last executing test programs:

2.849202843s ago: executing program 0 (id=453):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000016001000071b48013d030100000000001f02000000000000bc26100000000000bf67200000000000160200000fff0700670200000a000000360600000ee600f0bf050000000000000f651300000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

2.793828515s ago: executing program 0 (id=454):
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x0}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVex:De', 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = syz_io_uring_setup(0x7932, &(0x7f0000000200)={0x0, 0x0, 0x10100, 0x0, 0x40}, &(0x7f00000000c0), &(0x7f0000000000)=<r2=>0x0)
syz_io_uring_setup(0xa91, &(0x7f00000002c0), &(0x7f0000000040)=<r3=>0x0, &(0x7f00000005c0))
syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x4, 0x0, 0x0, 0x6e6a9ace1e35a607})
io_uring_enter(r1, 0xec4, 0x0, 0x0, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000440)='wlan0\x00', 0x10)
sendto$inet(r0, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

2.792101126s ago: executing program 0 (id=455):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0x13, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c1300000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000048aa008085000000700000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000540)={r0}, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
io_setup(0x0, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
pselect6(0x40, &(0x7f00000001c0)={0x8, 0x8000000000008, 0x4, 0xfffffffffffffffe, 0xfffffffffffffa5a, 0x4000000000000}, 0x0, &(0x7f00000002c0)={0x1000003ff, 0x4, 0x10000, 0x0, 0x0, 0x5, 0xfffffffffffffff9, 0xfff}, 0x0, 0x0)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
bind$bt_sco(0xffffffffffffffff, &(0x7f0000000080)={0x1f, @none}, 0x8)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="04040a0000000000005467920034db81e7abdddc259aee6063e57dfee0dab308ac44bd02bae33aa428c21e8527c5b32e2c96d0a0d52393"], 0xd)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001500010300000000000000000a"], 0x14}}, 0x40)
readv(r4, &(0x7f0000000340)=[{&(0x7f0000001600)=""/4099, 0x1003}], 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$TIPC_DEST_DROPPABLE(r3, 0x10f, 0x81, &(0x7f0000000100)=0xffffffff, 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2000, 0x0)
mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000040)='xfs\x00', 0x0, 0x0)
sendmsg$NFT_MSG_GETSET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYRES8=r4, @ANYRES64=r4, @ANYBLOB="f1405a9e562b555e016a2e1e8b6d49796eec04fc8cd51d5d31e098e41c8846c6146610e4eb4aaba126", @ANYRESHEX=r1, @ANYRES8=r1, @ANYRES32=r3, @ANYRES64=r5, @ANYRES64=r5], 0x14}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000240), 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f00000000c0)={0x0, 0x0, <r7=>0x0, 0x0, 0x0, 0x4, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000100)=[r7, 0x0, r7, r7], 0x4})
r8 = socket$kcm(0x29, 0x2, 0x0)
sendmmsg$inet(r8, &(0x7f0000004e00)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)="83", 0x1}], 0x1}, 0x700}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000002c0)}], 0x1}}], 0x2, 0x0)
close(r8)

2.498495749s ago: executing program 2 (id=458):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x2004e807, &(0x7f0000000180)={0x2, 0x4e1f, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
ftruncate(r0, 0x1)

2.438791685s ago: executing program 2 (id=459):
r0 = fsopen(&(0x7f0000000140)='cramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0xc1205531, &(0x7f0000000040)=""/112)
r2 = fsmount(r0, 0x0, 0x0)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000500), 0xffffffffffffffff)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x75d882, 0x0)
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000dc0))
getsockopt$netrom_NETROM_N2(r2, 0x103, 0x3, &(0x7f0000000100)=0x80, &(0x7f0000000180)=0x4)
r4 = dup3(0xffffffffffffffff, r3, 0x80000)
r5 = socket(0x840000000002, 0x3, 0xfa)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000005980)=@raw={'raw\x00', 0x3c1, 0x3, 0x2ac, 0x0, 0x150, 0x150, 0x0, 0x0, 0x208, 0x238, 0x238, 0x208, 0x238, 0x3, 0x0, {[{{@uncond, 0x0, 0xc8, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x24}}]}, @common=@inet=@SET2={0x30}}, {{@uncond, 0x0, 0xa4, 0xec}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x308)
r7 = socket$rxrpc(0x21, 0x2, 0x2)
bind$rxrpc(r7, &(0x7f0000000400)=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x2d)
listen(r7, 0x0)
listen(r7, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa11000001"], 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000440)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd608a27f2000c2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000f6", @ANYRES8=r3, @ANYRES64=0x0, @ANYRES8=r0, @ANYRESOCT=r1, @ANYRESDEC=r3, @ANYRESHEX=r4], 0x0)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000000)=0x17)
syz_open_dev$vbi(&(0x7f00000000c0), 0x1, 0x2)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c00000002060104db406e3e0004000200000000100003006269746d61703a706f72740005000400000000000900020073797a32000000000500050000006c00050001000600000024000780080008400000137906000440fffff000060005400000000008000640"], 0x6c}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_INTERFACE(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="012400001189b181df2e3e2fbbeb0a72064ccc06b6aac27138bab8c9a815ce600ec5f502044a1ff8ffcf74126279d97ee7521c9eafd9c7793dad2440f313de0f49b111a80f6d002eb1788d54e824ba22fd331deeb0838f79021779d2fe1ab28e65e27fc9fd63106a943bdde37b9ab64471ecbbab040064d568fe381f52ad6d0d24f1c45c2c20df06b7f0e56b239bff42989a72a192be918ca56973593aed4e9da8e3fb62d1e31cd907663d1647c3a279764cf9fe9602eeb189bfd8d222d67cf9f922f8d9b7d2f1a72c22e0bc2ad734dc515b66001125d66525f87edb172f453c6f233c98d8e3930f6096bab14f38c690067bfe3a5806e006f7f1e6771b1dbf21eaaf259edb", @ANYRES16=r10, @ANYBLOB="0500000000000000de9e67282a0815e14600", @ANYRES8=r5, @ANYRES32=r2], 0x24}}, 0x280c5)

2.240043494s ago: executing program 2 (id=460):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x15, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000040)={@private2, <r1=>0x0}, &(0x7f0000000240)=0x14)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x3, '\x00', r1, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x3, &(0x7f0000000100)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r6, 0x4020aed2, &(0x7f0000000100)={0xeeef0000, 0x1000})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r7 = socket$inet6(0xa, 0x2, 0x3a)
sendto$inet6(r7, &(0x7f0000000080)="800009e92208a1ce", 0xfdef, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x1c)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)=0x3, 0x12)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRESOCT=r7, @ANYRES64=r6], 0x48)
r8 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x890b, &(0x7f0000000000))
r9 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r9, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @remote, 0x3}, 0x1c)
listen(r9, 0x80000000)
r10 = socket$inet_dccp(0x2, 0x6, 0x0)
setsockopt(r10, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r10, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10)

2.136187419s ago: executing program 0 (id=461):
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000150001030000000000000000"], 0x14}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000680)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000540)=[{0x4, 0x2, 0x0, 0x1}, {0x3, 0x5, 0x10}, {0x0, 0x1, 0xd, 0x9}, {0x4, 0x3, 0xb, 0xb}, {0x3, 0x3, 0x9, 0x2}], 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x804)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0xe, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x4, 0x0, @void, @value, @void, @value}, 0x50)
r3 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
connect$pppl2tp(r3, &(0x7f0000002080)=@pppol2tpin6={0x27, 0x1, {0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x32)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x9)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@uuid_off}]})
r4 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r4, &(0x7f0000000000)='./file1\x00', 0xc000, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(r4, &(0x7f0000000100)='./file1\x00', r4, &(0x7f0000000240)='./file0\x00', 0x0)
unlink(&(0x7f0000000280)='./file1\x00')
link(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='./file1\x00')

2.135911645s ago: executing program 1 (id=462):
syz_emit_ethernet(0x5e, &(0x7f00000002c0)={@broadcast, @random="05009211d49c", @void, {@ipv4={0x800, @icmp={{0x12, 0x4, 0x0, 0x0, 0x50, 0x0, 0x0, 0x0, 0x88, 0x0, @private=0xa010101, @broadcast, {[@cipso={0x86, 0x32, 0x3, [{0x7, 0xb, "ba81760deb948765f0"}, {0x5, 0x3, "fa"}, {0x7, 0xd, "98d3b04cf09ab9eb48aa77"}, {0x7, 0x8, "45ec966b5d70"}, {0x5, 0x3, '$'}, {0x5, 0x6, "29f76aca"}]}, @end]}}, @address_request={0x11, 0x0, 0x0, 0x7e}}}}}, 0x0)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000340)=<r0=>0x0)
quotactl$Q_GETQUOTA(0xffffffff80000702, &(0x7f0000000240)=@nbd={'/dev/nbd', 0x0}, r0, &(0x7f00000004c0))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b40)={0x18, 0x10, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYBLOB="da2261875f58323cf5704ca92bdcc7e39a892ad9ce2e9482b397d74faa777043c79850203e844203a9e2442046"], &(0x7f0000000080)='syzkaller\x00', 0x8, 0xac, &(0x7f0000000140)=""/172, 0x41000, 0x48, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
socket$packet(0x11, 0x3, 0x300)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000740)=0x2)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}, 0x1, 0x0, 0x0, 0x48000}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r5, &(0x7f0000000280)={0x10, 0x0, 0x1, 0x2ffffffff}, 0xc)
r6 = socket$inet(0x2, 0x2, 0x1)
bind$inet(r6, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
sendmsg$inet(r6, &(0x7f0000000600)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb58", 0x6}], 0x2}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x13f}}, 0x20)
socket$inet6_sctp(0xa, 0x1, 0x84)

1.349550853s ago: executing program 3 (id=468):
r0 = openat$sw_sync_info(0xffffff9c, &(0x7f0000000000), 0x400, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0x4, 0x7, 0x7f, 0x9, 0x9, 0x7b, 0x0, 0x8, 0x90, 0x67, 0x5, 0x0, 0x6, 0x4}, 0xe)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x64, 0x10, 0x403, 0x0, 0x40000000, {0x0, 0x0, 0x74, 0x0, 0x0, 0x11203}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x34, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x5, 0x1}, @IFLA_BR_VLAN_DEFAULT_PVID={0x6}, @IFLA_BR_FORWARD_DELAY={0x8, 0x1, 0x15}, @IFLA_BR_NF_CALL_IP6TABLES={0x5}, @IFLA_BR_AGEING_TIME={0x8, 0x4, 0x9}, @IFLA_BR_MCAST_ROUTER={0x5, 0x16, 0x1}]}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x800}, 0x0)

1.297402102s ago: executing program 3 (id=469):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)}, 0x0)
openat$cachefiles(0xffffff9c, &(0x7f0000000100), 0x100, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x3a)
openat$sndseq(0xffffff9c, &(0x7f00000000c0), 0x2002)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e22, 0x8, @local, 0xffffeffb}, 0x1c)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r4, 0x84, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x4)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000000)={@loopback, @multicast1, <r5=>0x0}, &(0x7f0000000040)=0xc)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r6=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@RTM_DELMDB={0x38, 0x55, 0x200, 0x70bd2a, 0x25dfd3fb, {0x7, r5}, [@MDBA_SET_ENTRY={0x20, 0x1, {r6, 0x0, 0x0, 0x3, {@ip4=@broadcast, 0x8edd}}}]}, 0x38}}, 0x5044)

1.293532896s ago: executing program 2 (id=470):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x8, 0x1c, &(0x7f0000000300)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007b2af0ff00000000d609080000000000db9af0ffe1000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000001500000076000000bf9800000000000056080000000fff008500000007000000b70000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

1.290626146s ago: executing program 0 (id=471):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
r4 = openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$vim2m_VIDIOC_TRY_FMT(r4, 0xc0cc5640, 0x0)
syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0xce5d, 0x80, 0x0, 0x89}, &(0x7f0000000240)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, &(0x7f0000000000)=0x5, 0x0, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCOUTQ(r7, 0x4bfb, &(0x7f0000000000))
r8 = socket$nl_route(0x10, 0x3, 0x0)
add_key(&(0x7f0000000080)='asymmetric\x00', 0x0, &(0x7f0000000500)="e306644c2f0b801228a9253e", 0xc, 0xfffffffffffffffd)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000210400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010067726574617000000c00028008000100", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x44}}, 0x0)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'lo\x00', <r10=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001300)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x40, 0x2, [@TCA_TBF_PRATE64={0xc, 0x5, 0xc9ae602c4a7e3555}, @TCA_TBF_PARMS={0x28, 0x1, {{0xd, 0x1, 0x1, 0x9, 0x4cc3, 0x3}, {0x7f, 0x2, 0x518, 0x3, 0x1, 0x5}, 0x1c0000, 0x9, 0x1012}}, @TCA_TBF_BURST={0x8, 0x6, 0x900}]}}]}, 0x6c}}, 0x0)

1.26306067s ago: executing program 2 (id=472):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001880)=@newtclass={0x0, 0x28, 0x0, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xb, 0xc}, {0xa7ed19f176482e87, 0x8}, {0xfff2, 0xffe0}}, [@tclass_kind_options=@c_cbs, @tclass_kind_options=@c_htb={{}, {0x0, 0x2, [@TCA_HTB_RTAB={0x0, 0x4, [0x8, 0xb9bc, 0x7f, 0x6, 0x9c8, 0x9, 0x8, 0x9, 0x2, 0x5, 0x5, 0x3b, 0x5, 0x44, 0x32, 0xc, 0x7, 0xb, 0xfffffff7, 0x6, 0x7ff, 0xffffffff, 0x5, 0x0, 0x7ff, 0x19e0, 0x3781, 0x5, 0x7ff, 0x4, 0x200, 0x4, 0x7, 0x70e, 0x6, 0x8e5, 0x4, 0x2, 0x9, 0x80000001, 0x7, 0x4d9b, 0x5, 0x10001, 0x3, 0xc, 0x6, 0x80000000, 0x8, 0x5, 0x8, 0x5, 0x10001, 0x401, 0x3, 0x7, 0x7, 0xfcb, 0x6, 0x1, 0x5, 0x6, 0x86, 0xb4e, 0x4, 0xffffffff, 0x400, 0x40, 0x9, 0xfffffff8, 0x1, 0x1, 0x5, 0x7, 0x8001, 0x5, 0x3, 0x8, 0x2, 0x8, 0x8000, 0x2, 0x7, 0x6, 0x5, 0x5, 0x10000, 0x8, 0x6, 0x0, 0x3, 0x8000, 0x3, 0xf4e9, 0x5, 0x4, 0xff, 0x9, 0x5e0bc37c, 0x2b, 0x80, 0x1, 0x0, 0xd, 0x2, 0x0, 0x10001, 0xffff, 0xffff, 0x6, 0x35506a36, 0x81, 0x7f, 0x1, 0x3, 0x1, 0x200, 0x8001, 0xfff, 0x3, 0x7, 0x3, 0x0, 0xc058, 0x9, 0xd, 0x200, 0x5, 0x9, 0xfff, 0xc, 0x90, 0x914, 0x2, 0x1, 0x3, 0x3, 0x9, 0x993d, 0x1, 0x0, 0x1, 0x4, 0x5, 0xfffffff8, 0x44, 0xa, 0xb1a, 0x7, 0x4, 0x0, 0x3dc9, 0x6, 0x8, 0x6, 0x7955, 0x2, 0x0, 0x10001, 0x40, 0x0, 0xffffffff, 0x4, 0x4, 0x0, 0x400, 0x6a, 0x7fffffff, 0x6, 0x0, 0xd, 0x3, 0x5, 0x1000, 0x7, 0x2, 0x6, 0x9f, 0x1, 0x1, 0x0, 0x2e, 0x3, 0x9ec4, 0x3, 0x3, 0x200, 0x0, 0x1, 0x2, 0x4, 0x7, 0x101, 0x4, 0x3, 0x3, 0x7, 0x10, 0xff, 0x9, 0x5, 0x3fbc, 0x10001, 0x1, 0x8, 0x0, 0x2, 0x4, 0x1a2, 0xfffffff3, 0x6, 0xc84, 0x0, 0x401, 0x1, 0xfffffffb, 0xded9, 0xfff, 0xc, 0x101, 0x6, 0x3ff, 0x1, 0xfffffff9, 0x6, 0x796, 0x3, 0x8, 0xa, 0x7, 0x6, 0x1, 0x8, 0x5, 0xd, 0xd7, 0x5, 0x9, 0x3, 0xd, 0xffffc814, 0x0, 0xffffffff, 0x8000, 0xfffeffff, 0x3, 0x1, 0x1, 0x2, 0x400, 0x9, 0x2, 0x8000, 0xfffffff1, 0x6, 0x401]}, @TCA_HTB_OFFLOAD, @TCA_HTB_OFFLOAD, @TCA_HTB_CTAB={0x0, 0x3, [0x0, 0x2, 0x10001, 0x0, 0xfef2, 0x9, 0xe6, 0x7fff, 0x9, 0x0, 0x2, 0x3, 0x4fa, 0x5, 0x3, 0x3, 0x1, 0x7, 0x1, 0x4, 0x10001, 0xa, 0x80000000, 0x7, 0x8, 0x1, 0x3, 0x400, 0x5, 0xe, 0xc15c, 0x7703, 0x1, 0xfffffffd, 0x6, 0x6, 0x8000, 0x9, 0x2, 0xffffff6c, 0x400, 0xfffff800, 0x0, 0xa7, 0x1, 0x7, 0x2, 0x1, 0x89ba, 0x100, 0xfb, 0x8, 0x5, 0x80, 0x7f, 0xc564, 0x3, 0xcdec, 0x0, 0x40, 0xffffffff, 0x3, 0x9, 0x9, 0xfffffff8, 0x5, 0x10000, 0x4, 0x7, 0xdb, 0x8000, 0x3, 0x7, 0x0, 0x5ad8, 0xfffffff6, 0xfffff801, 0xff, 0x2, 0x8, 0x7, 0x8, 0x5, 0x4, 0xf4e, 0x401, 0x89, 0xa, 0x4, 0xfff, 0x7ac4, 0x3, 0x0, 0xcf4, 0x8, 0x0, 0x2, 0x5b, 0x2, 0xd91, 0x8, 0x7, 0x0, 0xf08, 0x4, 0x9, 0x5, 0x3, 0xc0ac, 0x6, 0x8, 0xfffffff8, 0x5, 0x0, 0x7fffffff, 0xfffffde3, 0x401, 0x7, 0x2, 0x6, 0x4, 0x7fff, 0x7, 0x9, 0x9, 0x9, 0xa, 0x74, 0x8, 0x5, 0x0, 0x438ae0eb, 0x200, 0x8001, 0x9, 0x80000000, 0x80000001, 0x100, 0xa0, 0xa, 0x1, 0x2, 0x778, 0x3, 0x68e1800, 0x1, 0x0, 0x7689, 0x40, 0x400, 0x5, 0xffffccbd, 0x3, 0x39, 0x5, 0xc, 0xe37, 0x5, 0x4, 0xf, 0x7, 0x1, 0x7fff, 0x1, 0x585a, 0x11, 0xab86, 0x1000, 0x5, 0x7, 0x2, 0x0, 0x0, 0x2, 0x7, 0x3, 0x5, 0x200, 0xe46, 0x1, 0x0, 0xffffffff, 0x1, 0xdf1, 0xff, 0x3c, 0x7f, 0xfd, 0x4, 0x1000, 0x0, 0xffffff9a, 0x7f80, 0x400, 0x3, 0x10, 0xffffffff, 0x40, 0xeca2, 0x8, 0x9, 0x80000000, 0x0, 0x1, 0x4, 0x4, 0x5, 0x7f, 0x4, 0x5, 0x1, 0x9, 0x3ff, 0x5, 0x2, 0x7, 0x1, 0x2, 0x9, 0x80000001, 0x9, 0x4, 0x8000, 0x2, 0x4, 0xdaf0, 0x4, 0x7fffffff, 0x8b6, 0x7, 0xffff052d, 0x2, 0x6, 0x5, 0x7, 0x9, 0x2, 0x8, 0x3, 0x6, 0x2, 0x5a, 0xfffffff7, 0x0, 0x6, 0x1, 0x1, 0x88e1, 0x0, 0x92e, 0xb, 0xd02, 0x7, 0x101, 0x5, 0x2]}, @TCA_HTB_CTAB={0x0, 0x3, [0x8, 0x5, 0x3, 0x6, 0xe8, 0x8, 0x1, 0x7ee0, 0x4, 0x8, 0x0, 0x3, 0x2, 0x7, 0x7, 0x4, 0x2, 0xcbcd, 0x4, 0x6, 0xc, 0x6, 0xa61, 0xbc2, 0x3, 0x256cb802, 0x5, 0x2, 0x82a, 0x1, 0x5, 0x1000, 0x2, 0x2, 0x4, 0x2, 0x4, 0x1ff, 0x2, 0x40000000, 0x6, 0x7f, 0xff, 0xfffffffb, 0x9, 0x4, 0x9, 0x6, 0x10, 0xf, 0x0, 0x3, 0x2, 0x3, 0xff, 0x1, 0x2b96, 0x2, 0x5, 0x100, 0x0, 0x5, 0x100000, 0x80000000, 0x6, 0xffffffff, 0x3, 0x40, 0x3, 0x101, 0x4, 0x2, 0x2, 0x9, 0x9, 0x1, 0xfffffff9, 0x8, 0x7, 0xe, 0x0, 0xd, 0x7fff, 0x5, 0x2, 0x1, 0x0, 0x7f, 0x200, 0x9, 0x93, 0x8, 0x0, 0x0, 0x401, 0x7, 0x9, 0x702, 0x0, 0x1, 0x3, 0x5, 0x9, 0x5, 0x3, 0x6, 0x78, 0x28, 0x4, 0xd9da, 0x0, 0x8000, 0x7af, 0x0, 0x80000001, 0x4, 0x2, 0xa, 0x1, 0x782b, 0x6, 0xaa, 0x6, 0x9, 0x0, 0x87c33d3a, 0xcfe, 0x9, 0x5, 0x3, 0x9, 0x696f4aca, 0xfffffff5, 0x9, 0xfffffffc, 0x80000001, 0x3, 0x4e40, 0x80000001, 0x101, 0x18f3db02, 0x8000, 0x8, 0xfffffffe, 0x7f, 0x7, 0x7, 0x0, 0x9, 0xfffffffa, 0x800, 0x8, 0x8, 0x9, 0x3, 0x6, 0x0, 0x7, 0x3, 0x81, 0x4, 0xfffff02b, 0xb2, 0x6, 0x1, 0x6, 0xfb59, 0x0, 0x92, 0x2, 0x1, 0x9, 0x8e, 0xfba, 0x2, 0x1, 0x79e5, 0x8000, 0x6, 0x4, 0xff, 0x9, 0x600000, 0x3, 0x200000, 0x6, 0x3, 0x3, 0x5a7, 0x3, 0x4, 0x6, 0x4, 0x6, 0x9, 0x5, 0x7, 0x1cc4, 0x10, 0x100, 0x5e8, 0x1, 0xffffffff, 0x2, 0x7, 0x6, 0x25d9, 0x9, 0x0, 0x8, 0xfffffffb, 0x4, 0xfffffffc, 0x1, 0x2, 0x9, 0x9, 0x401, 0x9, 0x5, 0x6, 0x0, 0x4fa4063f, 0x0, 0x81, 0xfffffe01, 0x67e8, 0x2, 0x6, 0x2, 0x415, 0x9, 0x7, 0x6, 0x1, 0x7ff, 0x3, 0x2400, 0xfffffffd, 0x7, 0x3, 0x0, 0x1, 0x8001, 0x5c, 0xffffc611, 0x1, 0xffff, 0x0, 0x7f, 0x40, 0x3ff, 0x1, 0x5, 0x0, 0x9]}, @TCA_HTB_PARMS={0x0, 0x1, {{0x3, 0x2, 0xfffa, 0x1, 0x7fff, 0xf79}, {0x9, 0x2, 0xd8ed, 0x62b6, 0x0, 0x9}, 0x4, 0x6, 0x4a14a547, 0x1, 0x6}}]}}]}, 0x1fb8}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0x7, &(0x7f00000001c0)={0x6, 0x10000}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001840)={&(0x7f0000000300)=ANY=[@ANYBLOB="580000000206050000000000000000000000000005000400000000000900020073797a30000000000c00068008000640000000000500050002000000050001000600000012000300686173683a6e65742c706f7274000000"], 0x58}}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet_dccp(0x2, 0x6, 0x0)
setsockopt(r4, 0x800000010d, 0x2, 0x0, 0x0)
syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0xce5d, 0x1000, 0x0, 0x89}, &(0x7f0000000240)=<r5=>0x0, &(0x7f0000000280))
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f00000003c0), 0x6240, 0x0)
dup(r6)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000440), 0x1c1482, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f0000000240)={0x0, 0x1000000})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
creat(&(0x7f0000000000)='./file0\x00', 0x0)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
ioctl$TIOCPKT(r8, 0x5420, &(0x7f0000000040)=0x5)
r9 = syz_io_uring_setup(0x342c, &(0x7f0000000100)={0x0, 0x4291, 0x1, 0x0, 0x4002014d}, &(0x7f0000001240)=<r10=>0x0, &(0x7f00000000c0)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r9, 0x567, 0x0, 0x0, 0x0, 0x0)
ioctl$TCSETS(r8, 0x40045431, &(0x7f0000000dc0)={0x0, 0x3, 0xfffffffc, 0x0, 0x12, "0047ba7d82000020000000000000f7ffffff00"})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)

1.077629138s ago: executing program 1 (id=473):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
syz_open_dev$media(&(0x7f00000001c0), 0x0, 0x101580)
socket$inet_smc(0x2b, 0x1, 0x0)
r1 = getpid()
syz_pidfd_open(r1, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
dup(r3)
madvise(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x13)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="1800000015000100efff454ed6021b1206b87aba00060000000002ec00008b0800000000000067df9932b96034f13fd82f09c3e9de33a49eb11148243e", @ANYRES32=0x0], 0x18}}, 0x0)
r5 = dup(r2)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
r6 = memfd_secret(0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r6, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0xe)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
pselect6(0x40, &(0x7f0000000600)={0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, &(0x7f0000000680)={0x7ff, 0x0, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffc, 0x0, 0x3}, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000240)=@raw={'raw\x00', 0x4001, 0x3, 0x270, 0x130, 0x37f, 0x148, 0x130, 0x148, 0x228, 0x240, 0x240, 0x228, 0x240, 0x7fffffe, 0x0, {[{{@ip={@remote, @multicast1, 0x0, 0x0, 'ip6gretap0\x00', 'veth1_to_batadv\x00', {}, {}, 0x6}, 0x0, 0xe4, 0x12c, 0x0, {}, [@common=@inet=@ecn={{0x24}, {0x21}}, @common=@inet=@multiport={{0x50}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x2cc)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0)
ioctl$TCSBRKP(r7, 0x5425, 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
r8 = io_uring_setup(0x34dd, &(0x7f0000000100)={0x0, 0x40009730, 0x200, 0x1})
close(r8)
ioctl$TCSETSW2(r7, 0x5425, 0x0)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0)
syz_open_dev$radio(&(0x7f0000000140), 0x0, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18)

1.072746638s ago: executing program 3 (id=474):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000016001000071b48013d030100000000001f02000000000000bc26100000000000bf67200000000000160200000fff0700670200000a000000360600000ee600f0bf050000000000000f651500000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

1.072523552s ago: executing program 3 (id=475):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffa, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
r4 = syz_io_uring_setup(0xa006fe6, &(0x7f0000000540)={0x0, 0x2bae, 0x200, 0x2, 0x205}, &(0x7f0000000280)=<r5=>0x0, &(0x7f0000000240)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r4, 0x47f9, 0x0, 0x0, 0x0, 0x0)
r7 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r7, &(0x7f0000003540)=[{{&(0x7f0000000040)={0x2, 0x0, @private=0xa010100}, 0x10, &(0x7f0000000880)=[{&(0x7f0000000080)="93", 0x1}, {&(0x7f0000002400)="9917b1ad3d06a27855d01141e914353e8c663ed1065e32301b8acd1815ed897020c9092fe19ef95bd3c69397d675e3c19835f4c930a9bcbd49c4d872b7679a32e22015d7df39001b2d750fe2484101ef67cb628910e4cde2d8285b9017f55e84b67b72840813a8d080b71200f197d5b65f243ac4ac17d0cba3d08c98ceedf43365fc78aa0f52585ef7d8d525c049e1ae193a110f2dcfce4e6114b15de04b2720d6bd946506004cf479e742dcf73534e370150d97a55b559b5a1bedbc9290cbcac428f960e016fb88cfc21d86da2974ec3f2632992a27a4e5864623e05722eb07d27139b45171ec0cefa44e98f05dd4ff957056265edbacd81a611e4dfacb2b4879517e00c52e84728b1de1193bc88e509860ff143fc216c5100c41667a3ba5b157db616145a6d5ddb592e6b9589cdc93e3e8ef63da3cb4033d9f676cec3dcbb003ae54940e30203e1dc7b939c9c32029ad645b46ee269892e7a786bd36c2f7d962aad3b8d6e9d946adfa984a52cf7d35c5b2f492ab267c1ca948a5c0323d628364a612004c1c7feb2671a984f4dc05330a968e4b8cbe9200f111597c8ecc7ea7681ec281e168edbadc83d98de2b0dda7b187f509e487d63300932f3c76a1b66b4e01dffb07b4c80b5f5273a84b3cb0732b691738bba87517d53cf2b88b481cb325b8b912f54cee9d2546f2fdb96931bda2821eb66554abd4a21a8281c3c461df633a97f5cb3cf924fb324782399df0dc72d18d22b320e605dddf1123417dffc6452835a63fca230fbb002fd9c204b0819c56c4ce398423518b59dc8220bbf0c8b66f54c8009f1170f4c5582bfc703938bdf4d88ffe3eb87f4d2a62d442bb08ba405e11984c919fed63f9e86fd16c00843fa07cd9170919f4d07a12ad38db3f9effcfe1d631a48150e33ce07b3516fefab9587043a908dac8b0ffe361ec8e0fe7531f6d6d858cdabf7600f3a2bd90bce672cba7d366ae4ac6e33813f18340349422230cfe1d8c5757eb139321d44b57159089c68c13d7806cdbebeb42953f6f1670a313278a13076defab61b2016cf636ed37c7e7e1c49a4fb1d6a3d249e189087b37e724b6b24824bce4f77ab6f8a8d2f571d23c5120d75440e8eeda120467b5046b316e39aea9b6c7fa65eb4db56a3fed78c25fcde3afa956dee186fcad0b83f3d50a153f269113f5d9f1ccdff5ba86390c95b3a4ac782cd1121253f728b9b28a3cf59ebd82b0439d2f439e9cd00ca11a3f73515b6256b0faa56063ab761d5860a002c27fede7ce87b6336a4a146f2286ee32bb12e5a8bef04ba8cdb901c602a80eec7e74c947f88f6939ad240db8bc4baf655b941d1fc166fcbd2a64b5691e9145847ebc3ff5f8c07b8265c00176fa4617b6b7249aa801a090d4c65e36cfbbbca28913a892c3a7dd856fdf1f9a7279acfeee9fe51d14f87e4928f07f80145f54afb9a94fce7e76d38b64858327883b8f7141ccac8de649b7eb216d1b6c63f6d4d56dd9f11a2b36a6b3913917c378931e1ba3ec16aec67ef2bab2f1336a6990f7a78ab8acbc81d4ef49dc9bf02e6bae05118c706aeafa332e785ab59140d41ec0d00261ef9dd1735e19954cf1e8042b84185fa8bea4878e22ae53841b9c9752c950e5b21c7e7212b0297f22675cf8baae246e3c46a33e7228633954253add2592dbb7335b24569c834977a53ef23a84f7819deabd2c499422f23e7b682dc7f81b5d47b2ed330b83bb4f6c8f976539a8bf0d1f9b88d534c672d329ba41009f75c928ede7", 0x4e4}], 0x2}}, {{0x0, 0x0, &(0x7f0000001a40)=[{&(0x7f0000000780)="e4", 0x1}], 0x1}}], 0x2, 0x0)
setsockopt$sock_int(r7, 0x1, 0x7, &(0x7f0000000000), 0x4)
r8 = open(0x0, 0x10002, 0x80)
flock(r8, 0x1)
sched_setaffinity(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r10 = openat$cgroup_procs(r9, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r10, &(0x7f00000000c0), 0x12)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r11 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r12 = openat$cgroup_procs(r11, &(0x7f0000000480)='cgroup.threads\x00', 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r13 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r14 = openat$cgroup_procs(r13, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r14, &(0x7f00000001c0), 0x12)
readv(r12, &(0x7f0000000340)=[{&(0x7f0000001740)=""/153, 0x99}], 0x1)
syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})

1.070515s ago: executing program 1 (id=476):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x800)
r2 = epoll_create1(0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'geneve0\x00', <r4=>0x0})
sendto$packet(r3, &(0x7f0000000680)="165c4839c60066571e583e7c88a80906a1eb", 0x12, 0x8084, &(0x7f0000000200)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @broadcast}, 0x14)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x1c})
syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r1)

1.070382285s ago: executing program 1 (id=477):
r0 = syz_open_dev$vim2m(&(0x7f0000000640), 0x40, 0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x5c, 0x30, 0x300, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$loop(0x0, 0x2, 0x40000)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @empty, 0x4}], 0x1c)
sendto$inet6(r5, &(0x7f0000000040)='l', 0x1, 0x7ddfdbdfafa51cdd, &(0x7f0000000100)={0xa, 0x4e23, 0x2, @loopback, 0xffffffff}, 0x1c)
shutdown(r5, 0x1)
ioctl$BLKROTATIONAL(r4, 0x127e, &(0x7f0000000180))
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000140)={0x11, 0x1, 0x0, "8eb8a828e93b07f1dd06da7a41bfeac48048beb159fbba176fb1de26098c68d9"})
syz_emit_ethernet(0x52, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd60000000001c3c0020010000000000000000000000000002fe8000000000000000000000100000aa3300000000000000000000000e3bc6ddf698e02bb14a3a8e75c864699ceff01f86079734fc286bb04f337b0c2fc6bf279b5571ec40fa0956c8dc5470f104debb6e54cb89b3f7c7cefae0980b1f450221ef3828cc4bcfbad8a3be7ce7b613708800b461cd2bfca0a880ec7f20e8526dfe4448d026eb13e55b3aafb0059e9242c6a2e862e5c2d668f7ab79c05fd49ce9ad859175", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0)

885.206524ms ago: executing program 3 (id=478):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000440)='wlan0\x00', 0x10)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/clients\x00', 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
read$alg(r3, &(0x7f0000001540)=""/4131, 0x1023)
sendmsg$alg(r3, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000100)="dc139cb22f3e85", 0x7}, {&(0x7f00000001c0)="d154c43586b969367158998f9344e5edcded9c0a29ee6e9dee45ac6aacf5ee3c", 0x20}, {&(0x7f00000002c0)="663910266ce6d360776a0f5b3a9fbf6194133c7d8c434e7d06636aaa00346a2f963cdcebbb8b5eb44e8d0d48d6c8bd5f6fe97bc277c42ed6cf061a0c1c5ef86b689ebb2e494128378b6e8e2bbf9d57f4a9c5f0b84083fd4f08c9b9180c2f5b6133c3ff8e9b931d", 0x67}, {&(0x7f0000000780)="a6da5b9e8182b3331a3fb402a8101d1b1995d6779beb25f589df7b90d335880491d229417321c690a82586c50fa3563c086e7e39fc88a650d7ff5d603064b582baab2d5af30b2204aad191581a4a23b09655d329f0117a232ecc5dbe3e4a31394d3a77caa1e2661474a4e4c5e412cda1cbdde77bb00e86b89ac494ab0d003a0c42709f5ed64622ece449a982e0802f996d977f17f3510503c186346c2d4b7eb09c76283239a6a501eb2e23f86123fbf0f85d488dba5f1faa1b5f3f6447f18e8757751e6df4135ff4b14455c5e981f3e19b8e93e5f2f52cc274beb7c5558cfa513127cdc3cb9b7f7813da9ffa5ab620e278ccd6b84d52efa32aea4633360b16eebe0054042d0efa235799234c7d6910924785405d71967bab60294976c2ba38b7071c0e5910ed08e26f1fa2e9d123ee466546f7b28b99dca72dddd5f8d05c52e37b996a8804573e2a3e68b38d0d4597f1093b0ffd60afa2b0f1654c5906da0340588b5bd59e80fa94891a421930417602647237ccd6700ed9e14712fdb5e6e4cfeb5e8709b0c067ac588cbadb9148806e3c10", 0x192}, {&(0x7f0000002580)="28bac8eb60833fd2c7633754cf2b89de3f3810545bd8e072e5a159b520d9fa27f926373e245e3410e441e2847368766ba2e65822436b8d7f8fa931492648866e17b2f6e25415230235677727d706c890964c44420825a2fd427ec4b2ba33fb40034f686cfdbf28c007d27bcf2d40eac521bc9e06560c84f0fbb3378f057be04cc1c75946fb72acafe0bf4893f9191a0d11f1b2bfefa9b4678fa67ddf4c0ce5f644c699da71f44ed1d8949d0ed0b5caf0f2e5602d5d77d506ae516341316a7cc3497dd3a49f084c277464c61573bf96e1de27f8112a2ee87e4e2cb5d1d16ef7477538e86bcc967b36a2bba3ba33db9df68bbce08121028c1e09136a4e8ee21fe1430a96eba0d78acaa2ee5a7467de6e993cfc1b3f5670df7a7186c4cb680ca915218db517b8c682e1a750d0f0f1fcc4b6b257da86cc31a70bd9a1a1526eee2bed30d1bd28285e78a9de881599e8e177cfaf3fe98250e241e39f8d5c20ecc8be0914949c4d0bc13eae2d9ddff776bac196d421804053a39a845f88552e0347809ec7caccbb226fa15a68969f5c848f5b5cdd95fce24a8c45d5f054e00e23a13ea0d3209508fcf71833a18c2e2430240c4357742a4f5c2c9f7b2ccc9fbf127a875b480d2f83ddf3cca9309e63de645f36d98188c704deec43c3f115462c29e7637ba7c23ac6b3f50bd0f9ff3b3b896b328cf3833823770e071b957902c6a7172547796c3d101a8f9a0c35fc6470525068534d7156149c3c4eb3fddc950076530d91919e1f17304ecd28072ce6e476836be92704fb3f80ce97eac02bfdf323b21628fea4e5992dfc6cccda1d069503b244f0d6b2c49fc4b7f25e9cedb6e3e01537a08a772b490690b40846d7e22b4b75a6fd4125e9f825ec34244f8652ffd071e1babc0b5fa49e88b47ec6420dc89779b3228520ec1027afef310399e0c5a50afd720ed47850f76e8e7b3d677bb814ec31d5ed17639d2e9ef55ab1653ee9572c650f93bfe1270f85eda74da79bcc00fc3fa818e714859061e4c75d672e695945acf8a0dbcec3778a9b238239a93f4643f5756d59822a70685d9b7777df87486f6276528c5daa17c5e0dfaf3287d27c7108182cd9999a88f096495e993d96dace14b2d12116f51ce863c217c4f109bf0d34ebb88ab04a4519cc1b55bcfdb7526dcbe0210f70c7d6fb053aa664e631cec1a9a1e5df25079cb91b75e0456c9577229487fb6c9e65774e81954cf6621dc14eaf749ca5b681bae50a268e0ba34a37f58ac88bf73ca1bea8cddb74207644fb9527941297922cd545938d2067957bb6c266e4f34348156f9f58ceb91933c8a71cdaacb2f856c83338512e0999876780d3f5466989646e5f6c4c22f8915cb4a318c2393013ff34cba9094c30a3d69e14809b0773e5a236f531bc4d5efcc3b2f9b4a1898e9dbd184fbc608b786347cde084e4c89502627e21889bfe27a69b0fab54b2baeb7ddcb9d6b7410cab4ff19a4d03cd51255b5d778e5599c6e7c177a1f611a8963a9825f4e15fab54d85df11bf02388dbaef351633f50e9c51a90f8872385fabe635a33e7d6dd179ab4a92a8e49f408220e22f0409636c5517145b5bee6e076e1f951813aa1c5017f71e2f6d871cfdf4012bcbde7d0870d115274ef19cea2deb1cd8636bc7055928d0772139af612bd2539f731bf2942126eab27fc982dfbb33d96b8e30ccc61fdf4bb6ffc13dedebc6424de425d59e7409806ecc5d3dc27d1366b52818a5b93909ca94b912d2585d37f4490b79ebd7f28cf8f3d6b6d17c8a3212760f5cae6e462c0e73ec168bdf727af5e06eeb486de389df3f31b5cb9125ad1e0f8a0901d17e34d64658ff23b1064457acca5eb3fc45f8fb4471cf2978dace63839e1edd9721df62d152ad0e6a20a4971095b9d7f7d832e8e829d375fe698f635311dc1cb9ceb603df91840f686fc4c4bc1054badb7bdc6cd3c7ba6ff510c35fba8bd78312c7f24eaafdb908dfa9247030f469d220588184363ebb5e6a5bb98cbc20603009ca362ce502c4286998300c13d4e0db8759039f2eda4e15ca0b4a3055fffcd7944b7f2b317bc73bbc183aea9341d5a5b4ef749eb1d8dbe628d53590ada60fc42630ecea3a937fcc967f05c2ea8f43f32286f05bc208f8dc24d1ae517d7bc8de3510c483724b8222f7eac97646f7664693eb31cd91a06688598a4daa7b4cf21ecd80d41377b5b9c2fae59c35b4567fffd6939dbdec11a330afe4995597901709449108f328ae5317232941fcbdb70d61e95bf7bf2f1c82385882c99e72f22ab5adf09fc91d54f7dbc43ae2df897af3f4a679b1306d809c494a940e7ca277adb02efc36815bed6c9a9cda33290581f4bcdcaf367e56151d1a23690cde0280328fdce5a6076347fdcd86e81698b1c264653e962bef3c6d750c78058e75bf52524eacf1045e21c7cedd665c2c2c5f59f95043f95293768d6a25432a37cff2a6fbf1f5ccd682ce1f6fe8d42ce6616c8c230845075604393c2059fa719bde264646495c5b67678d0bb869f807353dd4896e5cff6bfb86f33bde61de2bb4350487c42c666336e8bd52ee54742fcc8b8ea1128092d70132dfc4e37c400e5c416dccfc3938e06e32770ee40b9de7e8e251118beefbd19a0cd9ef7fdf91554bb80c0a556bb8155a6b9b45a861aad388aa0d6e3a98a927dfcf0ad31089016158e269928cd562eb4ff7896ca45d4f9efbbb46f12ba9f627e78b031b06e5655b3db6b7246f8bdeac1217d10323874ad7f02d73bc683a581fce8e3136cdec27064b79aa9def2e23f4a9fb80b07ced6c4cda3a86040d3dba796dd815ec27c3fe29abe6a826ed1c284637fd813f9649de77aa68b46c892c5a77511cc1796dca449db9a291ccbc2cd27b344b16fd6499f23a8dafa31721dda26fea8641cb11726532378b2dc15102a87e972cf2ca778a8a09065786ea2d791bdb01e8c199490729b9b07a218e6548c17fc14bc64f9189fb45d136c0a1c01eb0394c303b6fdb18ed4c39566e29efc0ffc0550c486c0277ca6adb92bf6250f956e9d2ec1c01ddf1ebe87df3f6ff8d08197d4b5774b4961b6e9d970d48d982637900993c093cad5431e8e4834b5dfa703b0f1b102956223a1ea757fb7dc49648e7d66b4124533b8c0a0466731f9e72063af7e8dbe32912822709e5d4f4ae828597e535077c1cf9c7717ab97ca233c42c29f10ac9c58276c49e2142b168acd3c9cb5eb49e12ae59b9a2db55acf8f6ec6601f08eb464cf36f4b26b267b64f631eac2fe5a70a89c09ecaf70a03cf20555cedea6be1c5e009887de915e96e5272194fbfb021daa6cffbab4c1c908fe72dc2345f26dc00821822d24101b1cf65486aa502783fa87f6a98bfb8714078d16eb2c6a2790c93be3d9c310128a0ddfdc86df2ceb47583816cde0937e9fd01a739ec75c9dd2804efa565211b8640ca519801fef2ab02b1c6830d629caef04ca3502cb53d733004afd383b3c1adb4594d73cf641c51bf4ffa935c39f5a6f63f5d3205e5e3241f696dcc4e66f82be73d15a271b2e0ab6e3af03a213e37ffc4f777173e560e7dcbe74207a49567d26007dddddba54118c0de4dc67ec2fdbe809d5d838b275dd66859146259491a2f8c96951214485c08ebfeb22ab5e0b0dd4d109441455ef7cf9db212579762989ab2630ff3310483c8ec40885c486a17a7806cdc23359db33f8934d40a6ce225f2a8d65879f26aa970f3f4975fbd6baedb2ace9a27159159462aaf7ec909bb67936c71ebef48d8c54bde2845d664ef557adb7df20df3f4db4084a22afa157f9a9c626ba37fcaaa26e86942997f1700bd222958b0a62519fa076867aade22c2bfb01bfa69a53c2f4a0076e70161625876561397f84983cb6a6c154510210f02e6aed2ec656cc7738312e5df864deb0deed86a5735e52408869523b98451f10b18a7d352909e4fcf60a23e5fb1174ac324b00715e684e08c96f21a5641706769387c765ce7c111098d12e9ae8dcc22fa8f8160867db675c3c6eac61d8fda4c267e0e2c98f8bd9bc3b148475f82aecfae0e3064d59f52b6d11530644567f4a62b7f42be0b3918c0eb89fc21b31970a49a977fc238441fd9127294b63fe706aae31e15917931b9d445770051b3701d9300c66b628cc747dc3344a610bf31cd534d053ee82eef0c5cb3a5fd1b2a7126a5619b2a2c499866b329d103e8ec5abb5259016ff28ea11a4b27923aafe7d1439eda330029ec691c6bdfa9569434259d93638017341160663c5280e0f097b2ef2a47ece3b07a2652e29151ab17d484eb6e06942ea2bcef37e317b48947ea3c92b48db908f477a3bc548c4291a6ee3235cb0c71d9095589b5e9fddd564214e99da95d0f2ebcd38feca7f52dac7b577adb331b2577bf7529ee68566f3524b658b11984264205a4b03714a9417d2f8966274436816e3742b37bf7f7e9d50eb10be6b7a4e9ffe01b8fc53f1dc1f155351573b9bfc92415584b5867361a5e93696a9de65ac16c2526bb7718cb1515b3630a077f2b9b78ce727ff94c60fb31e7981c7a386af586aac55225aa10f22e31f034de09cb54440085c38bd05d9ac5f7804b172700342b3e8cb6b7aca56ebcea2eb0daff066d9f7114dbb1f4312a877fd90b898de8de5b94271e535b179204821b92c76ec5e44e4f54f9f0fc0879baeeb0549ceb2c29be8652621551de1e1cf0f2c95f54743ed4035e1ce0ec9e8db879a74f958d41638570029e0d815369f39c5336f9a0900ce11b223f57602a08128c02a465e921f390cef45b4ef7efec93eea90849bc322cfa959543ff06754c80dce0a1b1ea68e689841ec693088eea042c4f22734fef205f5cc7dda1cecc30aba0e202386d49412aab930ec11c2e20e07c2244b7c46568ee041de4573bca145c753512dab58e5b004e6ec536ca61905f764f8dc2a5b7adb391e4dd1210330c14e14b60d978a14a177c45a49d9d42f15004df86f5fb4516c6a570458bfc24a6c06f5a4b44dbc572d02c395cb8e539d83b47b0a65ed79227c78984337b060014ae2ef34137290aef1198e8baad1ace0c61a6486ca7f5ed", 0xdfd}], 0x5, 0x0, 0x0, 0x200040d1}, 0x64048004)
lseek(r1, 0x4, 0x1)
sendto$inet(r0, 0x0, 0x0, 0x8940, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x4c8d0, 0x0, 0x0)

340.639134ms ago: executing program 0 (id=479):
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000150001030000000000000000"], 0x14}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000680)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000540)=[{0x4, 0x2, 0x0, 0x1}, {0x3, 0x5, 0x10}, {0x0, 0x1, 0xd, 0x9}, {0x4, 0x3, 0xb, 0xb}, {0x3, 0x3, 0x9, 0x2}], 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x804)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0xe, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x4, 0x0, @void, @value, @void, @value}, 0x50)
r3 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
connect$pppl2tp(r3, &(0x7f0000002080)=@pppol2tpin6={0x27, 0x1, {0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x32)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x9)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@uuid_off}]})
r4 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r4, &(0x7f0000000000)='./file1\x00', 0xc000, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(r4, &(0x7f0000000100)='./file1\x00', r4, &(0x7f0000000240)='./file0\x00', 0x0)
unlink(&(0x7f0000000280)='./file1\x00')
link(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='./file1\x00')

263.28643ms ago: executing program 2 (id=480):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x24, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0x8, 0x1, 0x0, 0x0, @fd=r0}, @typed={0x8, 0xfa, 0x0, 0x0, @fd=r0}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000040), r0)
openat$sndseq(0xffffff9c, &(0x7f0000000380), 0x40000)
sendmsg$FOU_CMD_DEL(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x4c, r1, 0x20, 0x70bd28, 0x25dfdbfd, {}, [@FOU_ATTR_PORT={0x6, 0x1, 0x4e23}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @dev={0xac, 0x14, 0x14, 0x15}}, @FOU_ATTR_PEER_V6={0x14, 0x9, @ipv4={'\x00', '\xff\xff', @empty}}, @FOU_ATTR_REMCSUM_NOPARTIAL, @FOU_ATTR_TYPE={0xff95, 0x4, 0x2}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8800}, 0x0)
syz_genetlink_get_family_id$fou(&(0x7f0000000240), r0)
r2 = openat2(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x80, 0x92, 0x1}, 0x18)
ioctl$VT_DISALLOCATE(r2, 0x5608)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000080000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r3}, 0x10)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x3)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, 0xffffffffffffffff, 0x0)
getsockname$packet(r2, 0x0, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
memfd_create(&(0x7f0000000740)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c\xfa\xb4q\xbb\x7fN\xd1\r%;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\x12?\xc7zL\x01\r-\x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c<L\xaa\x87A\xcdN#\xfb\xb0\xf2\x1e\x0e#J\xd0hB<\xc0\x82A0)p\xe7&J\x82\x83\x83\xd14\x01\xcf\x1b\xa9\x1d\x1ef\x0f\x86(1\xd6l\xd2\x8f\xb0\xad\t\x15\xdb|\x87\xf1\xc4\xb8\xb2\x9a\xd2A\x80\xbf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd6\x80\x00\x00\x00\x00\x00\x00\x00\x88&}\xd1\x00\x00\x00\xe6\xaf\t\x9f\x96\rN\xc9\x90\xbe\xed\x1ad\x14\xe7\x84\t\'\x8b\x00\xdd\xc9\x0f\x14v\xb6\x04\xf2U\xb4\xf6\xbe\xddT\xcb\x00\x00\x00\x00\x00\x00\xe9\x00\x00\x00\x00\x00\x00o:}\xa7jmH\xedn\x11\xfe\xe2\x0fT\x00\x94\xbc\xc6\x7f\x93eE1xp\xa3\xdc\xd7K9J<\xeb\xd2!\xf4\x19\xbd#\xb8\x83\x858\n\xf8\x12Z\x1a\x12\xfa\xcc\x04\r\xf3\xf4;\v\x15b^\xea\xa2\x04 \xe8\x99\xb3\x97\x9e\r\xb0\x05\xbb(f\xd0\x85\xc5\x15\xae#\x12Q\xacF\xfb\xc8\xbd\xcc\xbe\xb6\xa7w\x9d\xf1\xe5V\x8f\x9b\x00\x03\xc8}\x11\xbc\x01\x8fi\xf5\x7f\xaf\x11\xfb\x16\x95\xdfc\xc9\x8a/&\x81w\xdf]ao\\\x88\xf7\xce\xbd\xb0\xa6J~\x8d\xf1\xe9\x1c\xcfo\xb3\xdc\x04Y\x8e\r\xf5\xa0\xeft\x06G0\xe3D\xd6\xa3L\xedN\x0e\xdc@7\xd8^\xae\xea\x92\xbe\x9c\xf9~c\xc1|\xca\x8d\x93R\xe5\xceU\xa5\x0f\xbf\xd8l\x96`\x0f\x00e\x8aR{\x17Y\x15m>\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca', 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000140)={0x11, 0x1, 0x0, "8eb8a828e93b07f1dd06da7a41bfeac48048beb159fbba176fb1de26098c68d9"})
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe05000000000000000000009500000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r4}, 0x18)
sched_setaffinity(0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21}, &(0x7f0000bbdffc))

149.157701ms ago: executing program 1 (id=481):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="160000000000000004000000ffff000000000000", @ANYRES32=0x1, @ANYBLOB="100000000000000000000000e76bed6200000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) (async)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000500)={0x1b, 0x0, 0x0, 0x101, 0x0, 0x1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x4, 0x0, @void, @value, @void, @value}, 0x50)
mknod$loop(&(0x7f00000017c0)='./file0\x00', 0x8, 0x1)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x18, 0x1401, 0x1d, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}}, 0x0) (async)
socket$phonet_pipe(0x23, 0x5, 0x2)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) (async)
r2 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, &(0x7f0000000180)) (async)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x3ff, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x1}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r3 = getpid()
r4 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r4, 0xc04064aa, &(0x7f0000000400)={0x0, 0x0}) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r5, 0x28, 0x0, 0x0, 0x0)
r6 = syz_io_uring_setup(0x77c5, &(0x7f0000000080)={0x0, 0x2000, 0x800, 0x2, 0x3d8}, 0x0, &(0x7f0000002540))
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r6, 0xc, 0x0, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) (async)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) (async)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r7 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r7, &(0x7f00000001c0)={0xa, 0x1, 0x6, @mcast1}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8)

79.358332ms ago: executing program 1 (id=482):
syz_emit_ethernet(0x62, &(0x7f00000002c0)={@broadcast, @random="05009211d49c", @void, {@ipv4={0x800, @icmp={{0x13, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x88, 0x0, @private=0xa010101, @broadcast, {[@cipso={0x86, 0x35, 0x3, [{0x7, 0xb, "ba81760deb948765f0"}, {0x5, 0x3, "fa"}, {0x7, 0xd, "98d3b04cf09ab9eb48aa77"}, {0x7, 0xb, "45ec966b5d7069edc4"}, {0x5, 0x3, '$'}, {0x5, 0x6, "29f76aca"}]}, @end]}}, @address_request={0x11, 0x0, 0x0, 0x7e}}}}}, 0x0)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000340)=<r0=>0x0)
quotactl$Q_GETQUOTA(0xffffffff80000702, &(0x7f0000000240)=@nbd={'/dev/nbd', 0x0}, r0, &(0x7f00000004c0))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b40)={0x18, 0x10, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYBLOB="da2261875f58323cf5704ca92bdcc7e39a892ad9ce2e9482b397d74faa777043c79850203e844203a9e2442046"], &(0x7f0000000080)='syzkaller\x00', 0x8, 0xac, &(0x7f0000000140)=""/172, 0x41000, 0x48, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
socket$packet(0x11, 0x3, 0x300)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000740)=0x2)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}, 0x1, 0x0, 0x0, 0x48000}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r5, &(0x7f0000000280)={0x10, 0x0, 0x1, 0x2ffffffff}, 0xc)
r6 = socket$inet(0x2, 0x2, 0x1)
bind$inet(r6, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10)
sendmsg$inet(r6, &(0x7f0000000600)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb58", 0x6}], 0x2}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x13f}}, 0x20)
socket$inet6_sctp(0xa, 0x1, 0x84)

0s ago: executing program 3 (id=483):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x3, 0x16, &(0x7f0000000600)=ANY=[@ANYRES32, @ANYRES32], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r2 = creat(&(0x7f0000000280)='./file0\x00', 0x0)
close(r2) (async)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x141000)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffe7a, r4, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r2, 0xc01864b0, &(0x7f00000000c0)={r4, r5}) (async)
close(r2) (async)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000c932695adeb583b0319cd4279755bb6852f611678aa8d4d33a2c8cd4ea0c8f18b628be932ad7d532"], 0x48) (async)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='suspend_resume\x00', r1}, 0x18)
r7 = dup(r6) (async)
r8 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$bt_hci(r8, &(0x7f0000000000)={0x27}, 0x62) (async)
recvmmsg(r8, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) (async)
fcntl$setpipe(r7, 0x407, 0x4080008) (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='task\x00')
getdents(r9, &(0x7f0000000000)=""/24, 0x18)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) (async)
syz_emit_vhci(0x0, 0xd) (async)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) (async)
mount(&(0x7f0000000180)=@nullb, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)='qnx6\x00', 0x8003, 0x0) (async)
rseq(&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x0, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket(0x10, 0x3, 0x0) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
openat$vimc0(0xffffff9c, &(0x7f0000000140), 0x2, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:29145' (ED25519) to the list of known hosts.
[   32.200965][ T5852] cgroup: Unknown subsys name 'net'
[   32.368839][ T5852] cgroup: Unknown subsys name 'cpuset'
[   32.371936][ T5852] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   33.193988][ T5852] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   35.713294][ T5933] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   35.717491][ T5935] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   35.720078][ T5939] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   35.722891][ T5939] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   35.725548][ T5939] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   35.727907][ T5939] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   35.729091][ T5941] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   35.730125][ T5939] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   35.733082][ T5941] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   35.734434][ T5939] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   35.736574][ T5941] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   35.738353][ T5939] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   35.740419][ T5941] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   35.743486][ T5943] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   35.746475][ T5941] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   35.746534][ T5943] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   35.751376][ T5943] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   35.753556][ T5941] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   35.753607][ T5943] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   35.755645][ T5941] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   35.758445][ T5945] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   35.759826][ T5941] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   35.762919][ T5943] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   35.765958][ T5941] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   35.910514][ T5936] chnl_net:caif_netlink_parms(): no params data found
[   35.947447][ T5930] chnl_net:caif_netlink_parms(): no params data found
[   35.988775][ T5936] bridge0: port 1(bridge_slave_0) entered blocking state
[   35.991392][ T5936] bridge0: port 1(bridge_slave_0) entered disabled state
[   35.993629][ T5936] bridge_slave_0: entered allmulticast mode
[   35.995819][ T5936] bridge_slave_0: entered promiscuous mode
[   35.999260][ T5942] chnl_net:caif_netlink_parms(): no params data found
[   36.017056][ T5936] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.019141][ T5936] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.021308][ T5936] bridge_slave_1: entered allmulticast mode
[   36.023375][ T5936] bridge_slave_1: entered promiscuous mode
[   36.035235][ T5931] chnl_net:caif_netlink_parms(): no params data found
[   36.071769][ T5936] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   36.103598][ T5936] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   36.112284][ T5930] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.114367][ T5930] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.116462][ T5930] bridge_slave_0: entered allmulticast mode
[   36.118555][ T5930] bridge_slave_0: entered promiscuous mode
[   36.168856][ T5930] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.171482][ T5930] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.173546][ T5930] bridge_slave_1: entered allmulticast mode
[   36.175671][ T5930] bridge_slave_1: entered promiscuous mode
[   36.187698][ T5936] team0: Port device team_slave_0 added
[   36.190368][ T5931] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.192450][ T5931] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.194553][ T5931] bridge_slave_0: entered allmulticast mode
[   36.196801][ T5931] bridge_slave_0: entered promiscuous mode
[   36.199149][ T5942] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.201320][ T5942] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.203479][ T5942] bridge_slave_0: entered allmulticast mode
[   36.205726][ T5942] bridge_slave_0: entered promiscuous mode
[   36.208846][ T5942] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.210990][ T5942] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.213138][ T5942] bridge_slave_1: entered allmulticast mode
[   36.215354][ T5942] bridge_slave_1: entered promiscuous mode
[   36.237585][ T5936] team0: Port device team_slave_1 added
[   36.239179][ T5931] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.241022][ T5931] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.242854][ T5931] bridge_slave_1: entered allmulticast mode
[   36.244792][ T5931] bridge_slave_1: entered promiscuous mode
[   36.277930][ T5930] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   36.295962][ T5931] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   36.301266][ T5942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   36.305693][ T5930] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   36.318225][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_0
[   36.321083][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.331538][ T5936] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   36.338647][ T5931] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   36.342780][ T5942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   36.363533][ T5930] team0: Port device team_slave_0 added
[   36.366623][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_1
[   36.369440][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.379765][ T5936] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   36.401004][ T5930] team0: Port device team_slave_1 added
[   36.429032][ T5942] team0: Port device team_slave_0 added
[   36.440130][ T5931] team0: Port device team_slave_0 added
[   36.442682][ T5942] team0: Port device team_slave_1 added
[   36.453348][ T5930] batman_adv: batadv0: Adding interface: batadv_slave_0
[   36.455654][ T5930] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.463250][ T5930] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   36.467458][ T5930] batman_adv: batadv0: Adding interface: batadv_slave_1
[   36.469525][ T5930] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.477085][ T5930] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   36.481683][ T5931] team0: Port device team_slave_1 added
[   36.500575][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_0
[   36.502651][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.510008][ T5942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   36.515101][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_1
[   36.517173][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.524395][ T5942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   36.543673][ T5936] hsr_slave_0: entered promiscuous mode
[   36.545829][ T5936] hsr_slave_1: entered promiscuous mode
[   36.561969][ T5931] batman_adv: batadv0: Adding interface: batadv_slave_0
[   36.563980][ T5931] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.571425][ T5931] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   36.575185][ T5931] batman_adv: batadv0: Adding interface: batadv_slave_1
[   36.577766][ T5931] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.584967][ T5931] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   36.624142][ T5942] hsr_slave_0: entered promiscuous mode
[   36.626254][ T5942] hsr_slave_1: entered promiscuous mode
[   36.628326][ T5942] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   36.630601][ T5942] Cannot create hsr debugfs directory
[   36.640684][ T5930] hsr_slave_0: entered promiscuous mode
[   36.642771][ T5930] hsr_slave_1: entered promiscuous mode
[   36.644684][ T5930] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   36.647060][ T5930] Cannot create hsr debugfs directory
[   36.694835][ T5931] hsr_slave_0: entered promiscuous mode
[   36.697077][ T5931] hsr_slave_1: entered promiscuous mode
[   36.699082][ T5931] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   36.701325][ T5931] Cannot create hsr debugfs directory
[   36.835346][ T5942] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   36.839722][ T5942] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   36.845654][ T5942] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   36.851066][ T5942] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   36.861246][ T5930] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   36.864713][ T5930] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   36.867836][ T5930] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   36.876811][ T5930] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   36.890147][ T5942] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.892323][ T5942] bridge0: port 2(bridge_slave_1) entered forwarding state
[   36.894680][ T5942] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.896781][ T5942] bridge0: port 1(bridge_slave_0) entered forwarding state
[   36.902913][ T5936] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   36.907215][ T5936] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   36.910299][ T5936] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   36.926624][   T77] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.929968][   T77] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.945817][ T5936] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   36.959669][ T5931] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   36.964012][ T5931] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   36.970716][ T5931] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   36.980970][ T5931] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   37.020809][ T5930] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.024679][ T5942] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.044476][ T5930] 8021q: adding VLAN 0 to HW filter on device team0
[   37.049404][   T77] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.051493][   T77] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.061970][   T77] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.064058][   T77] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.067352][ T5942] 8021q: adding VLAN 0 to HW filter on device team0
[   37.076848][ T1134] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.079185][ T1134] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.084196][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.086311][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.090710][ T5936] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.094411][ T5931] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.112038][ T5931] 8021q: adding VLAN 0 to HW filter on device team0
[   37.118357][ T5936] 8021q: adding VLAN 0 to HW filter on device team0
[   37.127852][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.130702][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.135501][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.137757][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.140650][ T1143] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.142679][ T1143] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.161863][ T1134] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.163958][ T1134] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.231238][ T5942] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.254303][ T5942] veth0_vlan: entered promiscuous mode
[   37.261021][ T5942] veth1_vlan: entered promiscuous mode
[   37.264232][ T5936] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.269111][ T5930] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.295130][ T5936] veth0_vlan: entered promiscuous mode
[   37.299786][ T5942] veth0_macvtap: entered promiscuous mode
[   37.304640][ T5931] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.308863][ T5936] veth1_vlan: entered promiscuous mode
[   37.311387][ T5942] veth1_macvtap: entered promiscuous mode
[   37.326065][ T5931] veth0_vlan: entered promiscuous mode
[   37.333211][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_0
[   37.336754][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_1
[   37.344821][ T5930] veth0_vlan: entered promiscuous mode
[   37.352404][ T5936] veth0_macvtap: entered promiscuous mode
[   37.355996][ T5942] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   37.359405][ T5942] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   37.362102][ T5942] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   37.364582][ T5942] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   37.368655][ T5930] veth1_vlan: entered promiscuous mode
[   37.372273][ T5931] veth1_vlan: entered promiscuous mode
[   37.380808][ T5936] veth1_macvtap: entered promiscuous mode
[   37.396445][ T5936] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   37.399796][ T5936] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   37.403105][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_0
[   37.410413][ T5936] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   37.413586][ T5936] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   37.417096][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_1
[   37.419911][ T5930] veth0_macvtap: entered promiscuous mode
[   37.429612][ T5936] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   37.432279][ T5936] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   37.434636][ T5936] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   37.438025][ T5936] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   37.442980][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   37.444042][ T5930] veth1_macvtap: entered promiscuous mode
[   37.445470][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   37.454826][ T5931] veth0_macvtap: entered promiscuous mode
[   37.464168][ T5931] veth1_macvtap: entered promiscuous mode
[   37.472142][   T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   37.474474][   T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   37.478934][ T5930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   37.481927][ T5930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   37.484683][ T5930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   37.487775][ T5930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   37.491192][ T5930] batman_adv: batadv0: Interface activated: batadv_slave_0
[   37.494158][ T5931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   37.497394][ T5931] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   37.500144][ T5931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   37.503080][ T5931] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   37.505838][ T5931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   37.508889][ T5931] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   37.512535][ T5931] batman_adv: batadv0: Interface activated: batadv_slave_0
[   37.517878][ T5930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   37.520833][ T5930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   37.523582][ T5930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   37.526697][ T5930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   37.529951][ T5930] batman_adv: batadv0: Interface activated: batadv_slave_1
[   37.532501][ T5931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   37.535591][ T5931] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   37.538549][ T5931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   37.541554][ T5931] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   37.544349][ T5931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   37.547612][ T5931] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   37.550937][ T5931] batman_adv: batadv0: Interface activated: batadv_slave_1
[   37.558310][ T5930] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   37.559204][ T5942] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   37.560823][ T5930] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   37.567925][ T5930] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   37.570431][ T5930] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   37.575568][ T5931] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   37.578363][ T5931] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   37.580851][ T5931] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   37.583352][ T5931] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   37.593807][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   37.596070][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   37.612141][ T1134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   37.615226][ T1134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   37.648261][   T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   37.650556][   T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   37.659051][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   37.661347][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   37.671812][ T1134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   37.674058][ T1134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   37.682118][ T1134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   37.684581][ T1134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   37.797636][ T5301] Bluetooth: hci0: command tx timeout
[   37.797872][ T5935] Bluetooth: hci3: command tx timeout
[   37.799506][ T5301] Bluetooth: hci2: command tx timeout
[   37.801465][ T5935] Bluetooth: hci1: command tx timeout
[   38.157490][ T6005] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   38.159878][ T6005] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   38.166129][ T6005] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   38.177070][ T6005] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   38.178991][ T6005] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   38.182820][ T6005] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   38.189849][ T6005] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   38.192464][ T6005] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   38.195442][ T6005] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   38.205276][ T6005] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   38.207893][ T6005] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   38.213097][ T6005] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   38.606752][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   39.314975][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   39.622351][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   39.827047][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   39.858510][ T6045] A link change request failed with some changes committed already. Interface macvlan0 may have been left with an inconsistent configuration, please check.
[   39.970056][ T6048] netlink: 112 bytes leftover after parsing attributes in process `syz.2.14'.
[   40.134114][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   40.196946][ T5301] Bluetooth: hci0: command 0x040f tx timeout
[   40.196971][ T5935] Bluetooth: hci1: command 0x040f tx timeout
[   40.201051][ T5946] Bluetooth: hci2: command 0x040f tx timeout
[   40.236520][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   40.276365][ T5946] Bluetooth: hci3: command 0x040f tx timeout
[   40.338924][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   40.338994][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   40.343625][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   40.345999][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   40.840529][ T6068] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[   40.900394][ T6069] sch_tbf: burst 2304 is lower than device lo mtu (65550) !
[   41.264663][ T6074] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[   41.267599][ T6074] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[   42.276760][ T5946] Bluetooth: hci2: command 0x040f tx timeout
[   42.276777][ T5935] Bluetooth: hci0: command 0x040f tx timeout
[   42.278393][ T5946] Bluetooth: hci1: command 0x040f tx timeout
[   42.366355][ T5301] Bluetooth: hci3: command 0x040f tx timeout
[   42.554412][ T6090] 9pnet_fd: Insufficient options for proto=fd
[   42.578325][ T6090] lo speed is unknown, defaulting to 1000
[   42.580087][ T6090] lo speed is unknown, defaulting to 1000
[   42.583231][ T6090] lo speed is unknown, defaulting to 1000
[   42.586822][ T6090] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   42.591158][ T6090] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   42.592636][   T39] audit: type=1326 audit(1735115754.793:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6092 comm="syz.3.25" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x0
[   42.601832][ T6090] lo speed is unknown, defaulting to 1000
[   42.605885][ T6090] lo speed is unknown, defaulting to 1000
[   42.608683][ T6090] lo speed is unknown, defaulting to 1000
[   42.610698][ T6090] lo speed is unknown, defaulting to 1000
[   43.125173][ T6108] netlink: 12 bytes leftover after parsing attributes in process `syz.2.28'.
[   43.410723][ T6112] process 'syz.0.27' launched './file0' with NULL argv: empty string added
[   43.634192][ T6128] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[   44.114351][ T6135] netfs: Couldn't get user pages (rc=-14)
[   44.356491][ T5935] Bluetooth: hci2: command 0x040f tx timeout
[   44.356534][   T66] Bluetooth: hci1: command 0x040f tx timeout
[   44.356836][ T5946] Bluetooth: hci0: command 0x040f tx timeout
[   44.436352][   T66] Bluetooth: hci3: command 0x040f tx timeout
[   46.436987][   T66] Bluetooth: hci1: command 0x040f tx timeout
[   46.447077][   T66] Bluetooth: hci2: command 0x040f tx timeout
[   46.448828][   T66] Bluetooth: hci0: command 0x040f tx timeout
[   46.516343][ T5301] Bluetooth: hci3: command 0x040f tx timeout
[   48.516381][   T66] Bluetooth: hci2: command 0x040f tx timeout
[   48.516401][ T5935] Bluetooth: hci1: command 0x040f tx timeout
[   48.518153][ T5301] Bluetooth: hci0: command 0x040f tx timeout
[   48.596387][ T5301] Bluetooth: hci3: command 0x040f tx timeout
[   50.679028][ T5301] Bluetooth: hci3: command 0x040f tx timeout
[   52.776881][ T6130] sch_tbf: burst 2304 is lower than device lo mtu (65550) !
[   52.824411][ T6137] lo speed is unknown, defaulting to 1000
[   52.942374][ T6163] netlink: 12 bytes leftover after parsing attributes in process `syz.0.38'.
[   54.035262][ T6182] lo speed is unknown, defaulting to 1000
[   54.752082][ T6207] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[   55.025554][ T6208] sch_tbf: burst 2304 is lower than device lo mtu (65550) !
[   55.664702][ T6231] IPVS: set_ctl: invalid protocol: 33 100.1.1.2:20003
[   56.235540][ T6240] binder: 6239:6240 unknown command 25366
[   56.237340][ T6240] binder: 6239:6240 ioctl c0306201 20000040 returned -22
[   56.374614][ T6246] capability: warning: `syz.3.63' uses deprecated v2 capabilities in a way that may be insecure
[   56.948607][ T6253] binder: 6251:6253 ioctl c0306201 20000400 returned -14
[   57.741059][ T6289] lo speed is unknown, defaulting to 1000
[   58.022393][ T6298] netlink: 4 bytes leftover after parsing attributes in process `syz.3.79'.
[   58.741615][ T6320] sch_tbf: burst 2304 is lower than device lo mtu (65550) !
[   58.896034][ T6322] netlink: 'syz.2.89': attribute type 10 has an invalid length.
[   58.900260][ T6322] veth0_macvtap: left promiscuous mode
[   58.922002][ T6322] batman_adv: batadv0: Adding interface: macvtap0
[   58.923838][ T6322] batman_adv: batadv0: The MTU of interface macvtap0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.932649][ T6322] batman_adv: batadv0: Not using interface macvtap0 (retrying later): interface not active
[   59.513613][ T6347] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[   59.573253][ T6348] sch_tbf: burst 2304 is lower than device lo mtu (65550) !
[   59.909072][ T6353] lo speed is unknown, defaulting to 1000
[   59.951343][ T6358] loop7: detected capacity change from 0 to 16384
[   60.146547][ T6366] loop7: detected capacity change from 16384 to 16383
[   61.692334][ T6398] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[   62.456395][  T833] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   62.619655][  T833] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   62.623055][  T833] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   62.626012][  T833] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   62.628906][  T833] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   62.634465][ T6409] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   62.640154][  T833] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[   62.874900][ T6409] syz.3.115 uses obsolete (PF_INET,SOCK_PACKET)
[   62.885652][  T833] usb 8-1: USB disconnect, device number 2
[   63.255234][ T6424] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   63.411686][   T39] audit: type=1326 audit(1735115775.603:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6429 comm="syz.0.121" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7fc00000
[   63.419378][   T39] audit: type=1326 audit(1735115775.613:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6429 comm="syz.0.121" exe="/syz-executor" sig=0 arch=40000003 syscall=55 compat=1 ip=0xf710e579 code=0x7fc00000
[   64.047878][ T6445] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[   64.181964][   T39] audit: type=1326 audit(1735115776.383:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6429 comm="syz.0.121" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7fc00000
[   65.250870][ T6481] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[   65.592173][ T6485] input: syz0 as /devices/virtual/input/input5
[   67.088740][ T6520] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[   67.463977][ T6539] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   67.720291][ T6535] netlink: 'syz.2.152': attribute type 10 has an invalid length.
[   67.727012][ T6535] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.729628][ T6535] team0: Port device bond0 added
[   68.577196][ T6544] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   68.579827][ T6544] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   68.582495][ T6544] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   68.585129][ T6544] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   68.822642][ T6571] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[   68.825237][ T6571] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[   68.827974][ T6571] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[   68.856155][ T6571] netlink: 4 bytes leftover after parsing attributes in process `syz.0.163'.
[   69.806444][ T5935] Bluetooth: hci0: command 0x040f tx timeout
[   69.949278][ T6599] input: syz0 as /devices/virtual/input/input6
[   70.596394][ T5935] Bluetooth: hci3: command 0x040f tx timeout
[   70.596530][ T5301] Bluetooth: hci2: command 0x040f tx timeout
[   70.596555][   T66] Bluetooth: hci1: command 0x040f tx timeout
[   70.617206][ T6611] lo speed is unknown, defaulting to 1000
[   70.762153][ T6611] veth0_vlan: left promiscuous mode
[   70.765050][ T6611] veth0_vlan: entered promiscuous mode
[   70.769139][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[   70.771809][ T1413] ieee802154 phy1 wpan1: encryption failed: -22
[   71.323715][ T6645] netlink: 8 bytes leftover after parsing attributes in process `syz.3.184'.
[   71.338514][ T6646] netlink: 8 bytes leftover after parsing attributes in process `syz.3.184'.
[   71.844584][ T6654] netlink: 'syz.0.186': attribute type 11 has an invalid length.
[   72.309481][ T6691] netlink: 'syz.2.199': attribute type 1 has an invalid length.
[   72.334268][ T6691] 8021q: adding VLAN 0 to HW filter on device bond1
[   72.342338][ T6691] 8021q: adding VLAN 0 to HW filter on device batadv1
[   72.345227][ T6691] bond1: (slave batadv1): making interface the new active one
[   72.348799][ T6691] bond1: (slave batadv1): Enslaving as an active interface with an up link
[   72.375323][ T6691] bond1: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[   72.831202][ T6708] overlayfs: upper fs does not support RENAME_WHITEOUT.
[   72.834268][ T6708] overlayfs: failed to set xattr on upper
[   72.836138][ T6708] overlayfs: ...falling back to redirect_dir=nofollow.
[   72.839040][ T6708] overlayfs: ...falling back to index=off.
[   72.841043][ T6708] overlayfs: conflicting lowerdir path
[   73.773155][   T39] audit: type=1326 audit(1735115785.973:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6736 comm="syz.2.212" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fa2579 code=0x0
[   74.160810][ T6753] netlink: 12 bytes leftover after parsing attributes in process `syz.1.213'.
[   74.196884][ T6753] lo speed is unknown, defaulting to 1000
[   74.922774][ T6766] syz.2.216: attempt to access beyond end of device
[   74.922774][ T6766] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0
[   74.928384][ T6766] XFS (nbd2): SB validate failed with error -5.
[   75.896901][    T8] cfg80211: failed to load regulatory.db
[   76.430509][ T6808] netlink: 12 bytes leftover after parsing attributes in process `syz.0.226'.
[   76.466348][ T6808] lo speed is unknown, defaulting to 1000
[   76.575328][ T6809] syzkaller0: entered promiscuous mode
[   76.583907][ T6809] syzkaller0: entered allmulticast mode
[   76.922658][ T5935] Bluetooth: hci2: command 0x040f tx timeout
[   77.055745][ T6818] syz.1.229: attempt to access beyond end of device
[   77.055745][ T6818] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0
[   77.059760][ T6818] XFS (nbd1): SB validate failed with error -5.
[   77.246404][ T5935] Bluetooth: hci3: command 0x040f tx timeout
[   77.797897][ T6834] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   77.963884][ T6849] xt_AUDIT: Audit type out of range (valid range: 0..2)
[   78.109381][ T6856] FAULT_INJECTION: forcing a failure.
[   78.109381][ T6856] name failslab, interval 1, probability 0, space 0, times 1
[   78.113542][ T6856] CPU: 0 UID: 0 PID: 6856 Comm: syz.3.241 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0
[   78.116461][ T6856] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   78.119534][ T6856] Call Trace:
[   78.120530][ T6856]  <TASK>
[   78.121434][ T6856]  dump_stack_lvl+0x16c/0x1f0
[   78.122858][ T6856]  should_fail_ex+0x497/0x5b0
[   78.124259][ T6856]  ? trace_lock_acquire+0x14e/0x1f0
[   78.125876][ T6856]  should_failslab+0xc2/0x120
[   78.127271][ T6856]  kmem_cache_alloc_noprof+0x6e/0x3b0
[   78.129212][ T6856]  ? __nf_conntrack_alloc+0xd1/0x5e0
[   78.130761][ T6856]  __nf_conntrack_alloc+0xd1/0x5e0
[   78.132218][ T6856]  init_conntrack.constprop.0+0xd3e/0x1080
[   78.133915][ T6856]  ? __pfx_init_conntrack.constprop.0+0x10/0x10
[   78.135727][ T6856]  ? __local_bh_enable_ip+0xa4/0x120
[   78.137240][ T6856]  ? lockdep_hardirqs_on+0x7c/0x110
[   78.138761][ T6856]  nf_conntrack_in+0xafb/0x1850
[   78.140103][ T6856]  ? __pfx_nf_conntrack_in+0x10/0x10
[   78.141574][ T6856]  ? __pfx_ipt_do_table+0x10/0x10
[   78.143016][ T6856]  ? rcu_is_watching+0x12/0xc0
[   78.144440][ T6856]  ? __pfx_ipv4_conntrack_local+0x10/0x10
[   78.146168][ T6856]  ipv4_conntrack_local+0x160/0x250
[   78.147693][ T6856]  nf_hook_slow+0xbb/0x200
[   78.149020][ T6856]  nf_hook+0x386/0x6d0
[   78.150245][ T6856]  ? __pfx_dst_output+0x10/0x10
[   78.151652][ T6856]  ? __pfx_nf_hook+0x10/0x10
[   78.152994][ T6856]  ? __pfx_dst_output+0x10/0x10
[   78.154417][ T6856]  ? do_csum+0x26f/0x2d0
[   78.155704][ T6856]  __ip_local_out+0x339/0x640
[   78.157119][ T6856]  ? __pfx_dst_output+0x10/0x10
[   78.158574][ T6856]  ip_send_skb+0x4a/0x560
[   78.159869][ T6856]  udp_send_skb+0x6f1/0x1510
[   78.161319][ T6856]  udp_sendmsg+0x12e7/0x29b0
[   78.162737][ T6856]  ? __pfx_ip_generic_getfrag+0x10/0x10
[   78.164315][ T6856]  ? __pfx_udp_sendmsg+0x10/0x10
[   78.166099][ T6856]  ? __pfx___lock_acquire+0x10/0x10
[   78.168081][ T6856]  ? __pfx___might_resched+0x10/0x10
[   78.170052][ T6856]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   78.172270][ T6856]  ? aa_sk_perm+0x2f5/0xb20
[   78.173734][ T6856]  ? __fget_files+0x206/0x3a0
[   78.175049][ T6856]  ? __pfx_udp_sendmsg+0x10/0x10
[   78.176460][ T6856]  inet_sendmsg+0x105/0x140
[   78.177783][ T6856]  __sys_sendto+0x42a/0x4f0
[   78.179088][ T6856]  ? __pfx___sys_sendto+0x10/0x10
[   78.180540][ T6856]  ? ksys_write+0x1ba/0x250
[   78.181862][ T6856]  ? __pfx_ksys_write+0x10/0x10
[   78.183282][ T6856]  __ia32_sys_sendto+0xdd/0x1b0
[   78.184666][ T6856]  ? lockdep_hardirqs_on+0x7c/0x110
[   78.186101][ T6856]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[   78.187894][ T6856]  __do_fast_syscall_32+0x73/0x120
[   78.189378][ T6856]  do_fast_syscall_32+0x32/0x80
[   78.190794][ T6856]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   78.192642][ T6856] RIP: 0023:0xf710e579
[   78.193863][ T6856] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   78.199112][ T6856] RSP: 002b:00000000f510055c EFLAGS: 00000296 ORIG_RAX: 0000000000000171
[   78.201505][ T6856] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[   78.203781][ T6856] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   78.206031][ T6856] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   78.208205][ T6856] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   78.210336][ T6856] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   78.212510][ T6856]  </TASK>
[   78.916913][ T5301] Bluetooth: hci1: command 0x040f tx timeout
[   79.174837][ T6903] FAULT_INJECTION: forcing a failure.
[   79.174837][ T6903] name failslab, interval 1, probability 0, space 0, times 0
[   79.178671][ T6903] CPU: 2 UID: 0 PID: 6903 Comm: syz.2.257 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0
[   79.181670][ T6903] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   79.184722][ T6903] Call Trace:
[   79.185700][ T6903]  <TASK>
[   79.186569][ T6903]  dump_stack_lvl+0x16c/0x1f0
[   79.187927][ T6903]  should_fail_ex+0x497/0x5b0
[   79.189295][ T6903]  should_failslab+0xc2/0x120
[   79.190660][ T6903]  kmem_cache_alloc_node_noprof+0x72/0x3b0
[   79.192341][ T6903]  ? find_held_lock+0x2d/0x110
[   79.193749][ T6903]  ? __alloc_skb+0x2b3/0x380
[   79.195120][ T6903]  __alloc_skb+0x2b3/0x380
[   79.196407][ T6903]  ? __pfx___alloc_skb+0x10/0x10
[   79.197850][ T6903]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   79.199474][ T6903]  ? rcu_is_watching+0x12/0xc0
[   79.200890][ T6903]  ? do_raw_spin_lock+0x12d/0x2c0
[   79.202380][ T6903]  skb_copy+0x1c9/0x3a0
[   79.203611][ T6903]  mac80211_hwsim_tx_frame_no_nl.isra.0+0xbab/0x12f0
[   79.205561][ T6903]  ? __pfx_mac80211_hwsim_tx_frame_no_nl.isra.0+0x10/0x10
[   79.207603][ T6903]  ? mac80211_hwsim_monitor_rx+0x1cd/0x880
[   79.209315][ T6903]  mac80211_hwsim_tx+0x7a2/0x2500
[   79.210848][ T6903]  ieee80211_handle_wake_tx_queue+0x18a/0x260
[   79.212610][ T6903]  ? __ieee80211_schedule_txq+0x167/0xc30
[   79.214264][ T6903]  ? __pfx_ieee80211_handle_wake_tx_queue+0x10/0x10
[   79.216145][ T6903]  ? __pfx___ieee80211_schedule_txq+0x10/0x10
[   79.217911][ T6903]  ? __local_bh_enable_ip+0xa4/0x120
[   79.219432][ T6903]  ieee80211_queue_skb+0x12b5/0x2010
[   79.220978][ T6903]  ieee80211_tx+0x2e6/0x420
[   79.222295][ T6903]  ? __pfx_ieee80211_tx+0x10/0x10
[   79.223762][ T6903]  ? rcu_is_watching+0x12/0xc0
[   79.225152][ T6903]  ? ieee80211_skb_resize+0x22a/0x630
[   79.226695][ T6903]  ? ieee80211_set_qos_hdr+0xba/0x3e0
[   79.228244][ T6903]  ieee80211_xmit+0x30e/0x3e0
[   79.229619][ T6903]  __ieee80211_subif_start_xmit+0xa62/0x1410
[   79.231344][ T6903]  ? kasan_addr_to_slab+0x5/0x80
[   79.232775][ T6903]  ? ip_finish_output2+0x1438/0x2130
[   79.234311][ T6903]  ? __pfx___ieee80211_subif_start_xmit+0x10/0x10
[   79.236150][ T6903]  ? __lock_acquire+0x15a9/0x3c40
[   79.237612][ T6903]  ieee80211_subif_start_xmit+0x118/0x16c0
[   79.239289][ T6903]  ? __pfx___lock_acquire+0x10/0x10
[   79.240789][ T6903]  ? skb_network_protocol+0x127/0x6d0
[   79.242344][ T6903]  ? __pfx_ieee80211_subif_start_xmit+0x10/0x10
[   79.244137][ T6903]  ? lock_acquire.part.0+0x11b/0x380
[   79.245670][ T6903]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   79.247274][ T6903]  ? rcu_is_watching+0x12/0xc0
[   79.248662][ T6903]  ? dev_hard_start_xmit+0x9a/0x7b0
[   79.250179][ T6903]  dev_hard_start_xmit+0x9a/0x7b0
[   79.251649][ T6903]  __dev_queue_xmit+0x7f0/0x43e0
[   79.253094][ T6903]  ? __lock_acquire+0x15a9/0x3c40
[   79.254543][ T6903]  ? __pfx___dev_queue_xmit+0x10/0x10
[   79.256090][ T6903]  ? __free_zapped_classes+0x290/0x2f0
[   79.257653][ T6903]  ? __pfx___lock_acquire+0x10/0x10
[   79.259300][ T6903]  ? __nf_conntrack_confirm+0x989/0x1120
[   79.260921][ T6903]  ? __pfx_mark_lock+0x10/0x10
[   79.262326][ T6903]  ? __nf_conntrack_confirm+0xa5/0x1120
[   79.263931][ T6903]  ? find_held_lock+0x2d/0x110
[   79.265316][ T6903]  ? mark_held_locks+0x9f/0xe0
[   79.266704][ T6903]  ip_finish_output2+0x1438/0x2130
[   79.268197][ T6903]  ? __pfx_ip_finish_output2+0x10/0x10
[   79.269780][ T6903]  ? ip_skb_dst_mtu+0x3fc/0xc70
[   79.271219][ T6903]  ? __pfx_ip_skb_dst_mtu+0x10/0x10
[   79.272715][ T6903]  ? __pfx_nf_hook+0x10/0x10
[   79.274071][ T6903]  __ip_finish_output+0x49e/0x950
[   79.275527][ T6903]  ip_finish_output+0x35/0x380
[   79.276910][ T6903]  ip_output+0x13b/0x2a0
[   79.278145][ T6903]  ? __pfx_ip_output+0x10/0x10
[   79.279535][ T6903]  ip_send_skb+0x3e5/0x560
[   79.280852][ T6903]  udp_send_skb+0x6f1/0x1510
[   79.282221][ T6903]  udp_sendmsg+0x12e7/0x29b0
[   79.283581][ T6903]  ? __pfx_ip_generic_getfrag+0x10/0x10
[   79.285193][ T6903]  ? __pfx_udp_sendmsg+0x10/0x10
[   79.286622][ T6903]  ? __pfx___lock_acquire+0x10/0x10
[   79.288125][ T6903]  ? __pfx___might_resched+0x10/0x10
[   79.289655][ T6903]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   79.291370][ T6903]  ? aa_sk_perm+0x2f5/0xb20
[   79.292681][ T6903]  ? __fget_files+0x206/0x3a0
[   79.294047][ T6903]  ? __pfx_udp_sendmsg+0x10/0x10
[   79.295490][ T6903]  inet_sendmsg+0x105/0x140
[   79.296803][ T6903]  __sys_sendto+0x42a/0x4f0
[   79.298131][ T6903]  ? __pfx___sys_sendto+0x10/0x10
[   79.299597][ T6903]  ? ksys_write+0x1ba/0x250
[   79.300969][ T6903]  ? __pfx_ksys_write+0x10/0x10
[   79.302381][ T6903]  __ia32_sys_sendto+0xdd/0x1b0
[   79.303800][ T6903]  ? lockdep_hardirqs_on+0x7c/0x110
[   79.305323][ T6903]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[   79.307126][ T6903]  __do_fast_syscall_32+0x73/0x120
[   79.308608][ T6903]  do_fast_syscall_32+0x32/0x80
[   79.310029][ T6903]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   79.311877][ T6903] RIP: 0023:0xf7fa2579
[   79.313080][ T6903] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   79.318610][ T6903] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000171
[   79.321032][ T6903] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[   79.323314][ T6903] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   79.325615][ T6903] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   79.327892][ T6903] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   79.330179][ T6903] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   79.332452][ T6903]  </TASK>
[   79.457028][   T30] usb 8-1: new low-speed USB device number 3 using dummy_hcd
[   79.613229][   T30] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[   79.616122][   T30] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[   79.625609][   T30] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[   79.628978][   T30] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[   79.632323][   T30] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[   79.642950][   T30] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[   79.646889][   T30] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[   79.649866][   T30] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[   79.652856][   T30] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[   79.656809][   T30] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[   79.662099][   T30] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[   79.665256][   T30] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[   79.668342][   T30] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[   79.672078][   T30] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[   79.676013][   T30] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[   79.684252][   T30] usb 8-1: string descriptor 0 read error: -22
[   79.690003][   T30] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[   79.693109][   T30] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   79.701531][   T30] adutux 8-1:168.0: ADU100  now attached to /dev/usb/adutux0
[   80.427870][ T6945] syz.0.272: attempt to access beyond end of device
[   80.427870][ T6945] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0
[   80.431798][ T6945] XFS (nbd0): SB validate failed with error -5.
[   80.523608][ T6955] bridge5: entered promiscuous mode
[   80.865047][ T6962] ref_tracker: memory allocation failure, unreliable refcount tracker.
[   81.230521][ T6974] netlink: 4 bytes leftover after parsing attributes in process `syz.0.280'.
[   81.612696][ T6979] syz.0.282: attempt to access beyond end of device
[   81.612696][ T6979] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0
[   81.616518][ T6979] XFS (nbd0): SB validate failed with error -5.
[   81.849412][ T6995] overlayfs: failed to resolve './file0': -2
[   81.862681][ T6994] sp0: Synchronizing with TNC
[   82.211956][ T5301] Bluetooth: hci3: command 0x040f tx timeout
[   82.212494][ T6941] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   82.217368][   T25] usb 8-1: USB disconnect, device number 3
[   82.703567][ T7036] FAULT_INJECTION: forcing a failure.
[   82.703567][ T7036] name failslab, interval 1, probability 0, space 0, times 0
[   82.707684][ T7036] CPU: 3 UID: 0 PID: 7036 Comm: syz.2.301 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0
[   82.710616][ T7036] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   82.713680][ T7036] Call Trace:
[   82.714623][ T7036]  <TASK>
[   82.715446][ T7036]  dump_stack_lvl+0x16c/0x1f0
[   82.716783][ T7036]  should_fail_ex+0x497/0x5b0
[   82.718131][ T7036]  should_failslab+0xc2/0x120
[   82.719679][ T7036]  kmem_cache_alloc_noprof+0x6e/0x3b0
[   82.721211][ T7036]  ? trace_lock_acquire+0x14e/0x1f0
[   82.722814][ T7036]  ? skb_clone+0x190/0x3f0
[   82.724136][ T7036]  skb_clone+0x190/0x3f0
[   82.725490][ T7036]  dev_queue_xmit_nit+0x38f/0xbc0
[   82.727371][ T7036]  ? rcu_is_watching+0x12/0xc0
[   82.728745][ T7036]  dev_hard_start_xmit+0x283/0x7b0
[   82.730184][ T7036]  __dev_queue_xmit+0x7f0/0x43e0
[   82.731622][ T7036]  ? __lock_acquire+0x15a9/0x3c40
[   82.733205][ T7036]  ? __pfx___dev_queue_xmit+0x10/0x10
[   82.734720][ T7036]  ? __free_zapped_classes+0x290/0x2f0
[   82.736335][ T7036]  ? __pfx___lock_acquire+0x10/0x10
[   82.737919][ T7036]  ? __pfx_mark_lock+0x10/0x10
[   82.739270][ T7036]  ? nf_ct_deliver_cached_events+0xbe/0x2f0
[   82.741087][ T7036]  ? find_held_lock+0x2d/0x110
[   82.742525][ T7036]  ? mark_held_locks+0x9f/0xe0
[   82.743889][ T7036]  ip_finish_output2+0x1438/0x2130
[   82.745341][ T7036]  ? __pfx_ip_finish_output2+0x10/0x10
[   82.746863][ T7036]  ? ip_skb_dst_mtu+0x3fc/0xc70
[   82.748230][ T7036]  ? __pfx_ip_skb_dst_mtu+0x10/0x10
[   82.749713][ T7036]  ? __pfx_nf_hook+0x10/0x10
[   82.751213][ T7036]  __ip_finish_output+0x49e/0x950
[   82.752936][ T7036]  ip_finish_output+0x35/0x380
[   82.754726][ T7036]  ip_output+0x13b/0x2a0
[   82.756050][ T7036]  ? __pfx_ip_output+0x10/0x10
[   82.757557][ T7036]  ip_send_skb+0x3e5/0x560
[   82.758993][ T7036]  udp_send_skb+0x6f1/0x1510
[   82.760292][ T7036]  udp_sendmsg+0x12e7/0x29b0
[   82.761681][ T7036]  ? __pfx_ip_generic_getfrag+0x10/0x10
[   82.763357][ T7036]  ? __pfx_udp_sendmsg+0x10/0x10
[   82.764853][ T7036]  ? __pfx___lock_acquire+0x10/0x10
[   82.766529][ T7036]  ? __pfx___might_resched+0x10/0x10
[   82.768175][ T7036]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   82.769831][ T7036]  ? aa_sk_perm+0x2f5/0xb20
[   82.771154][ T7036]  ? __fget_files+0x206/0x3a0
[   82.772482][ T7036]  ? __pfx_udp_sendmsg+0x10/0x10
[   82.773898][ T7036]  inet_sendmsg+0x105/0x140
[   82.775172][ T7036]  __sys_sendto+0x42a/0x4f0
[   82.776455][ T7036]  ? __pfx___sys_sendto+0x10/0x10
[   82.777890][ T7036]  ? ksys_write+0x1ba/0x250
[   82.779170][ T7036]  ? __pfx_ksys_write+0x10/0x10
[   82.780562][ T7036]  __ia32_sys_sendto+0xdd/0x1b0
[   82.781937][ T7036]  ? lockdep_hardirqs_on+0x7c/0x110
[   82.783388][ T7036]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[   82.785261][ T7036]  __do_fast_syscall_32+0x73/0x120
[   82.786705][ T7036]  do_fast_syscall_32+0x32/0x80
[   82.788087][ T7036]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   82.789861][ T7036] RIP: 0023:0xf7fa2579
[   82.791010][ T7036] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   82.796303][ T7036] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000171
[   82.798617][ T7036] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[   82.800822][ T7036] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   82.803035][ T7036] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   82.804560][ T7017] binder: 7016:7017 ioctl c018620c 20000100 returned -22
[   82.805243][ T7036] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   82.809489][ T7036] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   82.811668][ T7036]  </TASK>
[   83.290470][ T7059] dvmrp0: entered allmulticast mode
[   83.391742][ T7071] overlayfs: failed to resolve './file0': -2
[   84.134006][ T7101] netlink: 'syz.1.320': attribute type 20 has an invalid length.
[   84.276387][ T5935] Bluetooth: hci3: command 0x040f tx timeout
[   84.383034][ T5301] Bluetooth: hci1: unexpected event for opcode 0x1001
[   84.723793][ T7136] Zero length message leads to an empty skb
[   85.250084][ T7173] vivid-001: disconnect
[   85.261884][ T7174] vivid-001: reconnect
[   85.401876][ T7183] netlink: 60 bytes leftover after parsing attributes in process `syz.0.349'.
[   85.404324][ T7183] netlink: 60 bytes leftover after parsing attributes in process `syz.0.349'.
[   85.931662][ T7201] sch_tbf: burst 2304 is lower than device lo mtu (65550) !
[   86.107330][ T7205] syz.1.357: attempt to access beyond end of device
[   86.107330][ T7205] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0
[   86.111272][ T7205] XFS (nbd1): SB validate failed with error -5.
[   87.135299][ T7246] overlayfs: failed to resolve './file0': -2
[   87.245312][ T7249] syz.1.369: attempt to access beyond end of device
[   87.245312][ T7249] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0
[   87.249178][ T7249] XFS (nbd1): SB validate failed with error -5.
[   87.720381][ T7269] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   87.844207][ T7285] syz.3.378: attempt to access beyond end of device
[   87.844207][ T7285] nbd3: rw=4096, sector=0, nr_sectors = 1 limit=0
[   87.848534][ T7285] XFS (nbd3): SB validate failed with error -5.
[   88.036394][ T5301] Bluetooth: hci1: command 0x040f tx timeout
[   88.240350][ T7300] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   88.242966][ T7300] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   88.245415][ T7300] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   88.247949][ T7300] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   88.251212][ T7300] vxlan0: entered promiscuous mode
[   88.252733][ T7300] vxlan0: entered allmulticast mode
[   88.261247][ T7300] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[   88.264422][ T7300] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[   88.267028][ T7300] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[   88.269561][ T7300] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[   88.419141][ T7311] netlink: 8 bytes leftover after parsing attributes in process `syz.3.387'.
[   88.839073][ T7332] syz.3.389: attempt to access beyond end of device
[   88.839073][ T7332] nbd3: rw=4096, sector=0, nr_sectors = 1 limit=0
[   88.843197][ T7332] XFS (nbd3): SB validate failed with error -5.
[   89.004983][ T7351] lo speed is unknown, defaulting to 1000
[   89.088440][ T7357] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   89.090851][ T7358] netlink: 12 bytes leftover after parsing attributes in process `syz.0.397'.
[   89.095207][ T7358] bridge0: port 3(vlan0) entered blocking state
[   89.097311][ T7358] bridge0: port 3(vlan0) entered disabled state
[   89.099227][ T7358] vlan0: entered allmulticast mode
[   89.101453][ T7358] vlan0: left allmulticast mode
[   89.140555][ T7354] netlink: 20 bytes leftover after parsing attributes in process `syz.3.396'.
[   89.707249][ T7368] syz.3.400(7368): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[   89.876647][ T5301] Bluetooth: hci0: command 0x040f tx timeout
[   89.923112][ T7369] lo speed is unknown, defaulting to 1000
[   89.932539][ T7368] lo speed is unknown, defaulting to 1000
[   90.126347][ T5301] Bluetooth: hci1: command 0x040f tx timeout
[   90.262269][ T7393] netlink: 8 bytes leftover after parsing attributes in process `syz.2.408'.
[   90.605580][  T833] IPVS: starting estimator thread 0...
[   90.716479][ T7401] IPVS: using max 41 ests per chain, 98400 per kthread
[   90.900968][ T7404] xt_TCPMSS: Only works on TCP SYN packets
[   91.177403][ T7412] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[   91.185712][ T7412] batman_adv: batadv0: Adding interface: gretap1
[   91.187636][ T7412] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.194736][ T7412] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active
[   92.060590][ T7417] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   92.063568][ T7417] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   92.065728][ T7417] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   92.068674][ T7417] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   92.123842][  T947] IPVS: starting estimator thread 0...
[   92.206787][ T7434] IPVS: using max 40 ests per chain, 96000 per kthread
[   92.307065][ T7440] syz.0.421: attempt to access beyond end of device
[   92.307065][ T7440] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0
[   92.311062][ T7440] XFS (nbd0): SB validate failed with error -5.
[   92.623145][ T7460] sch_tbf: burst 2304 is lower than device lo mtu (65550) !
[   92.729083][ T7462] netlink: 24 bytes leftover after parsing attributes in process `syz.1.426'.
[   92.767186][ T7462] netlink: 'syz.1.426': attribute type 1 has an invalid length.
[   92.801754][ T7462] netlink: 'syz.1.426': attribute type 2 has an invalid length.
[   92.831023][ T7462] netlink: 24 bytes leftover after parsing attributes in process `syz.1.426'.
[   93.476416][ T5935] Bluetooth: hci0: command 0x040f tx timeout
[   94.127484][ T5935] Bluetooth: hci3: command 0x040f tx timeout
[   94.129418][ T5935] Bluetooth: hci2: command 0x040f tx timeout
[   94.131637][ T5935] Bluetooth: hci1: command 0x040f tx timeout
[   94.143289][ T7492] netlink: 4 bytes leftover after parsing attributes in process `syz.0.437'.
[   94.346463][   T30] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   94.377824][ T7510] ip6t_REJECT: ECHOREPLY is not supported
[   94.452292][ T7515] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[   94.508251][ T7517] sch_tbf: burst 2304 is lower than device lo mtu (65550) !
[   94.512442][   T30] usb 6-1: Using ep0 maxpacket: 8
[   94.552864][   T30] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   94.556427][   T30] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[   94.559144][   T30] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.582683][   T30] usb 6-1: config 0 descriptor??
[   94.804142][   T30] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[   95.504599][ T7537] syz.3.449: attempt to access beyond end of device
[   95.504599][ T7537] nbd3: rw=4096, sector=0, nr_sectors = 1 limit=0
[   95.508414][ T7537] XFS (nbd3): SB validate failed with error -5.
[   96.044715][ T7563] syz.0.455: attempt to access beyond end of device
[   96.044715][ T7563] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0
[   96.048884][ T7563] XFS (nbd0): SB validate failed with error -5.
[   96.143800][ T7570] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[   96.198595][ T5301] Bluetooth: hci3: command 0x040f tx timeout
[   96.204298][ T7576] sch_tbf: burst 2304 is lower than device lo mtu (65550) !
[   96.423520][  T947] usb 6-1: USB disconnect, device number 2
[   97.250468][ T7605] IPVS: set_ctl: invalid protocol: 0 10.1.1.0:20004
[   97.254964][ T7605] tipc: Started in network mode
[   97.256581][ T7605] tipc: Node identity ac1414aa, cluster identity 4711
[   97.259346][ T7605] tipc: Enabled bearer <udp:s>, priority 10
[   97.261961][ T7605] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[   97.556393][ T5301] Bluetooth: hci0: command 0x040f tx timeout
[   97.666658][ T7632] sch_tbf: burst 2304 is lower than device lo mtu (65550) !
[   98.257533][  T833] tipc: Node number set to 2886997162
[   98.286648][ T5301] Bluetooth: hci3: command 0x040f tx timeout
[   98.339140][ T7643] netlink: 'syz.2.480': attribute type 1 has an invalid length.
[   98.751329][ T1134] ==================================================================
[   98.754231][ T1134] BUG: KASAN: slab-use-after-free in drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[   98.757912][ T1134] Read of size 1 at addr ffff888021a8b409 by task kworker/u32:5/1134
[   98.762304][ T1134] 
[   98.763198][ T1134] CPU: 2 UID: 0 PID: 1134 Comm: kworker/u32:5 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0
[   98.767218][ T1134] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   98.771206][ T1134] Workqueue: events_unbound commit_work
[   98.773264][ T1134] Call Trace:
[   98.774501][ T1134]  <TASK>
[   98.775605][ T1134]  dump_stack_lvl+0x116/0x1f0
[   98.777346][ T1134]  print_report+0xc3/0x620
[   98.778997][ T1134]  ? __virt_addr_valid+0x5e/0x590
[   98.780849][ T1134]  ? __phys_addr+0xc6/0x150
[   98.782524][ T1134]  kasan_report+0xd9/0x110
[   98.784179][ T1134]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[   98.786811][ T1134]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[   98.789431][ T1134]  drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[   98.791994][ T1134]  ? preempt_schedule_thunk+0x1a/0x30
[   98.793963][ T1134]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[   98.796711][ T1134]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[   98.798855][ T1134]  ? drm_atomic_helper_commit_hw_done+0x325/0x490
[   98.801181][ T1134]  drm_atomic_helper_commit_tail+0xcb/0xf0
[   98.803319][ T1134]  commit_tail+0x353/0x400
[   98.804979][ T1134]  process_one_work+0x958/0x1b30
[   98.806810][ T1134]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   98.808872][ T1134]  ? __pfx_process_one_work+0x10/0x10
[   98.810859][ T1134]  ? rcu_is_watching+0x12/0xc0
[   98.812641][ T1134]  ? assign_work+0x1a0/0x250
[   98.814454][ T1134]  worker_thread+0x6c8/0xf00
[   98.816135][ T1134]  ? __pfx_worker_thread+0x10/0x10
[   98.818003][ T1134]  kthread+0x2c1/0x3a0
[   98.819502][ T1134]  ? _raw_spin_unlock_irq+0x23/0x50
[   98.821419][ T1134]  ? __pfx_kthread+0x10/0x10
[   98.823205][ T1134]  ret_from_fork+0x45/0x80
[   98.824504][ T1134]  ? __pfx_kthread+0x10/0x10
[   98.825840][ T1134]  ret_from_fork_asm+0x1a/0x30
[   98.827211][ T1134]  </TASK>
[   98.828102][ T1134] 
[   98.828806][ T1134] Allocated by task 7655:
[   98.830033][ T1134]  kasan_save_stack+0x33/0x60
[   98.831410][ T1134]  kasan_save_track+0x14/0x30
[   98.832809][ T1134]  __kasan_kmalloc+0xaa/0xb0
[   98.834163][ T1134]  drm_atomic_helper_crtc_duplicate_state+0x70/0xd0
[   98.836028][ T1134]  drm_atomic_get_crtc_state+0x162/0x440
[   98.837640][ T1134]  page_flip_common+0x57/0x320
[   98.839027][ T1134]  drm_atomic_helper_page_flip+0xb6/0x180
[   98.840674][ T1134]  drm_mode_page_flip_ioctl+0x1036/0x1460
[   98.842316][ T1134]  drm_ioctl_kernel+0x1e6/0x3d0
[   98.843693][ T1134]  drm_ioctl+0x57e/0xba0
[   98.844876][ T1134]  drm_compat_ioctl+0x327/0x460
[   98.846250][ T1134]  __do_compat_sys_ioctl+0x1cb/0x2c0
[   98.847688][ T1134]  __do_fast_syscall_32+0x73/0x120
[   98.849096][ T1134]  do_fast_syscall_32+0x32/0x80
[   98.850464][ T1134]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   98.852184][ T1134] 
[   98.852875][ T1134] Freed by task 7655:
[   98.854017][ T1134]  kasan_save_stack+0x33/0x60
[   98.855323][ T1134]  kasan_save_track+0x14/0x30
[   98.856623][ T1134]  kasan_save_free_info+0x3b/0x60
[   98.858029][ T1134]  __kasan_slab_free+0x51/0x70
[   98.859343][ T1134]  kfree+0x14f/0x4b0
[   98.860441][ T1134]  drm_atomic_state_default_clear+0x43c/0xe00
[   98.862213][ T1134]  __drm_atomic_state_free+0x185/0x2b0
[   98.863762][ T1134]  drm_client_modeset_commit_atomic+0x6b7/0x7f0
[   98.865497][ T1134]  drm_client_modeset_commit_locked+0x14d/0x580
[   98.867216][ T1134]  drm_client_modeset_commit+0x4f/0x80
[   98.868721][ T1134]  drm_fb_helper_lastclose+0xc7/0x160
[   98.870200][ T1134]  drm_fbdev_client_restore+0x2c/0x40
[   98.871692][ T1134]  drm_client_dev_restore+0x188/0x2a0
[   98.873179][ T1134]  drm_release+0x2c2/0x360
[   98.874429][ T1134]  __fput+0x3f8/0xb60
[   98.875560][ T1134]  task_work_run+0x14e/0x250
[   98.876901][ T1134]  syscall_exit_to_user_mode+0x27b/0x2a0
[   98.878452][ T1134]  __do_fast_syscall_32+0x80/0x120
[   98.879868][ T1134]  do_fast_syscall_32+0x32/0x80
[   98.881248][ T1134]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   98.883054][ T1134] 
[   98.883760][ T1134] The buggy address belongs to the object at ffff888021a8b400
[   98.883760][ T1134]  which belongs to the cache kmalloc-512 of size 512
[   98.887628][ T1134] The buggy address is located 9 bytes inside of
[   98.887628][ T1134]  freed 512-byte region [ffff888021a8b400, ffff888021a8b600)
[   98.891510][ T1134] 
[   98.892174][ T1134] The buggy address belongs to the physical page:
[   98.893954][ T1134] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21a88
[   98.896348][ T1134] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   98.898678][ T1134] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   98.900863][ T1134] page_type: f5(slab)
[   98.901969][ T1134] raw: 00fff00000000040 ffff88801ac42c80 ffffea00019d5700 dead000000000003
[   98.904349][ T1134] raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[   98.907051][ T1134] head: 00fff00000000040 ffff88801ac42c80 ffffea00019d5700 dead000000000003
[   98.909439][ T1134] head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[   98.911796][ T1134] head: 00fff00000000002 ffffea000086a201 ffffffffffffffff 0000000000000000
[   98.914170][ T1134] head: ffff888000000004 0000000000000000 00000000ffffffff 0000000000000000
[   98.916489][ T1134] page dumped because: kasan: bad access detected
[   98.918260][ T1134] page_owner tracks the page as allocated
[   98.919818][ T1134] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5936, tgid 5936 (syz-executor), ts 57453983985, free_ts 53295894925
[   98.925451][ T1134]  post_alloc_hook+0x2d1/0x350
[   98.926788][ T1134]  get_page_from_freelist+0xfce/0x2f80
[   98.928296][ T1134]  __alloc_pages_noprof+0x6a6/0x25b0
[   98.929750][ T1134]  new_slab+0xca/0x410
[   98.931121][ T1134]  ___slab_alloc+0xce2/0x1650
[   98.932613][ T1134]  __slab_alloc.constprop.0+0x56/0xb0
[   98.934221][ T1134]  __kmalloc_node_noprof+0x2f0/0x520
[   98.935879][ T1134]  alloc_slab_obj_exts+0x41/0xa0
[   98.937501][ T1134]  __memcg_slab_post_alloc_hook+0x2a7/0x9b0
[   98.939439][ T1134]  kmem_cache_alloc_noprof+0x310/0x3b0
[   98.941200][ T1134]  anon_vma_clone+0xe1/0x5e0
[   98.942636][ T1134]  anon_vma_fork+0x7a/0x620
[   98.944008][ T1134]  copy_mm+0x1a58/0x25b0
[   98.945298][ T1134]  copy_process+0x3e6d/0x6f20
[   98.946771][ T1134]  kernel_clone+0xfd/0x960
[   98.948180][ T1134]  __do_compat_sys_ia32_clone+0xb7/0x100
[   98.949763][ T1134] page last free pid 6166 tgid 6166 stack trace:
[   98.951551][ T1134]  free_unref_page+0x661/0x1080
[   98.953074][ T1134]  __put_partials+0x14c/0x170
[   98.954459][ T1134]  qlist_free_all+0x4e/0x120
[   98.955865][ T1134]  kasan_quarantine_reduce+0x195/0x1e0
[   98.957589][ T1134]  __kasan_slab_alloc+0x69/0x90
[   98.959123][ T1134]  kmem_cache_alloc_noprof+0x1c8/0x3b0
[   98.960927][ T1134]  vm_area_alloc+0x1f/0x1c0
[   98.962360][ T1134]  __mmap_region+0x1091/0x2760
[   98.963887][ T1134]  mmap_region+0x127/0x320
[   98.965227][ T1134]  do_mmap+0xc00/0xfc0
[   98.966524][ T1134]  vm_mmap_pgoff+0x1ba/0x360
[   98.967975][ T1134]  ksys_mmap_pgoff+0x7d/0x5c0
[   98.969435][ T1134]  __do_fast_syscall_32+0x73/0x120
[   98.971028][ T1134]  do_fast_syscall_32+0x32/0x80
[   98.972514][ T1134]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   98.974808][ T1134] 
[   98.975705][ T1134] Memory state around the buggy address:
[   98.977591][ T1134]  ffff888021a8b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   98.979812][ T1134]  ffff888021a8b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   98.982039][ T1134] >ffff888021a8b400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   98.984238][ T1134]                       ^
[   98.985752][ T1134]  ffff888021a8b480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   98.988342][ T1134]  ffff888021a8b500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   98.990813][ T1134] ==================================================================
[   98.994330][    C2] vkms_vblank_simulate: vblank timer overrun
[   99.016337][ T1134] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   99.018431][ T1134] CPU: 3 UID: 0 PID: 1134 Comm: kworker/u32:5 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0
[   99.021512][ T1134] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   99.024486][ T1134] Workqueue: events_unbound commit_work
[   99.026058][ T1134] Call Trace:
[   99.027008][ T1134]  <TASK>
[   99.027857][ T1134]  dump_stack_lvl+0x3d/0x1f0
[   99.029159][ T1134]  panic+0x71d/0x800
[   99.030263][ T1134]  ? __pfx_panic+0x10/0x10
[   99.031551][ T1134]  ? preempt_schedule_thunk+0x1a/0x30
[   99.033062][ T1134]  ? preempt_schedule_common+0x44/0xc0
[   99.034577][ T1134]  ? check_panic_on_warn+0x1f/0xb0
[   99.036031][ T1134]  check_panic_on_warn+0xab/0xb0
[   99.037442][ T1134]  end_report+0x117/0x180
[   99.038684][ T1134]  kasan_report+0xe9/0x110
[   99.039924][ T1134]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[   99.041970][ T1134]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[   99.043946][ T1134]  drm_atomic_helper_wait_for_vblanks.part.0+0x851/0x930
[   99.045915][ T1134]  ? preempt_schedule_thunk+0x1a/0x30
[   99.047466][ T1134]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[   99.049599][ T1134]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[   99.051288][ T1134]  ? drm_atomic_helper_commit_hw_done+0x325/0x490
[   99.053469][ T1134]  drm_atomic_helper_commit_tail+0xcb/0xf0
[   99.055419][ T1134]  commit_tail+0x353/0x400
[   99.056925][ T1134]  process_one_work+0x958/0x1b30
[   99.058381][ T1134]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   99.059946][ T1134]  ? __pfx_process_one_work+0x10/0x10
[   99.061488][ T1134]  ? rcu_is_watching+0x12/0xc0
[   99.062894][ T1134]  ? assign_work+0x1a0/0x250
[   99.064195][ T1134]  worker_thread+0x6c8/0xf00
[   99.065495][ T1134]  ? __pfx_worker_thread+0x10/0x10
[   99.066924][ T1134]  kthread+0x2c1/0x3a0
[   99.068153][ T1134]  ? _raw_spin_unlock_irq+0x23/0x50
[   99.069621][ T1134]  ? __pfx_kthread+0x10/0x10
[   99.070894][ T1134]  ret_from_fork+0x45/0x80
[   99.072212][ T1134]  ? __pfx_kthread+0x10/0x10
[   99.073502][ T1134]  ret_from_fork_asm+0x1a/0x30
[   99.074868][ T1134]  </TASK>
[   99.076303][ T1134] Kernel Offset: disabled
[   99.077527][ T1134] Rebooting in 86400 seconds..

VM DIAGNOSIS:
08:36:51  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=1ffff920005b0f4e RCX=ffffc9000d9e1000 RDX=ffff8880212d4880
RSI=ffffffff849778a2 RDI=ffffc90002d87d90 RBP=0000000000000000 RSP=ffffc90002d87a68
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=ffffc90002d87d60 R13=ffffc90002d87b70 R14=ffffc90002d87b50 R15=0000000020095e20
RIP=ffffffff81994f5c RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b400000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00000000f7210360 CR3=000000006e586000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000001 RBX=ffff88802b43ed00 RCX=ffffffff8176c6e3 RDX=0000000000000000
RSI=0000000000000004 RDI=ffff88802b43ed00 RBP=ffff88802b43ed08 RSP=ffffc90002e17178
R8 =0000000000000000 R9 =ffffed1005687da0 R10=ffff88802b43ed03 R11=0000000000000002
R12=ffff88802b43ed10 R13=ffff88806d444880 R14=0000000000000000 R15=ffff88802b43ed00
RIP=ffffffff8b1cbe90 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b500000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000020bbdffc CR3=000000006e586000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff85142de0 RDI=ffffffff9a667240 RBP=ffffffff9a667200 RSP=ffffc90006bf74f0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=6131323038386552
R12=0000000000000000 R13=0000000000000020 R14=fffffbfff34cce9a R15=dffffc0000000000
RIP=ffffffff85142e07 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f50beda4 CR3=000000006e13a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=000000000012b8d7 RBX=0000000000000003 RCX=ffffffff8b1a3819 RDX=0000000000000000
RSI=ffffffff8b4cd280 RDI=ffffffff8bb17000 RBP=ffffed10039df488 RSP=ffffc9000049fe08
R8 =0000000000000001 R9 =ffffed10056e6fed R10=ffff88802b737f6b R11=0000000000000000
R12=0000000000000003 R13=ffff88801cefa440 R14=ffffffff901ce3d0 R15=0000000000000000
RIP=ffffffff8b1a4bff RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f50d3c40 CR3=000000006e13a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 00c800a400000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000