last executing test programs:

5.308948393s ago: executing program 0 (id=51):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000004000000000000000000850000002300000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00', r0}, 0x10)
r1 = epoll_create1(0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_SET_FEATURES(r1, 0x40309439, &(0x7f0000000100)={0x0, 0x1, 0x14})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
sendmsg$nl_route_sched(r2, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000001340)=@newtaction={0x494, 0x30, 0x12f, 0x0, 0x0, {}, [{0x480, 0x1, [@m_police={0x47c, 0x1, 0x0, 0x0, {{0xb}, {0x450, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x254b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}}}], [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0xffffffffffffffff}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x494}}, 0x0)
r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SFACILITIES(r4, 0x89e3, &(0x7f0000000180)={0x3f, 0x7ff, 0x5, 0x1000004, 0x800})
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r5, &(0x7f0000000200)={0xa000000a})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000001c0)='ext4_da_update_reserve_space\x00', r0, 0x0, 0x8000}, 0x18)
finit_module(r5, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_ADD_BUFS(r5, 0xc0186416, &(0x7f00000003c0)={0x40, 0x6, 0x6, 0x1000, 0x0, 0x9})
ioctl$F2FS_IOC_MOVE_RANGE(r6, 0x541b, &(0x7f0000000000)={<r7=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={0x0, 0xffffff9c}}, 0x0)
close_range(r7, 0xffffffffffffffff, 0x0)

5.171070194s ago: executing program 0 (id=54):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000180)='ext4_mb_release_group_pa\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x14, r4, 0x1, 0x0, 0x0, {0x5}}, 0x14}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_emit_ethernet(0x0, 0x0, 0x0)
write(r6, &(0x7f0000000300)="4be93ee07894a144cc37418694781310a3f8b5c6c111092f71770a41c3dce5fa69d1e47a7c080776c7a410ac49e162de92aecd2c850307d4a509b95075195e1a574d740c9eb5d3bd525ed5a4f53814a9e47f4a22c99534484931ad42dfbab8ae8041a62b4d1bd49e34d097df53c9528da22a8dbee501d14e14c997e09ebca889f81d5f86146334160924770d1258938a4bd60692de3987a1fbcc43c275f7c84deca951", 0xa3)
socket$nl_generic(0x11, 0x3, 0x10)
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r7, 0x100000000)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f00000001c0)={{@host}, @host, 0x0, 0x0, 0x2449})
socket$pppoe(0x18, 0x1, 0x0)

4.211444883s ago: executing program 0 (id=57):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000004000000000000000000850000002300000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00', r0}, 0x10)
r1 = epoll_create1(0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_SET_FEATURES(r1, 0x40309439, &(0x7f0000000100)={0x0, 0x1, 0x14})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
sendmsg$nl_route_sched(r2, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000001340)=@newtaction={0x494, 0x30, 0x12f, 0x0, 0x0, {}, [{0x480, 0x1, [@m_police={0x47c, 0x1, 0x0, 0x0, {{0xb}, {0x450, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x254b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}}}], [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0xffffffffffffffff}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x494}}, 0x0)
r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SFACILITIES(r4, 0x89e3, &(0x7f0000000180)={0x3f, 0x7ff, 0x5, 0x1000004, 0x800})
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r5, &(0x7f0000000200)={0xa000000a})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000001c0)='ext4_da_update_reserve_space\x00', r0, 0x0, 0x8000}, 0x18)
finit_module(r5, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_ADD_BUFS(r5, 0xc0186416, &(0x7f00000003c0)={0x40, 0x6, 0x6, 0x1000, 0x0, 0x9})
ioctl$F2FS_IOC_MOVE_RANGE(r6, 0x541b, &(0x7f0000000000)={<r7=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={0x0, 0xffffff9c}}, 0x0)
close_range(r7, 0xffffffffffffffff, 0x0)

4.070826728s ago: executing program 0 (id=58):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000004000000000000000000850000002300000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00', r0}, 0x10)
r1 = epoll_create1(0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ioctl$BTRFS_IOC_SET_FEATURES(r1, 0x40309439, &(0x7f0000000100)={0x0, 0x1, 0x14})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000001340)=@newtaction={0x494, 0x30, 0x12f, 0x0, 0x0, {}, [{0x480, 0x1, [@m_police={0x47c, 0x1, 0x0, 0x0, {{0xb}, {0x450, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x254b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}}}], [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0xffffffffffffffff}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x494}}, 0x0)
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SFACILITIES(r3, 0x89e3, &(0x7f0000000180)={0x3f, 0x7ff, 0x5, 0x1000004, 0x800})
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r4, &(0x7f0000000200)={0xa000000a})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000001c0)='ext4_da_update_reserve_space\x00', r0, 0x0, 0x8000}, 0x18)
finit_module(r4, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff})
ioctl$DRM_IOCTL_ADD_BUFS(r4, 0xc0186416, &(0x7f00000003c0)={0x40, 0x6, 0x6, 0x1000, 0x0, 0x9})
ioctl$F2FS_IOC_MOVE_RANGE(r5, 0x541b, &(0x7f0000000000)={<r6=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={0x0, 0xffffff9c}}, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)

3.924006084s ago: executing program 0 (id=67):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$kcm(0x10, 0x400000002, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000500), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x0)
ioctl$CEC_RECEIVE(r4, 0xc0386106, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '&\x00', 0x0, 0x0, 0xfd, 0x0, 0x1})
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
listen(0xffffffffffffffff, 0x0)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r6, 0x0, 0x0, 0x801, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180))
r7 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
syz_usb_control_io$printer(r7, 0x0, &(0x7f0000000ac0)={0x1c, &(0x7f0000000900)=ANY=[@ANYBLOB="400700000400"], 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000040)={[{0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, {0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0xfd, 0x1ff}, {0x6, 0x3, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x5}], 0x2})
r8 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r8, 0xc0145b0d, &(0x7f0000000040))
close_range(0xffffffffffffffff, r2, 0x0)
recvmsg$kcm(r1, &(0x7f0000006480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000014c0)=""/4089, 0xff9}, {&(0x7f00000008c0)=""/200, 0xc8}, {&(0x7f00000024c0)=""/4096, 0x1000}, {&(0x7f0000000a00)=""/97, 0x61}, {&(0x7f0000000b80)=""/80, 0x50}, {&(0x7f0000000340)=""/44, 0x2c}], 0x6}, 0x0)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029ea69801d76ab0a272a2a788bab6c95f79", 0x19}], 0x1}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c0001000000000000000000070000", @ANYRES32=r9, @ANYBLOB="0000020000"], 0x28}}, 0x0)

3.671714047s ago: executing program 3 (id=61):
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000000300)=""/102400, 0x19000)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x7d, &(0x7f0000019340), 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r2, &(0x7f0000000200), 0x10)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x881f}, &(0x7f0000019300), 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
pipe2(&(0x7f0000000240), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f00000083c0)={{0x1}})
readv(r3, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x4000}})
mount$9p_fd(0x0, &(0x7f00000005c0)='./file0/file0/file0/file0/file0\x00', 0x0, 0x800040, 0x0)
umount2(&(0x7f0000000180)='./file0/file0/file0/file0/file0\x00', 0x0)
read$FUSE(r5, &(0x7f00000021c0)={0x2020}, 0x2020)
syz_fuse_handle_req(r5, 0x0, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)

2.98078631s ago: executing program 1 (id=63):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000180)='ext4_mb_release_group_pa\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_emit_ethernet(0x0, 0x0, 0x0)
socket$nl_generic(0x11, 0x3, 0x10)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r5, 0x1aa)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f00000001c0)={{@host}, @host, 0x0, 0x0, 0x2449})
socket$pppoe(0x18, 0x1, 0x0)

2.110479232s ago: executing program 1 (id=64):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="450000000000000000000f"], 0x68}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newtfilter={0x44, 0x2c, 0x10, 0xd, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0x6, 0x6}, {0x3, 0x9}, {0x0, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_FLAGS_GEN={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}]}}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x18}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r1, @ANYBLOB="020000000000800080001200080001007674693674"], 0xa0}}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x400000000000235, 0x0)

2.031648703s ago: executing program 1 (id=65):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000004000000000000000000850000002300000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ioctl$BTRFS_IOC_SET_FEATURES(0xffffffffffffffff, 0x40309439, &(0x7f0000000100)={0x0, 0x1, 0x14})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
sendmsg$nl_route_sched(r1, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000001340)=@newtaction={0x494, 0x30, 0x12f, 0x0, 0x0, {}, [{0x480, 0x1, [@m_police={0x47c, 0x1, 0x0, 0x0, {{0xb}, {0x450, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x254b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}}}], [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0xffffffffffffffff}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x494}}, 0x0)
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SFACILITIES(r3, 0x89e3, &(0x7f0000000180)={0x3f, 0x7ff, 0x5, 0x1000004, 0x800})
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r4, &(0x7f0000000200)={0xa000000a})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000001c0)='ext4_da_update_reserve_space\x00', r0, 0x0, 0x8000}, 0x18)
finit_module(r4, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff})
ioctl$DRM_IOCTL_ADD_BUFS(r4, 0xc0186416, &(0x7f00000003c0)={0x40, 0x6, 0x6, 0x1000, 0x0, 0x9})
ioctl$F2FS_IOC_MOVE_RANGE(r5, 0x541b, &(0x7f0000000000)={<r6=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={0x0, 0xffffff9c}}, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)

2.002660813s ago: executing program 1 (id=66):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x169802, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r2=>r1, {0xee00, 0xee01}}, './file0/file0\x00'})
write$binfmt_script(r2, &(0x7f0000001100)={'#! ', './file0/file0', [{0x20, 'Q\x84\xf6ui\xfa\xf5\x16i\x859o\xe5\x13\xd5gV\x04@\x98\xb0\bQ+\xe2G\xa1\x1e\x01\xa9\xd6w\xdf\xa6\x9d\xcc<\x86\xfd\x18\x99\x19\xed\xc2\xdc\xf4\xbdV\xfeF)T\xb6\xc6\v`\xbf\xec2\xf5\x12R\xa1\x18\x9a<\x8fx\xf4\xcc\x18\xfc\xdb\x0e\xe7\xde^\x88vN\xe0\xe4P\x1dj\xd6&7\x7f\xe82\x92w\x12\t\xff\x19$\x93\xd5\xa4\xe2}\x9aA9p\xffk0\x8c\xc3\xae[n1\xb4\xd7\xe6\xa4\xc2\x86M\x83\x1d\xd7\x84\xa4\x85n(\xd3\x95\x82\xe0\xff\x89=\xe6\xceM\x12'}, {0x20, '/dev/nullb0\x00'}, {0x20, '+{[{#P\x80P\xc8Z\xc6\x19?\x8f\xbf\xbde\xfa\xd3en\xe8\xbeN]`\x1f\x895\x1e\x8d\x9dz\xdc\xf1\xaa\xbau\f\xbaSw4\xf2s(}\xebo\x9d\r \x13}\"wS\xe1\\\x19\xcb\x8b\xfa,V\xa0\xd8\xb2\xb9\x12\xc6w01\x90%\xb7?\xee'}, {0x20, '\t\x00\x00\x00\x00\x00\x00\x00\xb2%}\x88\xd0\xfd\xa3\xf7i\x00!\x00J\xd1\xa7\xb1\xb1\xae\x1b\xb4\xf2\x985\xe6M5Px\xbe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd9\x8c\xa8S\x1eO\x8f\xd9kY\x89\xf2\xccW\xbf\xa0\xd2UT\x10 n<\xf3\n\x9c\xa1P\xfa\x89-\f\x05\x97\x19BTT/C\xfc'}, {0x20, '~\x05\x82\xb9\x996.\xb9\x98Zla\x03\xcc\x894\xa6\xcb\b\xfd\xdc\xfa\xaa\x9d\xa1\xcc\xe0\xa8S\xf0\b!x\bj)\x87\xeb\xc8\xca\x1aH\x9e\x06\xbe\x1cJ\x91f\x0f\xa4H\xbe\x02\xdac\x85\xee\x9c#\x10\\\x01.\t:\xf22o\',H\x12$\xd3\x00Nj\xa4Q\xeeM\xd9)S\xb9\xa0\xed\xb9\xb6\x9d\xb8U?c\x11\x06\x00]\xd0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc7\v\xf0\x86\xf7\xa5\x9e\x96\xba\x90\x8e\xff\xc5\xdf_\xec\xef*-P\x102q&R\x925\xff\xff\xff\xff\xff\xff\xff@\x13\xde\xf7\xba\xa0\xab\xd7\xf3\xdb\xae\x991C\n\xfej</\xbcK\xcb4\x1ep\xe0\x91\x1d\xe9\xfe\xc9\xdc\xd9n5\xcd\x8d\x15\xa37\xaf\x8f6\xda\xa4\xbc\x1e;\x1c\bQF\xb27\xe2a\x8eM{\x92\x10\x01;\xb5\xef\x95\xd5#v\x11\xdd\xd6YkjI\xe6\x195\xaa\xda\x1d\xf30'}]}, 0x23e)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
ioctl$BLKRRPART(r0, 0x125f, 0x0)

1.943807921s ago: executing program 1 (id=68):
socket$nl_sock_diag(0x10, 0x3, 0x4)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
socket$inet6(0xa, 0x1, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=r0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f000000060027"], 0x6c}}, 0x840)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = io_uring_setup(0x6ddd, &(0x7f00000002c0))
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r2, 0xd, &(0x7f0000000140)={0x7, 0x0, 0x0, 0x0}, 0x20)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r2, 0xe, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x0, 0x1}, 0x20)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='fdinfo/3\x00')
pread64(r3, &(0x7f0000000300)=""/246, 0xf6, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)
ioctl$sock_SIOCBRDELBR(r1, 0x89a2, &(0x7f0000000000)='bridge0\x00')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x10000000, 0x0, 0x0, 0x2}}, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
syz_emit_ethernet(0x9a, &(0x7f0000000100)=ANY=[@ANYBLOB="0180c2000000aa"], 0x0)

1.940770639s ago: executing program 2 (id=69):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000300)='kvm_fpu\x00', r2}, 0x10)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x9}, [@generic={0xeb, 0xe, 0x4, 0x3, 0x2}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0xffff4611}, @alu={0x7, 0x1, 0x2, 0x4, 0x0, 0x4, 0xfffffffffffffffc}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f00000001c0)='GPL\x00', 0x4, 0xe4, &(0x7f00000004c0)=""/228, 0x41000, 0x2a, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000380)={0x2, 0x3}, 0x8, 0x10, &(0x7f00000003c0)={0x3, 0x10, 0xae1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000400)=[r0, r0, r1, r0, r1, r1, r1, r0, r1], 0x0, 0x10, 0x7, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='kvm_fpu\x00', r2}, 0x18)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ftruncate(r0, 0x7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000003, 0x12, r0, 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
write$binfmt_script(r6, &(0x7f0000000200), 0xfecc)

1.848993505s ago: executing program 1 (id=70):
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0xf6ffffff, &(0x7f0000000300)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])

1.771829461s ago: executing program 2 (id=71):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000000)=0xe, 0x4)
ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000040)={'caif0\x00', {0x2, 0x0, @empty}})
ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, &(0x7f0000000080)=@null)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x9, 0xff, 0x6, 0x3}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000140)={0x0, <r2=>0x0})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$AUTOFS_DEV_IOCTL_READY(r1, 0xc0189376, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r4=>r1, {0x8}}, './file0\x00'})
ioctl$SIOCGIFMTU(r4, 0x8921, &(0x7f0000000200)={'pimreg\x00'})
r5 = syz_open_procfs(r2, &(0x7f0000000240)='statm\x00')
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={r4, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000280)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x7, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x80, &(0x7f0000000340)=[{}, {}], 0x10, 0x10, &(0x7f0000000380), &(0x7f00000003c0), 0x8, 0xf2, 0x8, 0x8, &(0x7f0000000400)}}, 0x10)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r5, 0xc0189374, &(0x7f0000000580)={{0x1, 0x1, 0x18, <r6=>r3, {0x8}}, './file0\x00'})
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r6, 0xc2c45512, &(0x7f00000005c0)={{0x9, 0x4, 0x4, 0x2, '\x00', 0xbc}, 0x0, [0x101, 0xfffffffe, 0x0, 0xfff, 0x3, 0x7, 0x10, 0x7, 0xe9a0, 0x7, 0x3, 0x4, 0x10, 0x4c2588f9, 0xda, 0x8, 0x6352, 0xce, 0x6, 0x0, 0x9, 0x482, 0x2, 0x5, 0x3, 0xc, 0x0, 0x14, 0x0, 0x1c000000, 0x100, 0x3, 0x2963, 0xd, 0x2, 0x44, 0x7, 0x6, 0x3ff, 0x2, 0x5, 0x9, 0x7fffffff, 0x7f, 0x3, 0x0, 0x30, 0x2, 0x3, 0x0, 0x1, 0x4, 0x1, 0x80, 0x1, 0xc, 0x4, 0x2, 0xffffff80, 0x38, 0x5, 0x1d316ed3, 0xfffffff7, 0x38bf, 0x1, 0xde2e, 0x80000000, 0x5, 0x4, 0x9, 0xc, 0x5, 0x3d, 0xc4, 0x1, 0xffffffff, 0x7ff, 0x7, 0x5, 0x1, 0x3, 0x4, 0x4, 0xf1, 0x2, 0x0, 0x80000000, 0xb57c, 0x3, 0x3, 0x5, 0x5, 0xa0, 0x4, 0x2, 0x7, 0x376, 0x9, 0x9, 0x9, 0x9, 0x3, 0x0, 0xc3, 0x2, 0x233, 0x1000, 0x9, 0x99dc, 0xab, 0x7, 0x7, 0x2, 0x185d, 0x9, 0x80, 0xfffffff9, 0xe, 0x3, 0x589, 0xc557, 0x1, 0x9, 0xffff8001, 0x5, 0x3, 0x80000001, 0x1]})
r7 = socket(0xf, 0x6, 0x80000000)
setsockopt$MRT_ADD_MFC(r7, 0x0, 0xcc, &(0x7f00000008c0)={@broadcast, @loopback, 0x0, "ee4d7099f4023acee794845db2f24cc85ec4711d03033936910725db4a341288", 0x5, 0x2, 0x22, 0xc37}, 0x3c)
pidfd_getfd(r4, r0, 0x0)
r8 = openat$sw_sync_info(0xffffff9c, &(0x7f0000000900), 0x244002, 0x0)
ioctl$LOOP_CTL_GET_FREE(r8, 0x4c82)
r9 = accept4$inet(r8, &(0x7f0000000940)={0x2, 0x0, @multicast2}, &(0x7f0000000980)=0x10, 0x80800)
ioctl$AUTOFS_IOC_PROTOSUBVER(r9, 0x80049367, &(0x7f00000009c0))
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r8, 0xf503, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r9, 0x84, 0x7c, &(0x7f0000000a00)={<r10=>0x0, 0x3, 0x2}, &(0x7f0000000a40)=0x8)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r8, 0x84, 0x6d, &(0x7f0000000a80)={r10, 0xe0, "90e423277bdd632ba9483ad6ef399fc0e20465b2e36f69dfd4829962341240733b626a008006ee46dd741cf8a1f6f6f5a3d8c992cdbfd83f4dedbe2c62dc1d06553c871a0e6155c03652d51eb0be520adaf36a8d96891d037906792fa4db101a3eb825675edd36439b652699762498e2419c671791272c4cda489d6869e9c24057378d9d447832e8d1f1996f13bfba66d80a5902cf171c1b24a68b168ae3518923c77d2b749f74f7fbff9c3240db56bba159a35062e3d56bf8d576a0e24d668d21115932195d20b36379875c3dc1a430f0921afa804fde620e18fd9551ad3460"}, &(0x7f0000000b80)=0xe8)
mkdir(&(0x7f0000000bc0)='./file0\x00', 0x7c)
fcntl$setownex(r5, 0xf, &(0x7f0000000c00)={0x2, r2})
r11 = openat$ndctl0(0xffffff9c, &(0x7f0000000c40), 0x8000, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000d80)={&(0x7f0000000c80)=[0x0, 0x0, <r12=>0x0], &(0x7f0000000cc0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000d00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000d40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x3, 0x8, 0x6, 0xa})
ioctl$DRM_IOCTL_MODE_GETFB2(r11, 0xc06464ce, &(0x7f0000000dc0)={r12, 0x7f, 0x8, 0x1ff, 0x2, [], [0x5, 0x8, 0xebb7, 0x4], [0x3, 0x4, 0x0, 0x7], [0x1000, 0xb1, 0x6, 0x3]})
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000e40)=0x4)

1.721928472s ago: executing program 2 (id=72):
syz_usb_connect_ath9k(0x3, 0x0, 0x0, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42032, 0xffffffffffffffff, 0x0)
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200))
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc020660b, &(0x7f00000003c0)={0x0, 0x2})
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}]}, 0x4c}}, 0x0)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000002900)={0x0, 0x0, &(0x7f00000028c0)={&(0x7f0000002840)={0x1c, 0x4, 0x6, 0x801, 0x0, 0x1f000000, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)

1.671645467s ago: executing program 3 (id=73):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r4)
write$tun(r4, &(0x7f0000000640)=ANY=[@ANYBLOB="00006007ab00ff09998488cac870e074fea9ed569a64718eaa2dc9d48220a94469e85b5b437e4a5e027dfee6cacce1cdcba77d048b25beafc946703239127be4ed46ae7c6f47f22ab889027a203486949798398701cfaa62ca1c9306556af433cafb1ee1fc657412944d2076abcc40f486e12a23a11363b882cb17959080c41fedb6052e65a27a8d8404e227a8ba86aa00b1000d5db15c9e04dc33"], 0x15f)
socket(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = getpid()
process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000001880)='numa_maps\x00')
pread64(r6, &(0x7f0000000880)=""/4096, 0x1000, 0x0)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r7 = inotify_init1(0x0)
fcntl$setown(r7, 0x8, 0xffffffffffffffff)
fcntl$getownex(r7, 0x10, &(0x7f0000000140)={0x0, <r8=>0x0})
r9 = syz_open_procfs(r8, &(0x7f0000000600)='fd/4\x00')
ioctl$FS_IOC_SETFLAGS(r9, 0x40086602, &(0x7f0000000380)=0x85000)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0)
r10 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@getstat={0xe0, 0x15, 0x0, 0x0, 0x0, {{'digest_null-generic\x00'}}}, 0xe0}}, 0x0)
sendmsg$nl_crypto(r10, &(0x7f00000001c0)={0x0, 0x48, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="f0000000120003"], 0xf0}}, 0x3f00)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c00000010000304000000010000000000007400", @ANYRES32=r3, @ANYBLOB="00000000031201002c0012800b00010062726964676500001c0002800500190007000000080005"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r12 = dup(r11)
ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)

1.229509709s ago: executing program 3 (id=74):
mknod$loop(&(0x7f00000017c0)='./file0\x00', 0x8, 0x1)
mount(&(0x7f0000000000)=@sr0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='romfs\x00', 0xf9fd, 0x0)

1.22890148s ago: executing program 3 (id=75):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
keyctl$join(0x1, &(0x7f0000000700)={'syz', 0x2})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, 0x0, 0x4ca)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='cdg\x00', 0x9)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000010000000000000"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000073000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffddd, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='mm_page_free_batched\x00', r1}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0)
pselect6(0x0, 0x0, &(0x7f0000000200)={0x9, 0xbdd, 0x8001, 0x40, 0x0, 0x5, 0x585}, &(0x7f0000000240)={0x1917, 0x2, 0x3ff, 0xff, 0x6, 0x3}, &(0x7f0000000280)={0x77359400}, &(0x7f0000000340)={&(0x7f0000000300)={[0x1, 0x8]}, 0x8})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000c428681d22ddc6347989726d000000070000000900010073797a30000000003c00b4a9fb11fe8bb325107fcbaf9d820000090a000000000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000005c0003805800008054000b805000018008000100667764004400028008000340000000000800024000000000080003400000000008000340000000000800034000000002080002400000000008000140000000000010000100000000fd3dcc88b5aca646a9f827477e8ae6f55a20de8edf1f1c2a0816ec2a04e834e19ba9f909b6e1ef4a671d608c8bacfe2b6d477a52acd81c46a1673c00"/340], 0x10c}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000500), 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x4, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000180)={&(0x7f0000000540)="ebeeb39297527fda8085b02fb8a58aaac4d4c0fb259777bd42139b07105601d1ad24c6d9c2563854569dfa8db64fc37aeb483e1a631282e8f784b4d9cb51a3c7f5b9e4e83c00bbf0bc3dc7257d2991f50b66ef5ad0497c6f3dffc5e54bde8a9f428e0daa7ecf2113ce7f400ba04635bd6f470c42a6fe34392449653cdb1395f5adab2eb26df20110fb1002a5dd3de1c9314da2174e0dcfc1f0528366fb37281ed4bd44e4e3b5c282b1a480bf11868ad3d3c3d994ca9c482e6916cfd6b9e6e05666264ce088", &(0x7f0000000080)=""/65, 0x0, 0x0, 0x6, r3, 0x4}, 0x38)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
gettid()
socket$inet(0x2, 0x3, 0x2)
ioperm(0x0, 0x0, 0x3f)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r4 = openat$procfs(0xffffff9c, 0x0, 0x0, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_RW(r4, 0x118, 0x0, 0x0, 0x0)
symlink(&(0x7f0000000000)='./file1\x00', 0x0)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_GET(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000880)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01000000000000000000250000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000000000085396d86033eebb3c66a2bd1317a5085b1d1f68c2d853854db6aea9185f457c97dcb779cf900cc84f3ead0bdf936e2a1c5fe6b0c70fc98ee41269ac1bdda717d52094598e8282df1840caad05451f571de527a5ecb83e63604f43148c1ae2a9ca8a68dff2aa8fe3c5894a643b9c291344a9ddb61412b0c2540b53690466aee0996fdf8d8670a108929432f1f7b3c543cc828110210641a", @ANYBLOB="33d670d9aa5d8ab3fdd34c3723b1a84a47f4f0cbc914c93b342b65592e8fe7d10d8cfa999df0c91349b300edc8cdb174f1b8207809015c20e12ee5b3654de62ef86c70e7fc558f1a9ac4479348b64b9a406d174202d380ac5300d291734697c93a20a5be76b929249116d50c77b880664129faa001c7b1467b8f88a518f7f782852a9c913eac65fae86d77154a9d03a807413bcd435df6ebf9468bfa7fc4aecfb3cc8f26ba2cd5304626b677ed98dd57536f7ab998bd5f08920a949471adc12b43f8e0d08ebea782b6d7c93eacf300244f31e716f610f8217fc68152be14b6f3296308156ef399841adb6a2f2ab3f015f08e39d28db6c6fc239b0f7de4eeea3185148ee929187c888d4d09e8b4bb5ffd5332f32559d316fca116a070b5f8c016a611a6402c7dac2dae955fecb16b51ec809f46eedc050035f1bb37ff60b6cdbfb9c12b601c99ebd48f4f28d2aa70c4cb13589304ed98c81728a8c850f4627312f42678a3ab36dbaa9333c77828eb2ba90a87f890bceae03bb6923ed454dbc3a98e67e78f81e4c4b8c567c5f18b028445ce3afb8a9f2c056c5f76dd6e8f5e87b3aca63c42394b5ace6af02cbd31fa434192a33bbbe26b309bb580943d7a2c83901ebe9a4cea120ee5b9630021c2f6e51506ade2725683167100824f6537adc085183901a50f2cf29ae77e328dc2bbaca53450fecad3496416d62321031752e0e29afc3909269fab38db76166e4867d421357a46d7aad742193034da09135cba9b56e7d936df1c654a473ef102b2e004e6575c473686966cb5c4ac8d3854bc7cdb16c4cf6669195a3dfd19cd390fc5d1cff5fac8941f040f9e58b4cf3a83f506f8a184323e61784cc5eb74e0eb019cadba07e4f241b875710fd5f88df60810bc38350420958086fd2aeeb78006a2054fb462aedff090de05a5e6ab1a2a3e71307db13f22f7df2f46a031a70a2625daf9c721c3e93f15baf8adce3c829f04c8c47d613762b1750b90c1b18b8c0cf6fb92c4ba195e9b149c598a7542091918ba796b40a33e201ebc7dffde779799033b56c7c7530644020518ece07378b152708a6071c376b8f6a879ab3d8d9b0e9bf4aa345115b6d1c785a73e42700b871b0a921819164bd495525af9f0fa7287fc138009cc3efdcf47d73ee511c990b01668d32e495f71b52a1f1a86912edbb8eb45d26d694f965c1d2f167ed80d97b127faf657e483e4f1ac9c8d9deb619d83f6e2f3592b94aa8b127775eddc8ce595e3c2b353cbad241ebe65a220a435e53f625afd3dd87cf2fc9b81bbefe625b6e0bd6fc409768e0efc897cb295f50f7ec59a033c44d645440f8fa7476f48f9f7fe8898ededee99679575f0648be195b5aa8a2f71ce055ac71f9c55474653ef60e0e7b9a4202ba1a8e080d8541ef23a33941b9dff48a53b2dde4d2328dd76bce527f88aee026e03963f905cd382dc0d30aaac95b11c04ac7f592326432f2bd1ca153a1e85c9f2ec61a0e4d66a61a24291cd7e012098c6fc88a157acc35a7b4060aa35bc999942cee30cfc397225634356526bc30e087e472944fe8e35f1a9b232f30bcc276d6aa259bdfbc867f1f4ef7ce018fc1b2cd22a5a8ec9efb5bdd2c66ab0e0b07e494004cb89a877c2bc2bce8e9876e8a80ab013e4abb42a1b66cc326d39fbdf351301a8e35c15f5beb909b35fc6a58f3fba033e222e00991b0b49c44901bba1fbdec80884a687db6d32e329e4f99b3553f4d2e0db200ae7003a836e8cbdbb4768a7d325ef47a5998035fed3f602e5376e07ce0a9239be867e3ac90d6572064c1ab187c7320d0e94c45a8580e20b01f15210c65742abf9880aa1bf5ead347270131353665ef464b3e7f5bab7dec110cce23fe25188753c3d60dfa3ab5caa87f76c603c051ca75ed5aba2d113d963e58c8460ec4912e61214265298dcf5a9c3f5237fccf4ff20ed7839737e44c0cde8b600798220742042a306a961ff7797eaaa1435431dfff0e123e9a6b8444e67c461ba4b873dd41260e65dd386bb7ea4014a16f16922c80ecbcfb0ac95a8eb587ece4c9f639805008c2b7397c6a06487c09be7233ee730cfcb8d37076ce64840e3aefa26727294961dfcc949bec9bec8bc4e891fa2f6fe9985ac08a56f69adee18b9844023c6218bc96189665bb4b3b471aa40e596dd071bb6711b734947d300764390f0f7ccd7c2b455030d537d7f6ba3eedf40a92eecb89c5e13eb3774093764e43f186d1b85fa4aabfa3be41a98c67bb5ed0de18b31084e915c531ad7407847873f129b69e36acb87b2215eb73ad2eed48ef2648389a243e6960360c986a13e7512272c4b4d234630a76445495afbeb6d7ff366e4c058f7ad04a8ecf2cdf5990a43da31cbbf569ca57d64e618ef84235dfafd196b4ad04cd30cc016dc0eea670f5394399367c79d00c05a5ec79bf624a63bb642bc5601c8f41c688643807d83dcc8b94e9976f9be814b0aced69628f161f73a2b3dfb3c0edfb9f4174c6135b16458393287a2b3c4a013d5d8dca2a9cd4dcc86e807233780871a921aba7b5844b1654324b80c07b5d17c643893488ea1712159f87b725e9e2287e73638771aa0f7e3b121844ef7a09d999759c332c57fcc8b133d5d622b94cae1f80edb1c7efde9bdbb1873c4f08fcdcc26607f4946c46138c7d9cd76f1fe8fe137a241c33cc440e4554aa62e832b4d8755610dfef9125188658d8b3fb2d62e26611c230a6bc8ceac6244ee5afd95578da854499c54ec066a80e04e731d2c47484f78c07bd410a8bee7462b515de47225a59d0b85d1e08b8f1f8938b45440d6743e9f1f9583ac251fbed6b6dd98a4cf9e7d67fedb6b2798110bd74d89571ca727034e1d3d5b89abac7f78ff4f5c236bb340b096f1627fc855c25bfb966d83744ca87dc33421771aed301fed07af62f31fe1327e413cf42cd5a32b5488d795edd8e84b81d42c3d9b9893cb8c12905b676c45b0f40133692a1686a8201ed4a3a842080107b14a7e030dafd95fe82c8c1d313cadc28f8e283dcf53991f8e7a62aa41166e337fbf8954522f93b0902b46029c34b521ac662ba4818e83365fcbe13f39bfca6b4562dd516af58113868a5ed0690a7cb4e98521b5db8eed76f7a98ff1aaa87f94c1e4dc2c1805e9c3b83ea5de69a707b29369a99f9b226ad0ce95437b75866e23adc447f2b2bc6bd75bfa85e73bb988fa1a80f12c1885a2970ed446a8788b7035f374756b7343d796a426fd9a0c0e1c3ea161b984a9c6eac3cf9b2f2f2cc91cbf805972d25c8e56c3c3336e43cfab7019b959c7b3d02fec75efd0a47f5ca624b3fcc518bce5233ca14e4659e0f7a7bfe2aac58e34d6c3d1c7c92070155c8492122ab297c164490d4ad3e274b67e1ae5a4b17f974b89f6b7fd9668b3a7b04bf7281bd43f8d81f30ca527444cde0f7aaab7c22031abad4aab060f2e4ecde9d26c2c3b4d5e0e55a213d22dff687bd79382fc31c42f6964a853e33e1a5440c878e69833e66fde71f401b26786765b180b27c8da854614f3f1d360b5b7cd86160be8caee58aa8df5e5c99953f9e3cbd1d7936d1dbf16cf583f47ab893229ab4958dc9265e24e9e8e5d73fc95a42cd450ccd40d89df7ae0eb53914ab4d06e45ea84ce9813b20a776bf0f13c20b40e55d4c9d5a29160e402f2e6c70a17030ae2826fca059c667ee771a7e6c90e93a042fdc3a4001e235e2ac8bc70c6f96aee80e446c4fc3d34713bb44fc22124ec8c23550c1a8475a97aed84c044a4b85657c15ffbdd1ac52999847ba8e4beacf95cd389e3ca396410001531ac47947dbc3225c75afb7ee3ffbcc93e79d7bd966b95ba139ac76d5fa5777495fec231a6d1a8ab83d89a3446b0c73c193e073b0fca38867c763b76275c243e320a13902cc931b871863fa78764da984487a2638bfbb969bbcb2c94311afc2b1c781c286535381c8b9b43d8d0fa1180c5d953cd35e80293b6c50dc61887982a2c7cd46ba52596d67ccf6096f1650c93e5d5174a8859aed7ecf1376202bc51a599d6c0bfd1642f83dc43ed8367d85297be5dbd23059deb469b0a69e5868d92966c133ff49e543c18ce6df89774948fd16d9f5314ecf705fb8f0184665ef6b81b019e1292bd541bb9ed72cc9bdee87cd77cda8308d7269a266dcf1497738cdc6ab4681dd38f5179b87aae97c6fe7dcde6386d4e95dbd69d29cc863da5437134928d1041a0de0680f23ea6acf120f666dbbea24996141b8826c6687c4cb4defb5033d03b9ea4c371e9d1749e574a67e9a5313eb03bd478a841321b3d01c8b90f88e3ef8db192dac9a33c27f868e18f2952ce2f4b4a28cdb00faf0d97749cff64762818bd91e88a28cb0c9c5e40ad8765091e2d2e3bf11c80aee2a4983b1c377aff84b935cc0256dfc5e2d5bc26baac49468a626f14b9b430005b6fb00b427da7abd7060947552e48349e789dcfc8d52c20f3e010d599ca298de5a27a8277ef747b25ffe907e55b3cef805e999718686d240bf2da3346cbaaf083c2155dfcc3ea6ebd43e59b0be2091d9638d5b1fdf1744d129a322b662f93767c1eaeb5ea5ca795a3a9344800ca57827090837ad9b5ace8e25031668d6b2ad6fe592b229a9be3eb9c034601ed6bdce822a48241754e6377f9178ee8980197fbcc9cad03674b7c1b5278d32ef7069d709c2e9a200184824e01bbad241c2894dd3d0395570d5904be509161f11bd07934e74a42dd24633c7db53053cd5b2110a5414712859cd1c6981432bd5b0522d4f234214c20a0f6cfbf87271cc1c8bcc09a910f69ed40b6d866bfa68ad449f1d1bb9c9f47800654fe6c842ad43e2f58c1fff9ab3eb55660ff589dc74bb6fa2fa1a55c46386ce8848259513c497261933229e1b7c09b54690d07faccb2ac98764f863471457c354e5aa8cc7a67ea38f628a427ff1d5b3f8f88e161528fd080a34861e475b623497a2e1534f6be203f05c6e683f4f6e27192d0ad87f4e2efbaa8241749caf4090a17725fc61f0b1e27889249b8373bf6ce51b917e017ea1e3911ba11a96363ab813531b489a00eaf0495306af6d9d3de923517105f435b8b2b9d1ad384eaf4b64d7435c3619928750ca4f73f9d6497f7bb20b46f4df0cef791cd0ae219e09e5dec8677f7d7c56d91d4ad64060e722314d9b07eb3ae14d8ae9b915ffcc289774b7d6909a7950af0b3a2fa0181c93313e4806aca268541bbbcc85824cd9b57ecec3dbc6a1e85cb033dd27bdd834af58154a36383071286094cc8415915fe9dde7a479eb0986969e06b61c877abf5e57c88fadcfa31aed6c1bc18812bc61dc5cfe6306bb07cc27227289baa302d045ff82e12bef653141efea37c7bf546451c8c0f4adfb6dca0622829ba6599a7da5e28f0ccf58630a3abba170031a528818de939e7429fccb21343514ecd87363057194e0828cad45ebde90f795c17a0fb7a53ad933f1df96091a9e9f75574182caf0d8f51315fd1c6a79a15e1e98c1ae420a50c451f98ae86dcd966f928c8d77ec6e406a868a1ca70aaf36598721d0035a89224995cff806e5c39f5d6306f9cff58e085a482275938f6fc0c831c2fe8cc0b113847bce77f56d80f16ded9fd6615aedd88be03557e5142270860a76e12a59615224b73220b2e2f48d10888dbeb24688b1e312004703ef43e2a5d3283134a3d6682dcf8497e5b8314f115da8024725c7b264630c34e430e2822573c508c733dcbe1b2951747905e905f37aea5d6fe05b8e17858e6b0a8530ec09f0aebce1920db5d3f279d52aa0a95f30e29d5cc289fe828c96f24011e41"], 0x3c}}, 0x0)

1.161243421s ago: executing program 2 (id=76):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c) (async)
setsockopt$inet6_int(r0, 0x29, 0x46, 0x0, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x20008805, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) (async)
r2 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r2, &(0x7f0000000140)="1ba0000016001d0d89fdc5cbdd045798707bed4dca141a780f0f8e", 0xff3b, 0x0, 0x0, 0x0)
recvfrom$inet6(0xffffffffffffffff, &(0x7f0000000200)=""/44, 0x2c, 0x1020, 0x0, 0x0) (async)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_FREE_STREAMS(r3, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="020023031000070060000000"])
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000a00), 0x77375739, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r4, 0xc02c564a, &(0x7f00000002c0)={0x0, 0x0, 0x0, @stepwise}) (async)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0) (async, rerun: 32)
r5 = inotify_init1(0x0) (async, rerun: 32)
r6 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r6, &(0x7f0000000580)={0x2, 0x1, @local}, 0x10)
fcntl$setown(r5, 0x8, 0xffffffffffffffff) (async)
fcntl$getownex(r5, 0x10, &(0x7f0000000140)) (async)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000c"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002300000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r8}, 0x10) (async, rerun: 64)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0) (rerun: 64)
setsockopt$inet6_tcp_int(r9, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) (async)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(0xffffffffffffffff, 0x40046607, &(0x7f0000000180)={@desc={0x1, 0x2000000, @desc3}}) (async, rerun: 64)
r10 = open_tree(0xffffffffffffffff, &(0x7f0000000640)='\x00', 0x89901) (rerun: 64)
fchdir(r10) (async)
umount2(&(0x7f0000000000)='./file0\x00', 0x0) (async)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1})

1.061097339s ago: executing program 2 (id=77):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f0000000400000008000000da00000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000400"/28], 0x48)
r3 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x10, &(0x7f0000000180), 0x4)
connect$inet6(r3, 0x0, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r4 = io_uring_setup(0x3450, &(0x7f0000000380)={0x0, 0x0, 0x1, 0x0, 0x52})
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0xfff}], 0x1)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = socket$inet_sctp(0x2, 0x400000000001, 0x84)
sendto$inet(r6, &(0x7f0000001240)='!', 0x1, 0x0, &(0x7f0000000040)={0x2, 0x0, @private=0xa010100}, 0x10)
listen(r6, 0xda8c)
accept4(r0, &(0x7f0000000080)=@vsock={0x28, 0x0, 0x0, @local}, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
r8 = dup(r7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r8, 0x0)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x4000)
r9 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$BLKZEROOUT(r9, 0x127f, &(0x7f0000000240)={0xffffff, 0x1000000})
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000000100)={r2, 0x58, &(0x7f0000000400)}, 0x10)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/5, 0x1c000, 0x800}, 0x20)
r10 = socket(0x28, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r10, 0x8933, 0x0)

842.914048ms ago: executing program 3 (id=78):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x20000884)
syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
add_key$keyring(&(0x7f0000000240), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
r3 = socket$netlink(0x10, 0x3, 0x4)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r3, 0x10e, 0x8, &(0x7f0000000280)=0x7, 0x4)
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
syz_emit_ethernet(0xae, &(0x7f0000000000)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000308", 0x78, 0x3a, 0x0, @private1, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "5b52ab", 0x0, 0x2b, 0x0, @private0, @private0, [@srh={0x0, 0x4, 0x4, 0x2, 0x1, 0x0, 0x0, [@private2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}, @dstopts={0x88, 0x2, '\x00', [@hao={0xc9, 0x10, @remote}]}]}}}}}}}, 0x0)
creat(&(0x7f0000000380)='./file0\x00', 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x100, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500))
writev(r3, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c611000000000000feff2c707f8f00ff", 0x58}], 0x1)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0)
chmod(&(0x7f0000000180)='./file0\x00', 0x0)
sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="18000000", @ANYRES16=r2, @ANYBLOB="01e7000000000000000004"], 0x18}}, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000009c0)={'vcan0\x00', <r5=>0x0})
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r6, &(0x7f0000000080)={0x1d, r5}, 0x18)
sendmsg$can_j1939(r6, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40246608, &(0x7f0000000000)={0x0, 0x9, 0x7fffffffffffffff, 0x80000001, 0x3, 0x5})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa, 0x0, 0x0, {0x0, 0x1, 0x9, 0x6, 0x9, 0x1, 0x1, 0x0, 0x5a, 0xfffe, 0x6, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}})

824.140108ms ago: executing program 0 (id=79):
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x20001, 0x0)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000200)={@host})
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f0000000000)={@local})
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f00000001c0)={@hyper})
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000000)=0x27)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
io_setup(0x27, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
syz_open_dev$sg(&(0x7f0000000380), 0x0, 0x80000)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = fsmount(0xffffffffffffffff, 0x0, 0x7e)
ioctl$FICLONE(r2, 0x40049409, r1)
r3 = dup(r1)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1000, 0x0, 0x2, 0x0, 0xfffffffffffffffe}, 0x0, &(0x7f0000000240)={0x3fd, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x40}, 0x0, 0x0)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0)
r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_dsack\x00', 0x1, 0x0)
sendfile(r5, r4, &(0x7f00000000c0)=0x8e, 0x180000504)
bind$bt_sco(0xffffffffffffffff, &(0x7f0000000080)={0x1f, @none}, 0x8)
prlimit64(0x0, 0xe, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0xfffffffffffffe90, 0x5, 0xa}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="8c000000", @ANYRES16=r7, @ANYBLOB="050000000000000010000f05000008001500", @ANYRES32=r8, @ANYBLOB="4d000e0080000000ffffffffffff080211000001505050505050000000000000000000006400000000060202020202020406000000000000050300000025030000002a01007606000000000000000000080026006c09000008000c006400000008000d00000000000800a50000000000"], 0x8c}, 0x1, 0x0, 0x0, 0x4000014}, 0x0)

381.447835ms ago: executing program 3 (id=80):
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = dup(r0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000000c0)='sys_enter\x00', r2}, 0x10)
init_module(0x0, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r5, 0x4068aea3, &(0x7f0000000100))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$PTP_EXTTS_REQUEST2(r1, 0xc4c03d12, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x0, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0xfffffffffffffd56)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mq_open(&(0x7f0000000180)='\x9a%\xc8-)\x00', 0x40, 0x0, 0x0)
io_setup(0x8, &(0x7f0000004200))
syz_open_procfs(0x0, 0x0)
io_submit(0x0, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000010000000900010073797a300000000070000000090a010400000000000000000100000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021340011800a0001006c696d697400000024000280080004"], 0xb8}}, 0x0)

0s ago: executing program 2 (id=81):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, 0x0)
lseek(r1, 0xae7d, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000940)={0x6, 0x13, 0x0, 0x0, 0x426b, 0x0, 0x0, 0x40f00, 0xa, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600707, 0x19)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f00000003c0)=[@increfs], 0x0, 0x0, 0x0})
dup3(r2, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0xc, 0x0, &(0x7f0000000400)=[@dead_binder_done={0x400c6313}], 0x0, 0x0, 0x0})
mknod$loop(&(0x7f00000017c0)='./file0\x00', 0x8, 0x1)
mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='hfs\x00', 0x1c0004, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:19493' (ED25519) to the list of known hosts.
[   34.258234][ T5301] cgroup: Unknown subsys name 'net'
[   34.401249][ T5301] cgroup: Unknown subsys name 'cpuset'
[   34.404467][ T5301] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   35.388025][ T5301] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   37.645145][ T5355] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   37.650264][ T5355] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   37.653365][ T5355] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   37.657030][ T5355] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   37.661110][ T5360] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   37.663690][ T5360] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   37.666499][ T5360] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   37.666788][ T5359] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   37.668658][ T5360] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   37.671450][ T5359] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   37.673479][ T5360] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   37.675921][ T5359] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   37.676564][ T5360] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   37.683396][ T5355] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   37.687125][ T4789] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   37.691019][ T4789] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   37.693262][ T4789] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   37.695763][ T4789] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   37.697428][ T5355] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   37.699050][ T5362] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   37.703192][ T5362] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   37.704604][   T65] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   37.705325][ T5362] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   37.707798][   T65] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   37.924029][ T5357] chnl_net:caif_netlink_parms(): no params data found
[   37.960541][ T5346] chnl_net:caif_netlink_parms(): no params data found
[   37.970022][ T5348] chnl_net:caif_netlink_parms(): no params data found
[   37.979114][ T5347] chnl_net:caif_netlink_parms(): no params data found
[   38.094590][ T5357] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.097523][ T5357] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.099896][ T5357] bridge_slave_0: entered allmulticast mode
[   38.102063][ T5357] bridge_slave_0: entered promiscuous mode
[   38.165006][ T5357] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.166996][ T5357] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.171433][ T5357] bridge_slave_1: entered allmulticast mode
[   38.173507][ T5357] bridge_slave_1: entered promiscuous mode
[   38.176426][ T5346] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.179316][ T5346] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.181224][ T5346] bridge_slave_0: entered allmulticast mode
[   38.183236][ T5346] bridge_slave_0: entered promiscuous mode
[   38.273967][ T5346] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.276950][ T5346] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.280607][ T5346] bridge_slave_1: entered allmulticast mode
[   38.283592][ T5346] bridge_slave_1: entered promiscuous mode
[   38.300995][ T5347] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.302980][ T5347] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.304974][ T5347] bridge_slave_0: entered allmulticast mode
[   38.307154][ T5347] bridge_slave_0: entered promiscuous mode
[   38.320517][ T5348] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.323181][ T5348] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.325923][ T5348] bridge_slave_0: entered allmulticast mode
[   38.330170][ T5348] bridge_slave_0: entered promiscuous mode
[   38.334438][ T5357] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   38.359712][ T5347] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.361649][ T5347] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.363571][ T5347] bridge_slave_1: entered allmulticast mode
[   38.365612][ T5347] bridge_slave_1: entered promiscuous mode
[   38.367876][ T5348] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.370500][ T5348] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.373090][ T5348] bridge_slave_1: entered allmulticast mode
[   38.376017][ T5348] bridge_slave_1: entered promiscuous mode
[   38.380529][ T5357] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   38.386864][ T5346] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   38.461906][ T5346] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   38.477859][ T5347] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   38.481256][ T5348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   38.485888][ T5357] team0: Port device team_slave_0 added
[   38.492122][ T5357] team0: Port device team_slave_1 added
[   38.516144][ T5347] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   38.520366][ T5348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   38.548024][ T5346] team0: Port device team_slave_0 added
[   38.595885][ T5348] team0: Port device team_slave_0 added
[   38.599036][ T5357] batman_adv: batadv0: Adding interface: batadv_slave_0
[   38.601445][ T5357] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.608794][ T5357] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   38.613994][ T5346] team0: Port device team_slave_1 added
[   38.617958][ T5347] team0: Port device team_slave_0 added
[   38.622292][ T5348] team0: Port device team_slave_1 added
[   38.624800][ T5357] batman_adv: batadv0: Adding interface: batadv_slave_1
[   38.626694][ T5357] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.633441][ T5357] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   38.653809][ T5347] team0: Port device team_slave_1 added
[   38.688698][ T5348] batman_adv: batadv0: Adding interface: batadv_slave_0
[   38.691289][ T5348] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.700414][ T5348] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   38.743430][ T5347] batman_adv: batadv0: Adding interface: batadv_slave_0
[   38.745753][ T5347] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.755004][ T5347] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   38.760508][ T5347] batman_adv: batadv0: Adding interface: batadv_slave_1
[   38.762824][ T5347] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.771878][ T5347] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   38.776521][ T5348] batman_adv: batadv0: Adding interface: batadv_slave_1
[   38.778969][ T5348] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.787795][ T5348] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   38.792821][ T5346] batman_adv: batadv0: Adding interface: batadv_slave_0
[   38.795203][ T5346] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.806152][ T5346] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   38.811134][ T5346] batman_adv: batadv0: Adding interface: batadv_slave_1
[   38.813437][ T5346] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.822604][ T5346] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   38.860857][ T5357] hsr_slave_0: entered promiscuous mode
[   38.863828][ T5357] hsr_slave_1: entered promiscuous mode
[   38.971347][ T5348] hsr_slave_0: entered promiscuous mode
[   38.973767][ T5348] hsr_slave_1: entered promiscuous mode
[   38.975652][ T5348] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   38.978415][ T5348] Cannot create hsr debugfs directory
[   39.015415][ T5346] hsr_slave_0: entered promiscuous mode
[   39.017661][ T5346] hsr_slave_1: entered promiscuous mode
[   39.019534][ T5346] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   39.021672][ T5346] Cannot create hsr debugfs directory
[   39.025584][ T5347] hsr_slave_0: entered promiscuous mode
[   39.029846][ T5347] hsr_slave_1: entered promiscuous mode
[   39.032238][ T5347] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   39.034831][ T5347] Cannot create hsr debugfs directory
[   39.274031][ T5357] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   39.281446][ T5357] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   39.291453][ T5357] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   39.296403][ T5357] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   39.316623][ T5348] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   39.332817][ T5348] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   39.341774][ T5348] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   39.352759][ T5348] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   39.364034][ T5346] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   39.369004][ T5346] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   39.382064][ T5346] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   39.386851][ T5346] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   39.421023][ T5347] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   39.430657][ T5347] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   39.438338][ T5347] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   39.447958][ T5347] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   39.493813][ T5357] 8021q: adding VLAN 0 to HW filter on device bond0
[   39.523221][ T5357] 8021q: adding VLAN 0 to HW filter on device team0
[   39.534819][ T5348] 8021q: adding VLAN 0 to HW filter on device bond0
[   39.543347][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.545364][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.548543][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.550445][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.566531][ T5348] 8021q: adding VLAN 0 to HW filter on device team0
[   39.595329][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.598057][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.603529][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.606185][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.649281][ T5346] 8021q: adding VLAN 0 to HW filter on device bond0
[   39.677404][ T5347] 8021q: adding VLAN 0 to HW filter on device bond0
[   39.686291][ T5346] 8021q: adding VLAN 0 to HW filter on device team0
[   39.694752][ T5347] 8021q: adding VLAN 0 to HW filter on device team0
[   39.699260][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.701946][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.708223][ T5356] Bluetooth: hci0: command tx timeout
[   39.712209][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.715297][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.724670][ T1097] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.726866][ T1097] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.744213][ T1097] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.747036][ T1097] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.772498][ T5347] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   39.776496][ T5347] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   39.778390][ T5356] Bluetooth: hci2: command tx timeout
[   39.781658][   T65] Bluetooth: hci1: command tx timeout
[   39.782490][ T5356] Bluetooth: hci3: command tx timeout
[   39.806225][ T5348] 8021q: adding VLAN 0 to HW filter on device batadv0
[   39.814332][ T5357] 8021q: adding VLAN 0 to HW filter on device batadv0
[   39.848435][ T5348] veth0_vlan: entered promiscuous mode
[   39.852507][ T5357] veth0_vlan: entered promiscuous mode
[   39.860195][ T5346] 8021q: adding VLAN 0 to HW filter on device batadv0
[   39.863617][ T5357] veth1_vlan: entered promiscuous mode
[   39.870413][ T5348] veth1_vlan: entered promiscuous mode
[   39.904903][ T5357] veth0_macvtap: entered promiscuous mode
[   39.911889][ T5357] veth1_macvtap: entered promiscuous mode
[   39.914343][ T5348] veth0_macvtap: entered promiscuous mode
[   39.917829][ T5347] 8021q: adding VLAN 0 to HW filter on device batadv0
[   39.926073][ T5346] veth0_vlan: entered promiscuous mode
[   39.931350][ T5348] veth1_macvtap: entered promiscuous mode
[   39.942007][ T5346] veth1_vlan: entered promiscuous mode
[   39.946572][ T5357] batman_adv: batadv0: Interface activated: batadv_slave_0
[   39.961152][ T5357] batman_adv: batadv0: Interface activated: batadv_slave_1
[   39.966621][ T5357] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   39.970674][ T5357] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   39.973444][ T5357] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   39.976171][ T5357] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   39.986545][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   39.990917][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.995347][ T5348] batman_adv: batadv0: Interface activated: batadv_slave_0
[   40.005771][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   40.009992][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.014558][ T5348] batman_adv: batadv0: Interface activated: batadv_slave_1
[   40.036682][ T5347] veth0_vlan: entered promiscuous mode
[   40.042330][ T5348] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   40.045579][ T5348] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   40.049124][ T5348] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   40.052353][ T5348] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   40.067460][ T5347] veth1_vlan: entered promiscuous mode
[   40.076722][ T5346] veth0_macvtap: entered promiscuous mode
[   40.086289][ T5346] veth1_macvtap: entered promiscuous mode
[   40.117022][ T5346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   40.118957][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   40.121025][ T5346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.123425][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   40.126816][ T5346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   40.133935][ T5346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.138476][ T5346] batman_adv: batadv0: Interface activated: batadv_slave_0
[   40.155218][ T5346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   40.155679][  T102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   40.158024][ T5346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.160892][  T102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   40.163418][ T5346] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   40.163429][ T5346] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.172819][ T5346] batman_adv: batadv0: Interface activated: batadv_slave_1
[   40.185210][ T5346] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   40.188554][ T5346] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   40.191754][ T5346] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   40.194907][ T5346] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   40.206696][ T5347] veth0_macvtap: entered promiscuous mode
[   40.209065][   T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   40.211796][   T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   40.219162][ T5347] veth1_macvtap: entered promiscuous mode
[   40.230582][  T102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   40.233469][  T102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   40.245044][ T5347] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   40.249385][ T5347] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.252935][ T5347] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   40.256644][ T5347] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.260702][ T5347] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   40.264254][ T5347] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.269825][ T5347] batman_adv: batadv0: Interface activated: batadv_slave_0
[   40.278296][ T5347] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   40.279245][ T5357] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   40.282067][ T5347] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.289433][ T5347] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   40.292028][ T5347] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.294725][ T5347] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   40.298985][ T5347] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   40.302238][ T5347] batman_adv: batadv0: Interface activated: batadv_slave_1
[   40.312457][ T5347] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   40.314863][ T5347] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   40.317671][ T5347] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   40.319965][ T5347] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   40.352519][ T1097] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   40.355516][ T1097] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   40.407617][ T5413] sp0: Synchronizing with TNC
[   40.423803][ T1097] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   40.426704][ T1097] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   40.431844][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   40.434049][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   40.459617][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   40.462410][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   40.581483][ T5422] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem
[   40.835401][ T5432] netlink: 'syz.2.7': attribute type 4 has an invalid length.
[   40.873984][ T5432] syz.2.7 uses obsolete (PF_INET,SOCK_PACKET)
[   41.117866][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   41.467482][ T5399] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   41.637862][ T5399] usb 7-1: Using ep0 maxpacket: 8
[   41.641450][ T5399] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[   41.644438][ T5399] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[   41.647144][ T5399] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   41.650728][ T5399] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   41.654157][ T5399] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   41.656569][ T5399] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   41.779269][ T5356] Bluetooth: hci0: command tx timeout
[   41.858083][ T5356] Bluetooth: hci1: command tx timeout
[   41.858126][ T5350] Bluetooth: hci3: command tx timeout
[   41.859799][   T65] Bluetooth: hci2: command tx timeout
[   41.875470][ T5399] usb 7-1: GET_CAPABILITIES returned 0
[   41.877078][ T5399] usbtmc 7-1:16.0: can't read capabilities
[   42.169916][ T5444] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9'.
[   42.487980][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   42.691839][ T5457] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   42.707858][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   42.771863][ T5457] lo speed is unknown, defaulting to 1000
[   42.788929][ T5457] lo speed is unknown, defaulting to 1000
[   42.815170][ T5457] lo speed is unknown, defaulting to 1000
[   42.820610][ T5460] Zero length message leads to an empty skb
[   42.938126][    T8] lo speed is unknown, defaulting to 1000
[   42.939828][ T5457] infiniband syz1: set active
[   42.941615][ T5457] infiniband syz1: added lo
[   42.969555][ T5457] RDS/IB: syz1: added
[   42.971114][ T5457] smc: adding ib device syz1 with port count 1
[   42.973259][ T5457] smc:    ib device syz1 port 1 has pnetid 
[   42.975955][    T8] lo speed is unknown, defaulting to 1000
[   42.982331][ T5457] lo speed is unknown, defaulting to 1000
[   43.042637][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   43.073497][ T5457] lo speed is unknown, defaulting to 1000
[   43.124476][ T5457] lo speed is unknown, defaulting to 1000
[   43.187197][ T5457] lo speed is unknown, defaulting to 1000
[   43.339980][ T5464] 9pnet_fd: Insufficient options for proto=fd
[   43.352551][ T5464] smc: net device ip6_vti0 applied user defined pnetid SYZ0
[   43.857484][   T65] Bluetooth: hci0: command tx timeout
[   43.937459][   T65] Bluetooth: hci1: command tx timeout
[   43.947712][   T65] Bluetooth: hci3: command tx timeout
[   43.947767][ T5356] Bluetooth: hci2: command tx timeout
[   44.262298][ T5468] sp0: Synchronizing with TNC
[   44.270736][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   44.334946][ T4485] usb 7-1: USB disconnect, device number 2
[   44.340463][ T5473] overlayfs: missing 'lowerdir'
[   44.525939][ T5474] netlink: 24 bytes leftover after parsing attributes in process `syz.1.16'.
[   44.552203][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   44.555369][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   44.558754][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   44.561747][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   44.566280][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   45.947478][ T5356] Bluetooth: hci0: command tx timeout
[   46.017851][ T5356] Bluetooth: hci1: command tx timeout
[   46.017916][   T65] Bluetooth: hci3: command tx timeout
[   46.017965][ T5350] Bluetooth: hci2: command tx timeout
[   46.210743][ T5508] netlink: 'syz.1.28': attribute type 1 has an invalid length.
[   47.043366][ T5517] RDS: rds_bind could not find a transport for fe80::aa, load rds_tcp or rds_rdma?
[   47.139937][ T5518] No control pipe specified
[   47.167393][   T72] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   47.174026][ T5518] overlayfs: missing 'lowerdir'
[   47.351978][   T72] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   47.354327][   T72] usb 5-1: config 1 has an invalid descriptor of length 127, skipping remainder of the config
[   47.357868][   T72] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[   47.360643][   T72] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 85, changing to 10
[   47.363707][   T72] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1712, setting to 1024
[   47.369113][   T72] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   47.371821][   T72] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   47.374101][   T72] usb 5-1: Product: syz
[   47.375356][   T72] usb 5-1: Manufacturer: syz
[   47.380529][ T5515] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   47.384015][   T72] cdc_wdm 5-1:1.0: skipping garbage
[   47.385450][   T72] cdc_wdm 5-1:1.0: skipping garbage
[   47.392834][   T72] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[   47.394678][   T72] cdc_wdm 5-1:1.0: Unknown control protocol
[   47.427128][ T5522] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   47.676187][ T5534] kAFS: No cell specified
[   48.407390][   T56] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   48.587401][   T56] usb 8-1: Using ep0 maxpacket: 8
[   48.593181][   T56] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[   48.596065][   T56] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[   48.598746][   T56] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   48.601284][   T56] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   48.604666][   T56] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   48.607072][   T56] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   48.697522][ T1447] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   48.847387][   T56] usb 8-1: GET_CAPABILITIES returned 0
[   48.848863][   T56] usbtmc 8-1:16.0: can't read capabilities
[   48.857400][ T1447] usb 6-1: Using ep0 maxpacket: 8
[   48.886771][ T1447] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[   48.894393][ T1447] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[   48.897246][ T1447] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   48.900275][ T1447] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   48.903896][ T1447] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   48.906745][ T1447] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   49.052671][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[   49.054481][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[   49.056147][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[   49.057757][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[   49.059431][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[   49.061007][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[   49.062673][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[   49.064431][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[   49.066148][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[   49.067796][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[   49.069451][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[   49.071034][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[   49.072704][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[   49.074370][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[   49.076038][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[   49.077655][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[   49.079318][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[   49.080983][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[   49.082698][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[   49.084373][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[   49.143768][ T1447] usb 6-1: GET_CAPABILITIES returned 0
[   49.145661][ T1447] usbtmc 6-1:16.0: can't read capabilities
[   49.163818][ T5558] netlink: 12 bytes leftover after parsing attributes in process `syz.3.34'.
[   49.411987][ T5541] netlink: 12 bytes leftover after parsing attributes in process `syz.1.35'.
[   49.786997][ T5560] netlink: 52 bytes leftover after parsing attributes in process `syz.2.37'.
[   49.799187][ T5560] netlink: 'syz.2.37': attribute type 10 has an invalid length.
[   49.806775][ T5560] 8021q: adding VLAN 0 to HW filter on device batadv0
[   49.812977][ T5560] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   49.929079][   T72] usb 5-1: USB disconnect, device number 2
[   49.930711][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[   50.953284][ T1447] usb 8-1: USB disconnect, device number 2
[   51.167719][   T72] usb 6-1: USB disconnect, device number 2
[   51.724153][ T5590] netlink: 4 bytes leftover after parsing attributes in process `syz.2.45'.
[   51.726739][ T5590] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   51.730749][ T5590] batman_adv: batadv0: Removing interface: batadv_slave_0
[   51.741558][ T5590] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   51.744736][ T5590] batman_adv: batadv0: Removing interface: batadv_slave_1
[   51.780043][ T5590] bond0: (slave batadv0): Releasing backup interface
[   52.884117][ T5609] sctp: [Deprecated]: syz.1.50 (pid 5609) Use of int in maxseg socket option.
[   52.884117][ T5609] Use struct sctp_assoc_value instead
[   52.909893][   T56] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[   53.067418][   T56] usb 8-1: Using ep0 maxpacket: 8
[   53.082793][   T56] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[   53.086070][   T56] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[   53.090846][   T56] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   53.093940][   T56] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   53.099124][   T56] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   53.102526][   T56] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   53.127325][   T35] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[   53.277323][   T35] usb 6-1: Using ep0 maxpacket: 16
[   53.282319][   T35] usb 6-1: config 229 has an invalid interface number: 182 but max is 0
[   53.284707][   T35] usb 6-1: config 229 contains an unexpected descriptor of type 0x1, skipping
[   53.287062][   T35] usb 6-1: config 229 has no interface number 0
[   53.288841][   T35] usb 6-1: config 229 interface 182 altsetting 182 endpoint 0xF has invalid maxpacket 511, setting to 64
[   53.291734][   T35] usb 6-1: config 229 interface 182 altsetting 182 has an invalid descriptor for endpoint zero, skipping
[   53.294611][   T35] usb 6-1: config 229 interface 182 altsetting 182 endpoint 0xD has invalid maxpacket 512, setting to 64
[   53.298575][   T35] usb 6-1: config 229 interface 182 altsetting 182 has an endpoint descriptor with address 0xD5, changing to 0x85
[   53.301870][   T35] usb 6-1: config 229 interface 182 altsetting 182 endpoint 0x85 has invalid maxpacket 5343, setting to 1024
[   53.304872][   T35] usb 6-1: config 229 interface 182 altsetting 182 bulk endpoint 0x85 has invalid maxpacket 1024
[   53.307724][   T35] usb 6-1: config 229 interface 182 altsetting 182 has an invalid descriptor for endpoint zero, skipping
[   53.311361][   T35] usb 6-1: config 229 interface 182 altsetting 182 has a duplicate endpoint with address 0x2, skipping
[   53.314925][   T35] usb 6-1: config 229 interface 182 altsetting 182 has 11 endpoint descriptors, different from the interface descriptor's value: 10
[   53.318566][   T35] usb 6-1: config 229 interface 182 has no altsetting 0
[   53.319573][   T56] usb 8-1: GET_CAPABILITIES returned 0
[   53.321955][   T56] usbtmc 8-1:16.0: can't read capabilities
[   53.323045][   T35] usb 6-1: Dual-Role OTG device on HNP port
[   53.326249][   T35] usb 6-1: New USB device found, idVendor=0af0, idProduct=6500, bcdDevice=60.73
[   53.328577][   T35] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   53.330625][   T35] usb 6-1: Product: 谚놰꘎ࢵꘞꕪࠎ锿춼胘經⣹쮘鈔褊羏ᕩ倎膺⹳렎紘켗筕㭾Ꮹ宱苚ɳ륹䏸刪詇⃎줰茱嫽堃Ɍ鮥렆ﲧꊾ ᥠ虋屈怊섌떛ⷒ㈧ꚙ⫫拱ㄎ䨹΃⸎᜿쓱ꖭ弄洹
[   53.336176][   T35] usb 6-1: Manufacturer: 㠎金萟চ䛶㦳Ӆ㋋苺贺毹﷭鴱쩊膼ⶔ࠷鬌柊咡稉歵䟾畯ᇧ〳揣ꩩ藁覄ⳓﴌ謦꣕댙駧∬鳯乛捇㴬孲繣约镾郼乍㥖啙蠤懳ﲳ㞁爈濳◴廰厣ഓ칻ׅ儜皯遊붳䭔鷮島葇篧ஓ⓲ꦠ藨ю᪁䜑髛홏㶘ː耀˧⛞쬷꾛㒅証᫏斠㊔௩ᐣ╷⎻氦걟蝵밣㱺Ჯ㲈连羯哧謉⟠
[   53.344827][   T35] usb 6-1: SerialNumber: 摉⌹д쓬巨䊠ﹶ䍣⛇뒱熃㗖ఒ兓嶍籑흪♩爞刪兇穓妘蔼๊柟콤넉駝«ⷡݣ鎧઩昡膞훻⇿霑ⓘ坖⺢署得Ἑ㥁눥⑨贘쁥꘯⦃ﬡ既䭤ꂜ⋧Ḙ弒냶貋멩⒟棁毆뢏㱉ꌕ㇀蜪
[   53.352924][ T5609] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[   53.600965][   T35] option 6-1:229.182: GSM modem (1-port) converter detected
[   53.606784][   T35] usb 6-1: USB disconnect, device number 3
[   53.615679][   T35] option 6-1:229.182: device disconnected
[   53.627602][ T5615] netlink: 12 bytes leftover after parsing attributes in process `syz.3.49'.
[   55.558583][ T5612] usb 8-1: USB disconnect, device number 3
[   55.707381][   T62] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   55.857473][   T62] usb 5-1: Using ep0 maxpacket: 8
[   55.863065][   T62] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[   55.865893][   T62] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[   55.868486][   T62] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   55.871078][   T62] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   55.875534][   T62] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   55.880110][   T62] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   56.096377][   T62] usb 5-1: GET_CAPABILITIES returned 0
[   56.100018][   T62] usbtmc 5-1:16.0: can't read capabilities
[   56.705997][ T5670] netlink: 12 bytes leftover after parsing attributes in process `syz.0.67'.
[   57.166719][ T5672] netlink: 92 bytes leftover after parsing attributes in process `syz.1.64'.
[   57.337003][ T5678] netlink: 28 bytes leftover after parsing attributes in process `syz.1.68'.
[   57.370688][ T5678] bridge0: port 3(syz_tun) entered blocking state
[   57.372846][ T5678] bridge0: port 3(syz_tun) entered disabled state
[   57.375064][ T5678] syz_tun: entered allmulticast mode
[   57.379338][ T5678] syz_tun: entered promiscuous mode
[   57.381316][ T5678] bridge0: port 3(syz_tun) entered blocking state
[   57.383164][ T5678] bridge0: port 3(syz_tun) entered forwarding state
[   57.690160][ T5691] netlink: 16 bytes leftover after parsing attributes in process `syz.3.73'.
[   57.693352][ T5691] netlink: 8 bytes leftover after parsing attributes in process `syz.3.73'.
[   57.697844][ T5691] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.700679][ T5691] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.998517][ T5694] =======================================================
[   57.998517][ T5694] WARNING: The mand mount option has been deprecated and
[   57.998517][ T5694]          and is ignored by this kernel. Remove the mand
[   57.998517][ T5694]          option from the mount to silence this warning.
[   57.998517][ T5694] =======================================================
[   58.385796][ T5612] usb 5-1: USB disconnect, device number 3
[   58.584980][ T5714] netlink: 8 bytes leftover after parsing attributes in process `syz.0.79'.
[   59.280032][   T72] ==================================================================
[   59.282070][   T72] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x14c/0x1c0
[   59.284323][   T72] Read of size 8 at addr ffff888012f95388 by task kworker/1:1/72
[   59.287178][   T72] 
[   59.288439][   T72] CPU: 1 UID: 0 PID: 72 Comm: kworker/1:1 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0
[   59.291295][   T72] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   59.293866][   T72] Workqueue: events binder_deferred_func
[   59.295238][   T72] Call Trace:
[   59.296034][   T72]  <TASK>
[   59.296819][   T72]  dump_stack_lvl+0x116/0x1f0
[   59.298151][   T72]  print_report+0xc3/0x620
[   59.299572][   T72]  ? __virt_addr_valid+0x5e/0x590
[   59.300781][   T72]  ? __phys_addr+0xc6/0x150
[   59.301860][   T72]  kasan_report+0xd9/0x110
[   59.302955][   T72]  ? __list_del_entry_valid_or_report+0x14c/0x1c0
[   59.304523][   T72]  ? __list_del_entry_valid_or_report+0x14c/0x1c0
[   59.306082][   T72]  __list_del_entry_valid_or_report+0x14c/0x1c0
[   59.307587][   T72]  binder_release_work+0x9b/0x490
[   59.309262][   T72]  binder_deferred_func+0xe6e/0x12e0
[   59.310743][   T72]  process_one_work+0x958/0x1b30
[   59.311926][   T72]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   59.313246][   T72]  ? __pfx_process_one_work+0x10/0x10
[   59.314530][   T72]  ? assign_work+0x1a0/0x250
[   59.315654][   T72]  worker_thread+0x6c8/0xf00
[   59.316795][   T72]  ? __kthread_parkme+0x148/0x220
[   59.318223][   T72]  ? __pfx_worker_thread+0x10/0x10
[   59.319709][   T72]  kthread+0x2c1/0x3a0
[   59.320675][   T72]  ? _raw_spin_unlock_irq+0x23/0x50
[   59.321910][   T72]  ? __pfx_kthread+0x10/0x10
[   59.323027][   T72]  ret_from_fork+0x45/0x80
[   59.324084][   T72]  ? __pfx_kthread+0x10/0x10
[   59.325204][   T72]  ret_from_fork_asm+0x1a/0x30
[   59.326397][   T72]  </TASK>
[   59.327163][   T72] 
[   59.327828][   T72] Allocated by task 5720:
[   59.329267][   T72]  kasan_save_stack+0x33/0x60
[   59.330579][   T72]  kasan_save_track+0x14/0x30
[   59.331744][   T72]  __kasan_kmalloc+0xaa/0xb0
[   59.332913][   T72]  binder_thread_write+0xe19/0x4c60
[   59.334187][   T72]  binder_ioctl+0x268b/0x7050
[   59.335304][   T72]  compat_ptr_ioctl+0x6b/0xa0
[   59.336412][   T72]  __do_compat_sys_ioctl+0x259/0x2b0
[   59.337772][   T72]  __do_fast_syscall_32+0x73/0x120
[   59.338120][ T5716] netlink: 24 bytes leftover after parsing attributes in process `syz.3.80'.
[   59.339374][   T72]  do_fast_syscall_32+0x32/0x80
[   59.339391][   T72]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   59.345102][   T72] 
[   59.345692][   T72] Freed by task 72:
[   59.346635][   T72]  kasan_save_stack+0x33/0x60
[   59.347843][   T72]  kasan_save_track+0x14/0x30
[   59.349407][   T72]  kasan_save_free_info+0x3b/0x60
[   59.350704][   T72]  __kasan_slab_free+0x51/0x70
[   59.351828][   T72]  kfree+0x14f/0x4b0
[   59.352751][   T72]  binder_deferred_func+0xdd7/0x12e0
[   59.354022][   T72]  process_one_work+0x958/0x1b30
[   59.355234][   T72]  worker_thread+0x6c8/0xf00
[   59.356349][   T72]  kthread+0x2c1/0x3a0
[   59.357324][   T72]  ret_from_fork+0x45/0x80
[   59.358699][   T72]  ret_from_fork_asm+0x1a/0x30
[   59.359954][   T72] 
[   59.360521][   T72] The buggy address belongs to the object at ffff888012f95380
[   59.360521][   T72]  which belongs to the cache kmalloc-64 of size 64
[   59.363695][   T72] The buggy address is located 8 bytes inside of
[   59.363695][   T72]  freed 64-byte region [ffff888012f95380, ffff888012f953c0)
[   59.366833][   T72] 
[   59.367405][   T72] The buggy address belongs to the physical page:
[   59.369391][   T72] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888012f95e00 pfn:0x12f95
[   59.371831][   T72] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   59.373571][   T72] page_type: f5(slab)
[   59.374524][   T72] raw: 00fff00000000000 ffff88801ac428c0 ffffea0000938b00 dead000000000005
[   59.376517][   T72] raw: ffff888012f95e00 000000008020001e 00000001f5000000 0000000000000000
[   59.378887][   T72] page dumped because: kasan: bad access detected
[   59.380477][   T72] page_owner tracks the page as allocated
[   59.381790][   T72] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5347, tgid 5347 (syz-executor), ts 47259921254, free_ts 47259769130
[   59.386200][   T72]  post_alloc_hook+0x2d1/0x350
[   59.387298][   T72]  get_page_from_freelist+0x101e/0x3070
[   59.388932][   T72]  __alloc_pages_noprof+0x223/0x25c0
[   59.390538][   T72]  alloc_pages_mpol_noprof+0x2c9/0x610
[   59.391823][   T72]  new_slab+0x2ba/0x3f0
[   59.392804][   T72]  ___slab_alloc+0xd1d/0x16f0
[   59.393911][   T72]  __slab_alloc.constprop.0+0x56/0xb0
[   59.395135][   T72]  __kmalloc_cache_node_noprof+0xf1/0x360
[   59.396386][   T72]  __get_vm_area_node+0xe1/0x2d0
[   59.397515][   T72]  __vmalloc_node_range_noprof+0x26a/0x15a0
[   59.399295][   T72]  vzalloc_noprof+0x6b/0x90
[   59.400312][   T72]  compat_get_entries+0x3ad/0x7d0
[   59.401424][   T72]  do_ipt_get_ctl+0x598/0xaa0
[   59.402479][   T72]  nf_getsockopt+0x79/0xe0
[   59.403496][   T72]  ip_getsockopt+0x18e/0x1e0
[   59.404537][   T72]  tcp_getsockopt+0x9e/0x100
[   59.405568][   T72] page last free pid 5347 tgid 5347 stack trace:
[   59.406982][   T72]  free_unref_page+0x5f4/0xdc0
[   59.408232][   T72]  vfree+0x17a/0x890
[   59.409447][   T72]  compat_get_entries+0x587/0x7d0
[   59.410665][   T72]  do_ipt_get_ctl+0x598/0xaa0
[   59.411721][   T72]  nf_getsockopt+0x79/0xe0
[   59.412735][   T72]  ip_getsockopt+0x18e/0x1e0
[   59.413779][   T72]  tcp_getsockopt+0x9e/0x100
[   59.414827][   T72]  do_sock_getsockopt+0x3fe/0x870
[   59.415991][   T72]  __sys_getsockopt+0x1a1/0x270
[   59.417131][   T72]  __do_compat_sys_socketcall+0x42b/0x700
[   59.418829][   T72]  __do_fast_syscall_32+0x73/0x120
[   59.420105][   T72]  do_fast_syscall_32+0x32/0x80
[   59.421243][   T72]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   59.422726][   T72] 
[   59.423292][   T72] Memory state around the buggy address:
[   59.424592][   T72]  ffff888012f95280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   59.426475][   T72]  ffff888012f95300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   59.428626][   T72] >ffff888012f95380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   59.430803][   T72]                       ^
[   59.431807][   T72]  ffff888012f95400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   59.433656][   T72]  ffff888012f95480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   59.435530][   T72] ==================================================================
[   59.437652][   T72] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   59.439911][   T72] CPU: 1 UID: 0 PID: 72 Comm: kworker/1:1 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0
[   59.442394][   T72] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   59.444815][   T72] Workqueue: events binder_deferred_func
[   59.446457][   T72] Call Trace:
[   59.447243][   T72]  <TASK>
[   59.448100][   T72]  dump_stack_lvl+0x3d/0x1f0
[   59.449635][   T72]  panic+0x71d/0x800
[   59.450621][   T72]  ? mark_held_locks+0x9f/0xe0
[   59.451742][   T72]  ? __pfx_panic+0x10/0x10
[   59.452789][   T72]  ? irqentry_exit+0x3b/0x90
[   59.453918][   T72]  ? lockdep_hardirqs_on+0x7c/0x110
[   59.455159][   T72]  ? check_panic_on_warn+0x1f/0xb0
[   59.456504][   T72]  check_panic_on_warn+0xab/0xb0
[   59.458027][   T72]  end_report+0x117/0x180
[   59.459358][   T72]  kasan_report+0xe9/0x110
[   59.460726][   T72]  ? __list_del_entry_valid_or_report+0x14c/0x1c0
[   59.462679][   T72]  ? __list_del_entry_valid_or_report+0x14c/0x1c0
[   59.464792][   T72]  __list_del_entry_valid_or_report+0x14c/0x1c0
[   59.466847][   T72]  binder_release_work+0x9b/0x490
[   59.468550][   T72]  binder_deferred_func+0xe6e/0x12e0
[   59.470231][   T72]  process_one_work+0x958/0x1b30
[   59.471407][   T72]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   59.472725][   T72]  ? __pfx_process_one_work+0x10/0x10
[   59.474011][   T72]  ? assign_work+0x1a0/0x250
[   59.475109][   T72]  worker_thread+0x6c8/0xf00
[   59.476204][   T72]  ? __kthread_parkme+0x148/0x220
[   59.477392][   T72]  ? __pfx_worker_thread+0x10/0x10
[   59.479025][   T72]  kthread+0x2c1/0x3a0
[   59.480044][   T72]  ? _raw_spin_unlock_irq+0x23/0x50
[   59.481238][   T72]  ? __pfx_kthread+0x10/0x10
[   59.482337][   T72]  ret_from_fork+0x45/0x80
[   59.483388][   T72]  ? __pfx_kthread+0x10/0x10
[   59.484478][   T72]  ret_from_fork_asm+0x1a/0x30
[   59.485618][   T72]  </TASK>
[   59.487025][   T72] Kernel Offset: disabled
[   59.488274][   T72] Rebooting in 86400 seconds..

VM DIAGNOSIS:
17:40:19  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000170baf RBX=0000000000000000 RCX=ffffffff8b12f739 RDX=0000000000000000
RSI=ffffffff8b4cc8e0 RDI=ffffffff8bb12060 RBP=fffffbfff1b52af8 RSP=ffffffff8da07e20
R8 =0000000000000001 R9 =ffffed1005687025 R10=ffff88802b43812b R11=0000000000000000
R12=0000000000000000 R13=ffffffff8da957c0 R14=ffffffff901cc608 R15=0000000000000000
RIP=ffffffff8b130b1f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000020f44000 CR3=0000000000ca0000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000041000000000 0000000a00000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000006b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85035a15 RDI=ffffffff9a63a260 RBP=ffffffff9a63a220 RSP=ffffc90000def620
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552
R12=0000000000000000 R13=000000000000006b R14=ffffffff850359b0 R15=0000000000000000
RIP=ffffffff85035a3f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b500000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00000000f73cb90c CR3=0000000000ca0000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000041000000000 0000000a00000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=ffff88802b546780 RCX=ffffffff81809cec RDX=ffff88801d2ca440
RSI=ffffffff81809cc6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc900003d79a0
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=ffffed10056a8cf1 R13=0000000000000001 R14=ffff88802b546788 R15=ffff88802b640100
RIP=ffffffff81809cc8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c01300
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f56b3e8c CR3=000000000db7c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000041000000000 0000000a00000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000003 RBX=0000000000000001 RCX=ffffffff81856d31 RDX=ffff88801f524880
RSI=ffffffff8bb11fe0 RDI=ffffffff8bb12020 RBP=000000000003dbcc RSP=ffffc90000e2f5f8
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=00000000ffffffff R13=ffff8880004e8040 R14=ffffc90000e2f874 R15=ffff8880404de000
RIP=ffffffff8b12fee4 RFL=00000096 [--S-AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c01300
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000322ebff8 CR3=000000002abd0000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000