SNAT0={0x34, 'SNAT\x00', 0x0, {0x1, {0x0, @remote, @rand_addr, @gre_key=0xd5}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x4c4)

1.729393892s ago: executing program 2 (id=205):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_BC_QUEUE_LEN={0x8}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x44}}, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x0, 0x1}, &(0x7f0000000500)=<r3=>0x0)
timer_settime(r3, 0x0, &(0x7f0000000140)={{0x0, 0x3938700}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000700)={{}, {0x77359400}}, &(0x7f0000000380))
openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x24600, 0x0)
r4 = timerfd_create(0x8, 0x800)
timerfd_settime(r4, 0x3, &(0x7f0000000040), &(0x7f0000000080))

1.530955577s ago: executing program 2 (id=206):
r0 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x3c, r2, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}}]}, 0x3c}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_clone(0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{0x1, <r3=>0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000240)='%pS    \x00'}, 0x1c)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000400)={r3, &(0x7f0000000340)="2355495145e1b19d83ca", &(0x7f0000000380)=""/66}, 0x1c)
r4 = getpid()
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000000300)=[<r5=>0x0]})
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r0, 0xc04064aa, &(0x7f0000000040)={0x0, 0x0, r5})
r6 = syz_open_dev$vcsu(&(0x7f0000000000), 0x3, 0x200)
connect$unix(r6, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e)

1.132125464s ago: executing program 4 (id=207):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x1100005}, 0x10)
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000000001000a00000800040001000000", 0x24)
r1 = openat$tun(0xffffff9c, &(0x7f0000000500), 0x210000, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000640)={'syz_tun\x00'})
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x801)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000400)={0x0, 'macvlan0\x00', {}, 0x5})
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000400)="89000000120081ae08060cdc03a6000000000002000000006ee2ffca1b1f0000000004c00e72f750375ed08a563319bf9ed720000000d6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100002400d0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x8000)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r4, 0x8947, &(0x7f0000000580)={'bond0\x00'})
write$qrtrtun(0xffffffffffffffff, &(0x7f00000005c0)="253754687c06d8f58187445ffe9858217350ae0bd7248738", 0x18)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000580)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010800000000000000000b00000008000300", @ANYRES32=r7, @ANYBLOB="0a000600080211e6ff00000030005080110001004abee33908f9eef16f162471f40000000800070000000000050002000300000008000300"], 0x58}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
move_pages(0x0, 0x1, &(0x7f0000000000)=[&(0x7f0000ffc000/0x1000)=nil], 0x0, 0xfffffffffffffffe, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_DELRULE={0x68, 0x8, 0xa, 0x801, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x2}, @NFTA_RULE_COMPAT={0xc, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0xe61c276321f0636c}]}, @NFTA_RULE_COMPAT={0x1c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x32}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x88}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x10c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_RULE_USERDATA={0xe4, 0x7, 0x1, 0x0, "12e984da5630ba00cae6fc3deb2af6201870bc4b423e019ed0410d989743dc668369595917d9e744a4369a9551eb64eaf02a1e848690b93a758dc934808d7fb479da326407436973c9b19e84a5a806c46e809016e6c5384e6c8796c0dffa578c4641510d1232439ab63952a153e864625c975802dd4467d9883b434da235216e145a26e7c6d678484597b1f72ec649523aef8086389127e69da05e77d8c3176bef039d81ef61de0b06cccc49a5b5e5559798c0c3dff1cc8035fccc84e303acff3d7fa6dd066d0b542aebf77e37756b6095d1388fc1d90d0812cc6e0b0019739e"}, @NFTA_RULE_COMPAT={0x14, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x5c}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x16}]}]}, @NFT_MSG_DELSETELEM={0x20, 0xe, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x1bc}, 0x1, 0x0, 0x0, 0x4}, 0x20000008)
r8 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r8, 0x29, 0x31, &(0x7f0000000040)=0x8000, 0x4)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x2a, &(0x7f0000001600)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
recvmmsg(r8, &(0x7f0000000600)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=""/190, 0xbe}, 0xaf}], 0x1, 0x0, 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x200401, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361636865"])
umount2(&(0x7f0000000040)='./file0\x00', 0xb)

884.007285ms ago: executing program 1 (id=208):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
unshare(0x68040200)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$EBT_SO_GET_INIT_INFO(r0, 0x0, 0x82, &(0x7f0000000240)={'nat\x00', 0x0, 0x0, 0x0, [0x2, 0xa6f, 0x9, 0x6, 0x1, 0x80000000]}, &(0x7f0000000000)=0x50) (fail_nth: 1)

500.729002ms ago: executing program 0 (id=209):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600707, 0x19)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
unshare(0x68040200)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_CT_KEY={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0)
getsockopt$EBT_SO_GET_INIT_INFO(r0, 0x0, 0x82, &(0x7f0000000240)={'filter\x00', 0x0, 0x0, 0x0, [0x2, 0xa6f, 0x9, 0x1, 0x200, 0x80000001]}, &(0x7f0000000000)=0x50)

387.285722ms ago: executing program 2 (id=210):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYRESOCT], 0x0, 0x9, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703f0ffffffffff840000007300000095000000000000004c04221ac4ba19114eb829b07e9d"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=@newtaction={0xe0, 0x30, 0x1, 0x0, 0x0, {}, [{0xcc, 0x1, [@m_skbedit={0x90, 0x1c, 0x0, 0x0, {{0xc}, {0x14, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0x2, 0xa}}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0xfffffffe}]}, {0x54, 0x6, "44ef5aefa425cedd7dd14ab77895cbd9c7ea094c20edd00baa1335a467e0f4d4bf4cdf7b46f6ff1369f46132ce7a9df874607b9b31afc4823c4183fcc9f71aad0c5f645fcd0a70e84b314d36868eef9d"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x84, 0x1, 0x0, 0x0, {{0x8}, {0x10, 0x2, 0x0, 0x1, [@TCA_IFE_DMAC={0xa, 0x3, @local}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'syz_tun\x00', <r1=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x800, r1, 0x1, 0x0, 0x6, @random="518440db9de1"}, 0x14)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000001c0)=0x3)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$kcm(0x29, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x8902, &(0x7f00000002c0))
socket$inet6_sctp(0xa, 0x5, 0x84)
r6 = syz_io_uring_setup(0x117, &(0x7f0000000100), &(0x7f0000000280)=<r7=>0x0, &(0x7f0000000200)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0xc})
io_uring_enter(r6, 0x47f6, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b7050000000000006110180000000000d4050000100000009500000000000000"], &(0x7f00000002c0)='syzkaller\x00', 0x5, 0xc3, &(0x7f0000000300)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x1}, 0x8, 0x10, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x3ff}, 0x10, 0x0, r0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000000c0)=<r9=>0x0)
prctl$PR_SCHED_CORE(0x3e, 0x3, r9, 0x2, 0x0)
r10 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
dup(r10)

0s ago: executing program 4 (id=211):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x4, &(0x7f00000000c0))
r0 = timerfd_create(0x0, 0x800)
timerfd_settime(r0, 0x3, &(0x7f0000000100)={{0x77359400}, {0x0, 0x1c9c380}}, 0x0)
r1 = socket$packet(0x11, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, 0x0, 0x0)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000040)={'veth0_vlan\x00'})
r3 = socket$rds(0x15, 0x5, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000b, 0x59033, 0xffffffffffffffff, 0x0)
r5 = userfaultfd(0x801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
socketpair(0xf, 0x3, 0x2, &(0x7f00000001c0))
bind$rds(r3, &(0x7f0000000580)={0x2, 0x1, @local}, 0x10)
getsockopt$sock_buf(r1, 0x1, 0x1a, 0x0, &(0x7f0000000000))

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:59247' (ED25519) to the list of known hosts.
[   76.113756][ T5907] cgroup: Unknown subsys name 'net'
[   76.259864][ T5907] cgroup: Unknown subsys name 'cpuset'
[   76.271110][ T5907] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   78.103389][ T5907] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   82.418187][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[   82.421883][ T1413] ieee802154 phy1 wpan1: encryption failed: -22
[   86.255367][ T5963] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   86.257921][   T67] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   86.276390][ T5963] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   86.277094][ T5963] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   86.277697][ T5963] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   86.278083][ T5963] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   86.278282][ T5963] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   86.278653][ T5962] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   86.280731][ T5961] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   86.289639][ T5962] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   86.329594][ T5963] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   86.329683][   T67] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   86.348969][ T5963] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   86.372979][ T5963] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   86.378183][   T67] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   86.385043][   T67] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   86.403191][   T67] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   86.407124][   T67] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   86.412087][ T5963] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   86.415918][ T5962] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   86.419280][   T67] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   86.422318][ T5963] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   86.425048][ T5962] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   86.481725][ T5962] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   86.799727][ T5951] chnl_net:caif_netlink_parms(): no params data found
[   87.011973][ T5956] chnl_net:caif_netlink_parms(): no params data found
[   87.049704][ T5952] chnl_net:caif_netlink_parms(): no params data found
[   87.363149][ T5965] chnl_net:caif_netlink_parms(): no params data found
[   87.376998][ T5951] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.379731][ T5951] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.382643][ T5951] bridge_slave_0: entered allmulticast mode
[   87.386659][ T5951] bridge_slave_0: entered promiscuous mode
[   87.414921][ T5951] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.426139][ T5951] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.438989][ T5951] bridge_slave_1: entered allmulticast mode
[   87.442419][ T5951] bridge_slave_1: entered promiscuous mode
[   87.703453][ T5956] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.705955][ T5956] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.708235][ T5956] bridge_slave_0: entered allmulticast mode
[   87.713272][ T5956] bridge_slave_0: entered promiscuous mode
[   87.728398][ T5956] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.742865][ T5956] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.747037][ T5956] bridge_slave_1: entered allmulticast mode
[   87.750330][ T5956] bridge_slave_1: entered promiscuous mode
[   87.760820][ T5951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.766644][ T5951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.790068][ T5952] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.794162][ T5952] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.796289][ T5952] bridge_slave_0: entered allmulticast mode
[   87.798784][ T5952] bridge_slave_0: entered promiscuous mode
[   87.802781][ T5952] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.806172][ T5952] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.809118][ T5952] bridge_slave_1: entered allmulticast mode
[   87.817773][ T5952] bridge_slave_1: entered promiscuous mode
[   88.090594][ T5952] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.098610][ T5956] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.107605][ T5951] team0: Port device team_slave_0 added
[   88.112962][ T5952] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.152586][ T5956] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.218318][ T5951] team0: Port device team_slave_1 added
[   88.242982][ T5965] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.245377][ T5965] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.247565][ T5965] bridge_slave_0: entered allmulticast mode
[   88.250827][ T5965] bridge_slave_0: entered promiscuous mode
[   88.257330][ T5965] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.262009][ T5965] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.267105][ T5965] bridge_slave_1: entered allmulticast mode
[   88.272163][ T5965] bridge_slave_1: entered promiscuous mode
[   88.315357][ T5952] team0: Port device team_slave_0 added
[   88.338115][ T5961] Bluetooth: hci1: command tx timeout
[   88.403456][ T5956] team0: Port device team_slave_0 added
[   88.410081][ T5956] team0: Port device team_slave_1 added
[   88.440668][ T5952] team0: Port device team_slave_1 added
[   88.461009][ T5965] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.486440][ T5961] Bluetooth: hci0: command tx timeout
[   88.492095][ T5956] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.498684][ T5956] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.511522][ T5956] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.538097][ T5965] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.543062][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.545802][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.568303][ T5951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.572129][ T5961] Bluetooth: hci3: command tx timeout
[   88.573215][ T5956] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.574199][ T5955] Bluetooth: hci2: command tx timeout
[   88.575908][ T5956] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.590586][ T5956] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.618403][ T5952] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.621939][ T5952] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.635898][ T5952] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.662528][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.664884][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.676486][ T5951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.736525][ T5952] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.739220][ T5952] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.757208][ T5952] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.921849][ T5965] team0: Port device team_slave_0 added
[   88.944731][ T5951] hsr_slave_0: entered promiscuous mode
[   88.972605][ T5951] hsr_slave_1: entered promiscuous mode
[   88.987279][ T5956] hsr_slave_0: entered promiscuous mode
[   88.993176][ T5956] hsr_slave_1: entered promiscuous mode
[   89.002512][ T5956] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.009912][ T5956] Cannot create hsr debugfs directory
[   89.016684][ T5965] team0: Port device team_slave_1 added
[   89.090595][ T5952] hsr_slave_0: entered promiscuous mode
[   89.112537][ T5952] hsr_slave_1: entered promiscuous mode
[   89.121769][ T5952] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.127384][ T5952] Cannot create hsr debugfs directory
[   89.284292][ T5965] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.292177][ T5965] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.332209][ T5965] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.399389][ T5965] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.401644][ T5965] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.415971][ T5965] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.616078][ T5965] hsr_slave_0: entered promiscuous mode
[   89.619045][ T5965] hsr_slave_1: entered promiscuous mode
[   89.621599][ T5965] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.623894][ T5965] Cannot create hsr debugfs directory
[   89.926915][ T5952] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   89.960341][ T5952] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   89.983713][ T5952] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   89.991386][ T5952] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   90.067158][ T5951] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   90.094464][ T5951] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   90.117773][ T5951] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   90.125551][ T5951] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   90.292061][ T5965] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   90.301593][ T5965] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   90.322252][ T5965] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   90.421299][ T5961] Bluetooth: hci1: command tx timeout
[   90.457795][ T5965] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   90.523811][ T5952] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.549905][ T5956] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   90.564572][ T5961] Bluetooth: hci0: command tx timeout
[   90.575132][ T5956] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   90.590579][ T5956] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   90.599158][ T5952] 8021q: adding VLAN 0 to HW filter on device team0
[   90.611519][ T5951] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.620430][ T5956] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   90.630507][ T1209] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.640229][ T1209] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.654127][ T5961] Bluetooth: hci3: command tx timeout
[   90.655912][ T5961] Bluetooth: hci2: command tx timeout
[   90.661781][ T5951] 8021q: adding VLAN 0 to HW filter on device team0
[   90.674656][ T1209] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.677328][ T1209] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.741897][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.745765][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.751710][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.755641][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.860328][ T5952] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   90.935503][ T5956] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.954914][ T5965] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.975760][ T5956] 8021q: adding VLAN 0 to HW filter on device team0
[   90.997080][ T5951] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   91.002333][ T5951] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   91.014502][ T5965] 8021q: adding VLAN 0 to HW filter on device team0
[   91.058437][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.062609][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.070596][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.078059][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.087761][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.090529][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.095964][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.098909][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.217253][ T5952] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.258824][ T5952] veth0_vlan: entered promiscuous mode
[   91.300509][ T5952] veth1_vlan: entered promiscuous mode
[   91.346958][ T5956] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.375747][ T5952] veth0_macvtap: entered promiscuous mode
[   91.415927][ T5952] veth1_macvtap: entered promiscuous mode
[   91.423347][ T5951] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.446624][ T5956] veth0_vlan: entered promiscuous mode
[   91.453685][ T5956] veth1_vlan: entered promiscuous mode
[   91.464659][ T5965] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.489192][ T5952] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.506993][ T5952] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.543817][ T5951] veth0_vlan: entered promiscuous mode
[   91.557004][ T5956] veth0_macvtap: entered promiscuous mode
[   91.580862][ T5951] veth1_vlan: entered promiscuous mode
[   91.591798][ T5965] veth0_vlan: entered promiscuous mode
[   91.598013][ T5952] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.614496][ T5952] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.620414][ T5952] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.625111][ T5952] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.645771][ T5956] veth1_macvtap: entered promiscuous mode
[   91.678561][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   91.682143][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.717358][ T5956] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.795158][ T5956] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   91.799070][ T5956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.802828][ T5956] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.808278][ T5956] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.810950][ T5956] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.817326][ T5956] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.828668][ T5956] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.840696][ T5965] veth1_vlan: entered promiscuous mode
[   91.866823][ T5965] veth0_macvtap: entered promiscuous mode
[   91.891354][ T5951] veth0_macvtap: entered promiscuous mode
[   91.941813][ T5965] veth1_macvtap: entered promiscuous mode
[   91.949739][ T5951] veth1_macvtap: entered promiscuous mode
[   92.053521][ T5965] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.071391][ T5965] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.078605][ T5965] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.082083][ T5965] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.086870][ T5965] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.110789][ T5951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.116246][ T5951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.120520][ T5951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.123846][ T5951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.130074][ T5951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.133108][ T5951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.142758][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.150919][ T5965] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.154691][ T5965] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.158010][ T5965] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.161118][ T5965] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.180877][ T5965] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.226214][ T5951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.230023][ T5951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.232633][ T5951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.235710][ T5951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.239228][ T5951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.242841][ T5951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.247543][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.271712][ T5951] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.289399][ T5951] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.299289][ T5951] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.302978][ T5951] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.312414][ T5965] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.315629][ T5965] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.320684][ T5965] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.326051][ T5965] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.346337][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.350750][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.366644][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.388376][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.404991][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.409851][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.444221][  T211] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.457520][  T211] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.494840][ T5955] Bluetooth: hci1: command tx timeout
[   92.652685][ T5955] Bluetooth: hci0: command tx timeout
[   92.719058][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.721916][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.739382][ T5955] Bluetooth: hci2: command tx timeout
[   92.739422][ T5955] Bluetooth: hci3: command tx timeout
[   92.758355][  T211] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.774903][  T211] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.821141][ T1243] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.825569][ T1243] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.882574][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.894034][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.912984][ T5952] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   93.258480][ T6022] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   93.328155][ T6022] kAFS: unable to lookup cell '.,'
[   93.368131][ T6021] mmap: syz.2.3 (6021) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   93.426884][ T5635] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   93.592923][ T5635] usb 8-1: Using ep0 maxpacket: 8
[   93.623189][ T5635] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[   93.626381][ T5635] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   93.632337][ T5635] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   93.644967][ T5635] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   93.650400][ T5635] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   93.660167][ T5635] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   93.666049][ T5635] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.905400][ T5635] usb 8-1: GET_CAPABILITIES returned 0
[   93.908684][ T5635] usbtmc 8-1:16.0: can't read capabilities
[   94.174635][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   94.184614][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   94.574150][ T5961] Bluetooth: hci1: command tx timeout
[   94.710839][ T6029] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   94.727970][ T5961] Bluetooth: hci0: command tx timeout
[   94.813234][ T5961] Bluetooth: hci3: command tx timeout
[   94.814119][ T5955] Bluetooth: hci2: command tx timeout
[   95.013051][ T6036] netlink: 'syz.3.4': attribute type 10 has an invalid length.
[   95.232287][    T0] NOHZ tick-stop error: local softirq work is pending, handler #102!!!
[   95.235137][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   95.252397][ T6036] team0: Port device geneve1 added
[   95.366905][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   95.403523][ T6042] syz.0.7[6042] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   95.403638][ T6042] syz.0.7[6042] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   95.427935][ T6042] syz.0.7[6042] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   95.445869][   T57] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   95.629746][   T57] usb 7-1: device descriptor read/64, error -71
[   95.807822][   T30] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   95.874083][   T57] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[   95.966449][   T30] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   95.970100][   T30] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 109, changing to 10
[   95.974978][   T30] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 42584, setting to 1024
[   95.987854][   T30] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   95.992344][   T30] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.009411][   T57] usb 7-1: device descriptor read/64, error -71
[   96.016136][ T6042] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[   96.031204][   T30] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[   96.120984][   T57] usb usb7-port1: attempt power cycle
[   96.299054][ T6042] afs: Unknown parameter '®ÁAˆ»'
[   96.323850][ T6013] usb 5-1: USB disconnect, device number 2
[   96.458107][ T6024] usb 8-1: USB disconnect, device number 2
[   96.567292][ T6054] netlink: 'syz.3.10': attribute type 10 has an invalid length.
[   96.604139][ T6054] 8021q: adding VLAN 0 to HW filter on device batadv0
[   96.610335][ T6054] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   96.702054][   T57] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[   96.805110][   T57] usb 7-1: device descriptor read/8, error -71
[   97.044319][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   97.098238][   T57] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[   97.198986][    T0] NOHZ tick-stop error: local softirq work is pending, handler #04!!!
[   97.216902][ T5955] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[   97.223354][ T5955] CPU: 1 UID: 0 PID: 5955 Comm: kworker/u33:2 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0
[   97.228271][  T839] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[   97.232630][ T5955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   97.232669][ T5955] Workqueue: hci3 hci_rx_work
[   97.232697][ T5955] Call Trace:
[   97.232705][ T5955]  <TASK>
[   97.232714][ T5955]  dump_stack_lvl+0x16c/0x1f0
[   97.232742][ T5955]  sysfs_warn_dup+0x7f/0xa0
[   97.232769][ T5955]  sysfs_create_dir_ns+0x24d/0x2b0
[   97.232795][ T5955]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[   97.232820][ T5955]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   97.232841][ T5955]  ? kobject_add_internal+0x12d/0x990
[   97.232863][ T5955]  ? do_raw_spin_unlock+0x172/0x230
[   97.232885][ T5955]  kobject_add_internal+0x2c8/0x990
[   97.232910][ T5955]  kobject_add+0x16f/0x240
[   97.232932][ T5955]  ? __pfx_kobject_add+0x10/0x10
[   97.232952][ T5955]  ? class_to_subsys+0x3e/0x160
[   97.232972][ T5955]  ? do_raw_spin_unlock+0x172/0x230
[   97.232992][ T5955]  ? kobject_put+0xab/0x5a0
[   97.233020][ T5955]  device_add+0x289/0x1a70
[   97.233037][ T5955]  ? __pfx_dev_set_name+0x10/0x10
[   97.233055][ T5955]  ? __pfx_device_add+0x10/0x10
[   97.233074][ T5955]  ? mgmt_send_event_skb+0x2f2/0x460
[   97.233100][ T5955]  hci_conn_add_sysfs+0x17e/0x230
[   97.233123][ T5955]  le_conn_complete_evt+0xfce/0x1d10
[   97.233149][ T5955]  ? __pfx_le_conn_complete_evt+0x10/0x10
[   97.233167][ T5955]  ? __mutex_lock+0x1cc/0xa60
[   97.233194][ T5955]  hci_le_conn_complete_evt+0x23c/0x370
[   97.233220][ T5955]  hci_le_meta_evt+0x2e2/0x5d0
[   97.233242][ T5955]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[   97.233265][ T5955]  hci_event_packet+0x666/0x1190
[   97.233286][ T5955]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   97.233308][ T5955]  ? __pfx_hci_event_packet+0x10/0x10
[   97.233327][ T5955]  ? mark_held_locks+0x9f/0xe0
[   97.233354][ T5955]  ? kcov_remote_start+0x3cf/0x6e0
[   97.233373][ T5955]  ? lockdep_hardirqs_on+0x7c/0x110
[   97.233399][ T5955]  hci_rx_work+0x2c5/0x16b0
[   97.233422][ T5955]  ? process_one_work+0x8bb/0x1b30
[   97.233442][ T5955]  process_one_work+0x958/0x1b30
[   97.233467][ T5955]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   97.233486][ T5955]  ? __pfx_process_one_work+0x10/0x10
[   97.233502][ T5955]  ? rcu_is_watching+0x12/0xc0
[   97.233567][ T5955]  ? assign_work+0x1a0/0x250
[   97.233599][ T5955]  worker_thread+0x6c8/0xf00
[   97.233625][ T5955]  ? __pfx_worker_thread+0x10/0x10
[   97.233640][ T5955]  kthread+0x2c1/0x3a0
[   97.233659][ T5955]  ? _raw_spin_unlock_irq+0x23/0x50
[   97.233677][ T5955]  ? __pfx_kthread+0x10/0x10
[   97.233697][ T5955]  ret_from_fork+0x45/0x80
[   97.233715][ T5955]  ? __pfx_kthread+0x10/0x10
[   97.233737][ T5955]  ret_from_fork_asm+0x1a/0x30
[   97.233774][ T5955]  </TASK>
[   97.246189][ T5955] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[   97.287035][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   97.290693][ T5955] Bluetooth: hci3: failed to register connection device
[   97.540449][   T57] usb 7-1: device descriptor read/8, error -71
[   97.648066][   T57] usb usb7-port1: unable to enumerate USB device
[   98.251081][    T0] NOHZ tick-stop error: local softirq work is pending, handler #4a!!!
[   99.054049][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   99.640255][ T6083] netlink: 168 bytes leftover after parsing attributes in process `syz.2.17'.
[  100.751017][  T839] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  101.073039][ T6104] netlink: 32 bytes leftover after parsing attributes in process `syz.0.20'.
[  102.949525][   T35] cfg80211: failed to load regulatory.db
[  104.174914][ T5955] Bluetooth: hci3: command 0x0406 tx timeout
[  104.782772][ T6150] syz.2.27: attempt to access beyond end of device
[  104.782772][ T6150] nbd2: rw=0, sector=16, nr_sectors = 2 limit=0
[  104.835704][ T6151] Zero length message leads to an empty skb
[  109.449615][ T6161] netlink: 8 bytes leftover after parsing attributes in process `syz.1.29'.
[  111.034767][ T6184] xt_hashlimit: max too large, truncated to 1048576
[  111.317504][ T6196] netlink: 'syz.2.36': attribute type 1 has an invalid length.
[  112.063686][ T6197] infiniband syz0: set active
[  112.065736][ T6197] infiniband syz0: added bond0
[  112.249873][ T6197] RDS/IB: syz0: added
[  112.252498][ T6197] smc: adding ib device syz0 with port count 1
[  112.320363][ T6197] smc:    ib device syz0 port 1 has pnetid 
[  112.480570][ T6207] loop2: detected capacity change from 0 to 7
[  112.592072][ T6207] Dev loop2: unable to read RDB block 7
[  112.600966][ T6207]  loop2: unable to read partition table
[  112.624850][ T6207] loop2: partition table beyond EOD, truncated
[  112.632123][ T6207] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  112.708524][ T6208] Dev loop2: unable to read RDB block 7
[  112.713300][ T6208]  loop2: unable to read partition table
[  112.807040][ T6208] loop2: partition table beyond EOD, truncated
[  112.814089][ T6208] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  112.934825][ T6212] kAFS: unable to lookup cell '.,'
[  113.833785][    T8] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  115.074598][ T6255] netlink: 'syz.1.52': attribute type 21 has an invalid length.
[  115.090222][ T6255] netlink: 128 bytes leftover after parsing attributes in process `syz.1.52'.
[  115.096050][ T6255] netlink: 'syz.1.52': attribute type 4 has an invalid length.
[  115.100221][ T6255] netlink: 'syz.1.52': attribute type 3 has an invalid length.
[  115.103466][ T6255] netlink: 3 bytes leftover after parsing attributes in process `syz.1.52'.
[  115.684162][ T6013] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  115.892492][ T6013] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  115.897891][ T6013] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  115.957381][ T6013] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  115.992775][ T6013] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.998385][ T6013] usb 5-1: config 0 descriptor??
[  116.003362][ T6013] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  116.006071][ T6013] dvb-usb: bulk message failed: -22 (3/0)
[  116.107063][ T6013] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  116.180943][ T6013] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  116.183240][ T6013] usb 5-1: media controller created
[  116.229589][ T6013] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  116.277970][ T6271] netlink: 4 bytes leftover after parsing attributes in process `syz.0.55'.
[  116.310053][ T6271] dibusb: i2c wr: len=62 is too big!
[  116.310053][ T6271] 
[  116.358785][ T6013] dvb-usb: bulk message failed: -22 (6/0)
[  116.405403][ T6013] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  116.411744][ T6013] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb5/5-1/input/input5
[  116.452965][ T6013] dvb-usb: schedule remote query interval to 150 msecs.
[  116.584949][   T39] audit: type=1800 audit(1734853742.519:2): pid=6295 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.56" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  116.976593][ T6013] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  116.988167][ T6013] usb 5-1: USB disconnect, device number 3
[  117.249991][ T6013] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  118.766387][ T6326] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.836511][    C3] vkms_vblank_simulate: vblank timer overrun
[  118.884013][    C3] vkms_vblank_simulate: vblank timer overrun
[  119.078697][ T6326] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.129784][ T6338] netlink: 'syz.1.62': attribute type 4 has an invalid length.
[  119.301228][    C3] vkms_vblank_simulate: vblank timer overrun
[  119.338367][ T6326] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.362508][ T6344] netlink: 'syz.3.65': attribute type 4 has an invalid length.
[  119.460721][ T6326] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.696170][ T6326] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  119.709444][ T6326] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  119.735987][    C3] vkms_vblank_simulate: vblank timer overrun
[  119.737035][ T6326] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  119.745701][ T6326] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  119.996543][    C3] vkms_vblank_simulate: vblank timer overrun
[  120.667844][    C3] vkms_vblank_simulate: vblank timer overrun
[  120.884600][ T3549] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  121.284129][    C3] vkms_vblank_simulate: vblank timer overrun
[  121.371883][    C3] vkms_vblank_simulate: vblank timer overrun
[  121.505467][ T6374] input: syz0 as /devices/virtual/input/input6
[  121.516331][ T6374] input: failed to attach handler leds to device input6, error: -6
[  122.111657][ T5961] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  122.118440][ T5961] CPU: 0 UID: 0 PID: 5961 Comm: kworker/u33:3 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0
[  122.122684][ T5961] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  122.137519][ T5961] Workqueue: hci1 hci_rx_work
[  122.139953][ T5961] Call Trace:
[  122.142175][ T5961]  <TASK>
[  122.143690][ T5961]  dump_stack_lvl+0x16c/0x1f0
[  122.146994][ T5961]  sysfs_warn_dup+0x7f/0xa0
[  122.149352][ T5961]  sysfs_create_dir_ns+0x24d/0x2b0
[  122.151830][ T5961]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  122.161969][ T5961]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  122.165433][ T5961]  ? kobject_add_internal+0x12d/0x990
[  122.168406][ T5961]  ? do_raw_spin_unlock+0x172/0x230
[  122.170971][ T5961]  kobject_add_internal+0x2c8/0x990
[  122.173619][ T5961]  kobject_add+0x16f/0x240
[  122.175788][ T5961]  ? __pfx_kobject_add+0x10/0x10
[  122.178184][ T5961]  ? class_to_subsys+0x3e/0x160
[  122.180700][ T5961]  ? do_raw_spin_unlock+0x172/0x230
[  122.183425][ T5961]  ? kobject_put+0xab/0x5a0
[  122.185857][ T5961]  device_add+0x289/0x1a70
[  122.188241][ T5961]  ? __pfx_dev_set_name+0x10/0x10
[  122.190853][ T5961]  ? __pfx_device_add+0x10/0x10
[  122.193495][ T5961]  ? mgmt_send_event_skb+0x2f2/0x460
[  122.196197][ T5961]  hci_conn_add_sysfs+0x17e/0x230
[  122.198764][ T5961]  le_conn_complete_evt+0xfce/0x1d10
[  122.202077][ T5961]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  122.205344][ T5961]  ? __mutex_lock+0x1cc/0xa60
[  122.208694][ T5961]  hci_le_enh_conn_complete_evt+0x23d/0x380
[  122.212383][ T5961]  ? skb_pull_data+0x166/0x210
[  122.214846][ T5961]  hci_le_meta_evt+0x2e2/0x5d0
[  122.217394][ T5961]  ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[  122.220690][ T5961]  hci_event_packet+0x666/0x1190
[  122.223249][ T5961]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  122.225985][ T5961]  ? __pfx_hci_event_packet+0x10/0x10
[  122.228752][ T5961]  ? mark_held_locks+0x9f/0xe0
[  122.230558][ T5961]  ? kcov_remote_start+0x3cf/0x6e0
[  122.232688][ T5961]  ? lockdep_hardirqs_on+0x7c/0x110
[  122.234658][ T5961]  hci_rx_work+0x2c5/0x16b0
[  122.236543][ T5961]  ? process_one_work+0x8bb/0x1b30
[  122.238741][ T5961]  process_one_work+0x958/0x1b30
[  122.241616][ T5961]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  122.244128][ T5961]  ? __pfx_process_one_work+0x10/0x10
[  122.247306][ T5961]  ? rcu_is_watching+0x12/0xc0
[  122.249865][ T5961]  ? assign_work+0x1a0/0x250
[  122.251461][ T5961]  worker_thread+0x6c8/0xf00
[  122.253124][ T5961]  ? __kthread_parkme+0x148/0x220
[  122.255040][ T5961]  ? __pfx_worker_thread+0x10/0x10
[  122.258144][ T5961]  kthread+0x2c1/0x3a0
[  122.259603][ T5961]  ? _raw_spin_unlock_irq+0x23/0x50
[  122.261284][ T5961]  ? __pfx_kthread+0x10/0x10
[  122.262994][ T5961]  ret_from_fork+0x45/0x80
[  122.265043][ T5961]  ? __pfx_kthread+0x10/0x10
[  122.267002][ T5961]  ret_from_fork_asm+0x1a/0x30
[  122.269008][ T5961]  </TASK>
[  122.270760][ T5961] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  122.277493][ T5961] Bluetooth: hci1: failed to register connection device
[  122.540351][ T6393] netlink: 12 bytes leftover after parsing attributes in process `syz.2.76'.
[  122.543460][ T6393] netlink: 12 bytes leftover after parsing attributes in process `syz.2.76'.
[  122.758333][ T5962] Bluetooth: hci3: command 0x0406 tx timeout
[  123.092124][    C3] vkms_vblank_simulate: vblank timer overrun
[  123.183799][    C3] vkms_vblank_simulate: vblank timer overrun
[  123.767431][   T35] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  123.914128][   T35] usb 7-1: device descriptor read/64, error -71
[  124.174195][   T35] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  124.324114][ T5955] Bluetooth: hci1: command tx timeout
[  124.373429][   T35] usb 7-1: device descriptor read/64, error -71
[  124.506532][   T35] usb usb7-port1: attempt power cycle
[  124.854095][   T35] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  124.874857][   T35] usb 7-1: device descriptor read/8, error -71
[  124.894296][ T3549] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  125.120161][ T3549] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  125.122790][ T3549] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  125.126051][ T3549] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  125.130202][ T3549] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  125.138802][ T3549] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  125.157526][   T35] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  125.157983][ T3549] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  125.170458][ T3549] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  125.173341][ T3549] usb 6-1: Product: syz
[  125.175138][   T35] usb 7-1: device descriptor read/8, error -71
[  125.176118][ T3549] usb 6-1: Manufacturer: syz
[  125.224460][ T3549] cdc_wdm 6-1:1.0: skipping garbage
[  125.226945][ T3549] cdc_wdm 6-1:1.0: skipping garbage
[  125.231534][ T3549] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  125.245055][ T3549] cdc_wdm 6-1:1.0: Unknown control protocol
[  125.313046][   T35] usb usb7-port1: unable to enumerate USB device
[  125.454297][ T5955] Bluetooth: hci3: command 0x0406 tx timeout
[  126.628897][ T6419] 9pnet_fd: Insufficient options for proto=fd
[  126.946362][ T6423] netlink: 36 bytes leftover after parsing attributes in process `syz.2.85'.
[  127.227646][ T6423] netlink: 20 bytes leftover after parsing attributes in process `syz.2.85'.
[  127.559821][ T6432] Bluetooth: MGMT ver 1.23
[  127.591742][ T6432] binder_alloc: 6431: binder_install_single_page failed to insert page at offset 0 with -14
[  128.040470][ T5993] usb 6-1: USB disconnect, device number 2
[  128.644595][ T6012] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  130.288173][ T6460] [U] 
[  130.297608][ T6460] netlink: 4 bytes leftover after parsing attributes in process `syz.2.97'.
[  130.574690][    C2] vkms_vblank_simulate: vblank timer overrun
[  131.439824][ T6481] vxcan3: entered promiscuous mode
[  131.441855][ T6481] vxcan3: entered allmulticast mode
[  131.547866][ T6482] block device autoloading is deprecated and will be removed.
[  131.814390][    C2] vkms_vblank_simulate: vblank timer overrun
[  131.861575][    C2] vkms_vblank_simulate: vblank timer overrun
[  132.363782][    C2] vkms_vblank_simulate: vblank timer overrun
[  132.511774][ T6501] vlan2: entered promiscuous mode
[  132.547616][ T6501] vlan2: entered allmulticast mode
[  132.550006][ T6501] hsr_slave_1: entered allmulticast mode
[  132.635731][    C2] vkms_vblank_simulate: vblank timer overrun
[  133.497292][    C2] vkms_vblank_simulate: vblank timer overrun
[  133.517867][ T6514] program syz.3.116 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  133.601829][ T6518] ubi0: attaching mtd0
[  133.604877][ T6518] ubi0: scanning is finished
[  133.606413][ T6518] ubi0: empty MTD device detected
[  133.662206][ T6521] FAT-fs (sr0): bogus number of reserved sectors
[  133.665657][ T6521] FAT-fs (sr0): Can't find a valid FAT filesystem
[  133.811922][ T6518] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  133.815610][ T6518] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  133.819555][ T6518] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  133.822649][ T6518] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  133.825547][ T6518] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  133.837149][ T6518] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  133.839432][ T6518] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1973414999
[  133.842809][ T6518] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  133.848335][ T6525] ubi0: background thread "ubi_bgt0d" started, PID 6525
[  134.353519][ T6528] warning: `syz.3.120' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  134.363731][    C2] vkms_vblank_simulate: vblank timer overrun
[  134.482376][ T6528] random: crng reseeded on system resumption
[  134.712979][    C2] vkms_vblank_simulate: vblank timer overrun
[  134.773543][ T6542] overlayfs: missing 'lowerdir'
[  134.823484][ T6542] overlayfs: overlapping lowerdir path
[  134.981329][ T6545] capability: warning: `syz.3.126' uses deprecated v2 capabilities in a way that may be insecure
[  135.443872][    C2] vkms_vblank_simulate: vblank timer overrun
[  136.016507][ T6553] bridge: RTM_NEWNEIGH with invalid ether address
[  136.650714][ T6559] e1000e 0000:00:02.0 eth1: NIC Link is Down
[  137.270168][ T6558] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  137.322764][ T6558] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  137.377609][ T6558] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  137.382169][ T6558] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  137.385531][ T6558] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  137.417516][ T6558] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  137.461805][ T6558] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  137.869458][ T6558] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  137.873022][ T6558] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  137.880374][ T6558] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  137.907955][ T6558] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  137.911366][ T6558] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  137.928168][ T6558] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  137.959637][ T6558] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  138.419869][ T5955] Bluetooth: hci0: command 0x0c1a tx timeout
[  138.600292][ T6012] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  138.800220][ T6593] syz.0.139: attempt to access beyond end of device
[  138.800220][ T6593] loop0: rw=6144, sector=128, nr_sectors = 8 limit=0
[  138.823492][ T6593] gfs2: error -5 reading superblock
[  139.122410][ T6597] netlink: 'syz.0.141': attribute type 10 has an invalid length.
[  139.126930][ T6597] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.130828][ T6597] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.160126][ T6597] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.163516][ T6597] bridge0: port 2(bridge_slave_1) entered forwarding state
[  139.167709][ T6597] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.171015][ T6597] bridge0: port 1(bridge_slave_0) entered forwarding state
[  139.176940][ T6597] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  139.196442][ T6597] batadv1: entered promiscuous mode
[  139.198256][ T6597] batadv1: entered allmulticast mode
[  139.584118][ T5955] Bluetooth: hci1: command 0x0c1a tx timeout
[  140.236317][ T5955] Bluetooth: hci3: command 0x0406 tx timeout
[  140.241393][ T5955] Bluetooth: hci2: command 0x0c1a tx timeout
[  140.270611][ T6604] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR
[  140.514449][ T5962] Bluetooth: hci0: command 0x0c1a tx timeout
[  141.104669][ T6618] random: crng reseeded on system resumption
[  141.634714][ T5962] Bluetooth: hci1: command 0x0c1a tx timeout
[  141.800665][ T6628] Illegal XDP return value 6628 on prog  (id 19) dev N/A, expect packet loss!
[  141.869465][ T6631] netlink: 'syz.2.149': attribute type 2 has an invalid length.
[  142.332044][ T5955] Bluetooth: hci3: command 0x0406 tx timeout
[  142.337998][ T5962] Bluetooth: hci2: command 0x0c1a tx timeout
[  142.588750][ T5962] Bluetooth: hci0: command 0x0c1a tx timeout
[  142.736412][ T6640] netlink: 20 bytes leftover after parsing attributes in process `syz.0.151'.
[  142.852153][ T6641] ubi: mtd0 is already attached to ubi0
[  143.053739][ T6644] bond1 (unregistering): Released all slaves
[  143.700752][ T5962] Bluetooth: hci1: command 0x0c1a tx timeout
[  143.847840][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  144.431234][ T5962] Bluetooth: hci2: command 0x0c1a tx timeout
[  144.433315][ T5962] Bluetooth: hci3: command 0x0406 tx timeout
[  144.944566][ T6678] FAULT_INJECTION: forcing a failure.
[  144.944566][ T6678] name failslab, interval 1, probability 0, space 0, times 0
[  144.952103][ T6678] CPU: 2 UID: 0 PID: 6678 Comm: syz.2.161 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0
[  144.955918][ T6678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  144.959780][ T6678] Call Trace:
[  144.960976][ T6678]  <TASK>
[  144.962103][ T6678]  dump_stack_lvl+0x16c/0x1f0
[  144.963857][ T6678]  should_fail_ex+0x497/0x5b0
[  144.965652][ T6678]  ? fs_reclaim_acquire+0xae/0x150
[  144.981976][ T6678]  should_failslab+0xc2/0x120
[  144.984488][ T6678]  __kmalloc_noprof+0xce/0x4f0
[  144.986935][ T6678]  ? tomoyo_encode2+0x100/0x3e0
[  144.989501][ T6678]  tomoyo_encode2+0x100/0x3e0
[  144.994811][ T6678]  tomoyo_realpath_from_path+0x1a7/0x710
[  145.000876][ T6678]  ? tomoyo_path_number_perm+0x235/0x5b0
[  145.004062][ T6678]  tomoyo_path_number_perm+0x248/0x5b0
[  145.009776][ T6678]  ? tomoyo_path_number_perm+0x235/0x5b0
[  145.013939][ T6678]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  145.019978][ T6678]  ? __pfx_lock_release+0x10/0x10
[  145.040506][ T6678]  ? trace_lock_acquire+0x14e/0x1f0
[  145.043251][ T6678]  ? lock_acquire+0x2f/0xb0
[  145.045669][ T6678]  ? __fget_files+0x40/0x3a0
[  145.048176][ T6678]  ? __fget_files+0x206/0x3a0
[  145.050580][ T6678]  security_file_ioctl_compat+0x9b/0x240
[  145.053404][ T6678]  __do_compat_sys_ioctl+0x4e/0x2c0
[  145.056048][ T6678]  __do_fast_syscall_32+0x73/0x120
[  145.058745][ T6678]  do_fast_syscall_32+0x32/0x80
[  145.061201][ T6678]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  145.064257][ T6678] RIP: 0023:0xf7ff1579
[  145.065493][ T6678] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  145.074232][ T6678] RSP: 002b:00000000f514655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  145.076876][ T6678] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000005000940b
[  145.080581][ T6678] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  145.084547][ T6678] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  145.094378][ T6678] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  145.098451][ T6678] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  145.103444][ T6678]  </TASK>
[  145.117678][ T6678] ERROR: Out of memory at tomoyo_realpath_from_path.
[  145.777726][ T5955] Bluetooth: hci1: command 0x0c1a tx timeout
[  146.220740][ T6695] netlink: 8 bytes leftover after parsing attributes in process `syz.1.168'.
[  146.498461][ T5955] Bluetooth: hci3: command 0x0406 tx timeout
[  149.798542][ T6709] bridge0: port 3(syz_tun) entered blocking state
[  149.802725][ T6709] bridge0: port 3(syz_tun) entered disabled state
[  149.807657][ T6709] syz_tun: entered allmulticast mode
[  149.811431][ T6709] syz_tun: entered promiscuous mode
[  149.832662][ T6709] bridge0: port 3(syz_tun) entered blocking state
[  149.836448][ T6709] bridge0: port 3(syz_tun) entered forwarding state
[  150.304299][ T6724] FAULT_INJECTION: forcing a failure.
[  150.304299][ T6724] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  150.320208][ T6724] CPU: 3 UID: 0 PID: 6724 Comm: syz.0.175 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0
[  150.325458][ T6724] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  150.338115][ T6724] Call Trace:
[  150.339398][ T6724]  <TASK>
[  150.349290][ T6724]  dump_stack_lvl+0x16c/0x1f0
[  150.354335][ T6724]  should_fail_ex+0x497/0x5b0
[  150.363366][ T6724]  _copy_from_user+0x2e/0xd0
[  150.365127][ T6724]  get_compat_msghdr+0xa8/0x170
[  150.376393][ T6724]  ? __pfx_get_compat_msghdr+0x10/0x10
[  150.386076][ T6724]  ___sys_sendmsg+0x1b0/0x1e0
[  150.392742][ T6724]  ? __pfx____sys_sendmsg+0x10/0x10
[  150.420747][ T6724]  ? __pfx_lock_release+0x10/0x10
[  150.422693][ T6724]  ? trace_lock_acquire+0x14e/0x1f0
[  150.425383][ T6724]  ? __fget_files+0x206/0x3a0
[  150.427463][ T6724]  __sys_sendmsg+0x16e/0x220
[  150.429854][ T6724]  ? __pfx___sys_sendmsg+0x10/0x10
[  150.432625][ T6724]  __do_fast_syscall_32+0x73/0x120
[  150.435206][ T6724]  do_fast_syscall_32+0x32/0x80
[  150.437452][ T6724]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  150.440193][ T6724] RIP: 0023:0xf7f71579
[  150.444891][ T6724] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  150.455752][ T6724] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  150.459134][ T6724] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000
[  150.462426][ T6724] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  150.465442][ T6724] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  150.469930][ T6724] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  150.474740][ T6724] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  150.479602][ T6724]  </TASK>
[  150.601264][ T6731] omfs: Invalid superblock (0)
[  151.233582][ T6741] netlink: 'syz.2.179': attribute type 9 has an invalid length.
[  152.012046][ T5962] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  152.017687][ T5962] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  152.022547][ T5962] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  152.028454][ T5962] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  152.033580][ T5962] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  152.043847][ T5962] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  152.177764][ T3549] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  152.392318][ T3549] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  152.408759][ T3549] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  152.416770][ T3549] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  152.447167][ T3549] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  152.536487][ T6746] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  152.558970][ T3549] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  152.716019][ T6756] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  153.095367][ T6749] chnl_net:caif_netlink_parms(): no params data found
[  153.458425][ T6769] virtio-fs: tag <(null)> not found
[  153.680467][   T35] usb 5-1: USB disconnect, device number 4
[  153.977461][ T6749] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.982710][ T6749] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.986252][ T6749] bridge_slave_0: entered allmulticast mode
[  153.993291][ T6749] bridge_slave_0: entered promiscuous mode
[  154.024134][ T6749] bridge0: port 2(bridge_slave_1) entered blocking state
[  154.033630][ T6749] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.040678][ T6749] bridge_slave_1: entered allmulticast mode
[  154.044075][ T6749] bridge_slave_1: entered promiscuous mode
[  154.095031][ T5962] Bluetooth: hci4: command tx timeout
[  154.306372][ T6749] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  154.323490][ T6749] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  154.389073][ T6749] team0: Port device team_slave_0 added
[  154.397713][ T6749] team0: Port device team_slave_1 added
[  154.487425][ T6773] netlink: 44 bytes leftover after parsing attributes in process `syz.1.185'.
[  154.551901][ T6749] batman_adv: batadv0: Adding interface: batadv_slave_0
[  154.555565][ T6749] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  154.568589][ T6749] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  154.585763][ T6749] batman_adv: batadv0: Adding interface: batadv_slave_1
[  154.588453][ T6749] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  154.606864][ T6749] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  154.809137][ T6749] hsr_slave_0: entered promiscuous mode
[  154.824289][ T6749] hsr_slave_1: entered promiscuous mode
[  154.827855][ T6749] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  154.830405][ T6749] Cannot create hsr debugfs directory
[  155.208927][ T6781] openvswitch: netlink: Key type 34 is out of range max 32
[  155.214501][ T6781] netlink: 'syz.0.187': attribute type 10 has an invalid length.
[  155.274291][ T6781] bridge0: port 3(syz_tun) entered disabled state
[  155.276735][ T6781] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.279272][ T6781] bridge0: port 1(bridge_slave_0) entered disabled state
[  155.291855][ T6782] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  155.329764][ T6781] netlink: 4 bytes leftover after parsing attributes in process `syz.0.187'.
[  155.350614][ T6781] syz_tun: left allmulticast mode
[  155.352296][ T6781] syz_tun: left promiscuous mode
[  155.357185][ T6781] bridge0: port 3(syz_tun) entered disabled state
[  155.401579][ T6781] bridge_slave_1: left allmulticast mode
[  155.403858][ T6781] bridge_slave_1: left promiscuous mode
[  155.417074][ T6781] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.452872][ T6781] bridge_slave_0: left allmulticast mode
[  155.456048][ T6781] bridge_slave_0: left promiscuous mode
[  155.459068][ T6781] bridge0: port 1(bridge_slave_0) entered disabled state
[  155.525002][ T6781] bond0: (slave bridge0): Releasing backup interface
[  155.824091][ T6784] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  155.836393][ T6749] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  155.897538][ T6749] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  155.937126][ T6749] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  155.951035][ T6749] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  156.072554][ T6749] 8021q: adding VLAN 0 to HW filter on device bond0
[  156.102358][ T6749] 8021q: adding VLAN 0 to HW filter on device team0
[  156.117262][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[  156.117351][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[  156.147338][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[  156.147404][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[  156.164213][ T5962] Bluetooth: hci4: command tx timeout
[  156.444717][ T6749] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  156.914520][ T6802] netlink: 12 bytes leftover after parsing attributes in process `syz.2.191'.
[  157.841764][ T6749] 8021q: adding VLAN 0 to HW filter on device batadv0
[  158.251717][ T5962] Bluetooth: hci4: command tx timeout
[  158.332464][ T6749] veth0_vlan: entered promiscuous mode
[  158.349132][ T6749] veth1_vlan: entered promiscuous mode
[  158.392256][ T6749] veth0_macvtap: entered promiscuous mode
[  158.404894][ T6749] veth1_macvtap: entered promiscuous mode
[  158.413331][ T6749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  158.434208][ T6749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.437175][ T6749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  158.440429][ T6749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.449773][ T6749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  158.456013][ T6749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.475117][ T6749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  158.478712][ T6749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.503619][ T6749] batman_adv: batadv0: Interface activated: batadv_slave_0
[  158.528723][ T6749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  158.535939][ T6749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.544982][ T6749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  158.551084][ T6824] overlayfs: missing 'lowerdir'
[  158.555465][ T6749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.555521][ T6749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  158.555535][ T6749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.555548][ T6749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  158.555561][ T6749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  158.556529][ T6749] batman_adv: batadv0: Interface activated: batadv_slave_1
[  158.623467][ T6749] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  158.631654][ T6749] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  158.640737][ T6749] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  158.653760][ T6749] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  159.272721][ T1243] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  159.275368][ T1243] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  159.282486][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  159.324105][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  160.059329][   T65] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.335284][ T5962] Bluetooth: hci4: command tx timeout
[  160.558889][   T65] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.030036][ T6848] Invalid ELF header magic: != ELF
[  161.036656][   T65] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.223805][   T65] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.701899][ T6876] FAULT_INJECTION: forcing a failure.
[  161.701899][ T6876] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  161.706895][ T6876] CPU: 1 UID: 0 PID: 6876 Comm: syz.1.208 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0
[  161.713761][ T6876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  161.730078][ T6876] Call Trace:
[  161.731510][ T6876]  <TASK>
[  161.732406][ T6876]  dump_stack_lvl+0x16c/0x1f0
[  161.749923][ T6876]  should_fail_ex+0x497/0x5b0
[  161.753699][   T65] bridge_slave_1: left allmulticast mode
[  161.763706][ T6876]  _copy_from_user+0x2e/0xd0
[  161.763766][ T6876]  do_ip_getsockopt+0x314/0x2bf0
[  161.763791][ T6876]  ? __pfx_do_ip_getsockopt+0x10/0x10
[  161.763812][ T6876]  ? __pfx___lock_acquire+0x10/0x10
[  161.763829][ T6876]  ? __pfx___lock_acquire+0x10/0x10
[  161.763846][ T6876]  ? hlock_class+0x4e/0x130
[  161.763871][ T6876]  ? lock_acquire.part.0+0x11b/0x380
[  161.763892][ T6876]  ? __mutex_trylock_common+0xea/0x250
[  161.763908][ T6876]  ? __pfx___mutex_trylock_common+0x10/0x10
[  161.763925][ T6876]  ? smc_getsockopt+0xbd/0x360
[  161.763951][ T6876]  ? rcu_is_watching+0x12/0xc0
[  161.763970][ T6876]  ? trace_contention_end+0xee/0x140
[  161.763987][ T6876]  ? __mutex_lock+0x1cc/0xa60
[  161.764012][ T6876]  ip_getsockopt+0x9c/0x1e0
[  161.764030][ T6876]  ? __pfx___mutex_lock+0x10/0x10
[  161.764051][ T6876]  ? __pfx_ip_getsockopt+0x10/0x10
[  161.764076][ T6876]  tcp_getsockopt+0x9e/0x100
[  161.764099][ T6876]  smc_getsockopt+0x163/0x360
[  161.764122][ T6876]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  161.764139][ T6876]  ? __pfx_smc_getsockopt+0x10/0x10
[  161.764163][ T6876]  ? find_held_lock+0x2d/0x110
[  161.764184][ T6876]  ? __pfx_smc_getsockopt+0x10/0x10
[  161.764208][ T6876]  do_sock_getsockopt+0x3fe/0x870
[  161.764236][ T6876]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  161.764253][ T6876]  ? lock_acquire+0x2f/0xb0
[  161.764267][ T6876]  ? __fget_files+0x40/0x3a0
[  161.764291][ T6876]  ? __fget_files+0x206/0x3a0
[  161.764314][ T6876]  __sys_getsockopt+0x12f/0x260
[  161.764342][ T6876]  __ia32_sys_getsockopt+0xbc/0x160
[  161.764363][ T6876]  ? lockdep_hardirqs_on+0x7c/0x110
[  161.764383][ T6876]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  161.764404][ T6876]  __do_fast_syscall_32+0x73/0x120
[  161.764427][ T6876]  do_fast_syscall_32+0x32/0x80
[  161.764448][ T6876]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  161.764472][ T6876] RIP: 0023:0xf7f67579
[  161.764486][ T6876] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  161.764501][ T6876] RSP: 002b:00000000f509555c EFLAGS: 00000296 ORIG_RAX: 000000000000016d
[  161.764519][ T6876] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  161.764530][ T6876] RDX: 0000000000000082 RSI: 0000000020000240 RDI: 0000000020000000
[  161.764541][ T6876] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  161.764551][ T6876] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  161.764561][ T6876] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  161.764583][ T6876]  </TASK>
[  162.035907][   T65] bridge_slave_1: left promiscuous mode
[  162.039168][   T65] bridge0: port 2(bridge_slave_1) entered disabled state
[  162.136609][   T65] bridge_slave_0: left allmulticast mode
[  162.151647][   T65] bridge_slave_0: left promiscuous mode
[  162.156103][   T65] bridge0: port 1(bridge_slave_0) entered disabled state
[  162.245476][   T65] infiniband syz0: set down
[  162.603519][    C0] vkms_vblank_simulate: vblank timer overrun
[  162.783586][    C0] vkms_vblank_simulate: vblank timer overrun
[  162.927077][  T114] ==================================================================
[  162.937402][  T114] BUG: KASAN: use-after-free in do_raw_spin_lock+0x271/0x2c0
[  162.942268][  T114] Read of size 4 at addr ffff888024a88014 by task kswapd0/114
[  162.944763][  T114] 
[  162.945578][  T114] CPU: 2 UID: 0 PID: 114 Comm: kswapd0 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0
[  162.968611][  T114] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  162.972649][  T114] Call Trace:
[  162.973940][  T114]  <TASK>
[  162.975063][  T114]  dump_stack_lvl+0x116/0x1f0
[  162.997203][  T114]  print_report+0xc3/0x620
[  162.999534][  T114]  ? __virt_addr_valid+0x5e/0x590
[  163.001765][  T114]  ? __phys_addr+0xc6/0x150
[  163.006086][  T114]  kasan_report+0xd9/0x110
[  163.026702][  T114]  ? do_raw_spin_lock+0x271/0x2c0
[  163.029739][  T114]  ? do_raw_spin_lock+0x271/0x2c0
[  163.032850][  T114]  do_raw_spin_lock+0x271/0x2c0
[  163.035695][  T114]  ? rcu_is_watching+0x12/0xc0
[  163.055633][  T114]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  163.057458][  T114]  ? lock_acquire+0x2f/0xb0
[  163.058984][  T114]  ? z3fold_zpool_malloc+0xa78/0x14f0
[  163.061026][  T114]  z3fold_zpool_malloc+0xa78/0x14f0
[  163.063010][  T114]  zswap_store+0xe97/0x25d0
[  163.076334][  T114]  ? __pfx_zswap_store+0x10/0x10
[  163.078042][  T114]  ? swap_swapcount+0x13c/0x220
[  163.080066][  T114]  ? __mutex_unlock_slowpath+0x164/0x690
[  163.082843][  T114]  ? __pfx_swp_swap_info+0x10/0x10
[  163.085436][  T114]  ? __pfx_lock_release+0x10/0x10
[  163.097508][  T114]  swap_writepage+0x3b6/0x1120
[  163.101001][  T114]  shmem_writepage+0xf76/0x1490
[  163.103458][  T114]  ? __pfx_shmem_writepage+0x10/0x10
[  163.106424][  T114]  ? inode_to_bdi+0x9e/0x160
[  163.108801][  T114]  ? folio_clear_dirty_for_io+0x112/0x800
[  163.117209][  T114]  ? lock_acquire.part.0+0x11b/0x380
[  163.119791][  T114]  pageout+0x3b2/0xaa0
[  163.125811][  T114]  ? __pfx_pageout+0x10/0x10
[  163.127872][  T114]  ? __pfx_folio_referenced_one+0x10/0x10
[  163.129686][  T114]  ? __pfx_folio_lock_anon_vma_read+0x10/0x10
[  163.131728][  T114]  ? __pfx_invalid_folio_referenced_vma+0x10/0x10
[  163.133871][  T114]  ? lock_acquire+0x2f/0xb0
[  163.146406][  T114]  ? folio_evictable+0x2e/0x270
[  163.148833][  T114]  shrink_folio_list+0x3025/0x42d0
[  163.157538][  T114]  ? rcu_is_watching+0x12/0xc0
[  163.159723][  T114]  ? __pfx_shrink_folio_list+0x10/0x10
[  163.162378][  T114]  ? isolate_folios+0x1c57/0x3830
[  163.174098][  T114]  ? hlock_class+0x4e/0x130
[  163.175578][  T114]  ? mark_lock+0xb5/0xc60
[  163.177074][  T114]  ? mark_held_locks+0x9f/0xe0
[  163.178602][  T114]  evict_folios+0x6e3/0x19c0
[  163.180276][  T114]  ? do_shrink_slab+0xb2e/0x11c0
[  163.182120][  T114]  ? __pfx_evict_folios+0x10/0x10
[  163.194091][  T114]  ? find_held_lock+0x2d/0x110
[  163.195921][  T114]  ? __pfx___might_resched+0x10/0x10
[  163.198051][  T114]  ? mem_cgroup_get_nr_swap_pages+0x20/0x120
[  163.200288][  T114]  ? sc_swappiness+0xd4/0x190
[  163.206354][  T114]  try_to_shrink_lruvec+0x61e/0xa80
[  163.214027][  T114]  ? find_held_lock+0x2d/0x110
[  163.216347][  T114]  ? __pfx_try_to_shrink_lruvec+0x10/0x10
[  163.219085][  T114]  ? shrink_node+0xbd0/0x3f20
[  163.225432][  T114]  shrink_one+0x3e3/0x7b0
[  163.227176][  T114]  ? shrink_node+0xbd0/0x3f20
[  163.228956][  T114]  shrink_node+0xbf0/0x3f20
[  163.235829][  T114]  ? shrink_node+0x93e/0x3f20
[  163.237685][  T114]  ? __pfx_shrink_node+0x10/0x10
[  163.239573][  T114]  ? __pfx_lock_release+0x10/0x10
[  163.245320][  T114]  ? percpu_ref_put_many.constprop.0+0x1b/0x150
[  163.248662][  T114]  ? balance_pgdat+0xc1f/0x18f0
[  163.254346][  T114]  balance_pgdat+0xc1f/0x18f0
[  163.257149][  T114]  ? __pfx_balance_pgdat+0x10/0x10
[  163.265671][  T114]  ? __pfx___lock_acquire+0x10/0x10
[  163.267743][  T114]  ? __schedule+0xe60/0x5ad0
[  163.269475][  T114]  ? __pfx___lock_acquire+0x10/0x10
[  163.274642][  T114]  ? find_held_lock+0x2d/0x110
[  163.276446][  T114]  ? cgroup_freezing+0x155/0x3d0
[  163.285540][  T114]  kswapd+0x605/0xc00
[  163.287173][  T114]  ? __pfx_kswapd+0x10/0x10
[  163.288885][  T114]  ? __pfx_autoremove_wake_function+0x10/0x10
[  163.291112][  T114]  ? lockdep_hardirqs_on+0x7c/0x110
[  163.293039][  T114]  ? __kthread_parkme+0x148/0x220
[  163.305036][  T114]  ? __pfx_kswapd+0x10/0x10
[  163.307081][  T114]  kthread+0x2c1/0x3a0
[  163.309082][  T114]  ? _raw_spin_unlock_irq+0x23/0x50
[  163.311827][  T114]  ? __pfx_kthread+0x10/0x10
[  163.315412][  T114]  ret_from_fork+0x45/0x80
[  163.324378][  T114]  ? __pfx_kthread+0x10/0x10
[  163.326683][  T114]  ret_from_fork_asm+0x1a/0x30
[  163.329106][  T114]  </TASK>
[  163.330566][  T114] 
[  163.331731][  T114] The buggy address belongs to the physical page:
[  163.336086][  T114] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xc4 pfn:0x24a88
[  163.341284][  T114] memcg:ffff888000b54882
[  163.343091][  T114] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  163.346353][  T114] page_type: f2(table)
[  163.348012][  T114] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  163.351541][  T114] raw: 00000000000000c4 ffff888025b2c420 00000001f2000000 ffff888000b54882
[  163.356951][  T114] page dumped because: kasan: bad access detected
[  163.361687][  T114] page_owner tracks the page as allocated
[  163.364851][  T114] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x440dc0(GFP_KERNEL_ACCOUNT|__GFP_COMP|__GFP_ZERO), pid 6890, tgid 6890 (syz-executor), ts 163180952400, free_ts 162925293410
[  163.374868][  T114]  post_alloc_hook+0x2d1/0x350
[  163.375453][    C0] vkms_vblank_simulate: vblank timer overrun
[  163.377687][  T114]  get_page_from_freelist+0xfce/0x2f80
[  163.382362][  T114]  __alloc_pages_noprof+0x223/0x25b0
[  163.384889][  T114]  alloc_pages_mpol_noprof+0x2c9/0x610
[  163.387504][  T114]  pte_alloc_one+0x20/0x390
[  163.389919][  T114]  do_pte_missing+0x1ae7/0x3e00
[  163.392577][  T114]  __handle_mm_fault+0x103c/0x2a40
[  163.395443][  T114]  handle_mm_fault+0x3fa/0xaa0
[  163.399797][  T114]  do_user_addr_fault+0x60d/0x13f0
[  163.401590][  T114]  exc_page_fault+0x5c/0xc0
[  163.403099][  T114]  asm_exc_page_fault+0x26/0x30
[  163.404849][  T114] page last free pid 6887 tgid 6884 stack trace:
[  163.407060][  T114]  free_unref_page+0x661/0x1080
[  163.410472][  T114]  __folio_put+0x32a/0x450
[  163.411426][    C0] vkms_vblank_simulate: vblank timer overrun
[  163.413216][  T114]  migrate_folio_done+0x298/0x340
[  163.417725][  T114]  migrate_pages_batch+0x1d08/0x3150
[  163.420211][  T114]  migrate_pages_sync+0x109/0x8f0
[  163.422563][  T114]  migrate_pages+0x1a46/0x21f0
[  163.425001][  T114]  compact_zone+0x1f68/0x4280
[  163.427310][  T114]  compact_zone_order+0x16b/0x240
[  163.429140][  T114]  try_to_compact_pages+0x357/0xa80
[  163.431049][  T114]  __alloc_pages_direct_compact+0x138/0x590
[  163.438818][  T114]  __alloc_pages_noprof+0xbe6/0x25b0
[  163.440630][  T114]  __folio_alloc_noprof+0x11/0x90
[  163.444555][  T114]  alloc_buddy_hugetlb_folio.isra.0+0xbe/0x330
[  163.454303][  T114]  alloc_fresh_hugetlb_folio+0x14b/0x190
[  163.456981][  T114]  alloc_hugetlb_folio_nodemask+0x14c/0x3c0
[  163.459647][  T114]  hugetlb_mfill_atomic_pte+0xc37/0x17a0
[  163.465113][  T114] 
[  163.466129][  T114] Memory state around the buggy address:
[  163.475453][  T114]  ffff888024a87f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  163.478016][  T114]  ffff888024a87f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  163.480546][  T114] >ffff888024a88000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  163.482974][  T114]                          ^
[  163.488287][  T114]  ffff888024a88080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  163.491305][  T114]  ffff888024a88100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  163.504590][  T114] ==================================================================
[  163.508671][  T114] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  163.516162][  T114] CPU: 2 UID: 0 PID: 114 Comm: kswapd0 Not tainted 6.13.0-rc3-syzkaller-00289-g48f506ad0b68 #0
[  163.525069][  T114] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  163.528616][  T114] Call Trace:
[  163.529518][  T114]  <TASK>
[  163.530317][  T114]  dump_stack_lvl+0x3d/0x1f0
[  163.531584][  T114]  panic+0x71d/0x800
[  163.532638][  T114]  ? mark_held_locks+0x9f/0xe0
[  163.544061][  T114]  ? __pfx_panic+0x10/0x10
[  163.545773][  T114]  ? irqentry_exit+0x3b/0x90
[  163.547696][  T114]  ? lockdep_hardirqs_on+0x7c/0x110
[  163.554063][  T114]  ? check_panic_on_warn+0x1f/0xb0
[  163.555806][  T114]  check_panic_on_warn+0xab/0xb0
[  163.557693][  T114]  end_report+0x117/0x180
[  163.564769][  T114]  kasan_report+0xe9/0x110
[  163.565975][  T114]  ? do_raw_spin_lock+0x271/0x2c0
[  163.567339][  T114]  ? do_raw_spin_lock+0x271/0x2c0
[  163.569380][  T114]  do_raw_spin_lock+0x271/0x2c0
[  163.575321][  T114]  ? rcu_is_watching+0x12/0xc0
[  163.577194][  T114]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  163.584859][  T114]  ? lock_acquire+0x2f/0xb0
[  163.586316][  T114]  ? z3fold_zpool_malloc+0xa78/0x14f0
[  163.588000][  T114]  z3fold_zpool_malloc+0xa78/0x14f0
[  163.594194][  T114]  zswap_store+0xe97/0x25d0
[  163.595662][  T114]  ? __pfx_zswap_store+0x10/0x10
[  163.597280][  T114]  ? swap_swapcount+0x13c/0x220
[  163.598772][  T114]  ? __mutex_unlock_slowpath+0x164/0x690
[  163.600478][  T114]  ? __pfx_swp_swap_info+0x10/0x10
[  163.607655][  T114]  ? __pfx_lock_release+0x10/0x10
[  163.614054][  T114]  swap_writepage+0x3b6/0x1120
[  163.615900][  T114]  shmem_writepage+0xf76/0x1490
[  163.618439][  T114]  ? __pfx_shmem_writepage+0x10/0x10
[  163.625544][  T114]  ? inode_to_bdi+0x9e/0x160
[  163.627937][  T114]  ? folio_clear_dirty_for_io+0x112/0x800
[  163.634887][  T114]  ? lock_acquire.part.0+0x11b/0x380
[  163.637131][  T114]  pageout+0x3b2/0xaa0
[  163.638382][  T114]  ? __pfx_pageout+0x10/0x10
[  163.644372][  T114]  ? __pfx_folio_referenced_one+0x10/0x10
[  163.646124][  T114]  ? __pfx_folio_lock_anon_vma_read+0x10/0x10
[  163.648412][  T114]  ? __pfx_invalid_folio_referenced_vma+0x10/0x10
[  163.654668][  T114]  ? lock_acquire+0x2f/0xb0
[  163.656420][  T114]  ? folio_evictable+0x2e/0x270
[  163.665264][  T114]  shrink_folio_list+0x3025/0x42d0
[  163.666961][  T114]  ? rcu_is_watching+0x12/0xc0
[  163.668585][  T114]  ? __pfx_shrink_folio_list+0x10/0x10
[  163.670306][  T114]  ? isolate_folios+0x1c57/0x3830
[  163.674053][  T114]  ? hlock_class+0x4e/0x130
[  163.677411][  T114]  ? mark_lock+0xb5/0xc60
[  163.678727][  T114]  ? mark_held_locks+0x9f/0xe0
[  163.685344][  T114]  evict_folios+0x6e3/0x19c0
[  163.687932][  T114]  ? do_shrink_slab+0xb2e/0x11c0
[  163.689763][  T114]  ? __pfx_evict_folios+0x10/0x10
[  163.695255][  T114]  ? find_held_lock+0x2d/0x110
[  163.696618][  T114]  ? __pfx___might_resched+0x10/0x10
[  163.705205][  T114]  ? mem_cgroup_get_nr_swap_pages+0x20/0x120
[  163.706976][  T114]  ? sc_swappiness+0xd4/0x190
[  163.708298][  T114]  try_to_shrink_lruvec+0x61e/0xa80
[  163.709682][  T114]  ? find_held_lock+0x2d/0x110
[  163.717676][  T114]  ? __pfx_try_to_shrink_lruvec+0x10/0x10
[  163.719512][  T114]  ? shrink_node+0xbd0/0x3f20
[  163.721441][  T114]  shrink_one+0x3e3/0x7b0
[  163.723091][  T114]  ? shrink_node+0xbd0/0x3f20
[  163.724848][  T114]  shrink_node+0xbf0/0x3f20
[  163.738760][  T114]  ? shrink_node+0x93e/0x3f20
[  163.740928][  T114]  ? __pfx_shrink_node+0x10/0x10
[  163.743297][  T114]  ? __pfx_lock_release+0x10/0x10
[  163.745212][  T114]  ? percpu_ref_put_many.constprop.0+0x1b/0x150
[  163.747389][  T114]  ? balance_pgdat+0xc1f/0x18f0
[  163.758323][  T114]  balance_pgdat+0xc1f/0x18f0
[  163.760741][  T114]  ? __pfx_balance_pgdat+0x10/0x10
[  163.762645][  T114]  ? __pfx___lock_acquire+0x10/0x10
[  163.764427][  T114]  ? __schedule+0xe60/0x5ad0
[  163.765886][  T114]  ? __pfx___lock_acquire+0x10/0x10
[  163.780296][  T114]  ? find_held_lock+0x2d/0x110
[  163.782222][  T114]  ? cgroup_freezing+0x155/0x3d0
[  163.784102][  T114]  kswapd+0x605/0xc00
[  163.785398][  T114]  ? __pfx_kswapd+0x10/0x10
[  163.786965][  T114]  ? __pfx_autoremove_wake_function+0x10/0x10
[  163.788930][  T114]  ? lockdep_hardirqs_on+0x7c/0x110
[  163.790608][  T114]  ? __kthread_parkme+0x148/0x220
[  163.792127][  T114]  ? __pfx_kswapd+0x10/0x10
[  163.793355][  T114]  kthread+0x2c1/0x3a0
[  163.794483][  T114]  ? _raw_spin_unlock_irq+0x23/0x50
[  163.812084][  T114]  ? __pfx_kthread+0x10/0x10
[  163.813925][  T114]  ret_from_fork+0x45/0x80
[  163.816414][  T114]  ? __pfx_kthread+0x10/0x10
[  163.819885][  T114]  ret_from_fork_asm+0x1a/0x30
[  163.821444][  T114]  </TASK>
[  163.824541][  T114] Kernel Offset: disabled
[  163.826137][  T114] Rebooting in 86400 seconds..

VM DIAGNOSIS:
07:49:49  Registers:
info registers vcpu 0

CPU#0
RAX=000000000020a34b RBX=0000000000000000 RCX=ffffffff8b1a3819 RDX=0000000000000000
RSI=ffffffff8b4cd180 RDI=ffffffff8bb16fc0 RBP=fffffbfff1b52ef8 RSP=ffffffff8da07e20
R8 =0000000000000001 R9 =ffffed1005686fed R10=ffff88802b437f6b R11=0000000000000000
R12=0000000000000000 R13=ffffffff8da977c0 R14=ffffffff901ce490 R15=0000000000000000
RIP=ffffffff8b1a4bff RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000020000000 CR3=000000006201e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffff965b7850 RBX=c17efb9758944f67 RCX=ffffffff817560be RDX=ffffffff965b7850
RSI=0000000000000008 RDI=ffffffff969b6d78 RBP=ffffffff96a04340 RSP=ffffc90025a8f4c0
R8 =0000000000000000 R9 =fffffbfff2d36daf R10=ffffffff969b6d7f R11=0000000000000001
R12=0000000000009186 R13=ffff888021b20000 R14=0000000000000004 R15=ffff888021b20b08
RIP=ffffffff81761bfd RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000020000000 CR3=000000006e8f4000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000020000000000 0000000800000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000061 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85142e65 RDI=ffffffff9a6672c0 RBP=ffffffff9a667280 RSP=ffffc900021ae590
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552032203a555043
R12=0000000000000000 R13=0000000000000061 R14=ffffffff85142e00 R15=0000000000000000
RIP=ffffffff85142e8f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000020000000 CR3=00000000670a8000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000087645 RBX=0000000000000003 RCX=ffffffff8b1a3819 RDX=0000000000000000
RSI=ffffffff8b4cd180 RDI=ffffffff8bb16fc0 RBP=ffffed10039df488 RSP=ffffc9000049fe08
R8 =0000000000000001 R9 =ffffed10056e6fed R10=ffff88802b737f6b R11=0000000000000000
R12=0000000000000003 R13=ffff88801cefa440 R14=ffffffff901ce490 R15=0000000000000000
RIP=ffffffff8b1a4bff RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000020000000 CR3=000000006201e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000